We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51.
Name and address of the controller
The controller in charge for data processing on this website within the meaning of the GDPR is
Dr. Henny Lena Holzhauser
ONDEDESIGNS Function UG (haftungsbeschränkt)
phone: +49 (0) 211 16 78 69 57
If you have any privacy complaints or issues concerning your personal data contact firstname.lastname@example.org
- Legal basis for the processing
Art. 6 I lit. a GDPR serves us as the legal basis for processing operations in which we obtain consent for the processing of your personal data. This is the case when we provide e-mail addresses to our postal service provider so that you can receive a tracking e-mail.
If the processing of personal data is necessary to fulfil a contract, for example a purchase contract and the payment via credit cards, the processing is based on Art. 6 I lit. b GDPR.
We are subject to legal obligations which require the processing of personal data, such as the fulfilment of tax obligations. In this case the processing is based on Art. 6 I lit. c GDPR.
We also use social media channels and web analysis services. This data processing is carried out in accordance with Art. 6 I lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website, your user experience, and your experience with our products.
- Data Collection When You Visit Our Website
When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the moment of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.
To make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
We work together with advertising partners and web analysis services who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). You will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following sections.
Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that the functionality of our website may be limited if cookies are not accepted.
In the context of contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, if there are no legal storage obligations to the contrary.
On our website, users are given the opportunity to subscribe to the newsletter
Our newsletter can only be received if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. We use a double-opt-in-procedure for the subscription. A confirmation email will be sent to your email address. This confirmation email serves to check whether the owner of the email address has authorized the receipt of the newsletter. When registering for the newsletter, we also store the IP address of the computer system used at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary to be able to understand the (possible) misuse of your email address later. The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. The consent to the storage of personal data that the data subject has given us for the newsletter can be revoked at any time. For revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time, directly on the controller's website, or to inform the controller in a different way.
If you select the "SOFORT" payment method, payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"). We will provide your data along with the information about your order in accordance with Art. 6 I lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB, Sveavägen 46, 11134 Stockholm, Sweden). Your data is provided for the purpose of processing payments with the payment service provider SOFORT. You can find more information about SOFORT's data protection provisions at the following Internet address: https://www.klarna.com/sofort/datenschutz.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" or "instalment payment" via PayPal, we provide your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"). The transfer takes place in accordance with Art. 6 I lit. b GDPR.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" or "payment in instalments" via PayPal. For this purpose, your payment data may be provided in accordance with Art. 6 I lit. f GDPR passed on to credit agencies based on PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check about the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can find more information about PayPal’s data protection provisions at the following Internet address: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
10.3 Apple Pay
If you choose the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the "Apple Pay" function on your iOS, watchOS or macOS-operated device by debiting a payment card stored with "Apple Pay". Apple Pay uses security features built into your device hardware and software to protect your transactions. To approve a payment, it is necessary to enter a code that you previously specified and to verify it using the "Face ID" or "Touch ID" function of your device.
For payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website from which the purchase was made can access the payment details. After the payment has been made, Apple will send your device account number and a transaction-specific, dynamic security code to the original website to confirm the payment has been successful.
If personal data is processed in the described transmissions, the processing takes place for the purpose of payment processing according to Art. 6 I lit. b GDPR.
Apple maintains anonymized transaction data, including the approximate purchase amount, approximate date, and time, and whether the transaction was successfully completed. The anonymization completely rules out any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you personally. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.
Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027
10.4 Google Pay
If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment will be processed via the "Google Pay" application of yours with at least Android 4.4 ("KitKat") operated mobile device with an NFC function by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To approve a payment via Google Pay in the amount of more than € 25, you must first unlock your mobile device using the verification measure set up in each case (e.g. face recognition, password, fingerprint or sample).
For payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the source website, which is used to verify a payment. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary for processing the payment process. The transaction is carried out exclusively in the relationship between the user and the starting website by debiting the means of payment stored with Google Pay.
If personal data is processed in the described transmissions, the processing takes place exclusively for the purpose of payment processing according to Art. 6 Para. 1 lit. b GDPR.
Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, the location and description of the dealer, a description of the goods or services purchased by the dealer, photos that you attached to the transaction, the name and email address of the seller and buyer or of the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction. According to Google, this processing takes place in accordance with Art. 6 I lit. f GDPR based on the legitimate interest in proper billing, the verification of process data and the optimization and maintenance of the functionality of the Google Pay service. Google also reserves the right to merge the processed process data with other information that is collected and stored by Google when other Google services are used.
Further information on data protection with Google Pay can be found at the following Internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
When registering, we ask for some personal information such as name, address, contact, telephone number or e-mail address. Registered users can access certain additional services. Registered users have the option to change or delete all personal data provided at any time. You can also request the data you have stored with us at any time. Insofar as there is no statutory period for the retention of data, these can be changed or deleted. Please contact us via our contact page.
- Tools and Plug-Ins
12.1 Use of YouTube Videos
This website uses the YouTube embedding function for display and playback of videos offered by the provider YouTube, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland ("Google").
To this end, the extended data protection mode is used to ensure, according to provider information, that user information will only be stored once the playback function of the video is started. When the playback of embedded YouTube videos is started, the provider sets "YouTube" cookies to collect information about user behaviour. According to indications from YouTube, the use of those cookies is intended, among other things, to record video statistics, to improve user-friendliness and to avoid improper actions. If you are logged in to Google, your information will be directly associated with your account when you click on a video. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation takes place according to Art. 6 I lit. f GDPR, based on the legitimate interests of Google in the insertion of personalized advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. When using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
Regardless of whether the embedded video is played back, a connection to the Google network "double click" is established when visiting this website. This may trigger further data processing beyond our control.
If personal data is transferred to Google LLC. based in the United States, Google LLC. is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. An up-to-date certificate can be viewed here: https://www.privacyshield.gov/list.
Further information on YouTube data protection can be found in the provider's data protection statement at: www.google.com/policies/privacy/
12.2. Social Media
Our website uses a static link to our social media channels. With a static link no connection to the servers of the providers of the social media channels will be established. Therefore, your personal data will not be forwarded. However, when you visit our social media channels, your personal data will be processed there. We use the following channels:
We use an Instagram account provided by Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA). If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile. This allows Instagram to associate the visit of our page with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Instagram.
You can change your privacy settings on Twitter in the account settings at: https://twitter.com/account/settings.
- Web Analysis Services
13.1 Google Analytics
This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Analytics uses so-called cookies, which are text files stored on your computer, to help the website analyse how users use the site. The information generated by the cookies about your use of this website (including the shortened IP address) is generally transmitted to a Google server and stored there. When using Google Universal Analytics, personal data may also be transmitted to the servers of Google LLC. in the USA.
This website uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures an anonymization of the IP address by shortening it and excludes a direct personal relationship. As a result of the extension, your IP address will previously be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these exceptional cases, processing is carried out in accordance with Art. 6 I lit. f GDPR, based on our legitimate interest in the statistical analysis of user behaviour for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
As an alternative to the browser plug-in or for browsers on mobile devices, please click on the following link in order to set an opt-out cookie which disables Google Analytics to collect data on this website in the future (this opt-out cookie only functions for this browser and this domain. If you delete your cookies on this browser, you must click again on this link):Disable Google Analytics
13.2 Google AdWords
Our website uses Google Conversion Tracking. When you reach our website by clicking on a Google ad, Google AdWords stores a conversion tracking cookie on your computer. After 30 days, these cookies lose their validity. Website visitors are not identified. Within the 30-day span, we and Google may find that the user initially clicked on the ad to land on our site. Google AdWords cookies are customized and cannot be tracked through AdWords advertisers' websites. The information gathered with conversion cookies is used to generate conversion statistics for AdWords advertisers who use conversion tracking. Customers will learn how many users have used an ad to visit their site. Personal data of the users are not transmitted.
Those who do not want to participate in the tracking can set this in the browser settings. The automatic setting of cookies can generally be deactivated, or you can set your browser so that googleleadservices.com cookies are always blocked.
Opt-out cookies may not be deleted if you wish to refuse to record measurement data. If you delete the cookies in your browser, all opt-out cookies must be reset.
13.3 Google Remarketing
This website uses the Google Remarketing feature to show individual advertising. Your browser will store a "cookie" that will allow you to be recognized when you visit a web page that belongs to the Google Advertising Network. You may be presented with advertisements related to visiting other websites that also use the Google Remarketing feature.
Google stores no individual data. You can opt out of Google Remarketing at http://www.google.com/settings/ads.
- Rights of the Data Subject
The applicable data protection law grants you comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller regarding the processing of your personal data, about which we inform you below:
- Right of access by the data subject pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to erase (“right to be forgotten”) pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to be informed pursuant to Art. 19 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to withdraw a given consent pursuant to Art. 7 III GDPR
- Right to lodge a complaint pursuant to Art. 77 GDPR
Our supervisory authority is
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
phone: +49 211/38424-0
15. RIGHT TO OBJECT
IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.
- Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted, provided they are no longer necessary for the performance or initiation of the contract and/or there is no longer any legitimate interest on our part in the further storage.