Privacy Policy
Table of Contents
1. Access Data and Hosting
Hosting
2. Data Processing for Contract Handling and Contact Requests
2.1 Data Processing for Contract Handling
2.2 Customer Account
Contact Requests
2.3 Data Processing for Appointment Booking / Reservations
3. Data Processing for Shipping Purposes
Transfer of Data to Shipping Providers for Delivery Notifications
4. Data Processing for Payment Handling
4.1 Data Processing for Transaction Handling
4.2 Data Processing for Fraud Prevention and Optimization of Our Payment Processes
4.3 Identity and Credit Check When Selecting Klarna Payment Services
4.4 Identity and Credit Check When Selecting Invoice Purchase via PayOne
5. Advertising by Email and Post
5.1 Email Newsletter with Registration, Newsletter Tracking with Separate Consent
5.2 Sending Review Requests by Email
5.3 Postal Advertising and Your Right to Object
6. Cookies and Other Technologies
6.1 General Information
6.2 Cookiebot Consent Management Platform
6.3 Information on Third-Country Transfers (Transfer of Data to Third Countries)
7. Use of Cookies and Other Technologies
Use of Google Services
8. Integration of the Trusted Shops Trustbadge / Other Widgets
Data Processing When Integrating the Trustbadge / Other Widgets
Data Processing After Order Completion
9. Social Media
Social Buttons from Facebook (by Meta), Instagram (by Meta), WhatsApp
Our Online Presence on Facebook (by Meta), Instagram (by Meta), YouTube, LinkedIn
10. Contact Options and Your Rights
10.1 Your Rights
10.2 Contact Options
The controller responsible for data processing is:
pansatori GmbH
Laabstraße 96
A-5280 Braunau am Inn
Email: office@pansatori.com
Phone: +43 7722 22900 office@pansatori.com
We appreciate your interest in our website. Protecting your privacy is very important to us. Below we provide detailed information about how we handle your data.
1. Access Data and Hosting
You can visit our website without providing personal information. Whenever a webpage is accessed, the web server automatically stores a so-called server log file containing, for example, the name of the requested file, your IP address, date and time of access, amount of data transferred, and the requesting provider (access data), and documents the access. This access data is evaluated exclusively for the purpose of ensuring the smooth operation of the website and improving our offer. This serves to safeguard our legitimate interests in the proper presentation of our offer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
All access data is deleted no later than after the end of your website visit.
All access data is processed only for as long as necessary to achieve the processing purposes mentioned above.
Hosting
The services for hosting and displaying the website are partly provided by our service providers within the framework of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms provided on this website are processed on their servers. If you have questions regarding our service providers and the basis of our cooperation with them, please contact us using the contact options described in this privacy policy.
2. Data Processing for Contract Handling and Contact Requests
2.1 Data Processing for Contract Handling
For the purpose of contract handling (including inquiries regarding and handling of any warranty claims, service disruptions, rights of withdrawal, and any statutory update obligations) pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data when you voluntarily provide it to us as part of your order. Mandatory fields are marked as such because we absolutely require this data to process the contract, and without it we cannot ship the order. The data collected can be seen from the respective input forms. Further information on the processing of your data, particularly regarding transfer to our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after expiration of tax and commercial retention periods pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data beyond this as permitted by law and explained in this statement.
Merchandise Management System
Zur For order and contract processing, we use merchandise management systems from external service providers. Our service providers act on our behalf within the framework of order processing. If you have questions regarding our service providers and the basis of our cooperation with them, please contact us using the contact options described in this privacy policy.- und Vertragsabwicklung setzen wir Warenwirtschaftssysteme externer Dienstleister ein. Unsere Dienstleister sind im Rahmen einer Auftragsverarbeitung für uns tätig. Bei Fragen zu unseren Dienstleistern und der Grundlage unserer Zusammenarbeit mit ihnen wenden Sie sich bitte an die in dieser Datenschutzerklärung beschriebenen Kontaktmöglichkeit.
2.2 Customer Account
If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we use your data for the purpose of opening the customer account and storing your data for future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or through a designated function in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further use your data as permitted by law and explained in this statement.
Contact Requests
As part of customer communication, we collect personal data to process your inquiries pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR when you voluntarily provide this information when contacting us (e.g., via contact form, live chat tool, or email). Mandatory fields are marked as such because we absolutely require this data to process your request. The data collected can be seen from the respective input forms. After your inquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further use your data as permitted by law and explained in this statement.
2.3 Data Processing for Appointment Booking / Reservations
We collect personal data when you voluntarily provide it to us as part of an appointment booking/reservation. Mandatory fields are marked as such because we absolutely require this data for appointment booking/reservation and without it you cannot submit the booking/reservation. The data collected can be seen from the respective input forms. Information entered in free-text fields is voluntary and not mandatory for submitting the booking/reservation. We ask you not to enter sensitive data (e.g., health-related information such as illnesses) in such free-text fields. We use the data you provide for appointment booking/reservation pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR. After complete processing of the booked appointment/reservation, your data will be restricted for further processing and deleted after expiration of any tax and commercial retention periods pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further use your data as permitted by law and explained in this statement.
Appointment Booking Solution: Odoo
For appointment bookings, we use a booking solution from Odoo S.A. - Data Protection, Chaussee de Namur 40, 1367 Grand Rosiere, Belgium. The service provider acts on our behalf.
3. Data Processing for Shipping Purposes
For the fulfillment of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, we transfer your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. If you have questions regarding our service providers and the basis of our cooperation with them, please contact us using the contact options described in this privacy policy.
Transfer of Data to Shipping Providers for Delivery Notifications
If you have given us your explicit consent during or after your order pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, we will pass on your email address and telephone number to the selected shipping provider so that they can contact you before delivery for the purpose of delivery notification or coordination. Consent may be revoked at any time by sending a message to the contact option described in this privacy policy. After revocation, we will delete the data provided for this purpose unless you have expressly consented to further use of your data or we reserve the right to further use your data as permitted by law and explained in this statement.
4. Data Processing for Payment Handling
When processing payments in our online shop, we work together with technical service providers, banks, and payment service providers.
4.1 Data Processing for Transaction Handling
Depending on the selected payment method, we transfer the data necessary for payment processing to our technical service providers, commissioned banks, or the selected payment service provider insofar as this is necessary for payment processing. This serves the fulfillment of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, payment service providers collect the data required for payment processing themselves, e.g., on their own website or through technical integration during the ordering process. In this respect, the privacy policy of the respective payment service provider applies. Depending on the selected payment method, data may be transferred to third countries outside the EU/EEA for which the European Commission has determined an adequate level of data protection. Where data is transferred to third countries without an adequacy decision, cooperation is based on the European Commission’s Standard Contractual Clauses.
4.2 Data Processing for Fraud Prevention and Optimization of Payment Processes
If necessary, we provide our service providers with additional data, which they use together with the data necessary for payment processing for fraud prevention and optimization of payment processes (e.g., invoicing, handling disputed payments, accounting support). This serves to safeguard our legitimate interests in fraud prevention and efficient payment management pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
4.3 Identity and Credit Check When Selecting Klarna Payment Services
Klarna Direct Debit, Purchase on Account via Klarna, Klarna Installment Purchase If you choose payment services from Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”), we ask for your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to transfer the data necessary for payment processing and identity/credit checks to Klarna. In Germany, the credit agencies named in Klarna’s privacy policy may be used for identity and credit checks. Klarna uses the information obtained regarding the statistical probability of payment default to make balanced decisions concerning the establishment, execution, or termination of the contractual relationship. You may revoke your consent at any time by sending a message to the contact option listed in this privacy policy. This may result in us no longer being able to offer certain payment options.
4.4 Identity and Credit Check When Selecting Invoice Purchase via PayOne
If you select payment by invoice (offered through PayOne GmbH, Lyoner Str. 9, 60528 Frankfurt am Main, Germany (“PayOne”)), we ask for your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to transfer the data necessary for payment processing and identity/credit checks to PayOne. In Germany, the credit agencies named in PayOne’s privacy policy may be used for identity and credit checks. PayOne uses the information obtained regarding the statistical probability of payment default to make balanced decisions concerning the establishment, execution, or termination of the contractual relationship. You may revoke your consent at any time by sending a message to the contact option listed in this privacy policy. This may result in us no longer being able to offer certain payment options.Sie sich für die Zahlungsart Kauf auf Rechnung (angeboten über die PayOne GmbH, Lyoner Str. 9, 60528 Frankfurt a. M., Deutschland (im Folgenden PayOne)) entscheiden, bitten wir Sie um Ihre Einwilligung nach Art. 6 Abs. 1 S. 1 lit. a DSGVO, dass wir die für die Abwicklung der Zahlung und eine Identitäts- und Bonitätsprüfung notwendigen Daten an PayOne übermitteln dürfen. In Deutschland können für die Identitäts- und Bonitätsprüfung die in der Datenschutzerklärung von PayOne genannten Wirtschaftsauskunfteien eingesetzt werden. Die erhaltenen Informationen über die statistische Wahrscheinlichkeit eines Zahlungsausfalls verwendet PayOne für eine abgewogene Entscheidung über die Begründung, Durchführung oder Beendigung des Vertragsverhältnisses. Ihre Einwilligung können Sie jederzeit durch eine Nachricht an die in dieser Datenschutzerklärung genannten Kontaktmöglichkeit widerrufen. Dies kann zur Folge haben, dass wir Ihnen bestimmte Zahlungsoptionen nicht mehr anbieten können.
5. Advertising by Email and Post
5.1 Email Newsletter with Registration, Newsletter Tracking with Separate Consent
If you subscribe to our newsletter, we use the data required for this purpose or separately provided by you to send you our email newsletter regularly on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
You may unsubscribe from the newsletter at any time either by sending a message to the contact option described below or via a link provided in the newsletter.
After unsubscribing, we will delete your email address from the recipient list unless you have expressly consented to further use of your data or we reserve the right to further use your data as permitted by law and explained in this statement.
If you have additionally consented pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to the analysis of our newsletter, we also analyze your interaction with our newsletter by measuring, storing, and evaluating open rates and click rates for the purpose of designing future newsletter campaigns (“newsletter tracking”).
For this evaluation, the emails sent contain one-pixel technologies (e.g., web beacons, tracking pixels). For analysis purposes, we particularly link the following newsletter data:
the page from which the page was requested (referrer URL),
date and time of access,
browser type description,
IP address,
email address,
date and time of registration and confirmation,
with your email address or IP address and, if applicable, an individual ID.
Links contained in the newsletter may also contain this ID.
You may unsubscribe from newsletter tracking at any time either by sending a message to the contact option described in this privacy policy or via a link provided in the newsletter.
The information will be stored as long as you remain subscribed to the newsletter.
5.2 Sending Review Requests by Email
If you have given us your explicit consent during or after your order pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, we use your email address to request a review of your order via the review system we use. This consent can be revoked at any time by sending a message to the contact option described in this privacy policy or via a link provided in the review request.
Review requests may also be sent by our service provider Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”). We receive status information from Trusted Shops regarding review requests (e.g., whether the request was sent and delivered). This is carried out pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR to fulfill our legitimate interest in receiving information about review invitations and to enable Trusted Shops to provide this service. We are jointly responsible with Trusted Shops for sending review requests and collecting/displaying review and status information.
5.3 Postal Advertising and Your Right to Object
We reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g., to send interesting offers and information about our products by post. This serves to safeguard our legitimate interests in advertising to our customers pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. You may object to the storage and use of your data for these purposes at any time by sending a message to the contact option described in this privacy policy. After revocation, we will delete your address from the recipient list unless you have expressly consented to further use of your data or we reserve the right to further use your data as permitted by law and explained in this statement.
6. Cookies and Other Technologies
6.1 General Information
To make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser during your next visit (persistent cookies). You can find the duration of storage in the overview within your browser’s cookie settings.
Protection of Privacy on End Devices When using our online services, we use technologies that are strictly necessary to provide the digital service expressly requested by you. In this respect, storing information on your device or accessing information already stored on your device does not require consent. For functions that are not strictly necessary, storing information on your device or accessing information already stored on your device requires your consent. Please note that if consent is not granted, parts of the website may not be fully usable. Any consent you have given remains valid until you adjust or reset the relevant settings on your device.
Subsequent Data Processing Through Cookies and Other Technologies We use technologies that are strictly necessary for the use of certain functions of our website. Through these technologies, IP address, time of visit, device and browser information, as well as information about your use of our website are collected and processed. This serves to safeguard our legitimate interests in an optimized presentation of our offer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. We also use technologies to fulfill legal obligations to which we are subject (e.g., to prove consent to the processing of your personal data) as well as for web analytics and online marketing. Further information, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.
Cookie Settings You can find cookie settings for your browser at the following links: Microsoft Edge™ Safari™ Chrome™ Firefox™ Opera™
If you have consented to the use of technologies pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, you may revoke your consent at any time by contacting us using the contact option described in this privacy policy.
Alternatively, you may click the privacy settings button. If cookies are not accepted, the functionality of our website may be limited.
6.2 Cookiebot Consent Management Platform
We use Cookiebot on our website to inform you about the cookies and other technologies we use, and to obtain, manage, and document any consent required for the processing of your personal data through these technologies. This is necessary pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR to fulfill our legal obligation under Art. 7 para. 1 GDPR to document your consent to the processing of personal data. Cookiebot is a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, which processes your data on our behalf. After you submit your cookie declaration on our website, Cookiebot’s web server stores your anonymized IP address, date and time of the declaration, browser information, the URL from which the declaration was submitted, information about your consent behavior, and an anonymous random key. Additionally, a cookie is used that contains information about your consent behavior and the key. Your data will be deleted after twelve months unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data beyond this as permitted by law and explained in this statement. Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection: USA. The adequacy decision for the USA applies as the basis for data transfers to third countries insofar as the respective service provider is certified. Until certification by our service providers is completed, data transfers continue to rely on the European Commission’s Standard Contractual Clauses.
6.3 Information on Third-Country Transfers (Transfer of Data to Third Countries)
We use technologies from service providers on our website whose registered office and/or server locations may be in third countries outside the EU or EEA. If there is no adequacy decision by the EU Commission for the respective country, an adequate level of data protection must be ensured through other suitable safeguards. Suitable safeguards in the form of Standard Contractual Clauses approved by the European Commission or Binding Corporate Rules are generally possible, but require prior verification by the contracting parties as to whether an adequate level of protection can be ensured. According to ECJ case law, it may also be necessary to implement additional protective measures. As a rule, we have agreed on the Standard Contractual Clauses issued by the European Commission with the technology providers we use that process personal data in third countries. Where possible, we also agree on additional safeguards intended to ensure an adequate level of data protection in third countries without an adequacy decision. Nevertheless, despite all contractual and technical measures, the level of data protection in the third country may not correspond to that within the EU. In such cases, if necessary, we ask for your consent pursuant to Art. 49 para. 1 lit. a GDPR as part of the cookie consent for the transfer of your personal data to a third country. In particular, there is a risk that local authorities in the third country may obtain access rights to your personal data that are not sufficiently restricted from a European data protection perspective, without us or you being aware of this and without sufficient legal remedies being available. Examples of third countries currently lacking an adequacy decision by the EU Commission include: China Russia Taiwan Information about which third countries your data may be transferred to can be found in the privacy notices for the respective tools and/or the consent management platform (CMP) we use.
7. Use of Cookies and Other Technologies
We use the following cookies and other third-party technologies on our website. Unless otherwise stated for individual technologies, this is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. Once the purpose no longer applies and we stop using the respective technology, the data collected in this context will be deleted. You may revoke your consent at any time with effect for the future. Further information about revocation options can be found in the section “Cookies and Other Technologies.” Further information, including the basis of our cooperation with individual providers, can be found under the respective technologies. If you have questions regarding the providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.
Use of Google Services
We use the technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) described below. The information automatically collected by Google technologies regarding your use of our website is generally transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Unless otherwise stated for the individual technologies, data processing is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 GDPR. Further information about data processing by Google can be found in Google’s privacy notices. Our service providers are located and/or use servers in countries outside the EU and EEA for which the European Commission has determined an adequate level of data protection. Our service providers are also located and/or use servers in countries for which no adequacy decision by the European Commission exists. Our cooperation with them is based on the European Commission’s Standard Contractual Clauses.die nachfolgend dargestellten Technologien der Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland („Google“). Die durch die Google Technologien automatisch erhobenen Informationen über Ihre Nutzung unserer Webseite werden in der Regel an einen Server der Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA übertragen und dort gespeichert. Soweit bei den einzelnen Technologien nichts Abweichendes angegeben ist, erfolgt die Datenverarbeitung auf Grundlage einer für die jeweilige Technologie geschlossenen Vereinbarung zwischen gemeinsam Verantwortlichen gemäß Art. 26 DSGVO. Weitergehende Informationen über die Datenverarbeitung durch Google finden Sie in den Datenschutzhinweisen von Google. Unsere Dienstleister sitzen und/oder verwenden Server in Ländern außerhalb der EU und des EWR, für die die Europäische Kommission durch Beschluss ein angemessenes Datenschutzniveau festgestellt hat. Unsere Dienstleister sitzen und/oder verwenden Server in Ländern außerhalb der EU und des EWR. Für diese Länder liegt kein Angemessenheitsbeschluss der Europäischen Kommission vor. Unsere Zusammenarbeit mit ihnen stützt sich auf Standarddatenschutzklauseln der Europäischen Kommission.
Google Analytics
For the purpose of website analytics, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address is first stored on a server within the EU for the purpose of deriving location data and then immediately deleted before traffic is forwarded to other Google servers for processing. Data processing is carried out on the basis of a data processing agreement with Google. For web analytics and advertising purposes, Google Analytics uses the DoubleClick cookie extension function to recognize your browser when visiting other websites. Google will use this information to compile reports on website activities and provide additional services related to website usage.
Google Tag Manager
Google Tag Manager allows us to manage various codes and services on our website. When implementing individual tags, Google may also process personal data (e.g., IP address, online identifiers including cookies). Data processing is carried out on the basis of a data processing agreement with Google. Using Google Tag Manager enables the integration of various services and technologies. If you do not wish to use certain tracking services and have therefore deactivated them, the deactivation remains valid for all affected tracking tags integrated via Google Tag Manager.
YouTube Video Plugin
To integrate third-party content, the YouTube Video Plugin used by us in enhanced privacy mode collects data (IP address, time of visit, device and browser information), transmits it to Google, and Google subsequently processes it only when you play a video.
8. Integration of the Trusted Shops Trustbadge / other widgets
If you have given your consent pursuant to Art. 6(1)(a) GDPR, Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. trust seal, collected reviews) after an order. The Trustbadge and the services advertised with it are offered by Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with which we are jointly responsible for data protection under Art. 26 GDPR.
In the following, we inform you within this privacy policy about the essential contractual contents pursuant to Art. 26(2) GDPR.
Within the framework of joint responsibility between us and Trusted Shops SE, please contact Trusted Shops primarily for data protection inquiries and to exercise your rights, using the contact options provided in their privacy information. Regardless of this, you may always contact the controller of your choice. Your request will then, if necessary, be forwarded to the other controller for response.
Data processing when integrating the Trustbadge / other widgets
The Trustbadge is provided by a US-based CDN (Content Delivery Network) provider. An adequate level of data protection is ensured by an adequacy decision of the EU Commission applicable to the USA. Service providers based in the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here.
If service providers are not certified under the DPF, Standard Contractual Clauses have been concluded as appropriate safeguards.
When the Trustbadge is accessed, the web server automatically stores a so-called server log file, which includes your IP address, date and time of access, amount of data transferred, and the requesting provider (access data). The IP address is anonymized immediately after collection so that it cannot be associated with you. The anonymized data is used for statistical purposes and error analysis.
Data processing after order completion
If you have given your consent, the Trustbadge accesses order information stored on your device after completion of an order (order total, order number, possibly purchased product) as well as your email address, which is hashed using a cryptographic one-way function. The hash value is then transmitted together with the order data to Trusted Shops in accordance with Art. 6(1)(a) GDPR. This is used to verify whether you are already registered for Trusted Shops services.
If this is the case, further processing takes place according to your agreement with Trusted Shops. If you are not yet registered or have not consented to automatic recognition, you may subsequently register manually or activate buyer protection.
The Trustbadge accesses the following data stored on your device after order completion: order total, order number, and email address. This is necessary to offer buyer protection. Data is only transmitted to Trusted Shops if you actively choose buyer protection.
If you choose to use the services, further processing is based on the contractual agreement with Trusted Shops pursuant to Art. 6(1)(b) GDPR to complete registration and secure the order and possibly send review invitations by email.
Trusted Shops uses service providers for hosting, monitoring, and logging. The legal basis is Art. 6(1)(f) GDPR for ensuring uninterrupted operation. Processing may take place in third countries (USA, UK, Israel). An adequate level of protection is ensured by adequacy decisions of the EU Commission or Standard Contractual Clauses.
9. Social Media
Social buttons (Facebook (by Meta), Instagram (by Meta), WhatsApp)
Social media buttons are integrated as HTML links only, meaning no connection to external servers is made when visiting our website. Only when you click a button is a connection established in a new browser window.
Our online presence on Facebook (by Meta), Instagram (by Meta), YouTube, LinkedIn
If you have given consent under Art. 6(1)(a) GDPR, your data may be collected and stored for marketing and analytics purposes when visiting our social media pages. User profiles may be created using cookies to display personalized advertising. For detailed information, please refer to the privacy policies of the respective providers.
Facebook (by Meta) is operated by Meta Platforms Ireland Ltd., Dublin, Ireland. Data may be transferred to Meta Platforms Inc., USA. Processing is based on a joint controller agreement under Art. 26 GDPR. Data transfers may occur to countries with adequate protection decisions or based on Standard Contractual Clauses. Instagram (by Meta) operates similarly under Meta Platforms Ireland Ltd. Data may also be transferred to the USA under similar safeguards. YouTube is provided by Google Ireland Ltd. Data is typically transferred to Google LLC, USA. LinkedIn is operated by LinkedIn Ireland Unlimited Company, with data potentially transferred to the USA under adequacy decisions.
Instagram (by Meta) ist ein Angebot der Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Irland („Meta Platforms Ireland“). Die durch Meta Platforms Ireland automatisch erhobenen Informationen über Ihre Nutzung unserer Online-Präsenz auf Instagram werden in der Regel an einen Server der Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA übertragen und dort gespeichert. Die Datenverarbeitung im Rahmen des Besuchs einer Instagram (by Meta) Fanpage erfolgt auf Grundlage einer Vereinbarung zwischen gemeinsam Verantwortlichen gemäß Art. 26 DSGVO. Weitere Informationen (Informationen zu Insights-Daten) finden Sie hier. Unsere Dienstleister sitzen und/oder verwenden Server in folgenden Ländern, für die die Europäische Kommission durch Beschluss ein angemessenes Datenschutzniveau festgestellt hat: Brasilien, USA, Kanada, Japan, Südkorea, Neuseeland, Vereinigtes Königreich, Argentinien. Der Angemessenheitsbeschluss für die USA gilt als Grundlage für die Drittlandsübermittlung, soweit der jeweilige Dienstleister zertifiziert ist. Eine Zertifizierung liegt vor. Unsere Dienstleister sitzen und/oder verwenden Server in diesen Ländern: Australien, Hongkong, Indien, Indonesien, Malaysia, Singapur, Thailand, Taiwan, Mexiko. Für diese Länder liegt kein Angemessenheitsbeschluss der Europäischen Kommission vor. Unsere Zusammenarbeit mit Ihnen stützt sich auf diese Garantien: Standarddatenschutzklauseln der Europäischen Kommission.
10. Contact options and your rights
10.1 Your rights
You have the right: to access your personal data (Art. 15 GDPR) to rectification (Art. 16 GDPR) to erasure (Art. 17 GDPR) to restriction of processing (Art. 18 GDPR) to data portability (Art. 20 GDPR) to lodge a complaint with a supervisory authority (Art. 77 GDPR) Right to object You may object to processing based on legitimate interests at any time. If data is processed for direct marketing, you may object at any time and processing will stop. For other purposes, processing will stop unless compelling legitimate grounds override your interests.
10.2 Contact
For questions regarding your personal data, please contact us using the details provided in the legal notice (Impressum).