Data Protection

Last update: April 3, 2023

bg-country-switch bg-country-switch

Privacy Notice

Compliance with data protection regulations is important for PAUL HARTMANN Middle East FZE (hereinafter referred to as "HARTMANN", "we" or "us").

We would therefore like to inform you about the processing of your personal data, in particular about the purposes of the respective data processing, the categories of data processed and about your rights.

Responsible party:

PAUL HARTMANN Middle East FZE
Dubai Airport Free Zone
Building 5WA, Office 601
Dubai
United Arab Emirates
Phone: +971-4-2996996
E-Mail: info@me.hartmann.info

Contact Data Protection:
PAUL HARTMANN Middle East FZE
Dubai Airport Free Zone
Building 5WA, Office 601
Dubai
United Arab Emirates
Phone: +971-4-2996996
E-Mail: info@me.hartmann.info


Do you have general questions or comments about this data protection declaration or specific questions about the processing of your data? We will gladly answer them.

We process your personal data in accordance with the provisions of the Federal Decree Law No. 45 of 2021 on the Protection of Personal Data of the United Arab Emirates.

We process data to meet legal requirements, for purpose-oriented interests and/or in the context of pre-contractual/contractual measures. In addition, we process your personal data if it is necessary to protect our interests or the interests of third parties unless there are no overriding interests on your part (including fundamental rights and freedoms) that speak against such processing.

We process your personal data in particular for the following purposes:

2.1 Purpose in the context of pre-contractual/contractual measures which can be in particular:

  • Sending of information about products.
  • Consultation or contact after trade fairs etc.
  • Business partner due diligence.
  • Obtaining creditworthiness information (e.g., via credit insurer).
  • Fulfilment of contractual obligations and services.
  • Transfer of address data to logistics companies for the delivery and collection of goods.
  • Delivery of contractually ordered products and goods.
  • Transfer of billing data to billing centres and forwarding to cost units.
  • Execution of payment transactions.
  • Customers satisfaction surveys.
  • Sending of interesting information about products and promotions.

2.2 Purpose-oriented interests which can be in particular:

  • Exclusive customer information on products and advertising materials.
  • Product training courses.
  • Direct marketing measures.
  • Consultation or contact after trade fairs etc.
  • Customer satisfaction survey.
  • Measures for the further development of services and products.
  • Testing and optimisation of procedures for demand analysis.
  • Further development of existing systems and processes.
  • Statistical evaluations for corporate management.
  • Enrichment of our data, e.g., by using or researching publicly available data as far as necessary.
  • Transfer of data within our corporate group for internal administrative purposes.
  • Measures for controlling and optimizing business processes.
  • Assertion of legal claims and defence in the event of legal disputes which are not directly attributable to the contractual relationship.
  • Comparison with national, European, and other international sanctions lists as part of our compliance program to determine critical data (screening), insofar as this goes beyond the legal obligations. The comparison depends to a large extent on the matter in question and the circumstances of the individual case, i.e., on the risk forecast and the safety relevance of the specific activity.

2.3 Purpose to meet legal requirements or public interest

PAUL HARTMANN Middle East FZE is registered with the Dubai Airport Free Zone Authority (‘’DAFZA’’) in the Emirate of Dubai, United Arab Emirates and like everyone who participates in the economic process, we are also subject to a variety of legal obligations. These are primarily legal requirements (e.g., according to the regulations of DAFZA, commercial and tax laws), but also, where applicable, regulatory, or other official requirements (e.g., Ministry of Health regulations).

The purposes of processing may include identity and age verification as well as fraud and money laundering prevention (e.g., comparison with European and international anti-terrorist lists). In addition, the disclosure of personal data may become necessary within the scope of official/judicial measures for the purpose of gathering evidence, criminal prosecution, or the enforcement of civil law claims.

When you contact us (by telephone, mail, or e-mail), your personal data will be processed for the purpose of handling your enquiry.

When you contact us by contact form over our website the information marked as mandatory in the contact form is required for the processing of your enquiry. As a rule, we delete inquiries 3 months after their receipt, at the latest, however, if they have been answered. In the event of statutory storage obligations to be observed, the deletion shall take place after their expiry.

So far as it is necessary for the decision on the establishment of a contractual relationship with you, we process, in addition to the personal data received directly from you, any legally obtained personal data from third parties.

We process in particular the following data categories:

  • Contact data (e.g., e-mail address, telephone numbers, address).
  • Content data (e.g., text input contact form, photographs, videos).
  • Contract data (e.g., subject matter of the contract, duration, customer category, username), in particular for the fulfilment of our contractual obligations and services, for the implementation of marketing measures based on our interests (e.g., in the context of customer satisfaction surveys).
  • Payment data (e.g., bank details, account details, credit card details, payment history).

If, in the course of our processing, we disclose personal data to other persons and companies (third parties) - including group companies – or transfer it to them or otherwise grant them access to the data, this will only done on the basis of a legal authorisation (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), you have consented, a legal obligation provides for this or on the basis of our interests (e.g. when using an intermediary, web hosts, etc.).

However, we remain responsible to you for the lawfulness of the data processing.

Where possible, we will process your personal data on the territory of the United Arab Emirates. If, however, processing and thus at the same time transfer of your personal data to third countries (e.g., Germany) is necessary especially in connection with the use of service providers, we will ensure that the special legal requirements for such processing are met and that an adequate level of data protection exists in the third country and/or appropriate guarantees (e.g., standard contractual clauses) exist and that sufficient technical and organizational measures are in place to protect your personal data. We also will ensure that the enforcement of your rights is guaranteed.

We process or store your personal data in principle only for the intended purpose and/or for the duration of a contractual relationship.

Your personal data stored by us will be deleted as soon as they are no longer required for their intended purpose and if there are no legal storage obligations to prevent deletion.

If the personal data are not deleted because their processing is necessary for other and legally permissible purposes, the processing is restricted. This means that the personal data is blocked and not processed for other purposes. Instead of deleting your personal data, we will, if necessary, make it anonymous in such a way that it is irreversibly impossible to retrieve it in the future.

In accordance with the legal requirements commercial documents and accounting records should be retained for a minimum period of 5 years under UAE laws.

You only need to provide us with the personal data that we generally require for the execution of your inquiry, our services, that are necessary for the initiation, execution, and termination of a contractual relationship or that we are legally obliged to collect (e.g., to provide evidence to authorities).

Boxes marked with an asterisk (*) in our forms are mandatory. Without this personal data, we will generally not be able to provide our services or to conclude and carry out a contractual relationship with you. This may also refer to personal data that will later become necessary within the scope of a contractual relationship or the provision of services. If we request personal data from you in addition to this, your details are always voluntary.

In particular

  • You have the right to withdraw your consent to the processing of your personal data at any time with effect for the future. Processing that has taken place before the revocation therefore remains lawful.
  • You have the right to request that your personal data are corrected if inaccurate or completed if incomplete.
  • You have the right to be informed about what type of personal data we process, the purpose of processing, how we control and store your personal data and if your personal data were transferred to a third party or country.
  • You have the right to restrict, suspend or stop the processing of your data if you believe that the data, we are processing are incorrect or the data are being processed for a purpose that is not agreed. However, if there are overriding reasons for processing or if we are required by law to process your data to protect the rights of third parties or to protect the public interest, this may affect your right to do so.
  • You have the right to stop the processing of your data if the processing is for direct marketing purposes including profiling related to direct marketing or if the processing is for conducting statistical surveys.
  • You have the right to object to decisions issued based on automated processing, including profiling, if they have legal consequences for you. In case you have agreed by terms of contract or by consent to the processing your right to object is limited to the agreed terms. Your right to object is in addition limited if the automated processing is necessary according to other legislation in force in the UAE.
  • You have the right to request the deletion of your personal data stored with us unless legal obligations restricting the deletion.

When you contact us (by contact form, telephone, fax, post or e-mail), your personal data will be processed for the purpose of handling your enquiry and its processing in accordance with Article 6 (1) a) (consent - withdrawal possible at any time), lit. b) (service provision) and lit. f) (legitimate interests - objection possible) GDPR. The information marked as mandatory in the contact form is required for the processing of your enquiry.

As a rule, we delete inquiries 3 months after their receipt, at the latest, however, if they have been answered. If you have withdrawn your consent, we will delete your data at this time. In the event of statutory storage obligations to be observed, the deletion shall take place after their expiry.

We maintain blogs with the possibility of commentary in our online offer. For the comment function, in addition to your comment, information on the time of the creation of your comment, your e-mail address and, if you are not anonymous, the user name you have chosen are stored. Comments remain in the blog as long as it is operated or you request its deletion.

If you write a comment, your IP address will be stored for 6 months on the basis of our legitimate interests in the sense of Art. 6 (1) f GDPR in addition to the time of creation, and then deleted. This is done for our security, as far as in individual cases illegal contents are left behind in comments (e.g. insulting contents, forbidden political propa-ganda, etc.) which require clarification, in particular the determination of the identity of the author. We will delete comments with the aforementioned content immediately. Should the further storage of your IP address and the time of creation of the respective comment be necessary for evidence purposes, these (personal) data are excluded from deletion until the final clarification of the respective incident. This (personal) data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 (1) c GDPR.

With the following notes we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter: We send e-mails and other (electronic) notifications with advertising information (hereinafter "newsletter") only with your consent or on the basis of a legal permission. If the contents of the newsletter are specifically rewritten within the scope of a registration for the newsletter, they are decisive for the consent. Furthermore, our newsletters contain information about our products, offers, promotions and our company.

Newsletters are sent by us or by a service provider where required.

Logging double opt-in and changes: The registration to our newsletter is done in a so-called Double-Opt-In-Procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The newsletter registrations are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your (personal) data stored by the shipping service provider are also logged.

According to its own information, the delivery service provider may use your (personal) data in pseu-dononymous form, i.e. without allocation to a user, to optimise and improve its own services, e.g. for technical optimisation of the delivery and presentation of newsletters or for statistical purposes to determine from which countries the recipients come. However, the dispatch service provider does not use your (personal) data to write to you itself or to pass on your (personal) data to third parties.

Registration data: To subscribe to the newsletter, you only need to enter your e-mail address. Optionally we ask you - for personal contact - to enter your first and last name.

Performance measurement: The newsletters contain a so-called "web beacon". This is a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of retrieval are initially collected. This information is used in particular for the technical improvement of the services and to determine your reading habits. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. This information can be assigned to you for technical reasons.

The dispatch of the newsletter and the measurement of success are based on your consent in accordance with Art. 6 (1) a, Art. 7 GDPR in conjunction with § 7 (2) No. 3 of the German Act against Unfair Competition (UWG). The registration procedure is recorded on the basis of our legitimate interests in accordance with Art. 6 (1) f GDPR and serves as proof of your consent to receive the newsletter.

Withdrawal: You can withdraw the receipt of our newsletter at any time. You will find a link to withdraw the receipt of our newsletter at the end of each newsletter. Your (personal) data will be deleted in case of a withdrawal.

On our website and within our online offering, we use content or service offerings from third parties. This happens based on our legitimate interests (interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) f GDPR) for processing of a contract on the basis of Art. 6 (1) b GDPR or based on your consent according to Art. 6 (1) a GDPR. This requires the third party providers to be aware of your IP address, as without the IP address they would not be able to send the Content to your browser. The IP address is therefore required for the display of content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the website. The pseudonymous information can also be stored in cookies on your device and may contain technical information about the browser and operating system, referring websites, visiting time and other details about the use of our online offer, as well as being linked to such information from other sources.

In the following presentation we have compiled an overview of third party providers (payment service provider are listed separately) together with their offered contents as well as links to their data protection declarations, which may contain further information on the processing of data as well as information on objection. Please note that we have listed further third-party providers as well as further information on the third-party providers mentioned here in our cookie policy.

Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization

Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Within our online offer we use the conversion tool "LinkedIn Insight Tag". This tool creates a cookie in your web browser, which enables the collection of data. Based on the collected data, LinkedIn creates anonymous reports about the website target group and makes them available to us. LinkedIn also shows us the display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. We can use this data to display targeted advertising outside of our online offering without identifying you.

Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy policy: https://privacy.xing.com/en/privacy-policy

Provider: (Youtube) Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de

We have integrated components of YouTube within our online offers. YouTube allows the free posting of video clips and their free viewing, rating and commenting. By calling up one of the individual pages of our online offers on which YouTube content has been integrated, a connection to YouTube is established in order to download the necessary elements for displaying the corresponding video. In doing so, YouTube or the operating company Google receives information about which subpage within our online offers has been called by the respective user. In addition, further information, such as the IP address, the browser used, the operating system and technical device information, date and duration of the visit are forwarded. If the user is logged on to YouTube at the time of visiting our online offers with the same device, YouTube recognizes the user by calling up a single page that contains a YouTube video. This occurs regardless of whether the person concerned clicks on a YouTube video or not. This information can be aggregated by YouTube or Google and assigned to the profile of the respective user, unless the elements have been integrated in "privacy mode". We always use the "Privacy Mode", as far as this is possible.

Provider: (Instagram) Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875

Provider: (Facebook-Pixel) Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads

With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/) who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in certain topics or products that are evident from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. The Facebook Pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion measurement“).

Provider: (Analytics) Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Privacy policy: https://policies.google.com/privacy?hl=de
Terms and Conditions:
https://marketingplatform.google.com/about/analytics/terms/us/
Opt-Out:
http://tools.google.com/dlpage/gaoptout?hl=de

Further Information on Google Analytics: If you have given your consent, we may use Google Analytics 4, a web analytics service.

Scope of processing: Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We may use Google Signals. This allows Google Analytics to collect additional information about users who have personalized ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

Regarding the aforementioned Google functionalities, please consider the following: Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

  • Page views
  • First visit to a website
  • Start of session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links
  • internal search queries
  • interaction with videos
  • file downloads
  • seen / clicked ads
  • language settings

Also recorded:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to our website)

Purposes of processing: On behalf of us, Google will use this information to evaluate your pseudonymous use of our website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.

Recipients of the data in particular are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer: Insofar as data is processed outside the EU/EEA and there is no level of adequate data protection corresponding to the European standard according to the GDPR, we have concluded EU standard contractual clauses to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of personal data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against (in particular unlawful) access by authorities.

Duration of storage: The data sent by us and linked to cookies are automatically deleted after 2 or 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal basis: The legal basis for this data processing is your consent pursuant to Art.6 (1) a) GDPR.

Withdrawal: You can withdraw your consent at any time with effect for the future by accessing the cookie settings/management and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on our and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) and the (further) processing of this data by Google, by

a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics here.

Provider: (reCAPTCHA) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

To protect our websites or systems from misuse (e.g. spam or other abuse), we can use the "reCAPTCHA" function from Google. This allows us to recognise whether entries etc. are made by humans and not by so-called "bots". In this context, IP addresses and other information about systems used, devices, possibly also the location, the surfing history and the interaction with reCaptcha (also on other websites), e.g. answered questions or selected objects, can be processed.

Provider: (Tag Manager) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy
Further Information: https://www.google.com/intl/de/tagmanager/use-policy.html

We may use Google Tag Manager (GTM) to manage website tags via an interface. Tags are small code elements on our website that are used in particular to measure traffic and visitor behaviour, to record the impact of online advertising and social channels, for remarketing and targeting for specific target groups and for testing website areas.

Provider: (Maps) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

Google Maps (Maps) is an online map service that we can offer to search for and display precise locations. The map section of a location can be integrated into a website, e.g. to display directions. When using maps, the search terms entered, the IP address and the coordinates are processed. If the route planner function is also used, the starting address entered is also saved.

Provider: (Ads & Conversion Tracking) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

We may use Google Ads to create offers for our products and services for interest-based advertising. We may also use Google Conversion Tracking (Conversion Tracking) to gain insights into the use of our offers. Conversion tracking provides us with useful information about what happens after a click on an offer, e.g. whether a product is purchased. This allows us to evaluate the success of advertising measures and use the results for optimisation measures. We receive a report from Google with statistical analyses without personal data.

Provider: (Optimize) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

We can use Google Optimize to optimise our website content and therefore also to optimise advertising measures. For example, we check how the content of the website is perceived by users. Based on the feedback, optimisation measures are then taken if necessary.

Provider: (Fonts) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

We may use Google Fonts in our online offering, as these can be used across platforms and are web-optimised. When you visit our website, the fonts are loaded by Google. This results in a transfer to Google, whereby Google also recognises your IP address and the fact that you have visited our website, and further information such as language settings, screen resolution of the browser and the name and version of the browser are transmitted. Google may use the data collected to determine the popularity of fonts, for example. Google makes the results available in Google Analytics, for example.

Provider: (Clarity) Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin D18 P521, Irland
Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement?tid=136993383

With Microsoft Clarity (Clarity), we can use a solution to monitor the use of our website. This involves recording previously defined website sessions by users of our website, which we can then analyse anonymously. In addition to the IP address, Clarity also records other (meta) data, such as the time of access or mouse movements (cursor and scroll movements).

Provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
Privacy Policy: https://www.cloudflare.com/de-de/privacypolicy/?tid=311141511

We want to offer you the best possible service with our website. Cloudflare helps us to make our website faster and more secure. Cloudflare provides us with web optimisation as well as security services such as DDoS protection and web firewall. This also includes a reverse proxy and the content distribution network (CDN). Cloudflare blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources. By storing our website on local data centres and blocking spam software, Cloudflare enables us to reduce our bandwidth usage. Overall, this makes our website significantly more powerful and less susceptible to spam or other attacks.

Provider: Usercentrics A/S, Havnegade 39, 1058 Kopenhagen, Dänemark.
Privacy Policy: https://www.cookiebot.com/de/privacy-policy/

On our website we may use Cookiebot, a cookie consent manager from Usercentrics, to give you control over the cookies used on our website. Cookiebot collects and manages your consents to the use of cookies and other tracking technologies on our website. When you visit our website, Cookiebot will show you a cookie banner where you can select your preferences. Your consent will be stored by Cookiebot so that your preferences will be honoured on future visits to our website. You can review and adjust your consent at any time.

Payment service providers:

We use payment service providers for certain payment services in order to fulfil contracts, due to legal obligations and on the basis of our legitimate interests.

Payment service providers process, for example, your first and last name, your email address, your bank and payment details, your passwords, your TANs, your IP address and other personal data about you. The data is required to carry out transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we generally do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the general terms and conditions and the data protection information of the payment service providers.

Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications. We currently use the following providers, whereby a technical connection of online payment methods is used:

Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgien
Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html

Provider: Visa Europe Services Inc., Zweigniederlassung London, 1 Sheldon Square, London W2 6TT, GB
Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

The personal data processed by us will be deleted in accordance with Art. 17 GDPR. Unless expressly stated within the scope of this data protection declaration, the personal data stored by us will be deleted as soon as they are no longer required for their intended purpose and, in particular, there are no legal storage obligations to prevent deletion. If the personal data are not deleted because their processing is necessary for other and legally permissible purposes, the processing is restricted. This means that the personal data is blocked and not processed for other purposes.

Instead of deleting your personal data, we will, if necessary, make it anonymous in such a way that it is irreversibly impossible to retrieve it in the future.

In accordance with the legal requirements, storage takes place in particular for 6 years in accordance with § 257 (1) of the German Commerical Code (HGB) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 (1) of the German Tax Code (AO) (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

You have the right to withdraw your consent to the processing of your personal data in accordance with Art. 7 (3) GDPR at any time with effect for the future. Processing that has taken place before the withdrawal therefore remains lawful

In accordance with Art. 15 GDPR, you can request information about your personal data processed by us.

In accordance with Art. 16 GDPR, you can demand the immediate correction of incorrect or incomplete personal data stored by us.

In accordance with Art. 17 GDPR, you can request the deletion of your personal data stored with us in accordance with the conditions stated there, unless legally prescribed retention periods prevent immediate deletion (cf. Art. 17 (3) GDPR) and/or another case of Art. 17 (3) GDPR exists and/or a new purpose justifies further processing.

In accordance with Art. 18 (1) GDPR, you can demand the restriction of data processing if one or more conditions in accordance with Art. 18 (1) GDPR lit. a to d apply.

In accordance with Art. 20 (1) GDPR, you can receive the personal data processed by us in a structured, common and machine-readable format and transfer this data to another responsible person without hindrance by us.

In addition, you can lodge an objection to the processing of your personal data in accordance with Art. 21 (1) GDPR. In the event of an objection, we will stop processing your personal data. However, the right of objection only applies if special circumstances arise from your personal situation. In addition, compelling reasons worthy of protection that speak in favour of processing may prevail. Furthermore, certain processing purposes may conflict with your right of objection.

According to Article 21 (2) GDPR, you have the right to object to the processing of your personal data for the purposes of direct marketing at any time and without further conditions. This also applies to profiling, insofar as it relates to such direct advertising. If you lodge an objection, your personal data will no longer be processed for these purposes (cf. Art. 21 (3) GDPR).

Without prejudice to any other administrative or judicial remedy, you also have the right to appeal to the competent supervisory authority (cf. Art. 77 GDPR) if you believe that the processing of your data violates data protection regulations. In this context, however, we would ask you to address a possible complaint to us first. We will then attempt to remedy the situation as quickly and effectively as possible.

To exercise your data subject rights, please use this form.