Privacy Policy

INFORMATION ON THE COLLECTION OF PERSONAL DATA ACCORDING TO THE GDPR FOR BUSINESS PARTNERS / SUPPLIERS

08/18/2020: Update of our data protection information

Based on the decision of the European Court of Justice of July 16, 2020, we hereby inform our customers, business partners, employees, website visitors and other communication partners that when using US service providers such as Amazon, Asana, Facebook, Google, MailChimp, Twitter , TeamViewer, YouTube, etc. and their respective European subsidiaries in the context of communication, no appropriate level of data protection comparable to EU regulations can be maintained. Due to national laws, a non-European provider may be forced by national law to release communication data to national security authorities without this release being able to be checked for its legality in an independent judicial process at the request of the person concerned. Since this finding of the court also applies to companies with headquarters and data processing in Europe both under the so-called EU-US Privacy Shield, as well as the standard contractual clauses and the binding company regulations, we now have to check all data transmissions to third parties in individual cases and, if necessary, stop them or through Replace EU-based providers. We are currently in talks with our service providers and the supervisory authorities about this.

The EU General Data Protection Regulation obliges us to provide you with comprehensive information on the processing of your personal data. In accordance with this commitment, we inform you of the following:

I. GENERAL

When you visit our website, personal data is collected from you. This is data that is required so that you can use our website or that enable us to take your settings into account. It is also information that you provide to us yourself via the contact options offered on these pages. We use this data to ensure the proper operation of our website and to answer your inquiries. Below we will inform you about which data is on our website are collected and for what purposes the processing takes place. We inform you about the use of so-called "cookies" and about the analysis tools used on our website and the options for allowing or rejecting them. We will inform you about your rights and the contact details of our data protection officer at the end of this data protection declaration.

Cookies

We use cookies. Cookies are text files that are filed and saved on a computer system via an Internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish your individual browser from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, we can provide the users of this website with more user-friendly services that would not be possible without the cookie setting. By means of a cookie, the information and offers on our website can be optimized for the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website because this is done by the website and the cookie stored on the user's computer system.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

List of Cookies

Below you will find an overview of all cookies used according to the classification in our cookie banner.

Category: Necessary

Name of the cookie: hepster_session
Company: hepster
Purpose: With user consent, the hepster website sets cookies that are necessary to use the website and to display targeted offers.
Duration: 1 day

Name of the cookie: tracking-accepted
Company: hepster
Purpose: The user's decision to track in the cookie banner is saved here.
Duration: 30 days

Name of the cookie: CSRF_TOKEN / XSRF_TOKEN
Company: hepster
Purpose: ID for App Security
Duration: 1 day

Name of the cookie: AWSALB / AWSALBCORS
Company: hepster
Purpose: Cookie is used to control the load balancer for even load distribution on our servers
Duration: 7 days

Category: Statistics

Name of the cookie: et_scroll-depth
Company: etracker
Purpose: Registers whether the website's scroll depth detection is active.
Duration: Session

Name of the cookie: _et_coid
Company: etracker
Purpose: Used for cookie recognition..
Duration: 2 years

Name of the cookie: isSdEnabled
Company: etracker
Purpose: Detection of whether the scroll depth of the visitor is measured.
Duration: 1 day

Name of the cookie: _ga
Company: Google Analytics Google LLC
Purpose: Contains a randomly generated user ID. Using this ID, Google Analytics can recognize recurring users on this website and merge the data from previous visits.
Duration: 2 years

Name of the cookie: _gid
Company: Google Analytics Google LLC
Purpose: Contains a randomly generated user ID. Using this ID, Google Analytics can recognize recurring users on this website and merge the data from previous visits.
Duration: 1 day

Name of the cookie: _gat_UA-XXXXXXXX-X
Company: Google Analytics Google LLC
Purpose: Used by Google Analytics to limit the request rate.
Duration: 1 minute

Name of the cookie: _gat_gtag_UA_XXXXXXXX_X
Company: Google Analytics Google LLC
Purpose: Used by Google Analytics to limit the request rate.
Duration: 1 minute

Name of the cookie: pp2455 / affiliate_tracking
Company: FinanceAds
Purpose: Anonymized information is assigned to the affiliate partner for completed bookings and the affiliate partner is then commissioned.
Duration: 60 days

Name of the cookie: ADCELLpid7425 / affiliate_tracking
Company: Adcell
Purpose: Anonymized information is assigned to the affiliate partner for completed bookings and the affiliate partner is then commissioned.
Duration: 60 days

Name of the cookie: aw17549 / affiliate_tracking
Company: Awin
Purpose: Anonymized information is assigned to the affiliate partner for completed bookings and the affiliate partner is then commissioned.
Duration: 60 days

Name of the cookie: bld/ affiliate_tracking
Company: Awin
Purpose: Sets a browser-specific ID to identify a new click from the same browser.
Duration: 1 year

Name of the cookie: affiliate_tracking
Company: hepster
Purpose: Anonymized information is assigned to the affiliate partner for completed bookings and the affiliate partner is then commissioned.
Duration: 1 month

Name of the cookie: mf_user
Company: Mouseflow
Purpose: Used to analyze user behavior on our website with the purpose of improving user guidance.
Duration: 90 days

Name of the cookie: mf_XXXXX
Company: Mouseflow
Purpose: Used to analyze user behavior on our website with the purpose of improving user guidance.
Duration: Session

Category: Marketing

Name of the cookie: _gac_UA-XXXXXXXX-X
Company: Google Analytics Google LLC
Purpose: This cookie is set when a user clicks on a Google ad to access the website. It contains information about which advertisement was clicked, so that successes such as orders or contact requests can be assigned to the advertisement.
Duration: 90 days

Name of the cookie: NID
Company: Google.com
Purpose: Google uses cookies, such as the NID cookie, to customize advertising on Google products such as Google Search. Google uses such cookies to record, for example, your most recent search queries, your previous interactions with an advertiser's ads or search results and your visits to an advertiser's website. This allows Google to display individually tailored advertising on Google.
Duration: 180 days

Name of the cookie: DSID
Company: Google.com
Purpose: Google uses cookies such as the NID and SID cookies to customize advertising on Google products such as Google Search. Such cookies allow us to record, for example, your most recent searches, your past interactions with an advertiser's ads or search results, and your visits to an advertiser's website. This enables us to show you individually tailored advertising on Google.
Duration: 180 days

Name of the cookie: __Secure-3PSID
Company: Google Ads (Google.com)
Purpose: Used for targeting purposes to build a profile of website visitors' interests in order to display relevant and personalized Google ads.
Duration: 2 years

Name of the cookie: __Secure-3PAPISID
Company: Google Ads (Google.com)
Purpose: Used for targeting purposes to build a profile of website visitors' interests in order to display relevant and personalized Google ads.
Duration: 2 years

Name of the cookie: __Secure-3PSIDCC
Company: Google Ads (Google.com)
Purpose: Used for targeting purposes to build a profile of website visitors' interests in order to display relevant and personalized Google ads.
Duration: 1 year

Name of the cookie: IDE
Company: Google DoubleClick (doubleclick.net)
Purpose: Cookie for ad preferences for non-Google websites. Used by Google DoubleClick to register and report the user's actions on the website after viewing or clicking on one of the provider's ads, with the purpose of measuring the effectiveness of an advertisement and displaying targeted advertisements to the user.
Duration: 1 year

Name of the cookie: MUID
Company: Bing (bing.com)
Purpose: Widely used by Microsoft as a unique user ID. The cookie enables user tracking by synchronizing the ID in many Microsoft domains.
Duration: 13 months

Name of the cookie: _uetsid
Company: Bing (bing.com)
Purpose: Widely used by Microsoft as a unique user ID. The cookie enables user tracking by synchronizing the ID in many Microsoft domains.
Duration: 30 Minutes

Name of the cookie: ABDEF
Company: Bing (bing.com)
Zweck: keine genauen Angaben verfügbar
Duration: 13 months

Name of the cookie: BCD
Company: Bing (bing.com)
Purpose: no precise information available
Duration: 1 year

Name of the cookie: _HPVN
Company: Bing (bing.com)
Purpose: no precise information available
Duration: 13 months

Name of the cookie: _RwBf
Company: Bing (bing.com)
Purpose: no precise information available
Duration: 1 year

Name of the cookie: SRCHD
Company: Bing (bing.com)
Purpose: This cookie is responsible for the functionality of the Bing tracking or the website.
Duration: 13 months

Name of the cookie: SRCHHPGUSR
Company: Bing (bing.com)
Purpose: This cookie tracks and saves your user behavior on our website and the interaction of the Bing Map interface.
Duration: 13 months

Name of the cookie: SRCHUID
Company: Bing (bing.com)
Purpose: This cookie tracks and stores your user behavior on our website and the interaction of the Bing Map API.
Duration: 13 months

Name of the cookie: SRCHUSR
Company: Bing (bing.com)
Purpose: This cookie tracks and stores your user behavior on our website and the interaction of the Bing Map API.
Duration: 13 months

Cookie name: popupsmart_visit_count
Company: Popupsmart
Purpose: Cookie that enables the evaluation of the widget.
Duration: 1 year

Cookie name: popupsmart_session_popup_display_count
Company: Popupsmart
Purpose: Cookie that enables the display of the widget.
Duration: 1 year

Cookie name: popupsmart_popup_clicked_close
Company: Popupsmart
Purpose: Cookie that prevents the repeated display of the widgets.
Duration: only for one session

Cookie name: popupsmart_interaction_count
Company: Popupsmart
Purpose: Cookie that enables the evaluation of the widget.
Duration: 1 year

Cookie name: popupsmart_last_display_date
Company: Popupsmart
Purpose: Cookie that prevents the repeated display of the widgets.
Duration: 1 year 1 month

Cookie name: popupsmart_popup_display_count
Company: Popupsmart
Purpose: Cookie that enables the evaluation of the widget.
Duration: 1 year

Server-Log-Files

The provider of our website automatically collects and stores information in so-called server log files, which are automatically transmitted to us by your browser. The can be recorded

(1) browser types and versions used,

(2) the operating system used by the accessing system,

(3) the website from which an accessing system accesses our website (so-called referrer),

(4) Sub-websites, which are controlled via an accessing system on our website,

(5) the date and time of access to the website,

(6) an Internet Protocol address (IP address),

(7) the internet service provider of the accessing system and

(8) Other similar data and information used to avert danger in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about you. Rather, this information is required in order to

(1) to deliver the content of our website correctly,

(2) to optimize the content of our website and the advertising for it,

(3) to ensure the permanent functionality of our information technology systems and the technology of our website as well as

(4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack.

We therefore evaluate this data and information statistically on the one hand and also with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all your personal data. This data is not merged with other data sources. However, if there are indications of illegal use of our website, we are able to subsequently check this data.

Sending information about our offer and other messages, such as newsletters

On the basis of Article 6 Paragraph 1 lit. b and f, Article 7 GDPR and Section 1 and Section 7 Paragraph 3 UWG, we inform our customers and business partners at regular intervals about information and offers from our company.

a) Sending e-mails for the optimal fulfillment of the contract during the contract period

In order to enable our customers to fulfill the contract as best as possible and to guarantee the function of our website, we will send you one or more e-mails in the course of initiating the contract and during the ongoing contractual relationship on the basis of Section 1 VVG and Article 6 Paragraph 1 lit. b GDPR to the following content to the contact information you have provided:

Booking confirmation with all contract documents and documents
Information about the end of protection
Notice at the end of the contract
Information changes in the insurance product
Timely renewal reminder
Reminders to download invoices
Information on contract status and payment reminders
Payment processing information
Information about our customer service
Customer survey for internal evaluation and improvement of performance in order to provide customers with better contract fulfillment.
Shipping of Amazon.de vouchers (via Amazon Incentives, see paragraph VII)

b) Sending emails related to the sale of products and services

If you purchase insurance products and services on our website, we can send you information about our own, similar insurance products and services by email to the email address you provided without your consent on the basis of Article 6 Paragraph 1 Letter f of the GDPR. This information may include:

Discounts and special offers for the same insurance product
Discounts and special offers on products from the same insurance category

You can object to the sending of these emails at any time by sending an email to nomail@hepster.com or by post to MOINsure GmbH, Campus Altkarlshof, Am Kreuzgraben 1a, 18146 Rostock, Germany.

c) Insights & Friends newsletter for customers

On our website and our blog, users are offered the opportunity to subscribe to our company's newsletter as part of a newsletter contract.

We use the data provided to send our Insights & Friends newsletter at regular intervals with further offers, attractive customer programs, discount campaigns, special prices, competitions and news on the subject of insurance. After successfully registering for the newsletter, the customer receives a 25% discount voucher from hepster, which he can redeem within the next 6 months (voucher cannot be combined with other promotions) or another agreed incentive.

For legal reasons, a confirmation e-mail will be sent to an e-mail address entered for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail is used to check whether the owner of the e-mail address, as the person concerned, has authorized receipt of the newsletter.

When registering for the newsletter, we also save the IP address assigned to you as well as the date and time of registration. The collection of this data is necessary in order to be able to trace any misuse of the e-mail address of a person concerned at a later point in time and therefore serves our legal protection.

The personal data collected as part of registering for the newsletter will only be used to send our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or for registration, as could be the case in the event of changes to the newsletter offer or changes in the technical conditions. The personal data collected as part of the newsletter service will not be passed on to third parties.

The following information can be included in the newsletter:

Exclusive offers and discount campaigns, special prices
Refer a friend program
customer surveys
Sweepstakes
New Products
Cross Selling Products
News on insurance topics
News about the company hepster

You can cancel the receipt of our newsletter at any time and revoke the storage and use of personal data for the purpose of sending the newsletter at any time. There is a corresponding link in every newsletter for the purpose of revocation/cancellation. Furthermore, you can contact us at any time for a revocation/termination by e-mail at nomail@hepster.com or by post to MOINsure GmbH, Campus Altkarlshof, Am Kreuzgraben 1a, 18146 Rostock, Germany.

d) Newsletter for business partners

On our website for business customers, users are given the opportunity to subscribe to our enterprise's newsletter. Which personal data is transmitted to the person responsible for processing when ordering the newsletter results from the input mask used for this purpose.

You can cancel the receipt of our newsletter at any time. You can revoke your consent to the storage of personal data that you have given us for sending the newsletter at any time. There is a corresponding link in every newsletter for the purpose of revoking consent. Furthermore, you can contact us at any time by e-mail at nomail@hepster.com or by post to MOINsure GmbH, Campus Altkarlshof, Am Kreuzgraben 1a, 18146 Rostock, Germany.

Tracking

Our e-mails may contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in e-mails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded tracking pixel, we can see if and when an e-mail was opened by a recipient and which links in the e-mail were called up by them.

Such personal data collected via the tracking pixels contained in the e-mails are stored and evaluated by us in order to optimize the e-mail dispatch and to adapt the content of future e-mails even better to the interests of the recipient. This personal data will not be passed on to third parties.

Affected persons are entitled to revoke the declaration of consent given at any time. After revocation, this personal data will be deleted by the person responsible for processing, unless the right to deletion is restricted by law. We automatically interpret a cancellation of the receipt of the newsletter as a revocation of the consent.

Contact form

Due to legal regulations, our website contains information that enables quick electronic contact to our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If you contact us by e-mail or via a contact form, the personal data you transmit will be saved automatically. Such personal data transmitted on a voluntary basis is stored for the purpose of processing or contacting you. This personal data will not be passed on to third parties.

Blog

It is possible to subscribe to blog content. The comments made in our blog can generally be subscribed to by third parties. In particular, it is possible for a commenter to subscribe to the comments that follow their comment on a specific blog post.

If you decide to subscribe to comments, we will send an automatic confirmation e-mail in order to use the double opt-in procedure to check whether the owner of the e-mail address provided has really opted for this option. The option to subscribe to comments can be unsubscribed at any time.

If users leave comments or other posts on our blog, their IP addresses can be stored for 7 days on the basis of our legitimate interests within the meaning of Article 6 (1) (f) GDPR. This is for our security if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.

Furthermore, we reserve the right to process user information for the purpose of spam detection on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. The data provided in the context of the comments and posts will be stored by us permanently until the user objects.

Application Options

We collect and process the personal data of applicants for the purpose of handling the application process. The processing can also take place electronically. This is particularly the case if an applicant sends us relevant application documents electronically, for example by e-mail or via a web form on our website.

If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of ours.

Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). If applicants and employers are interested in being included in an applicant pool and, accordingly, in long-term storage of the data, the applicant’s consent is required. In this case, the applicant will be informed about the company's data protection declaration and the special provisions of the company's applicant data protection. Subsequently, to ensure verifiability, a written declaration of consent to data processing for the purpose of the application will be obtained and at the same time the applicant will be informed that the consent can be revoked at any time with effect for the future.

II. SOCIAL MEDIA

Online presence in social media

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to be able to inform them about our services there.

We would like to point out that user data can be processed outside of the European Union. This can result in risks for users, for example because it could make it more difficult to enforce user rights. With regard to US providers who are certified under the Privacy Shield, we would like to point out that they undertake to comply with the data protection standards of the EU.

For a detailed description of the respective processing and the possibility of objection (opt-out), we refer to the following linked information from the providers.

Also in the case of requests for information and the assertion of user rights, we would like to point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.

- Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) based on an agreement on joint processing of personal data - Privacy Policy: https://www.facebook.com /about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant ?id=a2zt0000000GnywAAC&status=Active.
- Google/ YouTube (Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.

- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy/ Opt-Out: https://about.pinterest.com/de/privacy-policy.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland) - Privacy Policy https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
- Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland) - Privacy Policy/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung

Facebook

Fanpage

The conference of the independent data protection authorities of the federal and state governments (Data Protection Conference - DSK) has pointed out that Facebook is obliged to obtain effective consent to the use of data from all visitors to the Facebook page. The operators of a Facebook fan page, on the other hand, are obliged to obtain the necessary information about the use of data from Facebook. These requirements are now met.

When you visit our fan page, Facebook collects personal data from users within the framework and scope of their responsibility. Such data collection by Facebook can also take place from visitors to this page who are not logged in to Facebook or registered as members. Information about data collection and further processing by Facebook as well as information about the implementation of your rights and decision-making options can be found in Facebook's data protection information.

By using the Facebook platform, we assume no responsibility for the processing of personal data and its transmission outside the European Union, in particular no responsibility for the implementation of the rights of those affected and for the effectiveness of the consent.

We have no influence on the scope and do not have full access to the data collected or your profile data. You decide which information we receive within the scope of Facebook's sole responsibility with your Facebook settings or your browser settings when you visit a publicly accessible page. In addition, you have the option in your Facebook settings to actively hide your "likes" or to stop following the fan page. Then your profile will no longer appear in the list of fans on this fan page.

We receive anonymous statistics from Facebook on the use and use of the fan page. The following information is provided here, for example (so-called insight data):

• Followers: Number of people who follow our fan page - including growth and development over a defined time frame.

• Reach: number of people who see a specific post on our fan page and number of interactions with a post.

• Ad Performance: Number of people who saw an ad.

• Demographics: Average age of visitors, gender, place of residence, language.

We use these statistics, from which we cannot draw any conclusions about individual users, to constantly improve our online offer on Facebook and to better respond to the interests of our users. We cannot link the statistical data with the profile data of our fans. You can use your Facebook settings to decide how targeted advertising is displayed to you.

We have entered into an agreement between joint controllers in accordance with Article 26 GDPR with Facebook regarding the processing of personal data.

As a result, Facebook is solely responsible for the processing of Insight data. In this regard, Facebook is responsible for fulfilling information obligations in accordance with Articles 12 and 13 GDPR, for exercising the rights of data subjects in accordance with Articles 15 to 22 GDPR, for data security and also for reporting data protection violations (Articles 32 to 34 GDPR). Furthermore, Facebook remains solely responsible for the processing of other personal data.

We receive personal data via Facebook if you actively communicate this to us via a personal message on Facebook or if you use a form to transmit the data to us and actively send the data to us by clicking on a button. We use the data you provide (e.g. first name, last name) to answer your request in our customer service, if this is necessary. Your data will be stored in our CRM system for this purpose. If necessary, we use your data provided to us to prosecute criminal offenses or to enforce our or the legitimate interests of data subjects in accordance with Art. 6 (1) c, d, f DSGVO.

Components on this website

A social network is a social meeting place operated on the Internet, i.e. an online community that usually enables users to communicate with each other and to interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences, or it allows the Internet community to provide personal or company-related information. Among other things, Facebook enables users of the social network to create private profiles, upload photos and network via friend requests.

Clicking on third-party websites such as Facebook will redirect you to the relevant third party over which we have no control.

Facebook's operating company is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a person concerned lives outside the USA or Canada, the person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Every time one of the individual pages of this website is accessed, which is operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on your system is automatically prompted by the respective Facebook component to display the corresponding Download Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook is informed which specific subpage of our website you are visiting.

If you are logged into Facebook at the same time, Facebook recognizes which specific subpage of our website you are visiting each time you visit our website and for the entire duration of your stay on our website. This information is collected by the Facebook component and assigned to your Facebook account by Facebook. If you click on one of the Facebook buttons integrated on our website, for example the "Like" button, or enter a comment, Facebook assigns this information to your personal Facebook user account and stores this personal data. Depending on your privacy settings, your preferences may be visible to your Facebook friends.

Facebook always receives information via the Facebook component that you have visited our website if you are logged in to Facebook at the same time as accessing our website; this takes place regardless of whether you click on the Facebook component or not.

If you do not want this information to be transmitted to Facebook in this way, you can prevent it from being transmitted by logging out of your Facebook account before accessing our website.

The data policy published by Facebook, which can be accessed at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It is also explained there which setting options Facebook offers to protect your privacy. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by you to suppress data transmission to Facebook.

Instagram

We have integrated components of the Instagram service on our website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data on other social networks.

The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Every time one of the individual pages of our website is called up, on which an Instagram component (Insta button) has been integrated, the Internet browser on your system is automatically prompted by the respective Instagram component to download a representation of the corresponding Instagram component. As part of this technical process, Instagram is informed which specific subpage of our website you are visiting.

If you are logged into Instagram at the same time, Instagram recognizes which specific subpage you are visiting each time you visit our website and for the entire duration of your stay on our website. This information is collected by the Instagram component and assigned to your Instagram account by Instagram. If you click on one of the Instagram buttons integrated on our website, the data and information transmitted with it will be assigned to your personal Instagram user account and stored and processed by Instagram.

Instagram always receives information via the Instagram component that you have visited our website if you are logged into Instagram at the same time as accessing our website; this takes place regardless of whether you click on the Instagram component or not.

If you do not want this information to be transmitted to Instagram, you can prevent the transmission by logging out of your Instagram account before accessing our website.

Further information and Instagram's applicable data protection regulations can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Twitter

We have integrated components from Twitter on this website. Twitter is a multilingual, publicly accessible microblogging service on which users can publish and distribute so-called tweets, i.e. short messages limited to 140 characters. These short messages can be accessed by anyone, including people who are not registered on Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Furthermore, Twitter makes it possible to address a broad audience via hashtags, links or retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Every time one of the individual pages of our website is called up, which has a Twitter component (Twitter button) integrated, the Internet browser on your system is automatically prompted by the respective Twitter component to download a representation of the corresponding Twitter component. More information about Twitter is available at https://about.twitter.com. As part of this technical process, Twitter is informed which specific subpage of our website you are visiting.

If you are logged in to Twitter at the same time, Twitter recognizes which specific subpage you are visiting each time you visit our website and for the entire duration of your stay on our website. This information is collected by the Twitter component and assigned to your respective Twitter account by Twitter. If you click on a Twitter button integrated on our website, Twitter assigns this information to your personal Twitter user account and stores this personal data.

Twitter always receives information via the Twitter component that you have visited our website if you are logged in to Twitter at the same time as accessing our website; this takes place regardless of whether you click on the Twitter component or not.

If you do not want this information to be transmitted to Twitter in this way, you can prevent the transmission by logging out of your Twitter account before accessing our website.

Further information and the applicable data protection provisions of Twitter can be found at https://twitter.com/privacy?lang=en.

YouTube

We have integrated components of the YouTube service on our website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why both complete film and television programs as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of our website is called up, on which a YouTube component (YouTube video) has been integrated, the Internet browser on your system is automatically prompted by the respective YouTube component to download a representation of the corresponding component from YouTube. As part of this technical process, YouTube and Google are informed which specific subpage of our website you are visiting.

If you are logged into YouTube at the same time, YouTube recognizes which specific subpage you are visiting each time you access our website and for the entire duration of your stay on our website. This information is collected by the YouTube component and assigned to your YouTube account by YouTube. If you activate a YouTube component integrated on our website, the data and information transmitted with it will be assigned to your personal YouTube user account and stored and processed by YouTube and Google.

YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged in to YouTube at the same time as accessing our website; this takes place regardless of whether you click on the YouTube component or not.

If you do not want this information to be transmitted to YouTube and Google in this way, you can prevent the transmission by logging out of your YouTube account before accessing our website.

Further information and Instagram's applicable data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/.

We have integrated buttons from the LinkedIn service on our website.

LinkedIn is an Internet-based social network that enables users to connect with existing business contacts and make new business contacts.

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland is responsible for data protection issues outside the USA.

Every time one of the individual pages of our website is called up, on which a LinkedIn button (LinkedIn plug-in) has been integrated, the Internet browser on your system is automatically prompted by the respective LinkedIn component to download a representation of the corresponding LinkedIn component. As part of this technical process, LinkedIn is informed which specific subpage of our website you are visiting.

If you are logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage you are visiting each time you access our website and for the entire duration of your stay on our website. This information is collected by the LinkedIn component and assigned to your respective LinkedIn account by LinkedIn. If you click on a LinkedIn button integrated on our website, LinkedIn assigns this information to your personal LinkedIn user account and stores this personal data.

LinkedIn always receives information via the LinkedIn component that you have visited our website if you are logged in to LinkedIn at the same time as accessing our website; this takes place regardless of whether you click on the LinkedIn component or not. If you do not want this information to be transmitted to LinkedIn, you can prevent the transmission by logging out of your LinkedIn account before accessing our website. LinkedIn always receives information via the LinkedIn component that you have visited our website if you are logged in to LinkedIn at the same time as accessing our website; this takes place regardless of whether you click on the LinkedIn component or not.

If you do not want this information to be transmitted to LinkedIn, you can prevent the transmission by logging out of your LinkedIn account before accessing our website.

Further information and LinkedIn's applicable data protection regulations can be found at https://www.linkedin.com/legal/privacy-policy/.

Other providers

If there is a link to the websites of other providers in addition to the information contained here, this data protection declaration does not apply to their content. The collection of data by the operators of the respective sites is beyond our knowledge and sphere of influence. Please note the privacy policy of the respective site.

III. ANALYSIS TOOLS

Hubspot

With your consent, we use HubSpot on our website in accordance with Article 6 (1) (a) GDPR.

This is a digital marketing tool. The software tracks website visitors using browser cookies. This will log all page visits. As soon as a form is filled out, a new contact is created in HubSpot's CRM tool or the email address is matched to the contact that may already exist. Other personal data correspond to the information you voluntarily provided and the data created with the contact, including: first name, last name, address, e-mail address, telephone number, product, birthday. The personal data is hosted on servers within the European Union.

Service provider is HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Within the European Union, the registered office is in Ireland at 1 Sir John Rogersons's Quay, Dublin 2, Ireland. HubSpot as our contractual partner is represented in Germany at HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin.

According to COMMISSION IMPLEMENTING DECISION (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, data transfer to the USA is based on standard contractual clauses, see here https://legal.hubspot.com/dpa.

Further information and the applicable data protection regulations can be found at https://legal.hubspot.com/de/privacy-policy.

Google Analytics (with anonymization function)

We have integrated the Google Analytics component (with anonymization function) on our website.

Google Analytics is a web analytics service. Web analysis is the collection, collection and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data about the website from which a person concerned came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed.

The operating company of the Google Analytics component is Google LLC, 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.

Google Analytics places a cookie on your system. Every time you access one of the individual pages of this website on which a Google Analytics component has been integrated, your Internet browser is automatically prompted by the respective Google Analytics component to transmit data to Google for online analysis. As part of this technical process, Google gains knowledge of personal data, such as your IP address, in order to understand the origin of the visitors and clicks. Cookies are used to store personal information, such as access time, the location from which access was made and the frequency of your visits to our website. Each time you visit our website, this personal data, including the IP address you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

You can prevent the setting of cookies at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies.

You also have the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, you must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout.

Further information and Google's applicable data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/. Google Analytics is explained in more detail under the link https://www.google.com/intl/de_de/analytics/.

Tag Manager - Google

Google Tag Manager is a service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google") with which tags can be created, updated and managed. Tags are small code elements on our website that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels.

When you visit our website, the current tag configuration is sent to your browser. It thus contains instructions as to which tags should be triggered. The tool itself does not collect any personal data. However, it ensures that other tags are triggered, which in turn may collect data.

You can find more information on how Google Tag Manager tags work here: https://support.google.com/tagmanager/answer/2772432?hl=de&topic=2574304&ctx=topic and in the usage guidelines: https://marketingplatform.google.com /about/analytics/tag-manager/use-policy/.

etracker

The provider of this website uses the services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. Cookies are used, which enable a statistical analysis of the use of this website by its visitors as well as the display of usage-related content or advertising. Cookies are small text files that are stored by the Internet browser on the user's end device. etracker cookies do not contain any information that enables a user to be identified. The data generated with etracker is processed and stored by etracker exclusively in Germany on behalf of the provider of this website and is therefore subject to the strict German and European data protection laws and standards. In this regard, etracker has been independently tested, certified and awarded the ePrivacyseal data protection seal of approval. Data processing takes place on the legal basis of Art. 6 Para. 1 lit f (legitimate interest) of the EU General Data Protection Regulation (EU-GDPR). Our legitimate interest lies in the optimization of our online offer and our website. Since the privacy of our visitors is particularly important to us, the IP address at etracker is anonymized as soon as possible and login or device IDs at etracker are converted into a unique key that is not assigned to a person. etracker does not use it for any other purpose, merge it with other data or pass it on to third parties.

You can object to the data processing described above at any time, insofar as it is personal. Your objection will not have any negative consequences for you. You can find more information on data protection at etracker here.

Visitor action pixel from Facebook

We use the “visitor action pixel” from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. With its help, we can track the actions of users after they have seen or clicked on a Facebook ad. This enables us to record the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we will inform you to the best of our knowledge. Facebook can connect this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's data usage guidelines (see: https://www.facebook.com/about/privacy/. You can block Facebook and its partners from switching Enable advertisements on and off Facebook. A cookie may also be stored on your computer for these purposes.

This consent may only be given by users who are older than 13 years of age. If you are younger, we encourage you to ask a legal guardian for advice.

You can prevent the creation of cookies through your browser settings.

Please click here if you wish to withdraw your consent: https://www.facebook.com/ads/website_custom_audiences/

Mouseflow

This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark.

The data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is collected and stored for marketing and optimization purposes. User profiles can be created from this data under a pseudonym.

Cookies can be used. The web analysis tool Mouseflow records randomly selected individual visits (only with an anonymized IP address). This creates a log of mouse movements and clicks with the intention of randomly playing individual website visits and deriving potential improvements for the website from this. The data collected with Mouseflow will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the separate consent of the person concerned.

The processing takes place on the basis of Art. 6 (1) f) GDPR from the legitimate interest in direct customer communication and in the needs-based design of the website.

The following information may be recorded by your device and browser:

Clicks, mouse movements, hovering, scrolling
browsers
Device (desktop/tablet/mobile)
language
operating system
screen resolution
visit duration
Navigation (URLs)
Page Content (HTML)
ISP & Location (City, State/Region, Country)
Keystrokes (only for non-EU/EEA data subjects in non-EU/EEA accounts and never for passwords, numbers or excluded fields.
Referrer URL
Visitor type (first-time visitors/returners)
Individual tags or variables
Answers in the feedback tool

The cookies that Mouseflow uses have different lifespans; some remain up to 365 days, some only remain valid during the current visit.

You have the right to object to the processing of your personal data based on Art. 6 (1) f GDPR at any time for reasons that arise from your particular situation.

To do this, you can globally deactivate recording on all websites that use Mouseflow for the browser you are currently using under the following link: https://mouseflow.de/opt-out/

You can find Mouseflow's privacy policy here: https://mouseflow.de/gdpr/

Dealfront

Our website uses the technologies of Dealfront (Liidio Oy as part of ECHOBOT Group GmbH) (“Dealfront”) to analyze visitor behavior.

In this process, the IP address of a visitor is processed. This processing has the purpose of helping us understand which businesses (B2B) are visiting our site, by enriching IPs with associated information such as the company name or industry code. To do this, at the beginning of the visitor’s session, their IP address and corresponding session data is matched against a large whitelist of known companies.

Whenever we process website traffic data, this is based on our legitimate interest (Art. 6 (1) lit. f GDPR) in optimizing our products, services, sales and marketing.

To prevent this processing activity, you (website visitor) may install and configure appropriate ad-blockers or use no-script-plugins in your browser. The data will be deleted as soon as it is no longer required for its intended purposes. Statutory retention obligations can lead to a longer retention period of the data in question.

We have concluded a data processing agreement with Dealfront in order to ensure compliance with applicable data protection standards.

IV. INTERNET ADVERTISING

Google-AdWords

We have integrated components from Google Adwords on our website.

Google AdWords is an internet advertising service that allows advertisers to place ads in both Google's search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define certain keywords that will be used to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword-related search result. In the Google advertising network, the ads are distributed to topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords.

The operator of the Google AdWords services is Google LLC, 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

If you access our website via a Google ad, a so-called conversion cookie will be stored on your system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. If the cookie has not yet expired, the conversion cookie is used to determine whether certain sub-pages, such as the shopping cart from an online shop system, were accessed on our website. The conversion cookie enables both us and Google to understand whether you came to our website via an AdWords ad and generated revenue, i.e. whether you completed or canceled a purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. In turn, we use these visit statistics to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future . Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify you.

The conversion cookie is used to store personal information, such as the websites you have visited. Accordingly, each time you visit our website, personal data, including your IP address, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

You can prevent the setting of cookies at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies.

Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do this, please use the following link: https://www.google.de/settings/ads

Further information and Google's applicable data protection regulations can be found at https://www.google.com/policies/privacy/.

Bing Ads

Based on our legitimate interest in the analysis and optimization of our online offer within the meaning of Article 6 (1) (f) GDPR, we use the Bing Ads advertising program on our website and thus conversion tracking from Microsoft Corporation, One Microsoft Way, Redmond , WA 98052-6399, United States. This service enables us to track the activities of users on our website who have reached our website via ads from Bing Ads and to display interest-based advertising. If you have reached our website via a Bing Ads advertisement, a cookie will be set on your computer. Microsoft stores non-personal data about the use of the website (e.g. the time spent on the website and which areas of the website were accessed). In addition, we can evaluate anonymously whether and to what extent sales have been made via this advertisement. Information about your identity is not collected. This collected information is transmitted to Microsoft servers in the USA and stored there for a maximum of 180 days.

You can prevent the collection of the data generated by the cookie and related to your use of the website and the processing of this data by deactivating the setting of cookies. This may limit the functionality of the website.

You can prevent the collection of your data by participating in the tracking process by refusing the setting of a cookie required for this - for example via a browser setting that generally deactivates the automatic setting of cookies. This may limit the functionality of the website.

Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website.

Affiliate Marketing - financeAds

This website uses the partner program of financeAds GmbH & Co. KG, Karlstr. 9, 90403 Nuremberg. financeAds uses so-called tracking cookies, i. H. Cookies that comply with the applicable data protection regulations and in which no personal data are stored, only anonymous tracking IDs. These cookies are used solely for the proper assignment and success calculation of the corresponding advertising material to the respective advertising partner from the affiliate partner program financeAds (Leads/Sales).

If you came to our website via an advertising medium from this partner program, a cookie that is valid for 60 days is set. Within this time, we and the affiliate program can see that the internet user has reached our website via an advertisement from financeAds.

If you do not wish to participate in tracking, you can deactivate the setting of cookies by setting your browser software. You can find more information about cookies and the option of deactivating these tracking cookies at https://www.financeads.net/ueberuns/cookies/.

Further information on the data protection regulations can be found here: https://www.financeads.net/aboutus/datenschutz/.

Affiliate Marketing - ADCELL Partnerprogramm

This website uses tracking cookies from Firstlead GmbH with the brand ADCELL (www.adcell.de). As soon as the visitor clicks on an advertisement with the partner link, a cookie is set. Firstlead GmbH / ADCELL uses cookies in order to be able to trace the origin of the orders. In addition, Firstlead GmbH / ADCELL uses so-called tracking pixels. This allows information such as visitor traffic on the pages to be evaluated. The information generated by cookies and tracking pixels about the use of this website (including the IP address) and the delivery of advertising formats is transmitted to a Firstlead GmbH / ADCELL server and stored there. Among other things, Firstlead GmbH / ADCELL can recognize that the partner link on this website was clicked. Firstlead GmbH / ADCELL can pass on this (anonymized) information to contractual partners under certain circumstances, but data such as the IP address will not be merged with other stored data."

At https://www.adcell.de/datenschutz you still have the option of completely deactivating data transmission.

Affiliate Marketing - AWIN

This website uses the advertising network of AWIN AG, Eichhornstraße 3, 10785 (www.awin.com). AWIN uses so-called cookies to evaluate and assign transactions. If you came to our website via an advertising medium from this partner program, a cookie that is valid for 60 days is set. Within this time, we and the affiliate program can recognize that the Internet user has reached our website via an advertising medium from AWIN. These cookies are used solely for the proper assignment and billing of the corresponding advertising material to the respective advertising partner from the AWIN affiliate partner program and comply with the applicable data protection regulations. AWIN does not collect, process or use any personal data. Only the information about when a specific advertising medium was clicked on by a device is placed in a cookie. An individual sequence of digits, which cannot be assigned to the individual user, is stored in the AWIN tracking cookies, with which the following information is documented:

an advertiser's affiliate program
the publisher
the time of the action of the user (click or view)

If you do not want cookies to be stored in your browser, you can do this by making the appropriate browser settings. You can deactivate the storage of cookies in your respective browser, limit it to certain websites or set your browser so that it notifies you as soon as a cookie is sent. You can also delete cookies at any time so that all information stored in them is removed from your device.

Further information can be found in the AWIN data protection declaration and the information on cookie opt-out. By clicking on the "opt-out" field, an opt-out cookie is set by AWIN, which means that no visitor data from your browser will be collected and stored at AWIN in the future. The opt-out cookie is only valid in this browser and is stored on your device.

V. CONTENT, ONLINE MARKETING UND CUSTOMER SUPPORT

PRISMIC - CMS

The content of this website is hosted by Prismic (https://prismic.io). This is a service of Prismic Networks, Inc. 185 Alewife Brook Parkway, #410 Cambridge, MA 02138 hereinafter referred to as "Prismic". In order to enable the content of our website to be displayed, a connection to the Prismic servers is established when our website is accessed. In this way, Prismic receives information about the IP address to which the accessed content is to be delivered. The legal basis is Article 6 Paragraph 1 Letter f (protection of the legitimate interests of the person responsible) in order to enable the economic operation of this website.

Prismic advises that this service is GDPR compliant and complies with EU data protection laws (GDPR).

(https://prismic.io/legal/privacy, https://prismic.io/security).

ZENDESK

1. Ticket System Zendesk

We use the Zendesk ticket system, a customer service platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102 (www.zendesk.com) (hereinafter: "Zendesk"), to process customer inquiries. Zendesk is a certified participant in the "Privacy Shield Framework" and thus meets the minimum requirements for legally compliant order processing. The user can find more detailed information on data processing by Zendesk in Zendesk's data protection declaration at www.zendesk.com/company/privacy. If there are any questions, the user can also contact Zendesk's data protection officer directly: privacy@zendesk.com

In order to process customer inquiries via this Zendesk ticket system, necessary data such as e.g. B. Surname, first name, postal address, telephone number, e-mail address recorded via our website in order to be able to answer the user's need for information.

We only use the personal data transmitted by the user to process the specific request. The data provided will be treated confidentially. The data provided and the message history with our service desk will be saved for follow-up questions and later contact.

The legal basis for processing the data entered into the Zendesk ticket system is Art. 6 (1) lit. f GDPR. We have a legitimate interest in conducting the exchange desired by the user or processing his request properly. If the data entered into the Zendesk ticket system is processed due to pre-contractual measures (e.g. request for an offer) or to exchange information for the fulfillment of the contract (e.g. sending required information, support requests, etc.), then the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

We have concluded an order processing contract with Zendesk and fully implement the strict requirements of the German data protection authorities when using Zendesk.

2. Live – Chats Zendesk

The Zendesk live chat system is also used on our website. With this technology, pseudonymised data is collected and stored for the purpose of web analysis and to operate the live chat system to answer live support requests. User profiles can be created from this pseudonymised data under a pseudonym. Cookies can be used. The cookies enable, among other things, the recognition of the Internet browser. If the information collected in this way has a personal reference, processing is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behavior for optimization purposes. If the information collected in this way has a personal reference and is used for pre-contractual measures (e.g. request for an offer) or for the exchange of information for the fulfillment of the contract (e.g. sending required information, support requests, etc.), then the additional legal basis for the processing of the data is Art. 6 Para. 1 lit. b GDPR.

The data collected with the Zendesk live chat system will not be used to personally identify the user and will not be merged with personal data about the bearer of the pseudonym without the separately granted consent of the person concerned. In order to avoid the storage of Zendesk cookies, you can set your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. However, switching off all cookies can mean that some functions on our website can no longer be executed.

3. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

4. Possibility of objection and elimination

The user can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. In this case, the user must contact our data protection officer. All personal data that was saved in the course of making contact will be deleted in this case.

Integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any reviews collected, as well as to offer Trusted Shops products to buyers after an order.

This serves to safeguard our overriding legitimate interests in optimal marketing by enabling secure shopping in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of an order processing by a CDN provider (Content Delivery Network). Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on data protection at Trusted Shops GmbH can be found here: https://www.trustedshops.de/impressum/#datenschutz

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call, amount of data transferred and the requesting provider (access data) and documents the call. Individual access data is stored in a security database for analysis of security issues. The log files are automatically deleted no later than 90 days after creation.

Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered to use them. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you are already registered as a buyer for product use is automatically checked using a neutral parameter, the e-mail address hashed using a cryptological one-way function. Before it is sent, the e-mail address is converted into this hash value, which Trusted Shops cannot decrypt. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services in accordance with Article 6 (1) sentence 1 lit. f GDPR. Further details, including objections, can be found in the Trusted Shops data protection declaration linked above and in the Trustbadge.

Amazon Affiliate Program

On the basis of our legitimate interests (i.e. interest in the economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO) we are participants in the Amazon EU partner program, which was designed to provide a medium for websites by means of which advertising costs can be earned by placing advertisements and links to Amazon.de (so-called affiliate system). Amazon uses cookies to be able to trace the origin of the orders. Among other things, Amazon can recognize that you clicked the partner link on this website and then purchased a product from Amazon.

Further information on the use of data by Amazon and the possibility of objection can be found in the company's data protection declaration: Amazon.de data protection declaration.

Google reCaptcha

To protect against spam and abusive spying when submitting forms, we use the service reCAPTCHA in selected cases for our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.

The operating company is Google LLC; 1600 Amphitheatre Parkway; Mountain View, CA 94043; USA, represented in the EU by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of this service, a check is carried out in the background to determine whether data is being entered by a human or by automated programs. In doing so, the behavior is automatically analyzed, e.g. on the basis of mouse movements and dwell times.

The service includes the sending of your IP address and possibly other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and further used there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service.

According to the COMMISSION'S IMPLEMENTING DECISION (EU) 2021/914 of 4th June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council, the transfer of data to the USA is based on standard contractual clauses, see here https://business.safety.google/gdprcontrollerterms/ and here https://business.safety.google/gdprcontrollerterms/sccs/.

A transfer of your data by Google to third parties cannot be excluded by us, for example in the case of legally required transfers or the processing of data by third parties on behalf of Google.

Further information and the applicable data protection provisions of Google can be found at https://policies.google.com/privacy and https://policies.google.com/terms.

Popupsmart

We use various widgets from Popupsmart, 1777 NW 72bd Ave, Miami, FL33126, USA to draw attention to certain content and information.

Widgets used:

PopUp Widget
Button widget

The required legal basis for processing the data is Art. 1 (6) (a) GDPR. For more information on the privacy policy of the company processing the data, visit https://popupsmart.com/gdpr.

Popupsmart does not use, collect or store any personal data.

Data that is not collected from the data subject

We not only process personal data that we receive directly from you, but also use our own research and data from third parties for supplementation and validation. In accordance with Art. 14 GDPR, we would like to inform you below about the sources and the data categories that we use when researching or collecting data from third parties. The legal basis is the principle of "accuracy" Art. 5 Para. 1 d GDPR and the protection of our legitimate interests for the purpose of verifying and updating our database in accordance with Art. 6 Para. 1 f GDPR. The data will only be used for the purposes stated in this data protection declaration. It will only be used for advertising if we have given our consent

1. Echobot

Operating company: Echobot Media Technologies GmbH, Durlacher Allee. 73, D-76131 Karlsruhe
Data and techniques: Search in publicly available data from online news, blogs, company websites, register databases and social media networks with a business connection.
You can find more information about Echobot at https://www.echobot.com/.
Data and privacy: https://www.echobot.com/data-privacy

VI. BOOKING PROCESS AND PAYMENT OPTIONS

Reference to the purpose of data collection and disclosure to third parties when booking via the website

In order to process bookings via our website, the personal data required to implement the booking is collected. This is usually first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number and other data required to process the booking. Personal data related to the respective booking is also necessary to process the booking. In particular, there may be a mutual exchange of payment information such as bank details, card number, expiry date and CVC code, prices and taxes, information on previous purchasing behavior or other information relating to your financial situation.

The transmission of the data is aimed in particular at identity verification, payment administration and fraud prevention. The purpose of data collection is therefore the fulfillment of (pre-)contractual obligations in accordance with Article 6 (1) (b) GDPR.

For processing, it may be necessary for us to forward the personal data collected during the payment process, such as name, address, telephone number, e-mail address, credit card or bank account data and transaction data, to the payment service provider. Some of the payment service providers also collect this data themselves (PayPal, Sofortüberweisung).

Adyen

Payments are processed, among other things, through our partner (payment service provider) Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam. To prevent and detect fraud, we transmit your IP address to our partner Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam. Your IP address will be saved by Adyen BV. All data is transmitted in encrypted form. You can revoke your consent at any time with effect for the future using the contact details in the imprint.

Payment with credit card

hepster offers our customers to make payments by credit card. When paying by credit card (Visa/MASTER-Card/American Express), the payment data you enter will be processed by our payment provider in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR

Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam

recorded, stored and only passed on to the companies involved in the payment process. With the credit card payment you accept the terms and conditions of the payment provider. In this case, we do not collect or store the payment data.

When paying by credit card, the following data is processed:

Card type (American Express, Mastercard or VISA)
Name of Cardholder
Card number
Check Digit
Period of validity

Payment by direct debit (SEPA)

hepster offers payment by direct debit as a payment method. When paying by direct debit, the payment data entered will be processed by our payment provider in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR

Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam

recorded, stored and only passed on to the companies involved in the payment process. With the direct debit payment, the customer accepts the terms and conditions of the payment provider. In this case, we do not collect or store the payment data.

When paying by direct debit, the following data is processed:

Name of account holder
Country
Bank account number
Sort code

Payment with Paypal

To handle the booking process, we offer the PayPal payment method and have integrated PayPal components on our website.

PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If you select "PayPal" as the payment option during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you agree to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data related to the respective order are also required to process the purchase contract.

The transmission of the data is intended for payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may pass on the personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfill the contractual obligations or the data is to be processed in the order.

You have the option to revoke your consent to the handling of personal data from PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal's applicable data protection regulations can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Payment with immediate transfer

To handle the booking process, we offer the payment method Sofortüberweisung and have integrated components of the Sofortüberweisung company on our website (www.sofort.de).

Sofortüberweisung is a payment service that enables cashless payment for products and services on the Internet. Sofortüberweisung represents a technical procedure through which the online retailer immediately receives a payment confirmation. In this way, a retailer is able to deliver goods, services or downloads to the customer immediately after the order has been placed.

The operating company of Sofortüberweisung is SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany.

If you select "Sofortüberweisung" as the payment option during the ordering process in our online shop, your data will be automatically sent to Sofortüberweisung. By selecting this payment option, you agree to the transfer of personal data required for payment processing.

When making a purchase via Sofortüberweisung, the buyer transmits the PIN and TAN to Sofort GmbH. Sofortüberweisung then carries out a transfer to the online retailer after a technical check of the account balance and retrieval of further data to check the account funds. The execution of the financial transaction is then automatically communicated to the online retailer. Sensitive data (such as PIN and TAN) are not stored and are not visible to employees of Sofort GmbH or from outside at any time.

The personal data exchanged with Sofortüberweisung is first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. The transmission of the data is intended for payment processing and fraud prevention. The person responsible for processing will also transmit other personal data to Sofortüberweisung if there is a legitimate interest in the transmission. The personal data exchanged between Sofortüberweisung and the person responsible for processing may be transmitted by Sofortüberweisung to credit agencies. The purpose of this transmission is to check identity and creditworthiness.

Sofortüberweisung may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfill the contractual obligations or the data is to be processed in the order.

You have the option to revoke your consent to the handling of personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

The applicable data protection regulations of Sofortüberweisung can be accessed at https://www.klarna.com/sofort/datenschutz/.

VII. PURPOSES AND LEGAL BASIS OF DATA PROCESSING, CONTRACTORS, TRANSFER TO THIRD PARTIES IN THIRD COUNTRIES

We only use the personal data you have given us for the purposes for which it was intended. The legal basis for the processing of your data can be, in particular, the initiation and processing of contracts, advertising, quality assurance, fraud prevention or the keeping of statistics.

If contractually agreed, we can arrange for the data to be passed on to one or more processors, for example a parcel service provider, who then also uses the personal data exclusively for internal use that is attributable to us.

A further legal basis for the processing of your data is your consent to the use and disclosure of your personal data. You can informally revoke your consent at any time.

A transfer of personal data to state institutions and authorities takes place exclusively on the basis of mandatory national legislation. The persons commissioned by us to process the data are bound to secrecy and lawful processing of the data. In the event of further processing of your personal data for a purpose other than the original, we will notify you accordingly.

We use the support of external service providers (processors) for certain technical processes relating to data analysis, processing and/or storage.

Data will only be transferred to third countries (countries outside the European Economic Area – EEA) if this is necessary to fulfill the contract, is required by law or if you have given us your consent. If required by law, we will inform you separately about the details.

As part of the refer-a-friend program, we send our customers amazon vouchers via the online shop amazon.de if they actively participate in the refer-a-friend program and successfully refer a friend. For this purpose alone, we use the e-mail address given when booking and give it to our customers in the course of the amazon voucher booking and forwarding of the amazon voucher to our customers in the booking process from amazon.de.

In the course of booking an insurance contract as part of a special offer, we give our customers an Amazon.de voucher when booking. In order to fulfill this promise, the e-mail address provided when booking is used for this purpose alone and in the course of the Amazon.de voucher booking and forwarding of the Amazon.de voucher to our customer in the amazon.de (Amazon Incentives) booking process .

VIII. DURATION OF DATA STORAGE

We store your collected personal data from the time of collection. The data collected in this way will be stored by us for the duration of our business relationship, which also includes the initiation and processing of a contract. In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) or the Fiscal Code (AO), among other things. The retention periods prescribed there are up to ten years. Finally, with regard to the possibility of defending against legal claims, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff of the German Civil Code (BGB) are usually 3 years, but in certain cases also up to thirty years can amount.

IX. RIGHTS OF DATA SUBJECTS (INFORMATION FOR DATA SUBJECTS ACCORDING TO CHAPTER 3 GDPR)

You are entitled to the following data subject rights:

(1) The right to information according to Art. 15 GDPR

(2) The right to rectification according to Art. 16 GDPR

(3) The right to erasure according to Art. 17 GDPR

(4) The right to restrict the processing of personal data in accordance with Art. 18 GDPR

(5) The right to data portability according to Art. 20 GDPR and

(6) The right to object to the processing of personal data in accordance with Article 21 GDPR:

According to Art. 21 Para. 1 GDPR, you have the right at any time, for reasons arising from your particular situation, against the processing of personal data concerning you, which is based on Article 6 Para. 1 Letter f of the GDPR (processing to safeguard the legitimate interests of the responsible body or a third party) to file an objection.

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the processing takes place in order to operate direct advertising, you have the right according to Art. 21 Para. 2 DSGVO to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

In addition, according to Art. 77 GDPR, there is a right of appeal to a data protection authority.

X. CONTACT AND DATA PRIVACY OFFICER

This data protection declaration applies to the website of

MOINsure GmbH
Campus Altkarlshof, Am Kreuzgraben 1a, 18146 Rostock, Germany
E-Mail: info@hepster.com
Phone: +49 (0) 381 - 203 888 00

You can reach our data privacy officer as follows:
ECOVIS Grieger Mallison Rechtsanwälte PartG mbB
Laywer Axel Keller / Laywer Susann Harder
Am Campus 1 – 11, 18182 Rostock-Bentwisch, German
Phone.: +49 (0) 381 – 649 210
E-Mail: dsb-nord@ecovis.com