Data Protection - Perfect Move Global

Privacy Policy

We are very pleased about your interest in our company. Data protection has a special priority for the moving workers Schweiz GmbH management team. Usage of the moving workers Schweiz GmbH website pages is fundamentally possible without entering any personal data. To the extent however that an affected person wants to use special services from our company via our website, the processing of personal data could be required. If the processing of personal data is required and if there is no legal basis for such processing, we generally obtain the consent of the affected person.

The processing of personal data, e.g., of the name, address, email address or telephone number of an affected person, is always conducted in compliance with the General Data Protection Regulation and in accordance with the data protection provisions that are applicable for moving workers Schweiz GmbH in the specific country. This Privacy Policy is intended to inform the public regarding the type, scope and purpose of the personal data that we collect, use and process. Furthermore, this Privacy Policy explains to affected persons the rights they are entitled to.

As the party responsible for processing, moving workers Schweiz GmbH has implemented numerous technical and organizational measures to ensure the most seamless possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions can still fundamentally have security vulnerabilities, making it impossible to guarantee absolute protection. For this reason, every affected person can also choose to convey personal data to us by other means, such as by telephone.

1. Definitions

The moving workers Schweiz GmbH Privacy Policy is based on the terminology used by the European regulators in the enactment of the EU General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand for the public as well as for our customers and business partners. In order to ensure this, we want to explain the terminology used in advance.

This Privacy Policy is also particularly oriented on the EU General Data Protection Regulation (GDPR). Although the GDPR is a European Union regulation, it is significant for us. The Swiss Data Protection Act (DSG) is heavily influenced by EU law, and companies outside the European Union or the EEA are required to comply with the GDPR under certain circumstances.

In this Privacy Policy, the terminology we use includes the following:

a) Personal data

Personal data consists of all information related to an identified or identifiable natural person (hereinafter referred to as “affected person”). A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of attributing an identifier such as a name to an identification number, to location data, to an online identifier or to one or more special characteristics which are an expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of said natural person.

b) Affected person

An affected person is any identified or identifiable natural person whose personal data are processed by the party responsible for processing.

c) Processing

Processing is every executed process or series of processes carried out with or without the assistance of automation related to personal data such as collection, recording, organization, arranging, storage, adaptation or alteration, selection, retrieval, use, disclosure by means of transmission, distribution or another form of provision, comparison or linkage, restriction, deletion or destruction.

d) Restriction of processing

Restriction of processing is the selection of stored personal data with the aim of restricting their future processing.

e) Profiling

Profiling is any type of automated processing of personal data aimed at using such personal data to analyze certain personal aspects related to a natural person, in particular to analyze or predict aspects related to work performance, economic circumstances, health, personal preferences, interests, reliability, conduct, whereabouts or a change in location of said natural person.

f) Pseudonymization

Pseudonymization is the processing of personal data in a manner in which the personal data cannot be attributed to a specific affected person without drawing on additional information, to the extent that such additional information is separately stored and subject to technical and organizational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Responsible party or the party responsible for the data processing

The responsible party or the party responsible for the data processing is the natural or legal entity, government authority, facility or other body which decides alone or together with other parties regarding the purposes and means of processing personal data. If the purposes and means of such processing are stipulated by European Union law or the law of member states, then the appointment of the responsible party, respectively, the specific criteria for the appointment of the responsible party can be stipulated in accordance with European Union law or the law of the member states.

h) Processor

The processor is a natural person or legal entity, government authority, facility or other body which processes the personal data on behalf of the responsible party.

i) Recipient

The recipient is a natural person or legal entity, government authority, facility or other body to whom the personal data are disclosed, regardless of whether they are a third party or not. However, government authorities possibly receiving personal data within the framework of a specific inquiry mandate in accordance with European Union law or the law of the member states do not apply as recipients.

j) Third parties

A third party is a natural person or legal entity, government authority, facility or other body other than the affected person, the responsible party, the processor and the persons who are directly authorized under the direct responsibility of the responsible party or the processor to process the personal data.

k) Consent

Consent is any expression of will by the affected person unambiguously provided voluntarily in an informed manner for the particular case in question in the form of a declaration or another clearly confirming action with which the affected person indicates that that they agree with the processing of the personal data related to them.

2. Name and address of the party responsible for processing

The responsible party as defined by the General Data Protection Regulation, other applicable data protection legislation in the member states of the European Union and other provisions with data protection legal character is:

moving workers Schweiz GmbH
Kappelerstrasse 10
8911 Rifferswil
Switzerland

Tel.: +41 79 484 49 59
Email: m.schoenbaechler@moving-workers.com
Website: www.moving-workers.com

3. Name and address of the Data Protection Officer

The Data Protection Officer of the party responsible for processing is:

Mike Guder
IT systemhaus vor Ort GmbH
Sonnenstraße 33-35
57078 Siegen
Germany

Tel.: +49 271 33884600
Email: datenschutz@systemhaus-vorort.de

Website: www.systemhaus-vorort.de

Every affected person can directly contact our Data Protection Officer at any time for all questions and suggestions related to data protection.

4. Cookies

The moving workers Schweiz GmbH website pages use cookies. Cookies are text files that are deposited and stored on a computer system via an internet browser.

Many websites and servers use cookies, and many cookies contain a so-called cookie ID. A cookie ID is a clear identification of the cookie and is comprised of a character string by which websites and servers can be attributed to the specific internet browser in which the cookie has been stored. This makes it possible for the visited websites and servers to distinguish the individual browser of the affected person from other internet browsers containing other cookies. A specific internet browser can be recognized again and identified via the clear cookie ID.

By using cookies, moving workers Schweiz GmbH can provide the users of this website more user-friendly services than would be possible without depositing the cookies.

With a cookie, the information and service and product offers on our website can be optimized in the interest of the user. As previously mentioned, cookies enable us to recognize the users of our website again. The purpose of such renewed identification is to simplify using our website for the users. For example, the user of a website that utilizes cookies is not required to enter their access data again upon every visit to the website, since this task is done by the website and the cookie deposited on the user’s computer system. Another example is the cookie from a shopping cart in the Online Shop. Using a cookie, the Online Shop remembers the article that the customer has placed in the virtual shopping cart.

The affected person can at any time use a designated setting on the internet browser they use to block our website from depositing cookies and thereby permanently reject the depositing of cookies. Furthermore, cookies that have already been deposited can be deleted using an internet browser or another software program. This is possible in all commonly used internet browsers. If the affected person deactivates the depositing of cookies in the internet browser that is being used, under certain circumstances not all of the functions on our website may be able to be utilized to their full extent.

5. Collection of general data and information

Every time the moving workers Schweiz GmbH website is accessed by an affected person or an automated system, the website collects a series of general data and information. This general data and information are stored in the server’s log files. The following can be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites directed to our website via an accessing system, (5) the date and the time of day of access to the website, (6) an Internet Protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information that serve for protection in the event of attacks on our information technology systems.

moving workers Schweiz GmbH does not draw any inferences about the affected person in the use of this general data and information. Rather, this information is required in order to (1) correctly deliver our website content, (2) to optimize our website content and its advertising, (3) to ensure the long-term functionality of our information technology systems and our website’s technology, (4) and to provide government prosecutorial authorities with the necessary information for prosecution in the event of a cyber-attack. This anonymous gathered data and information is therefore statistically analyzed by moving workers Schweiz GmbH and further analyzed with the aim of increasing data protection and data security in our company in order to ultimately assure an optimum level of protection for the personal data processed by us. The anonymous server log files data are stored separately from all of the personal data provided by an affected person.

6. Registration on our website

The affected person has the possibility to register on the website of the party responsible for processing by providing personal data. The question of what personal data is thereby transmitted to the party responsible for processing is determined by the respective input screen used for the registration. The personal data entered by the affected person are gathered and stored exclusively for internal use by the party responsible for processing and for in-house purposes. The party responsible for the data processing can have it forwarded to one or more processors, e.g., a parcel service, that equally uses the personal data exclusively for internal use which is assigned to the party responsible for processing.

Registration on the website of the party responsible for processing further entails the storage of the IP address assigned to the affected person by the Internet Service Provider (ISP), the date and the time of day of the registration. The storage of these data is conducted against the background that it is only in this way that the abuse of our services can be prevented, and if required these data make it possible to illuminate offences that have been committed. As such, the storage of these data is necessary for safeguarding the party responsible for processing. Forwarding of these data to third parties is fundamentally not conducted insofar as there is no legal obligation for such forwarding, or unless such forwarding serves the purposes of prosecution.

The registration of the affected person under the voluntary provision of personal data services serves the party responsible for processing in offering the affected person content or services which by their nature can only be offered to registered users. Registered persons have the possibility at any time to change the personal data they have provided during the registration process or to have it completely deleted from the database of the party responsible for processing.

Upon request, the party responsible for the data processing will provide any affected person information regarding what personal data about the affected person are stored. Furthermore, the party responsible for the data processing of personal data will correct or delete such personal data at the request or instruction of the affected person, insofar as this does not contradict any legal provisions for record retention. The entire staff of the party responsible for processing is available to the affected person as contact partners in this regard.

7. Contact possibility via the website

Due to legal requirements, the moving workers Schweiz GmbH website contains information enabling rapid electronic contact with our company and direct communication with us, which also encompasses a general electronic mail address (email address). To the extent that an affected person contacts the party responsible for processing by email or via a contact form, the personal data transmitted by the affected person is automatically stored. Such personal data transmitted on a voluntary basis by an affected person to the party responsible for processing are stored for the purposes of processing or contacting the affected person. No forwarding of these personal data to third parties is conducted.

8. Routine deletion and blocking of personal data

The party responsible for the data processing only processes and stores personal data of the affected person for the period of time required for the attainment of the storage purposes or to the extent that such is required by European regulators or another applicable legislative body in laws or provisions to which the party responsible for the data processing is subject.

If the storage purpose is eliminated or should the storage period required by European regulators or another presiding legislative body expire, the personal data are routinely blocked or deleted in accordance with the legal provisions.

9. Rights of the affected person

a) Right to confirmation

Every affected person has the right granted by European regulators to demand confirmation from the party responsible for processing regarding whether it processes personal data related to the affected person. If an affected person wants to assert this right of confirmation, they can contact an employee of the party responsible for processing at any time to this end.

b) Right to information

Every person affected by the processing of personal data has the right granted by European regulators to information at any time from the party responsible for processing regarding the personal data related to their person that is stored and to receive a copy of this information. Furthermore, the European regulators have granted affected persons the right to disclosure by the party responsible for processing regarding the following information:

The processing purposes
The categories of personal data that are processed
The recipient or categories of recipients to whom the personal data have been revealed or will be revealed, in particular regarding recipients in third countries or in international organizations
If possible, the planned duration of the storage of the personal data stored, or, in the event that this is not possible, the criteria for establishing this duration
The existence of a right to correction or deletion of the personal data related to the affected person or to restriction of the processing by the responsible party, or the right to object to such processing
The existence of a right of appeal to a governmental oversight authority
If the personal data are not collected from the affected person: all available information regarding the origin of the data
The existence of automated decision-making, including profiling, in accordance with Article 22 Line1 and 4 of the GDPR and — at least in these cases — meaningful information regarding the involved logic along with the scope and the intended effects of such processing for the affected person

Furthermore, the affected person has a right to information regarding whether personal data has been transmitted to a third country or an international organization. To the extent that this is the case, the affected person additionally has the right to receive information regarding the appropriate guarantees in connection with the transmission.

If an affected person wants to assert this information right, they can contact an employee of the party responsible for processing at any time to this end.

c) Right to correction

Every person affected by the processing of personal data has the right granted by European regulators to demand the immediate correction of inaccurate personal data related to them. Furthermore, the affected person has the right, under consideration of the purposes of the processing, to demand the completion of incomplete personal data — also by means of a supplementary statement.

If an affected person wants to assert this right of correction, they can contact an employee of the party responsible for processing at any time to this end.

d) Right to deletion (right to be forgotten)

Every person affected by the processing of personal data has the right granted by European regulators to demand of the responsible party that the personal data related to them is deleted immediately insofar as one of the following grounds applies and to the extent that the processing is not required:

The personal data were collected for such purposes or processed in another manner for which they are no longer required.
The affected person withdraws their consent upon which the processing was based in accordance with Art. 6 Line 1 Letter a of the GDPR or Art. 9 Line 2 Letter a of the GDPR, and there is no other legal basis for the processing.
The affected person submits an objection to the processing in accordance with Art. 21 Line 1 of the GDPR, and there are no overriding justified grounds for the processing, or the affected person submits an objection to the processing in accordance with Art. 21 Line 2 of the GDPR.
The personal data were unlawfully processed.
The deletion of the personal data is required for compliance with a legal obligation in accordance with European Union law or the law of member states to which the responsible party is subject.
The personal data were collected in relation to services offered by the information society in accordance with Art. 8 Line 1 of the GDPR.

To the extent that one of the grounds specified above applies and an affected person would like to have the personal data stored by moving workers Schweiz GmbH deleted, they can contact an employee of the party responsible for processing at any time to this end. The moving workers Schweiz GmbH employee will have the desired deletion executed immediately.

If the personal data have been made public by moving workers Schweiz GmbH and if our company is obligated as the responsible party to delete the personal data in accordance with Art. 17 Line 1 of the GDPR, then moving workers Schweiz GmbH will implement appropriate measures, also of a technical nature, under consideration of the available technology and the implementation costs in order to inform other parties responsible for the data processing which process the personal data that has been made public that the affected person has demanded from such other parties responsible for processing the deletion of all links to said personal data or to copies or replications of said personal data, to the extent that the processing is not required. In individual cases, the moving workers Schweiz GmbH employee will have the necessary measures undertaken.

e) Right to restriction of processing

Every person affected by the processing of personal data has the right granted by European regulators to demand of the responsible party the restriction of the processing if one of the following prerequisites is fulfilled:

The accuracy of the personal data is disputed by the affected person, and indeed for an amount of time in which the responsible party is able to check the accuracy of the personal data.
The processing is unlawful, the affected person declines the deletion of the personal data and instead demands the restriction of the usage of the personal data.
The responsible party no longer requires the personal data for the purposes of processing, but the affected person needs them for the assertion, exercise or defense of legal claims.
The affected person objected to the processing in accordance with Art. 21 Line 1 of the GDPR and it has not yet been determined whether the justified grounds of the responsible party outweigh those of the affected person.

To the extent that one of the prerequisites specified above is fulfilled and an affected person wants to demand the restriction of personal data stored by moving workers Schweiz GmbH, they can contact an employee of the party responsible for processing at any time to this end. The moving workers Schweiz GmbH employee will have the restriction of the processing implemented.

f) Right to data portability

Every person affected by the processing of personal data has the right granted by European regulators to receive personal data related to them which they provided to a responsible party in a structured, commonplace and machine-readable format. The affected person also has the right to transmit such data to another responsible party without hindrance by the initial responsible party to whom the personal data were provided, insofar as the processing is based on the consent in accordance with Art. 6 Line 1 Letter a of the GDPR or Art. 9 Line 2 Letter a of the GDPR, or on a contract in accordance with Art. 6 Line 1 Letter b of the GDPR and the processing is conducted with the assistance of automated procedures, to the extent that the processing is not required for the fulfillment of a task that is in the public interest or is conducted in the exercise of official authority that has been assigned to the responsible party.

Furthermore, in the assertion of their right to data portability in accordance with Art. 20 Line 1 of the GDPR, the affected person has the right to effect that the personal data are transmitted directly from one responsible party to a different responsible party, insofar that this is technically possible and to the extent that the rights and freedoms of other persons are not impaired as a result.

To assert the right to data portability, the affected person can contact a moving workers Schweiz GmbH employee at any time.

g) Right to objection

Every person affected by the processing of personal data has the right granted by European regulators to object at any time for reasons related to their own individual situation to the processing of personal data related to them conducted on the basis of Art. 6 Line 1 Letters e or f of the GDPR. This also applies to profiling based on one of these provisions.

moving workers Schweiz GmbH discontinues processing personal data in the event of an objection unless we can demonstrate compelling and legitimate grounds for the processing that outweigh the interests, rights and freedoms of the affected person, or the processing serves in the assertion, exercise or defense of legal claims.

If moving workers Schweiz GmbH processes personal data in order to conduct direct advertising, then the affected person has the right at any time to object to the processing of their personal data for the purposes of such advertising. This also applies for profiling to the extent that it is connected with such direct advertising. Should the affected person object to the processing by moving workers Schweiz GmbH for the purposes of direct advertising, then moving workers Schweiz GmbH will no longer process the personal data for these purposes.

In addition, the affected person has the right for reasons related to their own individual situation to object to the processing of personal data related to them conducted by moving workers Schweiz GmbH for scientific or historic research purposes or for statistical purposes in accordance with Art. 89 Line 1 of the GDPR, unless such processing is required for the fulfillment of a task in the public interest.

To assert the right to objection, the affected person can contact a moving workers Schweiz GmbH employee or another employee at any time. The affected person is further free, in connection with the usage of services of the information society, notwithstanding Directive 2002/58/EC, to assert their right to object by means of automated procedures in which technical specifications are used.

h) Automated decisions in individual cases, including profiling

Every person affected by the processing of personal data has the right granted by European regulators not to be subject to a decision based exclusively on automated processing — including profiling – which has a legal effect on them or which considerably negatively affects them insofar as the decision (1) is not required for the conclusion or fulfillment of a contract between the affected person and the responsible party, or (2) is permissible on the basis of legal provisions of the European Union or its member states to which the responsible party is subject and these legal provisions contain appropriate measures for the protection of the rights, freedoms and the justified interests of the affected person, or (3) are executed with the express consent of the affected person.

If the decision (1) is required for the conclusion or the fulfillment of a contract between the affected person and the responsible party, or (2) if it is executed with the express consent of the affected person, then moving workers Schweiz GmbH will undertake appropriate measures to protect the rights, freedoms and the justified interests of the affected person, wherefor this includes at least the right to achieve the intervention of a person by the responsible party, to the explanation of one’s own standpoint and to challenge the decision.

If the affected person wants to assert rights related to automated decisions, they can contact at any time an employee of the party responsible for processing.

i) Right to withdraw legal data protection consent

Every person affected by the processing of personal data has the right granted by European regulators to withdraw consent for the processing of personal data at any time.

If the affected person wants to assert their right to withdraw consent, they can contact an employee at any time of the party responsible for processing.

10. Data protection provisions for the deployment and use of Google AdSense

The party responsible for the data processing has integrated Google AdSense into this website. Google AdSense is an online service via which the placement of advertising on third-party web pages is enabled. Google AdSense is based on an algorithm which selects the advertisements displayed on third-party web pages to fit in with the contents of the respective third-party web page. Google AdSense allows for the interest-related targeting of the internet user which is implemented using the generation of individual user profiles.

The operating company for the Google AdSense components is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of the Google AdSense components is the integration of advertisements into our website. Google AdSense places a cookie on the affected person’s information technology system. What cookies are has already been explained above. By depositing the cookie, Alphabet Inc. is able to conduct analysis of the usage of our website. As a result of each visit to each individual page of this website operated by the party responsible for processing and featuring an integrated Google AdSense component, the internet browser on the information technology system of the affected person is automatically prompted by the respective Google AdSense components to transmit data for the purposes of online advertising and the accounting of commissions to Alphabet Inc. Within the framework of this technical process, Alphabet Inc. receives information regarding personal data, such as the IP address of the affected person, which serve Alphabet Inc. in matters including tracking the origin of the visitors and clicks, and to subsequently make commission billing possible.

As has already been illustrated above, the affected person can at any time prevent the deposit of cookies by our website by activating a corresponding setting on the internet browser they use and thereby permanently reject the deposit of cookies. This type of browser setting would also prevent Alphabet Inc. from depositing a cookie onto the information technology system of the affected person. In addition, a cookie already deposited by Alphabet Inc. can be deleted at any time via the internet browser or another software program.

Google AdSense also uses what are known as web beacons. A web beacon is a miniature image file that is embedded in websites to enable a logfile record and a logfile analysis, which can be used to conduct a statistical evaluation. Using an embedded web beacon, Alphabet Inc. can recognize whether and when a website was opened by an affected person and which links were clicked by the affected person. One of the functions web beacons serve is in the analysis of visitor flow to a website.

Via Google AdSense, personal data and information, also including the IP address that is required for collection and necessary for accounting of the displayed advertisements, are transmitted to Alphabet Inc. in the United States of America. These personal data are stored and processed in the United States of America. Under certain circumstances, Alphabet Inc. provides these personal data collected via the technical procedure to third parties.

Google AdSense is explained in more detail at this link: www.google.de/intl/de/adsense/start/

11. Data protection provisions for the deployment and use of Google Analytics (with anonymization function)

The party responsible for the data processing has integrated the components of Google Analytics (with anonymization function) into this website. Google Analytics is a web analysis service. Web analysis is the acquisition, collection and evaluation of data regarding the conduct of website visitors. A web analysis service collects data including the website that an affected person used to reach another website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was observed. A web analysis is used in most cases for the optimization of a website and for the cost-benefit analysis of internet advertising.

The operating company for the Google Analytics components is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The party responsible for the data processing uses the add-on "_gat.anonymizeIp" for web analysis via Google Analytics. Using this add-on, Google abbreviates and anonymizes the IP address of the affected person’s internet connection if access to our websites is conducted from a member state of the European Union or another country that is a contractual party to the European Economic Area agreement.

The purpose of the Google Analytics components is the analysis of visitor flows to our website. Google uses the obtained data and information for purposes including assessing the usage of our website, for compiling online reports depicting the activities on our web pages, and for performing additional services connected to the usage of our website.

Google Analytics places a cookie on the affected person’s information technology system. What cookies are has already been explained above. By depositing the cookie, Google is able to conduct analysis of the usage of our website. As a result of each visit to each individual page of this website operated by the party responsible for processing and featuring an integrated Google Analytics component, the internet browser on the information technology system of the affected person is automatically prompted by the respective Google Analytics components to transmit data for the purposes of online analysis to Google. Within the framework of this technical process, Google receives information regarding personal data, such as the IP address of the affected person, which serve Google in matters including tracking the origin of the visitors and clicks, and to subsequently make commission billing possible.

Cookies are used to store personal information such as the time of access, the location from where the access was initiated and the frequency of visits to our website by the affected person. Upon each visit to our web pages these personal data, including the IP address of the internet connection used by the affected person, are transmitted to Google in the United States of America. These personal data are stored in the United States of America. Under certain circumstances, Google provides these personal data collected via the technical procedure to third parties.

As has already been illustrated above, the affected person can at any time prevent the deposit of cookies by our website by activating a corresponding setting on the internet browser they use and thereby permanently reject the deposit of cookies. This type of browser setting would also prevent Google from depositing a cookie onto the information technology system of the affected person. In addition, a cookie already deposited by Google Analytics can be deleted at any time via the internet browser or another software program.

Furthermore, the affected person has the possibility to reject and prevent the collection of the data created by Google Analytics related to the usage of this website as well as the processing of such data by Google. For this, the affected person must download and install a browser add-on via the link tools.google.com/dlpage/gaoptout. This browser add-on notifies Google Analytics via JavaScript that no data and information regarding the visits to websites is permitted to be transmitted to Google Analytics. The installation of the browser add-on is classified by Google as a rejection. If the information technology system of the affected person is deleted, formatted or reinstalled at a later date, the affected person must conduct a reinstallation of the browser add-on in order to deactivate Google Analytics. To the extent that the browser add-on is uninstalled or deactivated by the affected person or another person attributable to their the area of control, it is possible to reinstall or reactivate the browser add-on.

Additional information and Google’s applicable data protection provisions can be accessed at www.google.de/intl/de/policies/privacy/ and www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link: www.google.com/intl/de_de/analytics/.

12. Payment method: data protection provisions for PayPal as payment method

The party responsible for the data processing has integrated PayPal components into this website. PayPal is an online payment services provider. Payments are processed via so-called PayPal accounts representing virtual private or business accounts. In addition, there is the possibility on PayPal to process virtual payments by credit card if a user does not have a PayPal account. A PayPal account is maintained via an email address, which is why there is no classic account number. PayPal makes it possible to make online payments to third parties or also to receive payments. PayPal additionally assumes trustee functions and offers protection services to buyers.

The European operating company for PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxemburg.

If the affected person selects “PayPal” as the payment method during the ordering process in our Online Shop, data related to the affected person are automatically transmitted to PayPal. By selecting this payment option, the affected person agrees to the transmission of personal data required for payment processing.

The personal data transmitted to PayPal are generally the first name, last name, address, email address, IP address, telephone number, mobile telephone number or other data required for payment processing. Personal data connected with the respective order are also required for processing the purchase contract.

The purpose of the transmission of these data is payment processing and fraud prevention. The party responsible for the data processing will transmit personal data to PayPal in particular if there is a justified interest for such transmission. Under certain circumstances, the personal data exchanged between PayPal and the party responsible for processing are transmitted to credit bureaus. The purpose of such transmission is for checking identity and creditworthiness.

Where applicable, PayPal forwards the personal data to affiliated companies and service providers or subcontractors insofar as this is required for fulfillment of the contractual obligations or processing of the data is to be outsourced.

The affected person has the possibility at any time to withdraw consent to PayPal for handling personal data. A withdrawal does not apply to personal data which is required to be processed, used or transmitted for (contractually compliant) payment processing.

The applicable PayPal data protection provisions can be accessed at www.paypal.com/de/webapps/mpp/ua/privacy-full.

13. Vimeo

Our website uses plug-ins from the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our web pages equipped with a Vimeo plug-in, a connection to the Vimeo services is generated. This informs the Vimeo server regarding which of our web pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or you do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo servers in the USA.

If you are logged in to your Vimeo account, you enable Vimeo to directly attribute your surfing conduct to your personal profile. You can prevent this by logging out of your Vimeo account.

The usage of Vimeo is conducted in the interest of an appealing presentation of our online products and services. This represents a justified interest as defined by Art. 6 Line 1 lit. f of the GDPR.

You can find further information on the handling of user data in the Vimeo Privacy Policy at: https://vimeo.com/privacy.

14. Legal basis for the processing

Art. 6 I lit. a of the GDPR serves as the legal basis for our company for processing procedures in which we obtain consent for a specific processing purpose. If the processing of personal data is required for the fulfillment of a contract to which the affected person is a contract party, as is the case for example for processing procedures that are necessary for a delivery of goods or the execution of another performance or counter-performance, then the processing is based on Art. 6 I lit. b of the GDPR. The same applies for such processing procedures required for the execution of precontractual measures, for instance in cases of inquiries regarding our products or services. If our company is subject to a legal obligation through which processing of personal data is required, such as for the fulfillment of tax-related obligations, then the processing is based on Art. 6 I lit. c of the GDPR. In rare cases, the processing of personal data could be required in order to protect vital interests of the affected person or another natural person. For example, this would be the case if a visitor to our operation was injured and subsequently their name, age, health insurer data or other vital information would have to be forwarded to a physician, a hospital or other third parties. In such case the processing would be based on Art. 6 I lit. d of the GDPR. Finally, processing procedures could be based on Art. 6 I lit. f of the GDPR. This is the legal basis for processing procedures that are not covered by the previously specified legal bases if the processing is required for the protection of one of the justified interests of our company or a third party insofar as they are not outweighed by the interests and the fundamental rights and freedoms of the affected person. Such processing procedures are permitted for us in particular because they have been specifically referenced by the European legislative body, which maintained insofar that a justified interest could be assumed if the affected person is a customer of the responsible party (Recital 47 Clause 2 of the GDPR).

15. Justified interests in processing pursued by the responsible party or a third party

If the processing of personal data is based on Article 6 I lit. f of the GDPR, our justified interest is the execution of our business activity to the benefit of the wellbeing of all our employees and shareholders.

16. The personal data storage period

The criterion for the storage period of personal data is the respective legal retention period. Upon expiration of this period, the corresponding data are routinely deleted, insofar as they are no longer required for contract fulfillment or contract initiation.

17. Legal or contractual provisions for the provision of personal data; necessity for conclusion of a contract; obligation of the affected person to provide personal data; possible consequences of non-provision

We hereby inform you that the provision of personal data is in part legally required (e.g., tax-related regulations) or can result from contractual regulations (e.g., information related to the contract partner). It can at times be required for the conclusion of a contract that an affected person provide us with personal data which will then have to be processed by us. For example, the affected person is obligated to provide us with personal data if our company is concluding a contract with them. Non-provision of the personal data would result in the contract not being able to be concluded with the affected person. Prior to provision of personal data by the affected person, the affected person must contact one of our employees. Our employee will explain to the affected person in relation to their specific case whether the provision of the personal data is legally or contractually stipulated or is required for conclusion of the contract, whether there is an obligation to provide the personal data, and the consequences that would result in the event the personal data are not provided.

18. Existence of automated decision-making

As a conscientious company, we refrain from automated decision-making or profiling.

19. Acquisition of health data

The health-related questions in the registration serve only the purpose of exclusion in the event of preexisting conditions. In such case, your data are not stored.