Privacy policy

Data protection

Status: June 2021

Thank you for visiting our website and for your interest in our company and our products. Luxager GmbH is a supplier of products in the field of fashion, clothing and accessories. In the following, we will inform you in accordance with the applicable data protection regulations about the type and scope of the personal data that we provide within the framework

• Your visit to our website: http://www.luxager.com,
• our webshop,
• the establishment of contact,
• our social media presence

(hereinafter collectively "website") collect the purposes for which and on what legal basis we or third-party providers use this data as well as your rights under the General Data Protection Regulation (GDPR).

A. General

1. Responsible

Responsible for data protection within the meaning of Art. 4 No. 7 GDPR:

LUXAGER GmbH

Am Sonnenrain 91

79539 Loerrach

GERMANY

Tel: +49 (0) 7621/5931000

support@luxager.com

hereinafter referred to as "Luxager", "we" or "us". You can find more information about the provider in our  imprint .

2. Types of data processed, categories of data subjects

2.1 Type of data processed

• Master data (e.g. customer master data, such as names, addresses)
• Account data (login, PW # hash)
• Contact details (e.g., email, phone numbers)
• Communication data and history
• Content data (e.g., text input, photographs, videos)
• Contract data (e.g., subject of the contract, customer number, revocation, complaint)
• Payment data (e.g. PayPal, bank details, payment history)
• Usage data (e.g. pages visited, interest in content, access times)
• Meta / communication data (e.g. device information, IP addresses)
• Data in the context of processing by third-party providers (Section B)
• Data in the context of processing by social media services (section B number 12).

2.2 Categories of Data Subjects

• Visitors and users of the website and online offers
• Customers, prospects and business partners
• Other communication partners

(In the following we also refer to the data subjects collectively as "users".)

3. Purpose of processing

We use your personal data

• Provision of the website and the online offer, its functions and content.
• For creating and managing your personal customer account.
• To identify you as a contractual partner
• To process your online purchases with us. This includes your orders and returns of purchases via our webshop, processing the payment, as well as messages about the delivery status and any problems with the delivery. Your personal data can also be processed to deal with complaints or in the case of warranty rights.
• For answering contact inquiries and communicating with users.
• For the assertion, enforcement, exercise or defense of and against legal claims and legal disputes, as well as for the discovery, investigation and prevention of criminal offenses
• To security measures
• For range measurement

4. Provision of the website and log files

(1) If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser automatically transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 Para. 1 lit. f) GDPR):

• IP address
• Geolocation
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status / HTTP status code
• amount of data transferred in each case
• Website from which the request came
• Browser
• Operating system and its interface
• Language and version of the browser software

(2) The IP addresses of the users are deleted or anonymized after the end of use. In the case of anonymization, the IP addresses are changed in such a way that the individual details about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person or only with a disproportionately large amount of time, costs and manpower.

5. Cookies

(1) In addition to the aforementioned log files, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned and stored on your hard drive to the browser you are using and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

(2) Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

• Session cookies
• Persistent cookies.

b) Session cookies store a so-called session ID, with which various requests from your browser can be assigned to the common session. The session cookies are deleted when you log out or close the browser. If you restart your browser and go back to the website, the website will not recognize you. You have to log in again (if a login is required) or you have to reset templates and preferences if the website offers these functions. A new session cookie is then generated, which saves your information and remains active until you exit the page and close your browser.

c) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

(3) For what purposes do we use cookies?

We use cookies to personalize content and advertisements, to be able to offer functions for social media and to analyze the access to our website. We also share information about your use of our website with our partners for social media, advertising and analysis. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the services. You give your consent to our cookies if you continue to use our website.

(4) Overview

purpose	description	Storage period
Technically necessary cookies	Technically necessary cookies enable the use of our website by enabling basic functions such as page navigation and access to secure areas of the website. Visiting our website cannot function properly without these cookies.	Session cookies - are deleted when the browser is closed.
Performance (e.g. user's browser), presentation and preferences	When using our website, cookies are used (e.g. to recognize the browser) in order to improve performance (e.g. faster loading of content). When you visit our website, the country and language selection that has been determined or selected by you is saved in cookies in order to save you having to select it again on subsequent visits. It is checked in advance whether your browser supports cookies and this information is stored in another cookie. You will then be shown country and language-specific localized contact information, which will also be saved. The legal basis for this is your consent (Art. 6 Para. 1 lit. a) GDPR).	Session cookies - are deleted when the browser is closed.
Performance (e.g. user's browser) and preferences	When using our website, cookies are used (e.g. to recognize the browser) in order to improve performance (e.g. faster loading of content). When you visit our website, the country and language selection that has been determined or selected by you is saved in cookies in order to save you having to select it again on subsequent visits. It is checked in advance whether your browser supports cookies and this information is stored in another cookie. You will then be shown country and language-specific localized contact information, which will also be saved. The legal basis for this is Article 6, Paragraph 1, Sentence 1, Letter f) GDPR.	Session cookies - are deleted when the browser is closed.
Advertising cookies (marketing)	We use advertising cookies in order to be able to assess the efficiency of our advertising measures and to derive optimizations from this. The legal basis for this is your consent (Art. 6 Para. 1 lit. a) GDPR).	Permanent cookies - remain, but are automatically deleted after 26 months at the latest if the website has not been visited, unless shorter periods apply in individual cases.

(5) Control over cookies

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.

6. Webshop

6.1 Use of the web shop

When ordering goods in our web shop, we collect and process your personal data required to process the order. Mandatory information required for processing the contracts (name and address) is marked separately; further information is voluntary. The legal basis for processing this personal data is Article 6 (1) lit. b GDPR.

6.2 Customer accounts

When registering for a customer account (which is not required for shopping with us) (creating an account under "Login"), we process the following personal data: E-mail address and a password generated by you. As a registered customer, you can access your profile and view your orders or active order processes. The deletion of your customer account is possible at any time and can be initiated by a message to the contact option described above or by e-mail to us. The legal basis for the processing of this personal data is Article 6, Paragraph 1, Sentence 1, Letter b) GDPR.

6.3 Electronic order and payment processes

After you have decided to make a purchase as a customer or guest, we collect the following data to carry out the order: first name and surname, telephone and date of birth, address, delivery address if applicable. With regard to the payment method, you can choose to pay by credit card, PayPal, Apple Pay, Google Pay or in advance. If you pay by credit card (Visa or MasterCard), we process the name, the card number, the expiry date and the check digit.

The legal basis for the processing of your order and payment data is Art. 6 Para. 1 S. 1 lit. b) GDPR.

Your address, payment and order data will be stored for the duration of the tax and commercial retention obligations of ten years after the contract has been processed and then deleted, unless you have consented to further storage or further processing of the data for assertion, exercise or defense of legal claims is necessary. The legal basis for the processing of personal data for the purpose of fulfilling the statutory archiving and retention obligations is Article 6 Paragraph 1 Sentence 1 Letter c) GDPR.

6.4 Data transfer in the context of the order

We process the data you provide to process your order. To fulfill the contract, we pass on your data to the transport company commissioned with the delivery (e.g. DHL), insofar as this is necessary for the delivery of ordered goods. In order to process payments, we also pass on the payment data collected for this purpose to the credit institute commissioned by you with the payment and, if applicable, to the payment service provider commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account there. In this case, you must log in to the payment service provider with your access data during the ordering process. The data protection declaration of the respective payment service provider applies in this respect. We are entitled to pass on this personal data in accordance with Art. 6 Para. 1 lit. b) GDPR. Our service providers may only process or use your data for the purpose for which it was transmitted to them, if necessary. You can access the data at any time. Insofar as data is passed on to external service providers, we have taken technical and organizational measures to ensure that data protection regulations are observed.

7. Email contact

(1) You can contact us using the email addresses provided on the website. In this case, the user's personal data transmitted with the email will be saved. The data will only be used to process the request. The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b) GDPR.

(2) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

(3) Regardless of Paragraph 2, the following applies: Contact inquiries from customers relating to a specific business transaction are stored as long as this is necessary for the execution and processing of the contract (Art. 6 Para. 1 lit.b GDPR) or due to statutory retention requirements (Art . 6 para. 1 lit. c) GDPR) is required. Contact requests from customers that do not relate to a specific business transaction are saved as long as the business relationship exists. The legal basis is Article 6 (1) (f) GDPR to safeguard our legitimate interests and those of the customer, in particular support and quality assurance. Customers can object to processing at any time in individual cases.

8. Disclosure to Third Parties

(1) As part of the hosting of our website, your data processed by us will be processed on the basis of an order processing contract.

(2) If web analysis services and third-party providers are used, the data will be transmitted to the extent described herein, see Section B.

9. Duration of storage

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. We delete your personal data as soon as it is no longer required for the purposes mentioned above. It can happen that personal data is stored for the time in which claims can be asserted against our companies (statutory limitation periods of three or up to thirty years). We also store your personal data insofar as we are legally obliged to do so. Corresponding proof and retention obligations result from commercial, tax and social security regulations.

10. Automated decision-making, profiling

In principle, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish and implement the business relationship. We do not do any profiling.

B. Data processing by third party providers

11. Plug-ins, web analysis services, online marketing tools

11.1 Google Analytics

(1) This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(3) You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent. If you want to disable Google Analytics, download and install the add-on for your web browser. The add-on for deactivating Google Analytics is compatible with Chrome, Safari, Firefox and Microsoft Edge. In order for the add-on to work, it must be able to be loaded and executed correctly in your browser. Further information on deactivating and correctly installing the browser add-on.

(4) This website uses Google Analytics with the extension "_anonymizeIp ()". As a result, IP addresses are further processed in abbreviated form, which means that any personal reference can be excluded. If the data collected about you is personal, this is immediately excluded and personal Data will be deleted immediately.

(5) We use Google Analytics to analyze the use of our website and to improve it regularly. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework . The legal basis for the use of Google Analytics is Article 6, Paragraph 1, Sentence 1, Letter a) GDPR.

(6) Information from the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http: //www.google.defintl/de/policies/privacy.

11.2 Google Maps

(1) This website uses Google Maps to display interactive maps and to create directions. Google Maps is a map service from Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA. For the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

(2) By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, can be transmitted to Google in the USA. When you visit a page on our website that contains Google Maps, your browser establishes a direct connection to the Google servers. The map content is sent directly from Google to your browser, which integrates it into the website. We therefore have no influence on the amount of data collected by Google in this way. As far as we know, this is at least the following data:

• The date and time of your visit to the website concerned,
• Internet address or URL of the website called up,
• IP address, (start) address entered as part of route planning.

(3) We have no influence on the further processing and use of the data by Google and therefore cannot accept any responsibility for this.

(4) If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you cannot use the map display.

(5) The purpose and scope of the data collection and the further processing and use of the data by Google as well as your related rights and setting options to protect your privacy from Google can be found at: https://www.google.com/intl/de/policies/privacy/ .

11.3 Bugsnag

(1) We want to offer our visitors the best possible experience, which is why we are constantly improving and developing our website. Nevertheless, not all malfunctions, e.g. due to programming errors, can be safely excluded from the outset. We therefore use Bugsnag, a technical error analysis tool from Bugsnag Inc. (hereinafter "Bugsnag"), 939 Harrison St, San Francisco, CA 94107, USA. The tool helps us to analyze, evaluate and categorize errors in the event of errors. In order to improve the accessibility and the technical stability of our website by monitoring the functionality, system stability and determining code errors, we may automatically transmit the following information to Bugsnag in the event of a software error:

• Device information (operating system, browser version, browser type),
• the IP address of the device used,
• Details of the page visited at the time of the error,
• Time of failure.

(2) The legal basis for the aforementioned processing is Article 6 (1) (f) GDPR, whereby the data processing that takes place is in our legitimate interest, as the data is used solely for the purpose of error identification and analysis. There is expressly no evaluation for advertising purposes. The data is collected anonymously and is not used personally, and is then deleted. You can prevent the installation of cookies in advance by setting your browser software accordingly or you can object to this processing at any time with effect for the future by deleting cookies via your browser settings. Further information on data processing and how Bugsnag works can be found in Bugsnag's privacy policy.

11.4 DoubleClick

(1) We use "DoubleClick" on our website, an online marketing tool from Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA. For the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services (hereinafter referred to as "Google").

(2) Among other things, DoubleClick uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your device. Google uses a cookie ID to record which advertisements are placed in which web browser. This can prevent advertisements from being displayed multiple times. DoubleClick can also use the cookie IDs to record what are known as conversions that relate to ad requests. This is the case, for example, if you see a DoubleClick ad and later go to the advertiser's website with the same web browser and buy something there. According to information from Google, the aforementioned cookies do not contain any personal data. By using DoubleClick, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data that is collected by Google through the use of DoubleClick. As far as we know, Google receives the information that you have accessed the relevant part of our website or clicked on an ad from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out your IP address and save it.

(3) We use DoubleClick for marketing and optimization purposes, in particular to show you relevant and interesting ads, to improve reports on campaign performance or to avoid you seeing the same ads multiple times. The legal basis for the use of Google Analytics is Article 6, Paragraph 1, Sentence 1, Letter a) GDPR.

(4) You can prevent the storage of cookies by setting your browser software accordingly. You can also prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser so that cookies from the domain “www.googleadservices.com” are blocked (https://adssettings.google.de). Please note that this setting will be deleted if you delete your cookies. You can also deactivate interest-based ads using the link https://optout.aboutads.info. We would like to point out that this setting will also be deleted if you delete your cookies.

(5) The purpose and scope of the data collection and the further processing and use of the data by Google as well as your related rights and setting options to protect your privacy from Google can be found at: https://www.google.com/intl/de/policies/privacy/ .

11.5 Webshop (Shopify)

(1) This website uses the Shopify web shop solution.

(2) The provider is: Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, email: hilfe@shopify.de .

(3) You can access Shopify's data protection provisions at the following link: https://www.shopify.de/legal/datenschutz

12. Social media presences, social media plug-ins

We maintain an online presence within social networks in order to communicate with the users who are active there or to offer information about us there.

12.1 Use of Facebook

(1) We currently use the following social media plug-ins: Facebook . You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We give you the opportunity to use the button to communicate directly with the provider of the plug-in. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under Section 3 of this declaration will be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after it is collected. By activating the plug-in, personal data will be transmitted from you to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies using the security settings of your browser before clicking on the grayed-out box.

(2) We have no influence on the data collected and the data processing procedures, nor are we aware of the full scope of the data collection, the purposes of processing and the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

(3) The plug-in provider stores the data collected about you as a user profile and uses this for advertising, market research and / or needs-based design of its website. Such an evaluation takes place in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Para. 1 S. 1 lit.f GDPR.

(4) The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid being assigned to your profile with the plug-in provider.

(5) We hereby expressly point out that, as the provider of this website, we have no knowledge of the content and scope of the data transmitted or of their use by the plug-in provider. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers, which are provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.

(6) Addresses of the respective plug-in providers and URL with their data protection information:

• Facebook Inc. , 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http.//vvww.facebook.cona/help/186325668085084, http: //vvww.faceb-ook.cona/about/privacy/your-info-on-other#applications as http://www.face-book.com/about/privacy/your-info#everyoneinfo . Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Frame-work.

12.2 Instagram

(1) We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because it could make it more difficult to enforce the users' rights, for example. With regard to US providers who are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they undertake to comply with EU data protection standards.

(2) Furthermore, the data of users within social networks are usually processed for market research and advertising purposes. For example, usage profiles can be created on the basis of user behavior and the interests of the users resulting therefrom. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

(3) For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

(4) In the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.

(5) Legal basis: Our legitimate interests in presenting the company and addressing customers and interested parties (Art. 6 Para. 1 lit. f) GDPR).

(6) Service providers used: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA;

Website: https://www.instagram.com ;

Data protection: https://help.instagram.com/519522125107875 .

12.3 YouTube

(1) We have integrated YouTube videos into our online offering that go to http://www.youtube.com are stored and can be played directly from our website. These are all integrated in the "extended data protection mode", which means that no data about you as a user will be transmitted to YouTube if you do not play the videos. The data mentioned in paragraph 2 will only be transmitted when you play the videos We have no control over data transmission.

(2) When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under Section 4 (provision of the website and log files) of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on YouTube, you must log out before activating the button. YouTube stores your data as a user profile and uses it for advertising, market research and / or needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact YouTube to exercise this right.

(3) YouTube is a subsidiary of Google: Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA. Further information on the purpose and scope of the data collection and its processing by YouTube can be found in the data protection declaration. There you will also find further information on your rights and setting options to protect your privacy: https://wwvv.google.de/intl/de/policies/privacy .

13. Links to other websites

(1) Our website may contain links to websites that are operated by third parties and are not covered by this data protection declaration. These third party websites have their own privacy policies and may also use cookies or other tracking technologies. The respective operator or the person named as responsible of the respective website is responsible.

(2) The links to external websites are checked by us before being linked. However, we have no influence on whether their operators comply with data protection regulations. If we become aware of violations or legal violations, we will remove the corresponding links.

C. Rights of the persons affected

14. Your Rights

If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights towards us as the person responsible.

a) Rights according to Art. 15 ff. GDPR

(1) The person concerned has the right to request confirmation from the person responsible as to whether personal data concerning them are being processed; if this is the case, she has the right to information about this personal data and the information listed in detail in Art. 15 GDPR. Under certain legal requirements, you have the right to rectification in accordance with Article 16 GDPR, the right to restrict processing in accordance with Article 18 GDPR and the right to erasure ("right to be forgotten") in accordance with Article 17 GDPR. In addition, you have the right to surrender the data you have provided in a structured, common and machine-readable format ( right to data portability ) in accordance with Article 20 GDPR, provided that processing is carried out using automated procedures and is based on consent in accordance with Article 6 Paragraph 1 lit. a) or Art. 9 Paragraph 2 lit. a) or on a contract in accordance with Art. 6 Paragraph 1 lit. b) GDPR.

b) Revocation of consent according to Art. 7 Para. 3 GDPR

If the processing is based on consent, you can revoke your consent to the processing of personal data at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

c) Right to complain

You have the option of contacting us or a data protection supervisory authority with a complaint (Article 77 GDPR). In Baden Württemberg the responsible supervisory authority is: The State Commissioner for Data Protection and Freedom of Information, Postfach 10 29 32, 70025 Stuttgart, Tel .: 0711 / 615541-0, FAX: 0711 / 615541-15, E-Mail: poststelle@lfdi.bwl.de .

d) Right of objection according to Article 21 GDPR

In addition to the aforementioned rights, you have the following right of objection:

Individual right of objection

For reasons that arise from your particular situation, you have the right at any time to object to the processing of personal data concerning you which is based on Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) lit. f) GDPR (data processing on the basis of a balance of interests) takes place, to lodge an objection; this also applies to a profile based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

Right to object to the processing of data for advertising purposes

In individual cases we process your personal data in order to operate direct mail. You have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to the profile insofar as it is associated with such direct mail. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

D. Final provisions

15. Security

(1) We have taken technical and organizational security measures in accordance with Art. 24, 32 GDPR to protect your personal data from loss, destruction, manipulation and unauthorized access. All our employees and all third parties involved in data processing are obliged to comply with the requirements of the GDPR and to handle personal data confidentially.

(2) SSL or TLS encryption: For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses an SSL or. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

16. Changes to our data protection regulations

We reserve the right to change our security and data protection measures insofar as this becomes necessary due to technical developments, the expansion of our services or legal changes. In these cases, we will also adapt our data protection declaration accordingly. Please therefore note the current version of our data protection declaration.

17. General Terms and Conditions

This data protection declaration supplements the general terms and conditions in terms of data protection law, which can be accessed on the website.