Informativa sulla privacy sito web EN

Informativa sulla privacy del sito web

Introduzione

Di seguito forniamo informazioni sulla raccolta dei dati personali durante l'utilizzo

il nostro sito web sonoro.com
i nostri profili sui social media.

I dati personali sono tutti i dati che possono essere ricondotti a una persona fisica specifica, come il nome o l'indirizzo IP.

Dettagli di contatto

Il titolare del trattamento ai sensi dell'art. 4, comma 7 del Regolamento generale sulla protezione dei dati (GDPR) dell'UE è sonoro audio GmbH, Hammer Landstraße 45, Neuss, Germania, e-mail: info@sonoro.com. Siamo rappresentati legalmente da Marcell Faller.

Il nostro responsabile della protezione dei dati può essere contattato tramite heyData GmbH, Schützenstraße 5, 10117 Berlino, www.heydata.eu, e-mail: datenschutz@heydata.eu.

Ambito del trattamento dei dati, finalità del trattamento e basi giuridiche

Di seguito descriviamo in dettaglio l'ambito del trattamento dei dati, le finalità del trattamento e le basi giuridiche. In linea di principio, come base giuridica per il trattamento dei dati vengono prese in considerazione le seguenti ipotesi:

6 para. 1 s. 1 lit. a GDPR funge da base giuridica per le operazioni di trattamento per le quali otteniamo il consenso.
6 para. 1 s. 1 lit. b GDPR è la base giuridica nella misura in cui il trattamento dei dati personali è necessario per l'esecuzione di un contratto, ad esempio se un visitatore del sito acquista un prodotto da noi o se noi gli forniamo un servizio. Questa base giuridica si applica anche al trattamento necessario per misure precontrattuali, come nel caso di richieste di informazioni sui nostri prodotti o servizi.
6 comma 1 lett. c del GDPR si applica se adempiamo a un obbligo legale mediante il trattamento dei dati personali, come può essere il caso, ad esempio, nel diritto tributario.
6 para. 1 s. 1 lit. f GDPR funge da base giuridica quando possiamo fare affidamento su interessi legittimi per il trattamento dei dati personali, ad esempio per i cookie necessari al funzionamento tecnico del nostro sito web.

Trattamento dei dati al di fuori del SEE

Nella misura in cui trasferiamo dati a fornitori di servizi o altre terze parti al di fuori del SEE, la sicurezza dei dati durante il trasferimento è garantita dalle decisioni di adeguatezza della Commissione UE, nella misura in cui esistono (ad esempio per la Gran Bretagna, il Canada e Israele) (art. 45, paragrafo 3 del GDPR).

Nel caso di trasferimento dei dati a fornitori di servizi negli Stati Uniti, la base giuridica per il trasferimento dei dati è una decisione di adeguatezza della Commissione europea, se il fornitore di servizi si è anche certificato ai sensi del quadro normativo UE-USA sulla protezione dei dati.

In altri casi (ad esempio, se non esiste una decisione di adeguatezza), la base giuridica per il trasferimento dei dati è solitamente, salvo diversa indicazione, costituita dalle clausole contrattuali standard. Si tratta di una serie di norme adottate dalla Commissione europea che fanno parte del contratto con la rispettiva terza parte. Ai sensi dell'art. 46, paragrafo 2, lettera b) del GDPR, esse garantiscono la sicurezza del trasferimento dei dati. Molti dei fornitori hanno fornito garanzie contrattuali che vanno oltre le clausole contrattuali standard per proteggere i dati. Queste includono, ad esempio, garanzie relative alla crittografia dei dati o all'obbligo da parte della terza parte di informare gli interessati qualora le autorità di contrasto desiderino accedere ai rispettivi dati.

Durata di conservazione

Salvo quanto espressamente indicato nella presente informativa sulla privacy, i dati da noi memorizzati saranno cancellati non appena non saranno più necessari per lo scopo previsto e non sussisteranno obblighi legali di conservazione dei dati in contrasto con la cancellazione. Se i dati non vengono cancellati perché necessari per altri scopi consentiti dalla legge, il loro trattamento è limitato, ovvero i dati vengono bloccati e non trattati per altri scopi. Ciò vale, ad esempio, per i dati che devono essere conservati per motivi commerciali o fiscali.

Diritti degli interessati

Gli interessati hanno nei nostri confronti i seguenti diritti in relazione ai propri dati personali:

Diritto di accesso,
Diritto di rettifica o cancellazione,
Diritto di limitare il trattamento,
Diritto di opporsi al trattamento ,
Diritto alla portabilità dei dati,
Diritto di revocare un consenso dato in qualsiasi momento.

Gli interessati hanno inoltre il diritto di presentare reclamo in merito al trattamento dei propri dati personali presso un'autorità di controllo della protezione dei dati. I recapiti delle autorità di controllo della protezione dei dati sono disponibili all'indirizzo https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

Obbligo di fornire dati

Nell'ambito del rapporto commerciale o di altro tipo, i clienti, i potenziali clienti o terzi devono fornirci i dati personali necessari per l'instaurazione, l'esecuzione e la cessazione di un rapporto commerciale o di altro tipo o che siamo legalmente obbligati a raccogliere. Senza questi dati, saremo generalmente costretti a rifiutare la conclusione del contratto o la fornitura di un servizio o non saremo più in grado di eseguire un contratto esistente o altro rapporto.

I dati obbligatori sono contrassegnati come tali.

Nessuna decisione automatica nei singoli casi

Per principio, non utilizziamo un processo decisionale completamente automatizzato ai sensi dell'articolo 22 del GDPR per stabilire e attuare il rapporto commerciale o di altro tipo. Qualora dovessimo ricorrere a tali procedure in singoli casi, ne daremo comunicazione separatamente, se richiesto dalla legge.

Entrare in contatto

Quando ci contattate, ad esempio tramite e-mail o telefono, i dati che ci fornite (ad esempio nomi e indirizzi e-mail) vengono da noi memorizzati al fine di rispondere alle vostre domande. La base giuridica del trattamento è il nostro legittimo interesse (art. 6, comma 1, frase 1, lett. f GDPR) a rispondere alle richieste che ci vengono rivolte. Cancelliamo i dati raccolti in questo contesto quando la conservazione non è più necessaria o ne limitiamo il trattamento se sussistono obblighi di conservazione previsti dalla legge.

Competizioni

Occasionalmente, organizziamo concorsi tramite il nostro sito web o in altri modi. Trattiamo i dati richiesti in questi concorsi al fine di determinare e informare i vincitori. Successivamente, cancelliamo i dati. È anche possibile che organizziamo concorsi solo per i clienti esistenti. In questo caso, trattiamo solo il nome per determinare i vincitori e i dati di contatto per informarli. È nostro legittimo interesse offrire concorsi per attirare clienti o interagire con i nostri clienti esistenti. La base giuridica per il trattamento dei dati è l'art. 6, par. 1, comma 1, lett. f del GDPR.

Sondaggi sui clienti

Di tanto in tanto conduciamo sondaggi tra i clienti per conoscere meglio loro e le loro esigenze. A tal fine raccogliamo i dati richiesti in ciascun caso. È nostro legittimo interesse conoscere meglio i nostri clienti e le loro esigenze, pertanto la base giuridica per il trattamento dei dati associati è l'art. 6, comma 1, frase 1, lett. f del RGPD. I dati vengono cancellati una volta valutati i risultati dei sondaggi.

Ci riserviamo il diritto di informare i clienti che hanno già utilizzato i nostri servizi o acquistato prodotti di tanto in tanto tramite e-mail o altri mezzi in merito alle nostre offerte, se non si sono opposti a ciò. La base giuridica per questo trattamento dei dati è l'art. 6 comma 1 s. 1 lett. f GDPR. Il nostro interesse legittimo è quello di svolgere attività di pubblicità diretta (considerando 47 GDPR). I clienti possono opporsi all'utilizzo del loro indirizzo e-mail per scopi pubblicitari in qualsiasi momento senza incorrere in costi aggiuntivi, ad esempio tramite il link riportato alla fine di ogni e-mail o inviando un'e-mail al nostro indirizzo e-mail sopra indicato.

Le parti interessate hanno la possibilità di iscriversi a una newsletter gratuita. Trattiamo i dati forniti durante la registrazione esclusivamente per l'invio della newsletter. L'iscrizione avviene selezionando il campo corrispondente sul nostro sito web, spuntando il campo corrispondente in un documento cartaceo o con un'altra azione chiara, con la quale le parti interessate dichiarano il loro consenso al trattamento dei propri dati, per cui la base giuridica è l'art. 6 comma 1 lett. a GDPR. Il consenso può essere revocato in qualsiasi momento, ad esempio cliccando sul link corrispondente nella newsletter o inviando una comunicazione al nostro indirizzo e-mail sopra indicato. Il trattamento dei dati fino alla revoca rimane lecito anche in caso di revoca.

Sulla base del consenso dei destinatari (art. 6, par. 1, comma 1, lett. a del GDPR), misuriamo anche il tasso di apertura e di clic delle nostre newsletter per capire cosa è rilevante per il nostro pubblico.

Inviamo newsletter con lo strumento Omnisend del fornitore UAB Omnisend, Verkių g. 25C-1, LT-08223 Vilnius, Lituania . Il fornitore elabora contenuti, dati di utilizzo, meta/comunicazione e dati di contatto nel corso del processo nell'UE. Ulteriori informazioni sono disponibili nell'informativa sulla privacy del fornitore all'indirizzo https://www.omnisend.com/privacy/ .

Trattamento dei dati sul nostro sito web

Avviso per i visitatori del sito web provenienti dalla Germania

Il nostro sito web memorizza informazioni nelle apparecchiature terminali dei visitatori del sito web (ad es. cookie) o accede a informazioni già memorizzate nelle apparecchiature terminali (ad es. indirizzi IP). Le informazioni dettagliate in merito sono riportate nelle sezioni seguenti.

Questo archiviazione e accesso si basa sulle seguenti disposizioni:

Nella misura in cui tale memorizzazione o accesso sia assolutamente necessario per fornire il servizio del nostro sito web espressamente richiesto dai visitatori del sito web (ad esempio, per eseguire un chatbot utilizzato dal visitatore del sito web o per garantire la sicurezza informatica del nostro sito web), esso viene effettuato sulla base della sezione 25, paragrafo 2 n. 2 della legge tedesca sulla protezione dei dati dei servizi digitali di telecomunicazione (Telekommunikation-Digitale-Dienste-Datenschutzgesetz, "TDDDG").
In caso contrario, tale memorizzazione o accesso avviene sulla base del consenso del visitatore del sito web (sezione 25, paragrafo 1 TDDDG).

Il successivo trattamento dei dati viene effettuato in conformità con le seguenti sezioni e sulla base delle disposizioni del GDPR.

Utilizzo informativo del nostro sito web

Durante l'utilizzo informativo del sito web, ovvero quando i visitatori del sito non ci trasmettono separatamente informazioni, raccogliamo i dati personali che il browser trasmette al nostro server al fine di garantire la stabilità e la sicurezza del nostro sito web. Questo è il nostro legittimo interesse, pertanto la base giuridica è l'art. 6 par. 1 s. 1 lett. f GDPR.

Questi dati sono:

Indirizzo IP
Data e ora della richiesta
Differenza di fuso orario rispetto al Greenwich Mean Time (GMT)
Contenuto della richiesta (pagina specifica)
Stato di accesso/Codice di stato HTTP
Quantità di dati trasferiti in ciascun caso
Sito web da cui proviene la richiesta
Navigatore
Sistema operativo e relativa interfaccia
Lingua e versione del software del browser.

Questi dati vengono memorizzati anche in file di log. Essi vengono cancellati quando la loro conservazione non è più necessaria, al più tardi dopo 14 giorni.

Hosting web e fornitura del sito web

Il nostro sito web è ospitato da DigitalOcean. Il fornitore è Digitalocean LLC, 101 Avenue of the Americas 10th Floor, New York, NY 10013, USA. In tal modo, il provider elabora i dati personali trasmessi tramite il sito web, ad esempio contenuti, dati di utilizzo, meta/comunicazione o dati di contatto, nell'UE. Ulteriori informazioni sono disponibili nell'informativa sulla privacy del provider all'indirizzo https://www.digitalocean.com/legal/privacy-policy.

È nostro legittimo interesse fornire un sito web, pertanto la base giuridica del trattamento dei dati descritto è l'art. 6, par. 1, comma 1, lett. f del GDPR.

Modulo di contatto

Quando ci contattate tramite il modulo di contatto sul nostro sito web, memorizziamo i dati richiesti e il contenuto del messaggio. La base giuridica del trattamento è il nostro legittimo interesse a rispondere alle richieste che ci vengono rivolte. La base giuridica del trattamento è quindi l'art. 6 comma 1 s. 1 lett. f GDPR. Cancelliamo i dati raccolti in questo contesto quando la loro conservazione non è più necessaria o ne limitiamo il trattamento se sussistono obblighi di conservazione previsti dalla legge.

Posizioni vacanti

Pubblichiamo le posizioni vacanti sul nostro sito web, sulle pagine collegate al sito web o su siti web di terzi.

Il trattamento dei dati forniti nell'ambito della candidatura viene effettuato allo scopo di eseguire la procedura di candidatura. Nella misura in cui ciò sia necessario per la nostra decisione di instaurare un rapporto di lavoro, la base giuridica è costituita dall'art. 88, comma 1, del GDPR in combinato disposto con l'art. 26, comma 1, della legge federale tedesca sulla protezione dei dati (Bundesdatenschutzgesetz). Abbiamo contrassegnato i dati necessari per l'espletamento della procedura di candidatura o li abbiamo indicati. Se i candidati non forniscono questi dati, non possiamo elaborare la candidatura. Ulteriori dati sono facoltativi e non necessari per la candidatura. Se i candidati forniscono ulteriori informazioni, la base è il loro consenso (art. 6, comma 1, lett. a del GDPR).

Chiediamo ai candidati di non fornire informazioni relative alle opinioni politiche, alle convinzioni religiose e ad altri dati sensibili simili nel proprio CV e nella lettera di presentazione. Tali informazioni non sono necessarie ai fini della candidatura. Se i candidati forniscono comunque tali informazioni, non possiamo impedire il loro trattamento nell'ambito dell'elaborazione del CV o della lettera di presentazione. Il loro trattamento si basa quindi anche sul consenso dei candidati (art. 9, par. 2, lett. a) del GDPR).

Infine, trattiamo i dati dei candidati per ulteriori procedure di candidatura, qualora essi ci abbiano fornito il loro consenso in tal senso. In questo caso, la base giuridica è l'art. 6, par. 1, comma 1, lett. a) del GDPR.

Trasmettiamo i dati dei candidati ai responsabili del reparto Risorse umane, ai nostri responsabili del trattamento dei dati nell'ambito del reclutamento e ai dipendenti coinvolti in altro modo nel processo di candidatura.

Se, al termine della procedura di candidatura, instauriamo un rapporto di lavoro con il candidato, cancelliamo i dati solo dopo la cessazione del rapporto di lavoro. In caso contrario, cancelliamo i dati entro e non oltre sei mesi dal rifiuto della candidatura.

Se i candidati ci hanno dato il loro consenso all'utilizzo dei loro dati anche per ulteriori procedure di candidatura, non cancelleremo i loro dati fino a un anno dopo aver ricevuto la candidatura.

Recensioni

I visitatori del sito possono lasciare recensioni sul nostro sito web relative ai nostri prodotti, servizi o, in generale, alla nostra azienda. A tal fine, oltre ai dati inseriti, trattiamo anche metadati o dati di comunicazione. Abbiamo un interesse legittimo a ricevere feedback dai visitatori del sito sulle nostre offerte. Pertanto, la base giuridica per il trattamento dei dati è l'art. 6, par. 1, comma 1, lett. f del GDPR. Nella misura in cui utilizziamo uno strumento di terze parti per l'accordo, le informazioni al riguardo sono disponibili alla voce "Terze parti".

Account cliente

I visitatori del sito possono aprire un account cliente sul nostro sito web. Trattiamo i dati richiesti in questo contesto sulla base del consenso del visitatore del sito. Trattiamo i dati richiesti in questo contesto per adempiere al rispettivo contratto utente stipulato per l'account, pertanto la base giuridica del trattamento è l'art. 6, par. 1, lett. b del RGPD.

Offerta di beni

Offriamo prodotti tramite il nostro sito web. A tal fine, nell'ambito del processo di ordinazione trattiamo i seguenti dati:

Indirizzo e-mail
• Nome
• Indirizzo
• Numero di telefono

Il trattamento dei dati viene effettuato per l'esecuzione del contratto stipulato con il visitatore del sito (art. 6, comma 1, lett. b del GDPR).

Trasmettiamo i dati sopra indicati ai seguenti fornitori di servizi, nella misura in cui ciò sia necessario nell'ambito dell'ordine:

pfenning solutions GmbH, Walter-Gropius-Str. 19c, 50126, Bergheim, Germania

La base giuridica del trattamento è l'art. 6, comma 1, frase 1, lett. b del RGPD, in quanto necessario per l'esecuzione del contratto.

Processori di pagamento

Per l'elaborazione dei pagamenti ci avvaliamo di gestori di pagamenti che sono essi stessi titolari del trattamento dei dati ai sensi dell'art. 4 n. 7 del RGPD. Nella misura in cui essi ricevono dati e dati di pagamento da noi inseriti nel processo di ordinazione, adempiamo in tal modo al contratto stipulato con i nostri clienti (art. 6 comma 1 frase 1 lett. b RGPD).

Questi processori di pagamento sono:

Amazon Payments Europe sca, Lussemburgo
American Express Europe SA
Apple Inc., Stati Uniti (per Apple Pay)
Google Ireland Limited, Irlanda (per Google Pay)
Klarna Bank AB (publ), Svezia (per "Klarna su fattura")
Klarna Bank AB (publ), Svezia (per "Klarna Sofort")
Mollie BV, Paesi Bassi
PayPal (Europa) S.à rl et Cie, SCA, Lussemburgo
Visa Europe Services Inc., Gran Bretagna
Amazon Pay

Technically necessary cookies

Our website sets cookies. Cookies are small text files that are stored in the web browser on the end device of a site visitor. Cookies help to make the offer more user-friendly, effective and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter "Technically Necessary Cookies"), the legal basis for the associated data processing is Art. 6 para. 1 s. 1 lit. f GDPR. We have a legitimate interest in providing customers and other site visitors with a functional website. Specifically, we set technically necessary cookies for the following purpose or purposes:

• Cookies, to save the shopping cart
• Cookies, to save login data
• Cookies, to remember search terms
• Cookies, to apply language settings
• Cookies, to enable payment providers to process payments and not to analyze user behavior

Third parties

Hotjar

We use Hotjar for analytics. The provider is Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's, STJ 3141, Malta. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.hotjar.com/legal/policies/privacy/.

Criteo

We use Criteo for advertising. The provider is Criteo SA, 32 rue Blanche, 75009 Paris, France. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The data is stored for a maximum of 13 months from the date of collection. We are acting as joint controllers with the service provider to provide personalized ads. Further information is available in the provider's privacy policy at https://www.criteo.com/privacy/.

Usercentrics

We use Usercentrics to manage consents. The provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR . We have a legitimate interest in managing the consent of website visitors to cookies in a simple manner.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://usercentrics.com/privacy-policy/.

Trustpilot

We use Trustpilot for customer reviews. The provider is Trustpilot A/S, Pilestræde 58, 5th floor, 1112 Copenhagen K, Denmark. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR . We have a legitimate interest in receiving feedback on our services from our customers through reviews.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://uk.legal.trustpilot.com/for-businesses/business-privacy-policy.

Weglot

We use Weglot for translations. The provider is Weglot, 138, rue Pierre Joigneaux in BOIS-COLOMBES (92270), France. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://weglot.com/de/privacy/.

Cookiebot

We use Cookiebot to manage consents. The provider is Usercentrics A/S, Havnegade 39, DK-1058, Copenhagen. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR . We have a legitimate interest in managing the consent of website visitors to cookies in a simple manner.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.cookiebot.com/en/privacy-policy/.

Zendesk

We use Zendesk for a live chat. The provider is Zendesk, Inc., 1019 Market St., San Francisco, CA 94103, USA. The provider processes content data (e.g. entries in online forms), contact data (e.g. e-mail addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses), master data (e.g. names, addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.zendesk.com/company/customers-partners/privacy-policy/.

Mouseflow

We use Mouseflow for analytics. The provider is Mouseflow, ApSFlaesketorvet 68, 1711 Copenhagen V, Denmark. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contact data (e.g. e-mail addresses, telephone numbers) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://mouseflow.com/privacy/.

Elfsight

We use Elfsight to integrate widgets. The provider is Elfsight, LLC, 0015, Armenia, Yerevan, Paronyana str., 19/3, 201. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://elfsight.com/privacy-policy/.

WP rocket

We use WP rocket for the website performance. The provider is SAS WP MEDIA, 4 rue de la République, 69001 LYON, France. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR . We have a legitimate interest in reducing the loading time on our website.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://wp-rocket.me/de/impressum/.

Zendesk

We use Zendesk for quizzes and forms. The provider is Zendesk, Inc., 1019 Market St., San Francisco, CA 94103, USA. The provider processes content data (e.g. entries in online forms), meta/communication data (e.g. device information, IP addresses), contact data (e.g. e-mail addresses, telephone numbers) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR . We have a legitimate interest in creating forms in a simple way.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.zendesk.com/company/customers-partners/privacy-policy/#how-we-use-information-that-we-collect.

Stape

We use Stape for data analytics, for analytics. The provider is Stape Europe OÜ, Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://stape.io/privacy-notice.

Microsoft Dynamics 365

We use Microsoft Dynamics 365 for customer relationship management. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The provider processes contract data (e.g. subject matter of the contract, term), contact data (e.g. e-mail addresses, telephone numbers), master data (e.g. names, addresses), meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR . We have a legitimate interest in managing our customer data in a simple way.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://privacy.microsoft.com/en-gb/privacystatement.

Google Analytics

We use Google Analytics for analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://business.safety.google/privacy/.

Google Tag Manager

We use Google Tag Manager for advertising, for analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://business.safety.google/privacy/.

Meta Pixel

We use Meta Pixel for analytics. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.facebook.com/policy.php.

Facebook Custom Audiences

We use Facebook Custom Audiences for advertising. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://www.facebook.com/policy.php.

YouTube Videos

We use YouTube Videos for videos on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses), usage data (e.g. web pages visited, interest in content, access times) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis consents.

Further information is available in the provider's privacy policy at https://policies.google.com/privacy.

Zapier

We use Zapier to automate between applications. The provider is Zapier, Inc., 548 Market St. #62411, San Francisco, CA 94104-5401, USA. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR . We have a legitimate interest in easily connecting the applications in our company to optimize the way we work.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://zapier.com/privacy.

Google Maps

We use Google Maps for maps on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://business.safety.google/privacy/.

Outbrain

We use Outbrain for advertising. The provider is Outbrain Inc., 222 Broadway 19th Floor, New York, NY 10038, USA. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR) adopted by the EU Commission in accordance with the examination procedure under Art. 93 para. 2 of the GDPR, which we have agreed to with the provider.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.outbrain.com/legal/privacy#privacy-policy.

Google Conversion Tag

We use Google Conversion Tag for conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://business.safety.google/privacy/.

Facebook Conversion API

We use Facebook Conversion API for analytics. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.facebook.com/policy.php.

Microsoft Advertising (Bing Ads)

We use Microsoft Advertising (Bing Ads) for conversion tracking, for analytics. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://privacy.microsoft.com/en-gb/privacystatement.

VWO

We use VWO for analytics. The provider is Wingify Software Private Limited, 1104, 11th Floor, KLJ Tower North B-5, Netaji Subhash Place, Pitampura, Delhi - 110034, India. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR . We have a legitimate interest in adequately monitoring the performance of our applications.

The transfer of personal data to a country outside the EEA takes place on the legal basis standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR) adopted by the EU Commission in accordance with the examination procedure under Art. 93 para. 2 of the GDPR, which we have agreed to with the provider.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://vwo.com/privacy-policy/#locale_lang.

Pinterest Conversion Tag

We use Pinterest Conversion Tag for conversion tracking. The provider is Pinterest Inc., 505 Brannan Street San Francisco, CA 94107, USA. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contact data (e.g. e-mail addresses, telephone numbers) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR) adopted by the EU Commission in accordance with the examination procedure under Art. 93 para. 2 of the GDPR, which we have agreed to with the provider.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://policy.pinterest.com/en/privacy-policy.

Google Merchant Center

We use Google Merchant Center to maintain an online store. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://business.safety.google/privacy/.

later

We use later for marketing campaigns, in order to organise our social media platforms better. The provider is Victory Square Media Inc., Vancouver, British Columbia, Canada. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in Canada in Canada.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://later.com/privacy/.

Google Ads

We use Google Ads for advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://business.safety.google/privacy/.

Meta Ads

We use Meta Ads for advertising. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) in the USA in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR . The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://www.facebook.com/policy.php.

heyData

We have integrated a data protection seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (e.g. IP addresses) in the EU.

The legal basis of the processing is Art. 6 para. 1 s. 1 lit. f GDPR. We have a legitimate interest in providing website visitors with confirmation of our data privacy compliance. At the same time, the provider has a legitimate interest in ensuring that only customers with existing contracts use its seals, which is why a mere image copy of the certificate is not a viable alternative as confirmation.

As the data is masked after collection, there is no possibility to identify website visitors. Further information is available in the privacy policy of the provider at https://heydata.eu/en/privacy-policy .

Data processing on social media platforms

We are represented in social media networks in order to present our organization and our services there. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to show advertising on the pages of the networks and elsewhere on the Internet that corresponds to the interests of the users. To this end, the operators of the networks store information on user behavior in cookies on the users' computers. Furthermore, it cannot be ruled out that the operators merge this information with other data. Users can obtain further information and instructions on how to object to processing by the site operators in the data protection declarations of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, so that they process data there. This may result in risks for users, e.g. because it is more difficult to enforce their rights or because government agencies access the data.

If users of the networks contact us via our profiles, we process the data provided to us in order to respond to the inquiries. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.

Facebook

We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. A possibility to object to data processing arises via settings for advertisements: https://www.facebook.com/settings?tab=ads.We are joint controllers for processing the data of visitors to our profile on the basis of an agreement within the meaning of Art. 26 GDPR with Facebook. Facebook explains exactly what data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both against us and against Facebook. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Data subjects will therefore receive a faster response if they contact Facebook directly.

Instagram

We maintain a profile on Instagram. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.

YouTube

We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=de.

LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE. One way to object to data processing is via the settings for advertisements: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Changes to this privacy policy

We reserve the right to change this privacy policy with effect for the future. A current version is always available here.

Questions and comments

If you have any questions or comments regarding this privacy policy, please feel free to contact us using the contact information provided above.