Privacy Policy

Table of contents 

1. Introduction 

1.1 Contact details 

1.2 Scope of data processing, processing purposes and legal bases 

1.3 Data processing outside the EEA 

1.4 Storage duration 

1.5 Rights of those affected 

1.6 Obligation to provide data 

1.7 No automated decision-making in individual cases 1.8 Contacting us 

1.9 Competitions 

1.10 Customer surveys 

2. Newsletter 

3. Data processing on our website 

3.1 Note for website visitors from Germany 

3.2 Informational use of the website 

3.3 Web hosting and provision of the website 

3.4 Contact form 

3.5 Job advertisements 

3.6 Customer account 

3.7 Single Sign-On 

3.8 Offer of goods 

3.9 Payment service providers 

3.10 Technically necessary cookies 

3.11 Third-party providers 

3.11.1 Trustpilot 

3.11.2 Mable.ai 

3.11.3 Convert 

3.11.4 Matrixify 

3.11.5 Google Analytics 

3.11.6 Google Tag Manager 

3.11.7 Facebook Custom Audiences 

3.11.8 Klaviyo (webforms) 

3.11.9 Google Conversion Tag 

3.11.10 Facebook Conversion API 

3.11.11 Microsoft Advertising (Bing Ads) 

3.11.12 Typeform 

11/3/13 Pinterest Conversion Day 

3.11.14 Lucky Orange 

3.11.15 Gorgias Chat Widget 

3.11.16 Stripe 

3.11.17 Transcy 

3.11.18 heyData 

3.11.19 Amb Tu, S.L.

4. Data processing on social media platforms 4.1 Facebook 

4.2 Instagram 

4.3 TikTok 

4.4 Pinterest 

4.5 YouTube 

4.6 X (formerly Twitter) 

4.7 LinkedIn 

5. Changes to this Privacy Policy

6. Questions and comments 

________________________

1. Introduction 

Below we provide information about the processing of personal data when using [this service/service]. 

our website https://mybacs.com / https://mybacs.it / https://mybacs.ch https://mybacs.es/ 

and our social media profiles. 

Personal data is any data that relates to a specific natural person, e.g. their name or IP address. 

1.1 Contact details 

The data controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is mybacs Vertriebs GmbH, Infanteriestraße No. 11a, House E, Munich, Germany, email: info@mybacs.com. GeseWe will be represented by Carl-Philipp von Polheim. 

Our data protection officer can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu , email: datenschutz@heydata.eu erremebar. 

1.2 Scope of data processing, 

Processing purposes and legal bases 

The scope of data processing, processing purposes, and legal bases are explained in detail below. The following are generally possible legal bases for data processing: 

Article 6 paragraph 1 sentence 1 letter a GDPR serves as our legal basis for Processing operations for which we obtain consent. 

Article 6 paragraph 1 sentence 1 letter b GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, z.B. This legal basis applies when a website visitor purchases a product from us or we perform a service for them. It also applies to processing necessary for pre-contractual measures, such as inquiries about our products or services. 

Article 6 paragraph 1 sentence 1 letter c GDPR applies if we fulfill a legal obligation by processing personal data, as is the case z.B. This can be the case in tax law. 

Article 6 paragraph 1 sentence 1 letter f GDPR serves as the legal basis when we can rely on legitimate interests for the processing of personal data, z.B. for cookies that are necessary for the technical operation of our website. 

1.3 Data processing outside the EEA 

Insofar as we transfer data to service providers or other third parties outside the EEA, adequacy decisions of the EU Commission pursuant to Art. 45 para. 3 GDPR guarantee the security of the data during the transfer, insofar as these exist, as is the case here. z.B. This is the case for Great Britain, Canada and Israel. 

When data is transferred to service providers in the USA, the legal basis for the data transfer is an adequacy decision by the EU Commission if the service provider has additionally certified itself under the EU US Data Privacy Framework. 

In other cases (z.B. (If no adequacy decision exists), the legal basis for data transfers is generally standard contractual clauses, unless we provide otherwise. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Article 46(2)(b) GDPR, they guarantee the security of data transfers. Many providers have issued additional contractual guarantees beyond the standard contractual clauses, which protect the data beyond the scope of these clauses. z.B. Guarantees regarding the encryption of data or regarding a third party's obligation to notify affected parties if law enforcement agencies wish to access data. 

1.4 Storage duration 

Unless expressly stated otherwise in this privacy policy, the data we store will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. d.h. The data will be blocked and not processed for other purposes. This applies z.B. for data that we are required to retain for commercial or tax reasons. 

1.5 Rights of those affected 

Data subjects have the following rights with regard to their personal data: 

Right to information, 

Right to rectification or erasure, 

Right to restriction of processing, 

Right to object to processing, 

Right to data portability, 

Right to withdraw consent at any time. 

Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact details for the data protection supervisory authorities can be found at [link to data protection supervisory authority contact details]. 

https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html available. 

1.6 Obligation to provide data 

Customers, prospective customers, or third parties are only required to provide us with the personal data necessary for establishing, executing, and terminating the business relationship or other relationship, or which we are legally obligated to collect. Without this data, we will generally have to refuse to enter into a contract or provide a service, or we may no longer be able to perform an existing contract or other relationship. 

Mandatory fields are marked as such. 

1.7 No automatic decision-making in individual cases 

We generally do not use fully automated processes for establishing and maintaining a business relationship or other relationship. 

Decision-making in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately, provided this is legally required. 

1.8 Making contact 

When contacting us, z.B. via email or telephone, the data you provide to us (z.B. We store your name and email address in order to answer your questions. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries addressed to us. We delete the data collected in this context. after storage is no longer necessary, or restrict processing if there are legal retention obligations. 

1.9 Competitions 

Occasionally, we offer prize draws via our website or other means. We process the data requested in these draws to determine and notify the winners. Afterwards, we delete the data. We may also offer prize draws exclusively to existing customers. In this case, we only process the name to determine the winners and the contact details to notify them. It is in our legitimate interest to offer prize draws for customer acquisition or to interact with our existing customers. The legal basis for this data processing is Article 6(1)(f) GDPR. 

1.10 Customer surveys 

From time to time, we conduct customer surveys to better understand our customers and their needs. In doing so, we collect the data requested. It is in our legitimate interest to better understand our customers and their needs, so the legal basis for the associated data processing is Article 6(1)(f) GDPR.The legal basis for this is Article 6(1)(f) GDPR. We will delete the data once the survey results have been evaluated. 

2. Newsletter 

We reserve the right to inform customers who have already used our services or purchased goods about our offers from time to time via email or other means, unless they have objected to this. The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in direct marketing (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time without additional costs, for example, via the link at the end of each email or by sending an email to our email address provided above. 

Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration solely for sending the newsletter. Registration is completed by selecting the corresponding field on our website, by ticking the corresponding box in a paper document, or by another unambiguous action, thereby declaring the interested parties' consent to the processing of their data. The legal basis for this processing is Article 6(1)(a) GDPR. This consent can be withdrawn at any time. z.B. by clicking the relevant link in the newsletter or by notifying our above The specified email address. The processing of data remains lawful even in the event of a withdrawal of consent. 

Based on the consent of the recipients (Art. 6 para. 1 sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients. 

We send SMS newsletters using the Klaviyo tool from the provider Klaviyo, Inc., 125 Summer St, Floor 6 Boston, MA 02111, USA. The provider processes content, usage, meta/communication data and contact data. in the USA. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.klaviyo.com/privacy/policy available. 

We send newsletters using the Shopify tool provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. This provider processes content, usage, meta/communication data, and contact data within the EU. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.shopify.com/legal/privacy available. 

3. Data processing on our website 

3.1 Note for website visitors from Germany 

Our website stores information in the end device of website visitors (z.B. cookies) or accesses information already stored in the end device (z.B. IP addresses). The specific details of this information can be found in the following sections. 

This storage and access is based on the following provisions: 

Insofar as this storage or access is absolutely necessary for us to provide the service on our website that is expressly requested by website visitors (z.B. (for the purpose of operating a chatbot used by website visitors or ensuring the IT security of our website), it is carried out on the basis of Section 25 Paragraph 2 No. 2 of the Telecommunications Digital Services Data Protection Act (TDDDG). 

Furthermore, this storage or access is based on the consent of the website visitors (§ 25 para. 1 TDDDG). 

Subsequent data processing takes place in accordance with the following sections and on the basis of the provisions of the GDPR. 

3.2 Informational use of the website 

When you use our website for informational purposes only, i.e., when visitors do not separately provide us with information, we collect the personal data that your browser transmits to our server in order to ensure the stability and security of our website. This constitutes our legitimate interest, and the legal basis for this processing is Article 6(1)(f) GDPR. 

This data is: 

IP address 

Date and time of the request 

Time zone difference to Greenwich Mean Time (GMT) 

Content of the request (specific page) 

Access status/HTTP status code 

each data volume transferred 

Website from which the request originates 

browser 

Operating system and its interface 

Language and version of the browser software. 

This data is also stored in log files. It is deleted when its storage is no longer necessary, at the latest after 14 days. 

3.3 Web hosting and provision of the website 

Our website is hosted by Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes the personal data transmitted via the website. z.B. Content, usage, meta/communication data, or contact data within the EU. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.shopify.de/legal/datenschutz. 

It is in our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. 

We use the Cloudflare Content Delivery Network for our website. The provider is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. The provider processes the personal data transmitted via the website. z.B. Content, usage, meta/communication, or contact data is stored in the USA. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.cloudflare.com/de-de/privacypolicy/ . 

We have a legitimate interest in utilizing sufficient storage and delivery capacities to ensure optimal data throughput even during peak loads. The legal basis for the described data processing is therefore Article 6(1)(f) GDPR. 

The legal basis for transferring data to a country outside the EEA is an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, in an adequacy decision pursuant to Article 45(3) GDPR, has decided that the third country offers an adequate level of protection. 

We use the Content Delivery Network Shopify for our website.The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes the personal data transmitted via the website. z.B. Content, usage, meta/communication, or contact data is stored in the USA. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.shopify.de/legal/datenschutz. 

We have a legitimate interest in utilizing sufficient storage and delivery capacities to ensure optimal data throughput even during peak loads. The legal basis for the described data processing is therefore Article 6(1)(f) GDPR. 

The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the review procedure pursuant to Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed upon with the provider. 

3.4 Contact form 

When you contact us via the contact form on our website, we store the data requested there and the content of your message. The legal basis for this processing is our legitimate interest in responding to inquiries addressed to us. Therefore, the legal basis for this processing is Article 6(1)(f) GDPR. We delete the data collected in this context once storage is no longer necessary, or restrict processing if there are statutory retention obligations. 

3.5 Job advertisements 

We publish job postings on our website, on pages linked to the website, or on websites of Dritten.Die The data provided during the application process is processed for the purpose of carrying out the application procedure. Insofar as this data is necessary for our decision to establish an employment relationship, the legal basis is Article 88 Paragraph 1 GDPR in conjunction with Section 26 Paragraph 1 BDSG (German Federal Data Protection Act). We have marked or indicated the data required for the application procedure accordingly. If applicants do not provide this data, we cannot process their application. bearbeiten.Weitere Providing data is voluntary and not required for an application. If applicants provide further information, this is based on their consent (Art. 6 para. 1 sentence 1 lit. a GDPR). 

We ask applicants to refrain from including information about political opinions, religious beliefs, and similarly sensitive data in their CV and cover letter. This information is not required for an application. If applicants nevertheless include such information, we cannot prevent its processing within the context of processing the CV or cover letter. In this case, such processing is based on the applicant's consent (Art. 9 para. 2 lit. a GDPR). 

Finally, we process applicants' data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Article 6(1)(a) GDPR. 

We pass on the applicants' data to the responsible employees in the human resources department, to our data processors in the field of recruiting and to other employees involved in the application process. 

If we, following the application process, Once an employment relationship has been established with the applicant, we will only delete the data after the employment relationship has ended.Otherwise, we will delete the data no later than six months after rejecting an applicant. 

If applicants have given us their consent to use their data for further application processes, we will only delete their data one year after receiving the application. 

3.6 Customer account 

Visitors to our website can create a customer account. We process the data requested in this context to fulfill the respective user agreement concluded for the account, so the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR. 

3.7 Single Sign-On 

Users can log in to our website using one or more single sign-on methods. They use login credentials already created for a specific provider. This requires that the user is already registered with the respective provider. When a user logs in using single sign-on... 

When a user logs in to our website, we receive information from the provider that the user is logged in to their service, and the provider receives information that the user is using the single sign-on procedure on our website. Depending on the user's account settings on the provider's website, the provider may also provide us with additional information. The legal basis for this processing is Article 6(1)(f) GDPR. We have a legitimate interest in providing users with a simple login option. At the same time, the users' interests are protected, as participation is entirely voluntary. 

The providers of the offered procedure(s) are: 

Apple Inc., Infinite Loop, Cupertino, CA 95014, USA (Privacy Policy: https://www.apple.com/legal/privacy/de-ww/) 

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Privacy Policy: https://policies.google.com/privacy) 

3.8 Offer of goods 

We offer goods via our website. In connection with the order process, we process the following data: 

• Name 

• Address 

• (Billing address) 

• if different) 

• email address 

• Phone number (optional) 

• Payment method 

The data is processed for the purpose of fulfilling the contract concluded with the respective website visitor (Art. 6 para. 1 sentence 1 lit. b GDPR). 

We will forward the aforementioned data to the following service providers, insofar as this is necessary for processing the order: 

Hive Technologies GmbH, Rosenstraße 16-17, 10178 Berlin 

DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg

DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn

General Logistics Systems (GLS) Spain S.A. , C/Ingeniero Torres Quevedo, 1, 28022 Madrid, Spain

General Logistics Systems (GLS) Germany GmbH & Co.OHG, GLS Germany Straße 1-7, 36286 Neuenstein, Germany

Swiss Post Ltd (Die Schweizerische Post AG), Wankdorfallee 4, 3030 Bern, Switzerland

Deutschland exporto GmbH, Schornsteinfegerstrasse 10, 78467 Konstanz, Germany 

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as it is necessary for the performance of the contract. 

3.9 Payment service providers 

We use payment processors to process payments; these processors are themselves data controllers within the meaning of Article 4 No. 7 GDPR. Insofar as they receive data and payment information entered by us during the ordering process, we thereby fulfill the contract concluded with our customers (Article 6 Paragraph 1 Sentence 1 Letter b GDPR). 

These payment service providers are: 

American Express Europe S.A. 

Apple Inc., USA (for Apple Pay) 

giropay GmbH 

Google Ireland Limited, Ireland (for Google Pay) 

Klarna Bank AB (publ), Sweden (for "Klarna on Account") 

Klarna Bank AB (publ), Sweden (for "Klarna Sofort") 

Mastercard Europe SA, Belgium 

Mollie BV, Netherlands 

PayPal (Europe) S.à r.l. et Cie, S.C.A. , Luxembourg 

Shopify Inc., Canada (for Shop Pay) 

Stripe Payments Europe, Ltd., Ireland 

Visa Europe Services Inc., Great Britain 

3.10 Technically necessary cookies 

Our website uses cookies. Cookies are small text files that are stored in the web browser on the device of a website visitor. Cookies help to make our website more user-friendly, effective, and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter referred to as "Technically Necessary Cookies"), the legal basis for the associated data processing is Article 6(1)(f) GDPR. We have a legitimate interest in providing customers and other website visitors with a functional website. We specifically use technically necessary cookies for the following purposes: 

• Cookies that save the shopping cart 

• Cookies that store login data 

• Cookies that remember search terms 

• Cookies that remember language preferences 

• Cookies that payment providers set for payment processing and do not analyze user behavior 

3.11 Third-party providers 

3.11.1 Trustpilot 

We use Trustpilot for customer reviews. The provider is Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K, Denmark. The provider processes meta/communication data (z.B. Device information, IP addresses), usage data (z.B. websites visited, interest in content, access times) in the EU. The legal basis for the processing is Article 6(1)(f) GDPR. We have a legitimate interest in receiving feedback on our services through customer reviews. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://de.legal.trustpilot.com/for businesses/business-privacy-policy available. 

3.11.2 Mable.ai 

We set Mable.ai for conversion tracking. The provider is Mable GmbH, Bahnhofplatz 12, 76137 Karlsruhe. The provider processes meta/communication data (z.B. Device information, IP addresses), usage data (z.B. websites visited, interest in content, access times) in the EU. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal.  The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://de.mable.ai/privacy available. 

3.11.3 Convert 

We use Convert for A/B testing. The provider is Convert Insights Inc., 2093 PHILADELPHIA PIKE #9985, CLAYMONT, DE 19703, USA. The provider processes meta/communication data (z.B. Device information, IP addresses), usage data (z.B. websites visited, interest in content, access times) in the EU. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.convert.com/privacy notice/ available. 

3.11.4 Matrixify 

We use Matrixify to operate an online shop and to extract data. The provider is ITissible, SIA, Kuģu iela 28-5, Riga, LV-1048, Latvia. The provider processes usage data (z.B. visited websites, interest in content, access times), meta/communication data (z.B. Device information, IP addresses), content data (z.B. Entries in online forms) in the EU. The legal basis for the processing is Article 6(1)(f) GDPR. We have a legitimate interest in importing our customer data in the simplest way possible. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://matrixify.app/privacy-notice/ available. 

3.11.5 Google Analytics 

We use Google Analytics for analysis. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The provider processes meta/communication data (z.B. Device information, IP addresses), Usage data (z.B. (websites visited, interest in content, access times) in the USA. The legal basis for the processing is Article 6(1)(a) GDPR. The processing is based on consent.Those affected can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on the legal basis of an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision, has already assessed the data's compliance with the law. has decided, by adequacy decision pursuant to Art. 45 para. 3 GDPR, that the third country offers an adequate level of protection. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://business.safety.google/privacy/ available. 

3.11.6 Google Tag Manager 

We use Google Tag Manager for advertising and analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (z.B. (websites visited, interest in content, access times) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on the legal basis of an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision, has already assessed the data's compliance with the law. has decided, by adequacy decision pursuant to Art. 45 para. 3 GDPR, that the third country offers an adequate level of protection. We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://business.safety.google/privacy/ available. 

3.11.7 Facebook Custom Audiences 

We use Facebook Custom Audiences for advertising. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (z.B. (websites visited, interest in content, access times) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent. You can withdraw your consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on the legal basis of an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision, has already assessed the data's compliance with the law. has decided, by adequacy decision pursuant to Art. 45 para. 3 GDPR, that the third country offers an adequate level of protection. We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.facebook.com/policy.php available. 

3.11.8 Klaviyo (webforms) 

We use Klaviyo (webforms) for questionnaires and forms for email marketing. The provider is Klaviyo, Inc., 125 Summer St, Floor 6 Boston, MA 02111, USA. The provider processes contact data (z.B. Email addresses, telephone numbers), meta/communication data (z.B. Device information, IP addresses) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the review procedure pursuant to Article 93(2) GDPR (Article 46(2)(c) GDPR), which we have agreed upon with the provider. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.klaviyo.com/privacy/policy available. 

3.11.9 Google Conversion Tag 

We use Google Conversion Tag for conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (z.B. (websites visited, interest in content, access times) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on the legal basis of an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision, has already assessed the data's compliance with the law. has decided, by adequacy decision pursuant to Art. 45 para. 3 GDPR, that the third country offers an adequate level of protection. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://business.safety.google/privacy/ available. 

3.11.10 Facebook Conversion API 

We use the Facebook Conversion API for analysis. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes meta/communication data (z.B. Device information, IP addresses), usage data (z.B. (websites visited, interest in content, access times) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission has issued an adequacy decision within the framework of an adequacy decision.nadequacy decision in accordance with Art. 45 para.Article 3 of the GDPR has decided that the third country offers an adequate level of protection. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.facebook.com/policy.php available. 

3.11.11 Microsoft Advertising (Bing Ads) 

We use Microsoft Advertising (Bing Ads) for conversion tracking and analysis. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The provider processes meta/communication data (z.B. Device information, IP addresses), usage data (z.B. (websites visited, interest in content, access times) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on the legal basis of an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision, has already assessed the data's compliance with the law. has decided, by adequacy decision pursuant to Art. 45 para. 3 GDPR, that the third country offers an adequate level of protection. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://privacy.microsoft.com/de available at de/privacystatement. 

3.11.12 Typeform 

We use Typeform for questionnaires and forms. The provider is Typeform. S.L. , C/ Can Rabia 3-5, 4th floor, 08017 – Barcelona, ​​Spain. The provider processes meta/communication data (z.B. Device information, IP addresses), content data (z.B. Entries in online forms) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the review procedure pursuant to Article 93(2) GDPR (Article 46(2)(c) GDPR), which we have agreed upon with the provider. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://admin.typeform.com/to/dwk6gt available. 

11/3/13 Pinterest Conversion Day 

We use the Pinterest Conversion Tag for conversion tracking. The provider is Pinterest Inc., 505 Brannan Street, San Francisco, CA 94107, USA.The provider processes contact data (z.B. Email addresses, telephone numbers), meta/communication data (z.B. Device information, IP addresses), usage data (z.B. (websites visited, interest in content, access times) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the review procedure pursuant to Article 93(2) GDPR (Article 46(2)(c) GDPR), which we have agreed upon with the provider. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://policy.pinterest.com/de/privacy policy#section-residents-of-the-eea available. 

3.11.14 Lucky Orange 

We use Lucky Orange as a live chat tool for analytics. The provider is Lucky Orange LLC, 8680 W. 96th Street, Suite 200, Overland Park, KS 66212, USA. The provider processes content data (z.B. Entries in online forms), meta/communication data (z.B. Device information, IP addresses), usage data (z.B. (websites visited, interest in content, access times) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on the legal basis of an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision, has already assessed the data's compliance with the law. has decided, by adequacy decision pursuant to Art. 45 para. 3 GDPR, that the third country offers an adequate level of protection. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://classic.luckyorange.com/privacy.php available. 

3.11.15 Gorgias Chat Widget 

We use the Gorgias Chat Widget as a live chat. The provider is Gorgias, Inc., 34 Harriet St, 94103 San Francisco, USA. The provider processes Meta/communication data (z.B. Device information, IP addresses), content data (z.B. Entries in online forms) in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on legal grounds. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://www.gorgias.com/privacy available. 

3.11.16 Stripe 

We use Stripe for payments. The provider is Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. The provider processes master data (z.B. Names, addresses), payment details (z.B. Bank details, invoices, payment history) in the USA. The legal basis for this processing is Article 6(1)(b) GDPR. The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract. The transfer of personal data to a country outside the EEA is based on the legal basis of an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision, has already assessed the data's compliance with the law. has decided, by adequacy decision pursuant to Art. 45 para. 3 GDPR, that the third country offers an adequate level of protection. We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://stripe.com/de/privacy#translation available. 

3.11.17 Transcy 

We use Transcy for maintaining an online shop, for translations, and for location tracking. The provider is FireGroup JSC, 22nd Floor, Flemington Tower, 182 Le Dai Hanh Street, Ward 15, District 11, Ho Chi Minh City, Vietnam. The provider processes meta/communication data (z.B. Device information, IP addresses), usage data (z.B. websites visited, interest in content, access times), location data in the USA. The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us. z.B. Please contact us using the contact details provided in our privacy policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the review procedure pursuant to Article 93(2) GDPR (Article 46(2)(c) GDPR), which we have agreed upon with the provider. The data will be deleted when the purpose for its collection no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://transcy.io/privacy-policy/ available. 

3.11.18 heyData 

We have integrated a data protection seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (z.B. IP addresses) in the EU. The legal basis for this processing is Article 6(1)(f) GDPR. We have a legitimate interest in providing website visitors with confirmation of our data protection compliance. At the same time, the provider has a legitimate interest in ensuring that only customers with existing contracts use its seals, which is why a mere image copy of the certificate is not a viable alternative for confirmation. The data is masked after collection to prevent any personal identification. Further information can be found in the provider's privacy policy at [link to privacy policy]. https://heydata.eu/datenschutzerklaerung available. 

3.11.19 Amb Tu, S.L.

We set Amb Tu, S.L. for omnichannel customer interaction handling (processing customer interactions across all channels), quality control, reporting, and service analysis. The provider is Amb Tu. S.L. , Carrer Callaueta 8 - 1r 2a, AD500 Andorra la Vella, NRT L-721004-H. The provider processes (for illustrative purposes only): identification and contact data, interaction metadata, communication content (e.g., voice recordings/emails/chats), and service and ticket data of our customers/users or prospective customers. Special categories of personal data are not processed unless explicitly documented. Processing takes place in Andorra or the EEA.

The legal basis for the processing is Article 28 GDPR. i.V.m. Our data processing agreement ensures the security of data transferred to the third country (Andorra). The EU Commission has determined, through an adequacy decision pursuant to Article 45(3) GDPR, that the third country provides an adequate level of protection. The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. The provider's privacy policy can be found here: https://ambtu.coop/en/privacy-policy/.

4. Data processing on social media platforms 

We are present on social media networks to introduce our organization and services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles based on online behavior, which are used, for example, to display advertising on the networks' pages and elsewhere on the internet that matches the users' interests. To do this, the network operators store information about usage behavior in cookies on users' computers. It is also possible that the operators combine this information with other data. Further information and instructions on how users can object to data processing by the network operators can be found in the respective operators' privacy policies listed below. It is also possible that the operators or their servers are located in non-EU countries, meaning they process data there. This may pose risks for users. z.B. because the enforcement of their rights is made more difficult or government agencies gain access to the data. 

When users of these networks contact us via our profiles, we process the data they provide in order to answer their inquiries. This constitutes our legitimate interest, and the legal basis for this processing is Article 6(1)(f) GDPR. 

 

4.1 Facebook 

We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here: https://www.facebook.com/policy.php. One way to object to data processing is via the settings for advertisements: https://www.facebook.com/settings? tab=ads.Wir Based on an agreement, we are jointly responsible with Facebook for the processing of the data of visitors to our profile within the meaning of Art. 26 GDPR.Facebook explains exactly which data is processed at 

https://www.facebook.com/legal/terms/information_about_page_insights_data. Those affected can assert their rights against both us and Facebook. However, according to our agreement with Facebook, we are obligated to forward inquiries to Facebook. Therefore, those affected will receive a faster response if they contact Facebook directly. 

4.2 Instagram 

We maintain a profile on Instagram. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here: 

https://help.instagram.com/519522125107875 . 

4.3 TikTok 

We maintain a profile on TikTok. The operator is TikTok Technology Limited, whose registered office is at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The privacy policy can be found here: https://www.tiktok.com/de/privacy-policy . 

4.4 Pinterest 

We maintain a profile on Pinterest. The operator is Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. The privacy policy can be found here: https://about.pinterest.com/de/privacy-policy. One way to object to data processing is via the ad settings: https://about.pinterest.com/de/privacy-policy . 

4.5 YouTube

We maintain a profile on YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy can be found here: https://policies.google.com/privacy?hl=de . 

4.6 X (formerly Twitter) 

We maintain a profile on X. The operator is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy can be found here: https://twitter.com/de/privacy. One way to object to data processing is via the ad settings: https://twitter.com/personalization . 

4.7 LinkedIn 

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy can be found here: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE. One way to object to data processing is via the ad settings: https://www.linkedin.com/psettings/guest controls/retargeting-opt-out . 

5. Changes to this 

Privacy Policy 

We reserve the right to amend this privacy policy with effect for the future. The current version is always available here. 

6. Questions and comments 

For questions or comments regarding this privacy policy, please feel free to contact us using the contact details provided above. 

 

As of November 2025