Privacy policy

Privacy Policy

1) Introduction and Contact Details of the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data refers to all information that can be used to personally identify you.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Sven Blomenkamp, Wörthstr. 175, 47053 Duisburg, Germany, Tel.: +49 (0)15566049480, E-mail: contact@dipilu.com. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, meaning when you do not register or transmit information to us in any other way, we only collect data that your browser transmits to the server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website:

The website you visited
Date and time of access
Amount of data sent in bytes
Source/referrer from which you accessed the page
Browser used
Operating system used
IP address used (possibly anonymized)

The processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not shared or otherwise used. However, we reserve the right to review the server log files later if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to us), this website uses SSL or TLS encryption. You can recognize a secure connection by the "https://" string and the padlock symbol in your browser bar.

3) Hosting & Content-Delivery-Network

Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider's servers. We have signed a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transmission to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website more attractive and to enable the use of certain features, we use cookies, which are small text files stored on your device. Some cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device longer and allow storing page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings overview of your web browser.

If personal data is processed by individual cookies we use, the processing is carried out in accordance with Article 6(1)(b) GDPR either for the performance of the contract, Article 6(1)(a) GDPR in the case of consent, or Article 6(1)(f) GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and providing a user-friendly and effective site visit experience.

You can configure your browser to inform you when cookies are set and decide individually whether to accept them, or exclude the acceptance of cookies for specific cases or in general.

Please note that not accepting cookies may limit the functionality of our website.

5) Contact

5.1 weclapp

To process customer inquiries, we use the ticketing system of the following provider: weclapp GmbH, Friedrich-Ebert-Straße 28, 97318 Kitzingen.

If you contact us through a contact form on our website, your inquiries are stored and organized in the ticketing system to allow for chronological responses and to improve the service experience. Each inquiry is assigned a unique ticket number, which helps with internal organization and ensures seamless processing.

For organizing and processing inquiries, personal data is collected based on the scope of the information provided, at least including name, first name, and email address, which is transmitted to the provider, stored, and retrieved.

The legal basis for processing this data is our legitimate interest in efficiently organizing our customer service, promptly addressing your concerns, and optimizing our service offerings in accordance with Article 6(1)(f) GDPR.

We have signed a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

5.2 WhatsApp Business

We offer you the option to contact us via WhatsApp, the messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the "Business Version" of WhatsApp for this.

If you contact us via WhatsApp in relation to a specific transaction (e.g., an order), we store and use the mobile number you use on WhatsApp and, if provided, your first and last name, in accordance with Article 6(1)(b) GDPR to process and respond to your inquiry. Based on the same legal basis, we may also ask you to provide additional data (order number, customer number, address, or email address) to assign your request to a specific transaction.

If you use our WhatsApp contact for general inquiries (e.g., about our range of services, availability, or website), we store and use the mobile number you use on WhatsApp and, if provided, your first and last name in accordance with Article 6(1)(f) GDPR based on our legitimate interest in efficiently and promptly providing the requested information.

Your data will only be used to respond to your inquiry via WhatsApp. There will be no transfer to third parties.

Please note that WhatsApp Business accesses the address book of the mobile device we use for this purpose and automatically transmits phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device where only WhatsApp contact data of users who have contacted us via WhatsApp are stored in the address book.

This ensures that anyone whose WhatsApp contact data is stored in our address book has consented to the transmission of their WhatsApp phone number from their chat contacts' address books to WhatsApp through the acceptance of WhatsApp's terms of use in accordance with Article 6(1)(a) GDPR. The transmission of data for users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded.

For further information on the collection, processing, and use of data by WhatsApp, as well as your related rights and privacy settings, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

In the context of the above-mentioned processing, data may be transferred to Meta Platforms Inc. servers in the USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

6) Data Processing When Opening a Customer Account

In accordance with Article 6(1)(b) GDPR, personal data is further collected and processed to the extent necessary when you provide it to us during the opening of a customer account. The data required for account creation can be found in the input mask of the relevant form on our website.

You can delete your customer account at any time by sending a message to the address of the controller mentioned above. After deletion of your customer account, your data will be deleted unless all contracts concluded through it have been fully processed, there are no legal retention periods, and there is no legitimate interest on our part to retain the data.

7) Use of Customer Data for Direct Marketing

7.1 Newsletter Subscription

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory data for sending the newsletter is your email address. Providing additional data is optional and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive the newsletter after you have explicitly confirmed your consent by clicking a verification link sent to your email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6(1)(a) GDPR. We store your IP address registered by the Internet Service Provider (ISP) and the date and time of your registration to track any misuse of your email address at a later time. The data we collect when you sign up for the newsletter will be used solely for that purpose.

You can unsubscribe from the newsletter at any time via the provided link in the newsletter or by sending a corresponding message to the controller mentioned above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve the right to use your data beyond that, which is legally permitted and informed in this statement.

7.2 Sending the Email Newsletter to Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services from our range by email. We do not need separate consent from you for this according to Section 7(3) of the German Unfair Competition Act (UWG). The data processing is based solely on our legitimate interest in personalized direct marketing in accordance with Article 6(1)(f) GDPR. If you have initially objected to the use of your email address for this purpose, no email will be sent by us.

You are entitled to object to the use of your email address for this advertising purpose at any time with effect for the future by sending a message to the controller mentioned at the beginning. For this, you will only incur transmission costs based on the basic rates. After we receive your objection, the use of your email address for advertising purposes will be immediately stopped.

7.3 MailChimp

The sending of our email newsletters is done via this provider: The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided during the newsletter signup to this provider in accordance with Article 6(1)(f) GDPR so that they can handle the newsletter distribution on our behalf.

Subject to your explicit consent in accordance with Article 6(1)(a) GDPR, the provider also performs statistical evaluations of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the content of the newsletter. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and analyzed but is not merged with other data.

You can withdraw your consent to newsletter tracking at any time with effect for the future.

We have signed a data processing agreement with the provider that protects the data of our site visitors and prohibits unauthorized disclosure to third parties.

7.4 Stock Availability Notification via Email

For temporarily unavailable items, you can sign up to receive email notifications when the item is back in stock. In this case, we will send you an email notification once regarding the availability of the item you selected. The only required data for sending this notification is your email address. Providing additional data is voluntary and may be used to address you personally. For sending the email, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have explicitly confirmed your consent by clicking a verification link sent to your email address.

You can unsubscribe from the availability notifications at any time by sending a message to the controller mentioned above. After unsubscribing, your email address will be immediately deleted from our distribution list, unless you have explicitly consented to further use of your data or we reserve the right to use your data beyond that, which is legally permitted and informed in this statement.

7.5 Shopping Cart Reminder via Email

If you abandon your shopping cart before completing the order, you can opt to receive a one-time reminder by email about the contents of your virtual shopping cart.

The only required data for sending this reminder is your email address. Providing additional data is voluntary and may be used to address you personally. For sending the email, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have explicitly confirmed your consent by clicking a verification link sent to your email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6(1)(a) GDPR for sending a shopping cart reminder. We store your IP address registered by the Internet Service Provider (ISP) and the date and time of your registration to track any misuse of your email address at a later time. The data we collect when you sign up for our email notification service will be used solely for that purpose.

You can unsubscribe from the shopping cart reminder at any time by sending a message to the controller mentioned above. After unsubscribing, your email address will be immediately deleted from our distribution list, unless you have explicitly consented to further use of your data or we reserve the right to use your data beyond that, which is legally permitted and informed in this statement.

8) Data Processing for Order Fulfillment

8.1 Transmission of Image Files for Order Fulfillment via Email

On our website, we offer you the opportunity to customize products by submitting image files via email. The submitted image will be used as a template for the customization of the selected product.

Via the provided email address on the website, you can transmit one or more image files from the memory of your device to us. We collect, store, and use these transmitted files solely for the purpose of manufacturing the personalized product as described on our website. If the submitted image files are shared with third-party service providers for manufacturing and order processing, you will be informed about this in the following paragraphs. No further transfer will occur. If the submitted files contain personal data (particularly images of identifiable individuals), all processing activities mentioned above will occur solely for the purpose of processing your online order in accordance with Article 6(1)(b) GDPR.

After the order has been completed, the submitted image files will be automatically and completely deleted.

8.2 Transmission of Image Files for Order Fulfillment via Message Function

If you have the option to submit image files through the message function to customize products, the submitted image will be used as a template for the product customization.

Through the available messaging function, you can transmit one or more image files from your device's memory to us. We collect, store, and use these transmitted files solely for the purpose of manufacturing the personalized product as described in the respective service description on our website.

If the transmitted image files are shared with third-party service providers for manufacturing and order processing, you will be informed about this in the following paragraphs. No further transfer will occur. If the submitted files contain personal data (particularly images of identifiable individuals), all processing activities mentioned above will occur solely for the purpose of processing your online order in accordance with Article 6(1)(b) GDPR.

After the order has been completed, the submitted image files will be automatically and completely deleted.

8.3 Transmission of Image Files for Order Fulfillment via Upload Function

On our website, we offer you the opportunity to submit image files via an upload function to customize products. The submitted image will be used as a template for the product customization.

Through the upload form on the website, you can transmit one or more image files from your device's memory directly to us via automated, encrypted data transmission. We collect, store, and use the transmitted files solely for the purpose of manufacturing the personalized product as described on our website. If the transmitted image files are shared with third-party service providers for manufacturing and order processing, you will be informed about this in the following paragraphs. No further transfer will occur. If the submitted files contain personal data (particularly images of identifiable individuals), all processing activities mentioned above will occur solely for the purpose of processing your online order in accordance with Article 6(1)(b) GDPR.

After the order has been completed, the submitted image files will be automatically and completely deleted.

8.4 If required for contract fulfillment purposes related to delivery and payment, the personal data we collect will be transmitted to the commissioned transport company and the bank.

If we owe you updates for goods with digital elements or digital products based on a contract, we process the contact details you provided during the order (name, address, email address) to personally inform you about upcoming updates within the statutory period as part of our legal obligations in accordance with Article 6(1)(c) GDPR. These contact details are strictly used for communications regarding the updates we owe and processed only as necessary for the respective notification.

To process your order, we also work with the following service provider(s), who assist us in fulfilling the contracts. Certain personal data will be transmitted to these service providers as outlined below.

8.5 Transmission of Personal Data to Shipping Service Providers

- DHL

We use the following provider as a transport service: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.

We will transmit your email address and/or phone number to the provider in accordance with Article 6(1)(a) GDPR before the goods are delivered for the purpose of coordinating a delivery date or announcing delivery, provided you have expressly consented to this during the ordering process. Otherwise, we will only transmit the recipient's name and delivery address to the provider in accordance with Article 6(1)(b) GDPR for delivery purposes. The transmission will only occur to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery announcement is not possible.

The consent can be revoked at any time for the future towards the responsible person mentioned above or towards the provider.
- DPD

We use the following provider as a transport service: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany.

The consent can be revoked at any time for the future towards the responsible person mentioned above or towards the provider.

8.6 Use of Payment Service Providers

- PayPal

On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you choose a payment method from this provider where you pay in advance, your payment data (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Article 6(1)(b) GDPR. The transmission of your data only occurs for the purpose of processing the payment with the provider and only to the extent necessary.

If you select a payment method where we pay in advance, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and possibly data for an alternative payment method) during the ordering process.

To protect our legitimate interest in determining your ability to pay, we transmit this data to the provider for credit checks in accordance with Article 6(1)(f) GDPR. The provider will check, based on the personal data you provide and other information (such as shopping cart, invoice amount, order history, payment experiences), whether the selected payment method can be granted based on payment and/or default risks.

The credit check may include probability values (so-called score values). If score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among others, are included in the calculation of the score values.

You can object to the processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for contract-compliant payment processing.
- Shopify Payments

On this website, one or more online payment methods from the following provider are available: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

If you select a payment method where you pay in advance (e.g., credit card payment), your payment data (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Article 6(1)(b) GDPR. The transmission of your data only occurs for the purpose of processing the payment with the provider and only to the extent necessary.

9) Web Analytics Services

Google Analytics 4

This website uses Google Analytics 4, a web analytics service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows for an analysis of your use of our website.

By default, when you visit the website, Google Analytics 4 sets cookies that store certain information on your device. This includes your IP address, which is anonymized by Google by truncating the last digits to exclude direct personal identification.

The information is transmitted to servers of Google and further processed there. This may also involve transmission to Google LLC servers in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activities for us, and provide additional services related to website and internet use. The truncated IP address transmitted by your browser in connection with Google Analytics is not merged with other data from Google. The data collected via Google Analytics is stored for two months and then deleted.

All of the above processing, especially the setting of cookies on the used device, occurs only if you have given us your explicit consent under Article 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the "Cookie Consent Tool" provided on the website.

We have entered into a data processing agreement with Google that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and https://policies.google.com/technologies/partner-sites

Demographic Features

Google Analytics 4 uses the special "demographic features" function and can generate statistics that provide information about the age, gender, and interests of website visitors. This is done by analyzing advertising and third-party information. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and is deleted after being stored for two months.

Google Signals

As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google, subject to your consent to use Google Analytics under Article 6(1)(a) GDPR, can analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive personal data from Google, only statistics. If you want to stop cross-device analysis, you can deactivate the "Personalized Ads" function in your Google account settings. Follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de. More information on Google Signals can be found at https://support.google.com/analytics/answer/7532985?hl=de

UserIDs

As an extension to Google Analytics 4, the "UserIDs" function can be used on this website. If you have consented to the use of Google Analytics 4 under Article 6(1)(a) GDPR, set up an account on this website, and log in on different devices with this account, your activities, including conversions, can be analyzed across devices.

10) Retargeting/ Remarketing and Conversion Tracking

Meta Pixel

Within our online offering, we use the service "Meta Pixel" from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

If you click on an advertisement placed by us on Facebook and/or Instagram, "Meta Pixel" will extend the URL of our linked page with a parameter. This URL parameter is then entered into the browser of the user after the redirection by a cookie set by our linked page.

In this way, Meta can determine the visitors to our online offer as a target audience for displaying ads (so-called "Ads"). Accordingly, we use the service to display Facebook and/or Instagram Ads only to users who have shown interest in our online offer or who have certain characteristics (e.g., interest in specific topics or products, which are determined by the visited websites) that we transmit to Meta (so-called "Custom Audiences").

Furthermore, "Meta Pixel" can track whether users were redirected to our website after clicking on an ad and what actions they take there (so-called "Conversion Tracking").

The data collected is anonymous to us, so it does not provide us with any conclusions about the identity of users. However, the data is stored and processed by Meta, so a connection to the respective user profile is possible, and Meta can use the data for its own advertising purposes.

All of the above-mentioned processes, especially the setting of cookies to read information on the used device, will only take place if you have given us your explicit consent in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have entered into a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

The information generated by Meta is usually transmitted to a server of Meta and stored there. In this context, a transfer to Meta Platforms Inc. servers in the USA may also occur.

11) Page Features

11.1 YouTube

This website uses plugins for displaying and playing videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC., USA

If you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the plugin. Certain information, including your IP address, is transmitted to the provider.

If the embedded video playback is started via the plugin, the provider also uses cookies to collect information about user behavior, create playback statistics, and prevent abusive behavior.

If you are logged into a user account with the provider during your page visit, your data will be directly associated with your account when you click on a video. If you do not want the association with your account, you must log out before clicking the play button.

All of the above processes, especially the setting of cookies to read information on the used device, will only take place if you have given us your explicit consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

11.2 Google Maps

This website uses an online map service from the following provider: Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. By using this service, our location is shown to you, and possible navigation is facilitated.

When accessing the pages that integrate Google Maps, information about your usage of our website (such as your IP address) is transmitted to Google servers and stored there. This may also involve transmission to Google LLC servers in the USA.

If you are logged into your Google account during the page visit, your data is directly associated with your account when you click on a map. If you do not want the association with your Google profile, you must log out before activating the map.

Collection, storage, and analysis are carried out in accordance with Article 6(1)(f) GDPR based on Google's legitimate interest in displaying personalized ads, market research, and/or tailoring Google websites to users' needs. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google. If you do not agree with the future transmission of your data to Google as part of the use of Google Maps, you can fully disable the Google Maps web service by disabling the JavaScript application in your browser. Google Maps and the map display on this website will then not be used.

As far as legally necessary, we have obtained your consent in accordance with Article 6(1)(a) GDPR for the above-mentioned processing of your data. You can withdraw your consent at any time for the future. To exercise your right of withdrawal, please follow the objection options described above.

Further information on Google's data protection practices can be found here: https://business.safety.google/intl/de/privacy/

11.3 - Best Currency Converter

This website uses the service “Best Currency Converter” by Grizzly Apps SRL, Str. Muresului Nr. 7 Bloc E23, Scara B, Apartament 15, Brasov, Romania (“Best Currency Converter”).

Based on our legitimate interest in displaying prices in the local currency of your location, Best Currency Converter collects and analyzes your IP address in accordance with Article 6(1)(f) GDPR to adjust price displays on the website to your location. The IP address is not permanently stored. Additionally, Best Currency Converter sets a functional cookie in your browser after the first currency adjustment to store the currency setting for the duration of a session. After the session expires, the cookie is automatically deleted.

11.4 Shopsync for Shopify

This website uses the Shopify app “Shopsync” by ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.

Shopsync synchronizes the Mailchimp newsletter service with our Shopify account so that updates in Mailchimp's email lists (such as a recipient opting out of a newsletter) are also automatically updated in Shopify and new contact data generated through contract closures on Shopify is automatically transferred to Mailchimp's email lists.

In the first case, data processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in effectively and cross-platform maintaining advertising recipient files and efficiently addressing legally significant status changes.

In the second case, the transfer of the following data to Mailchimp takes place based solely on your explicit consent under Article 6(1)(a) GDPR after a contract is concluded on Shopify to add the contact's first and last name, address, and email address, along with transaction-related information (purchase amount, time, and date of purchase).

Transferred data is not stored or retained by ShopSync after synchronization. All information synchronized between Shopify and Mailchimp is transmitted using SSL (Secure Socket Layer) technology, and all transmitted information remains encrypted during the synchronization process.

The synchronization process requires the transmission of information over a secure connection to servers hosted by Amazon Web Services in the USA.

For more privacy-related information regarding ShopSync, you can find it here: https://www.shop-sync.com/privacy-policy

12) Tools and Miscellaneous

12.1 - For handling your accounting, we use the cloud-based accounting software service from the following provider: weclapp GmbH, Friedrich-Ebert-Straße 28, 97318 Kitzingen.

The provider processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company to automatically capture invoices, match them to transactions, and generate the financial accounting in a partially automated process.

If personal data is processed in this context, the processing is based on our legitimate interest in efficiently organizing and documenting our business transactions in accordance with Article 6(1)(f) GDPR.

12.2 Cookie Consent Tool

This website uses a “Cookie Consent Tool” to obtain effective user consents for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to you when accessing the page in the form of an interactive user interface, where you can grant consents for certain cookies and/or cookie-based applications by checking boxes. By using the tool, all cookies and services that require consent are only loaded if you explicitly grant consent by checking the boxes. This ensures that such cookies are only set on your device if you have granted the corresponding consent.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie preferences, the processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and hence ensuring the legal structuring of our online presence.

Another legal basis for processing is also Article 6(1)(c) GDPR. We, as the controller, are legally obligated to make the use of technically unnecessary cookies dependent on the user's consent.

Where required, we have entered into a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

Further information about the operator and settings of the Cookie Consent Tool can be found directly in the respective user interface on our website.

13) Rights of the Data Subject

13.1 The applicable data protection law grants you the following rights with respect to the processing of your personal data by us as the controller, with reference to the respective legal basis:

Right to access according to Article 15 GDPR;
Right to rectification according to Article 16 GDPR;
Right to erasure according to Article 17 GDPR;
Right to restriction of processing according to Article 18 GDPR;
Right to notification according to Article 19 GDPR;
Right to data portability according to Article 20 GDPR;
Right to withdraw consent given according to Article 7(3) GDPR;
Right to complain according to Article 77 GDPR.

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING MAY STILL BE REQUIRED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING AT ANY TIME. YOU CAN EXERCISE THIS RIGHT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

14) Duration of the Storage of Personal Data

The duration of storage of personal data depends on the respective legal basis, the purpose of processing, and, if applicable, any statutory retention periods (e.g., commercial and tax retention periods).

When processing personal data based on explicit consent under Article 6(1)(a) GDPR, the affected data will be stored until you withdraw your consent.

If statutory retention periods exist for data processed within the framework of contractual or quasi-contractual obligations under Article 6(1)(b) GDPR, such data will be routinely deleted after the expiration of the retention periods, unless they are still needed for contract fulfillment or initiation and/or we have a legitimate interest in continuing to store them.

When processing personal data under Article 6(1)(f) GDPR, such data will be stored until you exercise your right to object under Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims.

When processing personal data for direct marketing purposes under Article 6(1)(f) GDPR, such data will be stored until you exercise your right to object under Article 21(2) GDPR.

Unless otherwise specified in the specific processing situations outlined in this statement, stored personal data will be deleted once they are no longer necessary for the purposes for which they were collected or otherwise processed.

Last updated: 12.11.2025, 08:55:55 AM