Privacy Policy

The responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Sana Sport Club GmbH
Dijana Stevanovic
Bahnhofstrasse 12
5605 Dottikon

Email: info@sanasportclub.ch
Website: https://sanasportclub.ch/

General Notice

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Federal Act (Data Protection Act, DSG), every person has the right to protection of their privacy as well as protection against misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations as well as this privacy policy.

In cooperation with our hosting providers, we strive to protect the databases as well as possible from unauthorized access, loss, misuse, or falsification.

We would like to point out that data transmission on the internet (e.g., when communicating by email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

By using this website, you agree to the collection, processing, and use of data as described below. This website can generally be visited without registration. In the process, data such as accessed pages or the name of the retrieved file, date, and time are stored on the server for statistical purposes without these data being directly related to your person. Personal data, in particular name, address, or email address, are collected on a voluntary basis whenever possible. Without your consent, the data will not be passed on to third parties.

Processing of Personal Data

Personal data refers to any information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, particularly the storage, disclosure, acquisition, deletion, retention, modification, destruction, and use of personal data.

We process personal data in accordance with Swiss data protection law. In addition, and to the extent that the EU GDPR applies, we process personal data based on the following legal grounds in accordance with Art. 6(1) GDPR:

• Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.

• Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.

• Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

• Protection of vital interests (Art. 6(1)(d) GDPR) – Processing is necessary to protect the vital interests of the data subject or of another natural person.

• Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

• Application procedures as a pre-contractual or contractual relationship (Art. 9(2)(b) GDPR) – To the extent that special categories of personal data within the meaning of Art. 9(1) GDPR (e.g., health data such as disability status or ethnic origin) are requested from applicants during the application process so that the controller or the data subject can exercise rights arising from employment law and the law of social security and social protection and fulfill their respective obligations, processing is carried out in accordance with Art. 9(2)(b) GDPR; in the case of protection of vital interests of the applicants or other persons in accordance with Art. 9(2)(c) GDPR; or for purposes of preventive health care or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, health or social care or treatment, or the management of health or social care systems and services in accordance with Art. 9(2)(h) GDPR. In the case of a voluntary disclosure of special categories of data, processing is based on Art. 9(2)(a) GDPR.

We process personal data for as long as it is necessary for the respective purpose or purposes. In the case of longer retention obligations due to legal or other requirements to which we are subject, we restrict processing accordingly.

 

Applicable Legal Bases

In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not specified in this privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing for the performance of our services and carrying out contractual measures, as well as responding to inquiries, is Art. 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to the input, transfer, safeguarding of availability, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Additionally, we take the protection of personal data into account when developing or selecting hardware, software, and processes in accordance with the principles of data protection by design and by default.

Transfer of Personal Data

In the course of our processing of personal data, it may happen that data is transmitted to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT responsibilities or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

 

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place as part of the use of third-party services or the disclosure or transfer of data to other persons, bodies, or companies, this will only be done in accordance with legal requirements.

Unless explicit consent has been given or the transfer is contractually or legally required, we process data only in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, certification, or binding internal data protection rules (Art. 44 to 49 GDPR; EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Privacy Policy for Cookies

This website uses cookies. Cookies are text files that store data from visited websites or domains and are saved by a browser on the user’s computer. A cookie’s primary purpose is to store information about a user during or after their visit within an online offering. Stored data may include language settings, login status, a shopping cart, or the point at which a video was watched. The term "cookies" also includes other technologies that perform the same functions (e.g., when user information is stored using pseudonymous online identifiers, also referred to as "user IDs").

The following cookie types and functions are distinguished:

• Temporary Cookies (Session Cookies): These cookies are deleted at the latest after a user leaves an online offering and closes their browser.

• Persistent Cookies: These remain stored even after the browser is closed, e.g., to save the login status or display preferred content when the user visits the site again. User interests used for reach measurement or marketing may also be stored in such cookies.

• First-Party Cookies: Set by us.

• Third-Party Cookies: Mainly used by advertisers (third parties) to process user information.

• Necessary Cookies: Essential for the operation of a website (e.g., to save logins or other user input or for security reasons).

• Statistics, Marketing, and Personalization Cookies: Used for reach measurement and to store a user’s interests or behavior (e.g., viewing certain content or using functions) in user profiles to show users content matching their potential interests (also called "tracking").

Legal Basis Information: The legal basis for processing your personal data using cookies depends on whether we ask for your consent. If consent is given, the legal basis is your stated consent. Otherwise, data processed via cookies is based on our legitimate interests (e.g., in operating our online offering economically and improving it) or, if necessary, to fulfill contractual obligations.

Storage Duration: Unless explicitly stated otherwise (e.g., in a cookie opt-in), assume that persistent cookies can be stored for up to two years.

General Information on Withdrawal and Objection (Opt-Out): Depending on whether processing is based on consent or legal permission, you can withdraw consent or object to processing at any time (collectively referred to as "opt-out"). You can declare your objection via your browser settings (e.g., by deactivating cookies, though this may restrict the website’s functionality). You can also object to the use of cookies for online marketing via https://optout.aboutads.info and https://www.youronlinechoices.com. Additional opt-out options can be found in the privacy policies of the respective service providers.

Cookie Data Processing Based on Consent: We use a cookie consent management procedure to obtain, manage, and document user consent for cookie use and related data processing. This consent is stored to avoid repeatedly asking for consent and to fulfill legal requirements. Storage may occur server-side or in a cookie (opt-in cookie or comparable technologies) to associate the consent with a user or their device. Unless otherwise stated, consent may be stored for up to two years, using a pseudonymous user ID along with the time of consent, scope of consent (e.g., categories of cookies and/or service providers), and browser, system, and device details.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data Subjects: Users (e.g., website visitors, users of online services).

Legal Bases: Consent (Art. 6(1)(a) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR).

Privacy Policy for SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator. You can recognize an encrypted connection by the change in the browser’s address line from "http://" to "https://" and by the padlock symbol in your browser’s address bar.

When SSL or TLS encryption is active, the data you transmit to us cannot be read by third parties.

 

Privacy Policy for Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

• Browser type and browser version

• Operating system used

• Referrer URL

• Hostname of the accessing computer

• Time of the server request

These data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to retrospectively check this data if we become aware of concrete indications of unlawful use.

Third-Party Services

This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.

These services from the American company Google LLC use cookies, and as a result, data is transmitted to Google in the USA. We assume that no personal tracking takes place in this context solely through the use of our website.

Google is committed to ensuring appropriate data protection in accordance with the US-European and US-Swiss Privacy Shield frameworks.

For more information, please refer to Google’s privacy policy.

Privacy Policy for Newsletter Data

If you wish to subscribe to the newsletter offered on this website, we require an email address from you as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No other data is collected. We use this data exclusively to send the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of your data, email address, and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.

Privacy Policy for the Comment Function on This Website

When you use the comment function on this website, in addition to your comment, details such as the time of the comment, your email address, and—if you are not posting anonymously—the username you have chosen will be stored.

Storage of IP Address

Our comment function stores the IP addresses of users who post comments. Since we do not review comments before publication, we need this data to take action against the author in cases of legal violations such as insults or propaganda.

Subscribing to Comments

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the provided email address. You can unsubscribe from this feature at any time via a link in the info emails.

 

Rights of Data Subjects

Right to Confirmation

Every data subject has the right to request confirmation from the website operator as to whether personal data concerning them is being processed. If you wish to exercise this right of confirmation, you can contact the data protection officer at any time.

Right of Access

Every person affected by the processing of personal data has the right to obtain free information at any time from the operator of this website about the personal data stored about them and to receive a copy of this information. Additionally, information may be provided on:

• the purposes of processing,

• the categories of personal data processed,

• the recipients to whom the personal data has been disclosed or will be disclosed,

• if possible, the planned duration for which the personal data will be stored, or, if not possible, the criteria for determining this duration,

• the existence of a right to rectification or erasure of personal data or to restriction of processing by the controller, or a right to object to such processing,

• the existence of a right to lodge a complaint with a supervisory authority,

• if the personal data is not collected from the data subject: all available information about the origin of the data.

Furthermore, the data subject has the right to know whether personal data has been transferred to a third country or an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.

To exercise your right of access, you can contact our data protection officer at any time.

Right to Rectification

Every person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them. The data subject also has the right, considering the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.

If you wish to exercise this right to rectification, you can contact our data protection officer at any time.

Right to Erasure (Right to Be Forgotten)

Every person affected by the processing of personal data has the right to request from the controller of this website that personal data concerning them be deleted immediately, provided one of the following reasons applies and the processing is not necessary:

• The personal data was collected or otherwise processed for purposes for which it is no longer necessary.

• The data subject withdraws their consent on which the processing was based, and there is no other legal basis for processing.

• The data subject objects to processing for reasons related to their particular situation, and there are no overriding legitimate grounds for the processing, or the data subject objects to processing for direct marketing purposes and related profiling.

• The personal data has been processed unlawfully.

• The erasure of personal data is necessary to comply with a legal obligation under EU or Member State law to which the controller is subject.

• The personal data was collected in relation to information society services offered directly to a child.

If one of the above reasons applies and you wish to request the deletion of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer will ensure that the deletion request is complied with immediately.

Right to Restrict Processing

Every person affected by the processing of personal data has the right to request the restriction of processing from the controller of this website if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject for a period that enables the controller to verify the accuracy of the personal data.

• The processing is unlawful, the data subject opposes the erasure of the personal data, and requests instead the restriction of its use.

• The controller no longer needs the personal data for processing purposes, but the data subject requires it to assert, exercise, or defend legal claims.

• The data subject has objected to processing for reasons related to their particular situation, and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions is met and you wish to request the restriction of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer will arrange for the restriction of processing.

Right to Data Portability

Every person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, commonly used, and machine-readable format. They also have the right to have this data transmitted to another controller where technically feasible, provided this does not adversely affect the rights and freedoms of others.

To exercise the right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.

Right to Object

Every person affected by the processing of personal data has the right to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them.

The operator of this website will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.

To exercise the right to object, you can contact the data protection officer of this website directly.

Right to Withdraw Data Protection Consent

Every person affected by the processing of personal data has the right to withdraw their consent to the processing of personal data at any time.

If you wish to exercise your right to withdraw consent, you can contact our data protection officer at any time.

 

Privacy Policy for Objection to Promotional Emails

We hereby object to the use of contact data published within the scope of the legal notice obligation for the purpose of sending unsolicited advertising and information materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited promotional information being sent, for example through spam emails.

 

Google Ads

This website uses Google Conversion Tracking. If you reached our website via a Google ad, Google Ads will place a cookie on your computer. The cookie for conversion tracking is set when a user clicks on a Google ad. These cookies expire after 30 days and do not serve to personally identify users. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of different Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can personally identify users.

If you do not wish to participate in tracking, you can refuse the necessary setting of a cookie—for example, via a browser setting that generally deactivates the automatic setting of cookies or configures your browser to block cookies from the domain "googleleadservices.com."

Please note that you must not delete the opt-out cookies as long as you do not want measurement data to be recorded. If you delete all cookies in your browser, you will need to set the respective opt-out cookie again.

Use of Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). reCAPTCHA is used to determine whether data entered on our websites (e.g., in a contact form) is entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis starts automatically as soon as the visitor accesses the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Visitors are not informed that an analysis is taking place.

The data processing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. For more information about Google reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/en/policies/privacy/ and https://policies.google.com/terms?hl=en.

Privacy Policy for Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller for this website is located outside the European Economic Area or Switzerland, the data processing for Google Analytics is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google."

The statistics obtained allow us to improve our offerings and make them more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor traffic conducted via a user ID. If you have a Google user account, you can disable the cross-device analysis of your usage in your account settings under "My Data," "Personal Data."

The legal basis for using Google Analytics is Art. 6 (1) sentence 1 lit. f GDPR. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data from Google. We point out that on this website, Google Analytics has been extended by the code "_anonymizeIp();" to ensure anonymized collection of IP addresses. As a result, IP addresses are processed in a truncated form, and direct personal reference is excluded. If the data collected about you is personally identifiable, it is immediately excluded and the personal data deleted without delay.

Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website and internet usage to the website operator.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to use all the features of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: Disable Google Analytics.

You can also prevent the use of Google Analytics by clicking on this link: Disable Google Analytics. This will store an opt-out cookie on your device that prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted, meaning you will need to set the opt-out cookies again if you wish to continue preventing this form of data collection. The opt-out cookies are set per browser and device and must therefore be activated separately for each browser, computer, or other device.

 

Privacy Policy for Facebook

This website uses features of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you visit our pages with Facebook plug-ins, a connection is established between your browser and Facebook’s servers. Data is already transmitted to Facebook during this process. If you have a Facebook account, this data can be linked to it. If you do not want Facebook to associate this data with your Facebook account, please log out of Facebook before visiting our site. Interactions, especially the use of comment functions or clicking a “Like” or “Share” button, are also transmitted to Facebook. You can learn more at: https://de-de.facebook.com/about/privacy.

Privacy Policy for Instagram

Functions of the Instagram service are integrated into our website. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

For more information, please refer to Instagram’s privacy policy: http://instagram.com/about/legal/privacy/

 

Privacy Policy for LinkedIn

We use the marketing services of the social network LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"), within our online offering.

These services use cookies, which are text files stored on your computer. This allows us to analyze how you use the website. For example, we can measure the success of our ads and show users products they have previously shown interest in.

Information collected includes, for example, data about your operating system, browser, the previously visited website (referrer URL), which web pages the user has visited, which offers the user has clicked on, and the date and time of your visit to our website.

The information generated by the cookie about your use of this website is pseudonymized and transmitted to a LinkedIn server in the USA and stored there. LinkedIn does not store the name or email address of the respective user. Instead, the data mentioned above is only assigned to the person who generated the cookie. This does not apply if the user has allowed LinkedIn to process the data without pseudonymization or has a LinkedIn account.

You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we point out that in this case, you may not be able to use all the functions of this website to their full extent. You can also object to the use of your data directly at LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We use LinkedIn Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offering and make it more interesting for you as a user. All LinkedIn companies have adopted the Standard Contractual Clauses to ensure that data traffic necessary for the development, performance, and maintenance of the services is lawfully conducted to the USA and Singapore. If we ask users for their consent, the legal basis for processing is Art. 6(1)(a) GDPR. Otherwise, the legal basis for using LinkedIn Analytics is Art. 6(1)(f) GDPR.

Third-party provider information: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; User Agreement and Privacy Policy.

 

Privacy Policy for Pinterest

This website uses social plugins of the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA ("Pinterest"). When you access a page that contains such a plugin, your browser establishes a direct connection to the servers of Pinterest. The plugin transmits log data to Pinterest's server in the USA. These log data may include your IP address, the address of the visited websites that also contain Pinterest functions, the type and settings of your browser, the date and time of the request, how you use Pinterest, and cookies.

For more information about the purpose, scope, further processing, and use of data by Pinterest as well as your rights in this regard and options to protect your privacy, please refer to Pinterest’s privacy policy: https://about.pinterest.com/de/privacy-policy

External Payment Service Providers

This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via:

• PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)

• Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)

• Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)

• American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)

• Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

• Bexio AG (https://www.bexio.com/de-CH/datenschutz)

• Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)

• Apple Pay (https://support.apple.com/de-ch/ht203027)

• Stripe (https://stripe.com/ch/privacy)

• Klarna (https://www.klarna.com/de/datenschutz/)

• Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)

• Giropay (https://www.giropay.de/rechtliches/datenschutzerklaerung) etc.

In the context of fulfilling contracts, we use payment service providers based on the Swiss Data Protection Act and, where necessary, Art. 6(1)(b) GDPR. Otherwise, we use external payment service providers based on our legitimate interests in accordance with the Swiss Data Protection Act and, where necessary, Art. 6(1)(f) GDPR, to provide our users with effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs, and checksums as well as contract, sum, and recipient-related information. These details are required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. We as operators do not receive any account or credit card information, but only information confirming (acceptance) or rejecting the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. This transmission is for the purpose of identity and credit checks. Please refer to the terms and privacy policies of the payment service providers for more information.

For payment transactions, the terms and conditions and privacy policies of the respective payment service providers apply, which are accessible within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information, and other data subject rights.

Newsletter – Klaviyo

The newsletter is sent using the mailing service provider 'Klaviyo', a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the mailing service provider here. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement, which guarantees compliance with the European level of data protection (Privacy Shield). The mailing service provider is used based on our legitimate interests in accordance with Art. 6(1)(f) GDPR and a data processing agreement pursuant to Art. 28(3) sentence 1 GDPR.

The mailing service provider may use the data of recipients in pseudonymized form—meaning without assignment to a specific user—to optimize or improve its own services, e.g., for technical optimization of the sending and presentation of the newsletters or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.

Privacy Policy for YouTube

This website incorporates features of the "YouTube" service. "YouTube" is operated by Google Ireland Limited, a company incorporated and operated under Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which provides the services within the European Economic Area and Switzerland.

Your legal agreement with "YouTube" consists of the terms and conditions available at the following link: https://www.youtube.com/static?gl=de&template=terms&hl=de. These terms form a legally binding agreement between you and "YouTube" regarding the use of the services. Google's privacy policy explains how "YouTube" handles your personal data and protects your data when you use the service.

 

Privacy Policy for Vimeo

This website incorporates plugins from the video portal Vimeo, operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Each time you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address are stored there. Interactions with Vimeo plugins (e.g., clicking the start button) are also transmitted to Vimeo and stored there. You can find more information about how Vimeo collects and uses your data in Vimeo’s privacy policy.

If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your Vimeo membership data, you must log out of Vimeo before visiting this website.

Vimeo also calls up Google Analytics via an iFrame in which the video is displayed. This is Vimeo's own tracking, to which we have no access. You can prevent Google Analytics tracking by using the deactivation tools that Google offers for some Internet browsers. You can also prevent Google from collecting and processing data generated by the Google Analytics cookie relating to your use of the website (including your IP address) by downloading and installing the browser plugin available at:

https://tools.google.com/dlpage/gaoptout?hl=en

 

Order Processing in the Online Shop with Customer Account

We process our customers’ data in accordance with the legal provisions of the Federal Act on Data Protection (DSG) and the EU General Data Protection Regulation (GDPR) within the framework of order transactions in our online shop. This is to enable them to select and order the chosen products and services, as well as to allow payment and delivery or execution.

The processed data include master data (customer data), communication data, contract data, and payment data. The persons affected by the processing are our customers, prospects, and other business partners. Processing is carried out for the purpose of providing contractual services within the operation of an online shop, billing, delivery, and customer service. We use session cookies, for example, to store the contents of the shopping cart, and permanent cookies, for example, to store the login status.

Processing is based on Art. 6 (1) lit. b (execution of order processes) and c (legally required archiving) GDPR. The required information is necessary to establish and fulfill the contract. We disclose data to third parties only within the scope of delivery, payment, or legal permissions and obligations. Data are only processed in third countries if this is necessary to fulfill the contract (e.g., at the customer’s request regarding delivery or payment).

Users may optionally create a user account, which allows them to view their orders in particular. During registration, users are provided with the required mandatory information. User accounts are not public and cannot be indexed by search engines such as Google. If users have terminated their user account, their data relating to the user account will be deleted, provided that their retention is required for commercial or tax law reasons in accordance with Art. 6 (1) lit. c GDPR. Information in the customer account remains until its deletion, with subsequent archiving in the event of a legal obligation. It is the user’s responsibility to back up their data before the end of the contract.

When registering and logging in again as well as using our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users to protect against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c GDPR.

Deletion takes place after the expiration of statutory warranty and comparable obligations. The necessity of data retention is reviewed at irregular intervals. In the case of legal archiving obligations, deletion takes place after their expiration.

Notice on Data Transfer to the USA

Our website integrates tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not considered a secure third country within the meaning of EU data protection law. US companies are obliged to hand over personal data to security authorities without the possibility for you as the data subject to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g., intelligence services) process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.

 

Copyright

The copyright and all other rights to content, images, photos, or other files on the website belong exclusively to the operator of this website or to the specifically named rights holders. Written consent from the copyright holder must be obtained in advance for the reproduction of any files.

Anyone who commits a copyright infringement without the consent of the respective rights holder may be liable to prosecution and, if applicable, subject to claims for damages.

General Disclaimer

All information provided on our website has been carefully checked. We strive to offer our information up to date, accurate, and complete. Nevertheless, errors cannot be completely ruled out, so we cannot guarantee the completeness, accuracy, or timeliness of information, including journalistic and editorial content. Liability claims for material or immaterial damage caused by the use of the provided information are excluded unless there is evidence of intentional or grossly negligent fault.

The publisher may, at its own discretion and without notice, modify or delete texts and is not obliged to update the contents of this website. Use of or access to this website is at the visitor's own risk. The publisher, its clients, or partners are not responsible for damages, including direct, indirect, incidental, determinable, or consequential damages, allegedly caused by visiting this website, and therefore assume no liability.

The publisher also assumes no responsibility or liability for the content and availability of third-party websites that are accessible via external links on this website. The operators of the linked pages are solely responsible for their content. The publisher expressly distances itself from all third-party content that may be relevant under criminal or liability law or that violates common decency.

Changes

We may amend this privacy policy at any time without prior notice. The version published on our website at the time applies. If the privacy policy is part of an agreement with you, we will inform you of any updates by email or in another suitable manner.

Questions for the Data Protection Officer

If you have any questions about data protection, please email us or contact the person responsible for data protection listed at the beginning of this privacy policy.