Privacy policy

2) Data Collection When Visiting Our Website

2.1 When you use our website purely for informational purposes, that is, if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:

• The website visited

• Date and time at the moment of access

• Amount of data sent in bytes

• Source/reference from which you accessed the page

• Browser used

• Operating system used

• IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying its content, we use the system of the following provider:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).

Data is also transmitted to:
Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission

3.2 Cloudflare

We use a content delivery network provided by the following provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

This service allows us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

3.3 Shopify

We use a Content Delivery Network (CDN) provided by the following company:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).

Data may also be transmitted to:

• Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

• Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, website content, or scripts more quickly via a network of regionally distributed servers.
Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

For data transfers to the USA, the recipient is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision of the European Commission.

4) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use cookies — small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and enable us to save your site settings (so-called “persistent cookies”). The duration of storage of persistent cookies can be found in the overview of your web browser’s cookie settings.

If personal data is also processed by individual cookies implemented by us, such processing is carried out either pursuant to Art. 6 (1) lit. b GDPR for the performance of a contract, pursuant to Art. 6 (1) lit. a GDPR if consent has been given, or pursuant to Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

You can configure your browser so that you are informed about the setting of cookies and can decide individually whether to accept them, or exclude the acceptance of cookies in certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contact

5.1 Judge.me

For review reminders, we use the services of the following provider:
Judge.me Ltd., c/o Buckworths, 2nd Floor, 1–3 Worship Street, London, England, EC2A 2AB, United Kingdom.

Exclusively on the basis of your express consent pursuant to Art. 6 (1) lit. a GDPR, we transmit your email address and, if applicable, other customer data to the provider so that they can contact you by email with a review reminder.

You may revoke your consent at any time with effect for the future, either towards us or the provider.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorized disclosure to third parties.

For data transfers to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

5.2 WhatsApp Business

You have the option to contact us via the messaging service WhatsApp, provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “Business Version” of WhatsApp.

If you contact us via WhatsApp in connection with a specific business transaction (for example, an order you have placed), we store and use the mobile number you use on WhatsApp and — if provided — your first and last name in accordance with Art. 6 (1) lit. b GDPR for the purpose of processing and responding to your inquiry. On the same legal basis, we may request additional data from you (such as order number, customer number, address, or email address) via WhatsApp to assign your inquiry to a specific case.

If you use our WhatsApp contact option for general inquiries (for example, about our range of services, availability, or our website), we store and use the mobile number you use on WhatsApp and — if provided — your first and last name pursuant to Art. 6 (1) lit. f GDPR, based on our legitimate interest in providing the requested information efficiently and promptly.

Your data will only be used to respond to your inquiry via WhatsApp. There will be no disclosure to third parties.

Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transmits stored telephone numbers to a server of the parent company, Meta Platforms Inc., in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book only contains the WhatsApp contact details of users who have already contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts upon first use of the app on their device by accepting WhatsApp’s terms of service, pursuant to Art. 6 (1) lit. a GDPR. Consequently, the transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded.

For information on the purpose and scope of data collection and further processing and use of the data by WhatsApp, as well as your related rights and privacy settings, please refer to WhatsApp’s Privacy Policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits disclosure to third parties.

In the context of the processing operations described above, data may be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

5.3 As part of contacting us (e.g., via contact form or email), personal data is processed solely for the purpose of handling and responding to your inquiry, and only to the extent necessary for this purpose.

The legal basis for the processing of these data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR.
If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR.

Your data will be deleted once it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that no statutory retention obligations apply.

6) Data Processing When Creating a Customer Account

In accordance with Article 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide them to us when opening a customer account. The specific data required for opening the account can be found in the input form on our website.
You may delete your customer account at any time by sending a message to the address of the controller listed above. After deletion of your customer account, your data will be erased, provided that all contracts concluded through it have been fully executed, no statutory retention obligations exist, and there is no legitimate interest on our part in further storage.

7) Use of Customer Data for Direct Advertising

7.1 Subscription to our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Any additional data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters once you have expressly confirmed your consent to receive newsletters by activating the verification link sent to the specified email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1)(a) GDPR. In this context, we store your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration, in order to trace any possible misuse of your email address at a later date. The data collected during the registration for the newsletter is used strictly for its intended purpose.
You may unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your email address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to a further use of your data or we reserve the right to use your data in further ways that are legally permitted and about which we inform you in this statement.

7.2 Shopify Email

The sending of our email newsletters is carried out via the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data provided by you during newsletter registration to this provider in accordance with Art. 6 (1)(f) GDPR, so that it can manage the newsletter dispatch on our behalf.
Subject to your express consent pursuant to Art. 6 (1)(a) GDPR, the provider also carries out statistical performance analyses of newsletter campaigns by means of web beacons or tracking pixels contained in the sent emails, which can measure opening rates and specific interactions with newsletter content. End device information (e.g., time of retrieval, IP address, browser type, and operating system) is also collected and analyzed, but not combined with other data sets.
You may withdraw your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider that protects our website visitors' data and prohibits unauthorized sharing with third parties.
In the case of data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

7.3 Product Availability Notification by Email

For temporarily unavailable items, you can sign up to receive product availability notifications by email. In this case, we will send you a one-time message by email about the availability of the item you have selected. The only required information for sending this notification is your email address. Additional information is voluntary and may be used to address you personally. For sending the notification, we use the double opt-in procedure, which ensures that you only receive a notification once you have expressly confirmed your consent by activating the verification link sent to your provided email address.
By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6 (1)(a) GDPR. In this context, we store your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration, to be able to trace any possible misuse of your email address at a later date. The data collected during registration for our email notification service for product availability is used strictly for the stated purpose.
You can unsubscribe from availability notifications at any time by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be immediately deleted from our dedicated distribution list unless you have expressly consented to further use of your data or we reserve a data usage that is legally permitted and about which we inform you in this statement.

8) Data Processing for Order Handling

8.1 Insofar as necessary for contract performance for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1)(b) GDPR.
If, on the basis of a corresponding contract, we owe updates for goods with digital elements or for digital products, we process the contact data provided by you when placing the order in order to inform you personally within the scope of our statutory information obligations in accordance with Art. 6 (1)(c) GDPR. Your contact data will be used strictly for the purpose of notifications about updates owed by us and will only be processed by us to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s) who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.2 Transfer of personal data to shipping service providers

- DPD

We use the following provider as a transport service provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany
We pass on your email address and/or telephone number to the provider prior to delivery of the goods for the purpose of coordinating a delivery date or announcing delivery in accordance with Art. 6 (1)(a) GDPR, provided that you have expressly given your consent for this during the ordering process. Otherwise, we only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1)(b) GDPR. The data will only be passed on to the extent that this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider in advance or to announce delivery.
Consent may be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.

- Hermes

We use the following provider as a transport service provider: Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg, Germany
We pass on your email address and/or telephone number to the provider prior to delivery of the goods for the purpose of coordinating a delivery date or announcing delivery in accordance with Art. 6 (1)(a) GDPR, provided that you have expressly given your consent for this during the ordering process. Otherwise, we only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1)(b) GDPR. The data will only be passed on to the extent that this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider in advance or to announce delivery.
Consent may be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.

10) Site Functionalities

10.1 Instagram Plugins

On our website, plugins of the social network provided by the following provider are used: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

These plugins allow direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially disabled via a so-called “2-click” or “Shariff” solution.

This integration ensures that when a page of our website containing such plugins is accessed, no connection to the provider’s servers is established.

Only when you activate the plugins and thereby give your consent to the data transfer in accordance with Art. 6(1)(a) GDPR does your browser establish a direct connection to the provider’s servers. In this process, regardless of whether you are logged into an existing user profile, information about your device (including your IP address), your browser, and your page history is transmitted to the provider and may be further processed there.

If you are logged into an existing user profile on the social network, information about interactions carried out via the plugins is also published there and shown to your contacts.
You can revoke your consent at any time by deactivating the activated plugin through another click. However, the revocation does not affect data that has already been transmitted to the provider.

Data may also be transferred to: Meta Platforms Inc., USA.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

10.2 X Plugins 

On our website, plugins of the social network provided by the following provider are used: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.

These plugins allow direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially disabled via a so-called “2-click” or “Shariff” solution.

This integration ensures that when a page of our website containing such plugins is accessed, no connection to the provider’s servers is established.

Only when you activate the plugins and thereby give your consent to the data transfer in accordance with Art. 6(1)(a) GDPR does your browser establish a direct connection to the provider’s servers. In this process, regardless of whether you are logged into an existing user profile, information about your device (including your IP address), your browser, and your page history is transmitted to the provider and may be further processed there.

If you are logged into an existing user profile on the social network, information about interactions carried out via the plugins is also published there and shown to your contacts.
You can revoke your consent at any time by deactivating the activated plugin through another click. However, the revocation does not affect data that has already been transmitted to the provider.

Data may also be transferred to: X Corp., USA.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

10.3 Judge.me

Graphic elements from the following provider are integrated on our website to display external customer reviews and/or an externally awarded trust mark: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom
When you access a page of our website that contains such graphic elements, your browser establishes a direct connection to the provider’s servers in order to load the elements correctly. Certain browser information, including your IP address, is transmitted to the provider in this process.
If personal data is processed in this context, this is done in accordance with Art. 6 (1)(f) GDPR on the basis of our legitimate interest in the optimal marketing of our offering and the attractive design of our online presence.
We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
In the event of a data transfer to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

10.4 Google Maps API

To enable real-time checking of certain entries in the address form of the order process in our webshop for input errors, we use the services of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data may also be transmitted to: Google LLC, USA
The provider validates the entered address, verifies the spelling, and supplements any missing data where applicable. In the case of ambiguous addresses, correct alternative suggestions are displayed. For this purpose, the address data entered by you is transmitted to the provider, stored there, and evaluated.
This processing is carried out in accordance with Art. 6 (1)(f) GDPR on the basis of our legitimate interest in the proper recording of correct customer address data for the conscientious fulfillment of our contractual delivery obligations and to prevent problems in contract execution.
The provider processes the affected data separately and does not combine it with other data sets, and deletes it as soon as its status or correctness has been confirmed, but no later than after 30 days.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

10.5 Google reCAPTCHA

On this website, we use the CAPTCHA service provided by the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transferred to: Google LLC, USA.

For the visual design of the CAPTCHA window, the provider uses “Google Fonts,” i.e., fonts loaded from the Internet by Google. Apart from the information mentioned above, no further information is processed and transmitted to Google via the functionality of reCAPTCHA.

The service checks whether an entry is made by a natural person or abusively by machine or automated processing, and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type, as well as the date and duration of the visit, and transmits these for evaluation to the provider’s servers. Cookies may be used in this process, i.e., small text files stored in the browser of the device.

If the above-described processing is based on cookies, they are only set if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

If the above-described processing is carried out without the use of cookies, the legal basis is our legitimate interest in determining individual responsibility on the Internet and in preventing misuse and spam in accordance with Art. 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

Further information on Google’s privacy policies can be found here: https://business.safety.google/intl/de/privacy/

10.6 Google Customer Reviews (formerly Google Certified Shop Program)

We work with Google as part of the “Google Customer Reviews” program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program gives us the opportunity to obtain customer reviews from users of our website. You will be asked after a purchase on our website whether you would like to participate in an email survey by Google.
If you give your consent in accordance with Art. 6 (1)(a) GDPR, we transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your purchase experience on our website. The rating you provide will then be aggregated with our other ratings and displayed in our Google Customer Reviews logo as well as in our Merchant Center dashboard. Your rating is also used for Google Seller Ratings. In the context of using Google Customer Reviews, personal data may also be transmitted to the servers of Google LLC in the USA.
You can revoke your consent at any time by sending a message to the controller responsible for data processing or to Google.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

11) Tools and Miscellaneous

11.1 Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consents for cookies requiring consent and cookie-based applications. The “cookie consent tool” is displayed to users when the page is accessed in the form of an interactive user interface, on which consents for certain cookies and/or cookie-based applications can be granted by ticking boxes. By using the tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consents by ticking the boxes. This ensures that such cookies are only set on the respective user’s end device in the event of consent being granted.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 (1)(f) GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our online presence.
Another legal basis for processing is Art. 6 (1)(c) GDPR. As controllers, we are subject to the legal obligation to make the use of cookies that are not technically necessary dependent on the respective user’s consent.
Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized transfer to third parties.
Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.

11.2 Judge.me

To verify and publish customer reviews, we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom
If you submit a review on our website, your first and last name, your email address, order date and number, as well as the name and international references (GTIN/ISDNF) are collected, transmitted to the provider, and evaluated there in order to decide on the legitimacy of a customer review for a specific order. These processing operations are carried out in accordance with Art. 6 (1)(f) GDPR on the basis of our legitimate interest in ensuring the authenticity of customer reviews by ensuring transaction-relatedness and preventing review abuse. After the review check and approval have been completed, the data will be deleted by the provider.
In the event of a data transfer to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

12) Rights of the data subject

12.1 The applicable data protection law grants you the following rights against the controller with regard to the processing of your personal data (rights of access and intervention), whereby reference is made to the stated legal basis for the respective exercise requirements:

• Right of access pursuant to Art. 15 GDPR;
• Right to rectification pursuant to Art. 16 GDPR;
• Right to erasure pursuant to Art. 17 GDPR;
• Right to restriction of processing pursuant to Art. 18 GDPR;
• Right to notification pursuant to Art. 19 GDPR;
• Right to data portability pursuant to Art. 20 GDPR;
• Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
• Right to lodge a complaint pursuant to Art. 77 GDPR.
• You are entitled to the following rights under the GDPR:
• Right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), notification (Art. 19), data portability (Art. 20), withdrawal of consent (Art. 7(3)), and complaint (Art. 77).

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of Personal Data Storage

The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing, and – if applicable – additionally on the basis of the respective statutory retention period (e.g., commercial and tax law retention periods).
In the case of processing personal data on the basis of express consent in accordance with Art. 6 (1)(a) GDPR, the data in question will be stored until you withdraw your consent.
If statutory retention periods exist for data that is processed within the framework of contractual or quasi-contractual obligations on the basis of Art. 6 (1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the performance of the contract or the initiation of a contract and/or we no longer have a legitimate interest in continued storage.
In the case of processing personal data on the basis of Art. 6 (1)(f) GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
In the case of processing personal data for the purpose of direct marketing on the basis of Art. 6 (1)(f) GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 (2) GDPR.
Unless otherwise stated in the other information in this statement regarding specific processing situations, personal data stored will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.