Grover – Privacy Policy

With this privacy policy we inform you about our processing of your personal data. We know that the protection of this data is important to you and appreciate the trust placed in us. We process personal data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

1. Who is controlling data processing and whom can I contact?


Grover Group GmbH operates the website www.getgrover.com ("Website"). If you conclude contracts via the Website, your contract partner is Grover Finance I UG, because Grover Group GmbH concludes contracts via the Website only in the name of Grover Finance I UG. Grover Finance I UG is a subsidiary of Grover Group GmbH. This results in the following responsibilities:

Controller regarding the operation of the website is:

Grover Group GmbH, Holzmarktstraße 11, 10179 Berlin, represented by the managing director

Michael Cassau

E-mail: grover@getgrover.com

Telephone: +49 (0) 30 30 80 82 51

Controller regarding the conclusion of contracts through the Website and the execution of these contracts is:

Grover Finance I UG (limited liability), Holzmarktstraße 11, 10179 Berlin, represented by the managing director Michael Cassau

E-mail: grover@getgrover.com

Telephone: +49 (0) 30 30 80 82 51

In the following, both companies will be referred to as "Grover" or "we".

You can contact the data protection officer of both companies at:

ISiCO Datenschutz GmbH

Herr Thomas Weber

Am Hamburger Bahnhof 4

10179 Berlin

Email: privacy@getgrover.com


We process personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (BDSG) for the following purposes:

2.1 For the performance of contractual and pre-contractual obligations (Article 6 (1) sentence 1 (b) GDPR)

The processing of personal data (Article 4 No. 2 GDPR) occurs to provide this Website and to market the products, in particular to conclude and process contracts, to settle accounts, to carry out pre-contractual actions, to respond to inquiries related to our business relationship and for all activities necessary for the operation and administration of the company.

The purposes of data processing depends primarily on the specific product. Further details on the purpose of data processing in the context of contract performance can be found in the respective contract documents, and terms and conditions.

In particular, Grover processes the personal information that you provide as a user when registering, for contractual purposes or as part of a request. In particular, the following data are processed: name, date of birth, e-mail address, address (invoice and, if applicable, different shipping address), order information, optional telephone number and bank details. In addition, Grover saves the password, which the user can choose freely. The password is not stored in plain text, but only a so-called hash value.

2.2 Based on legitimate interests (Article 6 (1) sentence 1 (f) GDPR)

In addition, we process your data beyond the provision of the website and the actual performance of the contract for pursuing legitimate interests of third parties, or us, in particular in the following cases:

• Answering your inquiries which are unrelated to a contract or pre-contractual actions;
• advertising or market and opinion research, as long as you have not objected to the use of your data;
• asserting legal claims and defense in legal disputes;
• ensuring IT security and IT operations;
• examinating creditworthiness;
• preventing and investigating criminal offenses;
• business management and product development.

Our legitimate interest is to market our products optimally, further develop these products and our company, or to protect our company against adverse effects and threats and to enforce its claims.

2.3 On the basis of your consent (Article 6 (1) sentence 1 (a) GDPR)

Insofar as you have given us consent to the processing of personal data for specific purposes (e.g. evaluation or use of data for marketing purposes), the legality of this processing is based on your consent. A given consent can be withdrawn at any time. This also applies to the withdrawal of consents, which you have given us prior to the validity of the GDPR (before 25 May 2018). Please note that the withdrawal takes effect only for the future. Processing that occurred before the withdrawal is not affected by a revocation.

2.4 For compliance with a legal obligation (Article 6 (1) sentence 1 (c) GDPR)

In addition, we are subject to various legal obligations (e.g. Money Laundering Act, tax laws), which require the processing of data.

3. Who gets my data?


Within the respective controlling company, the departments which need your personal data to perform our contractual and legal obligations, obtain access to your data.

Also, we pass on your data to the recipients expressly named in this privacy policy.

Furthermore, we pass them on to the following categories of recipients if this is necessary to fulfill a contractual relationship with you or to carry out pre-contractual measures (Article 6 (1) sentence 1 GDPR), or to pursue legitimate interests (Art 6 (1) sentence 1 lit. f GDPR):

• IT service providers, especially software as a service, hosting, storage and cloud computing providers,
• logistics service providers,
• email marketing service providers and customer service providers,
• marketing service providers, especially Google Adwords and WhatsApp consulting service providers,
• payment service providers and credit institutions for the collection of fees,
• and collection agencies to enforce claims

To the extent that processing is required to pursue legitimate interests, such as the use of IT services, our legitimate interest is to outsource functions.

Grover Finance I UG as your contract partner makes your data accessible to Grover Group GmbH for the conclusion and settlement of the contractual relationship in the name of Grover Finance I UG as well as for the promotion of its own offers.

In addition, your personal data is forwarded or transmitted if required by law (Article 6 (1) sentence 1 (c) GDPR), or if you have consented (Article 6 (1) sentence 1 (a) GDPR).

4. How long will my data be stored?


To the extent necessary, we process and store your personal data for the duration of our contractual relationship, which includes, for example, the initiation and performance of a contract. Note that our contractual relationship is usually a continuing obligation.

When there is a contractual relationship, or another civil law claim, the storage period is also governed by the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code are usually three years, but in certain cases also can be thirty years.

In addition, we are subject to various storage and documentation obligations, which result inter alia from the German Commercial Code (HGB) and the Tax Code (AO). The deadlines for storage or documentation specified therein are 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents and business letters (§§ 238, 257 (1) and (4) HGB, § 147 (1) and (3) AO).

Log files are always deleted after the end of the respective browser session, at the latest after seven days, unless their further storage is exceptionally necessary and lawful. The storage period of cookies depends on the individual case and is usually between 12 and 24 months.

5. Are data transmitted to a third country or to an international organization?


Grover itself does not transmit data to third countries (countries outside the European Economic Area - EEA). However, some of the above mentioned recipients will transfer personal data to third countries, but this will only be done on the basis of an adequacy decision by the EU Commission or, as indicated below, on the basis of standard data protection clauses of the EU Commission (available at https://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF) or binding corporate rules.

6. Website – log files


When visiting our Website, the browser used on your device automatically sends information to the server hosting our Website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion: IP address of the requesting computer, date and time of access, name and URL of the retrieved file, web page from which the access follows ("Referrer-URL "), If applicable, the search engine you are using, the browser used and, if applicable, the operating system of your computer and the name of your access provider.

The legal basis for this type of data processing is Article 6 (1) sentence 1 lit. f GDPR.

The legitimate interests pursued by us are in particular:

Ensuring a smooth connection of the website,
ensuring comfortable use of our website,
billing,
statistical evaluation using a pseudonym to optimize our website and offer quality and range,
evaluation of system security and stability as well
for further administrative purposes

7. Marketing


7.1 Newsletter

To the extent that you have expressly consented in accordance with Art. 6 para. 1 sentence 1 (a) GDPR we use your e-mail address to inform you with our newsletter by e-mail about us, our offers and special promotions. Your consent will be logged.
For the receipt of the newsletter the indication of an e-mail address is sufficient.
The withdrawal of the consent is possible at any time, for example via the link at the end of each e-mail. Alternatively, you can also send your withdrawal notice at any time by e-mail at help@getgrover.com. In this case, your e-mail address will be deleted from our e-mail distribution list and added to our black list. The withdrawal of your consent takes effect only for the future. Processing that occurred before is not affected.

Newsletter tracking

Note that we evaluate the behavior of the recipients of our emails using pseudonymous usage statistics. For this purpose, the emails contain so-called web beacons or tracking pixels and links, which are each linked with an individual ID. Thus, we record the time of opening and forwarding the e-mail as well as the clicking of the links contained therein, the IP address (to determine the country of retrieval) and the email program used. This data is not linked to your email address or other personal data, so that a direct personal relationship is excluded for us. The evaluation is based on aggregated usage statistics (delivery rate, opening rate, click rate, number of redirects, number of clicks on the links contained in the email, email programs used, openings and clicks by time of day and date, country of retrieval). Only in the event of cancellations or failed deliveries will we additionally receive information about the name and email address. This is (also) in your interest, so that we can immediately delete you from our email distribution list or correct the delivery problem. The pseudonymous evaluation of usage behavior serves to check the success of our email marketing and to constantly improve it. For these purposes, we have a legitimate interest in data processing. The legal basis is Art. 6 (1) sentence 1 (f) GDPR.

Shipping and evaluation by MailChimp

We use MailChimp, a service of The Rocket Science Group LLC, 675 Ponce De Leon Ave. NE, Suite 5000, Atlanta, GA 30308, USA ("MailChimp") for the purposes of sending and analyzing the e-mails.

The data processed during the dispatch and the evaluation of the e-mails are stored on the servers of MailChimp in the USA. The submission of your information to a third country outside the EU is covered by an adequacy decision of the Commission within the meaning of Art. 45 GDPR, as MailChimp has committed to comply with the Privacy Shield Principles (https://www.privacyshield.gov/EU-US-Framework ). Mail-Chimp will work for us as a processor within the meaning of Art. 28 GDPR. For more information, please refer to the Privacy Policy of MailChimp (https://mailchimp.com/legal/privacy/ ).

7.2 Existing customer advertising

To the extent that you have already ordered our products for a fee, we will inform you from time to time by e-mail or letter about similar goods and services from us, if you have not objected.

The legal basis for data processing is Art. 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in direct marketing (Recital 47 GDPR).

You may object to the use of your e-mail address and postal address for promotional purposes at any time at no additional charge, for example via the link at the end of each e-mail or by e-mail to help@getgrover.com.

8. Credit check and scoring


In the course of ordering processes, we may review your credit rating. For this purpose, we provide the following data to so-called credit bureaus cooperating with us: name, address, date of birth.

The legal basis for this is the consent that you expressly grant in connection with your order, Art. 6 (1) sentence 1 (a) GDPR. If you do not want to give the above consent or you do not want a credit rating check, we cannot offer you some payment methods. In this case, we can only offer you payment methods, which do not bear any credit risk for us. You can withdraw your consent at any time with effect for the future.

For this purpose, we will submit your personal data for the credit rating to the following companies:

• CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 München
• Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss and
• Schufa Holding AG, Kormoranweg 5, 65201 Wiesbaden

For the decision on the conclusion, performance or termination of a contractual relationship, we use not only an address check, but also information about your previous payment behavior as well as probability values for your future behavior, which include, among other things, address data. We obtain this information from the following providers:

• CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 München
• Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss and
• Schufa Holding AG, Kormoranweg 5, 65201 Wiesbaden

The creditworthiness information and own analyzes can contain probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes, among other things, address data. The legal basis for this is Article 6 (1) sentence 1 (f) GDPR. The legitimate interest results from our interest in reducing the contract risk, protecting against bad debts as well as misuse of our services by third parties. Your interests will be considered in accordance with the statutory provisions.

We also provide information about payment delays or any default on loans to credit agencies cooperating with us, such as Schufa Holding AG, Wiesbaden, in compliance with any legal requirements. The legal basis for this is Article 6 (1) sentence 1 (f) GDPR. Our legitimate interest results from our and the interest of third parties in reducing contract risks for future contracts.

9. Cookies and similar technologies


We use cookies on our website that collect your data using pseudonyms. Cookies are small text files that a website generates and which your Internet browser saves when you visit the Website on your hard drive. Depending on the cookie, different data are collected.

On our Website we use technically necessary cookies, functional cookies, web analytics cookies and tracking cookies for advertising purposes.

If you want to prevent the use of cookies, you can generally do the following:

You can delete existing cookies in your browser,
you can prevent the storage of (third party) cookies in your browser settings,
you can use tools like Ghostery (https://www.ghostery.com/) that block tracking tools,
you can opt out of personalized ads from vendors that are part of the About Ads self-regulatory campaign (http://www.aboutads.info/choices),
you can use the opt-out features of the Network Advertising Initiative (http://optout.networkadvertising.org/) or the http://www.youronlinechoices.com/de/ page to prevent tracking,
you can use the features of http://www.youronlinechoices.com/de/ to prevent tracking.
Further possibilities to prevent the processing of data by cookies are described in the links printed hereinafter to privacy policies of providers. Many vendors provide special opt-out tools.

Please not that that you may not be able to use all features of our website when blocking cookies.

9.1 Technically necessary cookies

Many of the cookies we use are technically necessary to enable you to use our Website and the services offered on them ("session cookies"). These cookies allow e.g. the insertion of goods in a shopping cart or the login in the protected area. The legal basis for the processing is Art. 6 (1) sentence 1 (b) GDPR. The data will not be combined with other personal information and will not be used for promotional purposes. Session cookies are deleted after the end of the respective browser session, at the latest after seven days.

9.2 Functional cookies

We use temporary cookies to improve usability. These cookies are stored on your device for a certain time period, allowing that they will be recognized when you re-enter our site and your preferences and preferences are automatically set. The legal basis for the processing is Art. 6 (1) sentence 1 (f) GDPR.

9.3 Web Analytics Cookies

We use cookies to create pseudonymous user profiles for the purpose of web analysis ("web analytics cookies"). These cookies enable us to recognize recurring users (device owners), analyze their behavior on our website, optimize our website and measure their reach. The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. your consent. We do not combine the data with other personal information and we do not use it for the targeted approach of individual users for advertising purposes.

9.3.1 Google Analytics with anonymization function

For this web analysis we use the service Google Analytics, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics uses cookies which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website (browser type/version, operating system used, referrer URL, host name of the accessing computer (IP address), date and time of the server request) are generally transferred to a Google server in the USA and stored there. On our website, we have extended Google Analytics with the code “anonymizeIp()” to guarantee an anonymous collection of IP addresses (so-called IP masking). Google will therefore reduce your IP address by the last octet within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission (C/2016/4176 of 12 July 2016 – http://data.europa.eu/eli/dec_impl/2016/1250/oj ) within the meaning of Article 45 GDPR, because Google has undertaken to comply with the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework ).

On our behalf, Google uses this information as a processor within the meaning of Art. 28 GDPR to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website use and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

For more information on Google Analytics’ Terms of Use and Privacy Policy, please visit https://www.google.com/analytics/terms/gb.html and https://support.google.com/analytics/answer/6004245?hl=en.

9.3.2 Google AdSense

We reserve the right to use Google AdSense on our website. Google AdSense is a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, referred to here as “Google,” for the inclusion of advertisements.

Google AdSense uses “cookies,” text files that are stored on your computer and allow analysis of your use of our website. Google AdSense also uses “web beacons”. Through these web beacons, Google can evaluate information, such as the flow of traffic on our site. This information, in addition to your IP address and tracking of the displayed advertising formats, is transmitted to Google in the US, stored there, and may be used by Google to other parties. However, Google will not match your IP address with other data you have stored.

You can prevent the installation of cookies in your browser settings, however, you may then not be able to fully use all functions of our website. By using our website, you agree to the processing of data about you by Google in the manner described above and for the purpose stated above.

9.3.3 Other cookies

We continually adapt our web analytics to market needs. Therefore, the use of cookies changes continuously. Through the cookie banner of our website, we provide information about other cookies used and the purpose of use.

9.4 Tracking cookies for promotional purposes

We also use tracking cookies for the purpose of targeted and interest-based online advertising ("advertising cookies"). These cookies collect and store information about your use of our website in a pseudonymous form. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. your consent. You can withdraw your consent at any time. The legal basis for the processing carried out on the basis of your consent until the withdrawal remains unaffected.

We use the information to place advertisements that are in line with your interests on our Website and on the websites of third parties (if they are part of our advertising network). You benefit from this because you will be shown less advertising that is not tailored to your interests. We also use the information to measure and optimize the success of our advertising campaigns.

Specifically, we use the following tracking cookies (and tracking pixels) for promotional purposes:

9.4.1 Google Adwords with conversion tracking

This Website uses the online advertising service Google Adwords with conversion operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

We use the service to place ads on the results page of a Google search or a Google advertising network website using Google (so-called AdWords). Our purpose is to draw your attention to our offers. Conversion tracking enables us to measure how successful our individual advertising measures are by means of certain parameters (e.g. insertion of advertisements or clicks by the user).

When you click on an ad placed by Google, Google stores a conversion tracking cookie on your computer. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies help Google recognize your browser. If you visit certain websites on an AdWords customer's website and the cookie has not yet expired, Google and the customer may recognize that you clicked on the ad and were redirected to the website. A different cookie is assigned to each AdWords customer. Cookies therefore cannot be traced through the websites of AdWords customers. We do not collect and process any personal data when using Google AdWords. We only receive statistical evaluations from Google with the total number of users who clicked on an ad and were redirected to a website with a conversion tracking tag. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the technologies used, your browser automatically establishes a direct connection to a Google server in the USA. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission within the meaning of Art. 45 GDPR, as Google has self-certified its adherence to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). By integrating AdWords with conversion tracking, Google receives the information that you have called up the corresponding website of our web presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate the data with your account. Even if you are not registered or logged in to Google, it is possible that Google may obtain and store your IP address.

Further information on data processing in the context of Google AdWords can be found at https://policies.google.com/privacy?hl=policies.

9.4.2 DoubleClick

The controller has integrated DoubleClick by Google components on this website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google's operating company is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

DoubleClick by Google transmits data to the DoubleClick server with every impression, click, or other activity. Each of these data transfers triggers a cookie request to the affected person's browser. If the browser accepts this request, DoubleClick sets a cookie on the information technology system of the person concerned. What cookies are, has already been explained above. The purpose of the cookie is to optimize and display advertising. The cookie is used, among other things, to serve and display user-relevant advertisements, as well as to generate reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple impressions of the same advertising.

DoubleClick uses a cookie ID required to complete the technical process. For example, the cookie ID is needed to display an ad in a browser. DoubleClick can also use the cookie ID to see which ads have already appeared in a browser to avoid duplication. DoubleClick also allows the cookie ID to track conversions. Conversions are captured, for example, when a user has previously shown a DoubleClick ad and then, with the same internet browser, makes a purchase on the advertiser's website.

A DoubleClick cookie does not contain any personally identifiable information. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier identifies the campaigns the user was already in contact with.

Each time one of the pages of this website is accessed and a DoubleClick component is integrated, the Internet browser on the subject's information technology system is automatically prompted by the relevant DoubleClick component for purposes to submit online advertising and commission billing to Google. As part of this technical process, Google will be aware of data that Google uses to create commission billing. Google can understand, among other things, that the person has clicked on certain links on our website.

The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, cookies already set by Google can be deleted at any time via an internet browser or other software programs.

Additional information and DoubleClick by Google's applicable privacy policy can be found at https://www.google.com/intl/en/policies/.

9.4.3 Other cookies

We continuously adapt our online advertising to market requirements. Therefore, the use of cookies for this purpose changes continuously. Through the cookie banner of our website, we provided information about other cookies used and the purpose of use.

9.5 HotJar


On our website, through technologies provided by HotJar (HotJar Ltd., St Julian’s Business Center, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) with the analysis service “HotJar” visitor interaction data is collected and stored to optimize the user experience and improve customer satisfaction. For this, mouse clicks, mouse movements, and scrolling movements as well as keyboard input can be saved.

HotJar will not record this data on websites that do not use the HotJar system. The collection and storage of data can be objected to at any time, and you can opt out here: https://www.hotjar.com/opt-out .

In certain cases, deactivation may result in a restriction of the functionality of our website.

9.6 New Relic

On this Website, New Relic, a web analytics service provided by New Relic Inc., collects and stores data that is used to create usage profiles using pseudonyms. These user profiles are used to analyze visitor behavior and are evaluated to improve and tailor our services. Cookies may be used: small text files that are stored locally on the site visitor’s computer, allowing them to be recognized when revisiting our website. The pseudonymised user profiles will not be combined with personal data about the bearer of the pseudonym without the specific, express consent of the person concerned. You can prevent the installation of cookies in your browser settings, for example by deactivating the automatic storing of cookies, or specifically blocking only cookies from the domain “newrelic.com”.

9.7 eKomi customer reviews

To collect customer reviews, and product reviews by customers, we have integrated the evaluation software from eKomi on the website: The Feedback Company, Markgrafenstraße 11, 10969 Berlin. We want our customers to be able to post a review after a transaction. For this we, we aim at sending you an email after the goods have been dispatched, and ask you to submit a rating. You have the right to object to this at any time, or to ignore the customer evaluation.

eKomi has committed itself to the privacy-compliant handling of your transmitted data. It takes all possible organizational and technical measures to protect your data. Using web-based social commerce SaaS technology, our customers are interviewed to gain authentic and valuable customer feedback. eKomi will be sent an email address and a unique ID for identification, and will then generate an evaluation link for the evaluation email. In a conciliation procedure, eKomi also receives an email address as a mediator. The email address should be used again by the customer for verification and communication between the customer, our company, and eKomi.

By placing your order with us, you agree to an electronic evaluation request. You are free to ignore this evaluation request or, in advance, include eKomi in your spam email list.

9.8 Trusted Shops

To display our Trusted Shops seal of approval and any collected reviews as well as to offer the Trusted Shops products for buyers after placing an order, the Trusted Shops Trust Badge is included on this website.

This happens to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in the optimal marketing of our offer pursuant to Art. 6 (1) sentence 1 lit. f DSGVO. The Trustbadge and the services advertised are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When the Trustbadge is called, the Web server automatically stores a so-called server log file, which, for example, contains your IP address, date and time of the retrieval, transferred amount of data and the requesting provider (access data) and documents the call. These access data will not be evaluated and automatically overwritten within seven days after the end of your page visit.

Other personal data will only be transferred to Trusted Shops, as far as you have consented to this, decided after the completion of an order for the use of Trusted Shops products or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.

9.9 Twitter

The controller has integrated Twitter components on this website. Twitter is a multilingual publicly available microblogging service where users can post and distribute so-called tweets, which are limited to 280 characters. These short messages are available to anyone, including non-Twitter subscribers. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Twitter also allows you to address a broad audience via hashtags, links or retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time one of the individual pages of this website, which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Twitter component causes to download a presentation of the corresponding Twitter component of Twitter. Further information on the Twitter buttons is available at https://about.twitter.com/en/resources/buttons. As part of this technical process, Twitter receives information about which specific subpage of our website is visited by the person concerned. The purpose of the integration of the Twitter component is to allow our users to redistribute the contents of this website, to promote this website in the digital world and to increase our visitor numbers.

If the data subject is simultaneously logged in to Twitter, Twitter recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific underside of our website visits the data subject. This information is collected through the Twitter component and assigned through Twitter to the affected person's Twitter account. If the person concerned activates one of the Twitter buttons integrated on our website, the data and information transmitted with it are assigned to the personal Twitter user account of the person concerned and stored and processed by Twitter.

Twitter always receives information via the Twitter component that the person concerned has visited our website if the person concerned simultaneously logs on to Twitter at the time of access to our website; this happens regardless of whether or not the subject clicks on the Twitter component. If such a transfer of this information to Twitter is not wanted by the person concerned, the user can prevent the transfer by logging out of their Twitter account before calling our website.

The applicable privacy policies of Twitter are available at https://twitter.com/privacy?lang=en.

9.10 LinkedIn

We integrated components from LinkedIn Corporation on our website. LinkedIn is an Internet-based social network that allows users to connect to existing business contacts and make new business contacts.

LinkedIn's operating company is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Privacy Policy outside the United States is handled by LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time you visit our website, which has a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the subject to download a corresponding representation of the LinkedIn component. More information about the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn learns about the specific bottom site of our website visited by the affected person.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website which specific bottom site of our website the data subject visits. This information is collected through the LinkedIn component and linked by LinkedIn to the affected person’s LinkedIn account. If the affected person activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and saves this personal data.

LinkedIn always receives information via the LinkedIn component that the person concerned has visited our website if the person concerned is simultaneously logged into LinkedIn at the time of accessing our website; this happens regardless of whether the person clicks on the LinkedIn component or not. If the affected person does not want to transmit this information to LinkedIn, the latter can prevent it from logging out of their LinkedIn account before visiting our website.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn offers the ability to opt out of email messages, text messages, and targeted ads, as well as manage ad settings. LinkedIn also uses partners like Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, who can set cookies. Such cookies can be refused at https://www.linkedin.com/legal/cookie-policy. LinkedIn's privacy policy is available at https://www.linkedin.com/legal/privacy-policy.

9.11 Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is an Internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in virtual space. A social network can serve as a platform to exchange views and experiences, or allows the Internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialize via friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Persons responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

Each visit to one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned automatically by the respective Facebook Component causes a representation of the corresponding Facebook component of Facebook to download. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook receives information about which specific underside of our website is visited by the person concerned.

If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific underside of our website the data subject visits. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the person concerned activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the person concerned makes a comment, Facebook assigns this information to the personal Facebook user account of the person concerned and saves this personal data,

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this happens regardless of whether the person clicks on the Facebook component or not. If such a transfer of this information to Facebook is not wanted by the data subject, it can prevent the transfer by logging out of their Facebook account before calling our website.

The data policy published by Facebook, which is available at https://www.facebook.com/about/privacy/update?ref=old_policy, provides information on the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of the data subject.

As a Facebook member, you can also edit your account settings at https://www.facebook.com/ads/website_custom_audiences/ and opt out of cross-device data collection via Custom Audiences. For more information on Facebook's privacy policy, please visit: https://www.facebook.com/about/privacy/update?ref=old_policy.

You can find the option to opt-out here: https://www.facebook.com/policies/cookies/ and here: http://www.youronlinechoices.com/de/praferenzmanagement/.

9.12 Taboola

Our website uses technologies from Taboola Inc. (28 West 23rd St. 5th Fl, New York, NY 10010, www.taboola.com, "Taboola"). Taboola uses cookies that determine what content you use and which of our pages you visit. Taboola uses cookies to determine which video services you use and how you navigate our website. The cookie enables us to create pseudonymous user profiles by collecting device-related data as well as log data and to recommend content that suits your personal interests. So we can design our offer individually for you. These usage profiles are not merged with data about the bearer of the pseudonym and do not allow us to draw any conclusions about the data subject. For more information about Taboola and the ability to disable the Taboola cookie, visit https://www.taboola.com/privacy-policy (opt-out information at Site Visitor Choices).

9.13 Outbrain

On our website, we use the technology of Outbrain UK Ltd., which informs our users about further content that may also be of interest to them on our website and on websites of third parties. Those from Outbrain e.g. Additional reading recommendations integrated below an article are determined on the basis of the content previously read by the user. Outbrain uses cookies stored on the user's computer / terminal for the purpose of displaying this interest-related secondary content. The contents displayed in the Outbrain widget are automatically controlled and delivered by Outbrain in terms of content and technology.

The display of read recommendations by Outbrain via cookies is done on a purely pseudonymous basis, personal data of the user is not stored. The data collected by Outbrain are: device source, browser type, and the user's anonymized IP address. To anonymize the IP address, the last octet of the IP address is removed to ensure full anonymization.

For more information about Outbrain's privacy policy, visit http://www.outbrain.com/legal/privacy. At any time, you may object to tracking to display interest-based recommendations; click on the "opt-out" box under Outbrain's privacy policy, available at http://www.outbrain.com/legal/privacy.

9.14 Bing Ads Conversion Tracking

Our online services also use Microsoft Conversion Tracking (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads places a cookie on your computer if you have accessed our website via a Microsoft Bing ad. Microsoft Bing and we can thus recognize that someone clicked on an ad, was redirected to our website and reached a previously determined landing page (conversion page). We only record the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is given. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. For more information about privacy and cookies used with Microsoft Bing, visit the Microsoft Web site: privacy.microsoft.com/en-us/privacystatement

10. Payment service provider


10.1 PayPal as payment method

We have integrated PayPal components on this website. PayPal is an online payment service provider. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments through credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects "PayPal" as a payment option during the order process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

The personal data sent to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. For the execution of the purchase contract, also such personal data are necessary, which are in connection with the respective order.

The purpose of the transmission of the data is payment processing and fraud prevention. The controller will provide PayPal with personally identifiable information, in particular if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and the controller may be transferred by PayPal to credit reporting agencies. This transmission is for the purposes of the identity and credit check.

PayPal may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfill its contractual obligations or to process the data on behalf of the controller.

The data subject has the option to revoke the consent to the handling of personal data against PayPal at any time. A revocation has no effect on personal data which must be processed, used or transmitted for (contractual) payment processing.

PayPal's applicable privacy policy is available at https://www.paypal.com/webapps/mpp/ua/privacy-full.

10.2 Visa and Mastercard as payment method

We use external payment service providers, through whose platforms the users and we can make payment transactions (eg, each with a link to the privacy policy, Visa (https://www.visa.de/datenschutz) and Mastercard (https://www.mastercard.de/de-de/datenschutz.html).

Payment transactions via the offered means of payment take place exclusively via an encoded SSL or TLS connection. You can recognize an encrypted connection by changing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line. In the case of encrypted communication, your payment details that you submit to us can not be read by third parties.

Amongst the data processed by the payment service providers are inventory data, e.g. the name and the address, bank data, such as Account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, summary and recipient-related information. The information is required to complete the transactions. However, the data entered will only be processed and stored by the payment service providers. We do not receive any account or credit card information, but only information with confirmation or negative disclosure of the payment. The data may be transmitted by the payment service providers to credit reporting agencies. This transmission is for the purpose of the identity and credit check. For this we refer to the terms and privacy policy of payment service providers.

For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites, or transaction applications apply. We also refer to these for further information and assertion of rights of withdrawal, information and other data subjects.

11. Which data protection rights do I have?


You have against us the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Article 20 GDPR). With regard to the right of access and the right to erasure, the restrictions stipulated in §§ 34 and 35 BDSG apply. You also have the right to object to data processing by us (Article 21 GDPR). Insofar as our processing of your personal data is based on consent (Art. 6 (1), sentence 1 (a) GDPR), you can withdraw it at any time; the lawfulness of the data processing carried out on the basis of the consent until the withdrawal remains unaffected.

To assert all these rights and for further questions on personal data related issues, you can always contact our data protection officer or our postal address (see paragraph 1).

In addition, you have the right to lodge a complaint with a supervisory authority - in particular in the EU Member State where your place of residence or your place of work or the place of alleged infringement is - if you believe that the processing of your personal data is contrary to the GDPR, or other applicable data protection laws (Art. 77 GDPR, § 19 BDSG).

12. To what extent is there automated decision-making in individual cases?


As part of the conclusion and performance of the contractual relationship, we use fully automated individual decision-making in the context of credit checks in accordance with Art. 22 GDPR.

13. Changes to our privacy policy


Our service may be changed from time to time, in particular to further enhance the functionality of our platform or our offers / services. Such changes may also affect the use of your personal information. For this reason, we reserve the right to change this privacy policy at any time. The current version is available on our website under the heading "Privacy Policy". Please inform yourself in this way regularly about the current status of the data protection information.

As of: 08.10.2018