Status: 12.2024

Part 1: Information on data protection regarding our data processing in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

We take data protection seriously and hereby inform you how we process your data and what claims and rights you are entitled to under data protection regulations.

1.Body responsible for data processing and contact details body responsible within the meaning of data protection law

Garentii GmbH
‍Mühldorfstraße 8 
81671 Munich   
hi@garentii.com

Contact details of our data protection officer:                   
Vitaliy Zhovtyuk
Garentii GmbH
Mühldorfstraße 8

81671 Munich       
dataprivacy@garentii.com

2. Purposes and legal basis on which we process your data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. as part of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you can see on our website www.garentii.com.

2.1 Purposes for the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)

The processing of personal data takes place for the execution of our contracts with you and the execution of your orders as well as for the execution of measures and activities in the context of pre-contractual relationships, e.g. with interested parties. In particular, the processing serves to provide services in accordance with your orders and wishes and includes the services, measures and activities necessary for this. This essentially includes contract-related communication with you, the corresponding billing and associated payment transactions, credit checks, the verifiability of transactions, orders and other agreements as well as for quality control through appropriate documentation, goodwill procedures, measures to control and optimize business processes and to fulfill general due diligence obligations, management and control by affiliated companies (e.g. parent company); statistical evaluations, data processing and the processing of personal data. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of operational services, risk management, assertion of legal claims and defense in legal disputes; ensuring IT security (including system and plausibility tests) and general security, including building and plant security, safeguarding and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, preventing and investigating criminal offenses; monitoring by supervisory bodies or control authorities (e.g. auditing).


2.2 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)

Beyond the actual fulfillment of the contract or preliminary contract, we may process your data if it is necessary to protect our legitimate interests or those of third parties, in particular for the following purposes:

  • obtaining information and exchanging data with credit agencies, insofar as this goes beyond our economic risk;
  • the testing and optimization of demand analysis procedures;
  • the further development of services and products as well as existing systems and processes;
  • the disclosure of personal data in the context of due diligence during company sale negotiations;
  • for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
  • the enrichment of our data, e.g. by using or researching publicly available data;
  • statistical evaluations or market analysis;
  • of benchmarking;
  • the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship;
  • limited storage of the data if deletion is not possible or only possible with disproportionate effort due to the special type of storage;
  • the development of scoring systems or automated decision-making processes;
  • the prevention and investigation of criminal offenses, unless exclusively for the fulfillment of legal requirements;
  • the anonymization of personal data;
  • building and plant security (e.g. through access controls and video surveillance), insofar as this goes beyond the general duty of care;
  • internal and external investigations, security checks;
  • internal fraud or abuse prevention in connection with the fulfillment of a contract and pre-contractual measures, unless exclusively for the fulfillment of legal requirements;
  • the possible monitoring or recording of telephone conversations for quality control and training purposes;
  • the receipt and maintenance of certifications of a private or official nature;
  • securing and exercising domiciliary rights through appropriate measures such as video surveillance to protect our customers and employees and to secure evidence in the event of criminal offenses and to prevent them.
  • advertising or market and opinion research, provided you have not objected to the use of your data;
2.3 Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)

Your personal data may also be processed for certain purposes (e.g. use of your e-mail address for marketing purposes) on the basis of your consent. As a rule, you can withdraw this at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. You will be informed separately about the purposes and consequences of revoking or not granting consent in the corresponding text of the consent. In principle, the revocation of consent is only effective for the future. Processing that took place before consent was withdrawn is not affected and remains lawful.

2.4 Purposes for compliance with legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Like everyone involved in business, we are also subject to a variety of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws), but may also include regulatory or other official requirements. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and investigation of terrorist financing and crimes that endanger assets, comparisons with European and international anti-terror lists, the fulfillment of control and reporting obligations under tax law and the archiving of data for the purposes of data protection and data security as well as audits by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.

3. The categories of data processed by us, insofar as we do not receive data directly from you, and their origin

Insofar as this is necessary for the provision of our services, we process personal data legitimately received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have permissibly taken, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, population registers, debtor directories, land registers, press, Internet and other media) and are permitted to process.

Relevant personal data categories can be in particular

  • Personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data)
  • Contact details (address, e-mail address, telephone number and similar data)
  • Address data (registration data and comparable data)
  • Confirmation of payment/cover for bank and credit cards
  • Information about your financial situation (creditworthiness data including scoring, i.e. data to assess the economic risk)Customer history
  • Customer history
  • Data about your use of the telemedia offered by us (e.g. time of accessing our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data)
  • Video data

4. Recipients or categories of recipients of your data

Within our company, those internal departments or organizational units receive your data that need it to fulfil our contractual and legal obligations or as part of the processing and implementation of our legitimate interest. Your data will only be passed on to external parties

  • in connection with the execution of the contract;
  • for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or disclose data or the disclosure of data is in the public interest (see section 2.4);
  • to the extent that external service providers process data on our behalf as processors or function transferees (e.g. external data centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility checks, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephone, website management, data validation or plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing companies or companies for data disposal, courier services, logistics);
  • on the basis of our legitimate interest or the legitimate interest of the third party for the purposes specified in section 2.2 (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts, group companies and bodies and supervisory authorities);
  • if you have given us your consent to transfer your data to third parties. 

We will not pass on your data to third parties beyond this. If we commission service providers as part of order processing, your data will be subject to the same security standards as ours. In all other cases, the recipients may only use the data for the purposes for which it was transmitted to them.

5. Duration of the storage of your data

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods for storage and documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Furthermore, special statutory provisions may require a longer retention period, such as the preservation of evidence within the scope of the statutory limitation period. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.

If the data is no longer required for the fulfillment of contractual or legal obligations and rights, it is regularly deleted, unless its - temporary - further processing is necessary to fulfill the purposes listed in section 2.2 for an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage and processing for other purposes is excluded by suitable technical and organizational measures.

6. Processing of your data in a third country or by an international organization

Data is transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries), if it is necessary for the execution of an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if it is in our or a third party's legitimate interest or if you have given us your consent.

Your data may also be processed in a third country in connection with the involvement of service providers as part of order processing. If there is no decision by the EU Commission on an adequate level of data protection for the country in question or for specific sectors in a third country, appropriate contracts (such as EU standard contracts) and additional measures may be used as the basis for the transfer. Information on the suitable or appropriate guarantees and the possibility of obtaining a copy from you can be obtained from the company data protection officer on request.

7. Your data protection rights

Under certain conditions, you can assert your data protection rights against us

  • You have the right to receive information from us about your data stored by us in accordance with the rules of Art. 15 GDPR (possibly with restrictions according to § 34 BDSG).
  • At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
  • if you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g. legal storage obligations or the restrictions according to § 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims) do not conflict with this.
  • Taking into account the requirements of Art. 18 GDPR, you can request us to restrict the processing of your data.
  • Furthermore, you can object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop processing your data. However, this right to object only applies if there are very special circumstances relating to your personal situation, whereby our company's rights may conflict with your right to object.
  • You also have the right to receive your data in a structured, commonly used and machine-readable format or to transmit it to a third party in accordance with the requirements of Art. 20 GDPR.
  • In addition, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future (see section 2.3).
  • You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our data protection officer first.

If possible, your requests to exercise your rights should be sent in writing to the address given above or directly to our data protection officer.

8. Scope of your obligations to provide us with your data

You only need to provide the data that is required for the establishment and execution of a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also relate to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.

9. Existence of automated decision-making in individual cases (including profiling)

We do not use any purely automated decision-making processes in accordance with Article 22 GDPR. If we do use such a procedure in individual cases in the future, we will inform you of this separately if this is required by law.

In some circumstances, we may process your data with the aim of evaluating certain personal aspects (profiling). We may use evaluation tools to provide you with targeted information and advice on products. These enable needs-based product design, communication and advertising, including market and opinion research.

Such procedures can also be used to assess your creditworthiness and credit standing and to combat money laundering and fraud. So-called "score values" can be used to assess your creditworthiness and credit standing. Scoring uses mathematical procedures to calculate the probability that a customer will meet their payment obligations in accordance with the contract. Such score values help us, for example, to assess creditworthiness, make decisions when concluding product contracts and are incorporated into our risk management. The calculation is based on mathematically-statistically recognized and proven procedures and is carried out on the basis of your data, in particular income, expenditure, existing liabilities, occupation, employer, length of employment, experience from the previous business relationship, contractual repayment of previous loans and information from credit agencies.

Information on nationality and special categories of personal data pursuant to Art. 9 GDPR are not processed.

Part 2: Information about your right to object Art. 21 GDPR

  1. You have the right to object at any time to the processing of your data on the basis of Art. 6 para. 1 f GDPR (data processing on the basis of a balancing of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest) if there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

    If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
  2. We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling insofar as it is associated with such direct advertising. We will observe this objection for the future.

    We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

The objection can be made informally and should preferably be addressed to
 
Garentii GmbH
Mühldorfstraße 8
81671 Munich  

Our privacy policy and the information on data protection regarding our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time. We will publish all changes on this page. Older versions are available for you to view in an archive.

Part 3: Supplementary data protection information for our website

Thank you for your interest in our website www.garentii.com and in our company, products and services. We at Garentii are aware that the protection of your privacy when using our websites is important to you. For this reason, compliance with the statutory regulations on data protection is a matter of course for us. It is also important to us at that you, as a customer, know at all times when and how we collect and store your data and how we use it.

In the following, we inform you about the collection and other processing (e.g. storage, retrieval, modification, disclosure) of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

If we process personal data when you use our website or if we use contracted service providers for individual functions, offers or services on our website with reference to data processing or if we wish to use your data for advertising purposes, we will inform you in detail below about the respective processes, in particular which data is processed. We will also state the intended storage period or, in any case, the defined criteria for the storage period and the relevant legal basis for the respective processing.

1. General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on general data protection, please refer to the above section "Information on data protection regarding our data processing in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)".

2. Data collection on this website

2.1 Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator's contact details in the "Information on the controller" section of this privacy policy.


2.2 How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.
Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.


2.3 What do we use your data for

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.


2.4 What rights do you have with regard to your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time if you have further questions on the subject of data protection.

3. Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

4. General information on the legal basis of data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TTDSG. Consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

5. Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in third countries that are not secure under data protection law and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

6. Use and disclosure of personal data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your data to third parties if:

  • You have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • The disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • In the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • This is permitted by law and is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

7. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

8. Cookies

Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes. Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can find out which cookies and services are used on this website in this data protection information.

9. Server log files

If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal access data in so-called server log files that your browser transmits to our server. The following data is collected as part of the server log files:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software
  • Referrer query

This data is analyzed and subsequently discarded exclusively to ensure trouble-free operation of the site with regard to stability and security and to improve our offer. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the aforementioned purposes for data collection.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

10. Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

11. Request by e-mail or telephone

If you contact us by e-mail or telephone, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

12. Use of our services 

If you use the services offered by us (via the website) or register for them, we use the data you provide in this context (e.g. name, address, email address, telephone number, payment data) so that you can use the corresponding services or register for them. The legal basis for the processing of the aforementioned personal data is Art. 6 para. 1 sentence 1 lit. b GDPR (contract or pre-contractual measures). Without the provision of the relevant data, it will generally not be possible for you to use our services.

13. Analysis tools and advertising

13.1 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

13.2 Google Analytics

his website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active


Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google signals

We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics e-commerce measurement

This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID, which is assigned to the respective user or their device.

13.3 Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

13.4 Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active
Target group formation with customer matching

Among other things, we use Google Ads Remarketing customer matching to create target groups. Here, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).


13.5 Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

13.6 MicrosoftAds (formerly BingAds)

This website also uses MicrosoftAds as remarketing technology. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Further information about MicrosoftAds and its privacy policy can be found at: https://privacy.microsoft.com/de-de/privacystatement. You can object to the display of interest-based advertising by Microsoft at https://account.microsoft.com/privacy/ad-settings/signedout

13.7 Spotify widget

We use the Spotify Music Player widget from the Spotify music platform. The service provider is the Swedish company Spotify AB, Regeringsgatan 19, 11153 Stockholm, Sweden. This is only loaded if you have previously activated the respective function with your consent. We offer you the option of playing Spotify content directly via our website using the widget.
The legal basis for the data processing associated with the use of these plugins is Art. 6 para. 1 sentence 1 lit. a GDPR (consent). You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. The easiest way to withdraw your consent is via our Consent Management Tool.
Insofar as processing takes place, Spotify generally stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website and services. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website.
Data is passed on regardless of whether you have an account with Spotify and are logged in there. If you are logged in to Spotify, your data collected by us will be assigned directly to your Spotify account.
You can find out more about the data processed through the use of Spotify in Spotify's privacy policy at https://www.spotify.com/de/privacy.

13.8 Creditreform

If you request a quotation via our website, you consent to us transmitting the customer data (name, date of birth, place of birth) collected as part of the quotation request to Creditreform, Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany, for the purpose of an identity and credit check.
This data is transmitted so that Creditreform, a consumer credit agency, can carry out an identity and credit check and a payment default assessment on our behalf. As part of the decision to enter into a contractual relationship with you, Creditreform uses the aforementioned data to check your address and previous payment history, among other things. In addition, Creditreform processes the data to create probability values for payment behavior in the future. The calculation of these score values by Creditreform is carried out on the basis of a scientifically recognized, mathematical-statistical procedure. Creditreform will also use your address for this purpose. The score values are transmitted to us by Creditreform and we decide on the basis of these values whether and, if so, up to what maximum amount of cover a contractual relationship can be established with you via an insurance guarantee.

The legal basis for data processing in connection with the request for a quote is Art. 6 para. 1 sentence 1 lit. a GDPR.

13.9 Schufa

If you request a quotation via our website, you consent to us transmitting the customer data (name, date of birth, place of birth) collected as part of the quotation request to Schufa, SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany, for the purpose of an identity and credit check.

This data is transmitted so that Schufa, a consumer credit agency, can carry out an identity and credit check and a payment default assessment on our behalf. As part of the decision to establish a contractual relationship with you, Schufa uses the aforementioned data to check your address and your previous payment history, among other things. In addition, Schufa processes the data to create probability values for payment behavior in the future. The calculation of these score values by Schufa is carried out on the basis of a scientifically recognized, mathematical-statistical procedure. Schufa will also use your address for this purpose. The score values are transmitted to us by Schufa and we decide on the basis of these values whether and, if so, up to what maximum amount of cover a contractual relationship can be established with you via an insurance guarantee.

The legal basis for data processing in connection with the request for a quote is Art. 6 para. 1 sentence 1 lit. a GDPR.

13.10 Infoscore

If you request a quote via our website, you consent to us transmitting the customer data collected in the context of the quote request (name, date of birth, place of birth) to Infoscore, Infoscore Consumer Data GmbH Rheinstraße 99, 76532 Baden-Baden, Germany, for the purpose of an identity and credit check.

This data is transmitted so that Infoscore, a consumer credit agency, can carry out an identity and credit check and a payment default assessment on our behalf. As part of the decision to establish a contractual relationship with you, Infoscore uses the aforementioned data to check your address and your payment history, among other things. In addition, Infoscore processes the data to create probability values for payment behavior in the future. The calculation of these score values by Infoscore is carried out on the basis of a scientifically recognized, mathematical-statistical procedure. Infoscore will also use your address for this purpose. The score values are transmitted to us by Infoscore and we decide on the basis of these values whether and, if so, up to what maximum amount of cover a contractual relationship can be established with you via an insurance guarantee.

The legal basis for data processing in connection with the request for a quote is Art. 6 para. 1 sentence 1 lit. a GDPR.

14. Newsletter

14.1 Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

15. Online marketing and partner programs

15.1 Affiliate programs on this website

We participate in affiliate partner programs. In affiliate partner programs, advertisements from one company (advertiser) are placed on websites of other companies in the affiliate partner network (publisher). If you click on one of these affiliate advertisements, you will be redirected to the advertised offer. If you subsequently make a certain transaction (conversion), the publisher receives a fee for this. In order to calculate this remuneration, it is necessary for the affiliate network operator to be able to track which advertisement referred you to the respective offer and which predefined transaction you carried out. Cookies or comparable recognition technologies (e.g. device fingerprinting) are used for this purpose.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the correct calculation of its affiliate remuneration. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

We participate in the following affiliate programs:

AWIN

The operator of the affiliate network is AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter "AWIN").

AWIN and the publisher are jointly responsible for data processing in connection with the partner program. Their joint obligations have been set out in a joint processing agreement. According to this agreement, you can contact both controllers with your data protection concerns. The controller contacted first will respond to your request. Each controller independently maintains data protection information in accordance with Art. 13, 14 and 26 GDPR and takes the necessary measures to protect personal data and to comply with the other GDPR regulations in their company. The joint processing agreement is available in AWIN's GTC at the following link: https://s3.amazonaws.com/docs.awin.com/Legal/Publisher+Terms/2020/DE+Publisher+Terms+GDPR+Annex.pdf

financeAds

We use financeAds GmbH & Co KG, Karlstraße 9, 90403 Nuremberg (hereinafter "financeAds") as a further affiliate network.

16. Plugins and tools

16.1 YouTube with enhanced data protection

This website integrates videos from the YouTube website. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.

After the start of a YouTube video, further data processing operations may be triggered over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

17. Data protection information regarding our presence on social

We have various presences on social media platforms. We use the following platforms:

Facebook

Instagram

LinkedIn

Youtube

Medium

Further information on data protection: https://policy.medium.com/medium-privacy-policy-f03bf92035c9. We use the technical platform and services of the aforementioned providers for these information services. We would like to point out that you use our presence on social media platforms and their functions on your own responsibility. When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your end device in the form of cookies. This information is used to provide us, as the operator of our pages, with statistical information about the interaction with us.
The data collected about you in this context will be processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. If this is the case, sufficient guarantees within the meaning of Art. 46 para. 2, 3 GDPR are provided to ensure an adequate level of data protection (in particular, the so-called standard data protection clauses are used; further information on the guarantees provided can be obtained from the providers).
We do not know how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or whether you visit the respective page as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is usually transmitted to the respective provider of the social media platform. If you are currently logged in as a user, a cookie on your device may be used to track how you have moved around the network.
As the provider of our pages on these platforms, we also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. The legal basis for the processing of your personal data relating to the respective social media platform may vary in individual cases, whereby in many cases Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interests; the legitimate interests arise from the aforementioned purposes, in particular communication with you via our presence on the social networks) will be the basis for processing.
To exercise your data subject rights (see above under Part 1, Section 5), you can contact us or the provider of the social media platform. If one party is not responsible for responding or must receive the information from the other party, we or the provider will generally forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about any profiling, processing of your data when using the platform (in general). If you have any questions about the processing of your interaction with us on our site on the respective platform, you can contact us using the contact details provided above.
What information the social media platform receives and how it is used is described by the providers, particularly in the information linked above. There you will also find information about contact options and any setting options on the platforms.
We are (at least to a certain extent) jointly responsible with the respective provider for data processing in connection with our social media presences in terms of data protection law.