Privacy Notice

Welcome to our website www.vacparts.de.
We are very pleased about your interest in the goods and services of our company. We attach great importance to the protection of your data and the preservation of your privacy and personal sphere. The protection and legally compliant collection, processing and your personal data is therefore an important concern for us. Our company has implemented extensive technical and organisational measures to ensure the protection of personal data processed via our website. If you do not want internet-based data transmission, you are free to transmit your personal data to us by alternative means, for example by telephone.

The collection, processing and use of your personal data, for example your name, address, e-mail address or telephone number, is carried out in accordance with the regulations of the General Data Protection Regulation (DSGVO) and in compliance with the country-specific data protection regulations applicable to our company. With this data protection declaration, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us and inform you about the rights to which you are entitled.
In principle, you can use this website without providing your personal data. However, if you wish to make full use of the scope of services offered on our website, it may be necessary to process your personal data. If the processing of your personal data is necessary, we regularly obtain your consent if there is no explicit legal basis for the processing.

1. person responsible for data protection

The person responsible for the collection, processing and use of your personal data within the meaning of the DSGVO, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is: 
Staubsaugermanufaktur GmbH
Managing directors: Torsten Günter Pfanz, Jörg Förster
Karl-Liebknecht-Strasse 63 - 65
D-15732 Schulzendorf 
Telephone: +49 (0) 33762 27680
E-mail: contact@vacparts.de
Website: www.vacparts.de

You can obtain information about the personal data we have stored about you free of charge at any time. If you wish to object to the collection, processing or use of your data in accordance with these data protection provisions, either in whole or in respect of individual measures, please send your objection by e-mail, fax or letter to the above contact details.

2. collection, processing and use of personal data

Personal data is all information about factual or personal circumstances of an identified or identifiable natural person. Personal data are, in particular, your name, address and all other data that you have provided to us during registration and/or when creating a customer account. Statistical data that we collect, among other things, when you visit our online shop and that cannot be directly linked to your person are not personal data. Statistical data includes, in particular, information about which pages of our online shop are particularly popular or how many users have visited certain pages of our online shop.

3. customer account

We set up password-protected direct access to the inventory data stored with us (customer account) for every customer who registers in our online shop. The personal access data must be treated as strictly confidential and must not be made accessible to any unauthorised third party. We accept no liability for the misuse of your passwords unless we ourselves are responsible for this misuse.

The personal data that is transmitted to us results from the information you provide in the respective input mask that we use for registration. The personal data is collected and stored exclusively for internal use in our company and for our own purposes. We may arrange for your personal data to be passed on to one or more processors, for example a financial or parcel service provider, who will use the personal data exclusively for an internal use attributable to us.
By registering in our online shop, we store the IP address assigned by the Internet service provider (ISP), the date and the time of registration. This data is stored in order to prevent misuse of our services and/or to investigate criminal offences committed. In principle, this data is not passed on to third parties unless there is a legal obligation to pass it on and/or the passing on serves the purpose of criminal prosecution.
Your registration is used to offer you content or services that we can only offer to registered users. Registered persons have the option at any time to change the personal data provided during registration or to have it completely deleted from our database.

Upon request, we will provide you at any time with information about which personal data is stored about you. In addition, we will correct or delete your personal data at your request, insofar as there are no legal retention obligations to the contrary. The employees of my company are available to you as contact persons in this respect.

4. cookies

The internet pages of my company use cookies. Cookies are small files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. Cookies are used by a variety of internet sites and servers. Many cookies include a unique identifier of the cookie, called the cookie ID. The cookie ID consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This storage helps us to design our web pages and our offers for you accordingly and makes them easier to use, for example by storing certain entries you make so that you do not have to keep re-entering them. A specific internet browser can be clearly recognised and identified via the cookie ID.

You can prevent the setting of cookies by adjusting the settings of the internet browser you use and thus permanently object to the setting of cookies. You also have the option of deleting cookies that have already been set at any time via an internet browser or other software programs. However, you may then no longer be able to fully use all the functions of our website if you have deactivated the setting of cookies in your internet browser.

5. collection of general data and information

Each time you or an automated system accesses the website, this website collects a series of general data and information that is stored in the server's log files. In particular, this may include (a) the browser types and versions used, (b) the operating system used by the accessing system, (c) the website from which an accessing system accesses our website (so-called referrer), (d) the sub-websites that are accessed by the system accessing our website, (e) the date and time of access to our website, (f) an Internet protocol address (IP address), (g) the Internet service provider of the accessing system and (h) other similar information and data that are collected and stored in the event of attacks on our information technology systems.

We do not draw any conclusions about your person from the use of this general data and information. Rather, this information is used (a) to deliver the content of our website correctly, (b) to optimise the content of our website and the advertising for it, (c) to ensure the permanent functionality of our information technology systems and the technology of our website, and (d) to provide law enforcement authorities with the information necessary for prosecution in the event of a data attack. We will only use this data and information statistically and/or for the purpose of increasing data protection and data security in our companies as well as for the best possible protection of the personal data we process. This server log file data is stored separately from all personal data.

6. e-mail advertising with subscription to the newsletter

On our website, we offer users the opportunity to subscribe to our company's newsletter in order to receive regular information about offers from my company. You can only receive my company's newsletter if (a) you have a valid e-mail address and (b) you register to receive the newsletter. A confirmation e-mail will be sent to the e-mail address you have entered for the newsletter dispatch using the double opt-in procedure in order to be able to check whether the owner of the e-mail address has actually authorised the receipt of the newsletter.

When you register for the newsletter, we store the IP address of the computer system used by you at the time of registration as well as the date and time of your registration, which is assigned by your internet service provider (ISP). The purpose of collecting this data is to be able to trace any misuse of the e-mail address at a later date and therefore for the legal protection of my company.
If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO.

Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter.

After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data in a manner that goes beyond this, which is permitted by law and about which we inform you in this declaration.

7. newsletter tracking

My company's newsletters contain so-called tracking pixels. This is a miniature graphic that is sent in HTML format to 
enable log file recording and analysis.

 The tracking pixel allows us to see if and when an email has been opened and which links in the email have been called up. This enables us to statistically evaluate the success of our online marketing campaigns.

Your personal data will be stored and evaluated by us in order to improve the newsletter dispatch and to adapt the content of future newsletters even better to your interests. We will not pass on this personal data to third parties. You are entitled to revoke your declaration of consent at any time. We consider the unsubscription from the newsletter as a revocation. After a revocation, we will completely delete your personal data.

8. contacting

Due to legal requirements, our website includes the possibility of a quick electronic contact to my company as well as for direct communication, for which the specification of an e-mail address is also required. As soon as you contact my company by e-mail or via the contact form, the personal data you provide is automatically stored for the purpose of processing or contacting you. This personal data will not be passed on to third parties.

9. regular deletion and blocking of personal data

We process and store your personal data only for the period of time necessary to achieve the purpose of storage or as required by the European Directive and Regulation or other legislator in laws or regulations.
As soon as the purpose of storage ceases to apply or the storage period prescribed by the European Directive and Regulation or other competent legislator expires, we will block and delete your personal data in accordance with the statutory provisions.

10. your rights as a data subject affected by data processing

Under the applicable laws, you have extensive rights with regard to your personal data. If you wish to exercise these rights against us, please send your request to the aforementioned contact details of my company, clearly identifying yourself.

11. right to confirmation

You have the right to request confirmation from us at any time as to whether personal data relating to you is being processed. If you wish to exercise this right of confirmation, you can contact an employee of my company at any time.

12. right to information

You have the right, granted by the European Directive and Regulation Maker, to obtain from us at any time, free of charge, information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:

•    the processing purposes
•    the categories of personal data that are processed
•    the recipients or categories of recipients to whom the personal data are disclosed or will be disclosed, in particular in the case of recipients in third countries or international organisations
•    if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
•    The existence of a right to rectify or erase the personal data concerning you or to have the processing restricted by the controller or to object to such processing
•    the existence of a right of appeal to a supervisory authority
•    if the personal data have not been collected from you, all available information about the origin of the data
•    the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for you.

If personal data are transferred to a third country or an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.

13. right of rectification

You have the right to demand that we correct any inaccurate personal data relating to you without delay. Furthermore, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the data processing.

14. right to erasure (right to be forgotten)

You have the right to request that we delete personal data relating to you without undue delay and we are obliged to delete such personal data without undue delay if one of the following reasons applies:
•    the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
•    You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a) DSGVO or Art. 9 (2) a) DSGVO and there is no other legal basis for the processing
•    You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO
•    the personal data are processed unlawfully
•    the deletion of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which we are subject
•    the personal data has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

If we have made the personal data public and are obliged to erase it in accordance with the above, we shall take reasonable steps, including technical measures, to inform data controllers processing the personal data that you have requested the erasure of all links to or copies or replications of such personal data, taking into account the available technology and the cost of implementation.

15. right to restriction of processing

Any person concerned by the processing of personal data has the right, granted by the European Directive and the Regulation, to obtain from the controller the restriction of processing where one of the following conditions is met:
•    The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
•    The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
•    The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the establishment, exercise or defence of legal claims.
•    The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by vacparts.de, he or she may, at any time, contact any employee of the controller.
The operator of vacparts.de will arrange the restriction of the processing.

16. right to data portability

You have the right granted by the European Directive and Regulation to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that
•    the processing is based on consent pursuant to Art. 6 para. 1 a) DSGVO or Art. 9 para. 2 a) DSGVO or on a contract pursuant to Art. 6 para. 1 b) DSGVO and
•    the processing is carried out with the aid of automated procedures.

When exercising your right to data portability, you have the right under Article 20(1) of the GDPR to have the personal data transferred directly from us to another controller, insofar as this is technically feasible and does not adversely affect the rights and freedoms of other individuals.

17 Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims. If personal data are processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO, unless the processing is necessary for the performance of a task carried out in the public interest.

18 Automated decisions including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, provided that the decision is
a.    is not necessary for the conclusion or performance of a contract between you and my company, or
b.    is permitted on the basis of legal provisions of the European Union or the member states and the legal provisions take appropriate measures to protect the rights and freedoms as well as the legitimate interests of you or
c.    is done with your express consent.

Is the decision
a.    necessary for the conclusion or performance of a contract between you and us or
b.    it is done with your express consent

We will take reasonable steps to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person responsible, to express your point of view and to contest the decision.

19. right to revoke consent under data protection law

You have the right to withdraw consent to the processing of personal data at any time.

20. right to complain to a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.

21. privacy policy on the use and application of Google Analytics (with anonymisation function)

We have integrated the Google Analytics component (with anonymisation function) on our website. Google Analytics is a web analysis service for collecting, collating and evaluating data on the behaviour of visitors to websites. A web analysis service collects data on which website you came to a website from (so-called referrers), which sub-pages of the website you accessed or how often and for how long a sub-page was viewed. We use web analysis to optimise our website and to analyse the costs and benefits of internet advertising.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
We use the add-on "_gat._anonymizelp" for web analysis via Google Analytics, with which the IP address of your internet connection is shortened and anonymised by Google if access to our internet pages is from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained to evaluate the use of our website in order to compile online reports for us that show the activities on our website and to provide other services in connection with the use of our website.

Google Analytics sets a cookie on your information technology system, which enables Google to analyse the use of our website. When calling up an individual page of our website on which a Google Analytics component has been integrated, your internet browser on your information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for online analysis. In doing so, Google obtains knowledge of personal data, such as your IP address, which Google uses, among other things, to track the origin of visitors and clicks and to generate commission statements.

The cookie is used to store personal information, such as the time of access, the location from which the access originated and the frequency of visits to our website. Each time you visit our website, this personal data, including the IP address of the internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America and may be passed on to third parties by Google.
You have the option of preventing the setting of cookies by our website at any time by making the appropriate setting on the internet browser you use and thus permanently objecting to the setting of cookies. The setting on your internet browser will also prevent Google from setting a cookie on your information technology system. A cookie already set by Google Analytics can be deleted by you at any time via your internet browser or other software programs.
You also have the right to object to and prevent the collection of data generated by Google Analytics and related to your use of this website and the processing of this data by Google. To do this, you can download and install a browser add-on at the link tools.google.com/dlpage/gaoptout, which informs Google Analytics via Javascript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on will be treated by Google as an objection. If your information technology system is deleted, formatted or reinstalled at a later date, you will need to reinstall the browser add-on in order to deactivate Google Analytics. You can reinstall or reactivate the browser add-on at any time, provided that the browser add-on has been uninstalled or deactivated.

Further information and Google's applicable privacy policy can be found at www.google.de/intl/de/policies/privacy/ and at www.google.com/analytics/terms/de.html.
Google Analytics is explained in more detail at this link marketingplatform.google.com/about/analytics/.

22. data protection provisions on the use of Google Tag Manager

We have integrated the Google Tag Manager component on our website.

The operating company of the Google Tag Manager component is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
We use Google Tag Manager to manage the tools about which we inform you in this privacy policy.

The Google Tag Manager enables us to manage website tags via an interface. The Goggle Tag Manager component that implements the tags is a cookie-less domain and does not collect any personal data. The Google Tag Manager component triggers other tags, which in turn may collect data. The Google Tag Manager component does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with the Google Tag Manager component.

Further information on data protection for the Google Tag Manager component can be found on the following web pages of Google Inc:
•    Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
•    FAQ Google Tag Manager: https://google.com/intl/de/tagmanager/faq.html
•    Terms of Use Google Tag Manager: https://www.google.com/intl/de/tagmanager/use-policy.htm

23 Data protection provisions on the use and application of Hotjar

We have integrated the web analytics service Hotjar on our website.
The operating company of the Hotjar component is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta, Europe.

With this component, movements on the websites on which Hotjar is used can be tracked (so-called heat maps). For example, it is possible to see how far users scroll and how often they click on which buttons. Furthermore, with the help of the tool it is also possible to obtain feedback directly from the users of the website. Above all, the functionality of the Hotjar-based website can be improved through the services of Hotjar by making it more user-friendly, more valuable and easier to use for the end users.

The information generated by the "tracking code" and cookies about your visit to our website is transmitted to the Hotjar servers in Ireland and stored there.
We take special care to protect your personal data when using this component. For example, we can only track which buttons are clicked, mouse history, how far scrolled, device screen size, device type and browser information, geographic location (country only) and preferred language to display our website. Areas of the website that display personal information about you or third parties are automatically hidden by Hotjar and are therefore not traceable to us at any time. In order to exclude a direct personal reference, IP addresses are only stored and processed anonymously.
Hotjar uses various third-party services, such as Google Analytics and Optimizely. It is therefore possible that these services collect data that is transmitted by your browser as part of a webpage request. These are, for example, cookies or your IP address. In these cases, the data is processed in accordance with Art. 6 (1) a) DSGVO on the basis of the consent given by you for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.

Hotjar offers you the option of using a "Do not track header" to prevent the use of the Hotjar component so that no data is recorded about your visit to the respective website. This is a setting that is supported by all common browsers in current versions. To do this, your browser sends a request to Hotjar with the information to deactivate the tracking of the respective user. If you use our website with different browsers/computers, you must set up the "Do not track header" separately for each of these browsers/computers.

When visiting a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to the opt-out page https://www.hotjar.com/legal/compliance/opt-out and clicking Disable Hotjar.

The cookies that Hotjar uses have different "lifetimes". Some cookies remain valid for up to 365 days, some remain valid only during the current visit.
Further information about Hotjar Ltd. and the Hotjar component can be found at: https://www.hotjar.com/privacy
The privacy policy of Hotjar Ltd. can be found at https://www.hotjar.com/privacy.

24. privacy policy on the use of the Facebook plugin

The component of the social network Facebook is integrated on our website.
A social network is a social meeting place operated on the Internet, an online community that enables users to communicate and interact with each other in virtual space. A social network can serve as a platform for sharing opinions and experiences and enables the internet community to provide personal or company-related information. Facebook allows social network users to create private profiles, upload photos and network via friend requests, among other things.

The social network Facebook is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. For individuals living outside the USA and Canada, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Habour, Dublin 2, Ireland, is the controller of personal data.
When calling up one of the individual pages of our website, the internet browser on your information technology system is automatically prompted by the respective Facebook component to download a representation of the Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at developer.facebook.com/docs/plugins/? locale=en_DE. Facebook thus receives information about which sub-page of our website you have visited.

If you are logged in to Facebook, Facebook recognises which subpages of our website you have visited when you access our website and for the entire duration of your stay on our website. This information is collected by the Facebook component and assigned to your Facebook account. If you click the integrated Facebook button on our website, for example the "Like" button, or post a comment, Facebook assigns this information to your personal Facebook user account and stores this personal data.

If you are logged in to Facebook when you visit our website, Facebook receives information via the Facebook component that you have visited our website; this takes place regardless of whether you click on the Facebook component or not. If you do not wish this information to be transmitted to Facebook, you can prevent this by logging out of your Facebook account before accessing our website.

The privacy policy published by Facebook is available at de-en.facebook.com/about/privacy/. It provides information on the collection, processing and use of personal data by Facebook and explains the settings options Facebook offers you to protect your privacy. Various applications are available that allow you to prevent data from being transmitted to Facebook.

25. data protection provisions on the use and application of Twitter

Twitter components are integrated on this website. Twitter is a multilingual publicly accessible microblogging service through which users can publish and distribute short messages. These short messages can be publicly accessed by anyone and thus also by people who are not registered with Twitter. The short messages are displayed in particular to Twitter users who follow the short messages of the user in question. Twitter makes it possible to address a broad audience via hashtags, links and retweets.

The short message service Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
When calling up one of the individual pages of this website, the internet browser on your information technology system is automatically prompted by the Twitter component to download a representation of the corresponding Twitter component from Twitter. Information on the Twitter buttons can be found at developer.twitter.com/en/docs/twitter-for-websites/tweet-button/overview.html. In this way, Twitter receives information about which sub-pages of our website you have visited. The integration of the Twitter component serves to enable our users to disseminate the contents of this website, to make this website known in the digital world and to increase our visitor numbers.
If you are logged in to Twitter, Twitter recognises which specific sub-page of our website you have visited each time you visit our website and for the entire duration of your stay on our website. This information is collected by the Twitter component and assigned to your Twitter account by Twitter. The transmitted data and information are assigned to your personal Twitter user account and stored and processed by Twitter as soon as you click the Twitter button integrated on our website.

Twitter receives information via the Twitter component that you have visited our website if you are logged in to Twitter at the time of accessing our website; this takes place regardless of whether you have clicked on the Twitter component or not. If you do not want this information to be transmitted to Twitter, you can prevent the transmission by logging out of your Twitter user account before accessing our website.
Twitter's applicable privacy policy is available at twitter.com/privacy?lang=en.

26. data protection provisions regarding PayPal as a payment method

We have integrated components from PayPal on this website. PayPal is an online payment service provider that processes payments via virtual private or business accounts. Furthermore, PayPal opens up the possibility of processing virtual payments via credit cards if the user does not maintain a PayPal account. Instead of a classic account number, a PayPal account is managed exclusively via an email address. PayPal offers buyer protection services and assumes trustee functions.

The European operating company of PayPal is PayPal (Europe) S.A.R.L. & Cie S.C.A., 22 - 24 Boulevard Royale, 2449 Luxembourg, Luxembourg.
If you select PayPal as a payment option during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of your personal data required for payment processing.
All personal data necessary for the processing of payments, such as in particular your first and last name, your address, your e-mail address, your IP address and your telephone or mobile phone number, will be transmitted to PayPal.
The transmission of personal data serves the purpose of payment processing and fraud prevention. We will therefore transmit your personal data to PayPal if there is a legitimate interest in the transmission. The transmitted personal data may be transferred by PayPal to credit agencies for the purpose of checking identity and creditworthiness.
PayPal may share your personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfil contractual obligations or to process the data on your behalf.

You have the right to revoke your consent to the use and storage of your personal data at any time. However, a revocation will no longer have any effect on personal data that must still be processed, used or transmitted for the purpose of processing payments in accordance with the contract.
You can access PayPal's applicable privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full.

27. Data protection provisions for Sofortüberweisung (Klarna) as a payment method

We have integrated components of Sofortüberweisung on this website. Sofortüberweisung is a payment service that enables cashless payment on the Internet and where the online merchant immediately receives a payment confirmation in order to be able to provide its services to the customer immediately after the order.
Sofortüberweisung is operated by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.
If you select "Sofortüberweisung" as a payment option during the ordering process in our online shop, your personal data will be automatically transmitted to Sofortüberweisung. By selecting this payment option, you consent to the transmission of your personal data to Sofortüberweisung as required for payment processing.
In particular, we transmit your PIN and your TAN to Sofort GmbH for payment processing. Sofort GmbH transfers the payment amount to us after checking your account balance and retrieving further data to check the account coverage. We receive an automated message from Sofort GmbH as soon as the financial transaction has been carried out.

We will forward all data necessary for payment processing to Sofortüberweisung, in particular your first and last name, your address, your e-mail address, your IP address and your telephone or mobile phone number, in order to be able to process the payment and prevent fraud. We will also transmit other personal data to Sofortüberweisung if there is a legitimate interest in the transmission. Your personal data may be forwarded by Sofortüberweisung to credit information agencies for the purpose of checking your identity and creditworthiness.
Sofortüberweisung may transfer the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfilment of contractual obligations or the data is to be processed on behalf.

You have the right to revoke your consent to the use of your personal data at any time vis-à-vis Sofortüberweisung. The revocation has no effect on your personal data, which must be processed, used or transmitted for the contractual payment processing.
The privacy policy of Sofortüberweisung is available at www.sofort.de/datenschutz.html.

28. legal basis of the processing

The legal basis for processing operations in which we obtain consent for a specific processing purpose is Art. 6 I lit. a DSGVO. Insofar as the processing of your personal data is necessary for the performance of a contract concluded with our company, such as processing operations in the context of the delivery of goods or the provision of another service or consideration, the legal basis for the processing is Art. 6 I lit. b DSGVO. This also applies to processing operations for the implementation of pre-contractual measures, in particular in the case of enquiries about our products or services. If we are legally obliged to process personal data, such as in the context of fulfilling tax obligations, the legal basis for processing personal data is Art. 6 I lit. c DSGVO. If the processing of personal data is necessary to protect the vital interests of individuals, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party, the legal basis for the processing is Art. 6 I lit. d DSGVO. If the processing of personal data is necessary to protect a legitimate interest of my company or a third party, the legal basis for the processing of personal data is Art. 6 I lit. f DSGVO, unless your interests, fundamental rights and freedoms override this interest.

The European legislator has permitted such processing operations in accordance with recital 47 sentence 2 of the GDPR if you are a customer of the data processor and therefore a legitimate interest of the data processor can be assumed.

29 Legitimate interests in the processing of personal data

The legitimate interest in the processing of personal data pursuant to Art. 6 (1) f DSGVO is the performance of our business activities for the benefit of the well-being of my employees.

30. duration of the storage of personal data

Your personal data will be stored for the duration of the respective statutory retention period. The personal data is routinely deleted as soon as it is no longer required for the fulfilment or initiation of the contract.

31. rules on the provision of personal data

We would like to inform you that the provision of your personal data may result either from legal regulations (e.g. tax laws) or from contractual regulations (e.g. information on the contractual partner). In particular, you are obliged to provide us with personal data if you wish to conclude a contract with my company. Before providing personal data, you can contact one of my employees, who can explain to you whether the provision of your personal data is required by law or contract or necessary for the conclusion of the contract and what the consequences of not providing the personal data are for you.

32 Automated decision making

We do not use automatic decision-making or profiling.