Privacy policy

1. Information on the collection of personal data and contact details of the data controller

1.1 Thank you for visiting our website and taking an interest in our company. In the following, we would like to tell you how we handle your personal data when you use our website. Personal data are all data that can identify you personally.

1.2 The data controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is gepepharm GmbH, Josef-Dietzgen-Straße 3, 53773 Hennef, Germany, e-mail: gepe@gepepharm.de (hereinafter referred to as gepepharm GmbH). The data controller for processing personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect your personal data and other confidential contents (e.g., orders or enquiries to the responsible body) in transit, this website uses SSL or TLS encryption. You can tell an encrypted connection by the character string “https://” and the lock symbol in your browser line.

2. Data collection when visiting our website

When using our website for purely informational purposes, i.e., if you do not wish to sign up or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display our website:

  • our visited web page
  • date and time of access
  • quantity of data sent in bytes
  • source/reference from where you got to our web page
  • browser used
  • operating system used
  • IP address used (if necessary, in anonymised form)

Processing is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. We do share the data or use it otherwise. However, we reserve the right to check the server log files subsequently if there are valid indications of illegal use.

We share your personal data with third parties only if:

  • you have given your express consent
  • the processing is necessary to execute a contract with you
  • the processing is necessary for compliance with a legal obligation
  • the processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

3. Cookies

To enhance our website experience and to enable the use of certain features, we use so-called cookies on various pages. Cookies are small text files stored on your terminal device. Some of the cookies we use are deleted when the browser session ends, i.e., after you close your browser (these are called session cookies). Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognise your browser the next time you visit us (persistent cookies). If cookies are created, they collect and process certain user information, such as browser and location data and IP address values, at the required scope. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.

In some cases, cookies are used to simplify the ordering process by saving certain settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal data are also processed by individual cookies implemented by us, this processing is carried out in accordance with Art. 6 Para. 1 letter b GDPR either to execute the contract or in accordance with Art. 6 Para. 1 letter f GDPR to safeguard our legitimate interests in the best possible functionality of our website and a customer-friendly and effective website experience.

We may work with advertising partners who can help us to make our online offering more interesting to you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). When we work with the aforementioned advertising partners, you are specifically and separately informed in the following paragraphs about the use of such cookies and the scope of the information collected in each case.

Please note that you can set your browser to tell you when cookies are created so you can decide on a case-by-case basis whether to accept them or to exclude accepting cookies for certain cases or in general. All browsers differ in how they manage cookie settings. This is described in the browser’s Help menu, explaining how to change your cookie settings. You can find them at the following links for the relevant browser:

  • Internet Explorer: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
  • Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Chrome: https://support.google.com/chrome/answer/95647?hl=en
  • Safari: https://support.apple.com/kb/ph21411?locale=de_DE
  • Opera: http://help.opera.com/Windows/10.20/de/cookies.html

Please note that if cookies are not accepted, the functionality of our website may be limited.

4. Contact

Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 letter f DSGVO. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after your request has been processed. This is the case if it is clear from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

5. Data processing when creating a customer account and for contract processing

In accordance with Art. 6 Para. 1 letter b GDPR, personal data will continue to be collected and processed if you provide us with such data in order to execute a contract or when creating a customer account. You can tell the collected data from the input dialogs. Your customer account can be deleted at any time by sending a message to the data controller’s above address. We store and use the data you provide us with to process the contract. After fulfilling the contract or deleting your customer account, your data will be blocked with regard to tax and trade retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved a legally permitted further use of data, which we inform you about in the following.

In addition to contract processing, we use your e-mail address to e-mail you about similar goods/services of ours. You can object to the use of your e-mail address at any time without incurring any costs other than the transmission costs according to the basic rates. If you do not wish to receive further advertising communication, please e-mail us at gepe@gepepharm.de or click the “Unsubscribe” link at the end of the newsletter.

6. Comment function

As part of the comment function on this website and in addition to your comment, information about the time when the comment was created and the commentator name you have chosen are stored and published on our website. Your IP address is also logged and stored. Your IP address is stored for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content through a submitted comment. We need your e-mail address in order to contact you in case a third party should complain because they find a published content unlawful. The legal bases for storing your data are Art. 6 Para. 1 letters b and f GDPR. We reserve the right to delete your comments if third parties find them unlawful.

7. Use of your data for direct advertising

7.1 Subscribing to our e-mail newsletter

When you subscribe to our e-mail newsletter, we will periodically send you information about our offerings. Your e-mail address is the only mandatory information for sending the newsletter. Providing further data is voluntary and used to address you personally. We use the so-called double opt-in procedure for sending newsletters, meaning that we will only e-mail you our newsletter if you have expressly confirmed that you agree to receiving this newsletter. We then send you a confirmation e-mail asking you to click a link to confirm that you wish to receive future newsletters. You can subscribe to our newsletters if you are aged 16 or older. By subscribing you confirm that you are at 16 or older.

By activating the confirmation link you give us your consent to use your personal data in accordance with Art. 6 Para. 1 letter a GDPR. When subscribing to our newsletter we store your IP address entered by your Internet Service Provider (ISP) as well as the date and time of when you registered to be able to trace potential misuse of your e-mail address at a later date. The data we collect when you subscribe to our newsletter is used exclusively for the purpose of advertising in our newsletters. You can unsubscribe from our newsletter at any time using the link provided for this purpose in the newsletter or by sending a message to the data controller mentioned earlier. After unsubscribing, we will immediately delete your e-mail address from our newsletter mailing list unless you have expressly consented to further use of your data or we have reserved an additional use of data, which is legally permitted and we inform you about in this statement.

7.2 Sending e-mail newsletters to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to periodically send you e-mail offers about goods or services from our range of products that are similar to those you have already purchased. In accordance with Sect. 7 Para. 3 German Unfair Competition Act, UWG, we do not need to obtain your separate consent for this. In this respect, data processing is based solely on our legitimate interest in personalised direct advertising in accordance with Art. 6 Para. 1 letter f GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your e-mail address for the above-mentioned advertising purpose at any time with future effect by notifying the data controller named at the beginning of this document. For this you are only charged transmission costs according to the basic rates. After receiving your objection we immediately stop using your e-mail address for advertising purposes.

7.3 Advertising by regular mail

Based on our legitimate interest in personalised direct advertising, we reserve the right to store your first and last name, your postal address and, insofar as we have received this additional information from you within the scope of the contractual relationship, your title, academic degree, year of birth and professional, industry or business designation in accordance with Art. 6 Para. 1 letter f GDPR and to use it to send you attractive offerings and information about our products by post.

You can object to the storage and use of your data for this purpose at any time by sending a message to the data controller.

8. Data processing for order processing

8.1 In order to process your order, we partner with the following service provider(s) supporting us in full or in part with executing concluded contracts. Certain personal data are transmitted to these service providers in accordance with the following information.

The personal data we collect are shared with carriers commissioned with shipping within the framework of contract processing, insofar as this is necessary to deliver the goods. Your payment data are shared with the assigned credit institution within the scope necessary for payment processing. If payment service providers are used, we explicitly inform you about this in the following. The legal basis for sharing your data is Art. 6 Para. 1 letter b GDPR.

8.2 Using special service providers for order processing and fulfilment

Your personal data are exclusively shared for the purpose of processing your online order in accordance with Art. 6 Para. 1 letter b GDPR.

To deliver orders we partner with external shipping providers (e.g., DHL). These shipping providers receive the following data to fulfil orders:

  • your name
  • your delivery address
  • if applicable, your postal number (if you wish to have the order delivered to a DHL packing station)

8.3 Using payment service providers

PayPal

If you choose to pay via PayPal, credit card via PayPal, direct debit via PayPal or—if offered—“purchase on account” or “payment by instalments” via PayPal, we share your payment data with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) when processing your payment. The data are shared in accordance with Art. 6 Para. 1 letter b GDPR and only to the extent necessary for processing payments. PayPal reserves the right to carry out a credit check for the payment methods of credit card via PayPal, direct debit via PayPal and—if offered—“purchase on account” or “payment by instalments” via PayPal. For this purpose, your payment data may be shared with credit agencies pursuant to Art. 6 Para. 1 letter f GDPR on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit assessment with regard to the statistical probability of default to make a decision about providing the respective payment method. The credit rating information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data are included in the score values calculation. For further information on data protection, including information on the credit agencies used, please see PayPal’s privacy statement: https://www.paypal.com/en/webapps/mpp/ua/privacy-full You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still process your personal data if this is necessary to process payments in accordance with your contract.

9. Using social media—videos

9.1 Using YouTube videos

This website uses the YouTube embedding function to show and play videos from the “YouTube” provider, which belongs to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

An advanced data protection mode is used which, according to the provider’s information, initiates the storage of user information only when the video(s) is/are played. When embedded YouTube videos are played, the “YouTube” provider uses cookies to collect information about user behaviour. According to information from “YouTube”, this information is used, among other things, to record video statistics, improve user experience and prevent abusive behaviour. If you are logged in to Google, your data are directly associated with your account when you click a video. If you do not want your profile to be associated with YouTube, you need to log out before pressing the button. Google stores your data (even for users who are not logged in) as user profiles and analyses them. Such analyses are carried out in particular in accordance with Art. 6 Para. 1 letter f GDPR on the basis of Google’s legitimate interests in showing personalised advertising, market research and/or on-demand design of its website. You have a right of objection to the creation of these user profiles; contact YouTube to exercise this right.

Irrespective of playing embedded videos, you connect to the Google “DoubleClick” network whenever you access this website; this may trigger further data processing operations that are outside of our influence.

Google LLC, based in the US, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

For more information about “YouTube”’s data protection, please see the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy

10. Online-Marketing

10.1 Using Google AdWords conversion tracking

This website uses the online “Google AdWords” advertising program and, in the context of Google AdWords, conversion tracking by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use the Google Adwords service to employ advertising tools (so-called Google Adwords) on external websites to draw attention to our attractive offerings. We can use the advertising campaign data to determine the success of individual advertising activities to pursue our interest in showing you advertising that is of interest to you, in making our website more interesting to you and in achieving a fair calculation of advertising costs.

The conversion tracking cookie is created when a user clicks an AdWords ad served by Google. Cookies are small text files stored on your computer system. They usually expire after 30 days and are not used to identify individuals. If a user visits certain pages of this website while the cookie has not yet expired, Google and we can recognise that the user has clicked the ad and was redirected to that page. Every Google AdWords customer has their own cookie. As a result, cookies cannot be tracked across the websites of AdWords customers. The information collected through the conversion cookie is used to compile conversion statistics for those AdWords customers who have opted-in to conversion tracking. Customers will know the total number of users who clicked their ad and were redirected to a page with a conversion tracking tag. However, you do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can block this usage by disabling the Google Conversion Tracking cookie from your web browser in “User Preferences”. This will exclude you from conversion tracking statistics. We use Google Adwords because of our legitimate interest in targeted advertising in accordance with Art. 6 Para. 1 letter f GDPR.

Google LLC, based in the US, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

You can find more information about Google’s privacy policy at the following web address: http://www.google/privacy/

You can permanently disable cookies for ad preferences by adjusting your browser software settings to prevent them or by downloading and installing the browser plug-in available from the following link: https://support.google.com/ads/answer/7395996

Please note that disabling cookies means that you may not be able to use certain functions of this website, or only to a limited extent.

11. Web analysis services

11.1 Google (Universal) Analytics

This website uses Google Analytics, a web analysis services by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, which are text files stored on your computer to help analyse how users use this website. The information generated by the cookie about your use of the website (including your shortened IP address) is transferred to a Google server in the US, where it is stored.

This website uses Google Analytics exclusively with the “_anonymizeIp()” extension ensuring that IP addresses are anonymised by shortening them and thereby excluding any direct personal reference. This extension ensures that Google shortens your IP address prior to sending it across member states of the European Union or other signatories of the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be transferred to a Google server in the US and shortened there. In such exceptional cases, processing is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes. Google uses this information on our behalf to analyse how you have used our website in order to compile reports on website activities and also to provide further services connected with the use of the website and the Internet usage. The IP address transmitted by your browser with Google Analytics is not merged with other Google data. You can prevent the storage of cookies by choosing the relevant browser settings. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout

As an alternative to the browser plugin or for browsers on mobile devices, please click the following link to create an opt-out cookie to prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you have to click this link again): Disable Google Analytics Google LLC, based in the US, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can disable cross-device analysis of your usage in your customer account under “My data”, “Personal data”. For more information about how Google Analytics handles user data, please see the Google privacy policy: https://support.google.com/analytics/answer/6004245

12. Retargeting / remarketing / recommendation advertising

12.1 Bing Ads (Microsoft Corporation)

This website uses Microsoft’s “Bing Ads” conversion tracking technology (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads place a cookie on your computer if you got to our website through a Microsoft Bing ad. Cookies are small text files stored on your computer system. They expire after 180 days and are not used to identify individuals. If a user visits certain pages of this website while the cookie has not yet expired, Microsoft can recognise that the user has clicked the ad and was redirected to that page. If personal data are then processed, this is done in accordance with Art. 6 Para. 1 letter f GDPR due to our legitimate interest in effective marketing.

The information collected through the conversion cookie is used to compile conversion statistics, i.e., how many users get to a conversion page after clicking an ad. This tells us the total number of users who have clicked our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

Microsoft Corporation, based in the US, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

If you do not wish to participate in tracking, you can object by disabling the Bing Ads Conversion Tracking cookie from your web browser in “User Preferences”. This will exclude you from conversion tracking statistics. Alternatively, you can use the EU consumer opt-out page http://www.youronlinechoices.com/uk/your-ad-choices/ to check whether Microsoft advertising cookies have been created in your browser and to disable them.

For more information about Microsoft Bing Ads’ privacy policy, please visit the following web address: https://privacy.microsoft.com/en-us/privacystatement

12.2 Facebook Custom Audience on the pixel method

This website uses the “Facebook pixel” by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). If explicit consent is given, this allows the behaviour of users to be tracked after they have seen or clicked a Facebook advertisement. This method is used to analyse the effectiveness of Facebook Ads for statistical and market research purposes and may help to optimise future advertising efforts. The data collected are anonymous to us, so we cannot draw any conclusions about the identity of the users. However, the data are stored and processed by Facebook to enable a connection to the respective user profile so Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). You can enable Facebook and its partners to publish ads on and outside of Facebook. For this purpose, a cookie can also be stored on your computer. These processing operations are only carried out if you have given your express consent in accordance with Art. 6 Para. 1 letter a GDPR. Only users 13 years or older can declare their consent to the use of the Facebook pixel. If you are younger than 13, please ask your legal guardians for their permission. Facebook Inc., based in the US, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. To disable the use of cookies on your computer, you can set your internet browser to no longer store cookies on your computer in the future or to delete already stored cookies. However, switching off all cookies may mean that some functions on our website can no longer be executed. You can also disable the use of third party cookies, such as Facebook, on the Digital Advertising Alliance website: http://www.aboutads.info/choices/

If you have given explicit consent to use Facebook Custom Audiences, you can object to the collection of data, the creation of a user profile and the setting of cookies for the future by using the following link to obtain an opt-out cookie.

13. Using a live chat system

13.1 Zendesk

This website uses technologies by Zendesc Inc., 1019 Market St, San Francisco, USA (www.zendesk.com) to collect and store pseudonymous data for the purpose of web analysis and to operate the live chat system to reply to live support requests. These pseudonymised data can be used to create user profiles under a pseudonym. Cookies can be used for this purpose. Cookies are small text files locally stored in the site visitor’s internet browser cache. Among other things, cookies make it possible to recognise the internet browser. If the information collected in this way contains a personal reference, it is processed in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behaviour for optimisation purposes. The data collected using Zendesk technologies are not used to personally identify the visitor of this website and are not merged with personal data about the bearer of the pseudonym without the separately given consent of the person concerned. To avoid the storage of Zendesk cookies, you can set your internet browser to no longer store cookies on your computer in the future or to delete already stored cookies. However, switching off all cookies may mean that some functions on our website can no longer be executed. You can disable the collection and storage of data for the purpose of creating a pseudonymised user profile at any time with effect for the future by e-mailing us your objection informally at the e-mail address stated in the Legal section. Zendesk Inc, based in the US, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

14. Tools and other means

14.1 Google reCAPTCHA

This website also uses the reCAPTCHA feature by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function is mainly used to distinguish whether an entry is made by a natural person or misused through mechanical and automated processing. The service includes sending the IP address and, if necessary, other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in determining the individual willingness of actions on the internet and the prevention of misuse and spam.

Google LLC, based in the US, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

For more information about Google reCAPTCHA and Google’s privacy statement, please see: https://www.google.com/privacy/

14.2 Using Google Maps

Our website uses Google Maps (API) by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive maps to visually present geographical information. Using this service, our location will be displayed to you and help you find your way to us.

When accessing the sub-pages the Google Maps map is embedded in, information about your use of our website (such as your IP address) is transmitted to Google servers in the US and stored there. This happens regardless of whether Google provides a user account you are logged into or whether no user account exists. If you are logged in to Google, your data are directly associated with your account. If you do not want your profile to be associated with Google, you need to log out before pressing the button. Google stores your data (even for users who are not logged in) as user profiles and analyses them. Such analyses are carried out in particular in accordance with Art. 6 Para. 1 letter f GDPR on the basis of Google’s legitimate interests in showing personalised advertising, market research and/or on-demand design of its website. You have a right of objection to the creation of these user profiles; contact Google to exercise this right.

Google LLC, based in the US, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

If you do not agree with the future transmission of your data to Google while using Google Maps, there is also the possibility of completely disabling the Google Maps’ web service by switching off the JavaScript application in your browser. Google Maps and therefore the displayed map on our website cannot be used then.

See the Google Terms of Use at https://policies.google.com/terms, the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html For detailed information about privacy in connection with using Google Maps, please see Google’s website (“Google Privacy Policy”): http://www.google/privacy/

14.3 Trusted Shops Trustbadge

To display our Trusted Shops seal of approval and to offer the Trusted Shops membership to buyers after an order, the Trusted Shops trust badge is embedded in this website. This is used to protect our legitimate interests in our offering’s optimal marketing; Art. 6 Para. 1 letter f GDPR. The Trustbadge and the services it advertises are an offering of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. When the trust badge is accessed, the web server automatically stores a so-called server log file documenting, e.g., your IP address, date and time of access, transferred data volume and the requesting provider (access data). These access data are not analysed and are automatically overwritten no later than seven days after the end of your visit to our website. Other personal data is only shared with Trusted Shops if you decide to use Trusted Shops products after placing an order or if you have already registered for use. In this case the contractual agreement between you and Trusted Shops applies.

14.4 Google Tag Manager

Our website uses Google Tag Manager, a service by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Tag Manager is used to manage tracking tools and other services called website tags. A tag is an element stored in our website’s source code to, e.g., record predefined usage data. Google Tag Manager works without the use of cookies. Google Tag Manager ensures that the usage data required by our partners (cf. the data processing procedures described above) are shared with them. Some of the data are processed on a Google server in the US. In the event that personal data are transferred to the US, Google has subjected itself to the EU-US Privacy Shield. The legal basis is Art. 6 Para. 1 letter f GDPR, based on our legitimate interest in integrating and managing several tags in an uncomplicated manner on our website.

15. Rights of the data subject

15.1 With regard to the processing of your personal data, the applicable data protection law grants you comprehensive data protection rights (rights of access and intervention), which we inform you about in the following:

  • Right of access in accordance with Art. 15 GDPR: in particular, you have the right of access to your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees in accordance with Art. 46 GDPR when your data are shared with third countries;
  • Right of rectification in accordance with Art. 16 GDPR: you have the right to request immediate rectification of incorrect data concerning you and/or completion of your incomplete data held by us;
  • Right to deletion in accordance with Art. 17 GDPR: you have the right to request the deletion of your personal data if the conditions of Art. 17 Para. 1 GDPR are met. However, this right does not apply, in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • Right to limit processing pursuant to Art. 18 GDPR: you have the right to request limitation of the processing of your personal data for as long as the accuracy of your data which you dispute is verified, if you refuse to have your data deleted due to unauthorised data processing and instead request limitation of the processing of your data, if you need your data for the assertion, exercise or defence of legal claims after we no longer need these data once the purpose has been achieved, or if you have lodged an objection for reasons relating to your particular situation, for as long as it is not yet clear whether our legitimate reasons outweigh the objection;
  • Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the data controller, the data controller is obliged to notify all recipients of this rectification, erasure or limitation of processing to whom the personal data concerning you have been disclosed unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
  • Right to data transfer in accordance with Art. 20 GDPR: you have the right to receive the personal data you have provided us with in a structured, common and machine-readable format or to request that they be transferred to another data controller, insofar as this is technically feasible;
  • • Right to revoke consents granted in accordance with Art. 7 Para. 3 GDPR: you have the right at any time to revoke, with future effect, any consent to the processing of data that you have once given. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;
  • • Right of appeal in accordance with Art. 77 GDPR: If you believe that the processing of personal data relating to you is in breach of the GDPR, you have the right—without prejudice to any other administrative or judicial remedy—to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.

15.2 Right of objection

If, as part of a weighing of interests, we process your personal data on the basis of our overriding legitimate interest, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.

If you exercise your right of objection, we will stop processing the data concerned. However, we reserve the right to further process the data if we can prove that there are compelling reasons for processing worthy of protection which outweigh your interests, fundamental rights and freedoms or if the processing serves the assertion, exercise or defence of legal claims.

If your personal data are processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. You can exercise your right to object as described above.

If you exercise your right of objection, we will stop processing the data concerned for direct marketing purposes.

16. Duration of retention of personal data

The duration of retention of personal data is determined by the respective legal retention period (e.g., retention periods under commercial and tax laws). After the retention period has expired, the corresponding data are routinely deleted, provided that they are no longer required for fulfilling the contract or for initiating a contract and/or we have no legitimate interest in further retention.

17.Changes to our privacy policy

We reserve the right to adapt this privacy policy to ensure that you always comply with current legal requirements or to implement changes to our services in the privacy policy, for example, when we introduce new services. The new privacy policy then applies when you visit again.