Privacy policy

--------------------------
Privacy policy
--------------------------

1) Information about the collection of personal data and contact details of the person responsible.

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data in this context is all data with which you can be personally identified.

1.2 The controller of data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is The TwentyTwo, Dubai Silicon Oasis, IFZA Business Park, Building A2, e-mail: nicktrafi@gmail.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

2) Data collection when visiting our website
During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

3) Hosting & Content Delivery Network
Hosting by Shopify
We use the store system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by adequacy decision of the European Commission. For further information on Shopify's data protection, please visit the following website: https://www.shopify.de/legal/datenschutz.
Further processing on servers other than the aforementioned of Shopify will only take place within the framework communicated below.

4) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your terminal device. In some cases, these cookies are automatically deleted after you close your browser (so-called "session cookies"), in other cases, these cookies remain on your end device for a longer period of time and allow you to save page settings (so-called "persistent cookies"). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given, or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting us
When contacting us (e.g. via contact form or e-mail), personal data is processed - exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DSGVO. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Use of customer data for direct marketing purposes
Registration for our e-mail newsletter
If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory data for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter we use the so-called double opt-in procedure, which ensures that you will only receive newsletters if you have expressly confirmed your consent to receive the newsletter by activating a verification link sent to the specified e-mail address.
By activating the verification link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a DSGVO. In doing so, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter is used strictly for the intended purpose. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you in this declaration.

7) Data processing for order processing
7.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b DSGVO.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you personally about upcoming updates within the legally stipulated period within the framework of our legal information obligations pursuant to Art. 6 (1) lit. c DSGVO by suitable means of communication (e.g. by post or e-mail). Your contact data will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.
In order to process your order, we also work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
7.2 Use of payment service providers (payment services)
- Amazon Pay
If you select the payment method "Amazon Pay", the payment is processed via the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to which we pass on the information you provided during the ordering process, together with information about your order, in accordance with Art. 6 (1) lit. b DSGVO. The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider Amazon Payments and only insofar as it is necessary for this purpose. If cookies, i.e. small text files that are stored on the end device, are set when using Amazon Pay, this is done exclusively on the basis of your express consent pursuant to Art. 6 (1) lit. a DSGVO. This consent can be revoked at any time via the "Cookie Consent Tool" implemented on the website. You can obtain further information about the data protection provisions of Amazon Payments at the following Internet address: https://pay.amazon.com/de/help/201751600

- Apple Pay
If you choose the payment method "Apple Pay" of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your terminal device running iOS, watchOS or macOS by charging a payment card deposited with "Apple Pay". Apple Pay uses security functions integrated into the hardware and software of your device to protect your transactions. For the release of a payment, the entry of a code previously defined by you as well as the verification by means of the "Face ID" or "Touch ID" function of your terminal device is therefore required.
For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the success of the payment.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b DSGVO.
Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was completed successfully. The anonymization completely eliminates any reference to individuals. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay," and uncheck "Allow payments on Mac."
For more information about Apple Pay privacy, please visit the following web address: https://support.apple.com/de-de/HT203027

- Google Pay
If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application of your mobile device running at least Android 4.4 ("KitKat") and having an NFC function by charging a payment card deposited with Google Pay or a payment system verified there (e.g. PayPal). For the release of a payment via Google Pay in the amount of more than €25, the prior unlocking of your mobile end device by the respective verification measure set up (such as facial recognition, password, fingerprint or pattern) is required.
For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the source website, with which a payment made is verified. This transaction number does not contain any information about the real payment data of your payment means deposited in Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment transaction. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Google Pay. Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b DSGVO. Google reserves the right to collect, store and analyze certain transaction-specific information for each transaction made through Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos that you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description for the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 para.1 lit. f DSGVO on the basis of the legitimate interest in proper billing, verification of transaction data and optimization and functional maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with further information collected and stored by Google when using other Google services.
The terms of use of Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following Internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

- Klarna
If you select a Klarna payment service, the payment will be processed by Klarna Bank AB (publ), https://www.klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable the processing of the payment, your personal data (first and last name, street, house number, postal code, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery type) will be forwarded to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this in accordance with Art. 6 para. 1 lit. a DSGVO during the ordering process. You can see which credit agencies your data may be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information obtained about the statistical probability of non-payment for a weighed decision on the establishment, implementation or termination of the contractual relationship.
You may withdraw your consent at any time by sending a message to the data controller or to Klarna. However, Klarna remains entitled to process your personal data, if applicable, insofar as this is necessary for the processing of payments in accordance with the contract.
Your personal data will be processed in accordance with the applicable data protection regulations and as specified in Klarna's Privacy Policy for Data Subjects located in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
handled.

- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only insofar as this is necessary for the payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b DSGVO. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this purpose. You can find more information on the data protection of Shopify Payments at the following Internet address: https://www.shopify.com/legal/privacy.
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

- SOFORT
If you select the payment method "SOFORT", the payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we pass on the information you provided during the ordering process, along with information about your order, in accordance with Art. 6 (1) lit. b DSGVO. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider SOFORT and only insofar as it is necessary for this purpose. You can obtain more information about SOFORT's privacy policy at the following Internet address: https://www.klarna.com/sofort/datenschutz.

8) Online Marketing
Facebook Pixel for the creation of Custom Audiences (with Cookie Consent Tool).
Within our online offer, the so-called "Facebook pixel" of the social network Facebook is used, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook").
If a user clicks on an advertisement placed by us and played on Facebook, an addition is added to the URL of our linked page by Facebook Pixel. If our site allows data sharing with Facebook via Pixel, this URL parameter is inscribed in the user's browser via a cookie that our linked site sets itself. This cookie is then read by Facebook Pixel and enables the data to be forwarded to Facebook.
With the help of the Facebook Pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. Thus, we can further evaluate the effectiveness of the Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The data collected is anonymous for us, so it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). The data can enable Facebook as well as its partners to place advertisements on and outside of Facebook.
The data processing associated with the use of the Facebook Pixel is only carried out with your express consent in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

9) Retargeting/ Remarketing/ Referral Advertising
TikTok Pixel
This website uses the "TikTok Pixel", a tracking technology of the social network "TikTok" of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").
With the help of cookies (small text files that are stored on the end device used), information about the surfing behavior on our website is collected in pseudonymized form, transmitted to TikTok, stored there and analyzed to then enable the playout of interest-based and personalized product recommendations on TikTok. The object of the information collected and processed pseudonymously in this way is basically the device ID, the device type, time stamp, the operating system used and the IP address. The information can be assigned to the person of the User with the aid of further information that TikTok has stored about the User, e.g. due to the ownership of an account on the social network "TikTok". TikTok may also combine the information collected through the pixel with other information that TikTok has collected through other websites and / or in connection with the use of the social network "TikTok", and thus create pseudonymous usage profiles. In no case can the information collected be used to personally identify visitors to this website.
The TikTok Pixel further enables us to track the effectiveness of advertisements on TikTok. If the user is redirected from an ad on TikTok to pages on this website and the cookies have not yet expired, the pixel captures and can track certain user actions predefined by us (e.g., completed transactions, leads, searches on the website, views of product pages). When such an action is performed, your browser sends an HTTP request from the cookie to the TikTok server via the TikTok pixel, which transmits certain information about the action. Through this transmission, TikTok can compile statistics about the usage behavior on our website after forwarding from a TikTok ad, which serve us to optimize our offer. All processing described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website. We have entered into an order processing agreement with TikTok for the use of the TikTok Pixel, which obligates TikTok to protect the data of our site visitors and not to disclose it to third parties. TikTok generally transmits collected information outside the European Economic Area and relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

10) Page functionalities
10.1 Facebook plugins with Shariff solution
Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
In order to increase the protection of your data when visiting our website, these buttons are not unrestricted plugins, but are only integrated into the page using an HTML link. This type of integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with Facebook's servers. When you click on the button, a new browser window opens and calls up the Facebook page, where you can interact with the plugins there (possibly after entering your login data).
For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's privacy policy: https://www.facebook.com/policy.php
10.2 Instagram plugin as Shariff solution
Our website uses so-called social plugins ("plugins") of the online service Instagram, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook").
In order to increase the protection of your data when visiting our website, these buttons are not unrestricted plugins, but are only integrated into the page using an HTML link. This type of integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with the servers of Instagram. When you click on the button, a new browser window opens and calls up the Instagram page, where you can interact with the plugins there (possibly after entering your login data).
For the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and setting options for protecting your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/
10.3 Use of Youtube videos
This website uses the Youtube embedding function to display and play videos of the provider "Youtube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider "Youtube" uses cookies to collect information about user behavior. According to information from "Youtube", these are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behavior. If you are logged in to Google, your data is directly assigned to your account when you click on a video. If you do not want the assignment to your YouTube profile, you must log out before activating the button. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. The use of YouTube may also result in the transmission of personal data to the servers of Google LLC. in the USA.
Independently of a playback of the embedded videos, a connection to the Google network is established each time this website is called up, which may trigger further data processing operations without our influence.
All processing described above, in particular the reading of information on the end device used via the tracking pixel, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a DSGVO. Without this consent, Youtube videos will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "cookie consent tool" provided on the website via alternative options communicated to you on the website.
Further information on data protection at "Youtube" can be found in the Youtube terms of use at https://www.youtube.com/static?template=terms as well as in Google's privacy policy at https://www.google.de/intl/de/policies/privacy.
10.4 Shopsync for Shopify
This website uses the Shopify app "Shopsync" from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
With the help of ShopSync, the "Mailchimp" newsletter service is synchronized with our Shopify account in such a way that, on the one hand, updates in Mailchimp email lists (such as a newsletter recipient opting out) are also automatically stored on Shopify and, on the other hand, new contact data generated on Shopify via contract conclusions is automatically transferred to the Mailchimp email lists. In the former case, data processing is carried out pursuant to Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in the effective and cross-system maintenance of the files of advertising addressees and the efficient observance of legally significant status changes.
In the second case, exclusively on the basis of the user's express consent pursuant to Art. 6 (1) a DSGVO, after a contract has been concluded on Shopify for inclusion in the Mailchimp list, the user's first and last name, address and mail address together with transaction-related information (purchase amount, time and date of purchase) are transferred by ShopSync to Mailchimp.
Data transferred in this way is not stored or retained by ShopSync after synchronization. All information synced between Shopify and Mailchimp is transmitted using Secure Socket Layer (SSL) technology, and all transmitted information remains encrypted during the sync process.
The synchronization process requires the transfer of information over a secure connection to servers hosted by Amazon Web Services in the United States.
You can find more data protection information about ShopSync here: https://shopsync.io/privacy-policy

11) Tools and other
- Billomat
For the completion of accounting we use the cloud-based accounting software of Billomat GmbH & Co. KG, Lorenzer Str. 31, 90402 Nuremberg ("Billomat").
Billomat processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a partially automated process.
If personal data is also processed in this process, the processing is carried out in accordance with Art. 6 (1) f DSGVO on the basis of our legitimate interest in the efficient organization and documentation of our business transactions.
You can find more information about Billomat, the automated processing of data and the data protection provisions at https://www.billomat.com/datenschutz/.
- Billware
We use the cloud-based accounting software "Billware" from Pinkenburg / Rinne GbR, Gluckstr. 57, 22081 Hamburg, Germany ("Billware") to handle our accounting.
Billware processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a partially automated process.
If personal data is also processed in this process, the processing is carried out in accordance with Art. 6 (1) f DSGVO on the basis of our legitimate interest in the efficient organization and documentation of our business transactions.
For more information about Billware, the automated processing of data and data protection regulations, please visit https://www.billware.de/privacy.
- DATEV
We use the cloud-based accounting software of DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany ("DATEV") to handle our accounting.
DATEV processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a partially automated process.
If personal data is also processed in this process, the processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our legitimate interest in the efficient organization and documentation of our business transactions.
For more information about DATEV, the automated processing of data and data protection regulations, please visit https://www.datev.de/web/de/m/ueber-datev/datenschutz/.

- Lexoffice
For the completion of the accounting we use the service of the cloud-based accounting software "lexoffice" of Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg.
Lexoffice processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a partially automated process.
If personal data is also processed in this process, the processing is carried out in accordance with Art. 6 (1) f DSGVO on the basis of our legitimate interest in the efficient organization and documentation of our business transactions.
For more information on lexoffice, the automated processing of data and the data protection provisions, please visit https://www.lexoffice.de/datenschutz/.

12) Rights of the Data Subject
12.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:
- Right to information pursuant to Art. 15 DSGVO;
- Right to rectification pursuant to Art. 16 DSGVO;
- Right to erasure pursuant to Art. 17 DSGVO;
- Right to restriction of processing pursuant to Art. 18 DSGVO;
- Right to information pursuant to Art. 19 DSGVO;
- Right to data portability pursuant to Art. 20 DSGVO;
- Right to withdraw consent given pursuant to Art. 7(3) DSGVO;
- Right to lodge a complaint pursuant to Art. 77 DSGVO.
12.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of the storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and - if relevant - additionally on the basis of the respective legal retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, this data is stored until the data subject revokes his or her consent.
If there are legal retention periods for data that is processed within the scope of legal business or similar obligations on the basis of Art. 6 Para. 1 lit. b DSGVO, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment of the contract or the initiation of the contract and/or there is no legitimate interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6(1)(f) DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Article 6 (1) (f) DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Article 21 (2) DSGVO.
Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.