Privacy Policy

We take data protection seriously

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your internet service provider, the website from which you visit us, the web pages you visit on our website and the date and duration of the visit as standard. This information is absolutely necessary for the technical transmission of the web pages and secure server operation. A personalised evaluation of this data does not take place.

If you send us data via the contact form, this data will be stored on our servers in the course of data backup. We will only use your data to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties.

Responsible:

Personal data

Personal data is data about your person. This includes your name, address and e-mail address. You also do not have to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as other information in order to provide you with the requested service.

The same applies in the event that we supply you with information material on request or when we answer your enquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the information that is necessary to provide you with our service. We may ask you for additional information, but this is voluntary. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial objectives.

Contact

When contacting us (e.g. via contact form, email, telephone or via social media), the information of the inquiring persons is processed insofar as this is necessary to answer the contact enquiries and any requested measures.
The response to contact requests in the context of contractual or pre-contractual relationships is made in order to fulfil our contractual obligations or to respond to (pre)contractual requests and otherwise on the basis of the legitimate interests in responding to the requests.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
  • Affected persons: Communication partner.
  • Purposes of processing: contact requests and communication.
  • Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 lit. b. GDPR), Legitimate Interests (Art. 6 para. 1 lit. f. GDPR).

Automatically stored data

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
    data volume transferred

This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other data or passed on to third parties, not even in extracts.

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

Through the use of session cookies, the controller can provide the users of this website with a user-friendly service that would not be possible without the setting of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily agree to tracking or analysis by clicking on the cookie banner. Your data may be passed on to partners or third-party providers. These cookies are only stored if you explicitly agree to this; the legal basis is then your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can change your settings for the use of cookies here at any time:

Change your cookie settings

Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in a data protection compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website:
https://usercentrics.com/de/ (hereinafter “Usercentrics”).

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your terminal
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

We have concluded a contract on order processing (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that helps us use tracking or statistics tools and other
technologies on our website. The Google Tag Manager itself does not create
user profiles, does not store any cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 (1) lit. f GDPR.

Google Analytics (4)

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to complement the data sets collected and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the US is based on the EU adequacy decision: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en Google is already certified for the Data Privacy Framework Program.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google signals

We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google signals. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalised advertising messages. The data is also used to create anonymised statistics on the user behaviour of our users.

Google Analytics E-Commerce Measurement

This website uses the “E-Commerce Measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.

Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

In this way, the behaviour of page visitors can be tracked after they have clicked on an
Facebook ad were redirected to the provider’s website. This allows the
Effectiveness of Facebook ads evaluated for statistical and market research purposes
and future advertising measures can be optimised.

The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data use policy. This allows Facebook to serve ads on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the US is based on the EU adequacy decision: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en Facebook is already certified for the Data Privacy Framework Program.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data protection-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
You can find further information on protecting your privacy in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/.

You can also use the “Custom Audiences” remarketing function in the Settings for
Deactivate advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this
you must be logged in to Facebook.

LinkedIn Insight Tag

This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland
Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag, we receive information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, we can use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take any other action (conversion measurement). Conversion measurement can also be done across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors to our website outside of the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and
browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of the website visitors on its servers in the USA and use it in the context of its own advertising measures. Details can be found in the LinkedIn privacy policy at
https://www.linkedin.com/legal/privacy-policy#choices-oblig.

The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures including social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Data transfer to the US is based on the EU adequacy decision: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en LinkedIn is already certified for the Data Privacy Framework Program.

You can object to the analysis of usage behaviour and targeted advertising by LinkedIn at the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, members of LinkedIn may opt out of the use of their personal data for the purpose of
You can control the use of your account for advertising purposes in your account settings. In order to prevent the linking of data on our website
In order to avoid the collection of data by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

We have concluded a contract for commissioned processing pursuant to Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

Pinterest tag

We have integrated Pinterest tag on this website. The provider is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Pinterest tag is used to track certain actions you take on our website. The data may then be used to show you interest-based advertising on our website or on another page of the Pinterest tag advertising network.

For this purpose, the Pinterest tag collects, among other things, a tag ID, your location and the referrer URL. Furthermore, promotion-specific data such as order value, order quantity, order number, category of purchased items and video views may be collected.

Pinterest tag uses technologies that enable the cross-page recognition of the user for the analysis of user behaviour (e.g. cookies or device fingerprinting).

Since a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Data transfer to the US is based on the EU adequacy decision: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en Pinterest is already certified for the Data Privacy Framework Program.

You can find more information about Pinterest tag here:
https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag.

We have concluded a contract on order processing (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a
contact form) is carried out by a human being or by an automated programme. For this purpose
reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. These
analysis starts automatically as soon as the website visitor enters the website. For the analysis
reCAPTCHA analyses various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not alerted to
that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links:
https://policies.google.com/privacy?hl=de and
https://policies.google.com/terms?hl=de.

Online presence on social media

Insofar as you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 p. 1 lit. a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on our social media channels, from which usage profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the respective linked data protection notices of the providers on their websites. Should you still require assistance in this regard, you can contact us.

Economic analyses and market research

For business reasons and in order to be able to recognise market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). Where available, we may take into account the profiles of registered users together with their details, e.g. services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised, i.e. anonymised values. Furthermore, we take the privacy of the users into consideration and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g. as summarised data).

Who receives my data?

If we use a service provider in the sense of commissioned processing, we still remain responsible for the protection of your data. All commissioned processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfil their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

This data is made available to the group companies insofar as this is necessary for the processing of the contract. Customer data is stored separately for each company, with our parent company acting as a service provider for the individual participating companies.

In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.

Transport service provider

For the purpose of delivering ordered goods, we work together with logistics service providers/transport companies and/or shipping partners to whom the following data is transmitted for the purpose of delivering the ordered goods or for the purpose of shipment notification: First name, surname, postal address as well as, if applicable, the e-mail address and, if applicable, the telephone number. The legal basis for the processing is Art. 6(1)(b) GDPR.

Payment service provider

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer efficient and secure payment options to data subjects and use other payment service providers in addition to banks and credit institutions for this purpose (collectively “payment service providers”).

The data processed by the payment service providers include inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, sum and recipient-related details. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e. we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the general terms and conditions and the data protection information of the payment service providers.
The terms and conditions and data protection notices of the respective payment service providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

We are entitled under the legal conditions of § 7 para.3 UWG (German Unfair Competition Act) to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every e-mail.

How long will my data be stored?

We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (such as from the German Commercial Code, the German Fiscal Code or the German Working Hours Act); furthermore, until the end of any legal disputes in which the data is required as evidence.

Security

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our data protection statements are constantly being revised. Please ensure that you have the latest version.

Data subjects’ rights

You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to access:
You can request information from us as to whether and to what extent we process your data.

Right of rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:
You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.

Right to restriction of processing:
You can request us to restrict the processing of your data if
-You dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
-the processing of the data is unlawful, but you refuse erasure and instead request restriction of the use of the data,
-we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
-You have objected to the processing of the data.

Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that
-we process that data on the basis of consent given by you, which may be revoked, or for the performance of a contract between us; and
-this processing is carried out with the aid of automated procedures.
If technically feasible, you can request us to transfer your data directly to another data controller.

Right to object:
If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right of appeal:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to exercise any of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Changes to this privacy policy

We reserve the right to change our privacy policy should this be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce them on our website.

All interested parties and visitors to our website can contact us on data protection issues at:

Mr Christian Volkmer
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
Germany

Tel.: 0941 2986930
Fax: 0941 29869316
E-mail: anfragen@projekt29.de
Internet: www.projekt29.de