Data protection

Welcome to our website! We appreciate your interest. Protecting your personal data is very important to us. Therefore, we conduct our activities in accordance with applicable data protection and data security laws. Below, we would like to inform you about what data from your visit is collected and for what purposes.

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the following processing operations.
“Personal data” means any information relating to an identified or identifiable natural person.

What is personal data?

The term "personal data" is defined in the German Federal Data Protection Act and the EU General Data Protection Regulation (GDPR). According to these laws, personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, address, telephone number, or date of birth. Learn more hereLearn more about what data protection actually is.

Scope of anonymous data collection and processing

Unless otherwise stated in the following sections, no personal data is collected, processed, or used when you use our websites. However, through the use of analytics and tracking tools, we receive certain technical information based on data transmitted by your browser (for example, browser type/version, operating system used, pages visited on our website including time spent on each page, and the previously visited website). We analyze this information solely for statistical purposes.

Relevant legal bases for the processing of personal data

Insofar as we have a consent If consent is obtained from the data subject, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.
Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
In the event that the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and the interests or fundamental rights and freedoms of the data subject do not override those interests, then Article 6(1)(f) GDPR serves as the legal basis for the processing.

Use of cookies

The Disskin GmbH website uses cookies. Cookies These are data that are stored by the internet browser on the user's computer system. Cookies can be transmitted to a website when it is accessed, thus enabling the user to be identified.Cookies help to simplify the use of websites for users.

It is possible to object to the setting of cookies at any time by changing the settings in your internet browser. Cookies that have already been set can be deleted. Please note that if you deactivate cookies, you may not be able to use all the functions of our website to their full extent. The user data collected in this way is pseudonymized through technical measures. Therefore, it is no longer possible to associate the data with the user accessing the website. The data is not stored together with other personal data of the users. When you access our website, you will be informed about the use of cookies for analytical purposes via an information banner and referred to this privacy policy. The banner also explains how you can prevent the storage of cookies in your browser settings. The legal basis for processing personal data using technically necessary cookies is Article 6(1)(f) GDPR. The legal basis for processing personal data using cookies for analytical purposes, if the user has given their consent, is Article 6(1)(a) GDPR. Whether and to what extent cookies are used on our website can be found in our cookie banner and in our information in this privacy policy.

Creation of log files

Each time the website is accessed, Disskin GmbH automatically collects data and information. This data is stored in the server's log files. The data is also stored in our system's log files. This data is not stored together with other personal data of the user.
The following data can be collected:

(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's Internet service provider
(4) The user's IP address
(5) Date and time of access
(6) Websites from which the user's system accessed our website (referrer)
(7) Websites accessed by the user's system via our website

Duration of storage of personal data

Personal data is stored for the duration of the respective statutory retention period. After this period expires, the data is routinely deleted, unless it is required for initiating or fulfilling a contract.

Ways to get in touch

A contact form is available on the Disskin GmbH website for electronic communication. Alternatively, you can contact us via the provided email address. If you contact the data controller via one of these channels, the personal data you provide will be automatically stored. This data is stored solely for the purpose of processing your request or contacting you. Your data will not be shared with third parties. The legal basis for processing your data is Article 6(1)(a) GDPR if you have given your consent. The legal basis for processing data transmitted via email is Article 6(1)(f) GDPR. If the email contact aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.For personal data from the contact form and those transmitted by email, this is the case when the respective conversation with the user has ended. A conversation is considered ended when it is clear from the circumstances that the matter in question has been conclusively resolved.

1. Newsletter based on consent (double opt-in)

You can subscribe to our newsletter by registering via the corresponding form. Registration uses a double opt-in process: After registering, you will receive a confirmation email asking you to confirm your subscription. This is to prevent fraudulent registrations.

When you register, we store your IP address, the date and time of registration to verify your registration. This data is used exclusively for sending the newsletter. It will only be shared with third parties if this is necessary for sending the newsletter (e.g., with service providers) or if there is a legal obligation to do so.

Legal basis: Article 6 paragraph 1 letter a GDPR (consent).
You can withdraw your consent at any time with effect for the future. A corresponding link can be found in every email.

2. Direct marketing within the framework of soft opt-in (§ 7 para. 3 UWG)

If you have provided us with your email address in connection with a registration or a purchase, we may use it in accordance with Section 7 Paragraph 3 of the German Unfair Competition Act (UWG) to send you information about similar products from our range.
According to the current case law of the European Court of Justice (judgment of 13 November 2025, C-654/23), this is the case. No additional legal basis is required under Article 6 GDPR., since Article 13(2) of the ePrivacy Directive and Section 7(3) of the Unfair Competition Act (UWG) lex specialis apply.

We only send advertising for products that are considered "similar" within the meaning of Section 7 Paragraph 3 of the German Unfair Competition Act (UWG). This includes our entire range of clothing and fashion items.

Contradiction:
You can object to the use of your email address for direct marketing at any time, free of charge. An unsubscribe link is included in every email. This objection does not affect the use of your customer account or existing contractual relationships.

Klaviyo Inc.

Description and purpose

We use the cloud-based service provider Klaviyo Inc. to send our newsletter on our website. Klaviyo is used to create, send, and manage newsletters and marketing emails. When you subscribe to our newsletter, we process your personal data in the form of your IP address, email address, date and time, action type, metadata, and object and profile references. Through an integrated data platform and AI, Klaviyo combines marketing automation, analytics, and customer service in a unified solution, which makes it easier for us to better understand our customers and grow faster.

Legal basis

The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR and Art. 6 para. 1 lit. f). Our overriding legitimate interest arises from direct marketing for acquiring new customers.

Recipient

The recipient of your personal data is Klaviyo, Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, USA.

Transfer to third countries

The personal data will be transferred to the United States. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. We have, in accordance with Article 46, paragraph 1, the necessary safeguards for this transfer to the USA.Article 2(c) GDPR stipulates that we have concluded legally approved contractual clauses, such as the standard contractual clauses approved by the European Commission, with the data importer. Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Furthermore, the data will be deleted if you exercise your right to erasure pursuant to Article 17(1) GDPR.

Cancellation

You have the right to withdraw your granted consent You may withdraw your consent at any time, cf. Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons, and will take effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal. Further information on this can be found in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on data protection at Klaviyo can be found here: https://www.klaviyo.com/legal/data-processing-agreement

Online Shop

We use your personal data to process your online purchases (your orders and returns are handled through our online services) and to send you delivery status updates or notifications if there are any issues with the delivery of your items. We also use your personal data to process your payments. Furthermore, we use your data to handle complaints and product warranty claims. Your personal data is used to verify your identity, ensure you are of legal age to purchase online, and check your address with external partners. We aim to offer you multiple payment methods and conduct analyses to determine which payment options are available to you, including reviewing your payment history and performing credit checks.

Data transfer when using online payment service providers

Should you choose to pay using one of our online payment providers during the ordering process, your contact details will be transmitted to them as part of the order. The legal basis for this data transfer is Art. 6 para. 1 lit. b) GDPR, for the execution of your chosen payment method, and our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR in enabling user-friendly and straightforward payment processing. The personal data transmitted to the online payment provider typically includes your first name, last name, address, IP address, email address, and other data necessary for order processing, as well as data related to the service, such as the type of service, the recipient's identity, the invoice amount and applicable taxes, invoice information, etc. This transmission is necessary for the provision of the service using your chosen payment method, in particular for verifying your identity, administering your payment, and managing the customer relationship.Please note, however, that personal data may also be shared by the online payment service provider with service providers, subcontractors, or other affiliated companies, insofar as this is necessary to fulfill the contractual obligations arising from your order or if the personal data is to be processed on their behalf. Depending on the payment method selected, z.B. For invoice or direct debit payments, the personal data transmitted to the provider will be forwarded by the provider to credit reference agencies. This transmission serves the purpose of identity and creditworthiness verification in relation to the payment you have made... [truncated]

American Express Services Europe Limited, Frankfurt am Main Branch, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html
Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
PayPal (Europe) S.à.r.l. & Cie. S.C.A. , 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Stripe, Inc.,185 Berry Street, Suite 550, San Francisco, CA 94107, USA https://stripe.com/de/privacy#translation G. micropayment GmbH, Scharnweberstrasse 69, D-12587 Berlin https://www.micropayment.de/about/privacy/
Klarna AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
(Apple Pay) Apple Distribution International, Hollyhill Industrial Estate, Hollyhill Cork, Ireland;
Shopify Payments, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5;
Google Pay (Europe), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
UnionPay International Youxian Gongsi German Branch - An der Welle 4, 60322 Frankfurt am Main
https://www.unionpayintl.com/en/privacyNotice/?utm_source=chatgpt.com
Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Bruxelles, Belgium at
https://help.xe.com/hc/de/sections/19601578205457-Hinweis-zum-Datenschutz
(BLIK) Polski Standard Płatności sp. e.g o.o. , ul. Czerniakowska 87A, 00-718 Warsaw, Poland
https://www.blik.com/media/PRIVACY_POLICY_AND_COOKIES_POLICY.pdf
(Przelewy24) PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland at
https://www.przelewy24.pl/en/information-obligation-gdpr-payer
TWINT AG, Stauffacherstrasse 41, CH-8004 Zurich, Switzerland
https://www.twint.ch/datenschutz/
iDeal Currency Holding B.V. , Beethovenstraat 300, 1077 Amsterdam, Netherlands
https://ideal.nl/en/ideal-privacy-cookiestatement

Transfer to third countries

We would like to inform you that your personal data may also be transferred to a server in a third country and therefore processed outside the EU.

Length of time

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. Furthermore, the data will be deleted if you withdraw your consent or request the deletion of your personal data. There is no contractual or legal obligation to provide personal data. Providing personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are also not obligated to provide the personal data. However, failure to provide it may result in you being unable to use this service, or not being able to use it fully.

Registration on our website

If the data subject uses the option to register on the controller's website by providing personal data, the data entered in the respective input form will be transmitted to the controller. The data will be stored exclusively for internal use by the controller. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. During registration, the user's IP address, as well as the date and time of registration, are stored. This serves to prevent misuse of the services. The data will not be disclosed to third parties, except where there is a legal obligation to do so. Data registration is required for the provision of content or services. Registered users have the right to have their stored data deleted or modified at any time. The data subject can obtain information about their stored personal data at any time.

Routine deletion and blocking of personal data

The data controller processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of storage. Storage may also occur if provided for by European or national legislation in EU regulations, laws, or other provisions to which the data controller is subject. As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or erased.

Rights of the data subject

If your personal data is being processed, you are a data subject. i.S.d. GDPR and you have the following rights vis-à-vis the controller:

Right of access pursuant to Art. 15 GDPR

You can request confirmation from the data controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the data controller:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom your personal data have been or will be disclosed;
the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period;
the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origin of the data if the personal data are not collected from the data subject;
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether your personal data is being transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

Right to rectification pursuant to Art. 16 GDPR

You have the right to rectification and/or completion from the data controller if the processed personal data concerning you is inaccurate or incomplete. The data controller must carry out the rectification without undue delay.

Right to erasure pursuant to Art. 17 GDPR

(1) You have the right to request that the controller erase your personal data without undue delay, and the controller is obliged to erase such data without undue delay where one of the following grounds applies:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
Your personal data has been processed unlawfully.
The erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
Your personal data was collected in relation to information society services offered, in accordance with Article 8(1) of the GDPR.

(2) Where the controller has made your personal data public and is obliged pursuant to Article 17(1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copies or replications of, those personal data.

(3) The right to erasure does not apply to the extent that processing is necessary.

to exercise the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
for the establishment, exercise or defense of legal claims.

Right to restriction of processing pursuant to Art.Article 18 GDPR

Under the following conditions, you can request the restriction of the processing of your personal data:

if you contest the accuracy of your personal data for a period that allows the controller to verify the accuracy of the personal data;
the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of the use of the personal data;
the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise or defense of legal claims, or
if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, this data – apart from being stored – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing was lifted pursuant to the o.g. If conditions are restricted, you will be informed by the responsible party before the restriction is lifted.

Right to information pursuant to Art. 19 GDPR

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obligated to communicate this rectification, erasure, or restriction of processing to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about these recipients.

Right to data portability pursuant to Art. 20 GDPR

You have the right to receive the personal data you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
The processing is carried out using automated means. In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of other persons must not be adversely affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Right to withdraw consent under data protection law pursuant to Art. 7 para. 3 GDPR

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and the controller,
is permitted under Union or Member State law to which the controller is subject and which contains appropriate measures to safeguard your rights and freedoms and legitimate interests or
This is done with your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures to protect your rights and freedoms and legitimate interests have been taken.

With regard to the cases mentioned in a. and c., the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Integration of other third-party services and content

Description and purpose

It is possible that third-party content, such as videos, fonts or graphics from other websites, may be integrated into this online service.This always requires that the providers of this content (hereinafter referred to as "third-party providers") are aware of the users' IP addresses. Without the IP address, they could not send the content to the respective user's browser. The IP address is therefore necessary for displaying this content. We strive to use only content from providers who use the IP address solely for delivering the content. However, we have no control over whether the third-party providers use the IP address for other purposes. z.B. We store data for statistical purposes. Where this is the case, we inform users accordingly. We aim to provide and improve our online services through these integrations.

Legal basis

The legal basis for integrating other third-party services and content is Article 6(1)(f) GDPR. Our overriding legitimate interest lies in the intention to present our online presence accordingly and to provide user-friendly and economically efficient services. Further information can be found in the respective privacy policies of the providers.

Contractual or legal obligation to provide personal data

Providing your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are also not obligated to provide your personal data. However, failure to provide it may mean that you cannot use this function, or cannot use it fully.

Data transfer to third countries

The controller may transfer personal data to a third country. In principle, the controller can ensure an adequate level of protection for the processing through various appropriate safeguards. Data transfers can be based on an adequacy decision, internal data protection regulations, approved codes of conduct, standard data protection clauses, or an approved certification mechanism pursuant to Article 46(2)(a) to (f) GDPR.

If the controller carries out a transfer to a third country on the legal basis of Art. 49 para. 1 lit. a) GDPR, you will be informed here about the possible risks of a data transfer to a third country.

There is a risk that the third country receiving your personal data may not offer an equivalent level of protection to that afforded to personal data in the European Union. This can occur, for example, if the European Commission has not issued an adequacy decision for the third country in question or if certain agreements between the European Union and that third country are declared invalid. Specifically, some third countries pose risks to the effective protection of fundamental EU rights due to the use of surveillance laws (for example, the USA). In such cases, it is the responsibility of both the data controller and the recipient to assess whether the rights of data subjects in the third country enjoy an equivalent level of protection to that in the Union and can be effectively enforced.

However, the General Data Protection Regulation should not undermine the level of protection guaranteed across the Union for natural persons when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, even if personal data are subsequently transferred from a third country or an international organisation to controllers or processors in the same or another third country or to the same or another international organisation.

Other functions of the website

Google Analytics 4

Description and purpose

This website uses Google Analytics 4.0, a web analytics service provided by Google LLC, to analyze website usage. This service uses cookies – text files that are stored on your device. First-party cookies are used for this purpose. With a first-party cookie, the user can only be recognized by the website from which the cookie originated, not across multiple domains. The information collected by the cookies is generally transmitted to and stored on a Google server in the USA. Google Analytics may be used on this website with the code "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (IP masking). Please also note the following information regarding the use of Google Analytics: The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening removes the personal reference from your IP address. For EU citizens, the IP address is also only used to derive location data and then deleted. You also have the option to enable or disable the collection of detailed location and device data for individual regions (tracking settings). Under the data processing agreement that website operators have concluded with Google LLC, Google uses the collected information to create an analysis of website usage and activity and to provide services related to internet usage.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Transfer to third countries

Personal data will be transferred to the United States. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. We have concluded standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibility and, where necessary, will take additional measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. Furthermore, the data will be deleted if you exercise your right to erasure pursuant to Article 17(1) GDPR. The maximum storage period is 14 months.

Cancellation

You have the right to withdraw your granted consent You may withdraw your consent at any time, cf. Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons, and will take effect for the future. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://support.google.com/analytics/answer/6004245?hl=de https://policies.google.com/privacy?hl=de&gl=de.

Google Ads and Conversion Tracking

Description and purpose

To draw attention to our current projects and developments, planned activities, and services, we run Google AdWords ads and utilize Google Conversion Tracking. Google AdWords (Google Ads) is a service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These ads are displayed on websites within the Google advertising network after search queries. We have the option to combine our ads with specific keywords. We also use AdWords remarketing lists for search ads. This allows us to tailor search ad campaigns to users who have previously visited our website. These services enable us to combine our ads with specific keywords or to display ads to previous visitors that include relevant content. z.B. Services that visitors have viewed on our website are advertised. Analyzing online user behavior is necessary for interest-based offers. Google uses cookies to perform this analysis. When a user clicks on an ad or visits our website, Google places a cookie on their computer. This information is used to target the visitor with relevant ads during subsequent searches. Further information about the cookie technology used can be found in Google's information on website statistics and in their privacy policy. Using this technology, Google and we, as the customer, receive information that a user clicked on an ad and was redirected to our website to contact us via the contact form. Google and we, as the customer, also receive information via Google referral numbers that a user has visited... [truncated]

Legal basis

The legal basis for processing your personal data is consent pursuant to Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The data controller responsible for processing your information depends on your usual place of residence, unless otherwise stated in the privacy policy of a specific service.

Google Ireland Limited for users of Google services who are habitually resident in the European Economic Area or Switzerland
Google LLC for users of Google services who are habitually resident in the United Kingdom.

Transfer to third countries

Personal data will be transferred to the USA (server location). This transfer is subject to appropriate safeguards pursuant to Article 46 GDPR. We have concluded standard contractual clauses with the data importer in accordance with Article 46(2)(c) GDPR. Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

Cancellation

You have the right to withdraw your consent at any time, cf. Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons, and will take effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal. You can find further information on this above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: www.google.com/policies/privacy/. Further information on how Google as a company handles personal data in a business context can be found on Google's Business Data Responsibility Site: https://business.safety.google/privacy/.

Google Ads Remarketing Service

Description and purpose

Our website uses the Google Ads Remarketing Service Google LLC. This service allows us to display interest-based advertising to visitors of our website. For this purpose, Google uses cookies and processes information about your usage behavior (e.g., pages visited, click behavior, technical data such as IP address). The purpose is to analyze user behavior in order to show you personalized advertising on other websites.

By using cookies or pixels, the system recognizes returning users and segments them based on their behavior, such as which pages they visited or how long they stayed there.

As part of these remarketing measures, Google processes various personal data. This includes, in particular, the IP address, information about the device and browser used, and the specific user behavior on the website. This data is collected via cookies and tracking IDs and transmitted to Google.

The collected data is primarily used for the personalization of advertising, the measurement of campaign success, and the optimization of ads and target groups.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a)

Recipient

The recipient of your personal data is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Transfer to third countries

Personal data will be transferred to the United States. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. Where necessary, we have implemented appropriate safeguards. i.S.d We have concluded an agreement with the data importer in accordance with Article 46(2) of the GDPR. Furthermore, Google LLC is certified under the Data Privacy Framework. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

Cancellation

You have the right to withdraw your consent at any time pursuant to Article 6(1)(a) GDPR, cf. Article 7(3) sentence 1 GDPR. This can be done informally and without giving reasons, and will take effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can find further information on this above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://policies.google.com/privacy?hl=de&_gl=1*1ltq0is*_ga*MzE0Mzg4NzI2LjE3NTYxOTYzMTQ.*_ga_V9K47ZG8NP*czE3NTYxOTYzMTMkbzEkZzAkdDE3NTYxOTYzMTYkajU3JGwwJGgw

Google Maps

Description and purpose

This website uses the Google Maps API from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to visually display geographical information. When using Google Maps, Google also collects, processes, and uses data about how visitors use the map features.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

Personal data will be transferred to the United States. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. Where necessary, we have implemented appropriate safeguards. i.S.d Article 46(2) GDPR has been concluded with the data importer. Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

Cancellation

You have the right to withdraw your granted consent You may withdraw your consent at any time, cf. Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons, and will take effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal. You can find further information on this above in our privacy policy under “Rights of data subjects”.

contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here:

https://policies.google.com/privacy?hl=de&gl=del

Microsoft Clarity

Description and purpose

We use the Microsoft Clarity service from Microsoft Corporation on our website. Microsoft Clarity helps us gain better insights into how our website is used, in order to further improve its user-friendliness. The service allows us to create heatmaps, overviews of cursor and scroll movements, and process data such as access times and IP addresses.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Transfer to third countries

Personal data will be transferred to the United States. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. To this end, we have concluded legally approved contractual clauses, such as the standard contractual clauses approved by the European Commission, with the data importer, in accordance with Article 46(2)(c) of the GDPR. Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

Cancellation

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on data protection at Microsoft can be found here: https://privacy.microsoft.com/de-de/privacystatement

Microsoft Ads

Description and purpose

We use Microsoft Ads technologies on our website (bingads.microsoft.comThis website uses cookies provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft places a cookie on your device if you have accessed our website via a Microsoft Bing ad. This allows Microsoft Bing and the website operator to recognize that someone clicked on an ad, was redirected to our website, and reached a predefined target page (conversion page). We only receive the total number of users who clicked on a Bing ad and were then redirected to the conversion page. Microsoft collects, processes, and uses information via the cookie to create pseudonymous user profiles (Microsoft Conversion Tracking). These user profiles are used to analyze visitor behavior and to display advertisements. No personal information relating to the user's identity is processed.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

Your personal data will be transferred to and stored by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”).

Transfer to third countries

Personal data will be transferred to the United States. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. Where necessary, we have concluded appropriate safeguards within the meaning of Article 46(2) of the GDPR with the data importer.Furthermore, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons and to ensure the protection of personal data.

Duration of data storage

Cancellation

You have the right to withdraw your granted consent You may withdraw your consent at any time, cf. Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons, and will take effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal. You can find further information on this above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here:

https://privacy.microsoft.com/en-US/privacystatement

Meta-Pixel

Description and purpose

To understand your user behavior, we use the so-called meta pixel from Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA. This is an analytics tool that measures the effectiveness of advertising. It's a code snippet for the website that allows us to measure, optimize, and build audiences for advertising campaigns. Conversion tracking allows us to monitor across devices (including mobile phones, tablets, and desktop computers) what actions people take after seeing our Facebook ads. By creating a meta pixel and adding it to the pages where conversions occur (z.B. (The purchase confirmation page), we can determine which individuals convert as a result of our Facebook ads. The pixel further tracks the actions people take after clicking on our ads. We can determine which device our customers used to see the ad and on which devices they ultimately completed the conversion. According to Facebook, the data collected includes:

HTTP headers
HTTP headers contain a range of information that is sent via a standard web protocol between any browser request and any server on the internet. HTTP headers include information such as IP addresses (which in Germany can only be evaluated at the general country level), information about the web browser, page location, document, URI reference, and the web browser's user agent.
Pixel-specific data
This includes the pixel ID and Facebook cookie data, which are used to link events to a specific Facebook advertising account and attribute them to a person known to Facebook.
Optional values
Developers and marketers can optionally send additional information about the visit via standard and custom data events. Typical custom data events include information about whether a purchase was made on a page, the conversion value, and much more. You can find more information about custom data events here. With your consent, we use the "visitor action pixel" from Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA, on our website.If you are based in the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, will use this conversion tool. This allows us to track your actions after you have seen or clicked on a Facebook ad. This serves to monitor and analyze the effectiveness of our Facebook ads for statistical and market research purposes. Although we can only see this data in anonymized form, it is also stored and processed by Facebook. We do not know exactly what Facebook does with this data, but it can be assumed that Facebook can and will link this data to your Facebook account. Facebook can then use this information for advertising, market research, and to tailor Facebook pages to user needs. For this purpose, Facebook and its partners create usage, interest, and relationship profiles. z.B. to evaluate your use of our website in relation to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook. Cookies may also be placed on your device for this purpose... [truncated]

Extended matching

Advertisers can optionally enable the enhanced matching feature of the meta pixel by sending encrypted information such as email address or phone number to Facebook. Advertisers can send one or more of the following identifiers for matching: email address, phone number, first name, last name, city, state, zip code, date of birth, or gender.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Meta Platforms Inc. (1 Hacker Way, Menlo Park, California 94025, USA) and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Transfer to third countries

Personal data will be transferred to the USA. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. We have concluded standard contractual clauses with the data importer in accordance with Article 46(2)(c) of the GDPR. Furthermore, we are aware of our responsibility and, where necessary, will take additional measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

Cancellation

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://www.facebook.com/about/privacy

Further information about the Meta-Pixel can be found here: https://de-de.facebook.com/business/help/742478679120153?id=1205376682832142

Shopify International Ltd.

Description and purpose

We use the Shopify service on our website, provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and generates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment details, and other data related to the purchase (e.g., telephone number, sales volume, etc.). Shopify stores cookies in your browser for these analyses.

Legal basis

The legal basis for processing your personal data is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. Furthermore, processing also takes place on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f). Our overriding legitimate interest lies in the appealing and user-friendly presentation of content on our website.

Recipient

The recipient of your personal data is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Transfer to third countries

Your personal data will not be transferred to a third country. However, we are aware of our responsibility and regularly review the legal framework and any changes in regulations. Should a transfer to a third country occur, we will update this information as quickly as possible.

Duration of data storage

Cancellation

Options for objection

According to Article 21(1) of the GDPR, you have the right to object to the processing of your personal data at any time. If you exercise this right, processing for this purpose will no longer take place. You can find further information on this above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://www.shopify.com/de/legal/datenschutz

Description and purpose

Reddit is a social news aggregator, a website where registered users can post/offer content. Content can consist of either a link or a text post. Other users can rate the posts as positive or negative. The ratings indicate the post's position on the respective Reddit page and the homepage. This service is provided by Reddit, Inc., c/o Wired, 520 Third St., San Francisco, CA 94107.

Legal basis

The legal basis for the processing of personal data is consent pursuant to Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient is reddit, Inc., c/o Wired, 520 Third St., San Francisco, CA 94107.

Transfer to third countries

Data is transferred to the USA.

Duration of data storage

Right to object

You have the right to withdraw your consent to data processing at any time. A withdrawal of consent does not affect the lawfulness of data processing carried out in the past.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information via link

https://www.redditinc.com/policies/privacy-policy

SMS/WhatsApp

Description and scope of data processing

Users have the option to subscribe to the SMS newsletter via our online forms (sign-up forms). In doing so, we process the data you provide, in particular your mobile phone number, to send you information about promotions, special offers, and news.

We use the service provider Klaviyo, Inc., 125 Summer St, Boston, MA 02110, USA, for the collection, storage, and sending of SMS messages. Klaviyo processes the data required for sending SMS messages on our behalf. Further information can be found in Klaviyo's privacy policy. https://www.klaviyo.com/legal/privacy.

We will not share your mobile phone number or your SMS newsletter opt-in with third parties for their own advertising purposes. Data will only be shared with service providers involved in providing our messaging services (e.g., platform operators, mobile network operators).

Note regarding abandoned shopping carts:
If you use our website and add items to your shopping cart, we use cookies to recognize when a purchase is abandoned. In this case, we may send you reminders via SMS, provided you have consented to receiving such messages.

Purpose of data processing

Your mobile phone number will be processed solely for the purpose of sending you our SMS newsletter with information about offers, promotions and products.

Legal basis for data processing

The legal basis for sending SMS messages is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
If data relating to abandoned shopping carts is processed, this is done on the basis of Art. 6 para. 1 lit. f GDPR in conjunction with your consent to receive SMS messages.

Storage duration

Your data will be stored for SMS distribution as long as you are subscribed to the SMS newsletter. Once you withdraw your consent, we will delete your mobile phone number from the SMS distribution list. Further storage may occur if required by law.

Opportunity to object and have the matter rectified

You can withdraw your consent to receive SMS messages at any time with effect for the future. An informal email to [email address] is sufficient for this purpose. anfragen@disskin.com oder – if technically possible – by clicking on the unsubscribe link (the "STOP" response) included in the SMS. After unsubscribing, your data will no longer be used for sending SMS messages.

Hotjar

Description and purpose

We use Hotjar (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta) to better understand our users' needs and to optimize the experience and services offered on this website. Hotjar's technology helps us better understand our users' experiences (e.g., duration of stay on pages, links clicked, etc.), and this helps us tailor our offerings to user feedback. Hotjar uses cookies and other technologies to collect information about the behavior of our users and their devices, including the device's IP address (which is only collected and stored anonymously while using the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), and preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymous user profile.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Hotjar Ltd (Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta).

Transfer to third countries

By using this service, personal data may be transferred to a third country. In the event of such a transfer, the provider ensures the level of protection required by the GDPR by complying with Articles 44 et seq. of the GDPR. If no adequacy decision exists for the third country in which the data importer is located, the transfer will take place subject to appropriate safeguards. Please contact our data protection officer if you have any questions.

Duration of data storage

Cancellation

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here:

https://www.hotjar.com/legal/policies/privacy/

Pinterest Conversion

Description and purpose

Within our online services, we use the so-called "Pinterest Tag" from Pinterest Inc. for analysis, optimization, and the efficient operation of our online services. With the help of the Pinterest Tag, Pinterest can identify visitors to our online services as a target group for displaying advertisements (so-called "Pinterest Ads"). Accordingly, we use the Pinterest Tag to display the Pinterest Ads we place only to Pinterest users who have shown an interest in our online services or who possess certain characteristics (z.B. Interests in specific topics or products, determined based on the websites visited), which we transmit to Pinterest (so-called…“ActALike Audiences”). We also use the Pinterest tag to ensure that our Pinterest ads match users' potential interests and are not perceived as intrusive. Furthermore, the Pinterest tag allows us to track the effectiveness of Pinterest ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Pinterest ad (so-called “conversion”). The Pinterest tag is integrated directly by Pinterest when you visit our website and may place a so-called cookie on your device. d.h. We will save a small file. If you then log in to Pinterest or visit Pinterest while logged in, your visit to our website will be recorded in your profile. The data collected about you is anonymous to us and therefore does not allow us to draw any conclusions about the identity of the users. Pinterest processes the data in accordance with its data policy.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient is Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

Transfer to third countries

Personal data will be transferred to the USA. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. To this end, we have concluded legally approved contractual clauses, such as the standard contractual clauses approved by the European Commission, with the data importer, in accordance with Article 46(2)(c) of the GDPR. Furthermore, we are aware of our responsibility and, where necessary, will take additional measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

Cancellation

You have the right to withdraw your granted consent You may withdraw your consent at any time, cf. Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons, and will take effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal. You can find further information on this above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://policy.pinterest.com/en/privacy-policy

Web analytics service Matomo

Description and purpose

Our website uses Matomo (formerly Piwik), an open-source software for the statistical analysis of visitor access. Matomo is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo uses cookies, which are stored on your computer and enable an anonymized analysis of your website usage. It is generally not possible to identify a specific individual, as your IP address is anonymized immediately after processing and before storage. Matomo is used to improve the quality of our website and its content. This allows us to understand how the website is used and to continuously optimize our offerings. When individual pages of our website are accessed, the following data is stored: 1.The following data is collected: 1. Two bytes of the IP address of the user's system; 2. The requested webpage; 3. The website from which the user accessed the requested webpage (referrer); 4. The subpages accessed from the requested webpage; 5. The duration of the visit to the webpage; 6. The frequency of visits to the webpage. The software runs exclusively on our website's servers. Personal data is stored only there. Data is not shared with third parties. The software is configured so that IP addresses are not stored in full, but rather two bytes of the IP address are masked. This makes it impossible to trace the truncated IP address back to the requesting computer. Processing users' personal data allows us to analyze their browsing behavior.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Matomo, InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

Transfer to third countries

Duration of data storage

Right of withdrawal

You have the right to withdraw your granted consent You may withdraw your consent at any time, cf. Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons, and will take effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal. You can find further information on this above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here:

https://matomo.org/privacy-policy/

Cameleoon

Description and purpose

This website uses the Kameleoon service from Kameleoon GmbH to analyze website usage and optimize the user experience for all visitors. The Kameleoon service does not collect any personal data; it only processes data collected by Google Analytics.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Kameleoon GmbH, Beim Alten Ausbesserungswerk 4, 77654 Offenburg, Germany.

Transfer to third countries

Your personal data will not be transferred to a third country. However, we are aware of our responsibility and regularly review the framework conditions and legal changes.In the event of a transfer to a third country, we will update this information as quickly as possible.

Duration of data storage

Cancellation

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://www.kameleoon.com/de/datenschutz

Taboola

Description and purpose

We use the Taboola service on our website, which enables us to display personalized recommendations for content and advertisements based on browsing behavior and customer interests, thereby improving the user-friendliness of our website. The provider of this service is Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin, Germany. Usage profiles are created using pseudonyms; they are not merged with data about the holder of the pseudonym and do not allow any conclusions to be drawn about personal data. Taboola collects the following user information via cookies: the user's operating system, websites/content accessed on our website, referrer/link through which the user accessed our website, time and number of website visits, visits to error pages, location information (city and state), and IP addresses in abbreviated form.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin.

Transfer to third countries

Personal data will be transferred to Israel. An adequacy decision exists with this third country pursuant to Article 45(1) GDPR, which certifies a comparable and therefore adequate level of protection. Furthermore, in the event of a change in the legal situation, we will take further measures as quickly as possible to ensure the protection of personal data.

The personal data will also be transferred to the United States. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. We have concluded standard contractual clauses for data protection with the data importer pursuant to Article 46(2)(c). Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

According to Taboola's privacy policy, data is deleted 13 months after the user's last interaction: https://www.taboola.com/de/policies/datenschutzerklaerung#nutzer.

Cancellation

You have the right to withdraw your granted consent You may withdraw your consent at any time, cf. Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons, and will take effect for the future.Withdrawing your consent does not affect the lawfulness of processing carried out before the withdrawal. Further information can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here:

https://www.taboola.com/de/privacy-policy

Outbrain Target Advertisement

Description and purpose

Visitor pixels and cookies from Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011, USA, are used on this website for conversion tracking. This allows us to track user behavior after they have been redirected to the provider's website by clicking on an Outbrain ad. This process serves to evaluate the effectiveness of Outbrain ads for statistical and market research purposes and can help optimize future advertising campaigns. The data collected is anonymous to us and therefore does not allow us to draw any conclusions about the identity of the users.

Legal basis

The legal basis for the processing of personal data is consent pursuant to Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient is Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011, USA.

Transfer to third countries

Data is transferred to the USA.

Duration of data storage

Right to object

You have the right to withdraw your consent to data processing at any time. A withdrawal of consent does not affect the lawfulness of data processing carried out in the past.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information via link

For information on the purpose and scope of data collection and the further processing and use of data by Outbrain, as well as your related rights and settings options to protect your privacy, please refer to Outbrain's privacy policy:https://www.outbrain.com/legal/privacy#privacy-policy

Criteo SA

Description and purpose

We use the service Criteo SA on our website. Criteo SA is an international provider of performance marketing and personalized online advertising.
This service is used to display personalized advertisements to visitors based on their previous browsing behavior and interests. This service collects information about user behavior on the website via cookies, pixels, or similar tracking technologies. This data is processed and used in pseudonymized form to obtain a precise analysis of user behavior.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Criteo SA, 32 Rue Blanche, 75009 Paris, France.

Transfer to third countries

Your personal data will not be transferred to a third country.However, we are aware of our responsibility and regularly review the framework conditions and legal changes. In the event of a transfer to a third country, we will update this information as quickly as possible.

Duration of data storage

Cancellation

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on data protection at Criteo SA can be found here: https://www.criteo.com/de/privacy/

Adtriba (now Funnel BA)

Description and purpose

We use Adtriba's services on our website, but Adtriba is now part of Funnel AB. Funnel acquired Adtriba in June 2024, combining Adtriba's advanced marketing measurement technology with Funnel's marketing intelligence platform. This combination allows Funnel to offer its customers a more comprehensive solution for increasing the effectiveness of their marketing efforts across all channels.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Funnel AB, Klarabergsgatan 29, 111 21, Stockholm.

Transfer to third countries

Personal data may be transferred to the United States. This transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. To this end, we have concluded legally approved contractual clauses, such as the standard contractual clauses approved by the European Commission, with the data importer, in accordance with Article 46(2)(c) of the GDPR. Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons and ensure the protection of personal data.

Duration of data storage

Cancellation

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on data protection at Adtriba (Funnel) can be found here:

https://funnel.io/legal/adtriba/terms-and-conditions-german

https://funnel.io/privacy

insider

Description and purpose

We use the Insider service on our website. Insider is an omnichannel and customer engagement platform that helps companies create and automate personalized marketing campaigns across various communication channels. This service collects, analyzes, and uses data from website and app users to enable personalized customer experiences and targeted marketing measures. User data from various sources can be combined to create a unified, cross-channel customer profile.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Insider, 1 Scotts Road #24-10 Shaw Centre, Singapore (2282208).

Transfer to third countries

Duration of data storage

Cancellation

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on data protection at Insider can be found here:

https://useinsider.com/privacy-policy-for-roundtables/?utm_source=chatgpt.com#privacy-policy

TVSquared/ Innovid

Description and purpose

We use the TVSquared service, which belongs to Innovid, on our website. Innovid supports us with advertising, personalization, and measurement in the area of Connected TV (CTV). Through a global infrastructure that enables data-driven personalization, real-time decisions, scaled ad delivery, and accredited measurement, Innovid offers its customers and partners optimized solutions that maximize the value of advertising investments across screens and devices.

Legal basis

The legal basis for processing your personal data is Article 6(1)(a) GDPR.

Recipient

The recipients of your personal data are TV Squared Limited, Fifth Floor 1 Exchange Crescent, Conference Square, Edinburgh EH3 8UL and Innovid LLC 30 Irving Place, 12th Floor, New York, NY 10003.

Transfer to third countries

Duration of data storage

Cancellation

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on data protection at TVSquared and Innovid can be found here:

https://1-demo-clients.tvsquared.com/u/tcs/read#%2F

https://www.innovid.com/privacy-policy

Applications (training) & Job offers)

By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy. The legal basis for the processing of applicant data is Article 88 GDPR, Section 26 BDSG-neu (German Federal Data Protection Act) and Article 9(2)(b) GDPR. If special categories of personal data within the meaning of Article 9(1) GDPR are voluntarily disclosed during the application process, their processing is additionally based on Article 9(2)(b) GDPR.z.B. Health data, such as z.B. Severe disability or ethnic origin). Insofar as special categories of personal data within the meaning of Article 9(1) GDPR are requested from applicants during the application process, their processing is additionally carried out in accordance with Article 9(2)(a) GDPR (z.B. Health data (if required for the performance of the job) will be processed. If provided, applicants can submit their applications to us via an online form on our website. This online form is provided by Personio and integrated into our website. We have a data processing agreement with Personio in accordance with Article 28 of the GDPR.

The data is transmitted to us using state-of-the-art encryption. Applicants can also submit their applications via email. However, please note that emails are generally not encrypted, and applicants are responsible for ensuring encryption themselves. Therefore, we cannot assume responsibility for the security of the application during transmission between the sender and our server and recommend using an online form or sending it by post.Instead of applying via the online form and email, applicants still have the option of sending their application by post. If an application is successful, the data provided by the applicant may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicant's data will be deleted. Applicant data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion takes place after a period of six months so that we can answer any follow-up questions regarding the application and comply with our obligations under the General Equal Treatment Act. Invoices for any travel expense reimbursements will be archived in accordance with tax regulations.

Data recipient

To the extent permitted or required by law, or to the extent you have given your consent, we also share your personal data with other recipients who provide services for us. We limit the transfer of your personal data to what is necessary. In some cases, our service providers receive your personal data as data processors and are then strictly bound by our instructions when handling your personal data (data processing agreement pursuant to Art. 28 GDPR). In other cases, the recipients act independently with the data we transfer to them. The following categories of service providers/recipients may receive your data:

Providers of email marketing via newsletters
Hosting service providers for the operation of our servers
Service providers in the field of applications to support the selection of applicants
Service provider for development work, including programming, development, maintenance and support of software applications
Postal service providers
External legal advice
Marketing agencies/ website maintenance
Other IT service providers (e.g., system houses)
Other services and tools

The service providers we commission must meet strict confidentiality requirements. They only receive the necessary access to your data to fulfill their assigned tasks.

In case of suspected criminal activity, data may be passed on to law enforcement authorities.

Security

We have extensive technical and operational protective measures We have implemented measures to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological advancements. Furthermore, we continuously ensure data protection through ongoing auditing and optimization of our data protection organization.