Privacy policy

Change Cookie Settings

1) Information on the collection of personal data and contact details of the person responsible for this

1.1 We are pleased that you are visiting our website and would like to thank you for your interest. Below you will find information about how your personal data is processed when you use our website. Personal data is any information by which you can be personally identified.

1.2 The company responsible for the data processing on this website in accordance with the General Data Protection Regulation (GDPR) is NutraPet® Systems Deutschland GmbH, Nürtinger Straße 62, 72667 Schlaitdorf, Deutschland, Tel: 49 7127 96 07 70, Email: info@nutrapet.de. The person responsible for the processing of personal data is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data.

1.3 The company has appointed a data protection officer, who can be contacted as follows: “Data Protection Officer Rolf Ament, Villastr. 2,73230 Kirchheim, Tel: +49 1703722660, Email: ament@derdatenschuetzer.de”

1.4 Diese Website nutzt aus Sicherheitsgründen und zum Schutz der Übertragung personenbezogener Daten und anderer vertraulicher Inhalte (z.B. Bestellungen oder Anfragen an den Verantwortlichen) eine SSL-bzw. TLS-Verschlüsselung. Sie können eine verschlüsselte Verbindung an der Zeichenfolge „https://“ und dem Schloss-Symbol in Ihrer Browserzeile erkennen.

2) Data collection when you visit our website

When you use our website for information purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (“server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • our visited website
  • date and time at the time of access
  • amount of data sent in bytes
  • source/link from which you accessed the page
  • browser used
  • operating system used
  • IP address used (if applicable: in anonymous form)

Processing takes place in accordance with Article 6 paragraph 1 point (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are any concrete indications of illegal use.

3) Cookies

In order to make our website attractive to visitors and to enable the use of certain functions, we use cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values to varying degrees. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can check the duration of the respective cookie storage in the overview of the cookie settings of your web browser.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g., remembering the contents of a virtual shopping basket for a later visit to the website). If individual cookies implemented by us also process personal data, this data will be processed in accordance with either Article 6 paragraph 1 point (b) GDPR for the performance of a contract, in accordance with Article 6 paragraph 1 point (a) GDPR where consent has been given or in accordance with Article 6 paragraph 1 point (f) GDPR to safeguard our legitimate interests in providing the best possible functionality of the website as well as ensuring it is customer-friendly and effectively designed.

Please note that you can configure your browser so that you are informed about the use of cookies and can individually decide whether to accept them or to exclude cookies in specific cases or in general. Each browser differs in the way it manages cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. These can be found under the following links for each of the different browsers:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that the functionality of our website may be restricted if cookies are not accepted.

4) Contacting us

Personal data is collected when you contact us (e.g., via contact form or email). The respective contact form indicates what data is collected in the form This data is stored and used solely for the purpose of responding to your request or establishing contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Article 6 paragraph 1 point (f) GDPR. If the purpose of your contact is to conclude a contract, an additional legal basis for data processing is Article 6 paragraph 1 point (b) GDPR. Your data will be deleted after completion of the processing of your enquiry. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no statutory storage requirements to the contrary.

5) Data processing when opening a customer account and for contract processing

In accordance with Article 6 paragraph 1 point (b) GDPR, personal data will also be collected and processed if you provide it to us for the performance of a contract or when opening a customer account. The respective input forms indicate what data is collected. It is possible to delete your customer account at any time by sending a message to the controller at the above address. We store and use the data provided by you for contract processing. Upon complete fulfilment of the contract or deletion of your customer account, your data will be blocked with due consideration for retention periods under tax and commercial law and deleted upon expiry of these periods, unless you expressly consent to the further use of your data or we reserved the right to further use of your data in a legally permitted way, about which we will inform you accordingly below.

6) Use of your data for direct marketing

6.1 Subscription to our email newsletter

If you subscribe to our email newsletter, we will send you information about our offers on a regular basis. The only mandatory information required in order for us to send you the newsletter is your email address. Any other information disclosed is on a voluntary basis and will be used to address you personally. We use the so-called double opt-in process to send you our newsletter. This means that we will only send an email newsletter if you have explicitly confirmed that you consent to us sending you the newsletter. We will then send you a confirmation email with a link to confirm that you wish to receive the newsletter in future.

By clicking the confirmation link, you give us your consent for the use of your personal data in accordance with Article 6 paragraph 1 point (a) GDPR. When you register for the newsletter, we will save your IP address as entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any misuse of your email address at a later date. The data collected by us when you subscribe for the newsletter will be used exclusively for promotional purposes by means of the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the controller named above. After you unsubscribe, your email address will be deleted immediately from our newsletter mailing list, unless you have expressly consented to the further use of your data or we reserve the right to further use your data in a legally permitted way, about which we will inform you in this declaration.

6.2 Sending the email newsletter to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for goods or services similar to those already purchased. In accordance with Article 7 paragraph 3 of the German Act against Unfair Competition (UWG), we need not obtain your specific consent for this. The data processing is thus carried out solely on the basis of our legitimate interest in personalised direct marketing in accordance with Article 6 paragraph 1 point (f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with future effect by sending a notification to the controller named above. In doing so, you will only incur transmission costs charged at the basic rates. After receiving your objection, we will immediately stop using your email address for marketing purposes.

7) Data processing for order handling

7.1 To process your order, we work together with the following service provider(s), which support us wholly or partially in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract fulfilment, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution within the framework of payment processing, if this is necessary for payment processing. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the transfer of data is Article 6 paragraph 1 point (b) GDPR.

7.2 Use of payment service providers

– Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment in instalments” via PayPal, we will forward your payment data for payment processing to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The data is transmitted in accordance with Article 6 paragraph 1 point (b) GDPR and only insofar as this is necessary for payment processing.
PayPal reserves the right to carry out credit checks for the payment methods credit card via PayPal, direct debit via PayPal or, if offered, “purchase on account” or “payment by instalments” via PayPal. For this purpose, your payment data may be passed on to to credit agencies on the basis of PayPal’s legitimate interest in determining your solvency in accordance with Article 6 paragraph 1 point (f). PayPal uses the result of the credit assessment in relation to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on recognised scientific, mathematical-statistical methods. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including the credit agencies used, please refer to PayPal’s privacy statement:https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

8) Use of social media: Social Plug-Ins

8.1 AddThis bookmarking plug-ins with Shariff solution

Our website uses social plug-ins (“plug-ins”) by the bookmarking service AddThis, operated by AddThis LLC, Inc. 8000 Westpark Drive, Suite 625, McLean, VA 2210, USA (“AddThis”) as part of Oracle Corporation.

In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plug-ins and only fully operational when using an HTML link. This type of integration ensures that no connection to the AddThis servers is established when you visit a page of our website containing such buttons. When you click on the button, a new browser window opens and calls up the AddThis page, where you can interact (if necessary, after entering your login details) with the plug-ins contained there.

Oracle Corporation, the umbrella organisation of AddThis based in the United States, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.

You can revoke your consent at any time by deactivating the activated plug-in by clicking on the button again. However, the revocation has no influence on the data that has already been transmitted to AddThis.

The purpose and scope of the data collection and the further processing and use of data by AddThis, as well as your relevant rights and setting options for the protection of your privacy, can be found in the AddThis privacy statement at:
http://www.addthis.com/privacy/privacy-policy

8.2 Facebook plug-ins with 2-click solution

Our website uses social plug-ins (“plug-ins”) from the social network Facebook, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

In order to increase the protection of your data when visiting our website, the plug-ins are initially disabled via the so-called “2-click” solution integrated into the page. Deactivated plug-ins can be recognised by the fact that they are greyed out. This integration ensures that no connection to the Facebook servers is established when you visit a page of our website containing such plug-ins. Your browser only establishes a direct connection to Facebook’s servers when you activate the plug-ins and thus give your consent to the transfer of data in accordance with Article 6 paragraph 1 point (a) GDPR. The content of the respective plug-in is directly transmitted to your browser and integrated into the page. The plug-in then sends data (including your IP address) to Facebook. We have no control over the amount of data Facebook collects using these plug-ins. To the best of our knowledge, Facebook will in any case be informed about which of our websites you have currently and previously visited. By integrating the plug-ins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in. The information collected (including your IP address) is directly transmitted from your browser to a Facebook server in the USA and stored there. When you interact with the plug-ins, the relevant information is also directly transmitted to a Facebook server and stored there. The information is also published on Facebook and displayed to your contacts.

You can revoke your consent at any time by deactivating the activated plug-in by clicking on the button again. However, the revocation has no influence on the data that has already been transmitted to Facebook.

Facebook Inc. based in the USA is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.

The purpose and scope of the data collection and the further processing and use of data by Facebook, as well as your relevant rights and setting options for the protection of your privacy, can be found in the Facebook data policy at:
https://www.facebook.com/policy.php

8.3 Instagram as a standard plug-in

Our website uses social plug-ins (“plug-ins”) from the online service Instagram operated by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins can be recognised by the Instagram logo, for example in the form of an “Instagram camera”. An overview of Instagram plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.

When you visit a page of our website, which contains such a plug-in, your browser will establish a direct connection to the Instagram servers. The content of the respective plug-in is directly transmitted from Instagram to your browser and integrated into the page. By integrating these plug-ins, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) will be directly transmitted from your browser to an Instagram server in the USA and stored there.

If you are logged in to Instagram, Instagram will be able to assign your visit to our website to your Instagram account. When you interact with the plug-ins, such as pressing the “Instagram camera” button, this information is also directly transmitted to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts.

The described data processing processes are carried out in accordance with Article 6 paragraph 1 point (f) GDPR on the basis of Instagram’s legitimate interest in the insertion of personalised advertising to inform other users of the social network about your activity on our website and for demanded-oriented design of the Instagram service.

If you do not want Instagram to link the data collected on our website to your Instagram account, you must log out of Instagram before visiting our website. You can also prevent the loading of the Instagram plug-ins and thus the data processing processes described above with add-ons for your browser for the future, e.g., with the script blocker ‘NoScript’ (http://noscript.net/).
Instagram LLC. based in the USA is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.

The purpose and scope of the data collection and the further processing and use of data by Instagram, as well as your relevant rights and setting options for the protection of your privacy, can be found in the Instagram data policy at:
https://help.instagram.com/155833707900388/

9) Use of social media: Videos

Use of YouTube videos

This website uses the YouTube embedding function for display and playback of videos offered by the provider YouTube, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google).This website uses the YouTube embedding function for display and playback of videos offered by the provider YouTube, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google).

To this end, the extended data protection mode is used to ensure, according to provider information, that user information will only be stored once the playback function of the video is started. When the playback of embedded YouTube videos is started, the provider sets YouTube cookies in order to collect information about user behaviour. According to information from YouTube, the use of those cookies is intended, among other things, to record video statistics, to improve user-friendliness and to avoid improper actions. If you are logged in to Google, your information will be directly associated with your account when you click on a video. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation takes place in particular in accordance with Article 6 paragraph 1 point (f) GDPR on the basis of the legitimate interests of Google in the insertion of personalised advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. When using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
Regardless of whether the embedded video is played back, a connection to the Google network is established when visiting this website. This may result in further data processing beyond our control.

For the transfer of personal data to Google LLC. based in the USA, Google LLC. is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be found here: https://www.privacyshield.gov/list

Further information on data protection at YouTube can be found in the provider’s privacy policy at: https://policies.google.com/privacy?hl=en-EN

To the extent required by law, we have obtained your consent to the processing of your data as described in accordance with Article 6 paragraph 1 point (a) GDPR. You can withdraw your consent at any time with effect for the future. In order to exercise your right of withdrawal, please follow the procedure described above.

10) Online-Marketing

Facebook pixel for the creation of custom audiences
Facebook pixel of the social network Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook), is used as part of our online service.
If a user clicks on an advertisement placed by us, which is displayed on Facebook, an addition is added to the URL of our linked page by Facebook pixel. If our page allows data to be shared with Facebook via pixel, this URL parameter is written into the user’s browser via a cookie, which is set by the linked page itself. This cookie is then read by Facebook pixel and enables the data to be forwarded to Facebook.
With the help of the Facebook pixel, Facebook is able to identify visitors to our online service as a target group for the display of ads (so-called “Facebook ads”). To this effect, we use the Facebook pixel to only display Facebook ads placed by us to Facebook users who have shown an interest in our online offer or who demonstrate certain characteristics (e.g., interest in certain topics or products determined on the basis of websites visited) which we transmit to Facebook (so-called “custom audiences”). With the help of Facebook pixel, we also want to ensure that our Facebook ads match the potential interest of users and are not annoying. This allows us to evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were forwarded to our website after clicking on a Facebook ad (so-called “conversion”).
The collected data is anonymous and does not provide us with any information about the user’s identity. However, the data is stored and processed by Facebook to enable a connection to the respective user profile and to allow Facebook to use the data for its own advertising purposes in accordance with the Facebook data usage guidelines (https://www.facebook.com/about/privacy/).

The data may enable Facebook and its partners to place advertisements on and off Facebook.
The data processing associated with the use of the Facebook pixel is based on our predominantly legitimate interest in the evaluation, optimisation and economic operation of our online offer and our advertising measures in accordance with Article 6 paragraph 1 point (f) GDPR.
The information generated by Facebook is usually transferred to a Facebook server and stored there. This may also result in transmission to the servers of Facebook Inc. in the USA. Facebook Inc. based in the USA is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.

If you want to object to data collection by Facebook pixel and the use of your data for displaying Facebook ads, you can set an opt-out cookie by clicking on the following link, which deactivates Facebook pixel tracking:

Change Cookie Settings

This opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click on the above link again.
To the extent required by law, we have obtained your consent to the processing of your data as described in accordance with Article 6 paragraph 1 point (a) GDPR. You can withdraw your consent at any time with effect for the future. In order to exercise your right of withdrawal, please follow the procedure described above.

11) Web analytics services

Google (Universal) Analytics

Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics tool from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google). Google (Universal) Analytics uses “cookies”, which are text files stored on your computer, and which allow your use of the website to be analysed. The information generated by the cookie about your use of this website (including your truncated IP address) is usually transferred to a Google server and stored there, and may also be transferred to the servers of Google LLC. in the USA.
This website uses Google Analytics solely with the “_anonymizeIp()” extension, which ensures your IP address is anonymised by shortening it and prevents it being linked directly to a particular individual. Through this extension, your IP address will be shortened beforehand by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a server of Google LLC. in the USA and shortened there. In these exceptional cases, data will be processed in accordance with Article 6 paragraph 1 point (f) GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
Google will use this information on our behalf to analyse your use of the website, to compile reports on website activities and to provide us with other services related to the use of the website and the Internet. The IP address transferred from your browser by Google (Universal) Analytics will not be combined with other Google data.
You can prevent the storage of cookies by using the appropriate setting on your browser software. However, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of the data (including your IP address) generated by the cookie relating to your use of the website, as well as Google’s processing of this data, by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plug-in or on browsers on mobile devices, please click the following link to place an opt-out cookie to prevent any data collection by Google Analytics within this website in future (this opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you will need to click this link again):

Change Cookie Settings

You can find more information on Google (Universal) Analytics here: https://policies.google.com/privacy?hl=de&gl=de
For the transfer of personal data to Google LLC. based in the USA, Google LLC. is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be found here: https://www.privacyshield.gov/list
To the extent required by law, we have obtained your consent to the processing of your data as described in accordance with Article 6 paragraph 1 point (a) GDPR. You can withdraw your consent at any time with effect for the future. In order to exercise your right of withdrawal, please follow the procedure described above.

12) Tools and miscellaneous

12.1 Borlabs
This website uses the cookie consent tool Borlabs from the provider Mr Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (Borlabs), which sets two technically necessary cookies (“borlabsCookie” and “borlabsCookieUnblockContent”) to store your cookie preferences. The aforementioned processing takes place in accordance with Article 6 paragraph 1 point (f) GDPR on the basis of our legitimate interest in the provision of a cookie preference management system for website visitors.
The “Borlabs Cookie” does not process any personal data. The “borlabsCookie” stores your chosen preference, which you selected upon opening the website. The “borlabsCookieUnblockContent” cookie stores which (external) media/content you always want to have automatically unblocked. If you wish to revoke these settings, simply delete the cookies in your browser. When you re-enter/reload the website, you will be asked again for your cookie preferences.

12.2 - Google Web Fonts
This site uses web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google) to uniformly display fonts. When you call up a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
To do this, the browser you are using must have a connection to Google’s servers. This may result in personal data being transmitted to the servers of Google LLC. in the USA. In this way, Google will be informed that our website has been accessed via your IP address. Google Web Fonts are used for the purpose of a uniform and attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Article 6 paragraph 1 point (f) GDPR. If your browser does not support web fonts, a default font is used by your computer.
For the transfer of personal data to Google LLC. based in the USA, Google LLC. is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be found here: https://www.privacyshield.gov/list
Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the Google privacy policy: https://www.google.com/policies/privacy/

12.3 Google reCAPTCHA

On this website we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is mainly used to distinguish whether an entry is being made by a natural person or being misused by automatic and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Article 6 paragraph 1 point (F) GDPR on the basis of our legitimate interest in determining the individual willingness of actions on the Internet and avoiding misuse and spam. When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA.

For the transfer of personal data to Google LLC. based in the USA, Google LLC. is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be found here: https://www.privacyshield.gov/list

Further information about Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/

To the extent required by law, we have obtained your consent to the processing of your data as described in accordance with Article 6 paragraph 1 point (a) GDPR. You can withdraw your consent at any time with effect for the future. In order to exercise your right of withdrawal, please follow the procedure described above.

12.4 Wordfence

We have included Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter Wordfence).

Wordfence is designed to protect our website from unwanted access or malicious cyberattacks. To accomplish this, our website establishes a permanent connection with Wordfence’s servers, which check and block their databases against access to our website.

The use of Wordfence is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective protection of his website against cyberattacks. If the appropriate consent has been requested, processing will be carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

13) Rights of the data subject

13.1 The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data:

  • Right of access by the data subject pursuant to Article 15 GDPR: You shall have the right to receive information about the personal data processed by us; the purposes of the processing; the categories of processed personal data; the recipients or categories of recipients to whom the personal data has been or will be disclosed; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request the rectification or erasure of personal data or restriction of processing personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data is not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling and at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject; the appropriate safeguards pursuant to Article 46 GDPR when personal data is transferred to a third country.
  • Right to rectification pursuant to Article 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and/or the right to have incomplete personal data, which is stored by us, completed.
  • Right to erasure pursuant to Article 17 GDPR: You have the right to obtain the erasure of personal data concerning you if the conditions of Article 17 paragraph 1 GDPR are fulfilled. However, this right will not apply for exercising the freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • Right to restriction of processing pursuant to Article 18 GDPR: You have the right to obtain restriction of processing of your personal data, as long as the accuracy of your personal data contested by you will be verified; if you oppose the erasure of your personal data because of unlawful processing and you request the restriction of its use instead; if you require the personal data for the establishment, exercise or defence of legal claims, once we no longer need this data for the purposes of the processing; if you have objected to processing on grounds relating to your personal situation pending the verification whether our legitimate grounds override your grounds.
  • Right to be informed pursuant to Article 19 GDPR: If you have asserted the right of rectification, erasure or restriction of processing against the controller, they are obliged to communicate to each recipient to whom the personal data has been disclosed any rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.
  • Right to data portability pursuant to Article 20 GDPR: You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to require that this data is transmitted to another controller, where technically feasible;
  • Right to withdraw a given consent pursuant to Article 7 paragraph 3 GDPR: You have the right to withdraw your consent for the processing of personal data at any time with effect for the future. In the event of withdrawal, we will immediately erase the data concerned, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
  • Right to lodge a complaint pursuant to Article 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

13.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

14) Duration of storage of personal data

The duration of the storage of personal data is based on the respective legal basis, the purpose of processing and – if relevant – on the respective legal retention period (e.g., commercial and tax retention periods).

If personal data is processed on the basis of an express consent pursuant to Article 6 paragraph 1 point (a) GDPR, this data is stored until the data subject revokes their consent.

If there are legal storage periods for data that is processed within the framework of legal or similar obligations on the basis of Article 6 paragraph 1 point (b) GDPR, this data will be routinely deleted after expiry of the storage periods if it is no longer necessary for the fulfilment of the contract or the initiation of the contract and/or if we no longer have a legitimate interest in further storage.
When processing personal data on the basis of Article 6 paragraph 1 point (f) GDPR, this data is stored until the data subject exercises their right of objection in accordance with Article 21 paragraph 1 GDPR, unless we can provide compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If personal data is processed for the purpose of direct marketing on the basis of Article 6 paragraph 1 point (f) GDPR, this data is stored until the data subject exercises their right of objection in accordance with Article 21 paragraph 2 GDPR.

Unless otherwise stated in the information contained in this declaration on specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.