EN / DE / ES
Book a demo
Login Book a demo

Privacy Policy

for the Website www.hotelkit.net

The protection and security of your personal data are important to us. In this privacy notice, we, hotelkit GmbH (“hotelkit“), inform you about which of your personal data we process, for what purposes, on what legal basis, and how you can make use of your rights granted by the European General Data Protection Regulation (“GDPR“). We process your personal data exclusively in accordance with the provisions of the GDPR, the Austrian Telecommunications Act and the Federal Act concerning the Protection of Personal Data.

Below, we explain to you in accordance with Article 13 and 14 of the GDPR, which data we collect in connection with your visit to our website (www.hotelkit.net) and how your data is processed.

Content

1. Name and Address of the Controller

The controller within the meaning of Article 4 (7) of theGDPR is hotelkit GmbH

1.1 Contact

hotelkit GmbH
Altes Mühlhaus, Marie-Andeßner-Platz 1
5020 Salzburg
Austria
Telephone: 0662 238080

1.2 Contact Data Protection Officer

Please direct all data protection related inquiries to our data protection officer, Ing. Mag. Jürgen Hutsteiner, CIPP/E at: dataprivacy@hotelkit.net.

2. Processing Activities

We process personal data we receive from you during your visit on our website. Personal data refers to any information relating to an identified or identifiable natural person.

2.1 Access to Website – access data

When accessing the website, log data is stored in so-called server log files without being associated with your person. These logs are used for statistical analysis for the purpose of operating and optimizing the website. In addition, data is collected for security reasons, such as detecting and investigating cases of misuse. This is our legitimate interest according to Article 6 (1)(f) of the GDPR.

For the provision of our website, we use services of Hetzner Online GmbH. For further information on this, please refer to Section 3.4.

2.1.2 Categories of Data Processed

In connection with access data, the following information is collected:

  • Visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/referrer from which you accessed the website
  • Browser and operating system used
  • IP address used
2.1.3 Storage Period

The server log files are stored for a maximum of 14 days and are then automatically deleted unless we have a specific suspicion of a criminal offense. Only our server administrators have access to the log files

2.2 Website Access – Use of Cookies

Cookies are small text files stored by a website on the user’s device. Many cookies contain a unique identifier called cookie ID. A cookie ID is a string of characters that allows websites and servers to associate the specific internet browser in which the cookie is stored. This enables visited websites and servers to distinguish the browser of the data subject from other internet browsers that contain different cookies. A particular internet browser can be recognized and identified via the unique cookie ID.

By using cookies, we can provide you with more user-friendly services that would not be possible without setting the cookies.

Cookies allow for the optimization of information and offerings on the website according to the user’s preference.

The following categories of cookies are distinguished:

  • Strictly necessary cookies: These cookies are essential to ensure basic functionality of the website.
  • Performance cookies: Performance cookies collect and store information about the use of the website. Among other things, they store information associated with the username. We also use cookies that allow us to collect data on the general use of the website, which we use to continuously improve the website’s usability.
  • Functionality cookies: These cookies allow the website to be tailored to the needs of the user in order to enhance the user experience.
  • Session cookies: These are temporary cookies that remain on the user’s computer until the browser is closed and are then deleted automatically.
  • Persistent cookies: For a better user experience, these cookies are stored on your device and allow us to recognize your browser on your next visit.
  • Third-party cookies: Our website may also use cookies from partner companies with whom we collaborate for advertising, analysis, or functionality purposes. For details on the purposes and legal bases of processing such third-party cookies, please refer to the information provided below.

You can prevent or restrict the installation of cookies by adjusting your internet browser settings. You can also delete already stored cookies at any time. However, the necessary steps and measures for this depend on the specific internet browser you are using. If you have any questions, please consult the help function or documentation of your internet browser or contact its manufacturer or support.

Please note that for Flash cookies, the processing cannot be prevented through browser settings. Instead, you will need to change the settings of your Flash Player. The necessary steps and measures for this depend on the specific Flash Player you are using. If you have any questions, please consult the help function or documentation of your Flash Player or contact the manufacturer or user support.

The legal basis for processing data in connection with strictly necessary cookies is our legitimate interest in the proper and fully functional operation of the website (Article 6 (1)(f) of the GDPR).

The legal basis for processing data (e.g. analysis/statistics, tracking, etc.) in connection with the use of other cookies is the user’s consent in accordance with Article 6 (1)(a) of the GDPR in conjunction with

Section 165 (3) of the Austrian Telecommunications Act. This consent is voluntary, and you can withdraw it at any time (see Section 4). If you do not give your consent, no statistical and/or analysis cookies will be used (strictly necessary cookies will be used nonetheless).

Please note that disabling cookies may restrict the functionality of this website.

2.3 Cookie Provider

2.3.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). For more information, please refer to section 3.1.

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by these cookies about the use of this website by visitors is generally transmitted to a Google server in the USA and stored there.

The legal basis for data processing (e.g., analysis/statistics, tracking, etc.) based on the use of Google Analytics, as well as the associated reading and/or storing of data, is the respective consent of the user in accordance with Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG.

If IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. IP anonymization is active on this website.

On our behalf, Google will use this information to analyze your use of the website, compile reports on website activity, and provide other services related to website and internet usage.

The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by adjusting your browser settings accordingly. Please note that in this case, you may not be able to fully use all features of this website.

Additionally, you can prevent the transmission of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

2.3.2 Google Tag Manager

This website uses the Google service Google Tag Manager, which we use to manage website tags. We have concluded a data processing agreement with Google (see 3.1 Google Inc.).

Google Tag Manager is an auxiliary service that, as a cookie-free domain, does not store personal data but processes it only for technically necessary purposes. The Google Tag Manager ensures the loading of other components that may, in turn, collect data. Google Tag Manager itself does not access this data. More information about Google Tag Manager can be found in Google’s privacy policy.

The legal basis for data processing based on the use of Google Tag Manager is the user’s consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG. Users are informed of their right to withdraw consent (see also section 4).

2.3.3 Google Ads

We use Google Ads, an online advertising service provided by Google Inc. (“Google”), to display targeted advertisements on this website. For more information, please refer to section 3.1.

Google Ads uses cookies that allow an analysis of website usage and serve to display personalized advertisements. The information generated by these cookies regarding your use of this website and the displayed advertisements is generally transmitted to a Google server in the USA and stored there.

The legal basis for data processing (e.g., analysis, advertising, tracking) based on the use of Google Ads, as well as the associated reading and storing of data, is the user’s consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG.

If IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. IP anonymization is active on this website.

Google will use this information on our behalf to analyze your use of the website, generate reports on website activity, and provide us with other services related to website usage.

The IP address transmitted by your browser within the scope of Google Ads will not be merged with other Google data.

2.3.4 HubSpot Forms

We use HubSpot Forms, a form management tool provided by HubSpot Inc. (“HubSpot”), to collect and manage form data on this website. For more information, please refer to section 3.6.

HubSpot Forms uses cookies to analyze interactions with the forms embedded on this website and to store user data. The information generated by these cookies about the use of the forms and the entered data may be transmitted to HubSpot servers in the USA and stored there.

The legal basis for data processing (e.g., collection and management of form data, analysis, and tracking of form data) based on the use of HubSpot Forms, as well as the associated storage and processing of data, is the user’s consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG.

The data transmitted when using HubSpot Forms is used exclusively for managing and processing inquiries and forms. HubSpot will store and analyze this information on our behalf to manage form data and support us in optimizing our website and user interactions.

2.3.5 Usercentrics Consent Management Platform

We use the Usercentrics Consent Management Platform (CMP), a solution for managing cookie consents, provided by Usercentrics GmbH (“Usercentrics”).

The Usercentrics Consent Management Platform uses cookies to store your cookie settings and ensure that we obtain your consent for the use of certain cookies on our website in compliance with data protection regulations. The information generated by these cookies regarding your consent and preference management is stored on Usercentrics servers.

The legal basis for data processing (e.g., collection and storage of consents, management of cookie settings) based on the use of the Usercentrics CMP, as well as the associated storage and processing of data, is your consent in accordance with Art. 6(1)(a) GDPR.

The data stored by the Usercentrics CMP is used exclusively for managing your consents and ensuring compliance with applicable data protection regulations. Usercentrics processes this information on our behalf to store your cookie settings and support us in fulfilling consent obligations under the GDPR.

2.3.6 Hotjar

We use Hotjar, an analytics tool provided by Hotjar Ltd. (“Hotjar”), to analyze user behavior on this website and improve the user experience. For more information, please refer to section 3.5.

Hotjar uses cookies to collect information about user behavior on our website, such as clicks, mouse movements, and scrolling behavior. This information is generally transmitted to a Hotjar server and stored there.

The legal basis for data processing (e.g., analysis of user behavior, improvement of user experience) based on the use of Hotjar, as well as the associated reading and storing of data, is the user’s consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG.

The data collected by Hotjar is used exclusively to analyze website usage and to help us improve the website’s functionality. Hotjar does not provide us with any personal data and processes all data in anonymized form.

You can prevent the storage of cookies by adjusting your browser settings accordingly; please note that in this case, you may not be able to use all functions of this website in full.

2.3.7 SalesViewer

We use SalesViewer, a web analytics tool provided by SalesViewer® GmbH (“SalesViewer”), to capture and analyze visitor interactions on our website. For more information, please refer to section 3.3.

SalesViewer uses a JavaScript-based technology that collects and processes information about your usage behavior on this website. The collected data is generally transmitted to a SalesViewer server in Germany and stored there.

The legal basis for data processing (e.g., analysis/statistics, tracking, etc.) based on the use of SalesViewer, as well as the associated reading and/or storing of data, is the user’s consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG.

The collection and processing of data are carried out exclusively to identify companies visiting our website. No personal data is collected or stored. The information collected by SalesViewer is used solely for analytical purposes and is not merged with other data sources.

2.3.8 LinkedIn Insight Tag

Our website uses the conversion tool “LinkedIn Insight Tag” provided by LinkedIn Ireland Unlimited Company. This tool creates a unique cookie in your web browser, enabling the collection of the following data, among others: IP address, device and browser characteristics, and page events (e.g., page views). This data is encrypted, removed within seven days, and pseudonymized data is deleted within 90 days.

LinkedIn does not share personal data with hotelkit but provides anonymized reports about the website audience and ad performance. Additionally, LinkedIn offers retargeting capabilities via the Insight Tag, allowing the website owner to display targeted advertisements outside of their website without identifying you as a visitor.

The legal basis for data processing (e.g., analysis/statistics, tracking, etc.) based on the use of the LinkedIn Insight Tag, as well as the associated reading and/or storing of data, is the user’s consent according to Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG. Users are informed about their right to withdraw consent (see section 4). For more information about LinkedIn Ireland’s data processing activities, please visit: LinkedIn Privacy Policy. LinkedIn members can manage the use of their personal data for advertising purposes in their account settings.

2.3.9 Facebook Ads Conversion Tracking (Facebook Pixel)

Within our web offering, we use the so-called “Facebook Pixel” of the social network Facebook if you have consented to marketing cookies. This service is provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you reside in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

The legal basis for data processing (e.g., analysis/statistics, tracking, etc.) based on the use of Facebook Pixel, as well as the associated reading and/or storing of data, is the user’s consent according to Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG. Users are informed about their right to withdraw consent (see section 4).

With the help of the Facebook Pixel, Facebook can identify you as a target audience for displaying advertisements, known as “Facebook Ads.” Accordingly, the Facebook Pixel is used to ensure that hotelkit’s Facebook Ads are only shown to users who have shown interest in our website. This helps us ensure that Facebook Ads align with users’ potential interests and do not appear intrusive. Furthermore, the Facebook Pixel allows hotelkit to analyze the effectiveness of Facebook advertisements for statistical and market research purposes by tracking whether users were redirected to hotelkit’s website after clicking on a Facebook ad.

Upon your consent, the Facebook Pixel stores the cookie _fbp on your device. If you later log into Facebook or visit Facebook while already logged in, your visit to our website will be recorded in your profile. hotelkit cannot view the data collected about you and thus cannot draw conclusions about users’ identities. Facebook stores and processes the data, making it possible to link it to a specific user profile.

For more details on how the remarketing pixel works and how Facebook Ads are displayed, please visit Facebook’s Data Policy.

For more information on adjusting settings for interest-based advertising and opting out of the use of your data for Facebook Ads, visit Facebook Ad Settings.

2.3.10 Embedding YouTube Videos

We use the YouTube.com platform to upload and publicly share our videos. YouTube is a third-party service provided by Google LLC, with whom we are not affiliated.

Some YouTube videos stored on external servers are directly embedded into our website. This means that content from YouTube’s website is displayed within a section of your browser window. These videos are only accessed when you actively click on them. This technique is known as “framing.”

When you visit a page on our website containing an embedded YouTube video, a connection to YouTube’s servers is established, and the video content is transmitted to your browser.

The embedding of YouTube videos on our website occurs in “enhanced privacy mode,” a setting provided by YouTube. This ensures that YouTube does not initially store cookies on your device. When you access the page, your IP address and other data (as mentioned in section 4) are transmitted to YouTube, including information about which pages of our website you have visited. This information cannot be linked to you unless you are logged into YouTube or another Google service at the time.

Once you start playing an embedded video by clicking on it, YouTube may store cookies on your device, but these will not contain personally identifiable data unless you are logged into a Google service. You can prevent these cookies by adjusting your browser settings or using browser extensions.

The legal basis for data processing related to the embedding of YouTube videos, as well as the associated reading and/or storing of data, is the user’s consent according to Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG. Users are informed about their right to withdraw consent (see section 4).

For more information about YouTube’s data protection practices, please visit: YouTube Privacy Policy.

2.4 Contact by email or contact form

2.4.1 Purposes of Data Processing and Legal Basis

If you contact us by email or via the contact form, we will store your data for the purpose of processing your enquiry and in the event that follow-up questions arise. This is also our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR; in particular in the case of enquiries via the contact form, the processing of your data is also justified by the initiation of a contract (Art. 6 para. 1 lit. b GDPR).

We use Microsoft services to receive and send emails. Further information on this can be found under point 3.2 Microsoft.

2.4.2 Categories of Data Processed

When contacting us via email or contact form, the following information is processed:

  • Your name
  • Your email address (sender address)
  • Time of contact
  • Content of the correspondence

When you contact us via the contact form, we also store the following information – insofar provided on a voluntary basis:

  • Your position in the company
  • Name of your company
  • The phone number you have provided
  • The website you have specified

We only store and use further personal data if you consent to this or if this is legally permissible without special consent.

2.4.3 Storage Period

The personal data collected will be deleted when it is no longer needed for the purpose of contacting you, i.e. when your request has been sufficiently clarified. Please note that there may be cases where longer storage of the data is required by law.

2.5 Webinars

2.5.1 Purposes of Data Processing and Legal Basis

The legal basis for the processing of the above-mentioned personal data is the setting of pre-contractual measures with regard to a potential, future conclusion of a contract with you upon your request pursuant to Article 6 (1)(b) of the GDPR. If you work for a company, which is interested in a contractual cooperation with us, we process your data or any data of other employees on the basis of our legitimate interest in communicating and initiating a contract with the respective company as well as on the basis of the similar interest of your employer/client (Article 6 (1)(f) of the GDPR).

We use dynamic forms from Microsoft for the collection; for more information on this, see Section 3.2.

2.5.2 Categories of Data Processed

The following information is processed regularly:

  • Your name
  • Your email address
  • Company name of the company for which you are participating in the webinar
  • Position in the above-mentioned company
2.5.3 Storage Period

The personal data collected will be deleted when it is no longer needed for the purpose of conducting the webinar. However, please note that there may be cases where longer storage of the data is required by law.

2.6 Sending emails to our users for marketing purposes, including surveys

2.6.1 Purposes of Data Processing and Legal Basis

We contact potential customers and existing customers to draw attention to our services. In doing so, we only process data that has been provided to us for this purpose and for which we have been given express consent for direct marketing by the data subject (Art. 6 para. 1 lit a GDPR in conjunction with § 174 para. 1 TKG).
We regularly send emails to our existing users to inform them about existing or new functions, offers or surveys and to improve our products. For this processing activity, we process the personal data in the legitimate interest in accordance with Art. 6 para. 1 lit f GDPR. You can object to this processing activity at any time by sending us an email (unsubscribe-marketing@hotelkit.net). Professional IT service providers support us in this processing activity.

2.6.2 Categories of Data Processed
  • Name
  • Company name
  • Position
  • Feedback (surveys)
  • E-mail address
  • User
2.6.3 Storage Period

We process the personal data for this purpose for as long as you are a user, until you object. In the case of surveys, we process your feedback for up to one year after participation in the survey and delete or anonymise your feedback.

2.7 Training courses and certifications

On our website, we offer the opportunity to conduct training courses, upon successful completion of which a certificate is issued. This certificate can either be received by email or automatically sent to your LinkedIn profile via a link. Your LinkedIn profile is called up and the form for creating the certificate is called up automatically. No personal data from the training course will be used to create the form. Your personal data will be used exclusively for issuing and sending the certificate and will not be passed on to third parties unless you have expressly consented to this.

2.7.1 Purposes of data processing and legal basis

The purpose of this data processing is to offer users relevant training content and to certify them in certain subject areas. The legal basis for the processing of this data results from Art. 6 para. 1 lit. b GDPR (fulfillment of a contract) and, if applicable, Art. 6 para. 1 lit. a GDPR (consent).

2.7.2 Types of data processed

The processed data includes information that is required for the provision of training and certification. This includes personal identification data such as name and e-mail address.

2.7.3 Storage period

We only store your data for as long as is necessary to achieve the above-mentioned purposes.

3. Service Providers Used

3.1 Google Inc.

We use services provided by Google Inc., headquartered in Mountain View, California, USA, for various purposes, including website visit analysis (e.g., Google Analytics), video display (e.g., YouTube), and advertising services (e.g., Google Ads). To ensure compliance with data protection regulations, we have entered into a data processing agreement with Google pursuant to Article 28 of the GDPR.

Google transfers and processes personal data in the USA. An adequate level of data protection is ensured through the adoption of Standard Contractual Clauses (SCC) issued by the European Commission. Additionally, Google has committed to the data protection agreements between the European Union and the United States and has obtained the necessary certifications, thereby adhering to the standards and regulations of European data protection law. For more information on Google’s data protection policies, please visit: Google Privacy Policy.

3.2 Microsoft Coop

We use services provided by Microsoft Corporation, headquartered in Redmond, Washington, USA, for various purposes, including email reception and transmission, dynamic forms, and website visit analysis (e.g., Microsoft Clarity or Microsoft 365 services). We have entered into a data processing agreement with Microsoft pursuant to Article 28 of the GDPR. Additionally, Microsoft guarantees an adequate level of data protection for data transfers to third countries.

An appropriate level of data protection is ensured through the adoption of Standard Contractual Clauses (SCC) issued by the European Commission. Furthermore, Microsoft has committed to the data protection agreements between the European Union and the United States and has obtained the necessary certifications, thereby pledging compliance with European data protection standards and regulations. For more details, please visit: Microsoft Privacy Statement.

3.3 Salesforce EMEA

We use the services of Salesforce for managing contact, address, and contract data. We have entered into a data processing agreement with Salesforce pursuant to Article 28 of the GDPR. Additionally, it is contractually guaranteed that data storage occurs exclusively within the EU/EEA.

For contractual fulfillment, however, Salesforce employs other companies within its corporate group as subcontractors, including entities based in the USA. These processing activities are governed by binding corporate rules (BCR) in accordance with Article 47 of the GDPR, which have been approved. Additionally, an adequate level of data protection for any data transfers is ensured through the adoption of Standard Contractual Clauses (SCC) issued by the European Commission.

3.4 Hetzner Online

We use the services of Hetzner Online GmbH, headquartered in Gunzenhausen, Germany, for website hosting. We have entered into a data processing agreement with Hetzner. No transfer of personal data to third countries outside the EU/EEA occurs.

3.5 Hotjar

We use the services of Hotjar Ltd., headquartered in Malta, for analyzing user behavior and optimizing the user experience on our website. To ensure compliance with data protection regulations, we have entered into a data processing agreement with Hotjar pursuant to Article 28 of the GDPR.

Hotjar processes personal data exclusively within the European Union. The company is committed to complying with European data protection regulations and ensures an adequate level of data protection in accordance with the GDPR. For more information on Hotjar’s data protection policies, please visit: Hotjar Privacy Policy.

3.6 HubSpot

We use the services of HubSpot Inc., headquartered in Cambridge, Massachusetts, USA, for marketing automation, customer relationship management (CRM), as well as the analysis and optimization of our marketing activities. We have entered into a data processing agreement with HubSpot pursuant to Article 28 of the GDPR.

HubSpot transfers and processes personal data in the USA. An adequate level of data protection is ensured through the adoption of Standard Contractual Clauses (SCC) issued by the European Commission. Additionally, HubSpot has committed to the data protection agreements between the European Union and the United States and has obtained the necessary certifications, thereby adhering to the standards and regulations of European data protection law. For more information on HubSpot’s data protection policies, please visit: HubSpot Privacy Policy.

4. Data Subject Rights

Under applicable laws, you have rights concerning your personal data. If you wish to exercise these rights, please send your request by email to info@hotelkit.net or by mail, clearly identifying yourself, to the address mentioned in Section 1 above.

Below you will find an overview of your rights according to the GDPR.

4.1 Right to Confirmation and Information

You have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request information from us free of charge about the personal data stored about you, together with a copy of this data. This information includes, among others, the purpose of processing, the categories of personal data as well as the recipients.

4.2 Right of Rectification

You have the right to request immediate rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement. We will comply with this request in a timely manner, unless it conflicts with our legitimate interests or legal obligations, and we will correct, supplement, or modify your personal data accordingly.

4.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request that personal data concerning you be erased without undue delay, and we are obliged to delete personal data if one of the reasons specified in Article 17 of the GDPR applies.

4.4 Right to Restrict Processing

You have the right to request restricting the data processing if one of the conditions of Article 18 of the GDPR is met.

4.5 Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to have this data transferred directly from us to another controller.

4.6 Right to Object

You have the right to object to the processing of your data when processing is carried out for direct marketing purposes or for another purpose based on our legitimate interests under Article 6(1)(f) of the GDPR. If we process your data for legitimate purposes, you have the right to object to such processing if there are reasons based on your particular situation.

You have the right to withdraw your consent to the processing of personal data at any time in writing by sending an email to info@hotelkit.net. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.

4.8 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.

5. Data security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data is transmitted to us in encrypted form. This applies to your orders as well as to the customer login. We use the SSL (Secure Socket Layer) encryption system, but we would like to point out that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. It is not possible to provide complete protection of data from access by third parties.

To secure your data, we maintain technical and organizational security measures in accordance with Article 32 of the GDPR, which we continually adapt to the state of the art.

We do not guarantee that our offer will be available at all times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.

6. Disclosure of Data to Third Parties, No Transfer of Data Outside the EU

In principle, we only use your personal data within our company. If and to the extent that we involve third parties in the fulfillment of contracts (such as logistics service providers), these third parties will only receive personal data to the extent necessary for the corresponding service.

In the event that we outsource certain parts of data processing (“data processing on behalf of a controller”), we contractually obligate the processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

There is no transfer of data to entities or individuals outside the EU, except in the cases mentioned in Section 2.

7. Automated decision making according to Article 22 GDPR

Automated decision-making based on the personal data collected does not take place.

8. Updating of the data privacy notice

We reserve the right to make changes to this privacy notice at any time. The privacy notice is regularly updated and any changes will be published on the website.the Customer does not agree, they can object to their inclusion at any time.