Privacy policy | JunkYard | Tickets and info on ticket.io

Privacy policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal information when you visit this website. Personal data are any data by which you can be personally identified. For more detailed information about our data protection practices, please see our privacy policy below.

Data collected on this website

Who is responsible for collecting data on this website?

The data processing on this website is carried out by the website operator. Their contact details can be found in the “Controller Information” section of this privacy policy.

How do we collect your data?

Your data are collected in part by you providing the data to us. This may include data you provide on an order or contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g., internet browser, operating system or time of page access). These data are collected automatically when you enter this website.

What do we use your data for?

Some of the data are collected to ensure the proper provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to be informed at any time, free of charge, about the origin, recipients and purpose of the personal data stored about you. You also have the right to request that these data be corrected or erased. If you have consented to data processing, you may revoke this consent at any time with effect for the future. In addition, under certain circumstances, you have the right to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the relevant supervisory authority.

You can contact us at any time for this purpose and for any other questions regarding data protection.

Analytical tools and third party tools

When you visit this website, your browsing behaviour may be statistically evaluated. This is mainly done using so-called analysis programmes.

Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

External hosting

This website is hosted externally. The personal data collected on this website are stored on the servers of the host(s). This may include IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Art. 6 para. 1 (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 para. 1 (f) GDPR). If consent has been given, processing will take place exclusively on the basis of Art. 6 para. 1 (a) GDPR and § 25 para. 1 TDDDG [Telecommunications Digital Services Data Protection Act], insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the Telecommunications Digital Services Data Protection Act [TDDDG]. Consent may be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfil their contractual obligations and will follow our instructions in relation to these data.

We use the following host(s):

ticket i/O GmbH
Im Zollhafen 2-4

50678 Cologne

Data processing agreement

We have entered into a Data Processing Agreement for the use of the above service. This is a legally required contract which ensures that the host only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

3. General and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

When you use this website, various forms of personal data are collected. Personal data are data that can be used to personally identify you. This privacy policy explains what data we collect and how we use them. It also explains how and for what purpose we do this.

Please note that data transfer over the Internet (e.g., when communicating by e-mail) may not be secure. It is not possible to provide complete protection of the data against access by third parties.

Information about the data controller

The controller responsible for data processing on this website is:

Home of Freaks UG
Elvira Brosky
Schlägelstrasse 57
44145 Dortmund
E-mail:
Website: https://www.junkyard.ruhr

The controller is the natural person or legal entity who alone or jointly with others decides on the purposes and means of the processing of personal data (e.g., names, e-mail addresses, etc.).

Retention period

Unless a specific retention period is specified in this privacy policy, your personal data will be kept by us until the purpose for which the data were processed no longer applies. If you make a legitimate request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, erasure will take place after these reasons cease to apply.

General information about the legal basis for data processing on this website

If you have given your consent to data processing, we will process your personal data on the basis of Art. 6 para. 1 (a) GDPR or Art. 9 para. 2 (a) GDPR in the event that special categories of data according to Art. 9 para. 1 GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 para. 1 (a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), the data processing is also based on § 25 para. 1 TDDDG. Consent may be revoked at any time. If your data are necessary for the execution of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 (b) GDPR. Furthermore, we process your data if this is necessary to comply with a legal obligation based on Art. 6 para. 1 (c) GDPR. Data processing may also take place on the basis of our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Data protection notice about data transfers to non-secure third countries and transfers to US companies that are not DPF certified

We use tools from companies located in non-secure third countries and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. Please note that non-secure third countries may not provide a level of data protection comparable to that in the EU.

We would like to point out that the US, as a safe third country, generally provides a level of data protection comparable to that in the EU. Data transfers to the US are therefore permitted if the recipient is certified under the EU-US Data Privacy Framework (DPF) or provides appropriate additional safeguards. Information about transfers to third countries, including the recipients of the data, can be found in this privacy policy.

Recipients of personal data

In the course of our business, we work with various external entities. In some cases, it is necessary to transfer personal data to these external entities. We only disclose personal data to external entities if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest pursuant to Art. 6 para. 1 (f) GDPR in the disclosure, or if another legal basis permits the transfer of the data. When using processors, we only disclose personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement will be concluded.

Revoking your consent to data processing

Many data processing activities require your explicit consent. You may revoke your consent at any time. The lawfulness of the data processing carried out before the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 PARA. 1 (E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING ON THE BASIS OF THESE PROVISIONS. THE RELEVANT LEGAL BASIS ON WHICH THE PROCESSING IS BASED IS SET OUT IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH DIRECT MARKETING, INCLUDING FOR THE PURPOSE OF PROFILING IN RELATION TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Complaint to the competent supervisory authority

In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place where the alleged breach took place. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to obtain from us or from a third party, in a standard machine-readable format, data that we process automatically on the basis of your consent or in performance of a contract. If you request the data to be transferred directly to another controller, this will only be done to the extent that this is technically feasible.

Access, rectification and erasure

Within the framework of the applicable legal provisions, you have the right to free information about the personal data stored about you, its origin and recipients, as well as the purpose of the data processing and, if necessary, the right to have these data corrected or erased. You can contact us at any time for this purpose and for any other questions regarding personal data.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. You may contact us for this purpose at any time. You have the right to restrict processing in the following circumstances:

If you dispute the accuracy of your personal data held by us, we will normally need time to investigate. For the duration of the investigation, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data was/is unlawful, you may request that the processing be restricted instead of erased.
If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
If you exercise your objection right under Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, those data may only be processed – apart from their storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock symbol in your browser bar.

When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Encrypted payment transactions on this website

If you are required to provide us with your payment data (e.g., account number for direct debit authorisation) after concluding a paid contract, these data are required for payment processing.

Payment transactions using common payment methods (credit card payments, direct debit and bank transfer, PayPal) are made exclusively via encrypted SSL or TLS connections. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

Encrypted communication means that the payment data you send to us cannot be read by third parties.

4. Data collected on this website

Cookies

Our Internet pages use so-called “cookies”. Cookies are small pieces of information that do not harm your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain on your device until you delete them or your web browser automatically deletes them.

Cookies can come from us (first-party cookies) or from third parties (so-called third-party cookies). Third-party cookies allow certain third-party services to be integrated into websites (e.g., cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary because certain website features would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyse user behaviour or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you (e.g., for the shopping cart function) or to optimise the website (e.g., cookies for measuring the web audience) (necessary cookies) are used in accordance with Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically faultless and optimised provision of its services. If consent has been requested for the storage of cookies and similar identification technologies, the processing will only take place on the basis of this consent (Art. 6 para. 1 (a) GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.

You can configure your browser so that it informs you about the setting of cookies and only allows cookies in individual cases, excludes the acceptance of cookies in certain cases or generally, and enables the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website.

You can find out which cookies and services are used on this website in this privacy policy.

Enquiries by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we will store and process your enquiry, including any resulting personal data (name, enquiry), for the purpose of processing your concern. We will not pass on these data without your consent.

The processing of these data is based on Art. 6 para. 1 (b) GDPR, provided that your request is related to the execution of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests made to us (Art. 6 para. 1 (f) GDPR) or on your consent (Art. 6 para. 1 (a) GDPR), if this has been requested; consent may be revoked at any time.

The data you provide us with in the context of contact enquiries will remain with us until you ask us to erase it, until you revoke your consent to storage or until the purpose for which the data were stored no longer applies (e.g., after your enquiry has been processed). This is without prejudice to any mandatory legal requirements, in particular statutory retention periods.

Registration on this website

You can register on this website to use additional features of the site. We will use the data you provide during registration only for the purpose of using the particular offering or service for which you have registered. The mandatory information requested during registration must be provided in full. Failure to provide such will result in rejection of your registration.

In the event of material changes, such as changes to the scope of the service or technical changes, we will use the e-mail address provided during registration to inform you of such changes.

The processing of the data entered during registration is based on the performance of the contract established by the registration and, if necessary, the initiation of further contracts (Art. 6 para. 1 (b) GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be erased. Statutory retention periods remain unaffected.

5. Analysis tools and advertising

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of the website visitors. The website operator receives various forms of usage data such as page views, length of stay, operating systems used and the origin of the user. These data are associated with the user’s device. It is not linked to a user ID.

We may also use Google Analytics to track, among other things, your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the data collected and uses machine learning technologies to analyse the data.

Google Analytics uses technologies that allow users to be recognised for the purpose of analysing user behaviour (e.g., cookies or device fingerprinting). The information recorded by Google about your use of the website is transmitted to and stored by Google on servers in the United States.

The use of this service is based on your consent according to Art. 6 para. 1 (a) GDPR and § 25 para. 1 TDDDG. Consent may be revoked at any time.

The transfer of data to the US is based on the EU Commission’s standard contractual clauses. You can find the details here: https://privacy.google.com/businesses/controllerterms/mccs/ .

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure that European data protection standards are met when data are processed in the United States. Any company certified under the DPF agrees to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymisation

Google Analytics has IP anonymisation enabled. This means that Google will automatically truncate your IP address within Member States of the European Union and other countries that are party to the European Economic Area Agreement before transmitting it to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the US where it will be truncated. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google will not associate the IP address transmitted by your browser as part of Google Analytics with any other data held by Google.

Browser plugin

You may opt out of the collection and processing of data by Google by downloading and installing the browser plugin, which is available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de .

For more information about how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .

Matomo

This website uses Matomo, an open source web analytics service.

Matomo enables us to collect and analyse data about the use of our website by visitors. This enables us to determine, among other things, when pages are accessed and from which region they come. We also collect various log files (e.g., IP address, referrer, browser and operating system used) and may measure whether our website visitors take certain actions (e.g., clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its website and advertising. If consent has been given, processing will take place exclusively on the basis of Art. 6 para. 1 (a) GDPR and § 25 para. 1 TDDDG [Telecommunications and Telemedia Data Protection Act], insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the Telecommunications and Telemedia Data Protection Act [TDDDG]. Consent may be revoked at any time.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to serve ads on Google’s search engine and on third party websites when users type certain keywords into Google (keyword targeting). It also allows us to show targeted ads based on user data available to Google, such as location and interests (audience targeting). As a website operator, we can quantitatively evaluate these data by analysing, for example, which search terms led to the display of our ads and how many ads led to clicks.

The use of this service is based on your consent according to Art. 6 para. 1 (a) GDPR and § 25 para. 1 TDDDG. Consent may be revoked at any time.

The transfer of data to the US is based on the EU Commission’s standard contractual clauses. You can find the details here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/ .

Meta pixel (formerly Facebook pixel)

This website uses the visitor action pixel from Facebook/Meta to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected are also transferred to the US and other third countries.

In this way, the behaviour of website visitors can be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected are anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of users. However, the data are stored and processed by Facebook, which means an association with the respective user profile is possible and Facebook may use the data for its own advertising purposes in accordance with the Facebook privacy policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to serve ads on Facebook pages as well as outside of Facebook. This use of the data is beyond our control as a website operator.

The use of this service is based on your consent according to Art. 6 para. 1 (a) GDPR and § 25 para. 1 TDDDG. Consent may be revoked at any time.

We use the advanced matching feature within the meta pixel.

The advanced matching feature allows us to transmit to Meta (Facebook) various types of data (such as city, state, postal code, hashed e-mail address, name, gender, date of birth or phone number) about our customers and prospective customers that we collect through our website. By enabling this feature, we can more accurately target our advertising campaigns on Facebook to people who are interested in what we have to offer. In addition, advanced matching improves the attribution of website conversions and expands custom audiences.

To the extent that personal data are collected on our website using the tool described here and transferred to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited to the collection of the data and its transfer to Facebook. Processing by Facebook after the transfer is not part of the joint responsibility. Our joint obligations are set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum . Under this agreement, we are responsible for providing privacy information when using the Facebook tool and for implementing the tool on our website in a privacy compliant manner. Facebook is responsible for the data security of its products. Data subject rights (such as requests for information) with respect to data processed by Facebook can be asserted directly with Facebook. If you assert data subject rights with us, we are required to forward them to Facebook.

The transfer of data to the US is based on the EU Commission’s standard contractual clauses. You can find the details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 .

For more information about protecting your privacy, please see Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/ .

In addition, you can opt out of the Custom Audiences remarketing feature in the Advertising Preferences section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can opt out of Facebook’s targeted advertising by visiting the European Interactive Digital Advertising Alliance website at: http://www.youronlinechoices.com/de/praferenzmanagement/ .

TikTok pixel

We have included the TikTok pixel on this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”).

The TikTok pixel enables us to serve targeted ads to website visitors who have viewed our offers on TikTok (TikTok ads). At the same time, the TikTok pixel allows us to measure the effectiveness of our advertising on TikTok. This allows us to evaluate the effectiveness of TikTok ads for statistical and market research purposes and to optimise future advertising campaigns. For this purpose, various usage data is processed, such as IP address, page views, time spent, operating systems used and user origin, information about the advertisement clicked by a person on TikTok or an event triggered (timestamp). These data are aggregated into a user ID and associated with the website visitor’s device.

The use of this service is based on your consent according to Art. 6 para. 1 (a) GDPR and § 25 para. 1 TDDDG. Consent may be revoked at any time.

The transfer of data to third countries is based on the standard contractual clauses of the EU Commission. You can find the details here: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

LinkedIn Insight Tag data processing

The LinkedIn Insight Tag provides us with information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse the professional data (such as career level, company size, country, location, industry and job title) of our website visitors in order to better target specific groups for our website. We also use LinkedIn Insight Tags to measure whether visitors to our website pages take action, such as making a purchase (conversion measurement). Conversion measurement can also be cross-device (e.g., from PC to tablet). The LinkedIn Insight Tag also provides a retargeting feature that LinkedIn says allows us to serve targeted ads to visitors outside of our website without identifying the ad recipient.

LinkedIn also collects log files (URL, referrer URL, IP address, device and browser type, and access time). IP addresses are shortened or (when used to reach LinkedIn members across devices) hashed (pseudonymised). Direct identifiers of LinkedIn members are erased by LinkedIn after seven days. The remaining pseudonymised data are then erased within 180 days.

The data collected by LinkedIn are not personally identifiable by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the United States and use it for its own advertising purposes. Please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig .

Legal basis

If consent has been obtained, the use of the above service is based solely on Art. 6 para. 1 (a) GDPR and § 25 TDDDG. Consent may be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 (f) GDPR; the website operator has a legitimate interest in effective advertising measures, including social media.

The transfer of data to the US is based on the EU Commission’s standard contractual clauses. You can find the details here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs .

Opting out of the use of LinkedIn Insight Tag

You can opt out of LinkedIn’s analysis of user behaviour and targeted advertising by visiting: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

Furthermore, members of LinkedIn can manage the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

6. Newsletter

Newsletter data

If you would like to subscribe to the newsletter offered on the website, we will ask you for an e-mail address and information that will allow us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data are not collected or are only collected on a voluntary basis. We will only use these data to send you the requested information and will not pass them on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 (a) GDPR). You may revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example by clicking on the “unsubscribe” link in the newsletter. The lawfulness of data processing already carried out shall not be affected by the revocation.

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider and will be erased from the newsletter distribution list after you unsubscribe. We reserve the right to erase or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR.

Data stored by us for other purposes will remain unaffected.

After you have unsubscribed from the newsletter distribution list, your e-mail address may be added to a blacklist by us or the newsletter service provider to prevent future mailings to you if this is necessary. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest as defined by Article 6 para. 1 (f) GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.

Sending newsletters to existing customers

If you order goods or services from us and provide us with your e-mail address, we may subsequently use that e-mail address to send you newsletters, provided that we inform you in advance. In this case, the newsletter will only contain direct advertising for our own similar goods or services. You can unsubscribe from the newsletter at any time. You will find a link to unsubscribe in each newsletter. The legal basis for sending the newsletter in this case is Art. 6 para. 1 (f) GDPR in connection with § 7 para. 3 UWG [Act against Unfair Competition].

After you have unsubscribed from the newsletter distribution list, your e-mail address may be added to a blacklist by us to prevent future mailings to you if this is necessary. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest as defined by Article 6 para. 1 (f) GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.

7. E-commerce and payment providers

Processing of customer and contract data

We collect, process and use personal customer and contract data for the establishment, content and modification of our contractual relationships. We collect, process and use personal data relating to the use of this website (usage data) only to the extent necessary to enable the user to use the service or to invoice the user. The legal basis for this is Art. 6 para. 1 (b) GDPR.

The collected customer data will be erased after completion of the order or termination of the business relationship and after expiry of any statutory retention periods. Statutory retention periods remain unaffected.

Data transfer upon conclusion of a contract for services and digital content

We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the credit institution entrusted with the processing of payments.

No data will be transferred beyond this, or only if you have expressly consented to this. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes.

The legal basis for data processing is Art. 6 para. 1 (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Payment services

We integrate third party payment services into our website. If you make a purchase from us, your payment details (e.g., name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. These transactions are subject to the contractual and data protection provisions of the respective providers. The use of payment service providers is based on Art. 6 para. 1 (b) GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 (f) GDPR). If your consent is required for certain actions, Art. 6 para. 1 (a) GDPR is the legal basis for the data processing; your consent can be revoked at any time with effect for the future.

Necessary	Always active
Statistics
Marketing