Privacy policy

Last updated: July 1st, 2026

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in the privacy policy below.

Data Collection on This Website
Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Information on the Responsible Party” in this privacy policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This may include, for example, data you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This primarily includes technical data (e.g. internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour. If contracts can be concluded or initiated via the website, the data transmitted will also be processed for contract offers, orders, or other enquiries.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you may withdraw this consent at any time for the future.

You also have the right, under certain circumstances, to request restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
For this purpose, as well as for further questions regarding data protection, you may contact us at any time.

Analysis tools and tools from third parties

When visiting this website, your browsing behaviour may be statistically analysed. This is primarily done using so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

IONOS SE
Elgendorfer Str. 57 | 56410 Montabaur | Germany
Phone: +49 (0) 721 170 5522| Email: info@ionos.de

Details can be found in IONOS’s privacy policy: IONOS

The use of IONOS is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting). Consent may be revoked at any time.


Data processing agreement

We have concluded a data processing agreement (DPA) with the provider mentioned above. This is a contract required by data protection law ensuring that the processor processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Notices

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We point out that data transmission over the internet (e.g. communication by email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Information on the responsible party

The responsible party for data processing on this website is:

Pulmoll Kalfany GmbH
Industriegebiet West
Renkenrunsstraße 14
D-79379 Müllheim
Germany

Phone: +49 7631 36 79-0
Email: info@pulmoll.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

Storage duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for processing no longer applies. If you request deletion or revoke consent, your data will be deleted unless we are legally required to retain it (e.g. tax or commercial retention periods). In the latter case, deletion takes place after these obligations expire.


Legal basis for processing

If you have given consent, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR if special categories of data are processed. If you have expressly consented to the transfer of personal data to third countries, processing is also based on Art. 49 (1) (a) GDPR.

If cookies or access to information on your device are stored with your consent, processing is additionally based on Section 25 (1) TDDDG. Consent may be withdrawn at any time.

If your data is required for contract fulfilment or pre-contractual measures, we process it based on Art. 6 (1) (b) GDPR. Furthermore, we process data if required to fulfil a legal obligation (Art. 6 (1) (c) GDPR). Processing may also be based on our legitimate interest (Art. 6 (1) (f) GDPR). The relevant legal basis is explained in the following sections of this privacy policy.

Data protection officer

We have appointed a data protection officer:

Michael Gruber
BSP-SECURITY
Thundorferstr. 10
D-93047 Regensburg
Germany

Phone: +49 941 46290929
Email: michael.gruber@bsp-security.de

Recipients of personal data

In the course of our business activities, we work with various external parties. In some cases, it is necessary to transfer personal data to these external parties. We only transfer data if this is required for contract fulfilment, legally required, based on legitimate interest, or otherwise permitted. When using processors, data is transferred only on the basis of a valid data processing agreement. In cases of joint processing, a joint processing agreement is concluded.

Withdrawal of consent

Many data processing operations are only possible with your express consent. You may withdraw consent at any time. The legality of processing carried out before withdrawal remains unaffected.

Right to object (Art. 21 GDPR)

If data processing is based on Art. 6 (1) (e) or (f) GDPR, you have the right to object at any time for reasons arising from your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds.

If your data is processed for direct marketing purposes, you have the right to object at any time. If you object, your data will no longer be used for direct marketing.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

Right to data portability

You have the right to receive data we process automatically on the basis of your consent or a contract in a commonly used, machine-readable format.

Access, rectification and deletion

You have the right to access, correct, or delete your personal data at any time within the legal framework.

Right to restriction of processing

You have the right to request restriction of processing in certain cases, e.g. if you contest the accuracy of your data or object to processing.

SSL/TLS encryption

This site uses SSL/TLS encryption for security. You can recognize this by “https://” and the lock symbol in your browser.

Objection to advertising emails

The use of contact data published under legal notice obligations for sending unsolicited advertising is prohibited. Legal action may be taken against spam emails.

4. Data Collection on This Website

Cookies

This website uses cookies. Cookies are small data files stored on your device.
Cookies may be session cookies (deleted after your visit) or persistent cookies (stored until deleted).
Cookies may be first-party or third-party cookies.
Cookies serve different purposes: some are technically necessary, others are used for analysis or advertising.
Necessary cookies are stored based on Art. 6 (1) (f) GDPR. If consent is given, processing is based on Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG.

You can configure your browser to control cookie settings. Disabling cookies may limit website functionality.

If you want, I can next:

  • format this into a Shopify legal page layout
  • or shorten it into a UK/US-style simplified privacy policy
  • or adapt it for cookie banner compliance wording


Consent with Pandectes GDPR Compliance

Our website uses Pandectes GDPR Compliance to obtain your consent for the storage of certain cookies on your device or for the use of specific technologies, and to document this in compliance with data protection regulations. The provider of this technology is Pandectes Limited, Vasileos Georgiou A, 60, 4048 Limassol, Cyprus (hereinafter referred to as “Pandectes”).

When you access our website, a connection is established to Pandectes’ servers. The provider receives personal data such as browser information, IP address, and a timestamp. A cookie is then stored in your browser in order to assign the consent you have given or any withdrawal of consent to you.

The data collected in this way is stored until you request deletion, delete the cookie yourself, or the purpose for storage no longer applies. Statutory retention obligations remain unaffected.

Details can be found at: https://pandectes.io/

The use of Pandectes GDPR Compliance is carried out to obtain the legally required consent for the use of cookies. The legal basis is Art. 6 (1) (c) GDPR.

Data Processing Agreement

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, ensuring that the provider processes personal data of website visitors only in accordance with our instructions and in compliance with the GDPR.

Server Log Files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing device
  • Time of server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of the website; server log files are therefore required.

Contact Form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact information you provide there, will be stored and processed for the purpose of handling your request and for follow-up questions. We do not share this data without your consent.

Processing of this data is based on:

  • Art. 6 (1) (b) GDPR, if your request relates to a contract or pre-contractual measures
  • Art. 6 (1) (f) GDPR, based on our legitimate interest in efficiently handling enquiries
  • Art. 6 (1) (a) GDPR, if consent has been requested

Consent may be withdrawn at any time.

The data entered in the contact form remains with us until you request deletion, withdraw your consent, or the purpose for data storage no longer applies (e.g. after your enquiry has been fully processed). Statutory retention periods remain unaffected.

Enquiries by Email, Phone, or Fax

If you contact us by email, telephone, or fax, your enquiry, including all resulting personal data (e.g. name, enquiry details), will be stored and processed for the purpose of handling your request. We do not share this data without your consent.

Processing of this data is based on:

  • Art. 6 (1) (b) GDPR, if related to a contract or pre-contractual measures
  • Art. 6 (1) (f) GDPR, based on our legitimate interest in efficiently handling enquiries
  • Art. 6 (1) (a) GDPR, if consent has been requested

Consent may be withdrawn at any time.

Data sent to us via contact requests remains stored until you request deletion, withdraw consent, or the purpose for storage no longer applies (e.g. after your enquiry has been processed). Statutory retention obligations remain unaffected.

5. Social Media

Facebook

This website integrates elements of the Facebook social network. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the data collected may also be transferred to the United States and other third countries.

An overview of Facebook Social Plugins can be found here:
https://developers.facebook.com/docs/plugins/

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives information that you have visited this website using your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This enables Facebook to associate your visit to this website with your user account. Please note that, as the website operator, we have no knowledge of the content of the data transmitted or how Facebook uses it.

Further information can be found in Facebook's Privacy Policy:
https://www.facebook.com/privacy/policy/

This service is used on the basis of your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. You may withdraw your consent at any time.

Where personal data is collected on our website using this tool and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing in accordance with Art. 26 GDPR. This joint responsibility is limited exclusively to the collection of the data and its transmission to Facebook. Any processing carried out by Facebook after the transfer is not part of the joint responsibility.

The respective obligations have been set out in a Joint Controller Agreement, available at:
https://www.facebook.com/legal/controller_addendum

Under this agreement, we are responsible for providing privacy information regarding the use of the Facebook tool and for implementing the tool on our website in compliance with data protection laws. Facebook is responsible for the security of Facebook products. You may exercise your data subject rights (e.g. requests for access) directly with Facebook. If you assert these rights with us, we are obliged to forward your request to Facebook.

Data transfers to the United States are based on the European Commission's Standard Contractual Clauses (SCCs). Further information is available at:

Meta participates in the EU–US Data Privacy Framework (DPF), which is intended to ensure compliance with European data protection standards for data processing in the United States. Further information is available at:
https://www.dataprivacyframework.gov/


Instagram

This website includes functions of the Instagram service. These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that, as the website operator, we have no knowledge of the content of the data transmitted or how Instagram uses it.

This service is used on the basis of your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. You may withdraw your consent at any time.

Where personal data is collected on our website using this tool and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing in accordance with Art. 26 GDPR. This joint responsibility is limited solely to the collection of the data and its transfer to Facebook or Instagram. Any subsequent processing carried out by Meta is not part of the joint responsibility.

The Joint Controller Agreement is available at:
https://www.facebook.com/legal/controller_addendum

Under this agreement, we are responsible for providing privacy information regarding the use of the Facebook and Instagram tools and for implementing them on our website in compliance with data protection laws. Meta is responsible for the security of Facebook and Instagram products. You may exercise your data subject rights directly with Meta. If you contact us, we are required to forward your request.

Data transfers to the United States are based on the European Commission's Standard Contractual Clauses (SCCs). Further information is available at:

Additional information can be found in Instagram's Privacy Policy:
https://privacycenter.instagram.com/policy/

Meta participates in the EU–US Data Privacy Framework (DPF). Further information is available at:
https://www.dataprivacyframework.gov/


LinkedIn

This website uses components of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Whenever you access a page on this website containing LinkedIn elements, a connection to LinkedIn's servers is established. LinkedIn is informed that you have visited this website using your IP address. If you click LinkedIn's "Recommend" button while logged into your LinkedIn account, LinkedIn may associate your visit to this website with your user account. Please note that, as the website operator, we have no knowledge of the content of the transmitted data or how LinkedIn uses it.

This service is used on the basis of your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. You may withdraw your consent at any time.

Data transfers to the United States are based on the European Commission's Standard Contractual Clauses (SCCs). Further information is available at:
https://www.linkedin.com/legal/privacy-policy

You can find additional information in LinkedIn's Privacy Policy:
https://www.linkedin.com/legal/privacy-policy

LinkedIn participates in the EU–US Data Privacy Framework (DPF), which is intended to ensure compliance with European data protection standards for data processing in the United States. Further information is available at:
https://www.dataprivacyframework.gov/


6. Analysis Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking, analytics and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or perform any independent analysis. It merely serves to manage and deploy the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the efficient integration and management of various tools on the website. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting). Consent may be withdrawn at any time.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these data protection standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses the functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the website, operating systems used and the user's origin. This data is assigned to the respective website visitor's device using a User ID.

In addition, Google Analytics allows us to record your mouse and scroll movements as well as clicks. Google Analytics also uses various modelling approaches to supplement the collected data sets and applies machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of users for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the United States and stored there.

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent may be withdrawn at any time.

The transfer of data to the United States is based on the European Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these data protection standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymisation

Google Analytics IP anonymisation is enabled. As a result, your IP address is shortened by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity and provide further services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

More information on how Google Analytics handles user data can be found in Google's Privacy Policy: https://support.google.com/analytics/answer/6004245.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history and demographic data (visitor data). This data may be used by Google Signals for personalised advertising. If you have a Google account, visitor data collected through Google Signals is linked to your Google account and used for personalised advertising messages. The data is also used to create anonymised statistics about the behaviour of our users.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Measurement

This website uses the "E-Commerce Measurement" feature of Google Analytics. With the help of E-Commerce Measurement, the website operator can analyse the purchasing behaviour of website visitors in order to improve online marketing campaigns. Information such as completed orders, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data may be consolidated by Google under a transaction ID assigned to the respective user or their device.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in Google Search results or on third-party websites when users enter certain search terms (keyword targeting). Furthermore, targeted advertisements may be displayed based on user data available to Google (e.g. location data and interests) (audience targeting). As the website operator, we can evaluate this data statistically, for example by analysing which search terms led to the display of our advertisements and how many advertisements resulted in corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent may be withdrawn at any time.

The transfer of data to the United States is based on the European Commission's Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780.

Google Ads Remarketing

This website uses the Google Ads Remarketing features. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads Remarketing allows us to assign users who interact with our online offering to specific target groups in order to display interest-based advertising to them within the Google advertising network (remarketing or retargeting).

In addition, the advertising audiences created with Google Ads Remarketing can be linked with Google's cross-device functions. This allows personalised, interest-based advertising messages that have been adapted to your previous usage and browsing behaviour on one device (e.g. mobile phone) to also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalised advertising at the following link: https://adssettings.google.com/anonymous?hl=en.

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent may be withdrawn at any time.

Further information and Google's privacy policy can be found at: https://policies.google.com/technologies/ads?hl=en.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780.

Audience Building with Customer Matching

To create target audiences, we use Google Ads Remarketing Customer Match. As part of this process, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the respective customers are Google users and are signed in to their Google Account, they may be shown relevant advertising messages within the Google network (e.g. on YouTube, Gmail, or Google Search).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Conversion Tracking enables Google and us to determine whether users have completed certain actions. For example, we can evaluate which buttons on our website are clicked most frequently and which products are viewed or purchased most often. This information is used to generate conversion statistics. We receive the total number of users who clicked on our advertisements and the actions they performed. We do not receive any information that personally identifies users. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. You may withdraw your consent at any time.

Further information about Google Conversion Tracking can be found in Google's Privacy Policy: https://policies.google.com/privacy?hl=en.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these data protection standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780.

Klaviyo

We use Klaviyo on this website. The provider is Klaviyo Inc., 125 Summer Street, Floor 6, Boston, MA 02110, USA ("Klaviyo").

Klaviyo is a marketing automation platform used for sending emails, SMS messages, push notifications, and collecting customer reviews for e-commerce businesses.

For this purpose, Klaviyo stores your consent to receive email marketing communications. The following personal data may be processed in particular: name, telephone number, email address, postal address, IP address, device identifiers, and usage data (such as interactions between a user and the Klaviyo platform, the website, or emails, as well as browser information, operating system, and referring URL).

The use of Klaviyo is based on Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent may be withdrawn at any time.

Further information can be found in Klaviyo's Privacy Policy: https://www.klaviyo.com/legal/privacy.

Klaviyo is certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available at: https://www.dataprivacyframework.gov/participant/6149.

The provider also uses the European Commission's Standard Contractual Clauses (SCCs) for transfers of personal data to third countries. Details can be found here: https://www.klaviyo.com/legal/data-processing-agreement.

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) with Klaviyo. This agreement ensures that Klaviyo processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Meta Pixel (formerly Facebook Pixel)

This website uses the Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data may also be transferred to the United States and other third countries.

This allows us to track the behaviour of website visitors after they have been redirected to our website by clicking on a Meta advertisement. This enables us to evaluate the effectiveness of Meta advertisements for statistical and market research purposes and to optimise future advertising campaigns.

The collected data is anonymous to us as the website operator, and we cannot draw any conclusions about the identity of individual users. However, the data is stored and processed by Meta, allowing it to be linked to your Facebook or Instagram profile. Meta may use this data for its own advertising purposes in accordance with the Meta Data Policy: https://www.facebook.com/privacy/policy/.

This enables Meta to display advertisements on Facebook, Instagram, and other advertising channels. We have no influence over this use of the data.

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. You may withdraw your consent at any time.

We use the Advanced Matching feature of the Meta Pixel.

Advanced Matching enables us to transmit additional customer information collected via our website to Meta, including, for example, city, state, postal code, hashed email addresses, names, gender, date of birth, and telephone numbers. This allows us to tailor our advertising campaigns on Facebook and Instagram more precisely to users who are interested in our products or services. Advanced Matching also improves attribution of website conversions and enhances the creation of Custom Audiences.

Where personal data is collected on our website using this tool and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing pursuant to Art. 26 GDPR. This joint responsibility is limited exclusively to the collection and transfer of the data to Meta. Any subsequent processing carried out by Meta is not part of the joint responsibility.

The respective obligations have been defined in a Joint Controller Agreement, available at:
https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information regarding the use of the Meta tool and for implementing the tool on our website in a GDPR-compliant manner. Meta is responsible for the security of Meta products. You may exercise your data subject rights (e.g. requests for access) regarding data processed by Facebook or Instagram directly with Meta. If you exercise these rights with us, we are obliged to forward your request to Meta.

The transfer of data to the United States is based on the European Commission's Standard Contractual Clauses. Further information is available at:

Further information on how Meta protects your privacy can be found here:
https://www.facebook.com/privacy/policy/

You can also disable the Custom Audiences remarketing feature in your Facebook advertising settings:
https://www.facebook.com/ads/preferences/

To do so, you must be logged in to Facebook.

If you do not have a Facebook or Instagram account, you can opt out of interest-based advertising from Meta through the European Interactive Digital Advertising Alliance:
http://www.youronlinechoices.com/

Meta is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these standards. Further information is available at:
https://www.dataprivacyframework.gov/participant/4452


Meta Conversion API

We use the Meta Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data may also be transferred to the United States and other third countries.

The Meta Conversion API enables us to record interactions of website visitors with our website and transmit them to Meta in order to improve the performance of advertising on Facebook and Instagram.

In particular, the following data may be collected: the time of the visit, the page accessed, your IP address, your user agent, and, where applicable, other specific data (such as purchased products, shopping cart value, and currency). A complete overview of the data that may be collected can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

This service is used on the basis of your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG. You may withdraw your consent at any time.

Where personal data is collected on our website using this tool and transmitted to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transmission to Meta. Any processing carried out by Meta after the data has been transmitted is not part of the joint responsibility. Our respective obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information when using the Meta tool and for implementing the tool on our website in a GDPR-compliant manner. Meta is responsible for the security of Meta products. You may exercise your data subject rights (e.g., requests for access) regarding data processed by Facebook or Instagram directly with Meta. If you exercise these rights with us, we are required to forward your request to Meta.

Data transfers to the United States are based on the European Commission's Standard Contractual Clauses. Details can be found here:

Further information on how Meta protects your privacy can be found in Meta's Privacy Policy:
https://de-de.facebook.com/about/privacy/

You can also disable the "Custom Audiences" remarketing feature in your Facebook advertising settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

You must be logged into Facebook to do so.

If you do not have a Facebook or Instagram account, you can opt out of Meta's interest-based advertising via the European Interactive Digital Advertising Alliance:
http://www.youronlinechoices.com/de/praferenzmanagement/

Meta is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the U.S. Every company certified under the DPF commits to complying with these data protection standards. More information is available at:
https://www.dataprivacyframework.gov/participant/4452

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with the provider of the above-mentioned service. This agreement is required under data protection law and ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Meta Custom Audiences

We use Meta Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites or apps, use our free or paid services, submit data to us, or interact with our company's Facebook or Instagram content, we collect your personal data. If you consent to the use of Meta Custom Audiences, we will transmit this data to Meta so that Meta can display advertising tailored to your interests. In addition, your data may be used to create target audiences (Lookalike Audiences).

Meta processes this data on our behalf as a data processor. Details can be found in Meta's terms of use:
https://www.facebook.com/legal/terms/customaudience

This service is used on the basis of your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG. You may withdraw your consent at any time.

Data transfers to the United States are based on the European Commission's Standard Contractual Clauses. Further information is available here:

Meta is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the U.S. Every company certified under the DPF commits to complying with these data protection standards. More information is available at:
https://www.dataprivacyframework.gov/participant/4452


7. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on our website, we require your email address as well as information that allows us to verify that you are the owner of the email address provided and that you consent to receiving the newsletter. No additional data is collected unless provided voluntarily. We use this data exclusively for sending the requested information and do not share it with third parties.

The processing of the data entered into the newsletter subscription form is carried out exclusively on the basis of your consent (Article 6(1)(a) GDPR). You may revoke your consent to the storage of your data, your email address, and its use for sending the newsletter at any time, for example by clicking the "unsubscribe" link included in every newsletter. The legality of any data processing carried out before your withdrawal remains unaffected.

The data you provide for the purpose of receiving the newsletter will be stored by us or our newsletter service provider until you unsubscribe from the newsletter. After you unsubscribe or the purpose for storing the data no longer applies, your data will be deleted from the newsletter distribution list. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interest pursuant to Article 6(1)(f) GDPR.

Data stored by us for other purposes remains unaffected.

After you unsubscribe from the newsletter, your email address may be stored in a blacklist by us or our newsletter service provider if necessary to prevent future mailings. The data in the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our legitimate interest in complying with legal requirements regarding newsletter distribution (Article 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to this storage if your interests outweigh our legitimate interest.

Newsletter for Existing Customers

If you order goods or services from us and provide your email address, we may subsequently use this email address to send you newsletters, provided we informed you of this beforehand. In such cases, the newsletter will contain only direct advertising for our own similar goods or services. You may unsubscribe from this newsletter at any time by using the corresponding link included in every newsletter.

The legal basis for sending newsletters to existing customers is Article 6(1)(f) GDPR in conjunction with Section 7(3) UWG (German Act Against Unfair Competition).

After unsubscribing, your email address may be stored in a blacklist to prevent future mailings. The blacklist data is used exclusively for this purpose and is not combined with other data. This serves both your interest and our legitimate interest in complying with legal requirements for sending newsletters (Article 6(1)(f) GDPR). Storage in the blacklist is not limited in time. You may object to this storage if your interests outweigh our legitimate interest.

8. Plugins and Tools

Google Fonts

This website uses Google Fonts to ensure the consistent display of fonts. Google Fonts are provided by Google.

When you visit a page, your browser loads the required fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, your browser must establish a connection to Google's servers. As a result, Google becomes aware that this website has been accessed via your IP address. The use of Google Fonts is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring a consistent presentation of fonts on the website. Where consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting). Consent may be withdrawn at any time.

If your browser does not support Google Fonts, a standard font from your computer will be used.

Further information about Google Fonts can be found at:
https://developers.google.com/fonts/faq

Google's Privacy Policy is available at:
https://policies.google.com/privacy?hl=en

Google is certified under the EU-U.S. Data Privacy Framework (DPF). More information is available at:
https://www.dataprivacyframework.gov/participant/5780


9. eCommerce and Payment Providers

Processing Customer and Contract Data

We collect, process, and use personal customer and contract data for the purpose of establishing, managing, and modifying our contractual relationships.

We collect, process, and use personal data concerning the use of this website (usage data) only to the extent necessary to enable the user to use the service or for billing purposes. The legal basis is Article 6(1)(b) GDPR.

The collected customer data will be deleted after completion of the order or termination of the business relationship and after the expiration of any applicable statutory retention periods. Statutory retention obligations remain unaffected.

Data Transfer upon Conclusion of a Contract for Online Shops, Retailers, and Shipping

When you order goods from us, we transmit your personal data to the shipping company responsible for delivery and to the payment service provider responsible for processing your payment. Only the data required by the respective service provider to perform its task is disclosed. The legal basis is Article 6(1)(b) GDPR.

If you have given your consent pursuant to Article 6(1)(a) GDPR, we will also provide your email address to the shipping company so that it can inform you about the shipping status of your order by email. You may withdraw your consent at any time.

Credit Checks

If you choose payment by invoice or another payment method where we provide services in advance, we may conduct a credit check (scoring).

For this purpose, we transmit the data you have entered (e.g., name, address, age, or banking information) to a credit agency. Based on this data, the probability of payment default is determined. If there is an excessive risk of default, we may refuse the selected payment method.

The credit check is carried out on the basis of Article 6(1)(b) GDPR (contract performance) and Article 6(1)(f) GDPR (legitimate interest in preventing payment defaults). Where consent has been obtained, the credit check is carried out on the basis of Article 6(1)(a) GDPR. Consent may be withdrawn at any time.

Payment Services

We integrate payment services provided by third-party companies on our website. If you make a purchase from us, your payment data (e.g., name, payment amount, bank account details, or credit card number) is processed by the payment service provider for the purpose of payment processing.

The respective contractual and privacy policies of the relevant providers apply to these transactions. Payment service providers are used on the basis of Article 6(1)(b) GDPR (contract performance) and Article 6(1)(f) GDPR (legitimate interest in a smooth, convenient, and secure payment process). Where consent is requested for certain processing activities, Article 6(1)(a) GDPR serves as the legal basis. Consent may be withdrawn at any time with future effect.

PayPal

This website uses PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg, as a payment service provider.

Data transfers to the United States are based on the European Commission's Standard Contractual Clauses.

Further information is available at:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full

PayPal's Privacy Policy is available at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Shopify Payments

Within the European Union, this payment service is provided by Shopify International Limited, 2nd Floor, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Further information can be found in Shopify's Privacy Policy:
https://www.shopify.com/legal/privacy

10. Our Own Services
Handling of Applicant Data

We offer you the opportunity to apply for positions with our company (for example by email, by post, or via an online application form).

Below, we inform you about the scope, purpose, and use of the personal data collected as part of the application process.

We assure you that the collection, processing, and use of your data is carried out in compliance with applicable data protection laws and all other legal requirements. Your data will be treated with the strictest confidentiality.

Scope and Purpose of Data Collection

If you submit an application to us, we process the personal data associated with your application (e.g., contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship.

The legal basis for this processing is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) GDPR (pre-contractual measures), and—if you have given your consent—Article 6(1)(a) GDPR. You may withdraw your consent at any time.

Within our company, your personal data will only be shared with individuals involved in processing your application.

If your application is successful, the data you have submitted will be stored in our data processing systems for the purpose of carrying out the employment relationship on the basis of Section 26 BDSG and Article 6(1)(b) GDPR.

Data Retention Period

If we are unable to offer you a position, if you decline a job offer, or if you withdraw your application, we reserve the right to retain the data you have submitted for up to six (6) months after the conclusion of the application process (rejection or withdrawal), based on our legitimate interests pursuant to Article 6(1)(f) GDPR.

After this period, your data will be deleted and any physical application documents will be destroyed. The retention serves primarily as evidence in the event of legal disputes. If it is apparent that the data will still be required after the six-month period (for example, due to pending or anticipated legal proceedings), the data will only be deleted once the purpose for continued retention no longer exists.

A longer retention period may also apply if you have given your consent pursuant to Article 6(1)(a) GDPR or if statutory retention obligations prevent deletion.

Inclusion in the Applicant Pool

If we are unable to offer you a position, we may offer you the opportunity to be included in our applicant pool. If you agree, all documents and information submitted as part of your application will be stored in the applicant pool so that we can contact you if suitable vacancies arise.

Inclusion in the applicant pool is based solely on your express consent pursuant to Article 6(1)(a) GDPR. Providing this consent is voluntary and is not related to the current application process.

You may withdraw your consent at any time. In this case, your data will be permanently deleted from the applicant pool unless statutory retention obligations require otherwise.

Data stored in the applicant pool will be permanently deleted no later than two (2) years after your consent has been given.