top of page

Privacy Policy

Introduction

This website is operated by: Berberich & Hühn GbR.
 

It is very important to us to handle the data of our website visitors in a trustworthy manner and to protect it in the best possible way. For this reason, we make every effort to meet the requirements of the GDPR.

 

In the following, we will explain how we process your data on our website. To do this, we use language that is as clear and transparent as possible so that you can truly understand what happens to your data.

What data do we collect?

Processing of personal data and other terms

Data protection applies to the processing of personal data.

Personal data refers to all data that can be used to identify you personally. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when ‘something happens to it’. For example, the IP address is transmitted from the browser to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

Applicable regulations/laws - GDPR, BDSG and TDDDG
The scope of data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

In addition, the TDDDG supplements the provisions of the GDPR insofar as the use of cookies is concerned.

Responsible for data processing

The controller in the sense of the GDPR is responsible for data processing on this website. This is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

You can contact the controller at:

Berberich & Hühn GbR

Bgm.-Müller-Str. 2D

85560 Ebersberg

Bavaria

Germany
support@canvasnova.com


This is how data is processed on this website

As we have already established, there is data (e.g. IP address) that is collected automatically. This data is mainly required for the technical provision of the homepage. Insofar as we use additional personal data or collect other data, we will inform you about this or ask for your consent.

You consciously share other personal data with us.
Detailed information on this can be found below.


Your rights

The GDPR gives you extensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the correction, blocking or deletion of this data or complain to the relevant data protection supervisory authority. You can revoke your consent at any time.

The last section of this data protection declaration explains in detail what these rights are and how they can be exercised.


Data protection – our view
For us, data protection is more than just a chore! Personal data is very valuable and careful handling of this data should be a matter of course in our digitalised world. Furthermore, as a website visitor, you should be able to decide for yourself what happens to your data, when and by whom. That is why we are committed to complying with all legal requirements, only collecting the data we need and, of course, treating it confidentially.


Disclosure and deletion

The disclosure and deletion of data are also important and sensitive issues. Therefore, we would like to briefly inform you about our general approach to this in advance.

A transfer of the data only takes place on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called processor and a data processing agreement has been concluded in accordance with Art. 28 GDPR.

We will delete your data if the purpose and legal basis for processing no longer apply and there are no other legal obligations preventing the deletion. Article 17 of the GDPR also provides a good overview of this

.

For more information, please refer to this privacy policy and contact the data controller if you have any specific questions

.


Hosting

This website is hosted externally. The personal data collected on this website is stored on the host's servers.

This includes, on the one hand, the automatically collected and stored log files (see below for more details) and, on the other hand, all other data provided by visitors to the website.

External hosting is used to provide our website securely, quickly and reliably and, in this context, serves to fulfil the contract with our potential and existing customers.

The legal basis for the processing is Art. 6 para. 1 lit. a, b and f GDPR, as well as

§ 25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the end device of the website visitor or user in

the sense of the TDDDG

Our hoster only processes the data necessary to fulfil its service obligation and acts as our processor, i.e. it is subject to our instructions. We have concluded a corresponding contract for order processing with our hoster.

We use the following hoster:

WiX

Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel.

support@wix.com

https://de.wix.com/about/privacy.


Legal basis

The processing of personal data always requires a legal basis. The GDPR provides for the following possibilities in Art. 6 (1) sentence 1:

The data subject has given consent to the processing of his or her personal data for one or more specific

purposes;

processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; processing is necessary for compliance with a legal obligation to which the controller is subject;

processing is necessary in order to protect the vital interests of the data subject or of another natural person;

processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In the following sections, we will provide you with the specific legal basis for the respective processing.

This happens on our website

When you visit our website, we process personal data about you.

To protect this data against unauthorised access by third parties, we use SSL or TLS encryption. You can recognise this encrypted connection by the fact that https:// or a padlock symbol appears in the address bar of your browser.

The following information will explain what data is collected when you visit our website, for what purpose this is done and on what

legal basis.
 

Data collection when accessing the website

When you access the website, information is automatically stored in so-called server log files. This information includes:

Browser type and browser version Operating system used

Referrer URL

Host name of the accessing computer

Time of the server request

IP address

These data are needed temporarily so that we can display our website to you permanently and without problems. In particular, these data serve the following purposes:

System security of the website

System stability of the website

Troubleshooting on the website Connection setup to the website

Presentation of the website

Data processing is carried out in accordance with Article 6(1)(f) GDPR and is based on our legitimate interest in processing this data, in particular our interest in the functionality of the website and its security.

Where possible, this data is stored in pseudonymised form and

deleted once the respective purpose has been achieved.

If the server log files enable the data subject to be identified, the data will be stored for a maximum period of 14 days. An exception to this is if a security-related event occurs. In this case, the server log files will be stored until the security-related event has been rectified and fully investigated.

Otherwise, the data will not be merged with other data.

Cookies

General

This website uses so-called cookies. These are a set of data, a piece of information that is stored in the browser of your device and is related to our website.

By setting cookies, the visitor's navigation of the website can be made easier.

In our cookie consent tool, you will find all information about the cookies that we use on our website (with your consent, if necessary).
 

Rejecting cookies

You can manage all cookies that are not technically necessary directly via our cookie consent tool.

You can prevent cookies from being set by adjusting the settings

of your browser.

You can find the corresponding links for commonly used browsers here:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firef

ox-loschen?redirectslug=Cookies+1%C3%B6schen&redirectlocale=de

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Pla

tform%3DDesktop&hl=de

Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und

-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and http s://support.apple.com/de-de/guide/safari/sfri11471/mac. If you use a different browser, we recommend entering the name of your browser and ‘delete and manage cookies’ in a search engine and then following the official link for your browser.

Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.

However, we must point out that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website.
 

Rejecting cookies


You can manage all cookies that are not technically necessary directly via our cookie consent tool.

You can prevent cookies from being set by adjusting your browser settings.

Here you will find the corresponding links for commonly used browsers:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firef

ox-loschen?redirectslug=Cookies+1%C3%B6schen&redirectlocale=de

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Pla

tform%3DDesktop&hl=de

Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und

-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and http://support.apple.com/de-de/guide/safari/sfri11471/mac. If you use a different

browser, we recommend entering the name of your browser and ‘delete and manage cookies’ in a search engine and following the official link to your browser.

Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.

However, we must point out that a comprehensive

blocking/deletion of cookies can lead to impairments in the use of the

website.
 

Technically necessary cookies
We use technically necessary cookies on this website to ensure that our website functions properly and in accordance with the applicable laws. They help to make the website user-friendly. Some of our website functions cannot be displayed without the use of cookies.
The legal basis for this is, depending on the individual case, Art. 6 para. 1 lit. b, c and/or f
GDPR.

Technically not necessary cookies
We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyse the surfing behaviour of the website visitor or to offer functions of the website that are not technically necessary.
The legal basis for this is your consent in accordance with Art. 6 (1) point a GDPR.
Cookies that are not technically necessary are only set with your consent, which you can revoke at any time in the cookie consent tool.

 

Data processing through user input
 

Our own data collection

We offer the following service on our website: Al generated art.

For this we collect the following data:

Name

Email address

Postal address

Telephone number

Date of birth

Bank account details

The legal basis for this data processing is Art. 6 Para. 1 lit. b GDPR.

The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

 

Contact

a) Email
If you contact us by email, we process your email address and any other data contained in the email. This data is stored on the mail
server and partly on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art.
6 (1) (b) GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
 

b) Contact form
We provide a contact form. This is used to contact our
company.
In this form, we usually process your first and last name, your telephone number, your email address, a postal address and the content
of the message. The data is stored on our web server and forwarded internally to the relevant email addresses.
The legal basis for the data processing is Article 6(1)(f) GDPR, as we have a legitimate interest in responding to your request and in an
uncomplicated way of making contact. If the purpose of making contact is to conclude a contract, the additional legal basis for
the processing is Art. 6 (1) (b) GDPR.
We delete this data no later than three months after receiving it, unless it is required for an existing contractual relationship.
We embed the contact form from Wix
Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel
https://de.wix.com/about/privacy.
on our website.
 

Questionnaires/forms


a) In-house development

We integrate forms developed in-house on our website.

The data entered is stored on our servers.

The legal basis for the processing is Art. 6 Para. 1 lit. a GDPR and § 25 Para.

1 TDDDG. Consent can be revoked at any time. The legality of the processing that has already taken place remains unaffected by any revocation that may have taken place.

The stored data can be made available at any time by email or a request can be made for the data to be deleted.

 

b) Fillout

www.fillout.com

 

Cookie consent tool


Wix
We use the Wix consent management tool to ensure that only cookies with a legal basis are set on our website.

This service is provided by Wix.com Ldt., Nemal St. 40, 6350671 Tel Aviv, Israel.

This service is used to obtain the consent of the website visitor to store certain cookies in their browser or to use certain technologies and to document this consent in a data protection compliant manner.

When this website is accessed, the consent given by the website visitor or the revocation of consent is stored as a Wix cookie in the website visitor's browser. To do this, a connection to the Wix servers is established.

The legal basis is Art. 6 Para. 1 lit. c GDPR. Wix is used to obtain the legally required consent for the use of cookies.

The collected data is stored until the website visitor requests deletion or Wix itself deletes it or the purpose for storing the data no longer applies. This does not affect the mandatory statutory retention periods.

 

Website construction kit system
 

Wix
We use the Wix service to create our website. This is a service provided by Wix.com Ltd, Namal 40, 6350671 Tel Aviv, Israel.

Wix is a website construction kit system that can be used to create HTML5 websites and mobile websites. It is an online platform based on the cloud principle. This makes it very easy to integrate the functions into your own website. This service allows us to design our website according to our wishes and to meet our goal of user-friendliness.

Wix uses cookies. These cookies are only set with the consent of the website visitor and can be revoked at any time. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR.

In addition, the use of the service is technically necessary for us to display our website. The legal basis for the processing is Art. 6 para. 1 lit. f

GDPR.

The data will be deleted as soon as they are no longer required for the processing purposes.

Further information:

https://de.wix.com/about/privacy.

 

Newsletter

WIX

We use WIX to provide our newsletter. This service is provided by wix.com Ltd, Nemal St. 40, 6350671 Tel Aviv, Israel.

This service can be used to organise and analyse the sending of newsletters. The data entered to receive the newsletter is stored on the service's servers.

With the help of WIX, interactions with the newsletter can be analysed.

In addition, conversion rates can be determined and newsletter users categorised in order to adapt the newsletter to the different target groups.

This analysis can be objected to.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para.

1 TDDDG. Consent can be revoked at any time by unsubscribing from the newsletter. The legality of the processing that has already taken place remains unaffected by any revocation that may have taken place.

The data will be deleted when the contract between us and WiX ends, unless the website visitor first revokes his consent. If this is the case, the data will be deleted from the distribution list.

In addition, after unsubscribing from the newsletter, the email address is stored on a blacklist separately from other data for an indefinite period.

The legal basis for this is Art. 6 para. 1 lit.f GDPR. It serves the interest of the website visitor as well as our interest in using/operating a newsletter in accordance with legal requirements.

Further details:

https://de.wix.com/manage/privacy-security-hub.

https://de.wix.com/about/privacy.

 

Mailing service

Make.com

www.make.com

Analysis and tracking tools


WIX Analytics

We integrate the Wix Analytics functions into our website. This service is provided by wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel.

Wix Analytics collects and stores various types of user data for optimisation and marketing purposes. This data is anonymised and summarised in statistical reports. The information collected includes login data, time zone settings, operating system and platform used, details of website visits such as the URL, duration of use, number of pages visited per session, search terms entered, information about interactions on the website, such as content searched for or viewed, page response speed and conversion rate.

Wix Analytics sets cookies for this purpose. The legal basis for the processing is Art. 6 (1) point a GDPR and § 25 (1) TDDDG, insofar as this consent includes access to information on the user's terminal device or the storage of cookies within the meaning of the TDDDG.

Otherwise, the legal basis for the processing is Art. 6 (1) point f GDPR.

We have a legitimate interest in analysing the data to ensure the technical stability of our website.

Further information:

https://de.wix.com/about/privacy.
 

Social media profiles

In addition to our website, we are also present on social networks with our company. Here we want to present our company and create the opportunity to get in touch with us.

We also use social media to place job ads and job searches.

The following information explains which data we and the respective social network process when you visit and interact with our profile.
 

Facebook
 

We operate a Facebook page at https://www.facebook.com/. This social network is operated by Meta Platforms Ireland Limited, 4 Grand Canal

Square, Grand Canal Harbour, Dublin 2, Ireland.

 

Interaction with our company profile
When you visit our Facebook profile and interact with us through it, we process personal data. On the one hand, the data publicly available on the profile. On the other hand, the personal data contained in posts, comments or direct messages to us.
Through interactions such as liking or sharing, we can see the user profile with the public information.
The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Facebook profile.
Insofar as a request is related to the performance of a contract or is necessary to carry out pre-contractual measures, our
processing is based on Art. 6 para. 1 lit. b GDPR.
 

Page Insights

As explained in the meta privacy policy under ‘How we use your information?’ (explains how meta information is also collected and used to provide analytics services, so-called page insights, for site operators.

This also applies to our Facebook page.

Page Insights are summarised statistics that are created and logged by the Meta servers based on certain interactions of visitors with pages and the content associated with them (e.g. viewing a page or a video, subscribing to a page, marking a page as ‘like’ or ‘dislike’, etc.).

Meta provides us with summarised statistics and insights in connection with the page insights, which give us information about how people interact with our company page. We do not have access to personal data, only to the summarised page insights. With the help of the page insights, we can view anonymous statistics, e.g. the reach of our account, page views, likes, etc.

These also include evaluations by age, gender and location of the users (as indicated by them in their respective Facebook profiles). To evaluate our reach, we can adjust settings or set appropriate filters with regard to selecting a time period, viewing a specific post and demographic groupings.

These data are anonymised. It is not possible for us to draw any conclusions about specific individuals.

The processing of this data serves the purpose of analysing our reach and adapting our content and ads to user interests so that visitors can get the most out of it. Based on the analysis of this data, we can see how our content, profile and advertising are consumed. This enables us to create target group-oriented content and place advertising to better market our company and our services.

The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence

1 lit. f DSGVO.
 

When processing personal data in the course of the so-called page insights, joint responsibility is shared with Facebook in accordance with Art. 26 para.

1 DSGVO.

For this purpose, we have entered into a corresponding agreement with Facebook, which can be viewed here (https://www.facebook.com/legal/terms/page_controller addendum).

The contact details for Facebook are:

Online contact: https://www.facebook.com/help/contact/1650115808681298

Postal address: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion

Road, Dublin 4, D04 X2K5, Ireland.

For Facebook, you can contact the data protection officer at the following link

:

https://www.facebook.com/help/contact/540977946302970.

Further information about page insights:

https://de-de.facebook.com/legal/terms/page_cntroller_addendum
 

Processing of personal data and cookies by Meta

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for ‘German’ IP addresses). Facebook also stores information about its users' end devices (e.g. as part of the “login notification” function); this may enable Facebook to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, there is a cookie with your Facebook ID on your end device. This enables Facebook to track the fact that you have visited this page and how you have used it.

Facebook buttons embedded in websites enable Facebook to record your visits to these websites and assign them to your Facebook profile.

This data can be used to offer you customised content or advertising.

Information on how personal data can be managed or deleted can be found in Facebook's Privacy Centre:

https://www.facebook.com/privacy/center/.

Further information on how Facebook handles data can be found here:

http://de-de.facebook.com/about/privacy.
 

Instagram

We operate an Instagram profile. This social media platform is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal

Harbour, Dublin 2, Ireland.
 

Interaction with our company profile

When you visit our Instagram profile and interact with us through it, we process personal data. On the one hand, the data publicly available on the profile. On the other hand, it also includes the personal data contained in posts, comments or direct messages to us.

Through interactions such as liking or sharing, we can see the user profile with the public information.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Instagram profile.

Insofar as a request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures, our

processing is based on Art. 6 (1) point b GDPR.
 

Insights

As explained in the meta data protection guideline under ‘How we use your information’ (https://privacycenter.instagram.com/policy/?entry_point=ig_help_

center_ data_policy_redirect), Meta also collects and uses information to provide analytics services, known as Insights, to site operators.

This also applies to our Instagram profile.

The Insights are summarised statistics that are created based on certain interactions of visitors with pages and the content associated with them and logged by the Meta servers.

These include, among other things, the following information

  • How many people see and interact with our products, services or content, such as posts, videos, Instagram pages, advertisements, shops and ads (when advertising is displayed on meta products),

  • how people interact with our content, websites, apps and services,

  • which groups of people interact with our content or use our services.

Meta provides us with summarised reports and insights that help us understand how well our content, features, products and services are performing.

We do not have access to any personal data, only to the summarised reports.

We can adjust settings or set appropriate filters when analysing reach, for example, with regard to selecting a time period, viewing a specific post or demographic group.

This data is anonymised. It is not possible for us to draw conclusions about specific individuals.

The processing of this data serves the purpose of analysing our reach and adapting our content and ads to user interests so that visitors can derive the greatest possible benefit from them. Based on the analysis of this data, we can see how our content, profile and advertising are consumed. This enables us to create targeted content and place advertising to better market our company and services.

The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence

1 lit. f GDPR.

When processing personal data in the course of the so-called

insights, the processing is carried out in joint responsibility with Meta in accordance with.

Art. 26 para. 1 GDPR.

For this purpose, we have entered into a corresponding agreement with Meta, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum.).

Meta's contact details are:

Online contact: https://www.facebook.com/help/contact/1650115808681298

By post: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For Instagram, you can contact the data protection officer at the following link:

https://www.facebook.com/help/contact/540977946302970.

Further information about the Insights:

https://de-de.facebook.com/help/pages/insights.

Instagram's complete privacy policy can be found here:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_polic

_redirect

Processing of personal data and cookies by Meta

When you access an Instagram page, the IP address assigned to your device is transmitted to Meta. According to information from Meta, this IP address is anonymised (for ‘German’ IP addresses). Meta also stores information about the end devices of its users (e.g. as part of the ‘login notification’ function); this may enable Meta to assign

IP addresses to individual users. If you are currently logged in to Instagram as a user, there is a cookie with your Instagram ID on your end device. This enables Meta to track the fact that you have visited this page and how you have used it. Meta buttons embedded in websites enable Meta to record your visits to these websites and assign them to your Instagram profile. This data can be used to offer you customised content or advertising.

Further information:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
 

Threads

We also use the features of Threads. Data collected when using the service, including IP address, application used and information about the end device, as well as websites accessed, location and mobile phone provider, are processed by Meta Platform, Inc., as described above. This data may also be transferred to countries outside the European Union. The collected data is linked to the Threads account or profile. There is no control over the specifics of the data processed by Threads, including its processing, use or disclosure to third parties. Further information:

https://help.instagram.com/769983657850450/?helpref=uf share

https://privacycenter.instagram.com/policy.
 

X (formerly Twitter)

We use the short message service ‘X’ (formerly Twitter). This is a service of X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA.

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for data processing for persons living outside of the United States.
 

Interactions with our account

In principle, we do not collect or process any of your data when you use our short message service. The data you enter on X, in particular the user name and the content published under your account, are processed by us on the basis of your consent in accordance with Art. 6 (1) point a GDPR, insofar as your tweets may be retweeted, we respond to them or tweets are written that refer to your account.

The data freely published and distributed by X is thus included by us and made accessible to our followers.
 

Data processed by X

We have no influence over the type and scope of the data processed by X Corp. or how it is processed and used or whether it is passed on to third parties. When you use X, your personal data is collected, transmitted, stored, disclosed and used by X Corp. and, regardless of your place of residence, transferred to, stored and used in the United States, Ireland and any other country in which X Corp. does business.

On the one hand, X processes all voluntarily entered data such as name and username, email address, telephone number or contacts from the address book, insofar as these have been uploaded or synchronised.

On the other hand, X also analyses the shared content to determine which topics the user is interested in. X processes and stores confidential messages sent directly to other users. X can determine the user's location based on GPS data, information about wireless networks or the IP address.

X also receives information about what content is viewed, even if the user has not created an account.

X processes so-called ‘log data’. This includes the IP address, browser type, operating system, information about the previously visited website and the pages viewed, location, mobile service provider, the end device used (including device ID and application ID), the search terms used and cookie information.

Because X Corp. is a non-European provider that only has a European branch in Ireland, it is not bound by German data protection regulations, according to its own opinion.

This concerns, for example, the rights to information, blocking or deletion of data or the possibility to object to the use of usage data for advertising purposes.

You can restrict the processing of your data in the general settings for your X account and under the item ‘Privacy and security’. In addition, you can use the settings on mobile devices (smartphones, tablet computers) to restrict X's access to contact and calendar data, photos, location data, etc. This depends on the operating system used.

Further information can be found here:

https://help.twitter.com/de/safety-and-security/x-privacy-settings.

Information about the processing of data by X can be found in X's privacy policy:

https://twitter.com/de/privacy=

In addition, information can be requested via the X data protection form or the archive requests:

https://support.twitter.com/forms/privacy=
 

Pinterest

We operate a Pinterest profile. Pinterest is provided by Pinterest Europe Ltd. Palmerston House, 2nd Floor Fenian Street Dublin 2 Ireland.

Joint responsibility
We are jointly responsible with Pinterest for our profile. The underlying Joint Controlling Agreement can be viewed here: https://b
usiness.pinterest.com/de/pinterest-advertising-services-agreement/rest-of-apac/.
Pinterest's data protection officer can be contacted here: https://help.pinterest.com/de/ data-protection-officer-contact-form.

Data processing by Pinterest
When you visit our Pinterest page, Pinterest collects, among other things, log data that your browser automatically transmits when you visit the site (e.g. IP address, search history, browser type and settings, date and time of request, etc.). Pinterest also processes device information (e.g. device type, operating system).
Further information can be found at:
https://policy.pinterest.com/de/technical-information-we-collect-when-you-use-our-service and
https://policy.pinterest.com/de/privacy=policy.
Pinterest can also set cookies. The data processed in this way is partially assigned to the user's account.
Further information can be found at:

https://policy.pinterest.com/de/cookies.

Data processing by us

When Pinterest users communicate with us via our Pinterest profile, we receive the respective message from the user (including their Pinterest username).
We also process the comments published by users.
The purpose of our data processing is to present our published content on Pinterest and to communicate with users.
The legal basis for this is Art. 6 Para. 1 lit.f GDPR, as we have a legitimate interest in presenting relevant information to interested users and communicating with them about it.
The ‘Pinterest Analytics’ function is available on our Pinterest profile, which allows us to view statistical analyses.
The data that we receive from Pinterest is only anonymous statistics about visitors to our Pinterest profile. These statistics are not personal and do not allow any conclusions to be drawn about individual users.


Transfer of data
When we receive messages from users, we do not forward the content of these messages to other recipients.
Information about Pinterest's transfer of data to third parties
can be found here:
https://policy.pinterest.com/de/privacy=policy. and https://help.pinterest.com/de/artic
le/ads-performance-reporting:


Storage period
In connection with our Pinterest profile, we only store the messages we receive when Pinterest users communicate with us via our Pinterest profile. We delete these messages at the latest after the legal retention period has expired.
The respective storage period by Pinterest is described in their data policy at http
s://policy_pinterest.com/de/privacy=policy.
 

TikTok

We operate a TikTok channel. TikTok is provided by TikTok Technology Limited,

10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter ‘TikTok Ireland’). Our TikTok channel enables us to present ourselves to TikTok users and to get in touch with them.

Interactions with our TikTok channel
Users can interact with our TikTok channel through their TikTok account, for example by liking or commenting on our post. In doing so, we process the associated data, such as the user name and profile picture.
We use this data to optimise our content and its presentation and to adapt it to the respective user interests.
It is also possible to send us direct messages on our TikTok channel. Here, too, the username and profile picture are displayed.
The legal basis for the data processing is Art. 6 (1) point f GDPR. We have a legitimate interest in optimising our TikTok channel and the content published there. We also have a legitimate interest in communicating with users to answer questions, respond to criticism, build relationships and share information. This enables us to improve our services and respond to the needs of potential customers. By communicating via TikTok, we are able to reach younger customers in particular.
Comments are stored on the channel for an unlimited period of time and can be viewed by other users. The same applies to the use of the like function and direct messages.
 

TikTok analysis

When accessing and using our TikTok channel, additional data is processed for

TikTok analysis. These are summarised

statistics that are created and logged by TikTok based on certain interactions of visitors with our

TikTok channel and provide information about

how our channel is interacted with.

This data includes, but is not limited to:

follower growth

  • video views

  • profile views

  • likes, comments and shares

  • average viewing time

  • percentage of viewers who watch the entire video

  • sources of traffic (e.g. profile, For You feed)

  • geographic distribution of the audience

  • Follower activity times.

The data is provided to us in aggregated form as statistics. We do not have access to personal data, only to the

summarised statistics.

Further information about TikTok analytics can be found here:

https://www.tiktok.com/creators/creator-portal/en-us/tiktok-content-strategy/underst

anding=your-analytics/.

This data is processed solely for the purpose of analysing and improving the content on our TikTok channel. The analysis of this data enables us to see how our content and our TikTok channel are consumed. This allows us to create targeted content and, if necessary,

place advertising to better market our company and our services

.

The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence

1 lit. f DSGVO.

When processing personal data in the course of TikTok analyses, the processing is carried out in joint responsibility with TikTok in accordance with Art. 26

para. 1 DSGVO.

For this purpose, we have entered into a corresponding agreement with TikTok, which can be viewed here.

TikTok's contact details are:

Online contact: https://privacytiktok.zendesk.com/hc/en-us/requests/new.

Postal: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

You can use this form to contact TikTok's data protection officer

:

https://www.tiktok.com/legal/report/DPO.

Processing of personal data by TikTok The TikTok profiles and channels accessed, likes, messages and other usage data are also processed. If you are logged in with your own TikTok account, this data will be associated with your account.

Further information on the processing of data by TikTok can be found here: ht

tps://www.tiktok.com/legal/page/eea/privacy=policy/de.

 

YouTube

We maintain a profile on YouTube. This is a video platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which allows us to publish video content and interact with our audience.
 

Data processing by us
We also process the data of visitors to our profile. In doing so, we process data from your use of our profile that is provided to us by YouTube.
This information includes statistics about visits to our profile, reports on the playback time of our videos, on user interaction (e.g.
‘likes’ or comments), as well as information about individuals who actively interact with our site, e.g. by subscribing or using YouTube's communication features.
The data entered on YouTube, in particular the username and the content published under the account, are made visible and processed by us through interactions with our profile.
We process this data to enable communication and to optimise our content in terms of reach and target group.
The legal basis for the processing is a legitimate interest in accordance with Art. 6
para. 1 lit. f DSGVO for the stated purposes.
 

Data processing by YouTube

When you visit or interact with our YouTube channel, YouTube collects personal data such as your IP address, device information, geographical information, and platform activity, including videos viewed, interactions such as likes, comments and subscriptions. This data may be collected through cookies and similar technologies stored on your device.

YouTube uses this information to operate and improve the platform, to display personalised advertising and to carry out analyses and measurements to understand how users interact with the content. In addition, the data processing helps to evaluate and improve the reach and effectiveness of the content.

YouTube's processing of the data is based, among other things, on your consent, which is expressed by accepting the cookie policy on YouTube.

The data collected by YouTube may be transferred within the Google group of companies and to third parties, which may be located in countries outside the European Union, including the United States.

Google LLC is certified under the EU-U.S. Privacy Shield Framework, which ensures that an adequate level of data protection is maintained even when transferred to third countries.

We have no influence on the extent of the data processed by YouTube, the type of processing and use or the disclosure of this data to third parties. Nor do we have any effective means of control in this respect.

Information about what data is processed by YouTube and for what purposes it is used can be found in YouTube's privacy policy: https://policies.google.com/privacy?h|=de&gl=de.
 

Social logins

We integrate a social login function on our website. This gives the user the option of registering for services on the website via the corresponding (social media) account.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para.

1 TDDDG. Consent is given by selecting the corresponding social media

profile and can be revoked at any time for the future.

The transmitted data can then be processed for the purposes of establishing, implementing and terminating a contractual relationship, Art. 6 (1) (b)

GDPR.

If the user selects one of these social login options, the corresponding social

media provider verifies the user's identity and transmits the following data to us:


Facebook
When you log in via Facebook, the following data is transmitted to us by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland:
first and last name, email address, profile picture if applicable.
Further information on data processing by Facebook:
https://de-de.facebook.com/privacy/explanation.


Google
When you log in via Google, the following data is transmitted to us by Google Ireland
Limited, Gordon House, Barrow Street, Dublin 4, Ireland:
First name and surname, email address, profile picture if applicable.
Further information on data processing by Google:
https://policies.google.com/privacy.

 

Third-party content

Google Fonts
We have integrated Google Fonts locally on our server. This means that no data is transferred to Google despite use.
 

Google reCAPTCHA

This website uses Google reCAPTCHA. Google reCAPTCHA is a plug-in provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The service makes it possible to determine whether data is being entered by a human or by an automated program. This analysis starts automatically in the background as soon as the website is entered. To do this, various information is collected and transmitted to Google.

There is no indication of this analysis.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para.

1 TDDDG. Consent can be withdrawn at any time.

Further details:

https://policies.google.com/privacy?hl=de

https://policies.google.com/terms?hl=de.
 

WIX CDN
We use the WIX CDN. This service is provided by wix.com Ltd, Nemal St. 40, 6350671 Tel Aviv, Israel. A content delivery network (CDN) is a distributed network of servers that is used to deliver web content such as websites, images and videos to users faster by providing the data from a server that is geographically closer to the user. This reduces loading times and improves the user experience, while also protecting the websites from high traffic loads and security threats. Personal data is forwarded to WIX for this purpose. The legal basis is Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in increasing the security and delivery speed of our website and using a CDN. This data is stored until the data subject requests deletion, the consent to storage has been revoked or the purpose for storage no longer applies.
Further information: https://de.wix.com/manage/privacy=security-hub.
https://de.wix.com/about/privacy.
 

AuthO

We integrate the functions of Auth0 on our website. This service is provided by Autho Inc., Suite 700, 10800 North East 8th Street, Bellevue,

Washington, 98004, USA.

AuthO is an authentication service used for secure and universal authorisation of customers' user accounts. AuthO processes a range of personal data required for authentication and authorisation. This data includes contact information such as name, email address and telephone number, which are used for registration processes and password resets. In addition, login information such as usernames and passwords are collected, which are necessary to access accounts. AuthO also collects protocol and usage data, including IP addresses, browser and device information, that is generated when accessing the services. When users log in via third-party services such as Google, Facebook or Linkedin, additional profile information from these sources may be integrated. This information is used to provide secure authentication services, verify users, control access and create personalised experiences.

Autho may also set cookies on the end device for this purpose. This only happens with prior consent. The legal basis for this is Art. 6 para. 1 lit. a

GDPR.

Otherwise, the legal basis for the processing is Art. 6 (1) point f GDPR. We have a legitimate interest in integrating a secure and functional authentication process on our website.

When data is transferred to the US, the standard contractual clauses (SCC)

of the EU Commission apply.

Further information:

https://www.okta.com/privacy=policyl.

 

OpenAI API

We integrate the functions of OpenAl APl on our website. This service is provided by OpenAl Inc, 3180 18th Street, San Francisco, California

94110, USA.

OpenAl has specialised in the development of artificial intelligence and machine learning. With the help of the OpenAl API, we are able to develop our own AI tools based on the databases and capabilities of ChatGPT/OpenAl.

All inputs in our tool are processed. Basically, these inputs, e.g. natural language, images or other data formats, are processed by OpenAl to develop machine learning models. This data is then used to improve or train the respective tool.

OpenAl records the IP address when a tool is used. Provided that the respective tool is not filled with personal data, no personal data other than the IP address is recorded. OpenAl can set cookies. This only happens after prior consent.

The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Otherwise, the legal basis for the processing of data is Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in using the possibilities of ML models in our tools and integrating them into our website in order to optimise our service technically and economically.

If the function to automatically delete the chat history is not activated, the data entered will remain with OpenAl for 30 days to train the models.

The EU Commission's standard contractual clauses (SCC) apply to data transfers to the USA

.

Further information:

https://openai.com/de-DE/policies/privacy=policyl.
 

Make
We use features from make.com on our website. make.com is operated by Celonis Inc., 1 World Trade Ctr FL 70 New York, NY, 10007
United States.
Make.com is an integration platform that makes it possible to connect various apps and services with each other and to create automated workflows.
Data such as connection information, usage data and technical data that is required for the integration and use of the automated workflows is processed. The purpose of the data processing is to optimise and automate business processes. The legal basis for the data processing is Art. 6 (1) lit. b GDPR, as it is necessary for the fulfilment of contractual obligations, as well as Art. 6 (1) lit. f GDPR, as we have a legitimate interest in increasing the efficiency of our business processes.
Make.com sets cookies for functionality and analysis, which are only set with consent. This consent can be withdrawn at any time.
The legal basis for this is Art. 6 para. 1 lit. a DSGVO.
Data is transferred to third countries. The standard contractual clauses (SCC) of the EU Commission are used to ensure an adequate level of data protection. Data is stored until the person concerned requests deletion, revokes consent for storage or the purpose for storage no longer applies.
Further information on data processing can be found here: https://www.make.c
om/en/privacy-notice.

Wix Multilingual
We use Wix Multilingual on our website, a service for creating multilingual websites provided by Wix.com Ltd., 40 Namal Tel Aviv St.,
Tel Aviv, Israel. Wix Multilingual enables us to offer our website in several languages and thus reach an international audience. When using Wix Multilingual, data such as language preferences and technical information such as IP address and browser type are processed. The data processing is carried out for the purpose of providing a multilingual website and improving the user experience. The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the international orientation of our website. Wix Multilingual can set cookies to store language settings. These cookies are only set with consent and can be revoked at any time in our cookie consent tool. The legal basis for this is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Data is transferred to a third country, namely Israel. Israel has an adequacy decision by the European Commission, so an adequate level of data protection is guaranteed. The data is stored until deletion is requested, consent is revoked or the purpose for the storage no longer applies. Statutory retention periods remain unaffected. Further information on data processing can be found at:
https://de.wix.com/about/privacy.
 

Wix Members

We use the Wix Members Area on our website. This service makes it possible to create a personal account on our website to access exclusive content and features. The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel. When using the Wix Members Area, personal data such as name, email address, profile picture and other voluntary information is processed. The purpose of the data processing is to provide personalised content and manage member accounts. The legal basis for the processing is Art. 6 (1) (b) GDPR, since the processing is necessary for the performance of a contract if registering for and using an account is an integral part of the contract. For optional processing such as analysis or marketing purposes, the consent of the user is required, based on Art. 6 para. 1 lit. a DSGVO. Wix sets functional cookies that are necessary for the provision of the services. These cookies are set on the basis of Art. 6 para.

1 lit. f DSGVO, as there is a legitimate interest in ensuring the functionality of the website. Additional cookies such as analysis or

marketing cookies are only set with consent, based on Art. 6 para. 1 lit. a DSGVO. Data is transferred to Israel. The European Commission has decided that Israel provides an adequate level of data protection (adequacy decision). The data is stored until the purpose of the storage no longer applies or deletion is requested. Mandatory statutory retention periods remain unaffected. Further information on data processing can be found here: https://de.wix.com/about/privacy.
 

Wix Shops

We integrate the functions of Wix Shops on our website. Wix Shops is operated by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv, Israel. The service enables companies to create and manage an online shop to sell products online and maintain customer relationships.

In the context of using Wix Shops, various personal data are processed, including name, contact information (email address, telephone number), payment information (e.g. credit card or IBAN data), IP

addresses and usage data to analyse the behaviour of website visitors.

This data is processed for the purpose of processing orders, providing customer service and improving the user experience on the platform. The legal basis for the data processing is Art. 6 para. 1 lit. b GDPR, since the processing is necessary to fulfil contractual obligations, as well as Art. 6 para. 1 lit. f GDPR, in order to protect a legitimate interest in improving our services and user experience.

Wix uses cookies, including functional cookies and analysis cookies, to ensure the functionality of the online shop and to analyse user behaviour. These cookies are only set with consent, which can be withdrawn at any time. The legal basis for this is Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG.

Data is transferred to third countries, in particular to Israel.

This transfer takes place under the guarantees of the EU Commission, since Israel is recognised as a country that offers an adequate level of protection for personal data. The data will be deleted as soon as it is no longer required for the purposes of its processing or the user requests its deletion; statutory retention periods remain unaffected.

Further information on data processing by Wix can be found in the Wix data protection guidelines at: https://www.wix.com/about/privacy.
 

Wix FAQ

We use the Wix FAQ app on our website, a service provided by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel. This app enables frequently asked questions (FAQs) to be displayed in a structured way and offers visitors quick answers to their concerns. No personal data of the users is collected unless it is provided voluntarily in the context of an enquiry or interaction. The purpose of the data processing is to improve customer service by providing an informative FAQ section. The legal basis for the processing of voluntarily provided data is Art. 6 para. 1 lit. a GDPR, based on the consent of the user. The FAQ

app sets cookies to ensure functionality and optimise user experience. These cookies are only set with consent and can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a DSGVO. Personal data is transferred to Israel. The European Commission has decided that Israel provides an adequate level of data protection (adequacy decision). The data is stored for as long as it is required for the stated purpose or as long as prescribed by statutory retention periods. Further information on data processing can be found at: https://de.wix.com/about/privacy.
 

Vercel

www.vercel.com
 

Fillout

www.fillout.com
 

Airtable

www.airtable.com

Payment services
 

PayPal

We use PayPal on our website. PayPal is a payment service provider.

This service is offered by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-

24 Boulevard Royal, L-2449 Luxembourg.

For the purpose of payment processing, the payment data of the website visitor are processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data in the sense of Art. 6 para. 1 lit. f GDPR, in order to ensure a fast and reliable payment process.

The standard contractual clauses (SCC) of the EU Commission apply to data transfers to the USA

.

https://www.pay.pal.com/de/webapps/mpp/ua/pocpsa-full.


Apple Pay
We use Apple Pay on this website. Apple Pay is a payment service provider.
This service is provided by Apple Inc., Infinite Loop, Cupertino, CA
95014, USA.
For the purpose of payment processing, the website visitor's payment data is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.
The legal basis is Art. 6 Para. 1 lit. b DSGVO. The data is processed for the purpose of (pre-)contractual obligations.
We also have a legitimate interest in processing this data within the meaning of Article 6(1)(f) GDPR in order to ensure a fast and reliable payment process.
Further details:
https://www.apple.com/legal/privacy/de-ww/.

Google Pay
We use Google Pay on this website. Google Pay is a payment service provider. This service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
For the purpose of payment processing, the website visitor's payment data is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.
The legal basis is Art. 6 Para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.
In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 Para. 1 lit. f GDPR, in order to ensure a fast and reliable payment process.
Further details:
https://policies.google.com/privacy.
 

Klarna

We use Klarna on this website. Klarna is a payment service provider. This service is offered by Klarna AB, Sveavägen 46, 111 34 Stockholm,

Sweden.

For the purpose of payment processing, the payment service provider processes the website visitor's payment data as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b DSGVO. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in the processing of these data within the meaning of Article 6(1)(f) GDPR in order to ensure a fast and reliable payment process.

Further details:

https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

https://www.klarna.com/de/datenschutz/.
 

Instant bank transfer
We use Sofortüberweisung on this website. Sofortüberweisung is a payment service provider. This service is provided by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.
For the purpose of payment processing, the website visitor's payment data is processed by the payment service provider as soon as a purchase is made via this website. For this purpose, the PIN and a valid TAN are transmitted to Sofort GmbH, which logs into the online banking account. The account balance is checked and the corresponding transfer is carried out.
In addition, the credit limit of the overdraft facility and the existence of other accounts and their account balances are queried. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.
The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.
We also have a legitimate interest in processing this data within the meaning of Article 6(1)(f) GDPR in order to ensure a fast and reliable payment process.
Further details:
https://www.sofort.de/datenschutz.html
https://www.klarna.com/sofort/
 

American Express

We use American Express on this website. American Express is a payment service provider. This service is provided by American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany.

For the purpose of payment processing, the website visitor's payment data is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the

payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable

payment process.

American Express may transfer the data to the parent company in the USA. American Express has Binding Corporate Rules (BCR) for this purpose.

Further details:

https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard
We use Mastercard on this website. Mastercard is a payment service provider. This service is provided by Mastercard Europe
SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium.
For the purpose of payment processing, the website visitor's payment data is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.
The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.
In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR, in order to ensure a fast and reliable payment process.
Mastercard may transfer the data to the parent company in the USA.
Mastercard has Binding Corporate Rules (BCR) for this purpose.
Further details:
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcr
s.pdf
https://www.mastercard.de/de-de/datenschutz.html.

VISA
We use VISA on this website. VISA is a payment service provider. This service is offered by Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, United Kingdom.
For the purpose of payment processing, the website visitor's payment data is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.
The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.
In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR, in order to ensure a fast and reliable payment process.
When data is transferred to the US, the standard contractual clauses (SCC)
of the EU Commission.
Further details:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
 

Union Pay

We use UnionPay on our website. UnionPay is an international payment service provider. This service is provided by UnionPay International, UNIONPAY International Co., Ltd., Dongfang Road, 6, Building B, Poly Plaza, Floor 6, Shanghai.

For the purpose of payment processing, the website visitor's payment data is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b DSGVO. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in processing this data within the meaning of Article 6(1)(f) GDPR in order to ensure a fast and reliable

payment process.

The EU Commission's Standard Contractual Clauses (SCC) apply to data transfers to countries outside the EU.

Further information: https://www.unionpayintl.com/en/privacyNoticel.
 

Wix Payments

We use the Wix Payments payment service on our website. This is offered by Wix.com Ltd, Nemal St. 40, 6350671 Tel Aviv, Israel.

Wix Payments enables payment via all common credit card formats and, depending on the region, also via additional payment methods. The individual payment methods offered are communicated on our website. When payments are made via Wix Payments, the corresponding payment data (e.g. payment amount, information on the means of payment used, details of the payee) and the confirmation that the payment data is correct are collected and processed by Wix to execute the payment and transmitted to the credit institution commissioned with the payment. Wix then authenticates the payment with the relevant credit institution. The legal basis for this is Art. 6 (1) point b GDPR.

The data is processed for the purpose of (pre-)contractual obligations. We also have a legitimate interest in the processing of this data within the meaning of Art. 6 (1) point f GDPR, in order to ensure a fast and reliable payment process. Further information:

https://de.wix.com/manage/privacy-security-hub.

https://de.wix.com/about/privacy.
 

Prepayment

We offer the option of paying in advance on our website. After you place an order, we create an invoice containing all the relevant information needed for the transfer. This includes the amount to be paid, our bank details and a reference.

As part of the prepayment process, we store personal data. This includes transaction details (date, time and invoice total), IP address, email address, first and last name, address data (street, house number, city and postcode) and account data (IBAN, BIC, account holder and bank name).

The legal basis is Art. 6 para. 1 lit. b DSGVO. The data is processed for the purpose of (pre-)contractual obligations.
 

Services for processing orders


DHL

For the purpose of delivering orders, we provide personal data (name, delivery address and, if applicable, other contact data) to DHL Deutsche Post AG,

Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany).

The legal basis for this data processing is Art. 6 (1) (b) GDPR, since the disclosure of the data is necessary for the performance of the contract. Without this data transfer, delivery of the order would not be possible.

If explicit consent has been given during the ordering process, the e-mail address and/or telephone number will be passed on to DHL. This enables DHL to provide information about the status of the delivery or to coordinate the delivery date. The legal basis for this is Art. 6 (1) point a GDPR (consent). Consent given can be withdrawn at any time with effect for the future.

According to our research, any cookies that DHL sets on our website are functional in nature and serve to technically enable the shipping process and shipment tracking; they are used on the basis of our legitimate interest (Art. 6 (1) (f) GDPR).

The data is used exclusively for the stated purpose and deleted after delivery in accordance with the statutory retention periods.

Further information: https://www.dhl.de/de/geschaeftskunden/paket/information/ datenschutz-gkp.html.

WhiteWall
www.whitewall.com
 

Shipping service providers

We work with various shipping service providers (e.g. DHL, DPD, UPS, Hermes) to ship the goods ordered via our website.

As part of the necessary delivery of the goods, we will pass on your data (name, delivery address and any other information required for shipping) to the respective shipping service provider.

The data transfer is carried out on the basis of Art. 6 para. 1 lit. b GDPR for the fulfilment of our contract. We will only transfer your email address or phone number to the shipping provider if you have expressly consented to this in the ordering process, for example to enable a package notification. This consent can be revoked at any time for the future.

Further information on the data protection of our shipping providers can be found in their respective data protection declarations, which can be viewed on their websites.
 

Cloud backups

We use cloud backup functions on our website to protect the data and the contents of the website against data loss, corruption or security incidents. This ensures that in the event of a server failure, a hacker attack or other unforeseen events, the website can be quickly and completely restored.

If personal data is stored on our website, it is transferred to the servers of the respective provider during the backups. The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR, as we have a legitimate interest in securing our data.

We use the following cloud backup service:

Dropbox

Dropbox, Inc., 1800 Owens St, San Francisco, CA 94158, USA.

https://www.dropbox.com/de/privacy..

Lexware

www.lexware.de

Anything else that might be important

Finally, we would like to provide you with detailed information about your rights and let you know how you will be informed of any changes to data protection requirements.

Your rights in detail
 

Right of access according to Art. 15 GDPR

You can request information about whether your personal data is being processed. If this is the case, you can request further information about how it is processed. You will find a detailed list in Art.

15 (1) a to h GDPR.
 

Right to rectification under Art. 16 GDPR
This right includes the rectification of inaccurate personal data and the right to have incomplete personal data completed.
 

Right to erasure under Art. 17 GDPR

This so-called ‘right to be forgotten’ gives you the right, under certain conditions, to request the deletion of personal data by the controller. This is generally the case if the purpose of the data processing no longer applies, if consent has been withdrawn or if the initial processing took place without a legal basis. You can find a detailed list of reasons in Art. 17 (1) a) to f) GDPR.

This ‘right to be forgotten’ also corresponds to the controller's obligation under Article 17 (2) GDPR to take appropriate measures to bring about a general erasure of the data.


Right to restriction of processing under Article 18 GDPR
This right is subject to the conditions set out in Article 18 (1) a) to d).
 

Right to data portability according to Art. 20 GDPR
This regulates the fundamental right to receive one's own data in a commonly used form and to transmit it to another controller.
However, this only applies to data processed on the basis of consent or a contract according to Art. 20 (1) a and b and insofar as this is technically feasible.
 

Right to object according to Art. 21 GDPR
You have the fundamental right to object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the data controller in processing the data and if the processing relates to direct marketing and/or profiling.
 

Right to ‘individual decision-making’ in accordance with Art. 22 GDPR
In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) that has a legal effect on you or significantly impairs you in a similar manner. However, this right is also subject to restrictions and additions in Art. 22 (2) and (4) GDPR.


Further rights
The GDPR includes comprehensive rights to inform third parties as to whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this only applies to the extent that this is possible or can be carried out with a reasonable amount of effort.
At this point, we would like to draw your attention once again to your right to revoke consent granted in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point. We would also like to draw your attention to your rights under §§ 32 ff. BDSG, the content of which, however, is largely congruent with the rights just described.
 

Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you infringes this regulation.

What if the GDPR is repealed or other changes take place tomorrow?

The current version of this data protection declaration is 26 February 2025. From time to time it is necessary to adapt the content of the data protection declaration in order to respond to actual and legal changes. We therefore reserve the right to change this data protection declaration at any time. We will publish the amended version in the same place and recommend that you read the data protection declaration regularly.

Aktualisierungen oder Änderungen der Datenschutzrichtlinie

We may revise this Privacy Policy from time to time at our sole discretion, the version published on the website is always up to date (see ‘Date of last revision’). We ask that you regularly review this data protection policy for changes. If there are significant changes, we will publish a notice on our website. If you continue to use the services after we have notified you of changes on our website, this will be deemed as your confirmation and consent to the changes to the data protection policy and your agreement to be bound by the terms of these changes.

As of 03/25

Contact

If you have general questions about the services or the data we have collected about you and how we use it, please contact us at:

Name: 
Berberich & Hühn GbR 
Address: Bgm.-Müller-Str. 2D, 85560 Ebersberg, Bavaria, Germany
Email address: support@canvasnova.com

bottom of page