KI Self-Checkout für die Gemeinschaftsverpflegung.
Data Controller under the GDPR
VisioLab GmbH, represented by Tim-Oliver Niekamp
Neumarkt 7, 49074 Osnabrück, Germany
Phone: +49 541 96328994
Email address: hello@visiolab.io
Data Protection Officer
We have appointed a Data Protection Officer for our company. Proliance GmbH Dominik Fünkner Leopoldstr. 2180802 Munich
Phone: +4989 250039227
Email: datenschutzbeauftragter
@datenschutzexperte.de
Definitions
Our Privacy Policy is designed to be simple and easy to understand for everyone. The Privacy Policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Article 4 of the GDPR.
Your Rights
To exercise your rights, please contact us at this email address: legal@visiolab.io You have the following rights regarding all processing operations under A., B., and C.:
Withdrawal of Consent
You may withdraw your consent to the processing of personal data at any time with future effect. You may use the contact options listed above for this purpose.
Objection under Article 21 of the GDPR
You have the right to object at any time to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
Additional Rights
You also have the following rights with respect to your personal data: Right of access (Art. 15 GDPR),Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),Right to restriction of processing (Art. 18 GDPR),Right to data portability (Art. 20 GDPR).You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.The supervisory authority responsible for us:
The State Data Protection Commissioner of Lower Saxony
Prinzenstraße 5, 30159 Hanover
Phone: 05 11/ 120-45 00
Fax: 05 11/ 120 - 45 99
Email: poststelle@lfd.niedersachsen.de,
Website: https://www.lfd.niedersachsen.de
Disclosure of Data
Your personal data will only be disclosed to third parties in connection with the fulfillment of the contract, in particular for the delivery of goods, to the company responsible for delivery, to the extent necessary for the delivery of the goods, or to the financial institution responsible for payment processing, to the extent necessary for payment processing. Data will only be disclosed to other third parties if we are legally obligated to do so, are required to do so by a court order, or if the disclosure is necessary for law enforcement or criminal prosecution.
Data transfer within the corporate group: We may transfer personal data to our subsidiary (VisioLab Inc.) or grant it access to such data. If the data transfer is for administrative purposes, it is based on our legitimate business and operational interests or occurs if it is necessary to fulfill our contractual obligations or if consent from the data subjects or legal authorization is available.
International Data Transfers
Data processing in third countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in connection with the use of third-party services or the disclosure or transfer of data to other entities or companies entities, or companies (which can be identified by the postal address of the respective provider or if the privacy policy expressly refers to data transfers to third countries), this is always done in accordance with legal requirements.For data transfers to the U.S., we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the European Commission dated July 10, 2023. In addition, we have entered into standard contractual clauses with the respective providers that comply with the requirements of the European Commission and establish contractual obligations to protect your data.This dual safeguard ensures comprehensive protection of your data: The DPF forms the primary layer of protection, while the standard contractual clauses serve as an additional safeguard. Should changes arise within the framework of the DPF, the standard contractual clauses serve as a reliable fallback option. In this way, we ensure that your data remains adequately protected at all times, even in the event of any political or legal changes.For each service provider, we inform you whether they are certified under the DPF and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English).
Changes to This Privacy Policy and Contract Language
We reserve the right to amend this privacy policy at any time in accordance with data protection laws. The current version of the privacy policy is always available on our website.The German text of this privacy policy takes precedence over the English text. The English text is merely a non-binding practical translation.
B: Website
Processing of Personal Data When Visiting Our Website
Personal data is any data that can be personally identified to you, e.g., name, address, email addresses, user behavior.
Collection of Personal Data When Using the Website
When you use the website for informational purposes—that is, simply viewing it without contacting us or otherwise providing us with information—we process the personal data that your browser transmits to the server. The data described below is technically necessary for us to display our website to you and to ensure its stability and security, and must therefore be processed by us. Types of data processed: IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (page visited), access status/HTTP status code, amount of data transferred in each case, browser, operating system, language, and version of the browser software.Legal basis: Art. 6(1)(f) GDPR.
Collection of personal data when contacting us
When contacting us (e.g., by mail, contact form, email, phone, or via social media) as well as within the scope of existing user and business relationships, the information provided by the inquiring individuals is processed to the extent necessary to respond to contact inquiries and any requested actions.Types of data processed: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
Purposes of processing: Contact inquiries and communication; management and response to inquiries; feedback; provision of our online services and user experience.
Legal basis: legitimate interests (Art. 6(1)(f) GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), consent (Art. 6(1)(a) GDPR).The data you provide when contacting us will be stored by us until you request its deletion, revoke your consent to its storage, or the purpose for storing the data no longer applies.
2. Hosting and Content Delivery Networks (CDN)
The hosting platform we use is provided by Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). When you visit our website, Webflow collects various log files, including your IP address. Webflow stores cookies or other recognition technologies that are necessary for displaying the site, providing certain website functions, and ensuring security (necessary cookies).
To ensure data protection compliance, we have entered into a Data Processing Agreement (DPA) with Webflow.
For details, please refer to Webflow’s privacy policy: EU & Swiss Privacy Policy | Webflow.Legal basis: legitimate interests (Art. 6(1)(f) GDPR)Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. For details, see: EU & Swiss Privacy Policy | WebflowTo improve the loading speed of content (e.g., images, text) and to defend against potential attacks, we use the services of Cloudflare, Inc. based on the Standard Contractual Clauses. Cloudflare offers protection and optimization services that enable the secure and fast transmission of content to our website.Cloudflare does not store any personal data on its servers. However, when you access our content, your device establishes a connection to Cloudflare’s servers, during which your device’s IP address is processed. This processing serves exclusively to ensure the secure delivery and optimization of the content.
3. TLS Encryption
Our website uses TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries.
4. Cookies
We use cookies to provide our website and enable certain features. These are small text files that your web browser receives when you visit our pages and stores on your computer. Necessary cookies are required for the website to function. We use all other cookies only with your consent via our Cookie Consent Manager.
Processing of cookie data based on consent:
We use a cookie consent management procedure through which users’ consent to the use of cookies or to the processing activities and providers specified in the cookie consent management procedure can be obtained, managed, and revoked. In this context, the consent declaration is stored so that you do not have to repeat your request and so that we can provide proof of consent in accordance with legal obligations.
Types of data processed:
Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
Processing via necessary cookies:
The data processed using necessary cookies is processed based on our legitimate interests (e.g., in the operation of our online service and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.You may object to data processing at any time with future effect by preventing the storage of cookies through your browser settings.
Services and service providers used:
CookieHub ehf, Hafnargata 18, 230 Reykjanesbær, Iceland (hereinafter “CookieHub”). When you visit our website, a connection is established with CookieHub’s servers to obtain your consents and other declarations regarding cookie usage. CookieHub then stores a cookie in your browser to associate the consents you have given or their revocation with you. The data collected in this way is stored until you request its deletion, delete the CookieHub cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected. This cookie automatically deletes itself after 12 months. The legal basis is Art. 6(1)(c) GDPR. Further information: https://www.cookiehub.com/de/produkt/dsgvo.
5. Analytics Tools
5.1. Use of Google Analytics
We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It serves to assign analytical information to a device in order to determine which content users have accessed during one or more sessions, which search terms they used, whether they revisited the content, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources from which users were referred to our online offering and technical aspects of their devices and browsers.In this process, pseudonymous user profiles are created using information from the use of various devices, which may involve the use of cookies. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based equivalents). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any other purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for transfers to third countries: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Right to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff; Further information: https://business.safety.google/adsservices/ (Types of processing and the data processed).
5.2. Use of Google Tag Manager
We use Google Tag Manager from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, exclusively for managing website tags. Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager. For more information about Google Tag Manager, visit https://www.google.com/intl/de/tagmanager/use-policy.html.
5.3. Use of SalesViewer
On this website, data is collected and stored for marketing, market research, and optimization purposes using SalesViewer® technology from SalesViewer® GmbH based on our legitimate interests (Art. 6(1)(f) GDPR).For this purpose, a JavaScript-based code is used to collect company-related data and track its usage. The data collected using this technology is encrypted via a one-way function that cannot be reversed (so-called hashing). The data is immediately pseudonymized and is not used to personally identify visitors to this website.The data stored within SalesViewer® is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing its deletion.You may object to the collection and storage of data at any time with future effect by clicking this link https://www.salesviewer.com/opt-out to prevent SalesViewer® from collecting data on this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again.
Right to Object
You may object to the collection and storage of data for the purpose of usage analysis at any time with future effect by notifying us of your objection: e.g., via email:legal@visiolab.io .
6. Plug-ins, Embedded Content, and Social Media6.1. Embedded third-party content
We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics or videos (hereinafter collectively referred to as “content”). When you access this content, the third-party provider processes, among other things, your IP address; in some cases, cookies or similar technologies are used.
This integration always requires that the third-party providers of this content process the user’s IP address, as they cannot send the content to your browser without it. The IP address is therefore necessary for the display of this content or these functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” may be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring websites, the time of the visit, and further information regarding the use of our online offering, as well as being linked to such information from other sources.
Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, time data, identification numbers, consent status); master data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms).
Data subjects: Users (e.g., website visitors).
Purposes of processing: Provision of our online services and user-friendliness; marketing; profiles containing user-related information (creation of user profiles).
Legal basis: Consent (Art. 6(1)(a) GDPR).
YouTube videos (Google)YouTube: YouTube videos are embedded via a special domain (identifiable by the component "youtube-nocookie") in so-called "Enhanced Privacy Mode," which means that no cookies are collected regarding user activities to personalize video playback. However, information regarding user interaction with the video (e.g., remembering the last playback position) may be stored; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF).
Google Fonts (hosted on our own server)
Provision of font files for the purpose of a user-friendly presentation of our online offering; Service provider: Google Fonts are hosted on our server; no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR);6.2.
Our Presence on Social Networks
We maintain profiles on social media platforms to provide information and communicate. Data processing is primarily carried out by the platform providers in accordance with their terms and conditions; we may receive aggregated usage statistics.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR); for individual inquiries, contractual/pre-contractual communication (Art. 6(1)(b) GDPR)
7. Online Marketing
We process personal data for the purpose of online marketing, which may include, in particular, the display of advertising and other content (collectively referred to as “content”) based on users’ potential interests, as well as the measurement of its effectiveness.For these purposes, so-called user profiles are created and stored in a file (a so-called “cookie”) or similar methods are used to store user information relevant to the display of the aforementioned content. This may include, for example, content viewed, websites visited, online networks used, as well as communication partners and technical details such as the browser used, the computer system used, and information regarding usage times and functions used. If users have consented to the collection of their location data, this data may also be processed.As part of our online marketing activities, we do not store personal data such as names or email addresses, but only pseudonyms. As a result, neither we nor the service providers we use know the actual identity of the users, but only the information stored in their respective profiles.
We generally only have access to aggregated information regarding the success of our advertisements. However, as part of so-called conversion tracking, we can determine which of our online marketing methods led to a so-called conversion—for example, the conclusion of a contract with us. Conversion tracking is used solely for the purpose of analyzing the success of our marketing measures.
Types of data processed: Usage data (e.g., page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, individuals involved).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Audience measurement (e.g., access statistics, identification of returning visitors); tracking (e.g., interest-based/behavioral profiling, use of cookies); target group formation; marketing; profiles containing user-related information (creation of user profiles); conversion measurement (measuring the effectiveness of marketing measures).
Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion"; storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users’ devices for a period of two years.).
Legal basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).Further information on processing procedures, methods, and services:Google Ads: Online marketing procedures for the purpose of placing content and ads within the service provider’s advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who are presumed to have an interest in the ads. In addition, we measure the conversion of the ads, i.e., whether users have taken the opportunity to interact with the ads and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/; Data processing terms between controllers and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.LinkedIn Insight Tag: Code that is loaded when a user visits our online offering and tracks the user’s behavior and conversions, storing this information in a profile (possible uses: measuring campaign performance, optimizing ad delivery, building custom and lookalike audiences); Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy: https://www.linkedin.com/legal/cookie_policy; Data Processing Agreement: https://www.linkedin.com/legal/l/dpa; Basis for third-country transfers: Data Privacy Framework (DPF); Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
8. Newsletter
If you would like to subscribe to the newsletter offered on the website, which provides regular information about our offers and products, we require your email address as a mandatory field. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter via email once you have explicitly confirmed that you consent to receiving our newsletter. You will receive an email containing a link through which you can confirm that you, as the owner of the corresponding email address, wish to receive the newsletter in the future. By confirming, you grant us your consent in accordance with Art. 6(1)(a) GDPR to use your personal data for the purpose of sending the requested newsletter.When you subscribe to the newsletter, we store, in addition to the email address required for sending the newsletter, the IP address from which you subscribed, as well as the date and time of your subscription and confirmation. This allows us to trace any potential misuse at a later date.You can unsubscribe from the newsletter at any time via the link included in every newsletter or by sending an email to the controller named above. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise permitted by law.Content: Information about us, our services, promotions, and offers.
Types of data processed: Master data (e.g., names, addresses); contact data (e.g., email, phone numbers); meta, communication, and process data (e.g., IP addresses, time data, identification numbers, consent status); usage data (e.g., websites visited, interest in content, access times).
Data subjects: Communication partners; users (e.g., website visitors); contractual partners.
Purposes of processing: Direct marketing (e.g., via email or mail); provision of contractual services and customer service.
Legal basis: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR), § 7(3) UWG.
Right to object (opt-out): You may unsubscribe from our newsletter at any time, i.e., withdraw your consent, or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter, or you may use one of the contact options listed above, preferably email.
Further information on processing, procedures, and services:
HubSpot CRM:
Management of customer contacts, tracking of sales activities, automation of marketing campaigns, analysis of sales data, creation and management of email campaigns, integration with other tools and platforms, management of customer support requests, AI-powered content generation, personalized email creation, predictive sales forecasting, automated workflow descriptions, and AI chatbots for customer interaction; Service provider: HubSpot, Inc., 25 First St., 2nd Floor, Cambridge, Massachusetts 02141, USA; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa; Standard Contractual Clauses (ensuring the level of data protection for processing in third countries): https://legal.hubspot.com/dpa.Measuring open and click-through rates: The newsletters contain a so-called “web beacon,” which is a pixel-sized file that is retrieved from our email service provider’s server when the newsletter is opened. During this retrieval, technical information—such as details about your browser and system, as well as your IP address and the time of retrieval—is first collected. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior, as determined by their retrieval locations (which can be identified using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until it is deleted. We use the analyses to identify our users’ reading habits and tailor our content to them, or to send different content based on our users’ interests.
9. ChatBot
We offer online chats and chatbot functions as communication options (collectively referred to as "chat services"). The chat services enable us to contact visitors to our website via live chat and to efficiently process support and communication requests. When you use our chat functions, we may process your personal data.Data categories: technical connection data from server access (IP address, date, time, page accessed, browser information), conversation content, information about your request, and contact details such as name or email address.
Purpose: To assist website visitors/customers with technical or content-related questions and to optimize content.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR); contract / pre-contractual measures (Art. 6(1)(b) GDPR). We use the “Intercom” service on our website, provided by Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18–21 Saint Stephen’s Green, Dublin 2, Ireland. We have entered into a data processing agreement with Intercom in accordance with Art. 28 GDPR. This agreement governs the data protection-compliant handling of personal data and obligates Intercom to process the data exclusively on our instructions, as well as to comply with technical and organizational measures to protect the data.Data processing is generally carried out by Intercom R&D Unlimited Company, based in Ireland. For certain technical services, data may be transferred to group companies in third countries (the U.S.). In such cases, Intercom relies on the EU Commission’s Standard Contractual Clauses pursuant to Article 46(2)(c) of the GDPR. Details regarding data processing by Intercom can be found at: https://www.intercom.com/legal/privacy
10. Personio Career Website
If you would like to view our job openings, you will be redirected to the Personio career website.Personio: HR software platform; Service provider: Personio SE & Co. KG Seidlstraße 3 80335 Munich Tel.: +49 (89) 1250 1005; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.personio.de/; Privacy policy: www.personio.de/datenschutz/
C: Webshop
Applies exclusively to our web shop and our customer account management.
Registration in VisioHub / Order Data
To complete an order in our web shop, you can register for a customer account in our VisioHub by providing personal data. The data you enter into the input form is transmitted to us and stored. In doing so, we process the following data: First and last name, billing and shipping address, email address, VAT ID / tax ID, payment method, password, date and time of registrationUser registration is required to fulfill the contract, to carry out pre-contractual measures, or to provide the requested services. The legal basis for processing your data is Article 6(1)(b) of the GDPR. Your data will be deleted when it is no longer necessary for the performance of the contract and provided there are no legal retention obligations.
Shop Platform & Technical Infrastructure
Our web shop is based on an in-house development and is operated on Google’s cloud infrastructure. We have entered into a Data Processing Agreement (DPA) with all service providers in accordance with Article 28 of the GDPR.
Hosting provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Server location: Germany; Privacy PolicyDatabase: Google Firebase (Firestore); Server location: Germany; Privacy PolicyCDN: Vercel Inc., 340 Pine Street, Suite 701, San Francisco, CA 94104, USATransfer to third countries: USA – Safeguards: EU Standard Contractual Clauses pursuant to Art. 46 GDPRPrivacy Policy: https://vercel.com/legal/privacy-policyEncryption: SSL/TLS (HTTPS) active for all data transfers.Processed data: Company name, email address, passwordPurpose: Operation and provision of the online store and the technical infrastructureLegal basis: Art. 6(1)(b) and (f) GDPR
Payment Service Provider
We use an external service provider for our entire ordering process—in particular for payment processing. Payment transactions are conducted exclusively via encrypted connections in accordance with state-of-the-art technology, ensuring that the data entered is protected from unauthorized access during transmission.
The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions; these are available on the respective websites or within the transaction applications. We also refer to these for further information and for the exercise of rights of withdrawal, access, and other data subject rights.
Provider used:
Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://stripe.com; Privacy Policy: https://stripe.com/de/privacy; Basis for transfers to third countries: Data Privacy Framework (DPF).
Processed data:
Master data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
Data subjects:
Service recipients and clients; business and contractual partners; prospective clients.
Purpose:
Provision of contractual services and fulfillment of contractual obligations; business processes and operational procedures.
Legal basis:
Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).
Shipping & Fulfillment
The shipping of our products is handled entirely by our fulfillment partner Viveroo GmbH, located at an der Burg 6 in 33154 Salzkotten. For this purpose, we transmit the necessary delivery data—Viveroo handles the rest.
Data processed:
Company name, first and last name, shipping address
Purpose:
Organization and execution of the entire shipping process
Legal basis:
Art. 6(1)(b) GDPR
Viveroo Privacy Policy:
https://viveroo.com/datenschutzerklaerung/
Note: Viveroo may use additional subcontractors (e.g., DHL, DPD) for physical shipping; their privacy policies apply accordingly.