Data protection information

1. data protection at a glance

1.1 General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information can be found in the following privacy policy.

1.2 Data collection on this website

1.2.1 Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the “Information on the controller” section of this privacy policy.

1.2.2 How do we collect your data?

On the one hand, your data is collected when you provide it to us (e.g. by entering it in a contact form). Other data is collected automatically or with your consent by our IT systems when you visit the website (e.g. browser, operating system, time the page was accessed). Data is collected automatically as soon as you enter this website.

1.2.3 What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.

1.2.4 What rights do you have with regard to your data?

You have the right to receive information free of charge at any time about the origin, recipient and purpose of your stored personal data, as well as the right to correct or delete this data. You can revoke your consent at any time with effect for the future. You also have the right to request the restriction of processing under certain circumstances and the right to lodge a complaint with the competent supervisory authority. You can contact us at any time with regard to this and other questions.

1.3 Analysis tools and tools from third-party providers

When you visit this website, your surfing behavior may be statistically evaluated, in particular using analysis programs. Details can be found below in this privacy policy.

2. hosting

2.1 External hosting

This website is hosted externally. Personal data collected on this website is stored on the hoster’s servers (e.g. IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website).

Legal basis: Performance of contract (Art. 6 para. 1 lit. b GDPR) and legitimate interest in secure, fast and efficient provision (Art. 6 para. 1 lit. f GDPR). If consent has been requested, additionally Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

The hoster(s) shall only process data to the extent necessary to fulfill their service obligations and shall follow our instructions.

Host used:
Maxcluster, Lise-Meitner-Str. 1b, 33104 Paderborn, Germany

2.1.1 Order processing

There is an order processing contract (AVV) with the above-mentioned service.

3 General notes and mandatory information

3.1 Data protection

We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Complete protection of data against access by third parties is not possible on the Internet.

3.2 Note on the responsible body

Responsible:
Gustini GmbH
Wiederitzscher Str. 33
04155 Leipzig
Phone: +49 (0) 341 – 58 300 900
E-mail: service@gustini.de

3.3 Storage period

Unless a more specific storage period is specified, personal data will remain with us until the purpose no longer applies. In the event of a justified request for deletion or revocation of consent, we will delete the data, provided that there are no other legal reasons (e.g. tax/commercial retention obligations) to the contrary.

3.4 Legal basis for data processing

Depending on the processing operation: consent (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a), Section 25 para. 1 TDDDG (storage of cookies/terminal device access), performance of a contract (Art. 6 para. 1 lit. b), legal obligation (Art. 6 para. 1 lit. c), legitimate interest (Art. 6 para. 1 lit. f). The following sections provide information on the relevant legal basis.

3.5 Data protection officer

Kelobit IT-Experts
Dr. Andreas Melzer
Thüringer Str. 31
Phone: +49 345 13255380
E-mail: datenschutz@kelobit.de

3.6a Note on data transfer to third countries that are not secure under data protection law and to US companies without DPF certification

Tools from third countries or US tools without DPF certification can be used. When activated, personal data may be transferred there. An EU-comparable level of data protection is not guaranteed in insecure third countries.

The USA is generally considered a safe third country if the recipient is DPF-certified or additional guarantees exist. Information on third country transfers can be found in this declaration.

3.6b Recipients of personal data

We work together with external bodies (e.g. tax authorities, processors, joint controllers) and only transfer data if there is a relevant legal basis (contract, legal obligation, legitimate interest or other legal basis). In the case of order processing, data processing agreements are in place; in the case of joint processing, a joint processing agreement is in place.

3.7 Revocation of your consent

You can withdraw your consent at any time. This does not affect the lawfulness of the processing carried out up to the point of withdrawal.

3.8 Right to object (Art. 21 GDPR)

If the processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object at any time for reasons arising from your particular situation; this also applies to profiling. In the event of an objection, we will no longer process the data unless there are compelling legitimate grounds or the processing serves the establishment, exercise or defense of legal claims.

In the case of direct marketing, you have the right to object at any time to processing for direct marketing purposes; this also applies to profiling in connection with direct marketing.

3.9 Right of appeal

Data subjects have the right to lodge a complaint with a supervisory authority at their place of residence, place of work or the place of the alleged infringement.

3.10 Right to data portability

You have the right to have data that we process automatically on the basis of your consent or to fulfill a contract handed over to you or to a third party in a commonly used, machine-readable format (where technically feasible also direct transmission).

3.11 Information, correction and deletion

You have the right to free information about stored personal data, its origin, recipient and purpose of processing and, if applicable, a right to correction or deletion.

3.12 Right to restriction of processing

You can request the restriction of processing under the conditions specified in the GDPR. If processing is restricted, the data – apart from storage – may only be processed within narrow limits.

3.13 SSL/TLS encryption

This site uses SSL/TLS to protect confidential content. You can recognize an encrypted connection by the “https://” and the lock symbol in the browser.

3.14 Encrypted payment transactions

Payment transactions using common means of payment are made exclusively via an encrypted connection; this means that data cannot be read by third parties.

3.15 Objection to advertising e-mails

We object to the use of contact data published in the legal notice for sending unsolicited advertising.

4. on this website

4.1 Cookies

Description of cookie types, purposes, legal bases and revocation options. You can find out which cookies and services are used in the following sections.

4.2 Consent with Cookiebot

We use the consent technology “Cookiebot” (Cybot A/S, Copenhagen) to obtain and document consent for cookies/technologies.

4.3 Server log files

Automatic collection and storage in server logs: Browser type/version, operating system, referrer URL, host name, time of server request, IP address. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in technical provision and optimization).

4.4 Contact form

If you contact us via the form, we store your details for processing and for follow-up questions. Legal basis depending on the context: Art. 6 para. 1 lit. b, lit. f or lit. a GDPR. Data will be deleted when the purpose no longer applies; legal obligations remain unaffected.

4.5 Request by e-mail, telephone or fax

If you contact us by e-mail/telephone/fax, we will store and process your request including personal data for processing. Data will not be passed on without your consent. Legal basis: Art. 6 para. 1 lit. b, lit. f or lit. a GDPR.

4.6 Registration on this website

Data is processed for the purpose of using the offers/services requiring registration (Art. 6 para. 1 lit. b GDPR) and stored for as long as you are registered; thereafter deleted (subject to retention periods).

4.7 Comment function

Storage of comment, time and, if applicable, user name. Storage period until deletion of the commented content or for legal reasons. Legal basis: Consent (Art. 6 para. 1 lit. a GDPR).

5. analysis tools and advertising

5.1 Google Tag Manager

Administration of tools; records the IP address (transfer to the USA possible). Legal basis depending on the consent situation; DPF certification from Google available. For more information, see DPF information.

5.2 Google Analytics

Usage analysis (page views, duration of visit, systems, origin, etc.); use of recognition technology; transfer to the USA possible; standard contractual clauses; DPF certification. Browser plug-in opt-out and further information see Google links.

5.2.1 Browser plug-in

Opt-out via the add-on provided by Google.

5.2.2 Google signals

Use of location/history/demographic data for personalized advertising; possible link to Google account.

5.2.3 Order processing

AV contract with Google; requirements of the German data protection authorities are implemented.

5.2.4 E-commerce measurement

Analysis of purchasing behavior (orders, shopping cart values, shipping costs, time to purchase) under a transaction ID.

5.3 Matomo

Open source analysis, IP anonymization, cookie-less analysis, self-hosting (data remains with us). Legal basis: Art. 6 para. 1 lit. f GDPR or, with consent, Art. 6 para. 1 lit. a and § 25 para. 1 TDDDG.

5.4 Google Ads

Advertising placement/targeting; transfer to the USA possible; standard contractual clauses; DPF certification.

5.5 Google Ads Remarketing

Interest-based advertising incl. cross-device functions; opt-out options (Google settings, YourOnlineChoices); DPF certification.

5.5.1 Target group formation with customer matching

Transmission of certain customer data (e.g. e-mail) to Google for target group formation within the Google network.

5.6 Google Conversion Tracking

Recognition of actions performed (clicks, views, purchases) to create conversion statistics; no identification of the user for us; DPF certification.

5.7 Meta pixel (Facebook)

Conversion measurement; possible transfer to the USA; joint controllership for collection/disclosure (Art. 26 GDPR); standard contractual clauses; objection and setting options at Facebook/EDAA.

5.8 Pinterest tag

Recording of actions for interest-based advertising; possible data transfer to the USA; standard contractual clauses; DPA concluded.

6th Newsletter

6.1 Newsletter data

Collection of the e-mail address and any other voluntary data. Legal basis: Consent (Art. 6 para. 1 lit. a GDPR). Revocation possible at any time (“unsubscribe”). Storage until unsubscription/continuation of purpose; if necessary, blacklist to prevent future mailings (Art. 6 para. 1 lit. f GDPR).

7. plugins and tools

7.1 YouTube with enhanced data protection

Integration of YouTube videos in extended data protection mode; link to Google DoubleClick possible; cookies/comparable technologies; legitimate interest or consent; further information in the Google privacy policy; DPF certification.

7.2 Google reCAPTCHA

Protection against automated input; analysis begins when the website is accessed; data transfer to Google; legitimate interest or consent; DPF certification.

7.3 Cloudflare Turnstile

Protection against spam/automation; analysis of interactions; standard contractual clauses; DPF certification.

8. online marketing and partner programs

8.1 Affiliate programs on this website

Remuneration-based forwarding; use of cookies/technologies for tracking; legal bases depending on consent. Participation in AWIN, among others (joint responsibility; contract on joint processing according to GTC linked).

8.1.2 Emarsys

Service provider used for website and e-mail communication. Processing exclusively in accordance with our instructions; no use for own purposes. Short-term storage of IP addresses to prevent misuse. Cookies for recognition; no merging with identifying data without express permission. Objection/opt-out possible via link. AV contract exists.

9. eCommerce and payment providers

9.1 Processing of customer and contract data

Processing for the establishment, structuring and amendment of contractual relationships as well as usage data, if necessary (Art. 6 para. 1 lit. b GDPR). Deletion after completion of the order/termination of the business relationship in compliance with retention periods.

9.2 Data transmission upon conclusion of the contract

Forwarding to transport companies and payment service providers if necessary for delivery/payment (Art. 6 para. 1 lit. b GDPR). With consent, transmission of the e-mail to the transport company for shipping notification.

9.3 Credit checks

Check in the case of purchase on account/similar advance payments (scoring) via credit agencies; legal basis: Art. 6 para. 1 lit. b and lit. f GDPR; consent (Art. 6 para. 1 lit. a).

9.4 Payment services

Integration of payment services (PayPal, American Express, Mastercard, VISA). Legal basis: Art. 6 para. 1 lit. b and lit. f GDPR; if applicable, consent (Art. 6 para. 1 lit. a). For information on data transfers (e.g. USA), standard contractual clauses or BCR and data protection declarations of the providers, please refer to the respective providers.