This data protection information explains the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profile (hereinafter referred to as collectively referred to as “Online Offering”). With regard to the terms used, such as "processing" or "person responsible", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1) Information about the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the GDPR is Kraftling GmbH, Wilhelm-Mauser-Str. 14-16, 50827 Cologne, Germany.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or. TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.
2) Data collection when visiting our website
If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if necessary: in anonymous form)
The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
We process data as part of our website operation. This also includes disclosure by transmission to third parties and, if necessary, to so-called third countries outside the European Union ("EU") and the European Economic Area ("EEA"). If we transmit data outside the EU or the EEA, we have marked this accordingly below.
To provide our online presence, we use the services of web hosting providers who process the above data and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf.
According to Art. 6 GDPR, the legal basis for data processing is our overriding legitimate interest in the provision of our website.
Shopify shop system
We use Shopify on our website, a shop system from Shopify Inc., 150 Elgin St., 8th Fl, Ottawa, ON K2P 1L4, Canada ("Shopify").
Shopify processes the following data of our customers as part of the provision of the shop system: name, email address, delivery and billing address, payment data, company name, telephone number, IP address, information about orders, information about shops visited and supported by Shopify and information about the devices and browsers used.
The legal basis for data processing is our overriding legitimate interest in the optimal marketing of our online offer in accordance with Art. 6 Para. 1 f) GDPR.
For customers from the European Economic Area, data processing is mainly carried out by the Shopify subsidiary, Shopify International Limited, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
However, there may also be data transfers to regions outside the EU/EEA. Shopify guarantees to maintain an adequate level of data protection for these transfers as follows:
The EU Commission has issued an adequacy decision for transfers to Canada, available at: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32002D0002&from=DE .
For transmissions to the USA, Shopify guarantees the maintenance of an appropriate level of data protection by participating in the EU-US Privacy Shield.
Shopify is certified at: https://www.privacyshield.gov/participant?id=a2zt0000000TNSNAA4&status=Active .
If data is transmitted to Shopify subsidiaries in other third countries, Shopify guarantees that an appropriate level of data protection will be maintained through internal group agreements.
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies implemented by us, the processing takes place in accordance with Article 6 Paragraph 1 Letter b GDPR either to execute the contract or in accordance with Article 6 Paragraph 1 Letter f GDPR to safeguard our legitimate interests the best possible functionality of the website and a customer-friendly and effective design of the page visit.
We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we work together with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.
Please note that if cookies are not accepted, the functionality of our website may be restricted.
When contacting us (e.g. via contact form, e-mail, telephone or via social media), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been finally processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.
6) Data processing when opening a customer account and for contract processing
We process the data of our customers as part of the ordering process in our online shop to enable them to select and order the selected products and services, as well as their payment and delivery or execution.
The processed data includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services in the context of operating an online shop, billing, delivery and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
The processing takes place on the basis of Art. 6 Para. 1 lit. b (implementation of order processes) and c (legally required archiving) DSGVO. The information marked as required is required for the establishment and fulfillment of the contract. We disclose the data to third parties only within the scope of delivery, payment or within the scope of legal permits and obligations to legal advisers and authorities. The data will only be processed in third countries if this is necessary to fulfill the contract (e.g. at the customer's request for delivery or payment).
Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the required mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention being necessary for commercial or tax reasons in accordance with Article 6 (1) (c) GDPR. Information in the customer account remains until it is deleted with subsequent archiving in the event of a legal obligation. It is the user's responsibility to back up their data before the end of the contract in the event of termination.
As part of the registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (c) GDPR.
Deletion takes place after statutory warranty and comparable obligations have expired, the necessity of storing the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) storage obligation).
7) Use of your data for direct marketing
In order to provide you with regular information about our company and offers, we offer to send an e-mail newsletter. With your newsletter registration, we process the data you entered during registration (e-mail address and other voluntary information). In order to prevent misuse, we will send you an e-mail after your registration in which we ask you to confirm your registration (double opt-in procedure). In order to be able to prove the registration process in a legally compliant manner, your registration will be logged. The time of registration and confirmation as well as your IP address are affected.
The legal basis for sending the newsletter is your consent in accordance with Art. 6 Para. 1 a) GDPR. The data processing in connection with sending the confirmation e-mail for your registration and the associated data logging takes place in accordance with Art. 6 Para.1 f) DSGVO due to our legitimate interest in proving your proper registration.
We use service providers to send the newsletter, to whom we transmit the named data.
The data is transmitted to the servers of the following service providers in the USA:
Klaviyo: Klaviyo, Inc., 60 South Street, Suite 910, Boston, Massachusetts, USA
Further information on data protection can be found at:
7.2 Sending the e-mail newsletter to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for goods or services from our range by e-mail that are similar to those you have already purchased. According to Section 7 (3) UWG, we do not have to obtain your separate consent for this. In this respect, data processing takes place solely on the basis of our legitimate interest in personalized direct advertising in accordance with Article 6 (1) (f) GDPR. If you initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the person responsible named at the beginning. You only incur transmission costs for this according to the basic tariffs. After receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.
7.3 Postal Advertising
On the basis of our legitimate interest in personalized direct advertising, we reserve the right to store your first and last name, your postal address and - insofar as we have received this additional information from you as part of the contractual relationship - your title, academic degree, your year of birth and your professional, Store the industry or business name in accordance with Art. 6 Paragraph 1 lit. f GDPR and use it to send interesting offers and information about our products by post.
You can object to the storage and use of your data for this purpose at any time by sending a message to the person responsible.
8) Data processing for order processing
8.1 To process your order, we work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract, insofar as this is necessary for the delivery of the goods.
As part of the fulfillment of contracts, we use the payment service providers on the basis of Article 6 Paragraph 1 lit. b. GDPR a. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with Article 6 (1) b. DSGVO in order to offer our users effective and secure payment options.
The data processed by the payment service provider includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, only information with confirmation or negative information about the payment. Under certain circumstances, the payment service provider may transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. We refer to the terms and conditions and data protection notices of the payment service providers.
The terms and conditions and the data protection notices of the respective payment service providers apply to the payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to this for the purpose of further information and the assertion of revocation, information and other data subject rights.
8.2 In order to fulfill our contractual obligations to our customers, we work together with external shipping partners. We pass on your name and your delivery address to a shipping partner selected by us exclusively for the purpose of delivering the goods in accordance with Article 6 (1) (b) GDPR.
8.3 Disclosure of personal data to shipping service providers
If the goods are delivered by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will provide your name or that of the recipient, your address and e-mail address in accordance with Art. 6 Paragraph 1 lit. b GDPR before the delivery of the goods. for the purpose of coordinating a delivery date or for delivery notification to DHL. The data will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or the delivery notification is not possible.
If the goods are delivered by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we will provide your name, address and e-mail address before the goods are delivered Article 6 paragraph 1 lit. b GDPR for the purpose of coordinating a delivery date or delivery notification to UPS. The data will only be passed on if this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with UPS in advance or to transmit status information about the delivery of the shipment.
8.4 Use of payment service providers (payment service providers)
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installments" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, 22- 24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), continue. The transfer takes place in accordance with Art. 6 Paragraph 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. Further data protection information, including information on the credit agencies used, can be found in PayPal's data protection declaration, which you can request directly from PayPal.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
If you opt for Klarna's payment services, we ask for your consent that we may transmit the data necessary for processing the payment and an identity and credit check to Klarna. In Germany, the credit agencies mentioned in Klarna's data protection declaration can be used for identity and credit checks.
You can revoke your consent to this use of personal data at any time by contacting Klarna.
9) Use of Social Media: Social Plugins
9.1 Facebook as a default plugin
Our website uses so-called social plugins ("plugins") from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). The plugins are marked with a Facebook logo or the addition "Social Plugin from Facebook" or "Facebook Social Plugin". An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook can immediately assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or making a comment, this information is also transmitted directly to a Facebook server and stored there. The information will also be published on your Facebook profile and shown to your Facebook friends.
The data processing operations described are carried out in accordance with Article 6 (1) (f) GDPR on the basis of Facebook’s legitimate interests in the display of personalized advertising in order to inform other users of the social network about your activities on our website and to tailor the service to their needs.
If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also object to the loading of the Facebook plugins and thus the data processing operations described above with add-ons for your browser for the future, e.g. with the script blocker "NoScript" ( http://noscript.net/ ).
Facebook Inc. based in the USA is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook's data protection information:
9.2 Instagram as default plugin
Our website uses so-called social plugins (“plugins”) from the online service Instagram, which is operated by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here:
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Instagram servers. The content of the plugin is transmitted directly from Instagram to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can immediately assign your visit to our website to your Instagram account. If you interact with the plugins, for example by pressing the "Instagram Camera" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there.
The data processing operations described are carried out in accordance with Article 6 (1) (f) GDPR on the basis of Instagram’s legitimate interests in the display of personalized advertising in order to inform other users of the social network about your activities on our website and to design the service to meet their needs.
If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. You can also object to the loading of the Instagram plugins and thus the data processing operations described above with add-ons for your browser for the future, e.g. with the script blocker "NoScript" ( http://noscript.net/ ).
Instagram LLC. based in the USA is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.
The purpose and scope of the data collection and the further processing and use of the data by Instagram as well as your rights in this regard and setting options for protecting your privacy can be found in Instagram's data protection information: https://help.instagram.com/155833707900388/
10) Online Marketing
Use of Google AdWords conversion tracking
This website uses the online advertising program "Google AdWords" and, as part of Google AdWords, conversion tracking by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Adwords to draw attention to our attractive offers with the help of advertising material (so-called Google Adwords) on external websites. In relation to the advertising campaign data, we can determine how successful the individual advertising measures are. We are interested in showing you advertising that is of interest to you, in making our website more interesting for you and in achieving a fair calculation of advertising costs.
The conversion tracking cookie is set when a user clicks on an AdWords ad placed by Google. Cookies are small text files that are stored on your computer system. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. This means that cookies cannot be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can block this use by deactivating the Google conversion tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics. We use Google Adwords based on our legitimate interest in targeted advertising in accordance with Article 6 (1) (f) GDPR.
Google LLC based in the USA is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.
You can find more information about Google's data protection regulations at the following Internet address: http://www.google.de/policies/privacy/ . You can permanently deactivate cookies for advertising preferences by preventing them by setting your browser software accordingly or by downloading and installing the browser plug-in available under the following link:
11) Web Analytics Services
11.1 Google (Universal) Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server in the USA and stored there.
This website uses Google Analytics exclusively with the "_anonymizeIp()" extension, which ensures that the IP address is anonymized by shortening it and excludes direct personal reference. As a result of the extension, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. In these exceptional cases, this processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install:
As an alternative to the browser plugin or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent future detection by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain, delete your cookies in this browser, you have to click this link again): Disable Google Analytics
Google LLC based in the USA is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.
11.2 Hotjar (hotjar Ltd.)
This website uses the Hotjar web analytics service from Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788).
With this tool, movements on the websites on which Hotjar is used can be traced (so-called heat maps). For example, you can see how far users scroll and which buttons they click how often. It is also possible to use the tool to obtain feedback directly from the users of the website. In this way, we obtain valuable information in order to make our websites even faster and more customer-friendly. The above analysis is based on our legitimate interests for optimization and marketing purposes and the interest-based design of our website in accordance with Article 6 (1) (f) GDPR. When using this tool, we pay particular attention to the protection of your personal data. So we can only understand which buttons you click and how far you scroll. Areas of the website in which personal data from you or third parties is displayed are automatically hidden by Hotjar and are therefore not traceable at any time.
Hotjar offers every user the option of using a “Do Not Track header” to prevent the use of the Hotjar tool, so that no data about the visit to the respective website is recorded. This is a setting that all standard browsers support in current versions. To do this, your browser sends a request to Hotjar to deactivate the tracking of the respective user. If you use our website with different browsers/computers, you must set up the “Do Not Track header” for each of these browsers/computers separately.
Detailed instructions with information about your browser can be found at: https://www.hotjar.com/opt-out
Learn more about Hotjar Ltd. and via the Hotjar tool can be found at: https://www.hotjar.com
12) Retargeting/ Remarketing/ Referral Advertising
Facebook Custom Audience via the pixel process
Due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 , USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law
( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active ).
With the help of the Facebook pixel, Facebook is able to determine the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to only display the Facebook ads we have placed to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, which are based on the visited website). websites are determined), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The processing of the data by Facebook takes place within the framework of Facebook's data usage guidelines. Accordingly, general information on the display of Facebook ads in Facebook's data usage guidelines:
Specific information and details about the Facebook pixel and how it works can be found in the Facebook help area:
You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. In order to set which types of advertisements are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions for setting usage-based advertising there: https://www.facebook.com/settings?tab=ads . The settings are platform-independent, ie they are adopted for all devices, such as desktop computers or mobile devices.
Furthermore, when using the Facebook pixel, we use the additional function "extended comparison" (here data such as telephone numbers, e-mail addresses or Facebook IDs of the users are used) to form target groups ("Custom Audiences" or "Look Alike Audiences") Facebook (encrypted) transmitted. Further information on "extended matching": https://www.facebook.com/business/help/611774685654668 ).
We also use the "Custom Audiences from File" procedure of the social network Facebook, Inc. In this case, the e-mail addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload serves solely to determine recipients of our Facebook ads. We want to ensure that the ads are only displayed to users who are interested in our information and services.
Facebook messenger chat
If you write us a personal message via Facebook and give us permission to do so, we will use personal messages to inform you about Kraftling news such as new products and special offers. If you want to use this channel to communicate with our support, we will only exchange personal information with you that is necessary to process the request.
Google AdWords Remarketing
We use the marketing and remarketing services (“Google Marketing Services” for short) on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO). ”) of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law
( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).
The Google marketing services allow us to display advertisements for and on our website in a more targeted manner in order to only present users with advertisements that potentially match their interests. If, for example, a user is shown ads for products that he was interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are accessed, Google executes a code directly and so-called (re)marketing tags (invisible graphics or code, also known as "web referred to as "beacons") integrated into the website. With their help, an individual cookie, ie a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file notes which websites the user visits, what content he is interested in and which offers he clicked on, as well as technical information on the browser and operating system, referring websites, visiting times and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases completely to a transferred to the Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offers. The above information can also be linked by Google to such information from other sources. If the user then visits other websites, the ads tailored to his interests can be displayed to him.
User data is processed pseudonymously as part of Google Marketing Services. This means that Google does not store and process, for example, the name or e-mail address of the user, but processes the relevant data in relation to cookies within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google's servers in the USA
The Google marketing services we use include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". This means that cookies cannot be tracked via the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
We can also use the "Google Tag Manager" to integrate and manage the Google analysis and marketing services on our website.
If you wish to object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences .
13) Using a live chat system
You can permanently prevent the storage of cookies in your browser by downloading and installing the linked plugin. You can find more information about this here.
14) Tools and Miscellaneous
14.1 Google reCAPTCHA
On this website we also use the reCAPTCHA function of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). This function is primarily used to distinguish whether an entry is made by a natural person or whether it is misused by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in determining whether actions in the Internet and avoiding abuse and spam.
Google LLC based in the USA is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.
Further information on Google reCAPTCHA and Google's data protection declaration can be found at: https://www.google.com/intl/de/policies/privacy/
14.2 Google Maps
On our website we use Google Maps (API) from Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. Using this service will show you our location and make it easier to get there.
As soon as you call up the sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google's servers in the USA and stored there. This takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 Para. 1 lit.f GDPR on the basis of Google's legitimate interests in the display of personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
15) Rights of the data subject
15.1 The applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the person responsible with regard to the processing of your personal data, about which we will inform you below:
In particular, pursuant to Art. 15 GDPR, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or will be disclosed, the planned storage period or The criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of a Automated decision-making including profiling and, if necessary, meaningful information about the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed about the guarantees according to Art. 46 DSGVO when your data is forwarded to third countries;
You have accordingly. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to demand a restriction of the processing of the data.
You have the right to request that you receive the data that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other responsible parties.
You also have the right, in accordance with Art. 77 GDPR, to lodge a complaint with the competent supervisory authority (email@example.com).
15.2 RIGHT TO OBJECT
If we process your personal data as part of a balancing of interests on the basis of our overriding legitimate interest, you have the right at any time to object to this processing with effect for the future for reasons that arise from your particular situation.
If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to further processing if we can demonstrate compelling legitimate grounds for processing that outweigh your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If your personal data is processed by us in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. You can exercise the objection as described above.
If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
16) Duration of storage of personal data
The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
According to legal requirements in Germany, storage takes place in particular for 10 years in accordance with §§ 147 Paragraph 1 AO, 257 Paragraph 1 No. 1 and 4, Paragraph 4 HGB (books, records, management reports, accounting documents, trading books, relevant for taxation documents, etc.) and 6 years in accordance with Section 257 Paragraph 1 Nos. 2 and 3, Paragraph 4 HGB (commercial letters).
According to legal requirements in Austria, storage takes place in particular for 7 years in accordance with § 132 Para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, list of income and expenses, etc.), for 22 years in connection with properties and for 10 years for documents related to electronically supplied services, telecommunications, radio and television services supplied to non-businesses in EU Member States and for which the Mini One Stop Shop (MOSS) is used.
In any case, personal data is stored until the expiry of any limitation period for claims for damages (usually 3 years from the end of the year in which the claim arose and the creditor became aware of the circumstances giving rise to the claim and the identity of the debtor or would have to obtain without gross negligence).
17) Administration, financial accounting, office organization, contact management
We process data as part of administrative tasks and the organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process within the scope of providing our contractual services. The basis of processing is Art. 6 Para. 1 lit. c. GDPR, Art. 6 Para. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information given in these processing activities.
We disclose or transmit data to the financial administration, consultants such as tax consultants or auditors as well as other fee offices and payment service providers.
Furthermore, on the basis of our business interests, we store information on suppliers, organizers and other business partners, e.g. for the purpose of later contact. We store this mostly company-related data permanently.
18) Business analysis and market research
In order to operate our business economically, to be able to recognize market trends, customer and user requests, we analyze the data we have on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 Paragraph 1 lit. f. GDPR, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer.
The analyzes are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can take into account the profiles of the registered users with information, e.g. on the services they have used. The analyzes serve us to increase the user-friendliness, the optimization of our offer and the economic efficiency. The analyzes serve us alone and are not disclosed externally, unless they are anonymous analyzes with summarized values.
If these analyzes or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from the conclusion of the contract. Otherwise, the overall business analyzes and general trend determinations are created anonymously if possible.
19) Data protection information in the application process
We process the applicant data only for the purpose and as part of the application process in accordance with the legal requirements. The applicant data is processed to fulfill our (pre)contractual obligations within the scope of the application process within the meaning of Article 6 Paragraph 1 Letter b. GDPR Art. 6 Paragraph 1 lit. f GDPR insofar as data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Section 26 BDSG also applies).
The application process requires that applicants provide us with the applicant data. If we offer an online form, the necessary applicant data is marked, otherwise it results from the job descriptions and basically includes personal information, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants can voluntarily provide us with additional information.
By submitting the application to us, the applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this data protection declaration.
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application process, they are also processed in accordance with Art. 9 Para. 2 lit. b GDPR (e.g. health data, such as severe disability or ethnic origin) . Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants as part of the application process, they are also processed in accordance with Art. 9 Para. 2 lit are).
If made available, applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form using state-of-the-art technology.
Applicants can also send us their applications via email. However, we ask you to note that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We can therefore not assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or sending it by post. Because instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post.
In the event of a successful application, the data provided by the applicants can be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. The applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
The deletion takes place, subject to a justified revocation by the applicant, after a period of six months, so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
20) Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any reviews collected, as well as to offer Trusted Shops products to buyers after an order.
This serves to safeguard our overriding legitimate interests in optimal marketing by enabling secure shopping in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of an order processing by a CDN provider (Content Delivery Network). Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on data protection at Trusted Shops GmbH can be found here .
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call, amount of data transferred and the requesting provider (access data) and documents the call. Individual access data is stored in a security database for analysis of security issues. The log files are automatically deleted no later than 90 days after creation.
Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered to use them. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you are already registered as a buyer for product use is automatically checked using a neutral parameter, the e-mail address hashed using a cryptological one-way function. Before it is sent, the e-mail address is converted into this hash value, which Trusted Shops cannot decrypt. After checking for a match, the parameter is automatically deleted.
This is necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services in accordance with Article 6 (1) sentence 1 lit. f GDPR. Further details, including objections, can be found in the Trusted Shops data protection declaration linked above and in the Trustbadge.
21) Applicant pool
As part of the application, we offer applicants the opportunity to be in our "talent pool" for a period of two years on the basis of consent within the meaning of Article 6 Paragraph 1 lit. b. and Art. 7 GDPR to be included.
The application documents in the talent pool will only be processed as part of future job advertisements and the search for employees and will be destroyed after the deadline at the latest. Applicants are informed that their consent to being included in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future and declare an objection within the meaning of Art. 21 DSGVO
22. Contact details of the person responsible
Telephone: 0221 42306969
23. Duration of Data Retention
We only store personal data for as long as is necessary for the purposes for which it is processed or as long as you have revoked your consent. Insofar as statutory storage obligations have to be observed, the storage period for certain data can be up to 10 years, regardless of the processing purposes.
24. Your Data Subject Rights
Upon request, you will receive information about all personal data that we have stored about you at any time free of charge.
b) Correction, deletion, restriction of processing (blocking), objection
If you no longer agree to the storage of your personal data or if it has become incorrect, we will, following a corresponding instruction, arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible under applicable law). The same applies if we are to only process data to a limited extent in the future. You have the right to object, in particular, in cases where your data is required to perform a task that is in the public interest or is in our legitimate interest, as well as profiling based on this. You also have the right to object in the case of data processing for the purpose of direct advertising.
c) data availability
Upon request, we will provide you with your data in a common, structured and machine-readable format so that you can transmit the data to another person responsible if you wish.
d) Right of withdrawal for consents with effect for the future
You can revoke your consent at any time with effect for the future. Your revocation does not affect the legality of the processing up to the time of revocation.
e) Right to complain
You also have the option of complaining to a supervisory authority about your rights as a data subject:
Data for which we are unable to identify the person concerned, e.g. if it has been made anonymous for analysis purposes, are not covered by the above rights. Information, deletion, blocking, correction or transmission to another company may be possible with regard to this data if you provide us with additional information that allows us to identify you.
25. Exercising Your Rights as a Data Subject
If you have any questions about the processing of your personal data, information, correction, blocking, objection or deletion of data or if you wish to transfer the data to another company, please contact firstname.lastname@example.org