Data protection declaration

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.

Server log files
You can use our websites without submitting personal data. 
Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.

Your data may be transferred to third countries outside the European Union for which an adequacy decision has been made by the EU Commission. In the absence of an adequacy decision by the EU Commission, such as for transfers to the USA, the data transfers will be based on standard contractual clauses as appropriate guarantees for the protection of personal data, among other things, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Contact

Responsible person
Contact us at any time. The person responsible for data processing is: 
Mathias Schmidt, Blumenstraße 70, 99092 Erfurt Deutschland, +49 (0) 361 / 30 25 81 24, review@bme24.com

 

Proactive contact of the customer by e-mail
If you make contact with us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.
Collection and processing when using the contact form 

When you use the contact form we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact.

If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.

If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Finally your data will be deleted, unless you have agreed to further processing and use.

 

WhatsApp Business
If you communicate with us via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited for this (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you have your residence outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The purpose of the data processing is to handle and respond to your contact request. For this purpose we collect and process your mobile phone number registered with WhatsApp and, if provided, your name and additional data to the extent provided by you. We use a mobile device for the service, the address book of which stores exclusively the data of users who have contacted us via WhatsApp. Disclosure of personal data to WhatsApp shall not take place unless you have already consented to this with respect to WhatsApp.
Your data are transmitted by WhatsApp to servers of Meta Platforms Inc. in the USA.
For the USA, no adequacy decision from the EU Commission is available. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: 
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in providing quick and easy communication as well as responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your personal data to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.
For more information on terms of service and privacy when using WhatsApp, please visit https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy.

Orders      

Collection, processing, and transfer of personal data in orders
When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfilment and handling of your order as well as processing of your queries. The provision of data is necessary for conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfilment of a contract with you. 
Your data is transferred here for example to the shipping companies and dropshipping providers, payment service providers, service providers for handling the order and IT service providers that you have selected. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum.

Your data may be transferred to third countries outside the European Union for which an adequacy decision has been made by the EU Commission. In the absence of an adequacy decision by the EU Commission, such as for transfers to the USA, the data transfers will be based on standard contractual clauses as appropriate guarantees for the protection of personal data, among other things, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Advertising      

Use of your email address for mailing of direct marketing 
We use your email address, which we obtained in the course of selling a good or service, for the electronic transmission of marketing for our own goods or services which are similar to those you have already purchased from us, unless you have objected to this use. You must provide your email address in order to conclude a contract. Failure to provide it will prevent the conclusion of any contract. The processing will be carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in direct marketing. You can object to this use of your email address at any time by contacting us. You will find the contact details for exercising your right to object in our imprint. You can also use the link provided in the marketing email. This will not involve any costs other than transmission costs at basic tariffs.

Merchandise management      

Use of an external merchandise management system
We use a merchandise management system in the course of order processing for the purposes of contractual processing. For this purpose your personal data as collected in the course of the order will be sent to

AbamSoft ®, Inh. André Bachmann, Maassenstraße 64, 46514 Schermbeck 

Payment service providers       Credit check      

Use of PayPal
On our website we use the PayPal payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”). The data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, the data required for processing the payment will be transmitted to PayPal in order to enable us to fulfil the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

All PayPal transactions are subject to PayPal Privacy Policy. You can find these at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Use of SOFORT
On our website we use the payment service provider SOFORT GmbH, (Theresienhöhe 12, 80339 Munich, Germany; “SOFORT”) for payment processing. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The data processing serves the purpose of allowing us to offer you various payment methods by processing payments via the payment service provider SOFORT. Once you have chosen the payment option, the data required to process the payment will be transmitted to SOFORT. This data processing is carried out on the basis of Article 6 para. 1 lit. b GDPR. For more information on data processing in connection with the use of the payment service provider SOFORT, please visit https://www.sofort.com/1.0/shared/content/legal/terms/de-DE/SOFORT/ and https://www.klarna.com/sofort/.

Credit and identity checking when paying by invoice via Novalnet
If you choose to pay by invoice, Novalnet AG (Feringastraße 4, 85774 Unterföhring) will carry out an identity and credit check. For this purpose Novalnet AG requires particular information from the customer, including personal data. This includes name and address, account number and sort code or credit card number (including period of validity), invoice amount and currency as well as transaction number. Novalnet AG checks and evaluates customer information and, if there is a justifiable reason to do so, engages in an exchange of data with other companies and credit agencies (credit check). It is entitled to use this information for the purpose of payment processing and to forward it to the provider. If you choose to pay by invoice via Novalnet, personal data will be transferred to the collection service provider Novalnet and processed further there. The data processing is for the purpose of offering purchase on account as well as the credit check required for this. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in offering various payment methods as well as our justified interest in protection from payment default. You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR by contacting us, for reasons relating to your personal situation. Novalent carries out an in-house identity and credit check. For this purpose Novalnet AG requires particular information from the customer, including personal data. This includes name and address, account number and sort code or credit card number (including period of validity), invoice amount and currency as well as transaction number. Novalnet AG checks and evaluates customer information and, if there is a justifiable reason to do so, engages in an exchange of data with other companies and credit agencies (credit check). It is entitled to use this information for the purpose of payment processing and to forward it to the provider. The provision of data is required for conclusion of contract with your desired payment method. Failure to provide it will mean that the contract cannot be concluded with your desired payment method.

Cookies
Our website uses cookies. Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.

Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

technically necessary cookies
Insofar as no other information is given in the data protection declaration below we use only these technically necessary cookies cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognise your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.

The use of cookies or comparable technologies is carried out on the basis of Art. 25 para. 2 TTDSG. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services.
You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.

Use of CCM19 Cookie Management
Our website uses the consent management tool CCM19 Cookie from Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn; represented by Dr. Carsten Euwens.
The tool enables you to grant consents to data processing via the website, in particular the placing of cookies, and to make use of your right of revocation for consents already granted.
The processing of data serves the purpose of obtaining necessary consents for data processing and to document these, thereby complying with statutory obligations.
Cookies may be deployed for this purpose. The following information, among others, can be collected: Date and time the page was viewed, information about the browser and device you are using, UID (randomly assigned anonymous ID), opt-in and opt-out data. This data will not be passed on to third parties.
The data processing is carried out on the basis of Article 6(1)(c) GDPR to comply with a legal obligation.
More information on data protection at CCM19 Cookie Management can be found at: https://www.ccm19.de/datenschutzerklaerung.html

Advertising tracking      

Use of Google Analytics 4
We use the Google Analytics web analytics service provided by Google Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. To this end, Google will use the information obtained on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. 
In this context, the following information may be collected, among others: IP address, date and time of page view, click path, information about the browser you are using and the device you are using (device), pages visited, referrer URL (website from which you accessed our website), location data, purchase activity. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
Google uses technologies such as cookies, web storage in the browser and tracking pixels that enable an analysis of your use of the website. 
The information generated by this about your use of this website is usually transferred to a Google server in the USA and stored there. There is no adequacy decision of the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, viewable at: https://policies.google.com/privacy/frameworks. Both Google and US government agencies have access to your data. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google may have about you.
When using Google Analytics 4, the IP address transmitted by your website is automatically collected and processed in anonymized form. The IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. 
The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in the needs-based and targeted design of the website. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
You can also prevent the collection of the data (including your IP address) generated by Google Analytics and related to your use of the website by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link [https://tools.google.com/dlpage/gaoptout?hl=de]. To prevent the data collection and storage by Google Analytics across multiple devices you can place an opt-out cookie. Opt-out cookies prevent the future collection of your data when you visit this website. You need to implement the opt-out on all systems and devices that you are using, so that this works comprehensively. If you delete the opt-out cookie, requests will be transmitted to Google again. When you click here the opt-out cookie will be placed: Deactivate Google Analytics
For more information on terms of use and data protection, please visit https://policies.google.com/technologies/partner-sites and https://policies.google.com/privacy?hl=de&gl=de.

We also use the Google Signals service in this context. Google Signals enables cross-device tracking. Hence, your data can be analysed across devices if you have enabeled “personalised advertising” in your account settings and your end devices are linked to your Google account. This makes it possible to identify which device is searching for products and then return to complete purchases on another device, such as a tablet.The cross-device reports created in this context contain only aggregated data. We therefore only receive statistics generated on the basis of Google Signals. To prevent Google Signals from collecting and storing data across devices, you can deactivate the “personalised advertising” function in your Google Account settings. For more information, please visit https://support.google.com/ads/answer/2662922?hl=de. For more information on data processing and data protection for Google Signals, please visit https://support.google.com/analytics/answer/7532985?hl=en.

Use of Google Ads conversion tracking
Our website uses the online marketing program “Google Ads”, including conversion tracking (evaluation of user actions). Google conversion tracking is a service operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).
If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google Ads customer receives a different cookie. It is therefore not possible to track cookies relating to the websites of Ads customers.
The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users.
Your data may be transmitted to the USA. For the USA, no adequacy decision from the EU Commission is available.
The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks and https://business.safety.google/adscontrollerterms/.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You will find more information as well as Google’s data privacy policy at: https://www.google.com/policies/privacy/


Use of the remarketing or “similar target groups” function by Google Inc.
Our website uses the remarketing or “similar target groups” function by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).
This application serves to analyse visitor behaviour and visitor interests.
Google uses cookies to analyse website use, forming the basis for producing interest-related adverts. Cookies allow for the recording of website visits as well as anonymised data on the use of the website. The personal data of website visitors is not saved. If you then visit another website in the Google display network you will then be shown adverts which are more likely to take previous areas of product and information interest into account.
Your data may be transmitted to the USA. For the USA, no adequacy decision from the EU Commission is available. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on Google remarketing as well as the associated data privacy policy at: https://www.google.com/privacy/ads/


Plug-ins

Use of the Google Tag Manager
Our website uses the Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). This application manages JavaScript tags and HTML tags which are used in particular to implement tracking and analysis tools. The data processing serves to facilitate the needs-based design and optimisation of our website. The Google Tag Manager itself neither stores cookies nor processes personal data. It does, however, enable the triggering of further tags which may collect and process personal data. You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/intl/de/tagmanager/use-policy.html

Friendly Captcha (Bot/spam protection)
We use the “Friendly Captcha” service on our website (www.friendlycaptcha.com).
This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
Friendly Captcha is a new type of privacy-friendly security solution to make it increasingly difficult for automated programs and scripts (so-called “bots”) to use our website.
For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor’s end device can establish a connection to Friendly Captcha’s servers in order to receive a computational task from Friendly Captcha. The visitor’s end device solves the computational task, which requires certain system resources, and sends the computational results to our web server. Our server contacts the Friendly Captcha server via an API and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, further process or reject them.
The data is used exclusively for the protection against spam and bots as described above.
Friendly Captcha does not set or read cookies on the visitor’s end device.
IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.
If personal data is stored, this data will be deleted after 30 days.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests).
Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.

Rights of persons affected and storage duration

Duration of storage 
After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.
Rights of the affected person
If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.
Right to complain to the regulatory authority
You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.

You can lodge a complaint with, among others, the supervisory authority responsible for us, which you may reach at the following contact details:

Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit
Postfach 90 04 55
99107 Erfurt
oder
Häßlerstrasse 8
99096 Erfurt
Tel.: +49 361 573112900
Fax: +49 361 573112904
E-Mail: poststelle@datenschutz.thueringen.de

Right to object
If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect.
If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.

If personal data is being processed for the purposes of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct advertising.

last update: 29.11.2022