Privacy notice

Privacy notice

 

General notes

This privacy policy contains detailed information about what happens to your personal data when you visit our website. Personal data is any data with which you can personally identify yourself. We strictly adhere to the legal provisions when processing your data, in particular the Data Protection Regulation ("GDPR"), and attach great importance to ensuring that your visit to our website is absolutely secure.

Responsible body

Responsible under data protection law for the collection and processing of personal data on this website is:

Name: barely digital GmbH & Co KG
Represented by: Tobias Hübner, Jan Kofoet, Managing Director
Street, house number: Konrad-Adenauer-Str. 8
Postcode, town: 86836 Klosterlechfeld
Country: Germany
E-mail: service@vintrica.com
Tel.: +49 8232 / 76 899 76 - 40
Websites: www.vintrica.com, www.hu-vignette.com, www.ch-vignette.com, www.si-vignette.com, www.cze-vignette.com, www.sk-vignette.com, www.bg-vignette.com

Access data (server log files)

When you access our website, we automatically collect and store in so-called server log files access data that your browser automatically transmits to us. These are:

- Browser type and browser version of your PC

- Operating system used by your PC

- Referrer URL (source/reference from which you came to our website)

- Date and time of the server request

- the IP address currently used by your PC (if applicable, in anonymised form)

As a rule, it is not possible for us to make a personal reference, nor is it intended to do so. The processing of such data is carried out in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interest in improving the stability and functionality of our website.

Hosting / Content Delivery Network

Amazon Cloudfront

We use the Amazon CloudFront content delivery network (CDN) from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f GDPR). A CDN is a network of servers distributed worldwide that is able to deliver optimised content to the website user. For this purpose, personal data may be processed in server log files by AWS. Please compare the explanations under "Access data".

AWS is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) sentence 1 lit. f GDPR not to operate a content delivery network ourselves.

You have the right to object to the processing. Whether the objection is successful is to be determined within the framework of a balancing of interests.

The processing of the data provided under this section is not required by law or by contract. The functionality of the website is not guaranteed without the processing.

Your personal data will be stored by AWS for as long as is necessary for the purposes described.

For more information on how to object to and remove your data from AWS, please visit: https://aws.amazon.com/de/compliance/gdpr-center/

AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Amazon Web Services Inc. with headquarters in the USA is certified for the us-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.

Cookies

- In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your terminal device. Cookies cannot execute programs or transfer viruses to your computer system.

- Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested are stored on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are treated separately in this data protection declaration.

- Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit.

- You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Web analysis tools and advertising

Google Analytics

Our website uses the web analytics service Google Analytics. The provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of our website. The information generated by cookies about your use of our website is usually transferred to a Google server in the USA and stored there.

The legal basis for the processing of your data is the consent you have given via the cookie consent tool in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Job processing

We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage period

Data stored by Google at user and event level that are linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=en

Objection to data collection

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookies and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on available under the following link to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en. If you delete the cookies on your computer, you must set the opt-out cookie again.

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Further information on data protection can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=en

TrackJS

Our website uses services provided by TrackJS LLC. ("TrackJS") to analyse technical errors in the use of our website. For more information, please see the TrackJS privacy policy: https://trackjs.com/privacy/.

Hotjar

We use Hotjar to better understand the needs of our users and to optimise the offering and experience on this website. Hotjar's technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and helps us to tailor our offering to our users' feedback. Hotjar uses cookies and other technologies to collect data about the behaviour of our users and their devices, in particular the IP address of the device (only collected and stored anonymously during your use of the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

For more information, see the 'about Hotjar' section on Hotjar's help page: https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar.

targeting360  

Cookies are used on our website to enable retargeting advertising campaigns by targeting360 GmbH, Gredinger Str. 24a, 90453 Nuremberg, Germany. The adserving technology of NEORY GmbH, Dortmund, is used for this purpose. For the same purpose, targeting360 GmbH may also load technologies from the providers Adform, Adition, Google or The Trade Desk. These technologies may set additional cookies for this purpose.

The purpose of retargeting is to be able to display interest-based advertising to visitors to our websites on websites of partners in the advertising network.

When you visit our websites and after you have given your consent, the technology used stores a cookie with a unique identifier (cookie ID) in the browser on the end device you are using. If a cookie stored in the browser with this ID is read on a partner site, your device can be recognised. You can then be shown adverts on the partner site that relate, for example, to content that you have previously accessed on our websites.

In order to actually only show you adverts that match your interests, a usage profile is created by analysing the data that is transmitted from your end device to the requested server when you interact with the websites. Your IP address recorded in the process is anonymised by shortening and hashing right at the start of processing. The cookie ID, the approximate location according to the shortened IP address, Internet provider, access speed, technical information on the browser and end device used, operating system, preferred languages according to browser settings, HTTP referrer and date and time of the server request are also used for the usage profile. Your pseudonymised data processed in this way cannot be assigned to you without further ado. Advertising success is also calculated using pseudonymised data without being able to identify a specific person.

The legal basis for the use of the cookies used here and the subsequent processing is your consent in accordance with Art. 6 para. 1 lit a) GDPR. You can terminate the processing of the above-mentioned data based on your consent and the further use of the cookies used for this purpose by exercising your right of revocation or objection under the following link: https://ad.ad-srv.net/privacy/kdb0xdq3ls8m/

Google Tag Manager

Our website uses the Google Tag Manager from the provider Google. Google Tag Manager is a solution with which marketers can manage website tags via an interface. The tool that implements the tags is a cookie-less domain and does not store any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Google Ads and Google Conversion Tracking

Our website uses Google Ads (formerly Google AdWords). Google Ads is an online advertising programme of the provider Google.

Google Ads enables us to draw attention to our offers with the help of advertising media on external websites and to determine how successful individual advertising measures are. This helps us to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

Within the framework of Google Ads, we use so-called conversion tracking. The advertising material is delivered by Google via so-called "AdServers". For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify users. These cookies enable Google to recognise your web browser. If you visit certain pages of our website when the cookie has not yet expired, Google and we can recognise that you have clicked on the specific advertisement and have been redirected to this page.

Each Google Ads client receives a different cookie. The cookies can therefore not be tracked via the websites of Ads customers. The following information is usually stored as analysis values for the cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. The Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.

The aggregation of the collected data in your Google account is based exclusively on your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a GDPR). In the case of data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 (1) lit. f GDPR. The legitimate interest arises from the fact that we have an interest in the anonymised analysis of visitors to our website for advertising purposes in order to optimise both our web offering and our advertising.

Further information and the data protection provisions can be found in Google's data protection declaration at: https://policies.google.com/technologies/ads?hl=en.

Microsoft Advertising (formerly Bing Ads)

This website uses Microsoft Advertising. This is a tracking and advertising service using cookies and web beacons provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America. The cookie is activated for a maximum of 1 year and 25 days.

The purposes of data collection and processing are advertising and conversion tracking. The following categories of (personal) data that may be collected and analysed as part of the service: Browser language, Ads clicked, Digital signature, GUID generated by the UET tag, IP address, Microsoft click ID, Microsoft cookie, Page title, Referrer URL, Screen colour depth, Screen resolution, UET ID tag, Page load time, Publisher/URL access.

Processing takes place in the European Union, but may also be transferred to third countries. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection.

If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal remedy. Microsoft has additionally agreed standard data protection clauses in the terms of use as a guarantee for an appropriate level of data protection.

Further information and Microsoft's privacy policy can be found at this link: https://learn.microsoft.com/de-de/compliance/regulatory/offering-EU-Model-Clauses?view=o365-worldwide

Third-party provider

CM.com

We use CM.com, to send confirmation SMS messages to the customer on explicit customer request. Here the telephone number and the message content are transmitted to the Dutch provider CM.com. Responsible for this is CM. com Netherlands B.V. Konijnenberg 30, 4825 BD Breda, the Netherlands. For more information regarding the use of the D aten, visit https://www.cm.com/en-gb/app/legal/cmcom-legal//.

Nemzeti Mobilfizetési Zrt.

If you purchase an e-vignette for Hungary via vintrica, we will transfer your personal data (such as country of vehicle registration, license plate number, vehicle category, period of validity) to the following recipient in order to fulfill the contract and register the vignette:

Nemzeti Mobilfizetési Zrt.
Kapás utca 6-12
1027 Budapest
Hungary

The customer is hereby informed, that the service for E-Vignettes for Hungary is based on centralized mobile payment of services sold by the NMFSZ (Hungarian abbreviation for National Mobile Payment Service Provider):

Nemzeti Mobilfizetési Zrt.
Kapás utca 6-12
1027 Budapest
Hungary

LetterXpress

To send letters , our website uses the LetterXpress service. Data required for this process is transmitted to this provider. A&O Fischer GmbH & Co KG, Maybachstraße 9, 21423 Winsen (Luhe), Germany is responsible for handling this data. You can find more information at the following address: https://www.letterxpress.de/ueber-uns/datenschutz

State Fund for Traffic Infrastructure

As part of the registration process for a Czech motorway vignette for vehicles registered in the Czech Republic, we automatically transmit the vehicle license plate number you enter during the online process to the "Státní fond dopravní infrastruktury" (State Fund for Transport Infrastructure), with its registered office at Sokolovská 1955/278, 190 00 Praha 9, Czech Republic. The purpose of this data transmission is to verify whether the licence plate number entered exists and to determine the type of drive system of the vehicle. We use the information received exclusively to determine the correct vignette category for your vehicle. This data is stored for the duration of the registration process and until the vignette expires. Our aim is to use this process to ensure that the correct vignette category is determined efficiently and correctly and to ensure compliance with legal requirements. You can find more information at: https://edalnice.cz/en/gdpr-and-personal-data/index.html

Contact form

If you contact us by e-mail or via a contact form, the transmitted data including your contact details will be stored in order to be able to process your enquiry or to be available for follow-up questions. This data will not be passed on without your consent.

The data entered in the contact form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You may revoke your consent at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to store it or there is no longer any need to store the data. Mandatory legal provisions - in particular retention periods - remain unaffected.

Customer account

If you open a customer account, you agree that your inventory data such as name, address, e-mail address as well as your usage data (user name, password) are stored. This enables you to order from us using your e-mail address and your personal password.

Subscribe to our e-mail newsletter

If you register for our e-mail newsletter, we will send you regular information about our news and offers. Only your e-mail address is required for sending the newsletter. The provision of any other data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you consent to the sending of newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on a corresponding link. By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to track your consent and possible misuse of your email address at a later date. The data collected by us when you register for the newsletter is used exclusively for the purpose of addressing you in an advertising manner by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data in a way that goes beyond this and is permitted by law and about which we inform you in this declaration.

Online payments

When you order goods or services in our online shop, it is necessary for the fulfilment of the contract that you provide your personal data, which is necessary for the processing of your order. The mandatory data required for the processing of the contract are marked separately. Depending on the selected payment method, the data required for payment processing will be forwarded to the corresponding payment service providers. The processing of your data is carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

American Express

We use American Express on our website. The service provider is the American Express Company. The company responsible for the European region is American Express Europe S.A., Avenida Partenón 12-14, 28042, Madrid, Spain.

The data processing is essentially carried out by American Express. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It is also possible that this data may be linked to data from other American Express services with which you have a user account.

You can find out more about the data processed through the use of American Express in the Privacy Policy on https://www.americanexpress.com/uk/company/legal/privacy-centre/.

Apple Pay

We use Apple Pay, a service for online payment processes, on our website. The service provider is the American company Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.

The data processing is essentially carried out by Apple Pay. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other Apple services with which you have a user account.

You can find out more about the data processed through the use of Apple Pay in the Privacy Policy at https://www.apple.com/legal/privacy/en-ww/.

Discover

We use the payment system service provider Discover on our website. The service provider is the American company Discover Financial Services, 2500 Lake Cook Rd, Riverwoods, IL 60015, USA.

Data processing is essentially carried out by Discover. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It is also possible that this data may be linked to data from other Discover services with which you have a user account.

You can find out more about the data processed through the use of Discover in the Privacy Policy at https://www.discover.com/privacy-statement/eu-data.html.

giropay

We use the online payment provider giropay on our website. The service provider is the German company paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main, Germany. You can find out more about the data processed through the use of giropay in the data protection declaration on https://www.giropay.de/agb/index.html.

Google Pay

We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland is responsible for all Google services.

The data processing is essentially carried out by Google Pay. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It is also possible that this data may be linked to data from other Google services with which you have a user account.

You can find out more about the data processed through the use of Google Pay in the Privacy Policy at https://policies.google.com/privacy.

Mastercard/Maestro

We use the payment service provider Mastercard on our website. The service provider is the American company Mastercard Inc. The company responsible for the European region is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium.

The data processing is essentially carried out by Mastercard. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other Mastercard services with which you have a user account.

You can find out more about the data processed through the use of Mastercard in the Privacy Policy on https://www.mastercard.com/global/en/vision/corp-responsibility/commitment-to-privacy/privacy.html.

PayPal

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg is responsible for the European region.

The data processing is essentially carried out by PayPal. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from other PayPal services where you have a user account.

You can find out more about the data processed through the use of PayPal in the Privacy Policy on https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Visa/VPay

We offer payments with Visa on our website. The service provider is the American company Visa Inc. The company responsible for the European region is Visa Europe Services Inc, 1 Sheldon Square, London W2 6TT, United Kingdom.

The data processing is essentially done by Visa. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other Visa services where you have a user account.

You can find out more about the data processed through the use of Visa in the Privacy Policy at https://www.visa.de/visa-privacy-center.html.

Blik

We offer payments on our website via the Polish payment system Blik for bank transfer. After selecting Blik on our website, you need to enter a secure Blik code in the payment form.

You receive this unique six-digit code from your banking application and enter it on your checkout page. This links the transaction to the correct banking application. The blik code expires in 120 seconds.

As soon as you select "Pay", Blik sends a push notification to your banking application.

You must authorise the payment within 45 seconds in his banking app for the payment to go through.

For more information on the processing of personal data by Blik, please refer to the Privacy Policy of Polski Standard Płatności sp. z o.o.. , Warsaw (00-718), ul. Czerniakowska 87A, Poland.

iDEAL, Bancontact

iDEAL, Bancontact Customers with accounts at a Dutch bank can pay with iDEAL. Customers who have a Bancontact card at a participating Belgian bank can pay with Bancontact. If you choose iDEAL as your payment method, you will need an account and access to online banking at a participating Dutch bank. If you choose Bancontact as your payment method, you only need a bank account at a Belgian bank and a smartphone or card reader.

If you select iDEAL or Bancontact, you will be redirected to the payment page of your bank at the end of the order process. Here you can make a transfer of the payment as usual. After completing the transaction, you will be redirected back to the operator's website.

When choosing these payment methods, the operator only receives the information about whether the payment was successful or not.

For more information on the processing of personal data by iDEAL, please refer to the Privacy Policy of Currence B.V., Gustav Mahlerplein 33-35, Amsterdam, Noord-Holland 1082 MS, Netherlands. For more information on the processing of personal data by Bancontact, please refer to the privacy policy of Bancontact Payconiq Company NV/SA, Rue d'Arlon 82, 1040-Brussels, Belgium.

GiroPay

For payment via GiroPay , access to online banking at a participating bank is required. If you select GiroPay , you will be redirected to the online portal of Paydirekt GmbH or secupay AG at the end of the ordering process. There you can log into your online banking account to initiate the payment to us. This requires you to enter your access data for online banking. Further information on the processing of personal data by GiroPay can be found in the data protection regulations of Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany. For further information on the processing of personal data by Giropay, please refer to the data protection provisions of secupay AG, Goethestraße 6,01896 Pulsnitz, Germany.

EPS

For payment via EPS, access to online banking at a participating bank is required. If you select EPS, you will be redirected to the online portal of PSA Payment Services Austria GmbH at the end of the order process. There you can log into your online banking account to initiate the payment to us. This requires you to enter your access data for online banking. Further information on the processing of personal data by EPS can be found in the privacy policy of PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria.

JCB

We use the payment service provider JCB on our website. The service provider is the Japanese company JCB International Ltd. The company responsible for the European region is JCB International (Europe) Ltd Frankfurt Branch (hereinafter referred to as JCB), Messeturm 10. OG, Friedrich-Ebert-Anlage 49, 60308 Frankfurt, Germany.

Data processing is essentially carried out by JCB. This may result in data not being processed and stored anonymously. Furthermore, Japanese government authorities may have access to individual data. It may also happen that this data is linked to data from possible other JCB services where you have a user account.

You can find out more about the data processed through the use of Mastercard in the privacy policy on https://www.global.jcb/en/about-us/policy/privacy/.

Cartes Bencaire

We use the payment service provider Cartes Bencaire on our website. The service provider is the French company Groupement d 'Intérêt économique Cartes Bancaires CB, 151 Bis Rue Saint-Honoré 75001 Paris, France (hereinafter CB).

The data processing is essentially done by CB. This may result in data not being processed and stored anonymously. Furthermore, French government authorities may have access to individual data. It may also happen that this data is linked to data from possible other CB services where you have a user account.

To find out more about the data processed through the use of CB, please refer to the Privacy Policy on https://www.cartes-bancaires.com/protegezvosdonnees/.

Union Pay

We use the payment service provider Union Pay on our website. The service provider is the Chinese company UnionPay International Co., Ltd (hereinafter referred to as UnionPay). For the European region, the company UnionPay International Co., Ltd. , Building B, Poly Plaza, No.6 Dongfang Road, Pudong New District, Shanghai, China.

The data processing is essentially carried out by UnionPay. This may result in data not being processed and stored anonymously. Furthermore, Chinese government authorities may have access to individual data. It may also happen that this data is linked to data from possible other UnionPay services where you have a user account.

You can find out more about the data processed through the use of UnionPay in the Privacy Policy at https://www.cartes-bancaires.com/protegezvosdonnees/.

Diners

We use the payment service provider Diners on our website. The service provider is the Austrian company card complete Service Bank AG. The company card complete Service Bank AG, Lassallestraße 3, 1020 Vienna, Austria is responsible for the European region.

Electronic Bank Transfer Finland

After you have chosen to pay with Online Banking Finland, you will be redirected to the payment page hosted by a third party provider, where you will see a list of available banks.

You select your bank and are asked to enter your online banking credentials and authenticate yourself as you would when logging into his online bank account.

They select the account from which they want to make the payment and are asked to enter a unique code to confirm the payment.

After you have completed the payment, you will be redirected back to our website or app.

For further information on JCB's processing of personal data, please refer to the Privacy Policy of JCB International (Europe) Ltd Frankfurt Branch, Messeturm 10th OG, Friedrich-Ebert-Anlage 49, 60308 Frankfurt, Germany.

Data use and disclosure

We will neither sell to third parties nor otherwise market the personal data that you provide to us, e.g. when placing an order or by e-mail (e.g. your name and address or your e-mail address). Your personal data will only be processed for correspondence with you and only for the purpose for which you have provided us with the data. For the processing of payments, we pass on your payment data to the credit institution commissioned with the payment.

The use of data that is automatically collected when you visit our website is only for the purposes stated above. The data will not be used for any other purpose.

We assure you that we will not pass on your personal data to third parties unless we are legally obliged to do so or you have given us your prior consent.

SSL or TLS encryption

Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Storage period

Personal data that has been communicated to us via our website is only stored until the purpose for which it was entrusted to us has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data may be up to 10 years.

Data subjects' rights

With regard to the personal data concerning you, as a data subject, you have the following rights vis-à-vis the data controller in accordance with the legal provisions:

Right of withdrawal

Many data processing operations are only possible with your express consent. If the processing of your data is based on your consent, you have the right to revoke your consent to the processing of data at any time with effect for the future in accordance with Art. 7 (3) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Storage of data for billing and accounting purposes remains unaffected by a revocation.

Right to information

You have the right to request confirmation from us, pursuant to Article 15 of the GDPR, as to whether we are processing personal data relating to you. If such processing is taking place, you have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or criteria for determining the storage period, the existence of a right of rectification, erasure or access to your personal data. the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed about which guarantees exist in accordance with Art. 46 of the GDPR if your data are transferred to third countries.

Right of rectification

In accordance with Art. 16 GDPR, you have the right at any time to demand the immediate correction of any inaccurate personal data relating to you and/or the completion of your incomplete data.

Right to erasure

You have the right to request the deletion of your personal data in accordance with Art. 17 GDPR if one of the following reasons applies:

  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a GDPR and there is no other legal basis for the processing;
  3. You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
  4. The personal data have been processed unlawfully;
  5. The deletion of personal data is necessary for compliance with a legal obligation under Union law or the law of the Member State to which we are subject;
  6. The personal data was collected in relation to information society services offered pursuant to Art. 8(1) GDPR;

However, this right does not exist insofar as the processing is necessary:

  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right of the data subject is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
    for the establishment, exercise or defence of legal claims.

If we have made your personal data public and we are obliged to erase it in accordance with the above, we shall take reasonable steps, including technical measures, to inform data controllers processing the personal data that you, as the data subject, have requested that they erase all links to your personal data or copies or replications thereof, taking into account the available technology and the cost of implementation.

Right to restrict processing

You have the right to request the restriction of processing (blocking) of your personal data in accordance with Art. 18 GDPR. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

  1. If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  2. If the processing of your personal data has happened / is happening unlawfully, you can request the restriction of data processing instead of erasure.
  3. If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  4. If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Right to information

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. In accordance with Art. 19 of the GDPR, you have the right to be informed about these recipients upon request.

Right not to be subject to a decision based solely on automated processing, including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you, in accordance with Article 22 of the GDPR.

This shall not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and us,
  2. is authorised by legislation of the Union or the Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. is done with your express consent.

However, decisions in the cases referred to in (a) to (c) may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

In the cases referred to in (a) and (c), we shall take reasonable steps to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person responsible, to express your point of view and to contest the decision.

Right to data portability

If the processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and is carried out with the help of automated processes, you have the right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format and to transfer it to another controller or to demand that it be transferred to another controller, insofar as this is technically feasible.

Right of objection

Insofar as we base the processing of your personal data on the balance of interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on this provision. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) of the GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 (2) GDPR).

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

Right of appeal to the competent supervisory authority pursuant to Art. 77 GDPR

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for us is:

The Bavarian State Commissioner for Data Protection
PO Box 22 12 19
80502 Munich

Business address:
Wagmüllerstraße 18
80538 Munich
Germany

Telephone: 089 212672-0
E-mail: poststelle@datenschutz-bayern.de
Internet: https://www.datenschutz-bayern.de/

Validity and amendment of this privacy policy

This privacy policy will apply from 18 September 2023. We reserve the right to amend this privacy policy at any time in compliance with the applicable data protection regulations. This may be necessary, for example, to comply with new legal provisions or to take account of changes to our website or new services on our website. The version available at the time of your visit applies.

If this Privacy Policy is amended, we intend to post changes to our Privacy Policy on this page so that you are fully informed about what personal data we collect, how we process it and under what circumstances it may be disclosed.