4. Legal basis for processing

Art. 6 Para. 1 lit. a) GDPR (in conjunction with Section 25 Para. 1 TDDDG (formerly
TTDSG)) serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary to fulfill a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 (1) (b) GDPR. The same applies to processing operations that are necessary to carry out precontractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. In this case, the processing would be based on Art. 6 (1) (d) GDPR.

Ultimately, processing operations could be based on Art. 6 (1) (f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they were specifically mentioned by the European legislator. In this respect, it was of the opinion that a legitimate interest could be assumed if you are a customer of our company (Recital 47, Sentence 2 GDPR).

5. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than
those listed below.

We will only share your personal information with third parties if:

1. you have given us your express consent in accordance with Art. 6 (1) lit. a) GDPR,

2. the disclosure is permissible in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

3. in the event that there is a legal obligation to disclose data pursuant to Art. 6 (1) lit. c) GDPR, and

4. this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 (1) (b) GDPR.

In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent in accordance with Art. 49 (1) lit. a) GDPR can serve as the legal basis for the transfer to third countries. This does not apply in some cases to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR.

6. Technology
6.1 SSL/TLS encryption

This site useswarrantySSL or TLS encryption is used to ensure the security of data
processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that “https://” appears in the address line of the browser instead of “http://” and by the lock symbol in your browser line.

We use this technology to protect the data you transmit.

6.2 Data collection when visiting the website

If you use our website for informational purposes only, if you do not register or otherwise provide us with information or do not consent to processing that requires consent, we only collect data that is technically necessary for the provision of the service. This is usually data that your browser transmits to our server (“in so-called server log files”). Our website records a series of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server’s log files. The following can be recorded:

1. browser types and versions used,

2. the operating system used by the accessing system,

3. the website from which an accessing system reaches our website (so-called referrer),

4. the subpages that are accessed via an accessing system on our website,

5. the date and time of access to the website,

6. a shortened Internet Protocol address (anonymized IP address) and,

7. the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about you personally. Rather, this information is needed to

1. to deliver the contents of our website correctly,

2. to optimize the content of our website and the advertising for it,

3. to ensure the long-term functionality of our IT systems and the technology of
our website and

4. to provide law enforcement authorities with the information necessary for
prosecution in the event of a cyber-attack. Therefore, we evaluate these collected data and information statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest
follows from the purposes for data collection listed above.

6.3 Encrypted payment transactions

If, after concluding a fee-based contract, you are obliged to provide us with your payment details (e.g. the account number when issuing the direct debit authorization), this data is required for payment processing.

Payment transactions using common payment methods (Visa/MasterCard or direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

We use this technology to protect the data you transmit.

6.4 Hosting by Hostinger

We host our website at HOSTINGER operations, UAB, Švitrigailos str. 34, Vilnius,
03230 Lithuania (hereinafter referred to as HOSTINGER).

When you visit our website, your personal data (e.g. IP addresses in log files) are
processed on HOSTINGER’s servers.

The use of HOSTINGER is based on Art. 6 Paragraph 1 Letter f) GDPR. We have a legitimate interest in the most reliable presentation, provision and security of our
website.

We have concluded a data processing agreement (AVV) in accordance with Art. 28 GDPR with HOSTINGER. This is a contract required by data protection law that guarantees that HOSTINGER only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

For more information about Host Europe’s privacy policy, please visit:
https://www.hostinger.de/legal/datenschutz-regulations

7. Cookies
7.1 General information about cookies

Cookies are small files that your browser automatically creates and that are stored on
your IT system (laptop, tablet, smartphone, etc.) when you visit our website.

The cookie stores information that is relevant to the specific device used. However, this does not mean that we receive direct knowledge of your identity.

The use of cookies serves to make the use of our services more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

We also use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimization. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage period of the cookies can be found in the settings of the consent tool used.

7.2 Legal basis for the use of cookies

The data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) (f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in
accordance with Art. 6 (1) (a) GDPR.

7.3 CookieYes (Consent Management Tool)

We use the consent management tool “CookieYes” from CookieYes Limited of 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom. This service enables us to obtain and manage the consent of website users to data processing.

CookieYes uses cookies to collect data generated by end users who use our website.
When an end user gives consent, the following data is automatically logged, among
others:

• cookie duration,
• Cookie Version,
• IP address,
• selection in the cookie banner,
• Browser used,
• ProcessorID and ControllerID.

The consent status is also stored in the end user’s browser so that the website can
automatically read and follow the end user’s consent on all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period according to Section 195 of the German Civil Code (BGB). The data is then deleted immediately.

The functionality of the website cannot be guaranteed without the processing described. The user has no possibility of objection as long as there is a legal obligation to obtain the user’s consent to certain data processing operations, Art. 7 Para. 1, 6 Para. 1 Sentence 1
lit. c) GDPR.

CookieYes is the recipient of your personal data and acts as a processor for us. Data
processing takes place exclusively in the European Union.

For more information, see: https://www.cookieyes.com/privacy-policy/

8. Contents of our website
8.1 Registration as a user

You have the option of registering on our website by providing personal
data.

Which personal data is transmitted to us is determined from the respective input mask used for registration. The personal data you enter is collected and stored exclusively for internal use by us and for our own purposes. We can arrange for the data to be passed on to one or more processors, for example a parcel service provider, who also uses the personal data exclusively for internal use that is attributable to us.

By registering on our website, the IP address assigned by your Internet service provider (ISP), the date and time of registration are also stored. This data is stored because this is the only way to prevent misuse of our services and, if necessary, to enable the investigation of crimes committed. In this respect, the storage of this data is necessary for our security. This data is generally not passed on to third parties. This does not apply if we are legally obliged to pass it on or if the transfer serves the purpose of criminal prosecution.

Your registration, with the voluntary provision of personal data, also enables us to offer you content or services that, due to the nature of the matter, are only

can be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from our database.

We will provide you with information about which personal data is stored about you at any time upon request. We will also correct or delete personal data at your request, provided that there are no statutory retention periods to the contrary. A data protection officer named in this data protection declaration and all other employees are available to the data subject as contact persons in this context.

Your data is processed in the interest of comfortable and easy use of our website. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

8.2 Data processing when opening a customer account and for contract processing

In accordance with Art. 6 Paragraph 1 Letter b) of GDPR, personal data is collected and processed when you provide it to us to execute a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Your customer account can be deleted at any time and can be done, among other things, by sending a message to the above-mentioned address of the person responsible. We store and use the data you provide to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked taking into account tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use of the data that is permitted by law, about which we will inform you accordingly below.

 8.3 Data processing for order processing

The personal data we collect will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment details to the commissioned credit institution as part of the payment processing, insofar as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 Para. 1 lit. b) GDPR.

8.4 Conclusion of contracts with online shops, retailers and shipping of goods

We only transmit personal data to third parties if this is necessary for the purpose of
processing the contract, for example to the company entrusted with delivering the goods or the credit institution responsible for processing the payment. The data will not be transmitted to any other parties or will only be transmitted if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or for pre-contractual measures.

8.5 Contact / Contact form

When you contact us (e.g. via contact form or email), personal data is collected. The data collected when you use a contact form can be seen in the respective contact form. This data is stored and used solely for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 Paragraph 1 Letter f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Paragraph 1 Letter b) GDPR. Your data will be deleted after your request has been processed; this is the case if the circumstances indicate that the matter in question has been conclusively clarified and there are no statutory retention periods that prevent deletion.

9. Our activities in social networks

We have our own pages there so that we can communicate with you on social networks and inform you about our services. If you visit one of our social media pages, we are jointly responsible for the processing operations triggered by this, within the meaning of Art. 26 GDPR, with the provider of the respective social media platform.

We are not the original provider of these pages, but only use them within the scope of the options offered to us by the respective providers.

We therefore point out as a precaution that your data may also be processed outside the European Union or the European Economic Area. Use may therefore involve data protection risks for you, as it may be difficult to protect your rights, e.g. to information, deletion, objection, etc., and processing in social networks is often carried out directly by the providers for advertising purposes or to analyze user behavior, without us being able to influence this. If user profiles are created by the provider, cookies are often used or the user behavior is assigned to the own member profile of the social networks that you have created.

The described processing of personal data is carried out in accordance with Art. 6 Para. 1 lit. f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a contemporary manner or to inform you about our services. If you as a user have to give consent to data processing to the respective providers, the legal basis refers to Art. 6 Para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the providers’ data, we would like to point out that it is best for you to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. We have listed further information on the processing of your data in the social networks below for the respective social network providers we use:

9.1 Facebook

(Co-)responsible for data processing in Europe:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy (Data Policy):

https://www.facebook.com/about/privacy

9.2 Instagram

(Co-)responsible for data processing in Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy (Data Policy):

https://instagram.com/legal/privacy/

9.3 X (Twitter)

(Co-)responsible for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy Policy:

https://twitter.com/de/privacy

Information about your data:

https://twitter.com/settings/your_twitter_data

10. Advertising
10.1 Google Ads (AdWords) Remarketing/Retargeting

We have integrated Google Ads on this website. The operator of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This allows us to advertise this website in Google search results and on third-party websites. For this purpose, Google places a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit.

Any further data processing will only take place if you have given Google your consent to link your internet and app browsing history to your Google account and to use information from your Google account to personalize ads that you view on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google will temporarily link your personal data to Google Analytics data to create target groups.

These processing operations are carried out exclusively with the granting of explicit
consent in accordance with Art. 6 (1) (a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data
Privacy Framework. This constitutes an adequacy decision in accordance with Art. 45
GDPR, meaning that personal data may be transferred without any further guarantees or additional measures.

You can view Google Ads’ privacy policy and further information at: https://
www.google.com/policies/technologies/ads/

11. Plugins and other services
11.1 Google Translate (GTranslate)

Our website contains components from GTranslate, GTranslate Inc., 7957 N University
Dr #355, Parkland, FL 33067, USA.

We use GTranslate to offer visitors an automated language translation. The service is used in the interest of a multilingual orientation of our online offerings. This plugin enables the translation to be carried out automatically by Google (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

For this purpose, the browser you use must connect to the GTranslate and Google servers. This allows GTranslate and Google to know that our website was accessed via your IP address. They collect, store and process information in order to provide users with better services.

The following data, among others, is processed:

• IP address
• Language
• access time and
• the page you visited

The data processing is carried out on the basis of your consent in accordance with Art. 6 Para. 1 lit. a) GDPR.

For all transfers outside the EEA, appropriate safeguards will be put in place in accordance with European law.

The transfer of your personal data to the USA is based on the standard contractual clauses.

You can view Gtranslate’s privacy policy at: https://gtranslate.io/privacypolicy.

12. Payment providers
12.1 PayPal

We have integrated PayPal components on this website. The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. PayPal is an online

Payment service providers. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no traditional account number. PayPal makes it possible to make online payments to third parties or to receive payments. PayPal also performs escrow functions and offers buyer protection services.

If you select “PayPal” as a payment option during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing. The personal data transmitted to PayPal usually includes first and last name, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. Personal data related to the respective order is also necessary for processing the purchase contract.

The purpose of transmitting the data is to process payments and prevent fraud. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. This transmission is for the purpose of checking identity and creditworthiness.

PayPal may pass on personal data to affiliated companies and service providers or
subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of them.

You have the option of revoking your consent to PayPal handling your personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal is used in the interest of proper and smooth payment processing. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Your personal data will only be transmitted if you give your express consent in accordance with Art. 6 (1) (a) GDPR.

PayPal’s applicable data protection regulations can be found at https:// www.paypal.com/de/webapps/mpp/ua/privacy-full.

12.2 Apple Pay

We have integrated the payment option via Apple Pay on this website. Apple Pay is a
payment service provided by Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. Apple Pay enables users to make payments securely and conveniently via compatible Apple devices. Payments are processed via the

Wallet app stored payment methods (e.g. credit cards or debit cards) without the complete payment data being transmitted to the merchant.

If you select the payment option “Apple Pay” during the ordering process in our online shop, your data will be automatically transmitted to Apple. By selecting this payment option, you consent to the transmission of personal data required for payment processing.

The personal data transmitted to Apple Pay usually includes information about payment, billing and delivery addresses, and other data necessary for transaction processing. Apple does not store complete transaction data and does not pass it on to us. Processing takes place locally on your Apple device and via an encrypted connection.

The purpose of transmitting the data is to process payments and prevent fraud. Apple may pass on personal data to affiliated companies and service providers if this is necessary to fulfill contractual obligations or if the data is processed on behalf of the latter.

You have the option to revoke your consent to the processing of personal data by Apple at any time. A revocation does not affect personal data that must be processed for payment processing.

Apple Pay is used in the interest of secure and efficient payment processing and represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Personal data will only be transmitted with express consent in accordance with Art. 6 (1) (a) GDPR.

Apple’s applicable data protection regulations can be accessed at the following
link: https://www.apple.com/legal/privacy/de-ww/.

12.3 Immediately

We have integrated components of Sofortüberweisung on this website. The operating company of Sofortüberweisung is SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany, part of Klarna Bank AB, (publ), Sveavägen 46, 111 34 Stockholm, Sweden. Sofortüberweisung is a payment service that enables cashless payment for products and services on the Internet. Sofortüberweisung is a technical process through which the online retailer receives immediate confirmation of payment. This enables a retailer to deliver goods, services or downloads to the customer immediately after the order hasbeen placed.

If you select “Instant bank transfer” as a payment option during the order process in our online shop, your data will be automatically transferred to Sofortüberweisung. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

When making a purchase using Sofortüberweisung, you send your PIN and TAN to Sofort GmbH. Sofortüberweisung carries out a transfer to us after technically checking your account balance and retrieving additional data to check whether the account is covered. We are automatically notified that this financial transaction has been carried out.

The personal data exchanged with Sofortüberweisung includes first and last names,
address, email address, IP address, telephone number, mobile phone number or other data that is necessary for payment processing. The purpose of transmitting the data is to process payments and prevent fraud. We will also transmit other personal data to Sofortüberweisung if there is a legitimate interest in the transmission. The personal data exchanged between Sofortüberweisung and us may be transmitted by Sofortüberweisung to credit agencies. This transmission is for the purpose of checking identity and creditworthiness.

Sofortüberweisung may pass on personal data to affiliated companies and service
providers or subcontractors if this is necessary to fulfil the contractual obligations or if the data is to be processed on behalf of them.

The data subject has the option of revoking his or her consent to the handling of
personal data by Sofortüberweisung at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

Sofort is used in the interest of proper and smooth payment processing. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Your personal data will only be transmitted if you give your express consent in accordance with Art. 6 (1) (a) GDPR.

You can view Sofort’s privacy policy at: https://www.klarna.com/de/
datenschutz/ .

12.4 Credit card payment (Mastercard, Visa, American Express)

In our online shop we offer the option of making payments by credit card (Mastercard, Visa, American Express). Payments are processed via an authorized payment service provider who handles the processing of the transactions.

If you select the “credit card” payment option during the ordering process, your payment details will be sent directly to the respective payment service provider. This usually includes your first and last name, billing and delivery address, email address, credit card number, expiration date and security code (CVV). We do not store the complete payment information.

The purpose of transmitting the data is to process payments and prevent fraud. The
payment service provider may pass on personal data to credit agencies for identity and credit checks. In addition, data may be passed on to affiliated companies or processors if this is necessary to process the contract.

You can revoke your consent to the processing of your data at any time. However, revocation will not affect transactions that have already taken place and were necessary for payment processing.

The use of credit card payments is in the interest of secure and smooth payment
processing and represents a legitimate interest within the meaning of Art. 6 Paragraph 1 lit. f) GDPR. The transmission of personal data takes place exclusively with your express consent in accordance with Art. 6 Paragraph 1 lit. a) GDPR.

The data protection regulations of the respective credit card providers can be found under the following links:

– Mastercard:https://www.mastercard.de/de-de/datenschutz.html
– Visa:https://www.visa.de/legal/privacy-policy.html
– American Express:https://www.americanexpress.com/de/legal/onlinedatenschutzerklarung.html

13. Your rights as a data subject
13.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data
concerning you is being processed.

13.2 Right to information Art. 15 GDPR

You have the right to obtain from us at any time, free of charge, information about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.

13.3 Right to rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning
you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

13.4 Deletion Art. 17 GDPR

You have the right to request that we delete the personal data concerning you immediately if one of the statutory reasons applies and if processing or storage is not necessary.

13.5 Restriction of processing Art. 18 GDPR

You have the right to request that we restrict processing if one of the legal requirements is met.

13.6 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have made available to us, in a structured, common and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data was made available without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 Para. 1 lit. a) GDPR or Art. 9 Para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b) GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 Para. 1 GDPR, you have the right to have the personal data transmitted directly from one
controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

13.7 Objection Art. 21 GDPR

You have the right to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f) (data processing based on a balance ofinterests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

In individual cases, we process personal data in order to conduct direct advertising. You can object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.

 In addition, you have the right to object to the processing of personal data concerning you which we carry out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to perform a task carried out in the public interest, for reasons related to your particular situation.

You are free to exercise your right of objection by automated means using technical
specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

13.8 Revocation of data protection consent

You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

13.9 Complaint to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

14. Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period necessary to achieve the
purpose of storage or as provided for by the legal provisions to which our company is subject. If the purpose of storage no longer applies or a prescribed storage period expires, the personal data will be blocked or deleted routinely and in accordance with legal requirements.

15. Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective statutory
retention period. After expiry of the period, the corresponding data is routinely deleted unless it is no longer required for the performance or initiation of a contract.