Data protection policy
1 Information on the collection of personal data
1.1. In the following lines, we provide information on the collection of personal data when using our online offers. Personal data is all data that can be related to you personally, e.g. your name, address, email addresses, user behavior, and IP address.
1.2. The responsible party according to Art. 4, para. 7 of the EU General Data Protection Regulation (GDPR) is:
58507 Lüdenscheid Deutschland
Tel. +49 (0) 2351 5674 0
Fax +49 (0) 2351 5674 410
You can contact our data protection officer at:
progressorg GmbH Höveler Weg 2
Tel. + 49 (0) 2353 9096 31
Fax + 49 (0) 2353 9096 49
1.3. If we make use of commissioned service providers for individual functions of our offers or if we wish to use your data for commercial purposes, we will inform you of the respective processes as described in detail below. In so doing, we will also cite the set criteria for the storage period.
2 General information about data processing
2.1. As a matter of principle, we collect and utilize personal data from visitors to our website only to the extent required to ensure the functioning of our website and of our contents and services. The collection and utilization of our users' personal data also occurs after users have given their consent. An exception applies to cases in which prior consent cannot be obtained for practical reasons and/or where the processing of the data is legally permitted.
2.2. In so far as we have obtained consent for the processing of personal data from the data subject, Art. 6, para. 1, point a of the GDPR acts as the legal basis. When processing personal data in order to fulfil a contract, to which the data subject is a party, Art. 6, para. 1, point b of the GDPR serves as the legal basis. This also applies to processing that is required in order to perform pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6, para. 1, point c of the GDPR serves as the legal basis. If vital interests of the data subject or of another natural person require the processing of personal data, Art. 6, para. 1, point d of the GDPR serves as the legal basis. If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interests, Art. 6, para. 1, point f of the GDPR acts as the legal basis for processing.
2.3. The personal data of the data subject are deleted or locked once the purpose of their storage no longer applies. Furthermore, data can be stored if provision has been made by the European or national legislator in ordinances, acts or other regulations in EU law to which the controller is subject. The data are also locked or deleted if a storage period prescribed by the stated standards expires, unless it is necessary to continue to store the data in order to conclude or fulfil a contract.
3 Data collection when visiting our website
3.1. If you are using our website solely for informational purposes, i.e. if you have not registered or otherwise conveyed information to us, we will only collect personal data transmitted by your browser to our server. If you would like to view our website, we will collect the following data, which is a technical requirement for us in order to be able to display our website and to ensure stability and security (the legal basis for this is Art. 6, para. 1, sentence 1, point f of the GDPR): (a) IP address, (b) Date and time of request, (c) Time zone difference to Greenwich Mean Time (GMT), (d) Content of the request (specific page), (e) Access status/HTTP status code, (f) Volume of data transmitted, (g) Website issuing the request, (h) Previously visited page, (i) Browser, (j) Operating system and its interface, (k) Language and version of browser software.
3.2. The data are also stored in the logfiles of our system. These data are not stored together with other personal data of the user. The legal foundation for the temporary storage of the data and logfiles is Art. 6, para. 1, point f of the GDPR. The data are stored in logfiles in order to ensure that the website functions properly. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
3.3. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. If data has been collected for the provision of the website, this occurs when the respective session ends. The collection of data for the provision of the website and the storage of data in logfiles is absolutely necessary for the operation of the internet site. As a result, the user may not object.
4 Other functions and offers of our website
4.1. In addition to the purely informational use of our website, we offer various services that you can use if needed, and use other common functions to analyze or market our offers, which are presented in more detail below. To do this, you usually have to provide additional personal data, and we may process additional data that we use to carry out the respective services. The aforementioned data processing principles apply to all data processing purposes described here.
4.2. In some cases, we use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are checked regularly.
4.3. Furthermore, we may also disclose your personal data to third parties when we offer participation in campaigns, contests, contract conclusions, or similar services together with partners. Depending on the service, your data can also be collected by the partners on their own responsibility. You will receive more detailed information when you provide your details or can find it in the description of the respective offers below.
4.4. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the service being offered.
5 Objection to or revocation of the processing of your data
5.1. If you have consented to the processing of your data, you can revoke this at any time in accordance with Art. 7, para. 3 of the GDPR. Once communicated to us, such a revocation affects the admissibility of the processing of your personal data.
5.2. If we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case, in particular, if processing is not necessary for the fulfilment of a contract with you, which we will note in the subsequent description of each function. If you raise such an objection, we ask that you explain the reasons why we should not process your personal data in the manner we have done. If your objection is justified, we will examine the situation and either cease or adjust the data processing or explain to you our compelling and legitimate reasons as to why we will continue to perform the processing as such.
5.3. Of course, you may object at any time to the processing of your personal data for advertising and data analysis purposes. You may inform us of your objection to such uses via the following contact details: DIAL GmbH, Bahnhofsallee 18, 58507 Lüdenscheid, dialog(at)dial.de, Tel. +49 (0) 2351 5674 0.
6 Deletion of data
The data processed by us will be deleted or have its processing restricted in accordance with Art. 17 and 18 of the GDPR. Unless expressly stated in this data protection policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any legal storage obligations. If the data are not deleted because they are necessary for other legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons. According to legal requirements in Germany, records shall be kept for 6 years in accordance with section 257, para. 1 of the HGB (German Commercial Code) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with section 147, para. 1 of the AO (German Fiscal Code) (books, records, progress reports, accounting documents, commercial and business letters, for documents relevant to taxation, etc.).
7 Transfer of data to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in order to utilize third-party services, disclose or transfer data to third parties, then this will only happen in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the particular requirements of Art. 44 ff. of the GDPR apply. This means, for example, that processing is carried out on the basis of special guarantees, such as the officially recognized establishment of a data protection level in compliance with the EU or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
8 Your rights
8.1. You have the following rights regarding your personal data: (a) Right of access: You have the right to request confirmation as to whether relevant data will be processed, and to information on this data as well as further details and copies of the data in accordance with Art. 15 of the GDPR. (b) Right to rectification: In accordance with Art. 16 of the GDPR, you have the right to request the completion of the data or the rectification of the incorrect data concerning you. (c) Right to erasure or right to restriction of processing: In accordance with Art. 17 of the GDPR, you have the right to request that personal data be deleted immediately, or alternatively the right to request the restriction of processing of the data in accordance with Art. 18 of the GDPR. (d) Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in accordance with Art. 20 of the GDPR, and to request their transmission to other controllers.
8.2. You also have the right to submit a complaint to the relevant data protection supervisory authorities concerning our processing of your personal data. In our case, this is the North Rhine-Westphalia state official for data privacy and information security (ldi): https://www.ldi.nrw.de/
9 SSL encryption
To protect the transmission of confidential content that you send to us (e.g. orders, inquiries), this website uses so-called SSL or TLS encryption These can be recognized by the lock symbol in your browser address bar. Concurrently, the address line changes from 'http://' to 'https://'. This means that third parties are not able to read this data.
10 Einsatz von Cookies
10.2. Temporary cookies or "session cookies" or "transient cookies" are cookies that are deleted after a user leaves an online offer and closes their browser. In such a cookie, the contents of a shopping cart in an online shop or a login status are stored, for example.
10.3. "Permanent" or "persistent" cookies refer to those that remain stored even after the browser has been closed. In doing so, the login status can be stored, for example, if users visit the website after several days.
10.4. In addition to so-called "first-party cookies", which are set by us as the party responsible for data processing, "third-party cookies" are also used, which are offered by third-party providers. If "third party cookies" are set, we will inform you about this within the respective data protection information of the online offers and about the cooperation with external service providers.
10.5. Mandatory functions that are technically necessary to display the website: The technical structure of the website requires that we use technologies, in particular cookies. Without these techniques, our website cannot be displayed (entirely correctly) and the support functions could not be enabled. These are basically transient cookies that are deleted after you have finished visiting the website, at the latest when you close your browser. You cannot deactivate these cookies if you want to use our website. The individual cookies can be viewed in the Consent Manager. The legal basis of this processing is Art. 6, para. 1, sentence 1, point f of the GDPR.
10.6. We only set cookies with your consent. The functions are only activated with your consent and can enable us, in particular, to analyze and improve your visits to our website, to make it easier for you to use different browsers or end devices, to recognize you upon a visit or to advertise (possibly also to target advertising to your interests, to measure the effectiveness of advertisements or to show interest-oriented advertising). The legal basis of this processing is Art. 6, para. 1, sentence 1, point a of the GDPR. You can revoke your consent at any time without affecting the admissibility of processing until the revocation.
11 Use of our contact form
11.1. There is a contact form on our website which can be used to contact us electronically. If a user makes use of this option, then the data entered in the input mask are transmitted to us and stored. These data include: Title, first name, last name, company, email. The following data are also stored when the message is sent: The IP address of the user, date and time of the registration.
11.2. As part of this process, your consent is obtained for the processing of data and reference is made to this data protection policy. Alternatively, it is possible to contact us via the email address provided. In this case, we store the user's personal data transmitted with the email. The data are not forwarded to any third parties in this context. The data are used exclusively to process the conversation. The legal basis for the processing of data when consent is given by the user is Art. 6, para. 1, point a of the GDPR. The legal basis for the processing of data which are transmitted when sending an email is Art. 6, para. 1, point f of the GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6, para. 1 point b of the GDPR. Processing the personal data from the input mask only assists us in handling the communication. If contact is made via email, this also includes the required justified interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that have been transmitted via email, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be seen from the circumstances that the issue being discussed has been conclusively resolved. The additional personal data collected during the sending process will be deleted at the latest after a period of seven days. The user has the option to revoke their consent to the processing of the personal data at any time. If the user contacts us via email, then they can object at any time to their personal data being stored. In this instance, the conversation cannot be continued. All personal data that have been stored during the communication are deleted in this case.
12 Data privacy of applications
If you send us an application via our website, we will use this data exclusively for the purpose of handling the application procedure. Processing can also be done electronically if you send us the corresponding application documents electronically, for example via email or via the web form on our website. If we conclude a contract of employment with you on the basis of this application, the transmitted data will be stored for the purpose of processing the employment contract in compliance with the legal regulations. However, if we do not conclude a contract of employment with you, then the application documents will be automatically deleted six months after notification of the rejection decision, unless you have given your consent for your application data to be stored by us for future job vacancies.
13.1. With your consent, you can subscribe to our newsletter in which we will keep you informed of our current interesting offers. The goods and services advertised will be set out in the declaration of consent.
13.2. We employ the double opt-in method for subscribing to our Newsletter. This means that once you have registered, we will send an email to the email address you have provided to us, asking you to confirm that you wish to receive the notifications. If you fail to confirm your registration within three months, your information will be locked and will be automatically deleted after one month. Furthermore, we will store the IP addresses you have used and the time at which you registered/confirmed your registration in each case. The purpose of this procedure is to give us a record of your registration and to allow us to resolve any potential misuse of your personal data.
13.3. The only mandatory information we require in order for the newsletter to be sent to you is your email address. Any provision of further, separately marked data is voluntary and these will be used to address you personally. Once we receive your confirmation, we will store your email address for the purpose of sending the newsletter to you. The legal basis is Art. 6, para. 1, sentence 1, point a of the GDPR.
13.4. You may revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. To do so, you can click on the link provided in each Newsletter email, send an email to dialog(at)dial.de or you may declare your revocation by sending a message to the contact details provided in the website information.
13.5. The following "newsletter data" are collected, stored and processed by us:
- the page from which the page was requested (so-called referrer URL)
- date and time of access
- the description of the type of web browser used
- the IP address of the requesting computer, which is shortened in such a way that a personal connection can no longer be established
- the email address
- date and time of the registration and confirmation
- the page from which the page was requested (so-called referrer URL)
- date and time of access
- the description of the type of web browser used
- the IP address of the requesting computer, which is shortened in such a way that a personal connection can no longer be established
- the email address
- date and time of the registration and confirmation
13.6. Please note that we analyze your user behavior when we send out the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your email address and an individual ID. Links contained in the newsletter also contain this ID. The data is only collected in pseudonymized form, i.e. the IDs are not linked to your other personal data, and direct personal reference is excluded.
14 Data protection information for seminars, webinars and online seminars
14.1. You can register for seminars, webinars and online seminars on our website. To do this, it is necessary for the conclusion of the contract that you provide the personal data we require to process your order or your booking. The mandatory information fields required for processing are specially marked. Other details are voluntary. We may also use the data you have provided to process your order or your booking. The legal basis for the processing of data when you give your consent is Art. 6, para. 1, point a of the GDPR. To this end, we can pass on your payment data to our principal bank. The legal basis for this is Art. 6, para. 1, sentence 1, point b of the GDPR. If the registration serves to fulfil a contract whose contracting party is you or serves to implement pre-contractual measures, then an additional legal basis for the processing of data is Art. 6, para. 1, point b of the GDPR. We delete your data as soon as it is no longer necessary for its intended purpose and the deletion does not conflict with any statutory retention requirements. We can also process the data you provide in order to inform you about other interesting products from our portfolio or to send you emails with technical information.
14.2. To prevent unauthorized access by third parties to your personal data, the registration process is encrypted using TLS technology.
14.3. When booking seminars, we use the services of the event management provider idloom (idloom s.a., Tervuren avenue, 216, 1150 Brussels, Belgium), which processes personal data of seminar participants, such as names, addresses, e-mail addresses, account details and place and date of birth (for the purpose of issuing personal certification) on our behalf. Such data processing is necessary for the fulfilment of contracts, the legal basis for this is derived from Art. 6, para. 1, point b of the GDPR. You can view the data protection regulations of idloom s.a. at https://www.idloom.com/en/events/personal-data.
15 Data protection information for Zoom
15.1. We use the software solution Zoom to conduct seminars, webinars and online seminars. Zoom is a service from Zoom Video Communications, Inc., based in the United States. We use the so-called "EU" cluster from Zoom. The processing of communication content from participants takes place exclusively in data centers in the European Union. The data on past webinars and the participants are also stored in the EU.
15.3. We store the data of meeting participants (given name, given e-mail address, duration of participation) for a period of 6 months.
15.4. The legal basis for the use of "Zoom" for us is Art. 6, para. 1, point b of the GDPR. If no contractual relationship has arisen by participation, the legal basis is Art. 6, para. 1, point f of the GDPR. In this case, our legitimate interest is to hold a webinar.
16 Data protection information for sales events
16.1. You can register for sales events on our website. To do this, it is necessary for the conclusion of the contract that you provide the personal data we require to process your registration for these sales events. The mandatory information fields required for processing are specially marked. Other details are voluntary. We may also use the data you have provided to process your registration. The legal basis for the processing of data when you give your consent is Art. 6, para. 1, point a of the GDPR. To this end, we can pass on your payment data to our principal bank. The legal basis for this is Art. 6, para. 1, sentence 1, point b of the GDPR. If the registration serves to fulfil a contract whose contracting party is the user or serves to implement pre-contractual measures, then an additional legal basis for the processing of data is Art. 6, para. 1, point b of the GDPR. We delete your data as soon as it is no longer necessary for its intended purpose and the deletion does not conflict with any statutory retention requirements. We can also process the data you provide in order to inform you about other interesting products from our portfolio or to send you emails with technical information.
16.2. To prevent unauthorized access by third parties to your personal data, the registration process is encrypted using TLS technology.
16.3. When registering for sales events, we use the services of the event management provider idloom (idloom s.a., Tervuren avenue, 216, 1150 Brussels, Belgium), which processes personal data of seminar participants, such as names, addresses, e-mail addresses, account details and place and date of birth (for the purpose of issuing personal certification) on our behalf. Such data processing is necessary for the fulfilment of contracts, the legal basis for this is derived from Art. 6, para. 1, point b of the GDPR. You can view the data protection regulations of idloom s.a. at https://www.idloom.com/en/events/personal-data.
17 Use of Google Analytics
17.1. This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Web analysis refers to the collection, compilation and analysis of data on the behaviour of visitors to websites. Google Analytics uses "cookies", which are placed on your computer, to help the website analyze how users use the website. We have already explained above what cookies are. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. For these cases, Google has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws for international data transmission. We have also agreed so-called standard contract clauses with Google, the purpose of which is to maintain an appropriate level of data protection in third countries.
17.2. This website uses Google Analytics with the anonymization function. As a result, IP addresses are processed in a shortened form and direct references to persons can be ruled out. Due to the activation of IP anonymization on these websites, Google will, however, truncate your IP address within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyze your use of the website, to compile reports on website activities and to provide the website operator with other services relating to website use and internet use. We use Google Analytics to enable us to analyze and improve the use of our website. Using the statistics generated in this way allows us to regularly improve our offer and to make it more interesting for you as the user.
17.3. The following data types are processed by Google:
- Online designations (including cookie identifiers
- IP address
- Data about the device/browser
- Website or app activities
17.4. Google will not associate the IP address transmitted by your browser in the context of Google Analytics with any other data held by Google.
17.5. You can find more information about the scope of services of Google Analytics under marketingplatform.google.com/about/analytics/terms/de/. Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245hl=de/. General information on data processing, which, according to Google, should also apply to Google Analytics, can be found in Google's data protection declaration at www.google.de/intl/de/policies/privacy/.
17.6. By integrating Google Analytics, we aim to analyze and react to user behaviour on our website. This enables us to continuously improve our offer. The legal basis for the processing of personal data described here is Art. 6, para. 1, point a of the GDPR. You can revoke your consent at any time without affecting the admissibility of processing until the revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to withdraw your consent is to use our consent manager or to install the Google browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=de/.
17.7. We have signed a contract for the use of Google Analytics with Google in accordance with Art. 28 of the GDPR. Google therefore processes data on our behalf for the purposes mentioned above. As part of the order processing Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.
18 Use of Matomo
18.1. This website uses the web analysis service Matomo to analyze and regularly improve the use of our website. Using the statistics generated in this way allows us to improve our service and to make it more interesting for you, the user. The purpose of the Matomo component is the analysis of traffic on our website. Among other things, we use the data and information obtained to evaluate the use of this website in order to compile online reports that show the activities on our website. The following information is collected:
- the URL from which the administration portal or one of its sub-pages is accessed (e.g. a search engine or a link from another website)
- the URLs of the administration portal that are called up,
- the time spent on the respective websites of the administration portal,
- the search terms entered,
- information transmitted by the user's access device (operating system, screen resolution, browser, language setting of the browser)
18.2. We store the information collected in this way exclusively on one of our servers. We do not pass on this personal data to third parties. This website uses Matomo with the extension "AnonymizeIP". As a result, IP addresses are processed in a shortened form and direct references to persons can be ruled out. Matomo will not associate the IP address transmitted by your browser with any other data we have gathered.
18.3. Cookies are stored on your computer for this analysis (we have already discussed cookies in more detail above). The placing of the cookie enables us to analyze the use of our website. Every time you call up one of the individual pages of this website, your internet browser is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain knowledge of personal data, such as the IP address of the data subject, which we use, among other things, to trace the origin of both visitors and clicks. Cookies are used to store personal information such as the time of access, the location from which access was made and the frequency of visits to our website.
18.5. For information on third-party privacy, visit https://matomo.org/privacy/.
19 Integration of YouTube videos
19.1. We have integrated YouTube videos into our website, which are stored at https://www.youtube.com and can be played directly from our website. [These are all integrated in the 'extended data protection mode', i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. The data mentioned in Paragraph 2 will only be transmitted when you play the videos. We have no influence on this data transfer. The legal basis for the display of the videos is Art. 6, para. 1, sentence, 1 point a of the GDPR, i.e. the integration only takes place with your consent.
19.2. By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP address and time stamp are transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or no such user account exists. If you are logged into Google, your data will be allocated directly to your account. If you do not want any allocation to your YouTube profile, you must log out prior to activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or for the design of its website according to demand. Such an analysis is conducted, in particular, (even for users who are not logged in) in order to display advertisements in line with user preferences and to inform other users of the social network about your activities on our website. You are entitled to raise an objection against the creation of such user profiles, but you must contact YouTube directly in order to exercise that right.
19.3. The information collected is stored on Google servers, also in the USA. For these cases, the provider has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws for international data transmission. We have also agreed so-called standard data protection clauses with Google, the purpose of which is to maintain an appropriate level of data protection in third countries.
19.4. For further information on the purpose and scope of data collection and data processing by YouTube, please refer to their data protection policy. Here you will also find further information on your rights and setting selection options for the protection of your privacy: www.google.de/intl/de/policies/privacy.
20 Encrypted payment transactions
If you are obliged to provide us with your payment data due to the conclusion of a contract that results in a payment obligation on your part, the data required to do this is used exclusively for payment processing. This applies to all standard methods of payment (credit cards, direct debit). We use an encrypted SSL or TLS connection for payment transactions. These can be recognized by the lock symbol in your browser address bar. Concurrently, the address line changes from 'http://' to 'https://'. This means that third parties are not able to read this data.
21 Data protection provisions for PayPal as a payment method
21.1. We have integrated components from the online payment service provider PayPal on our website. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments using credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no conventional account number. PayPal makes it possible to initiate online payments to or to receive payments from third parties. PayPal also acts as a trustee and offers buyer protection services. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.
21.2. If you select “PayPal” as the payment option in our online shop during the ordering process, your data will be automatically transmitted to PayPal. By choosing this payment option, you consent to the transfer of personal data required for payment processing to PayPal. These transmitted personal data are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that are necessary for payment processing. Furthermore, personal data related to the respective order are also required to process the purchase contract. The purpose of transmitting the data is to process payments and prevent fraud. We will transmit personal data to PayPal, in particular, if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted to credit agencies by PayPal. The purpose of this transmission is to check your identity and creditworthiness. PayPal may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfill the contractual obligations or the data is to be processed on behalf of the company. The transfer takes place in accordance with Art. 6, para. 1, point b of the GDPR and only insofar as this is necessary for payment processing.
21.3. You have the option to revoke your consent to the handling of personal data at any time by contacting PayPal. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing. You can view the valid PayPal data protection regulations at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
As at January 2022