Privacy Policy

1.Introduction

This website is operated by: MySleepyOne Mercy Schmidt .

It is very important to us to handle the data of our website visitors with confidence and to protect them in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR.

Below we explain how we process your data on our website. We use language that is as clear and transparent as possible so that you really understand what happens to your data.

2.General information

2.1Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) in front of which you are currently sitting. Such data is processed when 'something happens to it'. Here, for example, the IP is transmitted from the browser to our provider and stored there automatically. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2Applicable regulations/laws - GDPR, BDSG and TDDDG

The scope of data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

In addition, the TDDDG supplements the provisions of the GDPR as far as the use of cookies is concerned.

2.3The responsible

The controller within the meaning of the GDPR is responsible for data processing on this website. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

You can reach the responsible person under:

MySleepyOne Mercy Schmidt

Feriendorfstr. 17 34308 Bad Emstal

mercy@mysleepyone.com

2.4This is how data is basically processed on this website

As we have already established, there is data (e.g. IP address) that is collected automatically. This data is mainly required for the technical provision of the website. If we also use personal data or collect other data, we will inform you of this or ask for your consent.

Other personal data you share with us consciously.

You will find more detailed information below.

2.5Yours Right

The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.

You can find out in detail what these rights are and how to exercise them in the last section of this Privacy Policy.

2.6Data protection - Our view

Data protection is more than just a chore for us! Personal data is of great value and careful handling of this data should be a matter of course in our digitalized world. In addition, you as a website visitor should be able to decide for yourself what "happens" to your data, when and by whom. Therefore, we undertake to comply with all legal provisions, collect only the data necessary for us and, of course, treat them confidentially.

2.7Disclosure and deletion

The transfer and deletion of data are also important and sensitive topics. Therefore, we would like to briefly inform you in advance about our general approach to this.

A transfer of data only takes place on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called Data Processor and a Data Processing Agreement has been concluded in accordance with Art. 28 GDPR.

We delete your data when the purpose and the legal basis for processing cease to exist and the deletion is not contrary to any other legal obligations. A 'good' overview of this is also provided by Art. 17 GDPR.

For further information, please refer to this Privacy Policy and contact the responsible person if you have any specific questions.

2.8Hosting

This website is hosted externally. The personal data collected on this website is stored on the host's servers. This includes the automatically collected and stored log files (see below for more details), as well as all other data provided by website visitors.

External hosting is used for the purpose of secure, fast and reliable provision of our website and in this context serves to fulfill the contract with our potential and existing customers.

The legal basis for the processing is Art. 6 para. 1 lit. a, b and f GDPR, as well as § 25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the terminal device of the website visitor or user within the meaning of the TDDDG.

Our hoster only processes data that is necessary for the fulfillment of its service obligation and acts as our Data Processor, which means that it is subject to our instructions. We have concluded a corresponding Data Processing Agreement with our hoster.

We use the following hoster:

Squarespace

Squarespace Ireland Ltd, Le Pole House, Ship Street Great, Dublin 8, Ireland.

https://de.squarespace.com/kontakt

https://de.squarespace.com/data-privacy.

2.9Legal basis

The processing of personal data always requires a legal basis. The GDPR provides for the following possibilities in Art. 6 (1) Sentence 1:

a)The data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes;

b)the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject's request;

c)processing is necessary for compliance with a legal obligation to whichthe responsible person is subject to;

d)the processing is necessary in order to protect the vital interests of the data subject or another natural person;

e)processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested inthe responsible was transferred;

f)processing is necessary for the purposes of safeguarding the legitimate interests ofof the responsible orof a third party necessary, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override this, in particular where the data subject is a child.

In the following sections, we will provide you with the specific legal basis for the respective processing.

3.What happens on our website

By visiting our website, we process personal data about you.

To protect this data as best as possible against unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the fact that a https:// or a lock symbol is displayed in the address bar of your browser.

In the following, you will learn which data is collected when you visit our website, for what purpose this is done and on what legal basis.

3.1Data collection when calling up the website

By calling up the website, information is automatically stored in so-called server log files. This is the following information:

-Browser type and version

-Operating system used

-Referrer URL

-Host name of the accessing computer

-Time of the server request

-IP address

This data is temporarily required in order to be able to display our website to you permanently and without problems. In particular, this data serves the following purposes:

-System security of the website

-System stability of the website

-Website troubleshooting

-Connecting to the website

-Website presentation

The data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular the interest in the functionality of the website as well as its security.

If possible, this data is stored pseudonymously and deleted after the respective purpose has been achieved.

Insofar as the server log files allow the identification of the person concerned, the data is stored for a maximum period of 14 days. An exception exists if a security-relevant event occurs. In this case, the server log files are stored until the elimination and final clarification of the security-relevant event.

For the rest, a consolidation with other data does not take place.

3.2Cookies

3.2.1General

This website uses so-called cookies. This is a data record, information that is stored in the browser of your terminal device and is related to our website.

By setting cookies, the navigation of the website in particular can be made easier for the visitor.

In our Cookie Consent Tool you will find all information about the cookies we have in use on our website (if applicable after your consent).

3.2.2Reject cookies

You can manage all cookies that are not technically necessary directly via our cookie consent tool.

The setting of cookies can be prevented by adjusting the settings of your browser.

Here you can find the corresponding links to frequently used browsers:

Mozilla Firefox:https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=en

Google Chrome:https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de

Microsoft Edge:https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari:https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac. As far asYou another browserusesit is recommended to use the nameYours browser and 'delete and manage cookies' in a search engine and follow the official link toYour browser to follow.

Alternativeyou can use your Cookie settings also under www.aboutads.info/choices/ or www.youronlinechoices.commanage.

However, we must inform you that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website.

3.2.3Technically necessary cookies

We use technically necessary cookies on this website to ensure that our website functions without errors and in accordance with applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

The legal basis for this is, depending on the individual case, Art. 6 para. 1 lit. b, c and/or f GDPR.

3.2.4Technically unnecessary cookies

We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer functions of the website that are not technically necessary.

The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.

3.3Data processing through user input

3.3.1Own data collection

We offer the following (services) on our website: Coaching, Newsletter, Purchases.

For this purpose, we collect the following data:

Name

E-mail address

Phone number

Account data

Personal data

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as the respective purpose ceases to apply and it is possible in accordance with the legal requirements.

3.3.2Comment function

The website visitor has the opportunity to write a comment on our website.

For security reasons, we collect the IP address in order to prevent misuse and, if necessary, to be able to take criminal action, as well as the content of the comment and the (user) name provided for publication on our website.

We also process your email address to ensure that you are a genuine user and not an automated program (spam). The e-mail address can also be used to contact you in the event of queries or responses to your comment.

The data is processed with consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.

The data collected will be stored as long as the comment is publicly accessible on the website or as long as this is required for legal reasons. The data will then be deleted, unless statutory retention periods prevent this.

3.3.3Contact

a)E-mail

When you contact us by email, we process your email address and any other data contained in the email. This data is stored on the mail server and in some cases on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

b) Contact form

We offer a contact form. This is used to contact our company.

In this form, we usually process your first and last name, your telephone number, your e-mail address, a postal address and the content of the message. The data is stored on our web server and forwarded internally to the relevant e-mail addresses.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in responding to your request and in an uncomplicated way of contacting you. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

We delete this data no later than 3 months after receipt, unless it is required for a contractual relationship that has arisen.

We bind the contact form of

Squarespace

Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland

https://www.squarespace.com/privacy

on our website.

3.3.4Questionnaires/forms

a)Jotform

This website uses Jotform. Jotform is a service for creating online forms. This service is provided by Jotform Inc, 111 Pine St Suite, 1815 San Francisco, California 94111, USA.

This service allows us to create online forms to collect messages, requests or other input for our website and embed them there.

Jotform uses cookies to collect and store data on our website. These cookies are only set with consent. This consent can be revoked and managed at any time in our cookie consent tool. The legal basis for this is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user's terminal device or the storage of cookies within the meaning of the TDDDG.

In addition, the legal basis for the use of Jotform is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in creating online forms and integrating them into our website in a functioning manner. Insofar as the data processing via the form serves the provision of our contractual services, the legal basis is Art. 6 para. 1 lit. b GDPR.

The data entered by the website visitor in the form will be stored on Jotform's servers until the website visitor requests deletion, a given consent to storage is revoked, or the purpose for storing the data no longer applies. Mandatory legal provisions regarding retention periods remain unaffected.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

You can find more information here:

https://www.jotform.com/gdpr-compliance/dpa/.

3.4Cookie Consent Tool

3.4.1Squarespace

To ensure that only those cookies are set on our website for which there is a legal basis, we use the consent management tool from Squarespace. This service is provided by Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland.

This service is used to obtain the consent of the website visitor to the storage of certain cookies in his browser or the use of certain technologies and to document it in accordance with data protection law.

When this website is accessed, the consent given by the website visitor or the withdrawal of consent is stored as a Squarespace cookie in the website visitor's browser. A connection to the Squarespace servers is established for this purpose.

The legal basis is Art. 6 para. 1 lit. c GDPR. Squarespace is used to obtain the legally required consent for the use of cookies.

Until the website visitor requests deletion or Squarespace itself deletes the data or the purpose for storing the data no longer applies, the data collected will be stored. The mandatory statutory retention periods remain unaffected by this.

3.5Website Builder System

3.5.1Squarespace

We use Squartespace to create our website. This is a service of Squarespace Ireland Limited, Le Pole House, Ship Street Great, Dublin 8, D08N12C, Ireland.

This service allows us to design our website according to our wishes and meet our goal of user-friendliness.

Squarespace uses cookies for, among other things, browsing security and to prevent cross-site request forgery (session cookies), as well as for secure transactions.

The service is technically necessary to display our website. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.

Squarespace also processes data in the USA. In case of data transfer to the USA, the standard contractual clauses (SCCs) apply.

More information:

https://www.squarespace.com/privacy.

3.6Newsletter

3.6.1Substack

substack.com

3.7Mailing service

3.7.1squarespace

squarespace.com

3.8Analysis and tracking tools

3.8.1Google Analytics

We use Google Analytics on this website. Google Analytics is a web analytics service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies to recognize the user and thus analyze usage behavior. These cookies are only set with consent. Consent can be revoked at any time and managed in our cookie consent tool.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

The information collected here is usually transferred to a Google server in the USA and stored there. On July 10, 2023, the European Commission adopted an adequacy decision for the USA. Google LLC is certified under the EU-US Privacy Framework. However, as the Google servers are located worldwide and data transfer to third countries (e.g. Singapore) cannot be ruled out, the EU Commission's Standard Contractual Clauses (SCC) apply.

The use of Google Analytics results in IP anonymization. The IP address of the respective user is shortened on servers within the member states of the EU (or the European Economic Area) in such a way that it is no longer possible to trace it back to a natural person. In addition, Google undertakes to provide appropriate data protection via the Google Ads data processing conditions and creates an evaluation of website use and website activity and provides the services associated with use. The Google Ads Data Processing Terms apply to companies that are subject to the EU General Data Protection Regulation (GDPR) of the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) or similar regulations.

An additional browser plugin can be used to prevent the information collected (such as the IP address) from being sent to Google and used by Google. The plugin and further informationyou will find under https://tools.google.com/dlpage/gaoptout?hl=de.

Otherwise, the storage period depends on the type of data processed. Each customer can choose how long Google Analytics stores data before it is automatically deleted. The maximum lifespan of a Google Analytics cookie is two years.

Further information on the use of data by Googleyou will findalso under https://support.google.com/analytics/answer/6004245?hl=de. For all further questionsyou can also directly tosupport-deutschland@google.com turn.

3.8.2Pinterest tag

We use Pinterest Tag on this website. Pinterest Tag is a web analysis service. This service is provided by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Pinterest Tag can be used to record interactions on a website. This data can then be used to display interest-based advertising to website visitors on other websites in the Pinterest tag advertising network.

Pinterest Tag uses cookies to recognize the website visitor and to analyze user behavior.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user's terminal device or the storage of cookies within the meaning of the TDDDG.

The data collected is also transferred to the USA and other third countries. The standard contractual clauses (SCC) of the EU Commission apply to data transfers to the USA.

More information:

https://policy.pinterest.com/de/privacy-policy

https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag.

3.8.3Calendly

We use the Calendly service for analysis and tracking purposes. This service is provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA. Calendly enables us to analyze usage data and interactions on our website in order to improve the user experience and optimize the performance of our services.

The data processed in this context includes technical information such as IP addresses, browser types, operating systems, error logs and usage data. This data is used to improve the stability and performance of our web applications and to identify and resolve technical problems. The service in question stores the data on servers worldwide, including the USA, and may set cookies for data collection and storage. These cookies are only set with consent. This consent can be revoked at any time. The legal basis for the use of cookies is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user's terminal device or the storage of cookies within the meaning of the TDDDG.

The legal basis for the processing of the collected data is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in using this tool to optimize our website and to integrate analysis and tracking functionalities.

The data will be stored until the data subject requests deletion, revokes consent to storage or the purpose for storage no longer applies. Mandatory statutory provisions on retention periods remain unaffected.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

More information:

https://calendly.com/legal/privacy-notice.

3.8.4Google Search Console

We integrate the Google Search Console service on our website, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Search Console is a service that enables us to monitor the indexing status of our website and optimize its visibility in Google search results.

Various data is processed, including information on website performance, clicks, accesses and technical errors that occur on the website. The purpose of data processing is to improve search engine optimization (SEO), analyze the technical performance of the website and correct errors.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in optimizing our website in the search results and ensuring its functionality.

Google Search Console does not set cookies on our website. However, data may be transferred to third countries, in particular to the USA, as Google operates servers worldwide. The standard contractual clauses (SCCs) of the EU Commission are used to ensure an adequate level of data protection.

The data is stored for as long as it is necessary for the respective processing purpose or until the user requests deletion.

Further information on data processing can be found at:https://policies.google.com/privacy.

3.9Social media plugins

3.9.1Facebook

Elements of the social network Facebook are integrated on this website. This service is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

If the social media element is activated, a direct connection is established between the website visitor and the Facebook servers and their IP address is transmitted to Facebook. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on this website with the help of Facebook and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Habour, Dublin 2, Ireland are jointly responsible for the data processing pursuant to Art. 26 GDPR. This joint responsibility is limited here exclusively to the collection and transfer of data to Facebook. There is an agreement on joint processing for this purpose:

https://www.facebook.com/legal/controller_addendum. We are responsible for providing data protection information when using the Facebook tool and for the secure integration of the tool on the corresponding website in accordance with data protection law. Facebook, on the other hand, is responsible for the data security of its products. This means that data subjects' rights with regard to the data processed by Facebook must be asserted directly with Facebook.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

More information:

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381

https://www.facebook.com/policy.php

https://de-de.facebook.com/privacy/explanation.

3.9.2Instagram

Elements of the social network Instagram are integrated on this website. This service is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If the social media element is activated, a direct connection is established between the website visitor and the servers of Instagram and their IP address is transmitted to Instagram. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account. We as the website operator do not gain any knowledge about the content of the transmitted data.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

If personal data is collected on this website with the help of Facebook or Instagram and forwarded to Meta, the website operator and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Habour, Dublin 2, Ireland are jointly responsible for the data processing pursuant to Art. 26 GDPR. This joint responsibility is limited exclusively to the collection and transfer of data to Facebook and Instagram. There is an agreement on joint processing for this purpose:

https://www.facebook.com/legal/controller_addendum.

The website operator is responsible for providing the data protection information when using the Instagram tool and for the secure integration of the tool on the corresponding website in accordance with data protection law. Facebook or Instagram, on the other hand, is responsible for the data security of their products. It follows from this that data subject rights with regard to the data processed by Facebook or Instagram must be asserted directly against Facebook or Instagram.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381

https://www.facebook.com/policy.php

https://instagram.com/about/legal/privacy/.

3.10Social media profiles

In addition to our website, our company is also present on social networks. Here we want to present our company and create the opportunity to get in touch with us.

We also use the opportunity to place advertisements and job advertisements on social media.

In the following, we provide information about what data we and the respective social network process when you visit and interaction with our profile.

3.11Facebook

We operate a Facebook fan page at https://www.facebook.com/. This social network is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

3.11.1Interaction with our company profile

When you visit our Facebook profile and interact with us via it, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Facebook profile.

Insofar as an inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

3.11.2Page Insights

As explained in the Meta Privacy Policy under "How do we use your information?" (Meta also collects and uses information to provide analytics services, known as Page Insights, for site operators. This also applies to our Facebook page.

Page insights are summarized statistics that are created based on certain interactions of visitors with pages and the content associated with them (e.g. viewing a page or a video, subscribing to a page, marking a page with "Like" or "No longer like", etc.) and are logged by the meta servers.

In connection with the Page Insights, Meta provides us with summarized statistics and insights that give us information about how people interact with our company website. We do not have access to any personal data, only to the summarized Page Insights. With the help of Page Insights, we can view anonymous statistics, e.g. the reach of our account, page views, likes, etc.. These also contain evaluations according to the age, gender and location of the users (as specified by them in their respective Facebook profiles). To evaluate the reach, we can make settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post and demographic groupings. This data is anonymized. It is not possible for us to draw conclusions about specific individuals.

The purpose of processing this data is to analyze our reach and adapt our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place advertisements in order to better market our company and our services.

The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of the so-called Page Insights, we are jointly responsible with Facebook in accordance with Art. 26 para. 1 GDPR.

We have concluded a corresponding agreement with Facebook for this purpose, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum).

The contact details for Facebook are:

Online contact: https://www.facebook.com/help/contact/1650115808681298

Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For Facebook, you can contact the data protection officer at the following link:

https://www.facebook.com/help/contact/540977946302970.

Further information about the Page Insights:

https://de-de.facebook.com/legal/terms/page_cntroller_addendum

3.11.3Processing of personal data and cookies by Meta

When you access a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses). Facebook also stores information about the end devices of its users (e.g. as part of the "login notification" function); Facebook may thus be able to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This enables Facebook to track that you have visited this page and how you have used it. Facebook buttons integrated into websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to tailor content or advertising to you.

Information on how personal data can be managed or deleted can be found in Facebook's Privacy Center:

https://www.facebook.com/privacy/center/.

Further information on the handling of data by Facebook can be found here:

http://de-de.facebook.com/about/privacy.

3.12Instagram

We operate an Instagram profile. This social media platform is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

3.12.1Interaction with our company profile

When you visit our Instagram profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information.

Insofar as an inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

3.12.2Insights

As explained in the Meta Privacy Policy under "How do we use your information?" (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect), Meta also collects and uses information to provide analytics services, known as insights, for site operators. This also applies to our Instagram profile.

Insights are summarized statistics that are created based on certain interactions of visitors with pages and the content associated with them and are logged by the meta servers. This includes the following information, among others

-How many people see and interact with our products, services or content, such as posts, videos, Instagram pages, listings, stores and advertisements (if the advertisement is shown on meta-products);

-How people interact with our content, websites, apps and services;

-Which group of people interact with our content and which group of people use our services.

Meta provides us with summarized reports and insights that tell us how well our content, features, products and services are performing.

We do not receive access to personal data, but only to the summarized reports.

To evaluate the reach, we can make settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post and demographic groupings. This data is anonymized. It is not possible for us to draw conclusions about specific individuals.

The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of the so-called Insights, the processing is carried out under joint responsibility with Meta in accordance with Art. 26 para. 1 GDPR.

We have concluded a corresponding agreement with Meta, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum.).

Meta's contact details are as follows:

Online contact: https://www.facebook.com/help/contact/1650115808681298

Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For Instagram, you can contact the data protection officer at the following link:

https://www.facebook.com/help/contact/540977946302970.

Further information about the Insights:

https://de-de.facebook.com/help/pages/insights.

You can find Instagram's full privacy policy here:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Processing of personal data and cookies by Meta

When you access an Instagram page, the IP address assigned to your device is transmitted to Meta. According to Meta, this IP address is anonymized (for "German" IP addresses). Meta also stores information about the end devices of its users (e.g. as part of the "login notification" function); Meta may thus be able to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your device. This enables Meta to track that you have visited this page and how you have used it. Meta buttons integrated into websites enable Meta to record your visits to these websites and assign them to your Instagram profile. This data can be used to tailor content or advertising to you.

Further information:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.

3.12.3Threads

We also use the functions of Threads. Data collected when using the service, including IP address, application used and information on the end device as well as websites accessed, location and mobile phone provider, are processed by Meta Platform, Inc. as described above. This data may also be transferred to countries outside the European Union. The data collected is linked to the account or profile at Threads. There is no control over the specifics of the data processed by Threads, including its processing, use or disclosure to third parties. Further information:

https://help.instagram.com/769983657850450/?helpref=uf_share

https://privacycenter.instagram.com/policy.

3.13Third-party content

3.13.1Zapier

We use Zapier on this website. Zapier is a tool to synchronize different services with each other. This service is provided by Zapier Inc, Market St. #62411, San Francisco, CA 95104-5401, USA.

With the help of Zapier, it is possible to automatically display the content of a website on the associated social media channels. Depending on the function of Zapier, different personal data is processed here.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

https://zapier.com/tos

https://zapier.com/privacy/.

3.13.2Dieter Live API

We use the Live API from Dieter macht den Datenschutz to display our Privacy Policy. This is a service of simply Legal GmbH, Burkarderstraße 36, 97082 Würzburg.

The API is a technical interface. When you access our Privacy Policy, a connection to the servers of simply Legal GmbH is established. Your IP address will be transmitted to simply Legal GmbH.

Further information on the handling of data by simply Legal GmbH:

https://www.dieter-datenschutz.de/datenschutz/.

3.13.3PayPal donation button

We integrate a donation button of the PayPal service, PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, on our website.

The donation button is integrated as an iFrame on our website. This means that a connection to PayPal is established to display the button. The IP address of the website visitor and other log data may be transmitted to PayPal.

The donation button fulfills the purpose of making a donation in an uncomplicated way and with just a few clicks. The legal basis for data processing through the integration of the donation button is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in integrating the donation button in order to make the processing of donations as simple as possible and to secure our existence and our activities through the donations.

More information:

https://www.paypal.com/webapps/mpp/ua/privacy-full.

3.13.4Instagram (feed display)

We integrate content from Instagram on our website. Instagram is operated by Meta Platforms, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. The service enables us to display images and videos from our Instagram account on our website. Various personal data is processed in the process, including user data such as IP address, browser type and interaction data with the embedded content. The data is processed to display Instagram content and improve interactivity on our website. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in expanding our social media presence and offering relevant content on our website. Instagram sets cookies, including tracking cookies, to analyze the use of embedded content and display personalized advertising. These cookies are only set with consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Data is transferred to the USA, whereby the data transfer is secured by the Standard Contractual Clauses (SCC) of the EU Commission. The data is stored for as long as the purpose of the storage exists orthe user requests the deletion. Mandatory statutory retention periods remain unaffected. Further information on data processing by Instagram can be found here:https://www.instagram.com/about/legal/privacy/.

3.13.5LexwareOffice

We integrate LexwareOffice on our website, a service for online office applications provided by Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany. LexwareOffice enables the management of business data such as accounting, payroll accounting and merchandise management via a cloud-based platform. When using LexwareOffice, personal data such as name, address, contact details and financial information are processed. Data processing is carried out for the purpose of providing business management functions and optimizing operational processes. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in the efficient management and optimization of our website. Insofar as consent is required, the processing is based on Art. 6 para. 1 lit. a GDPR. LexwareOffice may set cookies for functionality and analysis purposes. These cookies are only set with consent and can be revoked at any time in our cookie consent tool. The legal basis for this is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. There is no transfer of personal data to third countries; data processing takes place within the European Union. The data is stored until we are requested to delete it, consent is revoked or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Further information on data processing can be found at https://office.lexware.de/datenschutz/.

3.13.6[...]

3.14Audio and video conferencing

3.14.1Zoom

For communication with customers we use Zoom. Zoom is an online conferencing tool. This service is provided by Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

When communicating with this tool via video or audio conferencing, personal data is processed by us and the tool provider. The data collected in this process includes all information you provide when using the tool. In addition, metadata regarding the conference is processed. Furthermore, technical information is processed, which is required for the function of the online communication. Furthermore, all files that are shared within the tool are stored on the servers of the tool provider.

Zoom may also set cookies. These cookies are set only with consent. The consent can be revoked at any time. The legal basis for this is Art 6 para. 1 lit. a GDPR.

Otherwise, the legal basis for the processing of data by Zoom is Art. 6 (1) lit. b GDPR. The communication is related to the fulfillment of a contract or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this tool is used to facilitate communication with our company. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

This data is stored until the data subject requests deletion, consent to storage is revoked, or the purpose for storage no longer applies. Cookies remain on the end device until the user deletes them. Mandatory legal provisions regarding retention periods remain unaffected.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

More information:

https://zoom.us/de-de/privacy.html.

3.15Data transfer to providers on our platform

As part of the use of our platform for the use of services or the purchase of products, we pass on certain personal data to the providers (e.g. service providers, sellers) in order to enable the processing of the corresponding services. This data transfer is necessary so that the providers can provide their services or deliver products.

In doing so, we may pass on the name to identify the user, the contact details for contacting us in the event of queries or problems, the address for providing the service or delivering products, the order details for transmitting details of the requested service or ordered products and, if necessary, payment information for processing the payment (this is usually encrypted and in accordance with the applicable security standards), to the providers.

The legal basis for data transfer is Art. 6 para. 1 lit. b GDPR, as it is necessary for the fulfillment of the contractual relationship between you and the provider.

The providers are obliged to use the transmitted data exclusively for processing the requested services or deliveries and to protect the data in accordance with the applicable data protection laws. They are the direct contractual partner and therefore bear their own responsibility for the processing of personal data. If you have any questions about their data processing, you can contact the provider directly.

3.16Payment services

3.16.1PayPal

We use PayPal on our website. PayPal is a payment service provider. This service is offered by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

For the purpose of payment processing, the payment data of the website visitor will be processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

3.16.2Apple Pay

We use Apple Pay on this website. Apple Pay is a payment service provider. This service is offered by Apple Inc, Infinite Loop, Cupertino, CA 95014, USA.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

More details:

https://www.apple.com/legal/privacy/de-ww/.

3.16.3Google Pay

We use Google Pay on this website. Google Pay is a payment service provider. This service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

More details:

https://policies.google.com/privacy.

3.16.4Klarna

We use Klarna on this website. Klarna is a payment service provider. This service is provided by Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

More details:

https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

https://www.klarna.com/de/datenschutz/.

3.16.5Instant bank transfer

We use Sofortüberweisung on this website. Sofortüberweisung is a payment service provider. This service is offered by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. For this purpose, the PIN and a valid TAN are transmitted to Sofort GmbH, which logs into the online banking account. The account balance is checked and the corresponding transfer is carried out. In addition, turnovers, the credit limit of the overdraft facility and the existence of other accounts and their account balances are queried. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

More details:

https://www.sofort.de/datenschutz.html

https://www.klarna.com/sofort/.

3.16.6Amazon Pay

We use Amazon Pay on this website. Amazon Pay is a payment service provider. This service is offered by Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

More details:

https://pay.amazon.de/help/201212490?ld=APDELPADirect.

3.16.7Giropay

We use Giropay on this website. Giropay is a payment service provider. This service is offered by paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main, Germany.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

More details:

https://www.paydirekt.de/agb/index.html.

3.16.8American Express

We use American Express on this website. American Express is a payment service provider. This service is offered by American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

American Express may transfer the data to the parent company in the USA. For this purpose, American Express has Binding Corporate Rules (BCR).

More details:

https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

3.16.9Mastercard

On this website we use Mastercard. Mastercard is a payment service provider. This service is provided by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

Mastercard may transfer the data to the parent company in the USA. Mastercard has Binding Corporate Rules (BCR) for this purpose.

More details:

https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf

https://www.mastercard.de/de-de/datenschutz.html.

3.16.10VISA

We use VISA on this website. VISA is a payment service provider. This service is provided by Visa Europe Services Inc, London Branch,1 Sheldon Square, London W2 6TT, United Kingdom.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

More details:

https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

3.17Services for the processing of orders

3.17.1Paypal

We use PayPal for the purchase process of our products. This service is offered by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

Paypal offers services for processing the order process. Paypal acts as an interface between sellers (product providers) and buyers.

If you decide to purchase a product, you will be redirected to the Paypal website to complete the purchase process. Paypal's data protection conditions apply and we have no influence on their compliance. We recommend that you read the Privacy Policy before entering your personal data.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, insofar as it concerns the conclusion, fulfillment and processing of contracts (inventory data), as well as Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in the use of our website (usage data).

More information:

https://www.paypal.com/de/cshelp/article/wie-geht-paypal-mit-dem-datenschutz-um-und-was-ist-die-datenschutzerkl%C3%A4rung-help330.

3.18Cloud backups

We use cloud backup functions on our website to protect the data and content of the website from data loss, corruption or security incidents. This ensures that the website can be restored quickly and completely in the event of a server failure, a hacker attack or other unforeseen events.

If personal data is stored on our website, it is transferred to the servers of the respective provider during backups. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in backing up our data.

We use the following cloud backup service:

Google Drive

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

https://policies.google.com/privacy?hl=de.

4.This is also important

Finally, we would like to inform you in detail about your rights and how you will be informed about changes in data protection requirements.

4.1Yours Rights in detail

4.1.1Right to information according to Art. 15 GDPR

You can request information about whether your personal data is being processed. If this is the case, you can request further information about the type and manner of processing. A detailed list can be found in Art. 15 (1) a) to h) GDPR.

4.1.2Right to rectification according to Art. 16 GDPR

This right includes the correction of inaccurate data and the completion of incomplete personal data.

4.1.3Right to deletion according to Art. 17 GDPR

This so-called 'right to be forgotten' gives you the right, under certain conditions, to demand the deletion of personal data by the controller. This is generally the case if the purpose of the data processing has ceased to exist, if consent has been revoked or if the initial processing took place without a legal basis. You can find a detailed list of reasons in Art. 17 (1) lit. a to f GDPR. Furthermore, this "right to be forgotten" corresponds with the obligation of the controller under Art. 17 (2) GDPR to take appropriate measures to bring about a general erasure of the data.

4.1.4Right to restriction of processing according to Art. 18 GDPR

This right is subject to the conditions set out in Art. 18(1)(a) to (d).

4.1.5Right to data portability according to Art. 20 GDPR

Here, the basic right to receive one's own data in a common form and to transfer it to another data controller is regulated. However, this only applies to data processed on the basis of consent or a contract pursuant to Art. 20 (1) (a) and (b) and to the extent that this is technically feasible.

4.1.6Right of objection according to Art. 21 GDPR

In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.

4.1.7Right to "decision in individual cases" according to Art. 22 GDPR

In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects vis-à-vis you or similarly significantly affects you. However, this right is also subject to restrictions and additions in Art. 22 (2) and (4) GDPR.

4.1.8Other rights

The GDPR contains comprehensive rights to inform third parties about whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this only applies insofar as this is possible or feasible with reasonable effort.

At this point, we would like to inform you once again of your right to withdraw your consent in accordance with Article 7 (3) of the GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.

In addition, we would like to inform you about your rights according to §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.

4.1.9Right of appeal according to Art. 77 GDPR

You also have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.

5.What if tomorrow the GDPR is abolished or other changes take place?

The current status of this Privacy Policy is 29.01.2025. From time to time it is necessary to adapt the content of the Privacy Policy in order to react to actual and legal changes. We therefore reserve the right to amend this Privacy Policy at any time. We will publish the amended version in the same place and recommend that you read the Privacy Policy regularly.

Created with the kind support ofDieter does data protection