Data protection guideline
This page contains information about how we handle personal data on our website.
I. Scope
With this document, the controller wishes to comply with its information obligations under Article 13 of the General Data Protection Regulation (GDPR) towards data subjects. This data protection information is available at https://blog.findeling.de/datenschutzrichtlinie published and are effective from January 2022. Due to the further development of our website or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The amended version will be announced here.
II. Who is responsible for data processing?
The person responsible for data processing according to Art. 4 No. 7 GDPR is:
Oliver Bock,
III. What do we process your data for?
III.1. Log files/hosting
If you visit our website without registering or otherwise providing us with information, we only collect the following data that your browser transmits to our server (so-called “server log files”):
The individual pages of our website (URL)
Date and time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (possibly in anonymized form)
Our website is stored by a hosting provider and made available for retrieval. The web server used stores the aforementioned server log files.
Purpose of processing: Hosting the website
Legal basis and legitimate interests: The processing is carried out on the basis of our overriding legitimate interest (Art. 6 (1) (f) GDPR) in the security and stability of our website by commissioning a service provider to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services.
Data recipient: WordPress Ltd., https://wordpress.com/
Privacy information from WordPress Ltd.: https://automattic.com/de/privacy/
Transfer to third countries: Wix.com Ltd. is based in Israel. The European Commission has determined that Israel provides adequate protection for the personal data of citizens of EU member states.
IV.2. Cookies
IV.2.a. General
(aa) Definitions
Below you will find comprehensive information about so-called "cookies" and other storage technologies ("web storage"). This is information that is often stored in databases on your device. Every type of "cookie" or "web storage" can contain personal data. In many cases, however, the data is pseudonymized. The following terms may be used below:
First-party cookie: This cookie is stored or modified by the website you are currently browsing
Third-party cookie: This cookie is stored or modified by third parties with whom the website operator is associated (e.g. an advertising network, a social media platform, etc.)
Session cookie: This cookie is deleted from your device when you close the browser.A session cookie often stores only one session ID in order to assign multiple requests from a user on a page to their session
Persistent Cookie: This cookie is stored on your device until its validity expires or you delete it manually or automatically in the browser
Strictly necessary: Without this cookie and web storage, the service you requested cannot be provided
Optional: This cookie and web storage enables us to use additional functions and will only be used if you give your consent
Local Storage: This is part of the so-called "web storage." This information is also stored in your web browser until manually deleted.
Session Storage: This is part of the so-called "web storage." This information is also stored in your web browser until you close the browser window.
(bb) Legal basis
Strictly necessary cookies and web storage: The storage of information and access to it are based on the legal basis of Section 25 (2) No. 2 TTDSG.
Optional cookies and web storage: The storage of information and access to it are based on the legal basis of your individual personal and voluntary consent according to Section 25 (1) TTDSG i.V.mArt. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect. Data processing until the revocation remains lawful. Please note that if you do not accept optional cookies, certain functions of our website may be restricted.
(cc) Data recipient/access option
First-party cookies: Only we, as the data controller and website operator, have access to these.
Third-party cookies: These cookies are accessible only to the third party that set them. For example, only Google has access to a cookie set by Google and can read or modify it.
Web storage: Only we, as the data controllers and website operators, have access to this.
(dd) Storage period
Session cookies: These remain stored in your browser only temporarily until the end of the browser session or can be deleted by you beforehand.
Persistent cookies: These remain stored on your device for as long as specified for the respective cookie or can be deleted by you beforehand.
Local storage: This remains stored until manually deleted.
Session storage: This remains stored until the browser window is closed.
The exact storage period is specified under “Cookies and Web Storage Used”.
(ee) Deletion options/objection
Please note that you can set your browser to inform you about the use of cookies and to decide individually whether to accept them or to reject them in certain cases or generally. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find these settings for the respective browsers at the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/
A general objection to the use of cookies used for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website https://www.aboutads.info/choices/ or the EU side https://www.youronlinechoices.com/ be explained.
IV.2.b.Cookies used
In the following overview, we list the absolutely necessary first-party cookies used on our website and the purpose of data processing:
consent policy (Persistent Cookie)
Purpose: Stores the user's cookie preferences
Validity period: 1 year
hs (session cookie)
Purpose: Used for security reasons
Validity period: Until the end of the browser session
smSession (Persistent Cookie)
Purpose: Used to identify logged in website members
Validity period: 2 weeks
ssr caching (persistent cookie)
Purpose: Used to indicate the system that rendered the website
Validity period: 1 min.
svSession (Persistent Cookie)
Purpose: Used in connection with user registration
Validity period: 2 years
XSRF-TOKEN (Session Cookie)
Purpose: Used for security reasons
Validity period: Until the end of the browser session
In the following overview, we list the optional third-party cookies from Wix used on our website and the purpose of data processing:
bSession (Persistent Cookie)
Purpose: Used to measure system effectiveness
Validity period: 20 minutes
TS* (Session Cookie)
Purpose: Used for security and fraud prevention purposes
Validity period: Until the end of the browser session
In the following overview, we list the optional third-party cookies from Google used on our website and the purpose of the data processing:
_ga (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Validity period: 2 years
_gid (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Validity period: 1 day
_gat_gtag_UA (Persistent Cookie)
Purpose: Used by Google Analytics to limit the request rate.
Validity period: 1 minute
IV.3. Contact
When you contact us (e.g., via contact form, email, phone, or fax), personal data is collected. The data collected in the case of a contact form can be seen in the respective contact form. This data is stored and used exclusively for the purpose of answering your inquiry or for the establishment of contact and the associated technical administration. Without this mandatory information, we cannot process your request. All other information is voluntary.
Purpose of processing: Answering your request
Legal basis: Art. 6 (1) (b) GDPR for pre-contractual or contractual matters. Art. 6 (1) (a) GDPR for your voluntary information.
Recipients of the data: Email service providers for emails, hosting providers for contact form inquiries
Storage period: Your data will be deleted after your request has been processed. This will be the case if the circumstances indicate that the matter in question has been conclusively resolved, and provided there are no statutory retention periods to the contrary. For pre-contractual and contractual matters, your request will be stored until the contract is terminated, after which processing will be restricted. If there is no longer any legal basis for storage, the data will be deleted.
IV.4.Chat
Intercom by Intercom R&& D Unlimited Company
Our website uses technologies from Intercom R&D Unlimited Company. For this purpose, anonymized data is collected and stored for the purposes of web analysis and to operate the live chat system to answer live support requests. User profiles can be created from this anonymized data under a pseudonym.
Data recipient: 2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin 2; Intercom, Inc. a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA
Intercom Privacy Policy: https://www.intercom.com/legal/privacy
Legal basis and legitimate interests: The data transfer is based on our overriding legitimate interest (Art. 6 (1) (f) GDPR) in the security and stability of a professional live chat system.
Transfer to third countries: The data will be processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their privacy policy. We store your data until your request has been processed. If the request leads to the conclusion of a contract, the storage period for customers applies.
IV.5. Newsletter
We send newsletters to our customers via email with information about our company, products, services, promotions, and offers. The newsletter is sent at most once a month.
Purpose of processing: direct marketing, customer communication
Legal basis and legitimate interests: The sending is based on our legitimate interests (Art. 6 (1) (f) GDPR) in regular customer communication and sales promotion by means of direct marketing.
Right of objection (opt-out): You can object to the sending of our newsletter at any time with effect for the future by informing us by e-mail (see above under Responsible Person) or by clicking on the link that can be found at the end of each newsletter.
Storage period: Your data will be stored until you object. After that, processing will be restricted and further newsletter distribution will be blocked.
If named below, we use the following service provider:
Mailchimp
The newsletter service provider uses cookies and other tracking technologies to collect and process the following data in addition to the email address and, if applicable, the names of the newsletter recipients:
IP address, device information (hardware, operating system, web browser, unique device identifier), connection information and device locations
The newsletters sent contain so-called web beacons, which record the recipient's interaction with the newsletter (e.g. opening the newsletter, clicking on links contained therein).
Data recipient: The Rocket Science Group (Mailchimp), LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA
Mailchimp Privacy Policy: https://www.intuit.com/privacy/statement/
Legal basis and legitimate interests: The data transfer is based on our overriding legitimate interest (Art. 6 (1) (f) GDPR) in the security and stability of a legally compliant newsletter system including automated double opt-in and verifiability of user registrations.
Transfer to third countries: The data will be processed outside the scope of the European Union, in Israel.
Appropriate safeguards: With regard to Israel, the European Commission decided that Israel provides adequate protection for the personal data of citizens of EU member states (Article 45 GDPR).
Storage period: Your data will be stored until you revoke your consent.After that, their processing will be restricted and stored for up to three years in order to be able to legally prove that consent was previously given.
IV.6. Events
For booking events, we have integrated a booking form on certain pages of our website through which ticket bookings can be processed. Our events are held both on-site and online. The information provided in the event overview is authoritative.
Purpose of processing: Implementation of the event, if applicable, billing
Legal basis: Registration for the event constitutes a contract in accordance with Art. 6 (1) (b) GDPR.
Data recipients: The registration data will be forwarded to the individuals or companies responsible for these tasks for planning, organization, implementation, and, if applicable, billing. If this involves contract processing, we have concluded a contract processing agreement with these companies in accordance with Art. 28 GDPR to protect your personal data.
Storage period: We store the registration data until the event has been fully processed and for 3 years thereafter if the event is subject to a fee.
With regard to online events, reference is made to data processing by Google:
Video conference via Google Meet
When using Google Meet, the following data is processed:
User information: First name, last name, telephone (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional)
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in by phone: Incoming and outgoing phone number, country name, start and end time. If necessary, additional connection data such as z.B. the IP address of the device is saved.
Text, audio, and video data: You may have the option to use the chat, question, or survey functions in an online meeting. The text entries you make will be processed to display them in the online meeting and, if necessary, to log them. To enable the display of video and the playback of audio, the data from your device's microphone and any video camera on the device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the Google Meet applications.
To participate in an “online meeting” or enter the “meeting room,” you must at least provide your name.
Purpose of processing: We use the Google Meet tool to conduct telephone conferences, online meetings, video conferences, and/or webinars (hereinafter: "online meetings"). Google Meet is a service provided by Google Inc., which is headquartered in the USA.
Responsible party: We are primarily responsible for the use of Google Meet. If you access Google via its website, the responsible party is: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Legal basis and legitimate interests: If the events are conducted within the framework of a contract, Art. 6 (1) (b) GDPR serves as the legal basis. If the online meeting is not conducted on the basis of a contract, the legal basis is Art. 6 (1) (f) GDPR. Our overriding legitimate interest lies in the effective, stable, secure, and professional conduct of online meetings, telephone conferences, video conferences, and webinars.
Data recipient: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google Privacy Policy: https://policies.google.com/privacy?
Transfer to third countries: The data is processed outside the scope of the European Union, in the USA.
IV.7. Photo/video recordings at events
If you participate in an in-person event organized by us, photographs or videos of the participants may be taken during the event and published together with information about the location, time and purpose of the event.
Purpose of data processing: Documentation of the event for publication on our company website, our social media profiles and company brochures for advertising purposes.
Legal basis: Art. 6 (1) (f) GDPR
Legitimate interests: advertising our company, public relations, direct mail
Data recipient: photographer, if applicable; advertising agency
Storage period: Recordings that are not used after the event will be deleted immediately.
IV.8. Social Media
Our website uses social plugins from various social networks. To increase the protection of your data when you visit our website, these buttons are not fully integrated as plugins, but rather simply using an HTML link. This type of integration ensures that when you visit a page on our website that contains such buttons, no connection is established with the servers of the respective social network. When you click on the button, a new browser window opens and calls up the social network's page. If necessary, after entering your login data, you can then use the provided function (z.B. “like” or “share”).
By clicking on the respective plugin, you give us your personal consent to transfer data to the respective social network. In particular, your IP address will be transferred to the respective social network. The legal basis for this is Art. 6 (1) (a) GDPR. You have the right to revoke your consent at any time. Data processing up to the point of revocation remains lawful. The revocation only applies to the future.
The following social networks are used:
Instagram
Instagram is a service of Facebook
Data recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”), parent company: Facebook Inc., 1 Hacker Way, 94025 Menlo Park, California, USA
Instagram privacy policy: https://instagram.com/about/legal/privacy
Transfer to third countries: If non-anonymized data is transferred to Facebook Inc., the data processing takes place in the USA.
Objection: Further settings and objections to the use of data for advertising purposes are possible within the Instagram profile settings: https://www.instagram.com/accounts/privacy_and_security/
IV.9. Opening a customer account
If you open a personal customer account with us for future orders, the following terms and conditions apply:
Purpose of processing: User agreement for the personal customer account.
Legal basis: Contract pursuant to Art. 6 (1) (b) GDPR. Your consent pursuant to Art. 6 (1) (a) GDPR applies to the data you voluntarily provide.
Obligation to provide information: The mandatory information is provided on the registration form. Without this information, we cannot open an account for you.
Data recipient: The customer account is managed through our online shop, which is hosted by our web host (see above).
Storage period: Your data in your customer account will be stored for as long as your user agreement with us is valid. Voluntary information will be stored until you revoke your consent. After that, processing will be restricted and stored for up to three years in order to legally verify previously granted consent. This is done based on our legitimate interests (Art. 6 (1) (f) GDPR) in demonstrating data protection compliance.
IV.10. Ordering goods or services
IV.10.a. General
WooCommerce by WordPress Ltd.
Our website uses WooCommerce by WordPress Ltd., a service from WordPress to enable professional order processing via our website,
Purpose of processing: Execution of your order.
Legal basis: Contract pursuant to Art. 6 (1) (b) GDPR. Your consent pursuant to Art. 6 (1) (a) GDPR applies to the data you provide voluntarily. Art. 6 (1) (f) GDPR applies to other processing.
Legitimate interests: debt collection and enforcement; measures for business management and further development of services and products
Data recipient: WooCommerce Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland
Privacy Policy of WooCommerce Ireland Ltd.: https://automattic.com/privacy/
Transfer to third countries: The data will be processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their privacy policy. We store the data until the request is processed. If the request is followed by a contractual relationship, the storage period for customer data applies.
IV.10.b. Payment processing
Purpose of processing: Execution of the order. Processing of the payment.
Legal basis: Contract according to Art. 6 (1) (b) GDPR.
Obligation to provide: Depending on the payment method chosen, you must provide us or the payment service provider with the necessary payment data.
Data recipients: The payment service providers used are listed below:
PayPal
Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
PayPal Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Credit report: PayPal reserves the right to conduct a credit check for payment methods such as credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or “installment payment” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of default to decide whether to provide the respective payment method. The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.
IV.10.c. Direct marketing
Purpose of processing: direct marketing, sales promotion
Legal basis: Our overriding legitimate interest pursuant to Art. 6 (1) (f) GDPR
Legitimate interests: direct marketing, sales promotion
Data recipient: Agency, lettershop
IV.10.e. Legal obligation
Purpose of processing: Fulfillment of legal obligations (e.g.Information, notification, disclosure and retention obligations, payment of taxes and duties)
Legal basis: The respective legal regulation applies in conjunction with Art. 6 (1) (c) GDPR.
Data recipients: authorities, state institutions, lawyers, tax advisors, data protection officers if applicable
IV.11. Web analysis
Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Ireland Ltd. (Google). Google Analytics uses "cookies." These are text files placed on your device to help the website analyze how users use the site. The information generated by the cookie about your use of the website is typically transferred to and stored by Google's parent company in the USA.
Our website uses Google Analytics exclusively with the extension "_anonymizeIp()," which ensures anonymization of the IP address by shortening it and prevents it from being directly linked to a person. This extension will result in your IP address being shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google's parent company in the USA and shortened there.
Purposes of processing: Tracking (z.B. interest/behavior-related profiling), visitor action analysis, interest-based and behavior-related marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (z.B. Access statistics, recognition of returning visitors). These purposes apply to us as well as to Google and its parent company.
Legal basis: For the use of Google Analytics, you may give us your consent in accordance with Art. 6 (1) (a) GDPR, which you can revoke at any time with effect for the future by reversing the selection for “Marketing” or “Google Analytics” in the cookie settings on our website.
Storage period: We store the anonymized data obtained in this way for a maximum period of 14 months. After that, the data is automatically deleted. Regarding the storage period by Google, we refer to their privacy policy.
Objection/Opt-Out: You can object to the collection of your data by installing a browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
Here you can decide which data Google should use: https://g.co/privacytools
You can also deactivate personalized advertising directly from Google: https://www.google.com/settings/ads/onweb/
For more information from Google on how to block certain ads, please see: https://support.google.com/ads/answer/2662922?hl=de
You can also store your preferences regarding online advertising here, across all providers: https://www.youronlinechoices.com/de/
Alternatively, you can use the Network Advertising Initiative administration page: http://www.networkadvertising.org/consumer/opt_out.asp
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google Privacy Policy: https://policies.google.com/privacy
Google Privacy Information for Google Analytics: https://policies.google.com/technologies/partner-sites
Transfer to third countries: If non-anonymized data is transferred to Google LLC, the data processing also takes place in the USA.
We have concluded the following agreement with Google Ireland Ltd. as a data processor: https://business.safety.google/adsprocessorterms/ This also contains the EU standard contractual clauses, which are to be regarded as appropriate safeguards according to Art. 46 (2) c GDPR.
Google Tag Manager
We use Google Tag Manager from Google on our website. Google Tag Manager is an online tool that allows us to integrate and manage website tags centrally via a user interface. Tags are small pieces of code that record, for example, your activities on our website. For this purpose, JavaScript code snippets are inserted into the source code of our website. The tags come from Google Ads or Google Analytics, for example, but tags from other companies can also be integrated and managed via the manager. Such tags perform various tasks. They can collect browser data, embed buttons, set cookies, and even track users across multiple websites. In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. However, this only relates to the use of our Tag Manager and not to your data that is stored via the code snippets.
Purposes of processing: Tracking (z.B. interest/behavior-related profiling), visitor action analysis, interest-based and behavior-related marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (z.B. Access statistics, recognition of returning visitors). These purposes apply to us as well as to Google and its parent company. As far as we know, Google also uses the data collected in this way (anonymously) for its own purposes. In this regard, we refer to Google's privacy policy.
Legal basis and legitimate interests: For the integration of Google Tag Manager on our website, this processing is carried out in accordance with Art. 6 (1) (f) GDPR, based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. The various tags are then used in accordance with the separately described sections with the express consent of the user.
Storage period: Regarding the storage period by Google, we refer to their privacy policy.
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google Privacy Policy: https://policies.google.com/privacy
Transfer to third countries: If non-anonymized data is transferred to Google LLC, the data processing takes place in the USA.
IV.12. Web Fonts
Our website uses so-called web fonts provided by the respective provider to ensure consistent font display. When you visit a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly.
For this purpose, the browser you use must establish a connection to the servers of the respective provider. This allows the provider to know that our website was accessed via your IP address. If your browser does not support web fonts, a standard font will be loaded from your computer.
Purpose of processing: Uniform presentation of our website in all media
Legal basis and legitimate interests: The integration is based on our legitimate interests (Art. 6 (1) (f) GDPR) in the technically secure, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.
We use web fonts from the following providers:
Google
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google Privacy Policy: https://policies.google.com/privacy
Transfer to third countries: If non-anonymized data is transferred to Google LLC, the data processing takes place in the USA.
What data protection rights do I have?
As a data subject, you have the following rights:
Confirmation of data processing: You have the right to request confirmation from us as to whether your personal data is being processed. The requirements for this can be found in Art. 15 GDPR;
Information: You have the right to request information about your personal data processed by us. The requirements for this can be found in Art. 15 GDPR.
Correction: You have the right to request the immediate correction of inaccurate personal data concerning you. The requirements for this can be found in Art. 16 GDPR;
Deletion: You have the right to request the immediate deletion of personal data concerning you. The requirements for this can be found in Art. 17 GDPR;
Restriction of processing: You have the right to request the restriction of the processing of your personal data. The requirements for this can be found in Art. 18 GDPR.
Data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format. Furthermore, you have the right to have this data transmitted to another controller by us. The requirements for this can be found in Art. 20 GDPR.
Revocation of consent: You have the right to revoke your consent at any time if the processing is based on Art. 6 (1) (a) or Art. 9 (2) (a) GDPR. Data processing up to the point of revocation remains lawful. The revocation only applies to the future. The requirements for this can be found in Art. 7 (3) GDPR.
Complaint: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. The requirements for this can be found in Art. 77 GDPR. You can contact the supervisory authority responsible for the controller or the supervisory authority in your country or federal state. A list of all supervisory authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right of objection
You have the right to object at any time, with future effect, to the processing of personal data concerning you which we process on the basis of our overriding legitimate interest (Article 6 (1) (e) or (f) GDPR), for reasons arising from your particular situation; this also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to the processing of data for direct marketing and product evaluation purposes
We collect and process your personal data for direct marketing purposes.You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
In individual cases, we process and use your personal data to send you product reviews and/or other review requests by email that are exclusively related to your purchase, completion, and/or other similar transactions. Furthermore, we may also use your email address and/or postal address in this context to send you product recommendations for similar goods and/or services offered by us by email and/or post. You will receive these review requests and product recommendations from us regardless of whether you have subscribed to a newsletter.
Exercise of objection: You can object to these evaluation requests and product recommendations at any time by letter to Oliver Bock, Goldbock Unternehmensbetreuung, Jahnstraße 13, 64665 Alsbach-Hähnlein or by email to oliver.bock@goldbock.com und/or at the end of each review and/or product recommendation email, with effect for the future, without incurring any additional costs other than the respective transmission costs according to the basic rates. Your right of objection also automatically applies to possible profiling, insofar as it is associated with such direct advertising. If you object to processing for the purpose of product reviews and/or other review requests and/or product recommendations, we will no longer process your personal data for these purposes with effect for the future.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes with effect for the future.
VI. How long will my data be stored?
Unless otherwise specified above, the following criteria apply to determining the storage period:
If consent is given in accordance with Art. 6 (1) (a) GDPR, the data will be stored until the data subject revokes his or her consent.
For pre-contractual and contractual purposes in accordance with Art. 6 (1) (b) GDPR, the data will be stored until the contract is terminated.
If our legitimate interest is overridden pursuant to Art. 6 (1) (f) GDPR, the data will be stored until the data subject exercises his or her right of objection pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
In the case of direct advertising pursuant to Art. 6 (1) (f) GDPR, the data will be stored until the data subject exercises his or her right of objection pursuant to Art. 21 (2) and (3) GDPR.
Furthermore, personal data will only be stored for as long as there is a legal basis for storage.
VII. Source of personal data
We process personal data that we have received from you or the recipients of personal data.
VIII. Obligation to provide data
In the context of fulfilling our contractual or legally assumed obligations, you as the data subject may be legally obliged to provide our company with information and personal data that is necessary for the establishment, implementation and termination of the contractual relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect.Without this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it.