Privacy Policy

Privacy Protection Statement

This privacy protection statement is intended to inform you about the processing of personal data when using our website.

“Personal data” means any information relating to an identified or identifiable natural person. In particular, this includes information that enables us to identify you, such as by your name, phone number, address, or email address. Statistical data that we collect when you visit our website, for example, and that cannot be linked to your person, does not fall under “personal data.”

You can print or save this privacy protection statement by using the corresponding features available for this purpose in your browser.

1.    Contact person

The contact person and person responsible for the processing of your personal data when you visit this website in accordance with the General Data Protection Regulation (GDPR) is nu3 GmbH, Brückenstr. 5, 10179 Berlin, phone: (+49-30) 3974-3420, email: info@nu3.de.

You can also contact our Data Protection Officer at any time if you have any questions regarding data protection in connection with the use of our website. This person can be contacted at the above postal address and at the above-mentioned email address (keyword: “Data Protection Officer”).

 

2.    Data processing on our website

2.1.       Accessing our website/access data

Every time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:

  • IP address of the requesting device;
  • time and date of the request;
  • address of the accessed website and the requesting website;
  • information about the browser and operating system used;
  • online IDs (device IDs, session IDs, etc.).

The data processing of this access data is necessary to enable users to visit the website and to guarantee the ongoing functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above in order to generate statistical data on the usage of our website, to further develop our website with regard to the usage habits of our visitors (for example, if the rate at which mobile devices are accessing our website increases), and in general to maintain/manage our website. The legal basis is Art. 6(1)1 point (b) of the GDPR.

The information stored in the log files does not allow any direct conclusion to your person; in particular, we only store the IP addresses in an abridged, anonymized form. Log files are stored for 30 days and archived after subsequent anonymization.

2.2.       Contact us

There are several ways to contact us. In this context, we process the data you transmit within the scope of establishing contact exclusively for the purpose of communication with you. The legal basis is Art. 6(1) point (b) of the GDPR. The data we collect will be automatically deleted after complete processing of your request, unless we still need your request to fulfill contractual or legal obligations (see “Storage time”).

We use Olark, a customer service platform of Habla, Inc. 205 ½ N Main St., Ann Arbor, MI 48104, U.S. (“Olark”) to process customer requests. In so doing, the data from the customer request and your contact details are collected, so we can process your request. The legal basis for this data processing is Art. 6(1) point (f) of the GDPR.

Olark also uses cookies and similar technologies. The data collected in this context may be transferred to and stored on an Olark server in the United States. In the event that personal data is transferred to Olark in the U.S., Olark abides by the EU–U.S. Privacy Shield.

You can prevent cookies from being stored on your computer by making the appropriate settings in your browser. For more information, see “Cookies.” For more information about Olark, please see Olark’s Privacy Policy.

2.3.       Registration

You have the possibility of registering for our login area in order to use the full functional range of our website (to order in our online shop, with the exception of guest orders, for example). The data you are required to provide is indicated by mandatory fields. It is not possible to register without this data. The legal basis for processing is Art. 6(1) point (b) of the GDPR.

2.4.       Orders

When we process orders, we collect mandatory information necessary for the execution of the contract:

  • salutation;
  • first and last name;
  • date of birth (only for some payment methods);
  • email address;
  • password;
  • billing and shipping address;
  • payment information, payment data.

Without this data, it is not possible to process the contract. It is possible to provide optional information such as phone and fax numbers, so we can also contact you in case of further questions. The legal basis for processing is Art. 6(1)1 point (b) of the GDPR.

2.5.       Payment methods, payment service providers

We offer the usual payment methods for orders in our online shop in the online area (PayPal, invoice, credit card, prepay, online bank transfer, paydirect, etc.). In this regard, we work together with various payment service providers from whom we receive your payment data or to whom we transmit your payment data. Without these payment data and payment service providers, payment and contract processing is not possible. The legal basis for this data processing is Art. 6(1)1 point (b) of the GDPR.

Our payment service providers are in particular

  • for payment via PayOne: BS PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt am Main, Germany (https://www.payone.com)
  • for payment via PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A, 22–24 Boulevard Royal, L-2449 Luxembourg (https://www.paypal.com);
  • for payment by invoice: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (https://www.klarna.com/de/) or payolution GmbH, Am Euro Platz 2, 1120 Vienna, Austria (https://www.payolution.com);
  • for payment by invoice in Switzerland: payolution GmbH, Am Euro Platz 2, 1120 Vienna, Austria (https://www.payolution.com)
  • when paying by amazonpay: Amazon Payments Europe S.C.A. 5, Rue Plaetis, 2338 Luxembourg (https://pay.amazon.com/de);
  • for payment by paydirekt: paydirekt GmbH, Hamburger Allee 26–28, 60486 Frankfurt am Main, Germany (https://www.paydirekt.de);
  • for payment by credit card: Elavon Financial Services DAC, Germany branch | Lyoner Str. 36 | 60528 Frankfurt am Main, Germany (https://www.elavon.de)

 If we make advance payments, such as in the case of a purchase on account, we carry out a credit assessment on the basis of score values, which we obtain from external credit agencies, before deciding whether to accept the contract. The credit assessment is necessary in this case in order to reduce our default risk or insolvency risk. Score values are statistically based forecast values on the future risk of non-payment by a person or a company and are presented as numerical values, such as a percentage or grade. For this purpose we transmit your data (name, addresses, date of birth) to our credit assessment service providers payolution (payolution GmbH, Am Euro Platz 2, 1120 Vienna, Austria) or Klarna (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden). You can find further information on payolution in the data protection statement of payolution; and for further information on Klarna, in the data protection statement of Klarna.

2.6.       Newsletters and promotional mailings

You have the option of receiving our newsletter in which we inform you about new products and promotions on a regular basis.

We use the double opt-in procedure for subscribing to our newsletters, i.e. we will only send you newsletters by email if you click on a link in our notification email confirming that you are the owner of the email address provided. Once you have confirmed your email address, we store your email address, the time of registration, and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of storing this information is to send you our newsletters and to be able to prove your registration.

In addition, we send promotional mailings to you in which we ask you for your feedback on your order, for example. The legal basis for this data processing is Art. 6(1) point (f) of the GDPR.

We work together with service providers to whom we send your email address and your newsletter registration in order to be able to send you the newsletters and promotional mailings. The legal basis for this data processing is Art. 6(1)1 points (b, f) of the GDPR.

You can unsubscribe from the newsletter and promotional mailings or object to receiving them at any time. A corresponding unsubscribe link can be found in every newsletter and promotional mailings. You can also simply send a message to the contact person indicated above or in the newsletter (by email or letter), as well. The legal basis for processing is your consent pursuant to Art. 6(1) point (a) of the GDPR.

 

We use standard technologies in our newsletters and promotional mailings in order to measure interactions with the newsletters (opening the email, links clicked, etc.). We use this data in a pseudonymous form for general statistical analyses as well as for optimization and further development of our content and customer communication. This occurs using small graphics embedded in the newsletter (“pixels”). The data is collected in a purely pseudonymous form and is not linked to your other personal data. The legal basis for this is our above-mentioned legitimate interest pursuant to Art. 6(1)1 point (f) of the GDPR. We use our newsletter to share content that we believe is as relevant as possible for our customers and to better understand what readers are actually interested in. If you do not wish your usage behavior to be analyzed, you can unsubscribe from the newsletter or deactivate graphics in your email program by default. The data relating to your interaction with our newsletters is stored in a pseudonymous form for 30 days and subsequently completely anonymized.

2.7.       Surveys and sweepstakes

We use your data for market research and opinion polling when you participate in one of our surveys. We always evaluate the data anonymously for internal purposes. If for some exceptional reason, a survey is not evaluated anonymously, the data will only be collected with your consent. In the case of anonymous surveys, the GDPR is not applicable and in the case of exceptional person-related evaluations, the legal basis is the aforementioned consent pursuant to Art. 6(1) 1 point (a) of the GDPR.

In the context of sweepstakes, we use your data for the purpose of conducting the sweepstakes and notifying you if you are a winner. You can find detailed information in the respective sweepstakes rules of participation. The legal basis for processing is the sweepstakes fulfillment contract pursuant to Art. 6(1)1 point (b) of the GDPR.

2.8.       Applications

You can apply for job vacancies at any time. The purpose of the data we collect is to select from a potential pool of applicants for possible employment. In particular, we collect the following data for the receipt and processing of your application: first and last name, email address, application documents (certificates, curriculum vitae, etc.), date of earliest possible employment and salary expectation. The legal basis for processing your application documents is Art. 6(1)1 point (b) and Art. 88(1) of the GDPR, in conjunction with Art. 26(1)1 of the Federal Data Protection Act (Bundesdatenschutzgesetz, or in short BDSG).

2.9.      Use of our own cookies

If is necessary for us to use “cookies” for some of our services. A cookie is a small text file placed by your browser on your computer and stored there. Cookies are not used to run programs or download viruses onto your computer. The main purpose of our cookies is to provide an offer tailored to your needs and to make the use of our services as time-saving as possible.

Most browsers are set to accept cookies by default. However, you can adjust your browser settings so your computer will reject cookies or only save them after prior consent. If you choose to reject cookies, you may find that parts of our services will not work properly.

We use cookies, in particular:

  • for login authentication,
  • for load distribution,
  • as an indicator of specific information on our website that has been displayed to you before so that it will not be displayed again the next time you visit the website.

We want to enable you to use our website more comfortably and individually. These services are based on our aforementioned legitimate interests; the legal basis is Art. 6(1)1 point (f) of the GDPR.

We also use cookies and similar technologies (web beacons, for example) from partners for analysis and marketing purposes. This is described in more detail in the following sections.

2.10.    Use of cookies and similar technologies for analysis purposes

We use cookies and similar technologies (web beacons, for example) for statistical recording and analysis of general usage behavior based on access data in order to improve our website. We also use analysis services to evaluate the use of our various marketing channels.

The legal basis for the data processing described in the following section is Art. 6(1)1 point (f) of the GDPR based on our legitimate interest in the needs-oriented design and continuous optimization of our website.

You will also find information in the following list of technologies we use on your possibilities to object with regard to our analysis measures using an opt-out cookie. Please note that an opt-out cookie must be set again if you delete all cookies in your browser or later use of a different browser and/or profile.

2.10.1.       Google Analytics

Our website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. (“Google”). Google Analytics uses cookies and similar technologies to analyze and improve our website based on your user behavior. The data arising in this context can be transmitted by Google to a server in the U.S. for evaluation and stored there. In the event that personal data is transferred to the U.S., Google abides by the EU–U.S. Privacy Shield. However, your IP address is shortened before the usage statistics are evaluated, making it impossible to draw conclusions about your identity. For this purpose, Google Analytics has been extended on our website by the code “anonymizeIP” to ensure anonymous collection of IP addresses.

Google will process the information obtained by cookies for the purpose of evaluating your use of the website, compiling reports on website activity for the website operators, and providing further services relating to website activity and Internet usage.

You can configure your browser to reject cookies or you can prevent the collection of data generated by cookies and related to your use of this website (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on provided by Google. As an alternative to the browser add-on or if you access our website from a mobile device, please use this opt-out link. This will prevent collection by Google Analytics within this website in the future (the opt-out only works in the browser and only for this domain). You must click this link again if you delete your cookies in this browser.

Please refer to the Google Privacy Policy  for more information.

2.10.2.       Hotjar

Our website uses Hotjar, a web analysis service of Hotjar Ltd., Elia Zammit Street 3, St. Julians STJ 1000, Malta (“Hotjar”). Hotjar is used to create “heatmaps.” Heatmaps are a means to graphically display statistics about mouse movements and clicks on our site. This allows us to detect frequently used functions on our website and further improve the page. Hotjar uses cookies and similar technologies to analyze our website with regard to your user behavior. However, your IP address is shortened before the usage statistics are evaluated, making it impossible to draw conclusions about your identity. In addition to mouse movements and clicks, information about your operating system, browser, incoming and outgoing links, geographical origin, resolution and type of device are evaluated for statistical purposes. This information is kept in a pseudonymous form and will not be passed on to third parties by us or Hotjar. Data you enter in any fields on forms on our website will be hidden and not collected using Hotjar.

The collection of data by Hotjar can be deactivated by your objection (opt-out) on all websites operated by us or other providers that use Hotjar. You will find more detailed explanations and a mode for you to declare your objection on the opt-out page of Hotjar. Hotjar also supports the Do Not Track mode of your browser. Hotjar will not collect any data if you enable it in your browser. Instructions for the different browsers can be found on the Hotjar website.

For more information, please refer to Hotjar’s privacy policy.

2.10.3.       Matomo

Our website uses Matomo (formerly Piwik), an open/source analysis platform of Inno-Craft Ltd., 150 Willis St., 6011, Wellington, New Zealand (“Matomo”). Matomo uses a cookie to analyze our website with regard to your user behavior. The cookie that is stored on your computer when you visit our website also stores and transmits your anonymized IP address. This means that when data is transmitted to our server, the IP address is shortened in such a way that we can no longer identify you (as a visitor to our website). The usage data transmitted to us through the cookie will only be evaluated by us and will not be passed on to third parties. The evaluation serves exclusively to optimize and further develop our website.

As described above, you can configure your browser to automatically reject cookies.

Please refer to the Matomo Privacy Policy for more information.

2.10.4.       New Relic

Our website uses New Relic, a performance analysis service of New Relic, Inc., 101 Second Street, 15th floor, San Francisco, CA 94105, U.S. (“New Relic”). New Relic uses cookies and similar technologies to measure and monitor the technical performance of our website, such as in determining whether the respective website can be accessed and how quickly it is displayed when it is accessed. To this end, New Relic collects data about the website in question, including system data about add-ons used, usage times, and browsers, hardware, and software used (“application data”). Neither the data collection nor the evaluation is user- or use-related at New Relic.

The data arising in this context can be transferred from New Relic to a server in the U.S. for evaluation and stored there. In the event that personal data is transferred to the U.S., New Relic abides by the EU–U.S. Privacy Shield.

You can configure your browser to reject cookies or you can prevent the collection of data generated by cookies and related to your use of this website (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on provided by Google. As an alternative to the browser add-on or if you access our website from a mobile device, please use this opt-out link. This will prevent collection by Google Analytics within this website in the future (the opt-out only works in the browser and only for this domain). You must click this link again if you delete your cookies in this browser.

Please refer to the New Relic Privacy Policy for more information.

2.11.    Use of cookies and similar technologies for online advertising technologies

We also use cookies and similar technologies for advertising purposes. Some of the access data resulting from the use of our website is used for advertising that may be of interest to you. By analyzing and evaluating this access data, we are able to display personalized advertising on our website and on the websites of other providers. This means advertising that corresponds to your actual interests and needs.

The legal basis for the data processing described in the following section is Art. 6(1)1 point (f) of the GDPR based on our legitimate interest in advertising our products and services in a personalized form.

We want to explain these technologies and the providers used for them in more detail in the following section.

The following data can collected:

  • the IP address of the device,
  • the time and date of access,
  • the identifier of a cookie,
  • the device ID of mobile devices,
  • technical information about the browser and operating system used.

However, the data collected is stored in a purely pseudonymous form, making it impossible to draw conclusions about a person’s identity.

You will also find information in the following descriptions of technologies we use on your possibilities to object with regard to our analysis and advertising measures using an opt-out cookie. Alternatively, you can exercise your objection by making the appropriate settings on the TRUSTe or Your Online Choices websites, which provide bundled possibilities for objections from many advertisers. Both websites enable users to deactivate all advertisements of the listed providers at once by means of opt-out cookies or alternatively to make the settings for each provider individually. Please note that an opt-out cookie must be set again if you delete all cookies in your browser or later use of a different browser and/or profile.

2.11.1.       Facebook conversion and retargeting tags

Our websites use conversion and retargeting tags (also “Facebook pixels”) from Facebook, a service of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, U.S. (“Facebook”) for marketing purposes. We use Facebook pixels to analyze the general usage of our websites and to track the effectiveness of our advertising on Facebook (“conversion”). In addition, we use Facebook pixels to show you individualized advertising messages based on your interest in our products (“retargeting”). Facebook processes data that the service collects via cookies and similar technologies on our websites.

The data arising in this context can be transmitted by Facebook to a server in the U.S. for evaluation and stored there. In the event that personal data is transferred to the U.S., Facebook abides by the EU–U.S. Privacy Shield.

If you have an account with Facebook and have permitted it through your Facebook account’s privacy settings, Facebook may also link the information we collect when you visit our website to your member account and use it to target Facebook ads for you. You can view and change the privacy settings of your Facebook profile at any time. If you do not have an account with Facebook, you can stop Facebook from processing your information by clicking the “Facebook” opt-out button on the TRUSTe website mentioned above. You can also prevent data processing by clicking the following link CUSTOM OPT-OUT

If you disable data processing by Facebook, Facebook will only display general Facebook ads that are not selected based on the information collected about you.

For more information, please see Facebook’s Data Policy.

2.11.2.       Google AdWords conversion tracking and remarketing

Our website uses the AdWords conversion tracking and AdWords remarketing services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. (“Google”). We use the AdWords conversion tracking service to define customer actions (such as clicking an ad, page views, downloads) to be logged and analyzed. We use the AdWords remarketing service to display individualized advertising messages for our products on Google partner sites. Both services use cookies and similar technologies. The data arising in this context can be transmitted by Google to a server in the U.S. for evaluation and stored there. In the event that personal data is transferred to the U.S., Google abides by the EU–U.S. Privacy Shield.

If you use a Google account, depending on the settings in your Google account, Google can link your website and app browsing history to your Google account and use information from your Google account to personalize ads. If you do not want this association with your Google account, you need to log out of Google before you access our contact page. 

You can configure your browser to reject cookies as shown above. You can also deactivate the “Ads personalization” button in Google’s Ads settings. In this case, Google will only display general ads that are not selected based on the information collected about you.

Please refer to the Google Privacy Policy for more information.

2.11.3.       Webtrekk

Our website uses the services of Webtrekk GmbH (“Webtrekk”). Webtrekk GmbH is a company based in Boxhagener Straße 76–78, 10245 Berlin, Germany, which collects, stores, and analyzes usage data in order to play out preference-based advertising to you using cookies and similar technologies. It enables Webtrekk GmbH to collect, store, and evaluate the usage data. The collected usage data is anonymized by shortening the IP address. It is therefore not possible for Webtrekk to draw conclusions about you as a visitor to the website.

You can prevent Webtrekk from collecting your data for advertising purposes as described above by deactivating the automatic storage of cookies. In addition, you may at any time object to the use of your data for advertising purposes in Webtrekk’s data privacy statement.

You can find further information on Webtrekk’s data privacy statement here.

2.11.4.       Criteo

Our website also uses the remarketing technology of Criteo GmbH, Unterer Anger 3, 80331 Munich, Germany (“Criteo”). Criteo uses cookies and similar technologies and by so doing, collects the surfing behavior of website visitors for marketing purposes in a purely anonymous form.

Criteo can analyze the surfing behavior and then display targeted product recommendations as a suitable advertising banner when other websites are visited. Under no circumstances can the anonymized data be used to personally identify visitors to the website.

The data collected by Criteo will only be used to improve the advertising offer. On the bottom right of each displayed banner is a small “i” (which stands for information). It opens when you hover over it with the mouse and leads to a page where the system is explained and an opt-out is offered. When you click Opt-out, an “Opt-out” cookie is set, effectively preventing these banners from being displayed in the future.

You can find more information on this in Criteo’s Privacy Policy, where you can also object to the anonymous analysis of your surfing behavior.

2.12.    Social media

2.12.1.       Facebook Connect

Our website enables you to log in to the website using your existing Facebook profile information. We use Facebook Connect, a service of Facebook, Inc., 1601 Willow Road, Menlo Park, California, 94025, U.S. (“Facebook”). Once you have logged in with Facebook Connect, you do not need to re-register.

If you want to use this function, you will first be forwarded to Facebook. There you will be asked to log in with your user name and password. We do not receive your login data. This step is skipped if you are already logged in to Facebook. Your e-mail address and your public profile information (in particular name, profile picture, date of birth, gender, language and country, friends, and “likes”) will then be transmitted to us when you confirm the process with the “Log in with Facebook” button. In the event that personal data is transferred to the U.S., Facebook abides by the EU–U.S. Privacy Shield. The legal basis is Art. 6(1)1 point (b) of the GDPR.

For more information, please see Facebook’s Data Policy.

2.12.2.       Social media plug-ins

Our website uses social media plug-ins (such as the “Like” button) from Facebook, Inc., 1601 Willow Road, Menlo Park, California, 94025, U.S. (“Facebook”), Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, U.S. (“Twitter”), and Google+ from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. (“Google”). The legal basis is Art. 6(1)1 point (f) of the GDPR based on our legitimate interest that you are sharing our content via social media networks, thereby extending our outreach. In the event that personal data is transferred to the U.S., Facebook and Twitter abide by the EU–U.S. Privacy Shield.

Facebook/Twitter/Google receives the information that you have accessed on the corresponding subpage of our online offer. This is independent of whether you have an account on Facebook/Twitter/Google and are logged in there. If you are logged in to Facebook/Twitter/Google, this information will be directly associated with your account. If you switch on the activated plug-in and link the page, for example, Facebook/Twitter/Google also stores this information including time and date in your user account and notifies your contacts and followers of this publicly. You must log out before activating the plug-in if you do not wish to be associated with your profile on Facebook/Twitter/Google.

Facebook/Twitter/Google stores this data as user profiles and uses it for the purposes of advertising, market research, and/or needs-oriented design of its website. Such an evaluation takes place in particular (for users who are not logged in, as well) for displaying interests-based advertising and to inform other users of the social media network about your activities on our website. If you have an account with Facebook/Twitter/Google, you can deactivate advertising based on social media activity, for example, in Facebook’s advertising preferences if you do not agree with the creation of these user profiles. You can also completely prevent the loading of Facebook/Twitter/Google social media plug-ins with additional programs for your browser, such as the Facebook Blocker tool.

Please refer to Facebook’s Privacy Policy, the Twitter Privacy Policy, or the Google Privacy Policy for more information.

 

3.    Forwarding data

The data we collect will only be forwarded if:

  • you have given your express consent pursuant to Art. 6(1)1 point (a) of the GDPR;
  • the disclosure pursuant to Art. 6(1)1 point (a) of the GDPR is necessary to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
  • we are legally obliged pursuant to Art. 6(1)1 point (c) of the GDPR to forward it; or
  • it is legally permissible and is required pursuant to Art. 6(1)1 point (b) of the GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place upon your request.

Part of the data processing may be carried out by our service providers. In particular, data centers that host our website and store our databases, IT service providers that maintain our systems, and delivery and logistics service providers may also be included here, in addition to the service providers mentioned in this privacy protection statement. If we pass data on to our service providers, they may use the data exclusively for the fulfillment of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational safeguards in place to protect the rights of the persons concerned, and are monitored by us on a regular basis.

3.1.       Amazon Web Services

Some of your data will be processed on servers provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, Washington 98109, U.S. (“AWS”). AWS servers are used to connect your device to the content on our website. The servers we use are generally located within the European Union. However, for technical reasons, some of your data may also be processed in countries outside the European Economic Area, in particular in the U.S. AWS abides by the EU–U.S. Privacy Shield to ensure the protection of your data in this case, as well. In addition, we have concluded a special contract with AWS that meets the requirements of the European Commission’s standard contractual clauses. The legal basis is Art. 6(1)1 point (f) of the GDPR based on our legitimate interest in storing the contents of our website securely and reliably by external service providers and at the same time reducing our own expenditure for providing the IT infrastructure of our website.

3.2.       Google Tag Manager

Our website uses Google Tag Manager, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. (“Google”). Google Tag Manager is used to manage tracking tools and other services, so-called “website tags.” A tag is an element that is stored in the source code of our website in order to capture predefined usage data, for example. Google Tag Manager does not require the use of cookies. Google Tag Manager ensures that the usage data required by our partners (see the data processing procedures described above) is forwarded to them. Some of the data is processed on a Google server in the U.S. In the event that personal data is transferred to the U.S., Google abides by the EU–U.S. Privacy Shield. The legal basis is Art. 6(1) point (f) of the GDPR based on our legitimate interest in integrating and managing several tags on our website in an uncomplicated manner. You can find more information on the Google Tag Manager overview here.

4.    Integration of third-party content and services

 

Our website may contain third-party content such as videos from YouTube, maps from Google Maps, RSS feeds, or images/graphics from other websites. This always requires that the providers of this content (“third-party providers”) know your IP address. Without it, they cannot send the content to your browser. Therefore the IP address is required for the display of this content. The legal basis for this data processing is Art. 6(1) points (b, f) of the GDPR.

We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the content. However, we have no influence on this if the third-party providers store the IP address for statistical purposes, for example.

Additional information on the Sovendus voucher offer

We work together with our advertising partner Sovendus (Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe, Germany). Sovendus urges us to provide the following information:

voucher offers of Sovendus GmbH: We will pseudonymize and encrypt the hash value of your email address and your IP address and transmit it to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe, Germany (“Sovendus”) (pursuant to Art. 6(1) point (f) of the GDPR) in order select a relevant voucher offer currently of interest to you. The pseudonymized hash value of the email address is used in the event that a possible objection to advertising by Sovendus (pursuant to Art. 21(3), Art. 6(1) point (c) of the GDPR) is raised. The IP address is used by Sovendus exclusively for data security purposes and anonymized after seven days (pursuant to Art. 6(1) point (f) of the GDPR). In addition, we transmit the order number, order value with currency, session ID, coupon code, and time stamp in a pseudonymous form to Sovendus for billing purposes (pursuant to Art. 6(1) point (f) of the GDPR). If you are interested in a Sovendus voucher offer, if there is no advertising objection to your email address, and you click the voucher banner displayed only for this intent, we will encrypt the salutation, name, and your email address and send it to Sovendus for preparation of the voucher (pursuant to Art. 6(1) points (b, f) of the GDPR).

For more information about how Sovendus processes your data, see the company’s Data Protection Notice online at www.sovendus.de/en/privacy_policy/.

 

5.    Storage time

 

We only ever store personal data for as long as necessary in order to fulfill contractual or statutory obligations for which we have collected the data. Afterward we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for purposes of proof for civil law claims or due to statutory retention obligations.

We are required to keep contract data for another three years from the end of the year in which the business relationship with you ends for evidence purposes. Any claims fall under the statute of limitations after the statutory period of limitation at the earliest at this point in time.

We still have to store some of your data for accounting reasons even after that period. We are obliged to do so on the basis of statutory documentation obligations that may arise from the German Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act, and the Securities Trading Act. The periods specified there for retaining documents are two to ten years.

 

6.    Your rights

 

You have the right to request information about how we process your personal data at any time. We will explain the data processing and provide you with an overview of the data stored about you as part of the provision of information.

You have the right to have this data corrected if the data we have stored is incorrect or no longer up-to-date. You may also request that your data be deleted (“right to be forgotten”). If in exceptional cases, deletion is not possible due to other legal provisions, the data will be blocked so that it is only available for this legal purpose.

You may also restrict the processing of your data, for example, if you believe that the data we have stored is incorrect.

You also have the right to data portability, i.e. on request, we will send you a digital copy of the personal data you have provided.

You can contact us at any time using the contact details above to exercise your rights as described here. This also applies if you wish to receive copies of guarantees to prove a reasonable level of data protection.

In addition, you have the right to object to data processing pursuant to Art. 6(1) point (e) or (f) of the GDPR. Finally, you have the right to complain to the supervisory authority for data protection responsible for us. The right of appeal may be exercised in particular before a supervisory authority in the member state where you currently live or work, or in the place where you suspect the infringement is occurring. The responsible supervisory authority is in Berlin, where we have our headquarters: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany.

 

7.    Right to revocation and objection

 

You have the right to revoke your consent that you granted us at any time pursuant to Art. 7(2) of the GDPR. As a result, we will not continue the data processing based on this consent in the future. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

If we process your data on the basis of legitimate interests pursuant to Art. 6(1) point (f) of the GDPR, you have the right pursuant to Art. 21 of the GDPR to object to the processing of your data and to supply us with reasons that arise from your particular situation and that in your opinion indicate that your interests are worthy of protection. If you object to data processing for purposes of direct marketing, you have a genuine right to objection, which we will also implement without needing to supply reasons. 

A simple message to the above-mentioned contact person is sufficient if you would like to make use of your right to revocation or objection.

 

8.    Data security

 

We implement modern technical measures to guarantee data protection, in particular to protect your personal data from the dangers of data transmission and access by third parties. These are adapted to the current state-of-the-art in each case. To safeguard the personal data you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.

 

9.    Changes to the privacy protection statement

 

We may update this privacy protection statement from time to time, for example, when we revise our website or when there are changes in legal or regulatory requirements.

 

© nu3 GmbH – Version: 1.0 / Release: May 2018