data protection

privacy policy

Thank you for your interest in our company. Data protection is of a high priority for Hanseatic Brands GmbH. The use of our website is possible without providing personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could be necessary. In this case, we generally obtain the consent of the data subject, unless there is a statutory basis for the processing. The processing of personal data such as the name, address, e-mail address, or telephone number of a data subject is always carried out in accordance with the General Data Protection Regulation (GDPR), and the country-specific data protection regulations that apply to Hanseatic Brands GmbH. This data protection declaration informs the public of the type, scope, and purpose of the personal data we collect, use and process. In addition, we inform data subjects of their rights. As the controller, Hanseatic Brands GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed on our website. Nevertheless, Internet-based data transmissions may have security gaps, which is why absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example by telephone.

1 Definitions

The data protection declaration of Hanseatic Brands GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easily readable and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy we use, among others, the following terms:

1. a) Personal data: Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. b) Data subject: A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
3. c) Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or linking, restriction, erasure or destruction.
4. d) Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
5. e) Profiling: Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. f) Pseudonymisation: Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
7. g) Controller or person responsible for processing: Controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her nomination may be provided for by Union or Member State law.
8. h) Processor: A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
9. (i) Recipient: Recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients.
10. j) Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process personal data under the direct responsibility of the controller or processor.
11. k) Consent: Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes in the form of a statement or other unambiguous confirmatory act by which the data subject signifies agreement to the processing of personal data concerning him or her.

2 Person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR)

The controller for data processing within the meaning of the General Data Protection Regulation is Hanseatic Brands GmbH, Luisenweg 109, 20537 Hamburg, Germany, telephone: +49 40 6689 30 60, email: info@hanseatic-brands.com. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

3 Contact

When you contact us (e.g. via contact form or email), personal data is collected. You can see what this is from the contact form. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is stored automatically and on a voluntary basis. This personal data is used exclusively for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

4 Collection of general data and information

The website of Hanseatic Brands GmbH collects a series of general data and information each time it is accessed by a data subject or an automated system. This data and information is stored in the server log files and includes, among other things, (1) browser types and versions used, (2) the operating system of the accessing system, (3) the website from which the accessing system reaches our website (so-called referrer), (4) the sub-websites accessed by the accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) similar data and information used to avert dangers in the event of attacks on our information technology systems.

Hanseatic Brands GmbH does not draw any conclusions about the data subject from this general data and information. This information is necessary to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and its advertising, (3) ensure the long-term functionality of our information technology systems and our website, and (4) provide law enforcement authorities with the necessary information for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is evaluated by Hanseatic Brands GmbH both statistically and to increase data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

5 cookies

The Hanseatic Brands GmbH website uses cookies. Cookies are text files that are placed and saved on a computer system via an Internet browser. Many websites and servers use cookies that contain a so-called cookie ID. The cookie ID is a unique identifier of the cookie that enables websites and servers to identify the specific Internet browser in which the cookie was saved and to distinguish it from other Internet browsers with other cookies. By using cookies, Hanseatic Brands GmbH can provide users of this website with more user-friendly services that would not be possible without the cookie setting. Cookies can be used to optimize the information and offers on our website for the user, as they enable us to recognize users of our website. This makes it easier for users to use our website, as they do not have to re-enter their access data every time they visit, for example, as this information can be taken from the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in an online shop. The online shop can remember the items that a customer has placed in the virtual shopping cart using a cookie. The person concerned can prevent the setting of cookies through our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

6 Registration on our website

The data subject has the option of registering on the controller’s website by providing personal data. The personal data transmitted to the controller can be seen from the respective input mask used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller can arrange for the data to be passed on to one or more processors, for example a parcel service provider, who also uses the personal data exclusively for internal use attributable to the controller. By registering on the controller’s website, the IP address assigned to the data subject by the Internet service provider (ISP), the date and time of registration are also stored. This data is stored because this is the only way to prevent misuse of our services and, if necessary, to enable crimes to be solved. In this respect, the storage of this data is necessary to protect the controller. This data is generally not passed on to third parties unless there is a legal obligation to pass it on or the passing on is for criminal prosecution purposes. The registration of the data subject with the voluntary provision of personal data enables the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database. The controller will provide any data subject with information on request at any time about which personal data about the data subject is stored. Furthermore, the controller will correct or delete personal data at the request or indication of the data subject, provided that this does not conflict with any statutory retention periods. All of the controller's employees are available to the data subject as contact persons in this context.

7 Subscription to our newsletter

On the Hanseatic Brands GmbH website, users are given the opportunity to subscribe to our company's newsletter. Hanseatic Brands GmbH regularly informs its customers and business partners about company offers by means of a newsletter. In order to receive the newsletter, the data subject must provide a valid e-mail address and register to receive the newsletter. To confirm registration, a confirmation e-mail is sent using the double opt-in procedure to check authorization to receive the newsletter. When registering for the newsletter, the IP address of the computer system used and the date and time of registration are stored in order to be able to trace and legally protect against possible misuse of the e-mail address. The personal data collected as part of the newsletter registration is used exclusively to send the newsletter. The data is not passed on to third parties. The subscription to the newsletter can be canceled by the data subject at any time, and consent to the storage of personal data can also be revoked at any time; a corresponding link is provided in every newsletter for this purpose. Alternatively, you can unsubscribe directly on the website of the data controller. The newsletters of Hanseatic Brands GmbH contain so-called tracking pixels, which enable a statistical evaluation of the success of online marketing campaigns. These tracking pixels record whether and when an email was opened and which links in the email were accessed. The personal data collected in this process are stored and evaluated by the data controller in order to optimize the newsletter dispatch and to align the content of future newsletters with the interests of the data subject. The personal data will not be passed on to third parties. The data subject can revoke consent to newsletter tracking at any time, which will delete the stored data. Unsubscribing from the newsletter is automatically regarded as revoking newsletter tracking.

8 Data processing for order processing

The personal data we collect will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment details to the commissioned credit institution as part of the payment processing, insofar as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 Para. 1 lit. b GDPR.

 

payment options

Shopify Payments: We use the payment service provider “Shopify Payments”, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, payment processing will be carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information on Shopify Payments’ data protection can be found at the following internet address: https://www.shopify.com/legal/privacy.
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

Paypal: When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The data is passed on in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for the payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values ​​(so-called score values). Insofar as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, among other things, but not exclusively, address data. For further information on data protection, including information on the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.

use of an external inventory management system

We use a merchandise management system to process contracts as part of order processing. For this purpose, your personal data collected as part of the order is transmitted to JTL-Software GmbH, Rheinstrasse 7, 41836 Hückelhoven. Name, address and any other personal data will be passed on to JTL in accordance with Art. 6 Paragraph 1 Letter b of GDPR solely for the purpose of processing the online order. Your data will only be passed on if this is actually necessary for processing the order. Details on JTL's data protection and the data protection declaration of JTL-Softeware GmbH can be viewed on the JTL website at "www.jtl-software.de/datenschutz".

9 Rights of the data subject

9.1 The applicable data protection law grants you comprehensive rights as a data subject (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we will inform you below:

- Right to confirmation: According to Article 15 of the General Data Protection Regulation (GDPR), every data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed. If you wish to exercise this right of confirmation, you can contact an employee of the controller at any time. The controller will respond to your request appropriately and within the period provided for in the GDPR and inform you whether your personal data is being processed and, if so, which data this concerns, for what purpose it is being processed, to whom it may have been transmitted and for how long it will be stored. Exercising the right to confirmation is free of charge for you and is usually done electronically or in writing.

- Right to information in accordance with Art. 15 GDPR: In particular, you have the right to information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed of the guarantees in accordance with Art. 46 GDPR when your data is forwarded to third countries;

- Right to rectification in accordance with Art. 16 GDPR: You have the right to have inaccurate data concerning you rectified without delay and/or to have incomplete data stored by us completed;

- Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

- Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved, or if you have lodged an objection for reasons related to your particular situation, as long as it has not yet been determined whether our legitimate reasons outweigh yours;

- Right to information in accordance with Art. 19 GDPR: If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the responsible party, this party is obliged to inform all recipients to whom the personal data concerning you was disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure. You have the right to be informed of these recipients.

- Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller, where technically feasible;

- Right to revoke consent granted in accordance with Art. 7 Para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation;

- Right to lodge a complaint pursuant to Art. 77 GDPR: If you consider that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

9.2 Right of objection

If we process your personal data based on our overriding legitimate interest as part of a balancing of interests, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation. If you exercise your right of objection, we will stop processing the data in question. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If we process your personal data in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise your objection as described above. If you exercise your right of objection, we will stop processing the data concerned for direct marketing purposes.

10 Duration of storage of personal data

The duration for which personal data is stored is determined based on the respective legal basis, the purpose of processing and – if applicable – also based on the respective statutory retention period (e.g. retention periods under commercial and tax law).

When personal data is processed on the basis of an explicit consent in accordance with Art. 6 (1) (a) GDPR, these data will be stored until the data subject revokes his or her consent.

If there are statutory retention periods for data that are processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, these data will be routinely deleted after expiry of the retention periods, provided that they are no longer required to fulfill or initiate a contract and/or we no longer have a legitimate interest in continuing to store them.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, these data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When personal data is processed for the purpose of direct advertising on the basis of Art. 6 (1) (f) GDPR, these data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (2) GDPR. Unless the other information in this declaration on specific processing situations indicates otherwise, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful.

11. Data protection provisions on the application and use of Google Analytics (with anonymization function)

The controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, gathering and evaluation of data on the behavior of visitors to websites. A web analysis service collects, among other things, data on the website from which a data subject came to a website (so-called referrers), which subpages of the website were accessed, or how often and for how long a subpage was viewed. Web analysis is mainly used to optimize a website and to carry out the cost-benefit analysis of internet advertising. The operator of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. This addition shortens and anonymizes the IP address of the data subject's internet connection if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area. The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our websites, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject is automatically prompted through the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical procedure, Google receives knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently enable commission settlements.

The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Whenever our website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

The data subject can prevent the setting of cookies through our website, as already explained above, at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the option of objecting to the collection of data generated by Google Analytics relating to the use of this website as well as the processing of this data by Google and of preventing such collection. To do so, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information relating to visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is regarded by Google as an objection. If the information technology system of the data subject is deleted, formatted, or reinstalled at a later date, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and Google's applicable data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

12. Data protection provisions regarding the application and use of Google AdWords

The controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google AdWords enables an advertiser to pre-define certain keywords by means of which an ad will only be displayed in Google's search engine results when the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are distributed on topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords. The operating company of the Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google AdWords is to promote our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

If a data subject reaches our website via a Google ad, a so-called conversion cookie is stored on the information technology system of the data subject by Google. What cookies are has already been explained above. A conversion cookie expires after thirty days and is not used to identify the data subject. The conversion cookie is used, provided the cookie has not yet expired, to track whether certain sub-pages, such as the shopping cart of an online shop system, were accessed on our website. The conversion cookie enables both us and Google to track whether a data subject who reached our website via an AdWords ad generated sales, i.e. completed or canceled a purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. We in turn use these visit statistics to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify the person concerned.

The conversion cookie is used to store personal information, such as the websites visited by the data subject. Each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

The data subject can prevent the setting of cookies through our website, as already explained above, at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do so, the data subject must call up the link www.google.de/settings/ads from each of the Internet browsers they use and make the desired settings there.

Further information and Google’s applicable data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/.

13. Data protection provisions regarding the application and use of YouTube

The controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to upload video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why both complete film and television programs, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal. The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Each time one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical procedure, YouTube and Google receive knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website the data subject is visiting when they call up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always receive information via the YouTube component that the data subject has visited our website, provided that the data subject is logged in to YouTube at the same time as accessing our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, he or she can prevent the transmission by logging out of their YouTube account before accessing our website.

The privacy policy published by YouTube, which is available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.

14. Data protection provisions regarding the application and use of MailChimp

The newsletter is sent via MailChimp, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp can use this data to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for commercial purposes in order to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them directly or to pass it on to third parties.

We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement " Privacy Shield " and is therefore committed to complying with EU data protection regulations. We have also concluded a " Data Processing Agreement " with MailChimp. This is a contract in which MailChimp undertakes to protect our users' data, to process it on our behalf in accordance with its data protection regulations and, in particular, not to pass it on to third parties. You can view MailChimp's data protection regulations here https://www.intuit.com/privacy/statement/.