Privacy Policy

1. General

Melitta Single Portions GmbH & Co. Kommanditgesellschaft (hereinafter referred to as "Melitta", "we") attaches the utmost importance to the protection of your privacy. We therefore respect this when handling your personal data. At this point, we inform you about data processing when using our website www.avoury.com and the individual channels, such as our hotline or our chat.

As a rule, it is not necessary for you to disclose personal data directly in order to use our services, in particular our website. In individual cases, however, your name and address and possibly other details are required so that we can provide the requested service. If this is necessary, we will inform you accordingly.

2. Data Protection Responsibility / Data Protection Officer

2.1 Name and contact details of the controller

Melitta Single Portions GmbH & Co. limited partnership

Marienstrasse 88

32425 Minden

Managing Director: Holger Feldmann

pers. haft. Partner:

Melitta Single Portions Beteiligungs GmbH

Registered office Minden, Bad Oeynhausen Local Court HR B 14802

2.2 Contact details of the data protection officer

You can reach our data protection officer at:

Melitta Data Protection Office

Ringstr. 99

32427 Minden, Germany

E-Mail: [email protected]

3. Data processing when using the website

3.1 Server log files and technical data

If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following technical information (log file data):

Operating system used
Information about the browser type and referral type and, if applicable, the specific referrer
Internet service provider
IP address
Date and duration of the visit

If applicable, manufacturer and type designation of the smartphone, tablet or other end device

the URL of the previously visited website (referrer)
the URL of the (sub)page that you access on the website

This data is technically necessary for us to display our website to you and to ensure the stability and security of the website. The legal basis is the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

As part of the balancing of interests in accordance with Art. 6 para. 1 lit. f GDPR, we have considered and weighed up our interest in the provision and your interest in the processing of your personal data in accordance with data protection regulations. Since the data for the provision of our service is sometimes technically necessary in order to be able to offer you our website and also to ensure stability and security, in particular to offer protection against misuse, we have come to the conclusion that this data can be processed - with a state-of-the-art guarantee of data security - taking due account of your interest in data protection-compliant processing. We and our service providers regularly do not know who is behind an IP address. Our support service provider has access to the log files and stores them in aggregated form for 7 days. The log files are then deleted.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

3.2 Data categories

We collect and process personal data that is generated in the course of using our services or communicating with us. This includes

Inventory data (e.g. names, addresses, dates of birth, etc.)
Contact details (e.g. e-mail, telephone/fax numbers, etc.)
Content data (e.g. text entries, chat histories, etc.)
Payment data (e.g. bank details)
Usage data (e.g. log data, access data, usage behavior, interests)
Meta/communication data (e.g. IP addresses, access data)

4. Contact

4.1 Contacting us by e-mail / contact form / hotline

When you contact us by e-mail, via the contact form or via our hotline, the data you provide will be stored:

E-Mail: E-mail address and your name if applicable
Contact form: Name, e-mail address, telephone number (optional), reason for contact, your message
Hotline: Name and telephone number

stored by us. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR from our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR.

If the contact is for the implementation of pre-contractual measures, e.g. consultation or preparation of an offer or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

If we request information via our contact form that is not required to contact you, we have always marked this as optional. This information is used to specify your request and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 para. 1 lit. a GDPR. If this involves information on communication channels (e.g. email address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your request. You can of course revoke this consent at any time for the future.

Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you, unless statutory retention periods prevent deletion.

We also anonymize this data, the time of the messages and responses as well as information on the communication channel used and then process it for internal purposes, e.g. controlling and improving our business and service processes (Art. 6 para. 1 lit. f GDPR).

4.2 Advertising communication via e-mail, post, fax or telephone

We process personal data for the purposes of advertising communication, which may take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.

The legal basis for processing is either your consent in accordance with Art. 6 para. 1 lit. a GDPR, if you have given us such consent, or our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, insofar as this is permitted under applicable law.

Recipients have the right to withdraw their consent or object to advertising communication at any time.

After revocation or objection, we may store the data required to prove consent for up to two years on the basis of our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defense against legal claims.

Processed data types: Master data, contact data.
Affected persons: Communication partner.
Purposes of processing: direct marketing.

4.3 Chat

When you contact us via the chat, the following data provided by you will be stored:

Name
Contact reason
and e-mail address (optional)
Chat content

stored by us and linked to your customer account if you have already registered with us in order to answer your questions and process your request. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, whereby the legitimate interest lies in facilitating the provision of communication.

4.4 Satisfaction survey (NPS/service agent evaluation)

We send our existing customers a satisfaction survey after completing a service order. Using a scale of one to five stars, you can indicate how satisfied you were with the service. We store the data processed to process your request (see above), the information you provide in the survey and information on the communication channel used. The legal basis is Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest lies in a satisfaction check for the continuous improvement of our offers and service.

The result of the satisfaction survey will be deleted if it is no longer required to achieve the purpose for which it was collected and no statutory retention periods prevent deletion. However, the data is anonymized and processed for internal purposes, e.g. management and improvement of our business and service processes (Art. 6 para. 1 lit. f GDPR).

You can unsubscribe from the satisfaction survey at any time by clicking on the corresponding link in the e-mail or by sending an e-mail to support@avoury .com

5. Customer account - orders

5.1 Customer account

You have the option of registering on our website and creating a customer account. A customer account can also be created for you by contacting our employees by telephone. To register, we collect and store the following data from you: Surname, first name and e-mail address, password. You can also voluntarily enter your date of birth and telephone number. These fields are marked as "optional" in the registration form. The purpose of data processing is to improve your shopping experience and simplify order processing.

You can use this customer account - where offered - to use our personal services, such as viewing your tea consumption or making changes to your subscription order. You can use the data protection settings in your customer account to manage declarations of consent submitted to (advertising emails, subscription reminders, receive descaling alerts).

The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by sending a message to Avoury TEAm at [email protected] or by using the contact form, without affecting the lawfulness of processing based on consent before its withdrawal. Your customer account will then be deleted. If the account is deleted, all personal data that is not subject to a statutory retention obligation or Article 17(3) GDPR will be deleted.

We store your data required for the fulfillment of the contract, including information on the method of payment, until you finally delete your account. Furthermore, we store the additional data you provide for the duration of your use of the customer account, unless you delete it beforehand. You can manage and change all details in the protected customer area.

5.2 Orders

If you place an online order on our website or place an order by telephone, we collect the data required to conclude the contract. The data is stored for the duration of the contract and in accordance with statutory retention obligations. If necessary for processing the order, we will forward your address data to a shipping service provider. The legal basis for this is the fulfillment of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

We use various payment service providers for payment processing, which are always identified and accept your entries. These are therefore recipients of your personal data collected in connection with the payment process. The legal basis for the use of payment service providers is also contract processing in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In all cases, we strictly observe the legal requirements. The scope of data transmission is kept to a minimum.

5.3 Machine registration

When you register your machine on our website, we collect the necessary data (name of the machine, serial number and date of purchase). The purpose of the data collection is to be able to offer you a personalized service for your machine. The legal basis is Art. 6 para. 1 lit. f GDPR. The machine data will be stored for as long as is necessary to achieve the purpose and will be deleted at the latest when the customer relationship ends, unless statutory retention periods prevent this.

5.4 Credit assessment

If you use the "purchase on account" payment method, we or our payment service provider Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, will carry out a credit check. This serves to minimize our risk of non-payment and is based on your prior consent in accordance with Art. 6 para. 1 lit. a GDPR, which you give during the ordering process.

For the credit check, your personal data (e.g. name, address, date of birth and payment information) is transmitted to credit agencies in order to calculate probability values (score values) for creditworthiness. These values are based on mathematical-statistical procedures and take into account, among other things, previous payment experience and address data. The exact logic of the credit check is the responsibility of Unzer.

If the credit check is negative, you cannot use "purchase on account". Alternatively, you can use other payment methods such as PayPal, credit card or SEPA direct debit.

You can revoke your consent at any time with effect for the future. Credit checks that have already been carried out remain unaffected by this. As the decision to carry out a credit check is automated, you have the right to challenge the decision and request a manual review. For further information on the data sources used, you can contact Unzer GmbH directly.

Further details on data processing can be found in Unzer's privacy policy:
https://www.unzer.com/de/privacy-payolution-consumers.

6. Payment service provider

6.1 Use of the payment service provider PayPal

On our website, we offer you the option of paying via PayPal, a service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select PayPal as your payment method, the data required for payment processing, including name, e-mail address, billing and delivery address, payment information and transaction details, will be transmitted to PayPal. We have no influence on this processing. Your data is processed for the purpose of payment processing and is based on Art. 6 para. 1 lit. b GDPR (fulfillment of contract).

Further information can be found in PayPal's privacy policy at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

6.2 Use of the payment service provider Unzer

We use the Unzer payment service from Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany on our website. The purpose of data processing is to offer you payment via Unzer. If you would like to use the "purchase on account" payment method, we require your consent for a credit check. You can give this consent directly during the ordering process (Art. 6 para. 1 lit. a GDPR). This payment method is not available to you without your consent.

Unzer can carry out credit checks to safeguard against payment defaults. Your personal data will be transmitted to Unzer for the credit check. Unzer uses mathematical-statistical procedures ("scoring") to determine probability values for creditworthiness. External data sources (e.g. credit agencies) and previous payment experience may be included in this process. The decision as to whether you can pay by invoice is fully automated. A subsequent manual check by our employees is not possible.

You can revoke your consent at any time with effect for the future without affecting the legality of the processing carried out up to the time of revocation. If you wish to contest the decision on your credit check or receive further information on the data sources used, you can contact Unzer GmbH directly.

Further information on data processing by Unzer can be found in Unzer's privacy policy at: https://www.unzer.com/de/privacy-payolution-consumers

7. Advertising

7.1 Newsletter (What's up Avoury - News Service)

Our news service "What's up Avoury" regularly informs you about the latest tea trends, exclusive products and special offers.

The legal basis for sending the respective news is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR i.V.m. § Section 7 para. 2 no. 3 UWG or the legal permission according to Section 7 para. 3 UWG.

We use the so-called double opt-in procedure to register for our news service. This means that after you have registered on our website for our "What's up Avoury" news service, we will send you an email to the email address you have provided. In this e-mail, we ask you to confirm that you wish to receive the newsletter. You will only receive our newsletter once you have clicked on the confirmation link contained in this email. If you do not confirm your registration, your information will be automatically deleted after 3 days.

The only mandatory information for sending the newsletter is your e-mail address; your first name and surname are optional. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter and until you unsubscribe. We also store your current IP address at the time of registration, the time of registration and the confirmation for up to three years after registration (limitation period). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest in accordance with Art. 6 Para. 1 S.1 lit. f GDPR in the proof of a previously given consent, see also Art. 7 Para. 1 GDPR.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to [email protected].

The data you provided when registering for the newsletter will be deleted 48 hours after you unsubscribe from the newsletter.

7.2 Newsletter Tracking

We would like to point out that we evaluate your user behavior when sending the newsletter. We use the service provider Braze Inc. (63 Madison Building, 28 East 28th Street, Floor 12, New York, NY 10016, USA) for the analysis, to which your data is transmitted.

For evaluation purposes, the emails sent contain so-called web beacons or tracking pixels that are linked to our website. In addition, links in the newsletters contain a unique ID. We use these technologies to record when you read our newsletters, which links you click on and which interactions you have with the content.

We use the data obtained to create a user profile in order to tailor the newsletter to your individual interests and optimize our marketing campaigns. The interaction data collected at can be linked to other information about your usage behavior on our website. The legal basis for data processing is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by clicking on the separate link provided in every email.

Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.

Your data may be transferred to third countries such as the USA. Braze has signed up to the Trans-Atlantic Data Privacy Framework (TADPF) and is committed to ensuring an adequate level of data protection for cross-border data transfers.

The information from the tracking is stored for as long as you have subscribed to the newsletter. After you unsubscribe, the data will be deleted within 60 days. Data that is stored in backups remains for a maximum of six months before it is permanently deleted.

You can find more information on data processing by Braze under Braze Privacy Policy.

8. Cookies

Our website uses cookies. Cookies are data that are stored on your end device by a website that you visit and enable your browser to be reassigned. Cookies transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognize preferences and target content according to areas of interest.

There are different types of cookies:

Technically necessary cookies

These cookies are necessary to ensure the basic functionality of our website, e.g. to save your privacy settings or to ensure a secure login. They enable the proper operation of the website and ensure the provision of basic functionalities, such as the management of login sessions. This includes:

Session cookies, which are only stored temporarily in the working memory and are deleted when you close your browser.
Permanent or persistent cookies that enable essential functions, such as storing your cookie preferences or managing login sessions. These are automatically deleted after a specified period, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

These cookies or comparable technologies are used in accordance with Section 25 (2) TDDDG, as they are necessary for the smooth use of the website. The processing of personal data in this context is based on Art. 6 para. 1 lit. f GDPR, as our primary legitimate interest is to ensure the technical functionality of the website and to enable user-friendly operation. You can object to the processing of your personal data at any time for reasons arising from your particular situation.

Technically not necessary cookies

These cookies are not strictly necessary for the use of the website, but they help us to improve our services and provide you with personalized content by enabling us to take your preferred areas of interest into account. These include:

Analysis and statistics cookies that help us to understand user behavior on our website.
Marketing and tracking cookies that are used to display advertising tailored to you.
First-party cookies that are set by the website you are currently visiting. Only this website may read information from these cookies.
Third-party cookies that are set by organizations that are not operators of the visited website, e.g. marketing or analysis services.

The use of these cookies or comparable technologies takes place exclusively with your consent in accordance with § 25 para. 1 sentence 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of personal data in connection with these cookies is also based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future without affecting the legality of the processing carried out until the revocation.

You can delete cookies already stored on your device at any time. If you want to prevent cookies from being saved, you can do this via the settings in your internet browser. You can find instructions for common browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

When accessing our website, all users are also informed by an info banner about the use of cookies by us and referred to this privacy policy. As a user, you will also be asked for your consent to the use of certain cookies, in particular those relevant for the personalization of services and for marketing measures. You can revoke your consent at any time with effect for the future under "Cookie settings" in the footer of the website.

9. Analysis and tracking technologies

9.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU, the EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The use includes the operating mode Google Analytics 4 (formerly Universal Analytics). This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyze the activities of a user across devices.

Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this website, your IP address will be truncated by Google within the member states of the EU or the EEA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The personal data is transferred on the basis of the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Google LLC is already certified for the EU-US Privacy Framework. Further information can be found here,

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The data sent by us and linked to cookies or user IDs (e.g. user ID) are automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the opt-out add-on at the following link: Opt-out add-on for Google Analytics.

Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Google Analytics from collecting data across different devices, you must opt out on all systems used. You can manage your settings under "Cookies" in the footer of the website.

You can find more information on the terms of use of Google Analytics and on data protection at Google under Google Analytics Terms of Use or under Google Privacy Policy.

9.2 Google Tag Manager

For reasons of transparency, we would like to point out that we use the Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not collect any personal data. It makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, record the impact of online advertising and social channels, enable remarketing, set up target groups and test and optimize websites. We use the Tag Manager for the Google service Google Analytics. If you have opted out, this will also be taken into account by Google Tag Manager. For more information about Google Tag Manager, please visit: https://www.google.com/intl/de/tagmanager/use-policy.html.

In addition to Google Analytics, this website also uses a so-called "Consent Mode". This is a function provided by Google to ensure compliance with data protection regulations and cookie consent. Consent Mode ensures that the user's consent settings are taken into account when using various Google products, such as Google Analytics and Google Ads. In addition, even if no consent has been given, so-called "pings" are sent to the systems, which do not contain any personal data. Google Consent Mode collects information about whether consent has been given to the use of cookies and other tracking technologies on our website. This information is only transmitted to Google Analytics or Google Ads if consent has been given. If you have not consented to the use of cookies, no information about online activities will be passed on to these services.

If you do not consent to data processing, only aggregated data will be collected and processed. This means that the data collected cannot be assigned to any individual website visitor and no individual user profile is created. It is also possible to agree to statistical measurement only. In this case, no personal data is processed and the data collected is not used for advertising purposes or to measure the success of advertising.

The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data in connection with the Google Tag Manager is also based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, insofar as personal data is collected and transmitted to Google. You can revoke your consent at any time with effect for the future without affecting the legality of the processing carried out until the revocation. Without your consent, the Tag Manager will only be used for purely technical purposes and will not process any personal data. In this case, the processing is based on our legitimate interest in the efficient management and control of tags in accordance with Art. 6 para. 1 lit. f GDPR.

Data may be transferred to the USA if this is necessary for the use of Google Tag Manager. In this case, the transfer takes place on the basis of the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Google LLC is certified for the EU-U.S. Data Privacy Framework. You can find more information here.

9.3 Google Ads, remarketing and conversion tracking

We use the Google Ads service, an online advertising program from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

As part of Google Ads, we place ads and also use remarketing and conversion tracking. The ads are displayed after search queries on websites in the Google advertising network. We also use Ads remarketing lists for search ads to customize our search ad campaigns for users who have already visited our website. Through these services, we can link our ads to specific search terms or show ads to previous visitors who have, for example, viewed certain services on our website. This allows us to show interest-based advertising to users of our website on other websites within the Google advertising network (e.g. as a "Google ad" as part of Google Search or on other websites).

An analysis of online user behavior is necessary for interest-based offers. Google uses cookies for this purpose. When you click on an ad or visit our website, Google places a cookie on the user's device. These cookies have a duration of 90 days. The information collected by the cookies is used to target the visitor in a subsequent search query. Further information on the cookie technology used can be found in the Google notes on advertising technologies and in the Google privacy policy. Google and we as a customer receive information that you have clicked on an ad and have been redirected to our website. The information obtained in this way is used exclusively for statistical analysis to optimize advertising. We do not receive any data with which you can be personally identified. Your IP address is transmitted to Google, but anonymized by activating IP anonymization within Google Analytics. The statistics provided by Google include the total number of users who have clicked on one of our ads and - if applicable - information about whether they were redirected to a page with a conversion tag. This allows us to evaluate which search terms lead to clicks on our ads particularly often and which ads lead to the user contacting us via the contact form.

Your personal data may be transferred to the USA. The transfer takes place on the basis of the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Google LLC is certified for the EU-U.S. Data Privacy Framework. You can find more information here.

If you do not want this processing to take place, you can prevent the cookies required for these technologies from being saved, e.g. via your browser settings. In this case, your visit will not be included in the user statistics.

You also have the option of selecting the types of Google ads or deactivating interest-based ads on Google via the Google ad settings. Alternatively, you can deactivate the use of cookies by third-party providers by calling up the deactivation help of the network advertising initiative. However, we and Google will continue to receive statistical information about how many users have visited this site and when. If you do not wish to be included in these statistics either, you can prevent this with the help of additional programs for your browser (e.g. the Privacy Badger add-on).

9.4 Meta Pixel / Meta Custom Audiences / Meta Lookalike Audiences

We use the Meta Pixel from Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, "Meta") on our website for usage-based online advertising and to generate conversion statistics.

Meta and we are joint controllers within the meaning of the GDPR for the data collected and transmitted to Meta when using the Service. The basis for this is an agreement on the joint processing of personal data, which can be viewed at the following link: https://de-de.facebook.com/legal/terms/businesstools

Under the agreement, we assume responsibility for fulfilling the information obligations under Art. 13, 14 GDPR, for the correct implementation and configuration of the Meta Pixel and for compliance with the security requirements under Art. 32 GDPR. Meta is responsible for safeguarding the rights of data subjects in accordance with Art. 15-20 GDPR, for the security of the service and for compliance with obligations in the event of a data protection incident.

This establishes a connection to the Meta servers and the pages you have visited on our website are transmitted to Meta. This information is assigned to your Facebook or Instagram account. In addition, we use the Meta Pixel to create conversion statistics so that we can track how many users were redirected to a page with a conversion tracking tag after clicking on an ad. However, we do not receive any information that can be used to personally identify individual users.

If a user clicks on one of our advertisements and subsequently reaches our website, Meta receives the information that the user has clicked on the advertising banner via the integrated Meta Pixel. A non-reversible and non-personalized check digit (hash value) is generated from the usage data and transmitted to Meta for analysis and marketing purposes. Meta also sets a cookie that records information about your activities on our website (e.g. pages visited, interactions). The IP address is also stored and used for the geographical targeting of advertising.

We also use lookalike audiences to target our advertisements to potential new customers. For this purpose, existing customer lists that have previously been encrypted by a hashing process using Secure Hash Algorithm 256 (SHA-256) are transmitted to Meta. This process ensures that the data is transmitted in a non-reversible and pseudonymized form. Meta compares the encrypted data with existing user data and creates target groups with similar characteristics and interests to our existing customers. The original customer data cannot be read by Meta.

Your personal data may be transferred to the USA. The transfer is based on the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Meta Platforms Inc. is certified for the EU-U.S. Data Privacy Framework. Further information can be found here.

You can manage which ads are displayed to you in your Facebook account settings. You also have the option of deactivating the storage of cookies in your browser settings, although this may restrict the functionality of certain areas of our website. You can also find further deactivation options for interest-based advertising on the pages of the Network Advertising Initiative (www.networkadvertising.org/managing/opt_out.asp ) and the Digital Advertising Alliance (http://optout.aboutads.info/?c=2&lang=en).

For more information about Meta's collection and use of your data, your rights and ways to protect your privacy, please see Meta's privacy policy: https://www.facebook.com/about/privacy

9.5 TikTok Pixel

On our website, we use the TikTok Pixel from TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; "TikTok Ireland") and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; "TikTok UK"). These two companies are jointly responsible for data processing (hereinafter "TikTok").

The TikTok pixel helps us to analyze visitor traffic on our website, measure the effectiveness of advertising campaigns and display personalized ads on TikTok. To do this, TikTok uses technologies such as cookies and pixels that make it possible to recognize your browser. Various information may be collected and transmitted to TikTok, including

Date and time of the visit
Browser and device type used
Screen resolution
IP address
Information about your activities on our website, such as pages viewed or time spent on the site
Interactions with our content or advertisements

TikTok can link this data to your personal TikTok account. Based on the information collected, usage profiles can be created using a pseudonym. However, this data is not directly linked to your person.

Your data may be transferred to third countries such as the USA. For the USA, there is an adequacy decision by the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). However, TikTok is not certified under the DPF. The transfer of your data to the USA and other countries without an adequacy decision is based, among other things, on standard contractual clauses that serve as appropriate safeguards for your personal data. TikTok undertakes to take appropriate security measures to ensure the protection of your data in accordance with applicable data protection laws.

Further information on data processing by TikTok can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/de and https://ads.tiktok.com/i18n/official/policy/controller-to-controller

9.6 Teads Pixel

We use a tracking pixel from Teads, Teads, 5 rue de la Boucherie, L-1247 Luxembourg, to optimize our advertising campaigns. The pixel collects information about the URL called up, the end device used, the browser and the operating system.

Further information can be found in Teads' privacy policy.

9.7 Criteo

This website uses technologies from the provider Criteo, based at 32 Rue Blanche, 75009 Paris, France.

Criteo enables us to collect information about the surfing behavior of our website visitors for advertising and marketing purposes in anonymized or pseudonymized form. The service collects data on usage behavior via cookies and/or advertising IDs that record the following:

Events related to your activity on our website (e.g. the number of pages viewed, the products viewed on this website or the search queries carried out),
Information about your end device (device type, operating system, version),
Imprecise location information derived from your truncated IP address to serve ads for products available in your country, region or city,
Events in connection with the delivery of ads by Criteo, e.g. the number of ads displayed to you

The data collected in this way is used to create user profiles under a pseudonym.

The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. Your personal data is also processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future without affecting the legality of the processing carried out until the revocation. Further information about the scope of data collection and the storage period can be found in Criteo's privacy policy: https://www.criteo.com/de/privacy/ There you can also prevent the collection of data for "Criteo Dynamic Retargeting" and "Criteo Sponsored Products" by making the appropriate settings.

You can also deactivate the Criteo services via the following platforms, which disable interest-based advertising by registered members in the browser you are currently using.

9.8 Cloudinary

We use the Cloudinary service to provide you with customized versions of our videos following a purchase. Cloudinary is a cloud-based optimization tool from Cloudinary Inc, 111 W Evelyn Ave, Suite 206, Sunnyvale, CA 94086, USA. To display the video, Cloudinary sets a cookie that queries your IP address and your user agent. This data is transferred to Cloudinary's servers in the USA.

Your personal data may be transferred to the USA. The transfer is based on the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Cloudinary Inc. is certified for the EU-U.S. Data Privacy Framework. Further information can be found here.

Further information on data processing and storage duration can be obtained from the provider or at Cloudinary Privacy.

9.9 Sizmek

We use the services of Sizmec Inc, c/o Privacy, 2000 Seaport Blvd, Pacific Shores Center, Redwood City, CA 94063 USA. This collects statistical data on the use of the website.

Sizmek and its third-party partners use cookies and pixels to analyze behavioral patterns in order to deliver personalized online advertising. Information about your device may be collected, including IP address, unique device identifiers, browser type, language settings and operating system information. Sizmek can match its anonymous identifiers with anonymous identifiers of partners (so-called "cookie matching") in order to optimize the placement of advertising.

Sizmek stores the collected data in pseudonymized form. This data is deleted after 90 days of inactivity. The cookies set on users' end devices expire automatically after 13 months. Further data for the purposes of reporting, allocation and fraud detection can be stored for up to 30 months.

Your personal data may be transferred to the USA. The transfer is based on the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Sizmek is certified for the EU-U.S. Data Privacy Framework. Further information can be found here.

You can find more information about the scope of data processing by the provider here: Sizmek Privacy Policy.

9.10 [m]Insights

We use [m]Insights, a marketing tool from the provider GroupM, Derendorfer Allee 26, 40476, Düsseldorf, Germany. [m]Insights creates pseudonymized user profiles to control and optimize online advertising.

The following categories of data are collected by [m]insights:

the IP address (only for the duration of the setting or reading of cookies, then filtered and not processed further)
Cookie IDs and IDs for mobile advertising (e.g. IDFAs, Google Advertising IDs) and the [m]Insights proxy ID
Date and time of the online activity

The data is processed and stored exclusively within the European Union.

GroupM stores the data in pseudonymized form for a maximum period of 53 days after the last contact with the cookie. If there is no such contact, the corresponding user profile is deleted.

Further information can be found in GroupM's privacy policy.

9.11 Pinterest

We use the audience targeting service of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Streen, Dublin 2, Ireland, for usage-based online advertising.

We define target groups based on certain characteristics in order to show them targeted advertisements on Pinterest. Pinterest selects these users based on their profile data and usage behavior. If a user clicks on one of our advertisements and reaches our website, Pinterest receives information about this click via the integrated Pinterest tag. A pseudonymized identifier (hash value) is generated from your usage data and transmitted to Pinterest for analysis and marketing purposes. Pinterest sets a cookie for this purpose, which stores information about your activities on our website. Your IP address can also be stored for the geographical control of advertising.

You can find more information on data processing in Pinterest's privacy policy.

9.12 Outbrain

We use Outbrain, a web advertising platform of Outbrain UK Limited, 5th Floor, The Place, 175 High Holborn, London, WC1V 7AA, United Kingdom.

Outbrain analyses your user behavior in order to display personalized reading recommendations within our website and on third-party websites. The content displayed in the Outbrain widget is based on previously read articles and is controlled automatically. For this purpose, Outbrain uses cookies that collect device-related information such as the browser type, the device source and an anonymized IP address. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. Your personal data is also processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future without affecting the lawfulness of processing based on consent before its withdrawal.

You can prevent the storage of Outbrain cookies by selecting the appropriate settings in your browser software or by deactivating them using Outbrain's opt-out function. Please note, however, that in this case not all functions of this website may be available without restriction.

Further information on data processing by Outbrain can be found in the Outbrain privacy policy.

9.13 Braze INC

We use the platform of Braze Inc. (63 Madison Building, 28 East 28th Street, Floor 12, New York, NY 10016, USA) to optimize our marketing campaigns, provide personalized content and analyze user behavior as part of order processing.

When you use these functions, we collect and process your personal data, including contact information (e.g. name, email address), interaction data for our marketing campaigns (e.g. email open and click rates), user profiles, event data and purchases as well as user behavior. Data processing is used to personalize and improve the user experience, optimize and analyze marketing campaigns, provide relevant content and support the purchase process and manage the customer relationship.

Braze uses technologies such as cookies, whereby information such as user ID, session ID, device ID, opt-out preferences, device information, browser data, language, screen resolution, time zone, user agent, IP address and the date and time of the page view can be collected and transmitted to Braze.

The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. Your personal data is also processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR for personalized advertising and marketing communication. You can revoke your consent at any time with effect for the future without affecting the legality of the processing carried out until the revocation. For the processing of orders and customer communication, data processing is carried out to fulfill our contractual obligations on the basis of Art. 6 para. 1 lit. b GDPR. In addition, processing is carried out on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in order to optimize marketing campaigns and analyze user behavior. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

Your personal data may be transferred to the USA. The transfer is based on the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Braze is certified for the EU-U.S. Data Privacy Framework. Further information can be found here.

Your personal data will only be stored for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Braze stores data such as user profiles, custom attributes and event data for the duration of our contractual relationship with Braze. Upon termination of our relationship or upon your request, your data will be deleted within 60 days. Data stored in backups remains for a maximum of six months before it is permanently deleted. We comply with the applicable statutory retention periods and data protection regulations.

You can find more information on the collection and use of your data by Braze at Braze Privacy Policy

9.14 Trusted Shops Widget/ Trustbadge

We integrate the Trusted Shops Trustbadge and other Trusted Shops widgets from Trusted Shops (Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne) on our website to show you our Trusted Shops ratings and give you the opportunity to submit a rating yourself.

The Trusted Shops widget is integrated on our website via an interface ("API") to Trusted Shops using Javascript. In particular, the trust badge also sets cookies.

When you call up the Trustbadge or the widgets, your browser establishes a connection to the Trusted Shops servers. The Trusted Shops web server automatically collects so-called server log files, which may contain the following data in particular:

IP address,
Date and time of access,
amount of data transferred,
requesting provider,
requested page/URL.

This access data is used exclusively to ensure trouble-free operation of the Trustbadge and for error analysis. We do not evaluate this access data.

The Trustbadge can set cookies. Furthermore, personal data will only be transmitted to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement concluded between you and Trusted Shops applies. We ourselves do not receive any personal data through the mere display of the Trustbadge.

The integration of the Trustbadge is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to present our Trusted Shops profile and our ratings transparently and thus strengthen trust in our offer. We also want to ensure that you reach our correct profile and do not come across similar or misleading profiles. Trusted Shops also has a legitimate interest in optimizing its services.

Trusted Shops may use external service providers (e.g. content delivery networks) for the delivery of the Trustbadge, where a transfer of personal data to third countries (e.g. USA) is possible. If necessary, the transfer takes place on the basis of an adequacy decision (e.g. EU-U.S. Data Privacy Framework) or by concluding EU standard contractual clauses and, if necessary, additional protective measures. You can find further information at: https://shop.trustedshops.com/de/datenschutz.

The provision of your personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are not obliged to provide this data. However, if you do not provide it, you may not be able to use certain functions (such as ratings) or only to a limited extent.

Further information on data protection at Trusted Shops, on the service providers used and on a possible transfer to third countries can be found at:
https://shop.trustedshops.com/de/datenschutz.

9.15 Sentry

On our website, we use Sentry, an automatic error management tool from Functional Software, Inc, 132 Hawthorne Street, San Francisco, CA 94107, USA.

When using our website, Sentry may process personal data, including technical information on errors that have occurred, the URL of the website concerned, browser information, operating system, IP address (in pseudonymized form) and technical device information. The data processing serves to detect and correct programming errors and to improve the technical stability of our website.

The processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to provide a technically error-free and optimized offer. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

Your personal data may be transferred to the USA. The transfer is based on the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Functional Software, Inc. is certified for the EU-U.S. Data Privacy Framework. Further information can be found here.

You can find more information on the collection and use of your data by Sentry in Sentry's privacy policy at https://sentry.io/privacy/.

10. Plug-ins and Technical Services

10.1 Google Maps Plug -in

This site uses the map service Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, information, including your IP address and the address you enter as part of the route function, may be transmitted to the provider's servers. This information is usually transferred to a Google server in the USA and stored there. When you visit a website that contains Google Maps, your browser establishes a direct connection to Google's servers, whereby the map content is sent to your browser and integrated by it. The provider of this site has no influence on this data transfer. According to current knowledge, this includes the following data:

Date and time of the visit to the website in question,
Internet address or URL of the website accessed,
IP address,
(Start) address entered during route planning.

You can find more information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/

In the USA:

In Europe:

Your Online Choices - Opt-Out Platform

If you want to deactivate the services provided by Criteo in your Facebook account, you can do this in the Facebook settings: Facebook settings.

10.2 Social plugins

This website uses social plugins from the providers:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Instagram (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

The plugins can be recognized by the respective logo of the provider, for example the Facebook logo or the Instagram camera symbol. By default, these plugins collect data and transmit it to the servers of the respective providers. To ensure the protection of your privacy, we have implemented technical measures to ensure that your data is only collected after your active consent. The plugins are therefore initially deactivated when you visit our website. Only when you click on the corresponding symbol do you activate the plugin and agree to the data transfer.

Once activated, the plugins also collect personal data, such as your IP address, and transmit it to the provider's servers, where it is stored. They also set a cookie with a unique identifier that allows your usage behavior to be analyzed - even if you are not a member of the social network. However, if you have an account with the respective provider and are logged in during your visit to our website, the data collected can be linked directly to your profile.

We have no influence on the scope of data processing by the providers. Further information on data collection, use and your protection options can be found in the data protection notices of the respective networks:

Facebook: https://www.facebook.com/policy.php

Instagram: https://privacycenter.instagram.com/policy

10.3 Serverside tracking

We use server-side tracking on our website to make the collection and processing of user data more effective and data protection-friendly. With server-side tracking, tracking scripts are not executed in the user's browser, but on our own servers in Germany. We anonymize your data and forward it to the server of the tracking tool provider in the next step. We only use first party cookies and do not use third party cookies. No personal data is transmitted to tracking providers or tracking tools; we retain control over your data. We ensure that there is never a direct connection between your personal data and our tracking service providers.

The processing of the data is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to operate our website securely and efficiently. The data collected will not be passed on to third parties and will only be stored on our servers.

You have the right to object to the processing of your personal data at any time. Please note, however, that in this case certain functions of our website may only be available to a limited extent.

10.4 SalesViewer® technology

On our website we use the SalesViewer® technology of SalesViewer® GmbH, Huestraße 30, 44787 Bochum, Germany. This technology is used to collect and store data for marketing, market research and optimization purposes.

For this purpose, a javascript-based code is used to collect company-related data and use it accordingly. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.

The data stored in the context of SalesViewer® is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

The data is processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to optimize our offer and adapt it to the needs of our users. You can object to the collection and storage of data by SalesViewer® at any time with effect for the future by calling up the opt-out link: https://www.salesviewer.com/opt-out. This will place an opt-out cookie for this website on your device. If you delete your cookies in this browser, you must click on this link again.

Further information on data protection at SalesViewer® can be found here.

10.5 Akamai

We use the Content Delivery Network (CDN) of Akamai Technologies GmbH, Parkring 20-22, 85748 Garching, Germany. Akamai is a network of globally distributed servers that increases the security and delivery speed of our website.

When you visit our website, personal connection data is automatically transmitted to Akamai. In particular, the following data is processed:

IP address
Date and time of access
Resources accessed (URLs)
Browser and operating system information
Telemetry data if applicable (e.g. mouse movements, clicks, browser data)

The processing is based on our legitimate interest in the secure and efficient provision of our online services and the defense against attacks on our website (Art. 6 para. 1 sentence 1 lit. f GDPR). The use of an external CDN enables us to ensure the functionality, stability and security of our website in accordance with the state of the art. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

The data is generally processed on servers within the European Union. In individual cases, your personal data may be transferred to the USA. The transfer takes place on the basis of the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Akamai Technologies Inc. is certified for the EU-U.S. Data Privacy Framework. Further information can be found here.

Your personal data will only be stored for as long as is necessary to achieve the purposes stated in this Privacy Statement. For more information on the collection and use of your data by Akamai, please refer to the Akamai Privacy Statement.

10.6 Amazon CloudFront

To increase the security, stability and delivery speed of our website, we use the Amazon CloudFront content delivery network (CDN) from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg ("AWS"). AWS is a network of globally distributed servers that serves to efficiently deliver static and dynamic content to you as a user and to improve the accessibility and reliability of our website.

When you visit our website, the following personal data is automatically transmitted to AWS servers, including

IP address
Date and time of access
Pages/URLs accessed
Browser and operating system information
Location data based on the IP address, if applicable
Other technical access data (server log files)

Data processing is carried out on the basis of our legitimate interest in the stable, secure and efficient provision of our website in accordance with Art. 6 para. 1 lit. f GDPR. The use of an external CDN enables us to ensure the functionality, stability and security of our website in accordance with the state of the art. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

The data is generally processed on servers within the European Union. In individual cases, your personal data may be transferred to the USA. The transfer takes place on the basis of the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). AWS is certified for the EU-U.S. Data Privacy Framework. Further information can be found here.

Personal data is only stored by AWS for as long as is necessary to achieve the stated purposes.

Further information on data protection at AWS can be found here.

10.7 Cloudflare

To secure our website and to optimize the loading speed, we use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany ("Cloudflare"). Cloudflare operates a network of globally distributed servers via which static and dynamic web content is delivered. This reduces loading times, increases stability and protects our website from abusive access (e.g. DDoS attacks).

The following personal data may be processed when using Cloudflare:

IP address
Date and time of access
Pages/URLs accessed
Browser and operating system information
Other technical access data (server log files)

The data is generally processed on servers within the European Union. In individual cases, your personal data may be transferred to the USA. The transfer takes place on the basis of the adequacy decision of the European Commission in accordance with the EU-U.S. Data Privacy Framework (DPF). Cloudflare is certified for the EU-U.S. Data Privacy Framework. Further information can be found here.

Cloudflare will only store your personal data for as long as is necessary for the stated purposes.

You can find more information on data protection at Cloudflare, click here.

11. Data Transmission

Your personal data will not be passed on to third parties unless:

disclosure is required by law,
it is necessary for the performance of the contractual relationship or
you have previously expressly consented to the disclosure of your data.

Possible recipients are consultants, auditors, courts and authorities. Your data will also be passed on to our affiliated company Melitta Europa GmbH & Co KG.

External service providers such as payment service providers, transport companies and shipping companies and support service providers commissioned with the delivery will receive your data insofar as this is necessary to process your order. In these cases, the amount of data transmitted is limited to the minimum required. In addition to the expressly named service providers, we use other service providers as processors, including IT service providers, marketing service providers and customer support service providers. If these service providers process personal data on our behalf, we ensure that they comply with the data protection regulations in the same way by means of order processing contracts in accordance with Art. 28 GDPR. Please also note the data protection notices of the respective providers.

We attach great importance to processing your data within the EU or the European Economic Area (EEA). In exceptional cases, however, we may use service providers outside the EU or EEA. In these cases, we ensure that the recipient has an adequate level of data protection that is comparable to the standards within the EU. We ensure this, for example, through EU standard contractual clauses, binding corporate rules (BCRs) or other suitable guarantees within the meaning of Art. 46 GDPR.

12. Storage period of the data

Your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected and the deletion does not conflict with any statutory retention obligations.

Longer storage may be necessary if:

this is provided for by European or national laws or
the data must be further processed for other legally permissible purposes (e.g. to fulfill tax or accounting obligations).

In these cases, the processing of the data is restricted and the data is blocked so that it is not used for other purposes.

13. Rights of data subjects

If the respective legal requirements are met, you have the following rights with regard to the processing of your personal data:

13.1 Right to information, Art. 15 GDPR

You have the right to request confirmation from us as to whether we are processing personal data about you. If this is the case, you can request information about the data processing and a copy of the processed data. You can use our contact form for this purpose.

13.2 Right to rectification, Art. 16 GDPR

You have the right to request the correction of incorrect data or the completion of incomplete data. If you would like to update your data yourself, you can do so in your online self-service area.

13.3 Right to erasure ("right to be forgotten") Art. 17 GDPR

Under the conditions of Art. 17 GDPR, you can request the deletion of your personal data. However, deletion is only possible if there are no legal or contractual retention obligations or other legitimate reasons for further storage. Please use our contact form to request erasure.

13.4 Right to restriction, Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data. Please use our contact form for this purpose.

13.5 Rights of objection, Art. 21 GDPR

You have the right to object to the processing of your personal data at any time, provided that it is based on Art. 6 para. 1 lit. f GDPR (legitimate interest) - this also applies to direct advertising to you as an existing customer. Direct advertising to you as an existing customer. The objection can be made informally. Please use our contact form.

13.6 Right of withdrawal, Art. 7 para. 3 GDPR

If you have given us your consent to process your personal data, you can revoke this at any time with effect for the future. The processing carried out up to the time of revocation remains unaffected. The revocation can be made via our contact form or to the address stated in section 2.

If you have created an account with us, you can manage your data sharing yourself under "My data sharing". There you have the option of revoking consent for advertising emails (opt-in/opt-out advertising emails) and managing push notifications.

13.7 Right to data portability, Art. 20 GDPR

You have the right to receive your personal data in a structured, commonly used and machine-readable format and to request the transmission of this data to another controller.

13.8 Right to lodge a complaint, Art. 77 GDPR

You have the right to lodge a complaint with a supervisory authority if you believe that our data processing violates the GDPR.

You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Phone: +49 211 38424-0
Fax: +49 211 38424-999

[email protected]

Last Update: May 2025