Security measures
We use state-of-the-art organisational, contractual and technical security measures to ensure compliance with data protection laws and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security measures include in particular the encrypted transmission of data between your browser and our server.
Disclosure of data to third parties and third-party providers
A transfer of data to third parties will only be within the scope of legal requirements. We will only disclose users data to third parties if, for example, is required for contractual purposes based on Art. 6 Para. 1 lit. b) GDPR or based on legitimate interests for the economical and effective operation of our business operations in accordance with Art. 6 para. 1 lit. f GDPR. Insofar provided we commission third parties to process data based on so-called "standard contractual clauses", this is done based on Art. 28 GDPR. If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organisational measures to protect personal data in accordance with the applicable laws. If the content, tools or other media from other providers (collectively referred to as "third party providers") are used in the context of this privacy policy and their registered office is located in a third country, it can be assumed that data will be transferred to the states of residence of the third party providers. Third countries are countries in which the GDPR is not a directly applicable law, i. e. generally countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either when an adequate level of data protection, user consent or other legal authorisation given.
Providing contractual services
We process inventory data (for example, names and addresses as well as contact details of users), contract data (for example, services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Para. 1 lit. b GDPR. Users can optionally create a user account, where in particular they are able to view their orders. As part of the registration, the required mandatory information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with respect to the user account, subject to the necessary retention of this data for commercial or fiscal reasons in accordance with Art. 6 Para. 1 lit. c GDPR. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract. As part of the registration and further log-ins as well as for the use of our online services, the IP address and the time of the respective user action will be saved. This data storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorised use. A transfer of this data to third parties does not take place, unless it is necessary for pursuing of our claims or there is a legal obligation in accordance with. Art. 6 Para 1 lit. c GDPR. We process usage data (e.g., the visited websites of our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile to inform the user e.g. to display product instructions based on their previously used services.
Contacting us
When contacting us (via contact form or email), the information provided by the user for processing the contact request and its processing is processed acc. Art. 6 Para. 1 lit. b GDPR. Users' information can be stored in our Customer Relationship Management System ("CRM System") or comparable request organisation (Lead Management). We use the CRM-System “HubSpot“, provided by HubSpot, Inc. HubSpot Headquarters (Cambridge, MA) 25 First St., 2nd floor Cambridge, Massachusetts 02141, USA) based on our legitimate interests (efficient and fast processing of user requests). For this purpose, we have concluded an order processing contract with HubSpot with so-called standard contractual clauses, in which HubSpot commits itself to processing user data only in accordance with our instructions and compliance with the EU data protection standard. HubSpot is also certified under the Privacy Shield Agreement, providing an additional guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG).
Comments and posts
If users leave comments or other posts, their IP addresses are saved based on our legitimate interests within the meaning of Art. 6 Para. 1 lit. f GDPR. This is for our safety, should someone post illegal content in comments and posts (abusive language, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and therefore have interest in the identity of the author.
Collection of access data and logfiles
Based on our legitimate interests within the meaning of Art. 6 Para. 1 lit. f GDPR Data on every access to the server is collected on which this service is located (so-called server log files). The access data includes name of the retrieved website, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 42 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the deletion until final clarification of the incident.
Cookies & reach measurment
Cookies are information transmitted by our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage. We use "session cookies", which are only stored for the duration of the current visit on our online presence (for example, to enable the storage of your login status or the shopping cart function and thus the actual use of our online offer). In a session cookie, a randomly generated unique identification number is saved, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies cannot save any other data. Session cookies will be deleted if you have finished using our online offer and you e.g. log out or close the browser. Users are informed about the use of cookies in the context of pseudonymous range measurement informs in context of this privacy policy. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer. You may object to the use of cookies for tracking and promotional purposes through the Network Advertising Initiative's opt-out page (http://optout.networkadvertising.org) and, in addition, the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices).
Hubspot
We use Hub Spot, a platform for inbound marketing and sales, based on our legitimate interests (i.e., interest in the analysis, optimisation, and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f GDPR). Hubspot uses cookies. The information generated by the cookie about the users' use of the online offer is usually transmitted to and stored by a Hubspot server in the United States. Hubspot is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active
Hubspot will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offering and to provide us with additional services related to the use of this online offer and internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data. We only use Hubspot with activated IP anonymisation. This means that the users IP address will be shortened by Hubspot within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Hubspot server in the USA and shortened there. The IP address provided by the user's browser will not be merged with other Hubspot data. Users can prevent the storage of cookies by setting their browser software accordingly.
For more information about Hubspot data usage, settings and opt-out options, visit the Hubspot Website: https://legal.hubspot.com/privacy-policy
Google Re/Marketing Services
Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f GDPR) we use the marketing and remarketing services (in short "Google Marketing Services ") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“). Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google Marketing Services allows us to better present targeted advertisements for and on our website so that we only present advertisements to users that are potentially in their interests. For example, if a user sees ads for products he's been interested in on other websites, they are referred to as remarketing. For these purposes, when accessing our and other websites on which Google Marketing Services are directly active, a code will be executed by Google and so-called (re) marketing tags (invisible graphics or code, also called "Web Beacons ") will be incorporated into the website. With their help an individual cookie, that is a small file, will be stored on the users’ device (instead of cookies, similar technologies can be used). The cookies can be set by various domains, among others google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visited, what content he is interested in and what offers he has clicked, as well as technical information about the browser and operating system, referring websites, time of visit as well as other information on the use of the online offer. The IP address of the users is also recorded, whereby in the context of Google Analytics we inform that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and is transmitted only in exceptional cases to a Google server in the United States and shortened there. The IP address will not be merged with data of the user within other offers from Google. The above information may also be linked by Google with such information from other sources. If the user then visits other websites, according to his interests, the ads tailored to him can be displayed. The data of the users are processed anonymously in the context of the Google marketing services. This means, Google stores and processes e.g. not the name or e-mail address of the users, but processes the relevant data cookie-related within anonymous user profiles. That means, from the perspective of Google, the ads are not managed and displayed for a specifically identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google's servers in the United States. The Google Marketing Services we use include, but are not limited to: the online advertising program „Google AdWords“. In the case of Google AdWords, each advertiser receives a different "conversion cookie". Cookies cannot be tracked through websites of AdWords customers. The information collected through the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Adwords customers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.
We may integrate third-party ads based on Google's DoubleClick marketing service. DoubleClick uses cookies that enable Google and its affiliate websites to serve advertisements based on users' visits to this website or other websites on the internet.
We may integrate third-party advertisements based on the Google AdSense marketing service. AdSense uses cookies that enable Google and its affiliate websites to serve advertisements based on users' visits to this website or other websites on the internet.
We can also use the "Google Optimizer" service. Google Optimizer allows us to understand how various changes to a website are affected by what are known as "A / B testings" (such as changes to the input fields, the design, etc.). Cookies are saved on users' devices for these purposes. Only pseudonymous data of the users are processed.
We may also use "Google Tag Manager" to integrate and manage the Google Analytics and Marketing Services on our website.
For more information about Google's data usage for marketing purposes, see the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy.
If you wish to oppose interest-based advertising through Google Marketing Services, you can make use of Google's settings and opt-out options: https://www.google.com/ads/preferences
Facebook Social Plugins
Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f GDPR) social plugins ("plugins") of the social network facebook.com, that is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland ("Facebook"). The plugins can represent interaction elements or content (e.g. videos, graphics or text contributions) and can be recognised by the Facebook logo (white "f" on blue tile, the terms "Like" or a "thumbs up" sign ) or are marked with the addition "Facebook Social Plugin". The list and the look of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins
Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
When a user invokes a feature of this online offering that includes such a plugin, their device establishes a direct connection to the Facebook servers. Facebook transmits the content of the plugin directly to the user’s device and this incorporates it into the online offer. In the process, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore inform the users according to our knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can allocate the visit to his Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the corresponding information is transmitted from their device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, it only stores an anonymous IP address in Germany.
Purpose and extent of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users, can be found in the privacy policy of Facebook: https://www.facebook.com/about/privacy
If a user is a Facebook member and does not want Facebook to collect his data via this online offer and link it to his member data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offer. Other settings and opting-out possibilities regarding the use of data for promotional purposes can be accessed within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-website http://www.aboutads.info/choices or the EU-website http://www.youronlinechoices.com. The settings are platform independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Facebook, Custom Audiences and Facebook Marketing Services
Based on our legitimate interests in the analysis, optimisation and economic operation of our online offer and for these purposes, the social network Facebooks so called "Facebook-Pixel" is used which is operated by the Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or in case you are located in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland ("Facebook").
Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
With the help of the Facebook Pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the presentation of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook Pixel to display the Facebook Ads only to those Facebook users who have shown an interest in our online offer or who have certain features (e.g. interests in certain topics or products that are determined by websites they have visited), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook Pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can also understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The Facebook Pixel is integrated when invoking our website directly through Facebook and can save a small file on your device a so-called cookie. If you subsequently log in to Facebook or visit Facebook in the logged-in state, your visit to our online offer will be noted in your profile. Data collected about you is anonymous to us, and does not give us any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we should send data to Facebook for comparison purposes, it will be encrypted locally in the browser and then sent to Facebook via a secure https connection. This is done solely with the purpose of establishing a comparison with the equally by Facebook encrypted data.
Furthermore, when using the Facebook Pixel we use the additional function "extended comparison" (data such as users’ telephone numbers, e-mail addresses or Facebook IDs) for the formation of target audiences ("Custom Audiences" or "Look Alike Audiences") which is transmitted to Facebook (encrypted). Find more information on „extended comparison“ here: https://www.facebook.com/business/help/611774685654668
Also based on our legitimate interests, we use the "Custom Audiences from File" method of the social network Facebook, Inc. In this case, the e-mail addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to identify recipients of our Facebook ads. We want to make sure that the ads are only displayed to users who are interested in our information and services.
The processing of the data by Facebook takes place in the context of Facebook's Data Usage Policy. Accordingly, find general information on the presentation of Facebook Ads, in the data usage policy of Facebook at: https://www.facebook.com/policy.php. Special information and details about the Facebook pixel and how it works can be found in Facebooks “Help” section: https://www.facebook.com/business/help/651294705016616.
You may object to the capture of your data by the Facebook Pixel and it being used to display Facebook Ads. To adjust the types of ads that are displayed within Facebook, you can call up the relevant Facebook page and there follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
You may also make use of the opt-out option for cookies used for metering and promotional purposes through the Network Advertising Initiative's opt-out page (http://optout.networkadvertising.org) and the US-website (http://www.aboutads.org). info / choices) or the EU-website (http://www.youronlinechoices.com/uk/your-ad-choices).
Range analysis with Matomo (previously PIWIK)
Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para.1 lit. f GDPR) we use Matomo, an open source software for the statistical evaluation of user access. The IP address of the users is shortened before it is saved. Matomo, however, uses cookies that are stored on users 'computers and that allow an analysis of users' use of this online offer. In this case, pseudonymous usage profiles of the users can be created from the processed data.
The information generated by the cookie about your use of this online offer is stored on our server and is not disclosed to third parties.
Newsletter
With the following information, we will inform you about the content of our newsletter as well as the registration, sending and statistical evaluation procedures as well as your rights of objection. By subscribing to our newsletter, you agree to receiving them and to the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or by legal permission. Insofar as the contents of a newsletter are concretely described, they are relevant for the consent of the users. Incidentally, our newsletters contain information about our products, offers, promotions and our company.
Double-Opt-In and logging: The registration for our newsletter is done with a so-called double opt-in procedure. In other words, you will receive an e-mail after logging in, requesting confirmation of your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the distributing service provider will be logged.
Distributing service provider: The distribution of the newsletter is carried out by the newsletter distributing platform Hubspot, 25 First Street, 2nd Floor, Cambridge, MA 02141, United States. The privacy policy of the shipping service provider can be viewed here: https://legal.hubspot.com/privacy-policy. Hubspot is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The shipping service provider is used based on our legitimate interests acc. Art. 6 Para. 1 lit. f GDPR and a contract processing agreement acc. Art. 28 Para. 3 S 1 GDPR.
Furthermore, the distributing service provider may, according to its own information, transmit this data in pseudonymous form, i.e. without assignment to a user, to optimise or improve of our own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletters or for statistical purposes, to determine from which countries the recipients come. However, the distributing service provider does not use the data of our newsletter recipients to contact them or to pass them on to third parties.
Credentials: To sign up for the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to give us a name in order to address you personally in the newsletter
Statistical Survey and Analysis - The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the distributing service provider's server when the newsletter is opened. Thereby initially technical information is collected, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or target audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters will be opened, when they will be opened and which links will be clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the distributing service provider to observe individual users. The evaluations rather serve us to be able to recognise the reading habits of our users and to adapt our content accordingly or to send different content according to the interests of our users.
The use of the distributing service provider, carrying out the statistical surveys and analysis as well as logging the registration process, are based on our legitimate interests in accordance with. Art. 6 Para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users.
Termination / revocation - you can cancel the receipt of our newsletter at any time, which means that you revoke your consent. At the same time, your consent for distribution by the distributing service provider and the statistical analysis expire. A separate revocation of the distribution by the distributing service provider or the statistical evaluation is unfortunately not possible. A link to cancel the newsletter can be found at the end of each newsletter. If the users have only subscribed to the newsletter and terminated this registration, their personal data will be deleted.
Rights of users
Users have the right, upon request, to receive information free of charge about the personal data that we have stored about them.
Additionally, users have the right that inaccurate data is corrected, the processing and deletion of their personal data is limited, if applicable, assert their rights to data portability and, in the event of the acceptance of unlawful data processing, to file a complaint with the competent regulatory authority.
Likewise, users can revoke consent, generally with implications for the future.
Deletion of data
The data stored with us is deleted as soon as it is no longer necessary for its intended purpose and the deletion does not conflict with any statutory storage requirements. Unless the users' data is deleted because it is required for other and legally permitted purposes, its processing will be restricted. That means, the data is blocked and not processed for other purposes. This applies, for example, for data of users who must be stored for commercial or fiscal reasons.
According to legal requirements, it must be stored for 6 years according to § 257 Para. 1 HGB (Trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years according to § 147 Para. 1 AO (Books, records, management reports, accounting records, business and commercial letters, documents relevant to taxation, etc.).
Right of revocation
Users may object to the future processing of their personal data in accordance with legal requirements at any given time. The objection may in particular be made against processing for direct marketing purposes.
Amendments to the privacy policy
We reserve the right to change the privacy policy in order to adapt it to changed legal situations, or to changes in the service and data processing. However, this only applies to declarations to data processing. If users' consent is required or elements of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
Users are requested to inform themselves regularly about the contents of the privacy policy.
Contentpepper® is a digital experience platform that creates, personalizes, and automates content and its delivery across all digital touchpoints.