Privacy Policy

––––––––––––––––––––
Privacy Policy
––––––––––––––––––––


1) Information about the collection of personal data and contact details of the controller
1.1 We are pleased that you visit our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data means all data by which you can be personally identified.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is LB24 International GmbH, Jathostrasse 11a, 30163 Hannover, Germany, Tel.:0511 87989379, Email: info@luxusbetten24.de. The person responsible for processing personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser's address bar.

2) Data collection when visiting our website
For the purely informational use of our website, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/referrer from which you accessed the site
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. Data is not passed on or used otherwise. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use.

3) Hosting
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop based on processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned services by Shopify, data may also be transmitted within the scope of further processing on behalf to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. In the event of data transmission to Shopify Inc. in Canada, an adequate level of data protection is ensured by the European Commission's adequacy decision. Further information on Shopify's data protection can be found at the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify only takes place within the scope communicated below.

4) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow your browser to be recognized again on your next visit (so-called persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to varying degrees. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can find the duration of each cookie storage in the overview of your web browser's cookie settings.
Some cookies serve to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is processed by individual cookies we use, the processing is carried out pursuant to Art. 6 para. 1 lit. b GDPR either for the performance of the contract, pursuant to Art. 6 para. 1 lit. a GDPR in the case of given consent, or pursuant to Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the optimal functionality of the website as well as a customer-friendly and effective design of the site visit.
Please note that you can configure your browser to inform you about the setting of cookies and to decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in how it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find this information for the respective browsers at the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contact
When contacting us (e.g., via contact form or email), personal data is collected. Which data is collected when using a contact form is evident from the respective contact form. This data is used and stored exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your inquiry has been finally processed. This is the case when the circumstances indicate that the matter in question has been conclusively clarified and provided that no statutory retention obligations oppose this.

6) Data processing when opening a customer account and for contract processing
According to Art. 6 para. 1 lit. b GDPR, personal data continue to be collected and processed if you provide them to us for the execution of a contract or when opening a customer account. Which data are collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the controller. We store and use the data you provide for contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods expire, unless you have explicitly consented to further use of your data or a legally permitted further use of data by us has been reserved.

7) Comment function
As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you chose are stored and published on this website. Furthermore, your IP address is logged and stored. This storage of the IP address is for security reasons and in case the affected person violates the rights of third parties or posts illegal content through a comment. We need your email address to contact you if a third party objects to your published content as illegal. Legal bases for storing your data are Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are objected to as illegal by third parties.

8) Use of customer data for direct advertising
Subscription to our email newsletter
When you subscribe to our email newsletter, we regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter after you have explicitly confirmed that you consent to receiving the newsletter. We then send you a confirmation email, in which you are asked to confirm by clicking a corresponding link that you want to receive the newsletter in the future.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When registering for the newsletter, we store the IP address assigned to you by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later time. The data collected by us during newsletter registration is used exclusively for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time via the designated link in the newsletter or by sending a corresponding message to the responsible party named at the beginning. After deregistration, your email address will be deleted from our newsletter distribution list immediately, unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this which is legally permitted and about which we inform you in this declaration.

9) Data Processing for Order Fulfillment
9.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be forwarded to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.
If, based on a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided during the order (name, address, email address) in order to inform you personally about upcoming updates within the legally prescribed period via an appropriate communication channel (such as postal mail or email) in accordance with our legal information obligations under Art. 6 para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of notifications about updates we owe and will only be processed by us to the extent necessary for the respective information.
For the processing of your order, we also cooperate with the following service provider(s) who assist us wholly or partially in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
9.2 Transfer of Personal Data to Shipping Service Providers
- DHL
If the delivery of the goods is carried out by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will forward your email address to DHL prior to delivery in accordance with Art. 6 para. 1 lit. a GDPR for the purpose of coordinating a delivery appointment or for delivery notification, provided you have given your explicit consent for this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we only provide DHL with the recipient's name and delivery address. The transfer is made only to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery appointment with DHL or delivery notification is not possible.
Consent can be revoked at any time with effect for the future towards the above-mentioned controller or the transport service provider DHL.
- DPD
If the delivery of the goods is carried out by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will forward your email address and telephone number to DPD prior to delivery in accordance with Art. 6 para. 1 lit. a GDPR for the purpose of coordinating a delivery appointment or for delivery notification, provided you have given your explicit consent for this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we only provide DPD with the recipient's name and delivery address. The transfer is made only to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery appointment with DPD or delivery notification is not possible.
Consent can be revoked at any time with effect for the future towards the above-mentioned controller or the transport service provider DPD.
9.3 Use of payment service providers (payment services)
- Amazon Pay
When selecting the payment method "Amazon Pay," the payment processing is carried out by the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to whom we transmit the information you provide during the ordering process along with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data is made exclusively for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent necessary for this purpose. If cookies, i.e., small text files stored on the end device, are set when using Amazon Pay, this is done solely on the basis of your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time via the "Cookie Consent Tool" implemented on the website. Further information about Amazon Payments' data protection provisions can be found at the following internet address: https://pay.amazon.com/de/help/201751600
- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your device running iOS, watchOS, or macOS by charging a payment card stored in "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you must enter a code previously set by you and verify it using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, the information you provide during the order process, along with your order details, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before forwarding it to the payment service provider of the payment card stored in Apple Pay to complete the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is completed, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on your Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac."
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality by charging a payment card stored in Google Pay or a verified payment system there (e.g., PayPal). To authorize a payment via Google Pay exceeding €25, you must first unlock your mobile device using the configured verification method (such as facial recognition, password, fingerprint, or pattern).
For the purpose of payment processing, the information you provide during the ordering process, along with information about your order, is forwarded to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which verifies the completed payment. This transaction number contains no information about the actual payment data of your payment methods stored in Google Pay but is created and transmitted as a one-time valid numeric token. In all transactions via Google Pay, Google acts solely as an intermediary to process the payment. The transaction is conducted exclusively between the user and the originating website by charging the payment method stored in Google Pay.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Google reserves the right to collect, store, and analyze certain transaction-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR based on the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed transaction data with additional information collected and stored by Google when using other Google services.
The terms of use of Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- giropay
For payment via "giropay," the payment processing is carried out by giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, to whom we forward the information you provided during the ordering process along with the information about your order. The transfer of your data is carried out exclusively for the purpose of payment processing and only to the extent necessary for this purpose in accordance with Art. 6 para. 1 lit. b GDPR. Further information about the data protection regulations of giropay GmbH can be found at the following internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung
- Klarna
When selecting a Klarna payment service, the payment processing is carried out by Klarna Bank AB (publ), https://klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). To enable the payment processing, your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number, and IP address) as well as data related to the order (e.g., invoice amount, items, delivery method) will be forwarded to Klarna for the purpose of identity and creditworthiness verification, provided you have expressly consented to this within the scope of the ordering process pursuant to Art. 6 para. 1 lit. a GDPR. You can view which credit agencies your data may be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). To the extent that score values are included in the credit report result, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things but not exclusively, address data. Klarna uses the obtained information about the statistical probability of a payment default for a balanced decision regarding the establishment, execution, or termination of the contractual relationship.
You may revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for the contractual payment processing.
Your personal data will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's privacy policy for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
processed.
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal, we transmit your payment data within the scope of payment processing to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer is made in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be transmitted to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR based on PayPal's legitimate interest in determining your creditworthiness. The result of the credit check regarding the statistical probability of payment default is used by PayPal to decide on the provision of the respective payment method. The credit report may contain probability values (so-called score values). As far as score values are included in the credit report result, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data. For further data protection information, including the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- SOFORT
When selecting the payment method "SOFORT," the payment processing is carried out by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we transmit the information you provide during the ordering process along with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this purpose. Further information about SOFORT's data protection provisions can be found at the following internet address: https://www.klarna.com/sofort/datenschutz
- Stripe
If you choose a payment method from the payment service provider Stripe, the payment processing is carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provide during the ordering process along with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Further information on Stripe's data protection can be found at the URL https://stripe.com/de/privacy#translation.
Stripe reserves the right to conduct a credit check based on mathematical-statistical methods in order to protect the legitimate interest in determining the user's creditworthiness. The personal data necessary for a credit check and obtained in the course of payment processing may be transmitted by Stripe to selected credit agencies, which Stripe discloses to users upon request. The credit report may contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things but not exclusively, address data. Stripe uses the result of the credit check regarding the statistical probability of default for the purpose of deciding on the eligibility to use the chosen payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.
However, Stripe may still be entitled to process your personal data if this is necessary for the contractual payment processing.

10) Use of review and certification seal graphics
Trusted Shops Trustbadge
To display our Trusted Shops quality seal and to offer Trusted Shops membership for buyers after an order, the Trusted Shops Trustbadge is integrated on this website.
This serves to safeguard our overriding legitimate interests in the context of a balancing of interests for the optimal marketing of our offer, Art. 6 para. 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the Trustbadge is called, the web server automatically stores a so-called server log file, which contains, for example, your IP address, date and time of the request, amount of data transferred, and the requesting provider (access data) and documents the request. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your visit to the site.
Further personal data is only transmitted to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for their use. In this case, the contractual agreement between you and Trusted Shops applies.

11) Web Analytics Services
11.1 Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called "cookies," which are text files stored on your device and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the truncated IP address) is usually transmitted to a Google server and stored there; this may also involve transmission to servers of Google LLC in the USA.
This website uses Google (Universal) Analytics exclusively with the "_anonymizeIp()" extension, which ensures anonymization of the IP address by truncation and excludes direct personal identification. Through this extension, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases is the full IP address transmitted to a Google LLC server in the USA and truncated there. On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide us with other services related to website and internet usage. The IP address transmitted by your browser within Google (Universal) Analytics is not merged with other Google data.
Google Analytics enables, through a special feature called "demographic characteristics," the creation of statistics with information about the age, gender, and interests of website visitors based on an analysis of interest-based advertising and the inclusion of third-party information. This allows the definition and differentiation of user groups of the website for the purpose of target group-optimized marketing measures. However, data sets collected via the "demographic characteristics" cannot be assigned to any specific person.
Details about the processing initiated by Google Analytics and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
All the processing described above, especially the setting of Google Analytics cookies to read information on the device used, is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, the use of Google Analytics during your visit to the site will not take place.
You can revoke your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website. We have concluded a data processing agreement with Google for the use of Google Analytics, obliging Google to protect the data of our site visitors and not to pass it on to third parties.
For the transfer of data from the EU to the USA, Google relies on so-called standard contractual clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.
Further information about Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de
11.2 Hotjar (Hotjar Ltd.)
This website uses the web analytics service Hotjar from Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788).
This tool allows tracking of movements on websites where Hotjar is used (so-called heatmaps). For example, it shows how far users scroll and which buttons users click and how often. Furthermore, the tool also enables collecting feedback directly from the website users. In this way, we gain valuable information to make our websites faster and more user-friendly. The above analysis is based on our legitimate interests in optimization and marketing purposes and the interest-based design of our website according to Art. 6 para. 1 lit. f GDPR. We pay special attention to the protection of your personal data when using this tool. Thus, we can only track which buttons you click and how far you scroll. Areas of the websites where personal data of you or third parties are displayed are automatically hidden by Hotjar and are therefore not traceable at any time.
Hotjar offers every user the option to prevent the use of the Hotjar tool by means of a “Do Not Track” header, so that no data about the visit to the respective website is recorded. This is a setting supported by all common browsers in their current versions. For this purpose, your browser sends a request to Hotjar indicating to deactivate tracking for the respective user. If you use our website with different browsers/devices, you must set the “Do Not Track” header separately for each of these browsers/devices.
A detailed guide with information about your browser can be found at: https://www.hotjar.com/opt-out
Further information about Hotjar Ltd. and the Hotjar tool can be found at: https://www.hotjar.com
The privacy policy of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy
Where legally required, we have obtained your consent for the above-described processing of your data pursuant to Art. 6 para. 1 lit. a GDPR. You may revoke your given consent at any time with effect for the future. To exercise your revocation, please follow the objection procedure described above.

12) Retargeting/ Remarketing/ Recommendation Advertising
Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing; with this, we advertise this website in Google search results as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. The processing is based on our legitimate interest in the optimal marketing of our website pursuant to Art. 6 para. 1 lit. f GDPR.
Further data processing only takes place if you have consented to Google linking your internet and app browser history with your Google account and using information from your Google account to personalize ads you view on the web. If you are logged into Google during your visit to our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to form audiences. In the context of using Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC in the USA.
Details about the processing initiated by Google Ads Remarketing and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the browser plug-in available at the following link from Google:
https://www.google.com/settings/ads/onweb/
Further information and the privacy policy regarding advertising and Google can be viewed here:
https://www.google.com/policies/technologies/ads/
Where legally required, we have obtained your consent for the above-described processing of your data in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future. To exercise your revocation, disable this service in the "Cookie Consent Tool" provided on the website or alternatively follow the objection option described above.
Pinterest Tag Conversion Tracking
This website uses the conversion tracking technology “Pinterest Tag” from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”).
If you have arrived at our website from a Pin on Pinterest, we set a cookie on your device that interacts with a likewise implemented “Tag” in the form of JavaScript code from Pinterest. Cookies are small text files stored on your device. These cookies expire after 180 days and are not used for personal identification.
If the user is redirected from a Pin on Pinterest to pages of this website and the cookie has not yet expired, the tag records certain predefined user actions by us and can track them (e.g., completed transactions, leads, search queries on the website, product page views). When such an action is performed, your browser sends an HTTP request from the cookie via the Pinterest Tag to Pinterest's server, transmitting certain information about the action (including type of action, time, browser type of the device).
Through this transmission, Pinterest can create statistics about user behavior on our website after being redirected from a Pinterest Pin, which serve us to optimize our offering.
If personal user data is processed in this context, this is done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the statistical evaluation of the success of product advertisements on Pinterest and user purchasing behavior, thereby serving to optimize our online offering.
However, we do not receive any information that would allow users to be personally identified.
If you do not wish to participate in tracking, you can object by disabling the Pinterest Tag Conversion Tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics. Alternatively, you can use the opt-out page for consumers from the EU http://www.youronlinechoices.com/de/praferenzmanagement/
check whether advertising cookies from Microsoft are set in your browser and deactivate them.
At the following internet address, you can find more information about Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy
Where legally required, we have obtained your consent for the above-described processing of your data pursuant to Art. 6 para. 1 lit. a GDPR. You may revoke your given consent at any time with effect for the future. To exercise your revocation, please follow the objection procedure described above.

13) Tools and Miscellaneous
Google reCAPTCHA
On this website, we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function primarily serves to distinguish whether an input is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in determining individual responsibility on the internet and preventing abuse and spam. In the course of using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC in the USA.
Further information about Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/
Where legally required, we have obtained your consent for the above-described processing of your data pursuant to Art. 6 para. 1 lit. a GDPR. You may revoke your given consent at any time with effect for the future. To exercise your revocation, please follow the objection procedure described above.

14) Rights of the Data Subject
14.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention) vis-à-vis the controller regarding the processing of your personal data, whereby the respective legal basis for exercising these rights is referenced:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw given consents pursuant to Art. 7 para. 3 GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
14.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS WITHIN THE SCOPE OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNING YOU. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNING YOU FOR DIRECT MARKETING PURPOSES.

15) Duration of storage of personal data
The duration of storage of personal data is determined based on the respective legal basis, the processing purpose, and—if applicable—additionally based on the respective statutory retention period (e.g., commercial and tax law retention periods).
When processing personal data based on an explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, these data will be stored until the data subject withdraws their consent.
If statutory retention periods exist for data processed within the scope of contractual or contract-like obligations based on Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after the expiration of the retention periods, provided they are no longer required for contract fulfillment or initiation and/or we no longer have a legitimate interest in further storage.
When processing personal data based on Art. 6 para. 1 lit. f GDPR, these data will be stored until the data subject exercises their right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves the assertion, exercise, or defense of legal claims.
When processing personal data for the purpose of direct advertising based on Art. 6 para. 1 lit. f GDPR, these data will be stored until the data subject exercises their right to object pursuant to Art. 21 para. 2 GDPR.
Unless otherwise specified in the other information of this statement regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.