Skip to main contentSkip to site header

Privacy policy

We take data protection seriously

The protection of your privacy when processing personal data is an important concern for us. For this reason, we only process personal data if this is useful and economically relevant for the use of our services. In any case, we comply with the provisions of the General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). In the following, you will find information about which data is processed in which form and by whom when you visit our store at www.esn.com.

Table of contents

  1. Who is responsible for data processing and whom can you contact?
  2. Personal data
  3. Visiting our website
    1. General use
      1. Automatically stored data (server log files)
      2. Cookies, tracking pixels and tools
      3. Social plugins from Facebook, Pinterest, Instagram and Youtube
      4. Consent management
    2. Online presence and service optimization
    3. Tools and services for analysis, statistics and marketing
    4. Contact form
    5. Customer account
    6. Store and e-commerce
      1. Purchase of goods
    7. Direct mail
      1. Customer information
      2. Newsletter
      3. Service provider
      4. Analysis
      5. Postal advertising
    8. Evaluation requests
      1. Refer-a-friend programme with MentionMe
    9. Economic analysis and market research
    10. Payment service provider
    11. Transport service provider
    12. Security
    13. Data exchange within the group
    14. Trainingplans
    15. Product consultation
  4. Online presence on social media
  5. Data subject rights
  6. Changes to this privacy policy

 

1. who is responsible for data processing and whom can you contact?

Responsible is

Fitmart GmbH & Co. KG
Werner-von-Siemens-Straße 8
25337 Elmshorn
Phone: +49 (0)4121 830 31 00
E-mail: datenschutz@tqgg.de

The company data protection officer is

Nico Becker
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-mail: anfragen@projekt29.de
Phone: +49 (0)941 298 69 30

2. personal data

Personal data is data about your person by which you can be identified. This includes, for example, your name, address, e-mail address, location data, payment data and many other details. In principle, you do not have to disclose any personal data in order to visit our website. In some cases, however, we need them in order to be able to offer you the desired services on our website. If you use one of our services where this is required, we generally only collect the data that is necessary for this purpose, and even this is not done without your consent.

3. visiting our website

3.1 General use

When you visit our website, our web servers store by default the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of the visit. The processing of this information is mandatory for the technical transmission of the web pages, the comfortable use of our services and the secure server operation Our legitimate interest results from Art. 6 para. 1 lit. f) DS-GVO.

A direct conclusion to your identity is not possible on the basis of the information and will not be drawn by us. The information is stored and automatically deleted after the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.

3.1.1 Automatically stored data (server log files)

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • complete IP address of the requesting computer
  • amount of data transferred

This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymized form for statistical purposes; it is not compared with other data or passed on to third parties, even in excerpts.

3.1.2 Cookies, tracking pixels and tools

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID. An overview of the cookies we use can be found here.

Through the use of session cookies, the responsible party can provide the users of this website with a user-friendly service that would not be possible without the cookie setting. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.

We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily agree to tracking or analysis via the cookie banner that appears. If necessary, your data will be passed on to partners or third-party providers. Only if you explicitly agree to this, these cookies will be stored, the legal basis is then your consent according to Art. 6 para. 1 lit. a DSGVO. You can change your settings for the use of cookies here at any time.

3.1.3 Social plugins from Facebook, Pinterest, Instagram and YouTube

Social buttons from social networks are used on our website. These are only integrated into the page as HTML links, so that when you call up our website, no connection is yet established with the servers of the respective provider. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can, for example, click the Like or Share button.

Here you can manage, revoke, or change your settings regarding the use of cookies:
Change consent

Usercentrics


This website uses Usercentrics' consent technology to obtain your consent for storing certain cookies on your device or using certain technologies, and to document them in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Website:https://usercentrics.com/de/ (hereinafter referred to as "Usercentrics").
When you visit our website, the following personal data is transmitted to Usercentrics:Your consent(s) or the revocation of your consent(s)

  • Your IP address
  • Information about your browser
  • Information about your device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser to associate the given consents or their revocation. The collected data is stored until you request deletion, delete the Usercentrics cookie yourself, or the purpose for data storage ceases. Mandatory legal retention obligations remain unaffected.The use of Usercentrics is to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.We have entered into a data processing agreement (DPA) pursuant to Art. 28 GDPR with the aforementioned provider. This is a legally required contract that ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3.2 Online Presence and Service Optimization

Shopify

We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify").

Shopify is a tool for creating and hosting e-commerce websites. When you visit our website, Shopify collects your IP address and information about the device and browser you are using. Shopify is also used to analyze visitor numbers, visitor sources, and customer behavior, as well as to compile user statistics. When you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data related to the purchase (e.g., phone number, amount of sales made, and the like). For analytics, Shopify stores cookies in your browser.

For details, see Shopify's privacy policy:
https://www.shopify.de/legal/datenschutz.

The use of Shopify is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

We have concluded a contract on order processing (AV) pursuant to Art. 28 DSGVO with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

Chatbot moin.ai

When a user calls up our website, the chatbot moin.ai starts automatically. The provider of this service is knowhere GmbH, Fleethaus, Steinhöft 9, 20459 Hamburg. The chatbot supports fast communication with website visitors and customers. It thus serves our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO in a quick and uncomplicated processing of customer concerns.

All data and communication content is only stored in encrypted form on servers in Germany. This also applies to data transmission, which is only carried out via SSL encryption. The chatbot records all data anonymously, except for the information that the user voluntarily sends to the chatbot.

To ensure that a user who has already started a conversation with the chatbot is recognized again after a break, an anonymous identifier is stored with the user when a conversation is started. This ensures that the user dialog can continue over multiple website visits without loss of context. This identifier is stored until it is manually deleted. This deletion can be performed at any time at the customer's request.

When a chat message is forwarded to our customer support, a personal data record is collected in which the e-mail address, name and a subscription, customer, order or invoice number of the user are requested. Only after consent according to Art. 6 para. 1 lit. a DSGVO of the user is this created.

Google reCAPTCHA

On this website, we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"). This function is primarily used to distinguish whether an input is made by a natural person or is abused by machine and automated processing. The service includes the sending of the IP address and, if applicable, further data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 (1) lit. a DSGVO on the basis of your consent, provided you have given us this via the Consent banner. Since data protection is very important to us and we want to keep the intrusion as low as possible for you, we do not use the service of Google permanently, but only in certain situations. In the course of using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA.

In the event that personal data is transferred to Google LLC., which is based in the USA, Google LLC. has certified itself for the us-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list.

Further information on Google reCAPTCHA as well as Google's privacy policy can be viewed at: https://www.google.com/intl/de/policies/privacy/.

3.3 Tools and services for analysis, statistics collection and marketing

AWIN

We use components of the AWIN company on our website on the basis of your express consent pursuant to Art. 6 (1) lit. a DSGVO. The operating company of AWIN is AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany.

AWIN is a German affiliate network and serves as an interface between merchants and affiliates. Affiliate marketing is an Internet-based form of distribution that enables commercial operators of websites, known as merchants or advertisers, to display advertisements, which are usually remunerated via click or sale commissions, on third-party websites, i.e. on the websites of distribution partners, also known as affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing.

AWIN sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. The tracking cookie from AWIN does not store any personal data. Only the identification number of the affiliate, i.e. the partner referring the potential customer, as well as the order number of the visitor of a website and the clicked advertising material are stored. The purpose of storing this data is the processing of commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. AWIN. The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent AWIN from setting a cookie on the information technology system of the data subject. In addition, cookies already set by AWIN can be deleted at any time via an internet browser or other software programs.

The applicable data protection provisions of AWIN can be found at https://www.awin.com/de/rechtliches/privacy-policy.

Google Analytics (4)

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there. The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google signals

We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google signals. If you have a Google account, Google Signal's visitor data is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymized statistics on the user behavior of our users.

Google Analytics E-commerce measurement

This website uses the "E-Commerce Measurement" function of Google Analytics. With the help of E-CommerceMeasurement, the website operator can analyze the purchasing behavior of website visitors in order to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarized by Google under a transaction ID, which is assigned to the respective user or their device.

Google Optimize

The website operator uses Google Optimize. Google Optimize is an optimization program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Optimize analyzes the use of different variants of the website so that we are able to adjust the user experience according to the behavior of the website users. Google Optimize is a tool embedded in Google Analytics and uses cookies.

The IP address received in this way is anonymized immediately after processing. In exceptional cases, the full IP address is transmitted to a Google server in the USA and encrypted there. The transmitted IP address is not merged with other data from Google.

You can prevent the storage of cookies by setting your browser accordingly.

However, we would like to point out that in this case not all functions of our website can be used to their full extent.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be revoked at any time.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads Customer Match

We use Google Ads Customer Match as part of our advertising campaigns. For this, we upload lists with encrypted user data (like names, email addresses, addresses, customer IDs) to Google. Google then matches this data with existing Google customers to create target audiences for ads and campaigns. Once these lists are created, the encrypted customer data is automatically deleted, so no new addresses are obtained.

The data is sent to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google LLC, based in California, USA, and possibly US authorities, can access the data stored by Google.

Using this service is based on your consent under Article 6(1)(a) GDPR and Article 25(1) TDDDG. You can withdraw your consent at any time. The data transfer to the USA is based on the EU Commission’s standard contractual clauses. You can find more details here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/. The European Commission has issued an adequacy decision for the USA, provided companies are certified under the Data Privacy Framework Programme. Google is certified and meets the EU Commission’s requirements.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be revoked at any time.

You can find more information about Google conversion tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing analyzes your user behavior on our website (e.g. clicking on certain products) in order to classify you in certain advertising target groups and subsequently play suitable advertising messages to you when you visit other online offers (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Remarketing can be linked with Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link:
https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be revoked at any time.

Further information and the data protection provisions can be found in Google's privacy policy at:
https://policies.google.com/technologies/ads?hl=de.

For target group formation, we use, among other things, the customer matching of Google Remarketing. Here, we transfer certain customer data (e.g. e-mail addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown matching advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

Clarity

This website uses Clarity. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 (USA), https://docs.microsoft.com/en-us/clarity/ (hereinafter referred to as “Clarity”).

Clarity is a tool for analyzing user behavior on this website. Clarity specifically tracks mouse movements and creates a graphical representation of the areas of the website that users frequently scroll to (heatmaps). Clarity can also record sessions, allowing us to view site usage in the form of videos. Additionally, we receive information about general user behavior on our website.

Clarity uses technologies that enable the recognition of users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft’s servers (Microsoft Azure Cloud Service) in the USA.

There is an adequacy decision by the European Commission for the USA, provided that companies certify themselves under the Data Privacy Framework Program. Microsoft is certified accordingly and therefore complies with the EU Commission’s requirements.

The use of Clarity is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in effective user analysis. If appropriate consent has been requested, processing is carried out exclusively based on Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further details on Clarity’s data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq.

We have entered into a data processing agreement (DPA) pursuant to Article 28 of the GDPR with the above-mentioned provider. This is a legally required contract that ensures that this provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR

Amazon Advertising

Our website uses Amazon Advertising, an advertising service of Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109, USA. Amazon Advertising enables us to place targeted advertising for our products or services both on Amazon platforms and on external websites. The following data may be processed:

  • IP address
  • Device information
  • Browser data
  • Clickstream data
  • Search history on Amazon
  • Purchase history (if available)

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/.

The use is based on our legitimate interest in the most user-friendly determination of your request (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR. The consent can be revoked at any time.

Amazon is also certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company is committed to complying with these data protection standards.

Since the two sides are separate legal entities and the customers also belong to different companies, they should not be merged.

Microsoft Advertising

We use the technologies described below from Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft"). The data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 DSGVO. The information automatically collected by Microsoft technologies about your use of our website is usually transferred to a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and stored there.

For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission.

For further information on data processing by Microsoft, please refer to Microsoft's privacy policy:
https://privacy.microsoft.com/de-de/privacystatement.

For advertising purposes in the Bing, Yahoo and MSN search results and on third-party websites, the so-called Microsoft Advertising Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information, and information about your use of our website) and by means of a pseudonymous CookieID and based on the pages you visit.

For website analytics and event tracking, we use Microsoft Advertising Universal Event Tracking (UET) to measure your subsequent usage patterns when you have arrived at our website through a Microsoft Advertising ad and create usage profiles using pseudonyms. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms.

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. This allows the behavior of page visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. You can find further information on protecting your privacy in Facebook's data protection notices:
https://de-de.facebook.com/about/privacy/.

You can also deactivate the "Custom Audiences" remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

Facebook Custom Audiences

We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid offers, transmit data to us or interact with our company's Facebook content, we collect your personal data in the process. If you give us permission to use Facebook Custom Audiences, we will transmit this data to Facebook, which can use it to play out advertising that is suitable for you. Furthermore, target groups can be defined with your data (Lookalike Audiences).

Facebook processes this data as our processor. Details can be found in the Facebook user agreement:
https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent in accordance with Art. 6 (1) a DSGVO and §25 (1) TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.

TikTok Pixel

We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok Advertiser Tool from the two providers:

  • TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and.
  • TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both are hereinafter collectively referred to as "TikTok").

The TikTok Pixel is a JavaScript code snippet that allows us to understand and track visitors' activity on our website. For this purpose, the Tiktok Pixel collects and processes information about visitors to our website or the devices they use (so-called event data).

Event data collected through the TikTok Pixel is used for targeting our advertisements and improving ad delivery and personalized advertising. For this purpose, the event data collected on our website by means of the TikTok Pixel is transmitted to TikTok.

In part, this event data is information stored in the terminal device you are using. In addition, cookies are also used via the TikTok Pixel, via which information is stored on your end device used. Such storage of information by the TikTok Pixel or access to information already stored in your terminal device will only occur with your consent. The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be revoked at any time.

This collection and transmission of event data is carried out by us and TikTok as joint controllers according to Art. 26 DSGVO. We have entered into a processing agreement with TikTok as joint controllers, which sets out the distribution of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things,

  • That we are responsible for providing you with all information pursuant to Art. 13, 14 of the GDPR regarding the joint processing of personal data;
  • that TikTok is responsible for enabling the rights of data subjects under Art. 15 to 20 of the GDPR with respect to personal data stored by Facebook Ireland after the joint processing.

You can access the agreement concluded between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871.

TikTok is the sole controller for the subsequent processing of the transmitted Event Data. For more information about how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, please see TikTok's Data Policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.

Outbrain pixel

A visitor pixel and cookies of Outbrain Inc, 39 West 13th Street, 3rd floor, New York, NY 10011, USA are used on our website within the scope of your consent according to Art. 6 para. 1 lit. a. DSGVO on our website for conversion measurement. In this way, the behavior of users can be tracked after they have been redirected to the provider's website by clicking on an Outbrain advertisement. This procedure is used to evaluate the effectiveness of the Outbrain ads for statistical and market research purposes and can help to optimize future advertising measures. The data collected is anonymous for us, so it does not offer us any conclusions about the identity of the users.

All information on how Outbrain handles data can be found in Taboola's privacy policy, available at http://www.outbrain.com/de/legal/privacy.

Furthermore, you can find a list of all cookies used by Outbrain under the following link: https://www.outbrain.com/privacy/cookies/.

If you wish to view or customize your interest profile on Outbrain, click on the following link: https://my.outbrain.com/recommendations-settings/home.

We have concluded a contract for commissioned processing pursuant to Art. 28 DSGVO with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

Taboola pixel

A visitor pixel and cookies of Taboola Inc., 28 West 23rd St., 5th fl., New York, NY 10010, USA are used within the scope of your consent according to Art. 6 para. 1 lit. a. DSGVO on our website for conversion measurement. In this way, the behavior of users can be tracked after they have been redirected to the provider's website by clicking on a Taboola advertisement. This procedure is used to evaluate the effectiveness of the Taboola ads for statistical and market research purposes and can help to optimize future advertising measures. The collected data is anonymous for us, so it does not offer us any conclusions about the identity of the users.

All information on how Taboola handles the data can be found in Taboola's privacy policy, available at https://www.taboola.com/de/privacy-policy.

We have concluded an order processing contract pursuant to Art. 28 DSGVO with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors according to our instructions and in compliance with the DSGVO.

Google Campaign Manager

This website also uses the online marketing tool Campaign Manager from Google, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

The Campaign Manager uses cookies to display ads that are relevant to users, to improve campaign performance reports, or to prevent users from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Campaign Manager can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the website of the advertising company with the same browser and makes a purchase.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of the Campaign Manager, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or are not logged in, there is a possibility that Google will learn and store your IP address.

In addition, the Campaign Manager cookies used (e.g. referred to as DoubleClick or Floodlight) enable us to understand whether you perform certain actions on our website after accessing or clicking on one of our display/video ads on Google or on another platform via the Campaign Manager (conversion tracking). Campaign Manager uses this cookie to understand the content you have interacted with on our websites in order to later send you targeted advertising.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and 25 para. 1 TTDSG. The consent can be revoked at any time.

You can find more information about Campaign Manager at https://marketingplatform.google.com/about/enterprise/ and about data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Google has submitted to the Data Privacy Framework Program and is certified: https://www.dataprivacyframework.gov/s/.

Google Display & Video 360

On this website we use the tool Display & Video 360 of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, which collects data for analysis, marketing and optimization purposes and thereby helps us to improve our marketing measures, our website.

The data collected is used by Display & Video 360 to link advertising contacts and clicks on advertisements with a resulting use of our website. In this way, we can determine whether Internet users who have seen our ads visit our website or which products they are interested in. This helps us to use our advertising budget more efficiently. The data collected may also be used by us to deliver advertising based on your interests (e.g. products viewed).
Pseudonymous online identification numbers (such as cookie IDs or IP addresses) are used for data collection. No unique user-related data such as name or address is stored. All IDs used by us only enable the recognition of your terminal device and your internet browser. The collected data will not be used by us to personally identify you as a user of our website without your separate consent.

We would like to point out that for users who have registered with Google, Google may link the visit to this website with the registered data. You can find out exactly how Google handles your data on Google's privacy pages by clicking on the following link: https://privacy.google.de/intl/de/take-control.html?categories_activeEl=sign-in.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and 25 para. 1 TTDSG. The consent can be revoked at any time.

Google has submitted to the Data Privacy Framework Program and is certified: https://www.dataprivacyframework.gov/s/

 

3.4 Contact Form

When contacting us (e.g. via contact form, email, phone or via social media), the data sent by the requesting person will be processed to the extent necessary to respond to the contact requests and any requested actions and stored on our servers in the course of data backup. Your data will only be used by us to process your request. Your data will be treated strictly confidential. It will not be passed on to third parties.

Contact requests in the context of contractual or pre-contractual relationships are answered in order to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
  • Data subjects: Communication partners.
  • Purposes of processing: contact requests and communication.
  • Legal grounds: contract performance and pre-contractual inquiries (Art. 6 para. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 lit. f. DSGVO).

3.5 Customer account

Contractual partners can create an account within our online offer (e.g. customer or user account, "customer account" for short). If registration of a customer account is required, contractual partners will be informed of this as well as of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. In the course of registration and subsequent logins and use of the customer account, we store the IP addresses of the customers together with the access times in order to be able to prove registration and prevent any misuse of the customer account.

If customers have terminated their customer account, the data relating to the customer account will be deleted, unless their retention is required for legal reasons. It is the responsibility of customers to back up their data when their customer account is terminated.

3.6 Shop and e-commerce

We process the data of our customers to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery, or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is marked as such in the context of the order or comparable purchase process and includes the information needed for delivery, or provision and billing, as well as contact information to be able to contact you if necessary.

  • Types of data processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Interested parties, business and contractual partners, customers.
  • Purposes of processing: provision of contractual services and customer service, contact requests and communication, office and organizational procedures, administration and response to requests, security measures, conversion measurement (measuring the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creating user profiles).
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

3.6.1 Purchase of goods

If you are already a customer with us and have to interrupt the process during a new order process or are unable to complete your purchase, we will remind you after a certain time by e-mail or SMS of the items you have placed in your shopping cart so that you do not have to put them together again ("Abandoned Cart") or send you a message with the items you have viewed ("Abandoned Browse"). We use cookies for this purpose. For more information on the use of cookies, see section 3.1.2 ("Cookies, tracking pixels and tools").

The legal basis for sending the notifications is § 7 para. 3 UWG. You can object to the sending of the notifications at any time, for example by contacting us via the corresponding link in the e-mail you receive.

3.7 Direct advertising

3.7.1 Customer information

Unless you have objected, we will use the e-mail address and cell phone number you provided when purchasing goods or services to send you electronic advertising for our own goods or services that are similar to those you have already purchased or used from us. For this purpose, we use your e-mail address, cell phone number, name and order history to send you information about products that may interest you based on your recent orders. The legal basis for data processing is Art. 6 (1) lit. F DSGVO and § 7 (3) UWG.

You can object to this processing in accordance with Art. 21 (2) DSGVO at any time, for example by contacting us via the corresponding link in the email you receive or by sending an email to service@esn.com.

3.7.2 Newsletter

On our website, we offer the possibility to register for our newsletter. After registration, we will inform you regularly by e-mail and SMS about news regarding our offers (e.g. promotions, new products, re-stocks and competitions).

Furthermore, after a certain period of time, you will be reminded by e-mail and SMS about the items you have put in your shopping cart and whose order you had to interrupt or whose purchase you could not complete.

A valid e-mail address or cell phone number is required to subscribe to the newsletter. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via the link. To verify the cell phone number, you will receive a registration SMS, which you must confirm via the link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your email address and cell phone number based on your consent. The legal basis for the processing is based on rt. 6 para. 1 UAbs. 1 lit. a DSGVO.

You can unsubscribe from our newsletter at any time, for example by contacting us via the corresponding link in the email you receive or by sending an email to service@esn.com.

Typeform

We use Typeform from TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (Typeform) for our registration for the B2B newsletter and for the customer challenge. This allows us to provide you with an easy way to contact us.

For this purpose, we share the following personal data with Typeform: Email address

Typeform is the recipient of your personal data and acts as a processor for us. The processing of the data specified in this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot provide you with a newsletter. The data is stored exclusively for the purpose of subscribing to the newsletter.

In addition, Typeform collects the following personal data with the help of cookies: Information about your end device (IP address, device information, operating system, browser settings). Furthermore, usage data such as the date and time when you used the form is collected. Typeform requires this data to ensure the display and functionality of the website. Further information can be found at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-dat

The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent to the processing of your personal data at any time. The revocation can be made via the contact options provided. Your data will be processed for as long as the corresponding consent is available. The declaration of revocation does not affect the lawfulness of the processing carried out to date.

3.7.3 Service providers

We use CleverReach to send customer information and newsletters. The provider is CleverReach GmbH & Co KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter "CleverReach"). CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland.

In addition, we use Klaviyo for sending customer information and newsletters and integrate components for this on our website. The provider is Klaviyo, Inc, 125 Summer St Floor 6, Boston, MA 02111, United States (hereinafter "Klaviyo"). Klaviyo provides marketing automation software for marketing services and products, including SEO and content creation, lead management, newsletters, email and SMS marketing, and web analytics.

Klaviyo uses cookies and other browser technologies to evaluate user behavior and identify users. This information is used, among other things, to compile reports on website activity and to provide customers with personalized communications (e.g., reminders about uncompleted purchases, notices about products customers have viewed, etc.). In addition, Klaviyo is used to store and transmit data entered in forms using cookies, including your IP address. In this case, your data will be passed on to Klaviyo.

The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on Klaviyo's servers in the United States.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.

3.7.4 Analysis

CleverReach and Klaviyo

Our customer information and newsletters sent with CleverReach and Klaviyo allow us to analyze the behavior of recipients. We use these capabilities to improve your shopping experience by sending you customized advertising that is more useful and relevant to you.

CleverReach can be used to analyze, among other things, how many recipients have opened a message and how often which link was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on a link. For more information on data analysis through CleverReach newsletters, please visit:
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

When you open an e-mail sent with Klaviyo, a file contained in the e-mail (so-called web-beacon) connects to Klaviyo's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. For more information on data analysis by Klaviyo, please visit: https://www.klaviyo.com/features/reporting. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.klaviyo.com/legal/dpa

Data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not want any analysis by CleverReach or Klaviyo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more details, please refer to the data protection provisions of CleverReach at: https://www.cleverreach.com/de/datenschutz/ and Klaviyo at https://www.klaviyo.com/legal/privacy-notice.

We have concluded a contract on order processing (AV) according to Art. 28 DSGVO with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

Varify.io

We use Varify.io from the company Varify GmbH, Südliche Münchner Straße 55, 82031 Grünwald, Germany. Varify is a service that makes it possible to further develop our website with the help of so-called "A/B tests" and to adapt it to your needs.

For this purpose, we store cookies in your browser in order to evaluate and analyse these "A/B tests". We have ensured that the cookies stored in your browser do not process any of your personal data and that no conclusions can be drawn about you. The cookies only register your interaction with the website by categorising you into a user group. The user group is analysed and evaluated anonymously. Your IP address is processed for a short time to play the cookie, but it is not stored.

The use of Varify.io is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in A/B testing in order to optimise and improve our online offering. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

3.7.5 Postal Advertising

We use your address in compliance with all legal provisions for sending postal advertising.

The legal basis for this is our legitimate interest in direct advertising in accordance with Art. 6 para. 1 lit. f in conjunction with recital 47 GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. More specific regulations may be communicated to you during data collection and take precedence over this regulation.

Your address will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to postal advertising, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

We use the following service provider to send our mailings:

Deutsche Post Dialog Solutions GmbH
Charles-de-Gaulle-Str. 20
D-53113 Bonn

We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3.8 Evaluation requests

If you have ordered a product in our store, we will ask you by e-mail and SMS about your satisfaction with your order, unless you have previously objected to this. In order to send you this request, we use the email address and cell phone number you provide. We also process your name, IP address and the IP geolocation used, as well as information about your order. The customer satisfaction survey or the described data processing is based on the legal basis of § 7 para.3 UWG in conjunction with Art. 6 para. 1 lit. f) DSGVO. This processing serves the purpose of direct advertising.

You can object to the processing and in particular the use of your e-mail address and cell phone number for this purpose at any time pursuant to Art. 21 (2) DSGVO by using the objection option in our e-mails or by sending an e-mail to the e-mail address given in our imprint, without incurring any costs other than the transmission costs according to the prime rates.

3.8.1 Refer-a-friend programme with MentionMe

We use MentionMe to provide the Refer-a-friend programme on our website. Users can recommend our services to their friends. The provider is Mention Me Limited, 20-22 Wenlock Road, London, N1 7GU, United Kingdom.
The provider processes content data (e.g. entries in online forms), contact data (e.g. email addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses) and master data (e.g. names, addresses) in the United Kingdom.

Mention Me offers a referral marketing solution that allows customers to recommend our products to their friends via various communication channels, such as sharing a link. For this purpose, the referrer (recommender) enters their own name and e-mail address on the website and is then sent a link that they can share with friends for the purpose of recommendation. Both the referrer and the referee (the recommended person) then receive a reward for the recommendation, provided that the referee has made use of the forwarded offer.

We will share selected data from you (email address, name and order details) in encrypted, pseudonymised form with Mention Me so that you can participate in our ‘customer referral programme’. This allows us to later determine which and how many existing customers have referred a new customer and who receives a reward for their recommendation. The e-mail address, name and IP address of the referrer are processed for this purpose. The email address and IP address of the referred friend.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing takes place on the basis of consent. Data subjects can withdraw their consent at any time, e.g. by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation. The data will be deleted if the purpose of its collection no longer applies and there is no obligation to retain it. Further information can be found in the provider's privacy policy.

You can find the provider's privacy policy here: Mention Me Privacy Policy
You can find the provider's cookie policy here: https://mention-me.com/help/privacy_policy/en_US#cookies

We have concluded an order processing contract (AVV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors and customers only in accordance with our instructions and in compliance with the GDPR.

3.9 Economic analyses and market research

For business reasons and in order to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our online offer.

The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g. on services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e. anonymized values. Furthermore, we take into account the privacy of users and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).

3.10 Payment service providers

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions for this purpose (collectively, "payment service providers").

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required in order to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e., we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the payment service providers transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and the privacy notices of the payment service providers.

For payment transactions, the terms and conditions and data protection notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.

3.11 Transport service providers

For the purpose of delivering ordered goods, we work together with logistics service providers/transport companies and/or shipping partners to whom the following data is transmitted for the purpose of delivering the ordered goods or for the purpose of shipment notification: First name, last name, postal address and, if applicable, the e-mail address and, if applicable, the telephone number. The legal basis for the processing is Art. 6(1)(b) DSGVO.

3.12 Security

We have taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees as well as service providers (processors) working for us are bound by the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our data protection statements are constantly being revised. Please make sure that you have the latest version.

3.13 Data exchange within the group

Your order data will be made available to the group companies if necessary for the processing of the contract. The storage of customer data is company-related and separate, whereby our parent company or individual companies may act as service providers for the other individual participating companies (e.g. customer support or logistics).

3.14 Training plans

On our website, you have the option of receiving prescribed training plans for different training levels. In order for you to receive the corresponding training plan, we simply process your e-mail address.

After registering, you will receive a download link that you can use to download your training plan. The prerequisite for the provision of a training plan is registration for our newsletter. The legal basis is therefore Art. 6 para. 1 lit. b GDPR.

You can unsubscribe from the newsletter at any time.

4. online presence on social media

Insofar as you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on our social media channels, from which usage profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights in this regard and setting options for protecting your privacy, please refer to the respective linked data protection notices of the providers on their websites. If you still require assistance in this regard, you can contact us.

5. data subject rights

You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

  • Right to information:
    You can request information from us as to whether and to what extent we process your data.
  • Right to rectification:
    If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
  • Right to erasure:
    You can request that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.
    Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
  • Right to restriction of processing:
    You may request us to restrict the processing of your data if
    • you dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data.
    • the processing of the data is unlawful, but you refuse to delete it and instead request restriction of the use of the data,
    • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
    • you have objected to the processing of the data.
  • Right to data portability:
    You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that
    • we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and
    • this processing is carried out with the aid of automated procedures.
    If technically feasible, you may request that we transfer your data directly to another controller.
  • Right to object:
    If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defense of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
  • Right of complaint:
    If you are of the opinion that we violate German or European data protection law when processing your data, please contact us to clarify any issues. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

6. changes to this data protection declaration

We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please make sure that you have the latest version. If fundamental changes are made to this privacy statement, we will announce them on our website.