Data Protection

Privacy Policy

Unless otherwise specified below, the provision of personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are not obligated to provide this data. Failure to provide the data has no consequences. This applies only if no other information is provided in the following processing operations.

“Personal data” refers to any information relating to an identified or identifiable natural person.

Server Log Files

You can visit our website without providing any personal data.

Each time you access our website, usage data is transmitted to us or our web host/IT service provider via your web browser and stored in log files (so-called server log files). This stored data includes, for example, the name of the page visited, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.

Processing is carried out pursuant to Article 6(1)(f) of the GDPR based on our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our offering.

Contact

Data Controller/Data Protection Officer

The data controller is: Tomasz Berner, ul. Henryka Sienkiewicza 2, 07-200 Wyszków, Poland,

You can contact our Data Protection Officer directly at: biuro@rolos.com.pl

Data processing within the whistleblower protection system

If you submit information to the internal reporting center as part of the established whistleblower protection system, we will collect your personal data (first and last name, email address, mailing address, message text, information regarding violations within the meaning of § 3(3) 3 HinSchG, information regarding the identity of persons protected under the HinSchG) exclusively to the extent provided by you. Data processing serves to fulfill the tasks, obligations, and rights of the internal reporting office, which are assigned to the internal reporting office by the HinSchG.

Data processing is carried out to fulfill a legal obligation pursuant to Article 6(1)(c) of the GDPR in conjunction with § 10 of the HinSchG.

The user’s data will then be deleted in accordance with statutory retention periods (3 years after the conclusion of the procedure within the meaning of § 18 of the HinSchG).

Contacting the customer via email

If you contact us via email on your own initiative, we will collect your personal data (first and last name, email address, message content) only to the extent provided by you. Data processing serves to process the inquiry and respond to it.

If the contact serves to implement pre-contractual measures (e.g., consultation regarding a purchase interest, preparation of an offer) or relates to a contract already concluded between the user and us, data processing is based on Article 6(1)(b) of the GDPR.

If contact is established for other reasons, data processing is based on Article 6(1)(f) of the GDPR due to our overriding legitimate interest in processing and responding to the user’s inquiry. In this case, you have the right to object at any time to the processing of your personal data pursuant to Article 6(1)(f) of the GDPR for reasons arising from your particular situation. Your email address will be used exclusively to process your inquiry. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Collection and Processing of Data When Using the Contact Form

When you use the contact form, we collect your personal data (first and last name, email address, message content) only to the extent provided by you. The processing of this data serves the purpose of establishing contact.

If the purpose of the contact is to take steps prior to entering into a contract (e.g., consultation regarding a purchase, preparation of an offer) or relates to a contract already concluded between you and us, data processing is based on Article 6(1)(b) of the GDPR.

If contact is established for other reasons, data processing is based on Article 6(1)(f) of the GDPR due to our overriding legitimate interest in processing and responding to the inquiry. In this case, you have the right to object at any time—for reasons related to your particular situation—to the processing of your personal data pursuant to Article 6(1)(f) of the GDPR.

The user’s email address will be used exclusively to process the inquiry. The user’s data will then be deleted in accordance with statutory retention periods, unless the user has consented to its further processing and use.

Collection and processing of applications via email

Visitors to the website may apply for job openings advertised on our website via email if they are interested. We collect personal data only to the extent provided by the user. This includes contact information

(e.g., first and last name, email address, phone number), details regarding professional qualifications and training, details regarding further professional training, and evidence of performance.

Data processing serves to establish contact and make a decision regarding the establishment of an employment relationship with the candidate. Providing data is necessary to conduct the application process. The processing of personal data is based on Article 6(1)(b) of the GDPR in conjunction with § 26(1) of the BDSG for the purpose of completing the application process as a preliminary step toward an employment contract.

If you have consented to the processing of your personal data for inclusion in our candidate pool, e.g., by checking a checkbox, the processing is based on Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing based on consent prior to its withdrawal.

If, as part of the application process, specific categories of personal data within the meaning of Article 9(1) of the GDPR are required from candidates, such as information regarding a significant disability, this is based on Article 9(2)(b) of the GDPR. so that we can exercise our rights under labor law and the law on social security and social protection and fulfill our obligations in this regard.

We store your personal data for as long as necessary to make a decision regarding your application. Your data will then be deleted no later than six months after the application process concludes, unless you have consented to its further processing and use. If an employment relationship is established as a result of the application process, the data provided will be further processed on the basis of Article 6(1)(b) of the GDPR in conjunction with Section 26(1) of the BDSG for the purpose of implementing the employment relationship and subsequently transferred to the personnel file.

Collection and processing of data when using the application formWhen using the application form, we collect personal data only to the extent that it is provided by you. This includes contact information (e.g., first and last name, email address, phone number), details regarding professional qualifications and training, details regarding further professional training, and evidence of performance.

Data processing serves to establish contact and make a decision regarding the establishment of an employment relationship with the applicant. Providing this data is necessary to complete the application process. Your personal data is processed pursuant to Article 6(1)(b) of the GDPR in conjunction with Section 26(1) of the BDSG. Section 26(1) of the BDSG serves to implement the application process as a preliminary step toward an employment contract.

If, as part of the application process, candidates are required to provide special categories of personal data within the meaning of Article 9(1) of the GDPR, such as information regarding a significant disability, this is based on Article 9(2)(b) of the GDPR. GDPR, so that we can exercise our rights under labor law and the law on social security and social protection and fulfill our obligations in this regard.

We store your personal data for as long as necessary to make a decision regarding your application. Your data will then be deleted no later than six months after, unless you have consented to their further processing and use. If an employment relationship is established as a result of the application process, the data provided will be further processed pursuant to Article 6(1)(b) of the GDPR in conjunction with Section 26(1) of the BDSG for the purpose of fulfilling the employment relationship and subsequently transferred to your personnel file.

Use of WeTransfer

We use the WeTransfer service provided by WeTransfer B.V. (Willem Fenengastraat 19, 1096 BL Amsterdam, Netherlands; “WeTransfer”) to transfer files up to 2 GB in size at the user’s request.

The purpose of using this service is to transfer large files in high quality. To this end, we provide WeTransfer with the user’s email address and the file to be transferred. WeTransfer generates a download link, which is sent to you and to us via email. The data is encrypted during transmission and storage by WeTransfer and can only be accessed via the download link.

Your personal data may be transferred to WeTransfer’s servers in the U.S. and temporarily stored there (in part in unencrypted form). The European Commission has issued a decision confirming an adequate level of protection for the U.S., the Transatlantic Data Privacy Framework (TADPF) . WeTransfer does not hold a TADPF compliance certificate. Data is transferred on the basis of standard contractual clauses providing appropriate safeguards for the protection of personal data, which can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.

Processing is based on Article 6(1)(a) of the GDPR with the user’s consent, provided that the user has explicitly consented to using WeTransfer.

You may withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of consent until its withdrawal.

For more information on data protection when using WeTransfer, please visit: https://wetransfer.com/legal/privacy.

Customer Account Orders

Customer Account

When you open a customer account, we collect your personal data as specified there. The purpose of data processing is to improve your shopping experience and simplify order processing. Processing is based on Article 6(1)(a) of the GDPR with the user’s consent. Consent may be withdrawn at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until its withdrawal. The customer account will then be deleted.

Collection, processing, and transfer of personal data for order purposes

When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process the order and to handle inquiries. Providing data is necessary for the conclusion of a contract. Failure to provide data means that a contract cannot be concluded. Processing is based on Article 6(1)(b) of the GDPR and is necessary for the performance of the contract concluded with the user.

Your data will be transferred, for example, to shipping companies, dropshipping service providers, order fulfillment service providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly comply with legal requirements. The scope of data transfer is limited to the minimum necessary.

Advertising

Use of Email Address for Sending Newsletters

We use your email address, independently of contract processing, exclusively for our own advertising purposes to send newsletters, provided you have expressly consented to this. Processing is based on Article 6(1)(a) 1(a) of the GDPR based on your consent. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal. You may unsubscribe from the newsletter at any time by using the appropriate link in the newsletter or by notifying us. The user’s email address will then be removed from the mailing list.

Use of MailerLite

We use the newsletter service provided by MailerLite (MailerLite LTD, 88 Harcourt Street, Dublin 2, D02 DK18, Ireland) as part of order processing.

We provide MailerLite with the information you provide when subscribing to the newsletter (email address, first and last name, if applicable). Data processing is used to send the newsletter and for statistical analysis.

To analyze newsletter campaigns, the newsletters sent contain a 1x1 pixel image (tracking pixel) or a tracking link. This allows us to determine whether the user opened the newsletter and whether they clicked on any integrated links. Conversion tracking allows us to analyze, for example, whether a purchase was made after clicking a link in the newsletter or whether the user registered on our website. In this context, we collect the user’s personal data, such as IP address, browser and device type, as well as the time. This data may be used to create pseudonymous user profiles. The collected data will not be used to identify you. The collected data is used exclusively for statistical analysis to improve our newsletter campaigns.

Your personal data is processed on the basis of Article 6(1)(f) of the GDPR due to our overriding legitimate interest in targeted, effective advertising, and a user-friendly newsletter system. You have the right to object at any time to the processing of your personal data for reasons related to your particular situation.

More information and MailerLite’s privacy policy can be found at:Your personal data is processed pursuant to Article 6(1)(f) f of the GDPR based on our overriding legitimate interest in targeted, effective advertising and a user-friendly newsletter system. You have the right to object at any time to the processing of your personal data for reasons related to your particular situation.

For more information and Cleverreach’s privacy policy, please visit: https://www.mailerlite.com/p

Shipping Service Provider

Sharing your email address with shipping companies to obtain shipping status information.

We will share your email address with the shipping company as part of contract fulfillment, if you have given your explicit consent during the ordering process. The purpose of this disclosure is to inform you of the shipping status via email. Processing is based on Article 6(1)(a) of the GDPR with your consent. You may withdraw your consent at any time by notifying us or the shipping company, without affecting the lawfulness of the processing based on consent prior to its withdrawal.

Use of an external merchandise management system

We use a merchandise management system to process contracts as part of order processing. For this purpose, personal data collected in connection with the order will be transmitted to

Pimcore hosted on AWS by Blackbit Digital Commerce GmbH, Ernst-Ruhstrat-Straße 6, 37079 Göttingen.

The processing of your personal data serves to fulfill the contract concluded with you and is based on Article 6(1)(b) of the GDPR.

Payment service provider

Use of the PayPal system

On our website, we use the PayPal payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”). The purpose of data processing is to enable you to make payments via the payment service. When you select and use PayPal for payment, the data required to process the payment will be transmitted to PayPal for the purpose of fulfilling the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR.

All PayPal transactions are subject to PayPal’s privacy policy. It can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Use of the PayPal Plus service

On our website, we use the PayPal Plus payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”). The purpose of data processing is to enable you to make payments via the payment service. When you select and use payment via PayPal, credit card via PayPal, or direct debit via PayPal, the data required for payment processing will be transmitted to PayPal for the purpose of fulfilling the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR.

For certain payment methods, such as credit card via PayPal, direct debit via the PayPal system, PayPal reserves the right to obtain credit information based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required to verify creditworthiness to the credit agency and uses the information received regarding the statistical probability of non-payment to make a balanced decision regarding the establishment, performance, or termination of the contractual relationship. The credit report may contain probability values (scores) that are calculated based on scientifically recognized mathematical and statistical procedures and whose calculations include, among other things, address data. The user’s legitimate interests are taken into account in accordance with statutory provisions. Data processing serves to assess creditworthiness for the purpose of concluding a contract. Data processing is carried out pursuant to Article 6(

1(f) of the GDPR based on our overriding legitimate interest in protecting against non-payment if PayPal makes an advance payment.

You have the right to object at any time—for reasons related to your particular situation — against the processing of their personal data pursuant to Article 6(1)(f) of the GDPR by notifying PayPal. Providing the data is necessary to conclude a contract using the payment method selected by the User. Failure to provide the data means that a contract cannot be concluded using the selected payment method.

Use of the Stripe payment service

On our website, we use the Stripe payment service provided by Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. The purpose of data processing is to enable us to offer you payment via the payment service. By selecting and using the Stripe service, the data required for payment processing is transmitted to Stripe for the purpose of fulfilling the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR.

Stripe reserves the right to obtain credit information based on mathematical -statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required to check creditworthiness to the credit agency and uses the information received regarding the statistical probability of non-payment to make a balanced decision regarding the establishment, performance, or termination of the contractual relationship. The credit report may contain probability values (scores) that are calculated based on scientifically recognized mathematical and statistical procedures and whose calculations include, among other things, address data. The user’s legitimate interests are taken into account in accordance with statutory provisions. Data processing serves to assess creditworthiness for the purpose of concluding a contract. Data processing is carried out pursuant to Article 6(1)(f) f of the GDPR in connection with our overriding legitimate interest in protecting against non-payment, if Stripe processes the payment in advance.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data pursuant to Article 6( 1(f) of the GDPR by notifying Stripe. Providing the data is necessary to conclude a contract using the selected payment method. Failure to provide the data means that the contract cannot be concluded using the selected payment method.

All Stripe transactions are subject to Stripe’s Privacy Policy. It can be found at https://stripe.com

Cookies

Our website uses cookies. Cookies are small text files that are stored in or by the web browser on the user’s computer system. When the user accesses the website, a cookie may be stored on the user’s operating system. This cookie contains a unique string of characters that allows the browser to be uniquely identified when the website is accessed again.

Cookies are stored on the user’s computer. The user therefore has full control over the use of cookies. By selecting the appropriate technical settings in the web browser, the user can be notified before cookies are set and decide whether to accept them individually, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been saved can be deleted at any time. Please note, however, that in this case, you may not be able to fully use all the features of this website.

You can learn how to manage (including deactivating) cookies in the most popular browsers by clicking the links below:

Chrome: https://support.google.com/accounts/answer/61416?hl=de

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically Necessary Cookies

Unless otherwise specified in the privacy policy below, we use these technically necessary cookies solely to make our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you change pages and to provide services. Certain features of our website cannot be offered without the use of cookies. For this purpose, it is necessary to recognize your browser even after you change pages.

The use of cookies or comparable technologies is based on Article 25(2) of the GDPR. Your personal data is processed pursuant to Article 6(1)(f) of the GDPR due to our overriding legitimate interest in ensuring optimal website functionality and a user-friendly and effective design of our offering.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you.

Use of Usercentrics

On our website, we use the Usercentrics consent management tool provided by Usercentrics GmbH (Rosenthal 4, 80331, Munich; “Usercentrics”).

This tool allows you to consent to data processing via the website, in particular to the setting of cookies, and to exercise your right to withdraw consent already granted.

The purpose of data processing is to obtain and document the necessary consent for data processing and thereby fulfill legal obligations. Cookies may be used for this purpose. The following information may be collected and transmitted to Usercentrics: Date and time of page view, information about the browser and device used, anonymized IP address, opt-in and opt-out data.

Usercentrics uses the Google Cloud Platform provided by Google Ireland Limited, which may transfer user data to the U.S. The EU Commission has not issued a decision confirming an adequate level of data protection with regard to the U.S. Data transfer is based on standard contractual clauses that provide appropriate safeguards for the protection of personal data, which can be found at https://policies.google.com/privacy/frameworks.

Data processing is carried out to fulfill a legal obligation pursuant to Article 6(1)(c) of the GDPR.

Proof of revocation of previously granted consent will be retained for a period of three years.

Further information on data protection at Usercentrics can be found at https://usercentrics.com/privacy-policy/

Analysis Ad tracking

Use of Google Analytics 4

On our website, we use the web analytics service Google Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).

Data processing serves to analyze this website and its visitors, as well as for marketing and advertising purposes. To this end, Google will use the information obtained on behalf of the operator of this website to analyze your use of the website, compile reports on website activity, and provide other services related to website activity and internet usage to the website operator.

The following information may be collected: IP address, date and time of page view, click path, information about the browser and device used, pages visited, referrer URL (the website from which the user accessed our site), location data, and shopping-related activities. Google may combine your data with other data, such as search history, personal accounts, usage data from other devices, and all other data that Google has about you.

Your IP address will first be truncated by us on our own servers. In this way, Google receives only pseudonymized data.

Google uses technologies such as cookies, browser storage, and tracking pixels, which enable the analysis of your use of the website. The use of cookies or comparable technologies is based on your consent pursuant to § 25(1) sentence 1 of the GDPR in conjunction with Art. 6(1)(a) of the GDPR.

Your personal data is processed with your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of your consent prior to its withdrawal.

Information generated regarding the use of this website is typically transmitted to a Google server in the U.S. and stored there. With regard to the U.S., the EU Commission’s decision recognizing an adequate level of protection, the Transatlantic Data Protection Framework (TADPF), applies. Google has certified itself under the TADPF and has thereby committed to complying with European data protection principles. Both Google and U.S. government authorities have access to user data.

For more information on terms of use and data protection, please visit https://policies.google.com/technologies/partner-sites and https://policies.google.com/privacy?hl=de&gl=de.

Use of Hotjar

Google Conversion Tracking is an analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google).

When you click on an ad placed by Google, a conversion tracking cookie is stored on your computer. These cookies have a limited validity period, do not contain any personal data, and are therefore not used for personal identification. If you visit specific pages on our website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to that page. Each Google Ads customer receives a different cookie. Therefore, it is not possible to track cookies across Ads customers’ websites.

The information obtained via the conversion cookie is used to generate conversion statistics. These statistics inform us of the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that would allow us to identify individual users.

User data may be transmitted to Google LLC servers in the U.S. The European Commission has issued a decision confirming an adequate level of protection for the U.S., the Transatlantic Data Privacy Framework (TADPF). Google has obtained TADPF certification and has thereby committed to complying with European data protection principles. The use of cookies or comparable technologies is based on the user’s consent pursuant to Article 25(1), sentence 1 of the GDPR in conjunction with Article 6(1)(a) of the GDPR.

The processing of the user’s personal data is based on the user’s consent pursuant to Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to its withdrawal.

For more information and Google’s privacy policy, please visit: https://www.google.de/policies/privacy/

Use of Meta Pixel On our website, we use Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”). Meta and we are jointly responsible for the collection of user data during the integration of the service and the transmission of this data to Meta. The basis for this is an agreement between us and Meta regarding the joint processing of personal data, which specifies the respective responsibilities. The agreement is available at https://de-de.facebook.com/legal/terms/businesstools. Accordingly, we are responsible in particular for fulfilling the information obligations under Articles 13 and 14 of the GDPR, for compliance with the security requirements set forth in Article 32 of the GDPR regarding the proper technical implementation and configuration of the service, and for compliance with the obligations under Article 33, 34 of the GDPR, insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling the exercise of data subjects’ rights in accordance with Articles 15–20 of the GDPR, compliance with the security requirements set forth in Article 32 of the GDPR regarding the security of the Service, and the obligations arising from Articles 33 and 34 of the GDPR to the extent that a personal data breach affects Meta’s obligations under the joint data processing agreement. The purpose of the application is to serve interest-based ads to website visitors on the Facebook and Instagram social networks. For this purpose, Meta’s remarketing tag has been implemented on the website. This tag is used to establish a direct connection to Meta’s servers when the website is visited. It informs Meta’s server which of our pages the user has visited. Meta associates this information with the user’s personal Facebook and/or Instagram account. When the user visits the Facebook or Instagram social media platforms, they are shown personalized interest-based ads. The application is also used to generate conversion statistics. This allows us to determine the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag, and what actions were taken after being redirected to that page. However, we do not receive any information that would allow us to identify users. User data may be transferred to the U.S. With regard to the U.S., the EU Commission’s decision on the adequacy of protection applies, Transatlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles. Your personal data is processed with your consent pursuant to Article 6(1)(a) a of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

The “Custom Audiences” remarketing feature " can be deactivated here. For more information on Meta’s collection and use of data, your rights in this regard, and how to protect your privacy, please refer to Meta’s privacy policy at https://www.facebook.com/about/privacy/.

Use of Google Ads conversion tracking

On our website, we use the online advertising program “Google Ads” and, in this context, conversion tracking (evaluation of visitor actions). On our website, we use the analytics tool provided by Hotjar Ltd (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; “Hotjar”).

The purpose of data processing is to design, optimize, and analyze our website based on user needs.

This tool is used to randomly record the movements of website visitors. In this way, a record is created of mouse movements, scrolling behavior, time spent on the site, and clicks (a so-called heatmap).

Hotjar uses cookies, among other things, for this purpose. The following information may be collected as part of this process: IP address (in anonymized form), information about the device used (screen size, device type, unique device identifier), information about the browser used, location data (country only), preferred website display language, and operating system used. Detailed information about the cookies used, their functions, and their retention periods can be found here: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies.

This data is used to create pseudonymous user profiles. This data is not used to personally identify the website visitor and is not combined with the personal data of the pseudonymized individual. Hotjar is contractually prohibited from selling the collected data to other third parties.

User data may be transferred to the U.S. The European Commission has issued a decision confirming an adequate level of protection for the U.S., the Transatlantic Data Privacy Framework (TADPF) . Hotjar is not certified under the TADPF. Data transfers are based, among other things, on appropriate safeguards. Hotjar will provide the user with further information regarding the measures taken upon request.

The use of cookies or comparable technologies is based on the user’s consent pursuant to § 25(1), sentence 1 of the GDPR in conjunction with Art. 6(1)(a) of the GDPR. The processing of the user’s personal data is based on the user’s consent pursuant to Art. 6(1)(a) of the GDPR. 1(a) of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.

Further information on data protection when using Hotjar can be found here: https://www.hotjar.com/legal/policies/privacy#enduserenglish.

Use of SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH to collect and store data for marketing, market research, and optimization purposes based on the legitimate interests of the website operator (Article 6(1)(f) of the GDPR) .

For this purpose, a JavaScript-based code is used to collect and process company-related data. Data collected using this technology is encrypted using an irreversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify visitors to this website.

Data stored within SalesViewer® is deleted as soon as it is no longer needed for the intended purpose and its deletion does not conflict with any statutory retention obligations.

You may object to the collection and storage of data at any time with future effect by clicking this link https:/ /www.salesviewer.com/opt-out to prevent SalesViewer® from collecting data on this website in the future. An opt-out cookie for this website will be stored on the user’s device. If cookies are deleted in the browser, this link must be clicked again.

Use of Google AdSense

We use the AdSense service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website. The purpose of data processing is to rent advertising space on the website and to display interest-based ads to website visitors. This feature is used to display personalized, interest-based ads from the Google Display Network to visitors of the provider’s website. Google uses cookies that enable an analysis of your use of the website. The information generated by the cookies regarding your use of this website is usually transmitted to a Google server in the U.S. and stored there. With the U.S., the EU Commission’s decision on the adequacy of data protection applies, the Transatlantic Data Protection Framework

(TADPF). Google has obtained TADPF certification and has thereby committed to complying with European data protection principles. Google may transfer this information to third parties if required by law or if such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

The use of cookies or comparable technologies is based on the user’s consent pursuant to § 25(1), sentence 1 of the TDDDG in conjunction with Art. 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Art. 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

For more information and Google’s privacy policy, please visit https://www.google.com/policies/technologies/ads/ and https://www.google.de/policies/privacy/

Use of Google Inc.’s remarketing or “similar audiences” features

On our website, we use the remarketing or “similar audiences” features provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).

The application is used to analyze the behavior and interests of visitors. Google uses cookies to analyze website usage, which forms the basis for creating interest-based ads. Cookies are used to record website visits and anonymized data regarding website usage. No personal data of website visitors is stored. If a user subsequently visits another website within the Google advertising network, they will be shown ads that are highly likely to reflect previously visited product and information areas.

User data may be transmitted to Google LLC servers in the U.S. The European Commission has issued a decision confirming an adequate level of protection for the U.S., the Trans-Atlantic Data Privacy Framework (TADPF). Google has obtained TADPF certification and has thereby committed to complying with European data protection principles.

The use of cookies or comparable technologies is based on the user’s consent pursuant to Article 25(1), sentence 1 of the GDPR in conjunction with Article 6(1)(a) of the GDPR. The processing of personal data is based on the user’s consent pursuant to Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

For more information about Google Remarketing and the associated privacy policy, please visit https://www.google.com/privacy/ads/

Plugins and Other Tools

Use of Google Tag Manager

We use the Google Tag Manager application from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.

This application is used to manage JavaScript tags and HTML tags, which are used in particular to implement tracking and analysis tools. The purpose of data processing is to design and optimize our website in accordance with requirements.

Google Tag Manager itself does not store cookies or process personal data. However, it enables the execution of other tags that may collect and process personal data.

For more information on terms of use and data protection, please visit here.

Use of Google reCAPTCHA

On our website, we use the reCAPTCHA service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). The purpose of this query is to distinguish between data entered by a human and automated machine processing. For this purpose, the user’s input data is transmitted to Google and processed there. In addition, the IP address and any other data required by Google for the reCAPTCHA service will be transmitted to Google. This data is processed by Google within the European Union and may also be transmitted to Google LLC servers in the U.S. With regard to the U.S., the EU Commission’s decision confirming an adequate level of protection, the Transatlantic Data Protection Framework (TADPF), applies. Google has obtained TADPF certification and has thereby committed to complying with European data protection principles.

The use of cookies or comparable technologies is based on the user’s consent pursuant to § 25(1), sentence 1 of the TDDDG. In accordance with Art. 6(1)(a) of the GDPR. The processing of the user’s personal data is based on the user’s consent pursuant to Art. 6(1)(a) of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

For more information about Google reCAPTCHA and the associated privacy policy, please visit:https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.

Use of Invisible Google reCAPTCHA

On our website, we use the invisible reCAPTCHA service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).

This is used to distinguish between data entered by humans and automated machine processing. In the background, Google collects and analyzes usage data, which is used by Invisible reCAPTCHA to distinguish between human users and bots. For this purpose, the user’s input data is transmitted to Google and processed there. In addition, the IP address and any other data required by Google for the Invisible reCAPTCHA service are transmitted to Google.

This data is processed by Google within the European Union and may also be transmitted to Google LLC servers in the U.S. With regard to the U.S., an EU Commission decision confirming an adequate level of protection applies, Transatlantic Data Protection Framework (TADPF). Google has obtained TADPF certification and has thereby committed to complying with European data protection principles.

The use of cookies or comparable technologies is based on the user’s consent pursuant to § 25(1), sentence 1 of the GDPR in conjunction with Art. 6(1)(a) of the GDPR. The processing of the user’s personal data is based on the user’s consent pursuant to Art. 6(1)(a) a of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

More information about Google reCAPTCHA and the associated privacy policy can be found at https://www.google.com/recaptcha/intro/android. html and https://www.google.com/privacy

Use of Google Maps

We use the Google Maps embedding feature provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, “Google”) on our website.

This feature enables the visual display of geographic information and interactive maps. Google also collects, processes, and uses data from website visitors when they access pages on which Google Maps is integrated.

User data may also be transferred to the U.S. The European Commission has issued a decision confirming an adequate level of protection for the U.S., the Transatlantic Data Privacy Framework (TADPF). Google has obtained TADPF certification and has thereby committed to complying with European data protection principles.

The use of cookies or comparable technologies is based on the user’s consent pursuant to Article 25(1), sentence 1 of the GDPR in conjunction with Article 6(1)(a) of the GDPR. The processing of the user’s personal data is based on the user’s consent pursuant to Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.

Further information on the collection and use of data by Google can be found in Google’s privacy policy at https://www.google.com/privacypolicy.html.

There, you also have the option to change your settings in the Data Protection Center, allowing you to manage and protect your data processed by Google.

Use of YouTube

We use the YouTube video embedding feature from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”) on our website. YouTube is an affiliate of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

This feature displays videos stored on YouTube in an iframe on the website. The “Enhanced Privacy Mode” is active. This means that YouTube does not store any information about website visitors. Only when a video is viewed is information about it transmitted to YouTube and stored there. User data may be transferred to the U.S. The European Commission has issued a decision confirming an adequate level of protection for the U.S., the Transatlantic Data Privacy Framework (TADPF). YouTube has obtained TADPF certification and is therefore committed to complying with European data protection rules.

The use of cookies or comparable technologies is based on the user’s consent pursuant to § 25(1) sentence 1 of the GDPR in conjunction with Art. 6(1)(a) of the GDPR. The processing of the user’s personal data is based on the user’s consent pursuant to Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to its withdrawal.

For more information on the collection and use of data by YouTube and Google, your rights in this regard, and privacy protection options, please refer to YouTube’s privacy policy at https://www.youtube.com/t/privacy.

Use of Vimeo

We use plugins from Vimeo Inc. (555 West 18th Street, New York, New York 10011, USA; “Vimeo”) on our website to integrate videos from the “Vimeo” platform.

When you access pages on our website that contain such a plugin, a connection is established with Vimeo’s servers, and the plugin is displayed on the page via a browser notification. As a result, both your IP address and information about which of our pages you have visited are transmitted to Vimeo’s servers.

If you are logged into Vimeo, Vimeo assigns this information to your personal user account. When a user uses the plugin’s functions (e.g., by playing a video by clicking the corresponding button), this information is also assigned to their Vimeo account.

User data may be transferred to the U.S. The European Commission has issued a decision confirming an adequate level of data protection in the U.S., the Transatlantic Data Privacy Framework

(TADPF). Vimeo has certified itself under the TADPF and is therefore committed to complying with European data protection principles.

The use of cookies or comparable technologies is based on the user’s consent pursuant to § 25( 1, sentence 1 of the GDPR in conjunction with Art. 6(1)(f) of the GDPR. Art. 6(1)(a) of the GDPR. The processing of the user’s personal data is based on the user’s consent pursuant to Art. 6(1)(a) of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

Further information regarding the purpose and scope of data collection and the further use and processing of data by Vimeo, as well as your rights and options for protecting your privacy, can be found in Vimeo’s privacy policy: https://vimeo.com/privacy

Integration of the Händlerbund member logoThe Händlerbund member logo (Händlerbund e.V., Kohlgartenstraße 11–13, 04315 Leipzig) is integrated into our website. When you visit our website, the browser on your device automatically sends information to the Händlerbund e.V. server. This information is temporarily stored in a so-called server log file for 7 days. The following information is collected without any action on your part and stored until it is automatically deleted:

The IP address of the computer sending the request,
Date and time of access,
Name and URL of the file accessed,
Website from which access was made (referrer URL),
Browser used and, if applicable, the computer’s operating system and the name of the internet service provider.

Temporary storage of the IP address by the system is necessary to enable the delivery of the website. For this purpose, the IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. This data is also used to optimize the website and ensure the security of IT systems. This data is not stored together with other personal data. The legal basis for data processing is Article 6(1)(f) of the GDPR.

Use of Google Fonts

On our website, we use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).

The purpose of data processing is to ensure a uniform display of fonts on our website. To load the fonts, a connection to Google’s servers is established when you visit the website. Cookies may be used for this purpose. Among other things, the user’s IP address and information about the browser being used are processed and transmitted to Google.

This data is not linked to the user’s Google account.

Your data may be transferred to the United States. The European Commission has issued a decision confirming an adequate level of protection for the United States, the Transatlantic Data Privacy Framework (TADPF). Google has obtained TADPF certification and has thereby committed to complying with European data protection principles.

The use of cookies or comparable technologies is based on the user’s consent pursuant to Article 25(1), sentence 1 of the GDPR in conjunction with Article 6(1)(a) of the GDPR. The processing of the user’s personal data is based on the user’s consent pursuant to Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.

Further information on data processing and protection can be found at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq.

Use of FontAwesome

On our website, we use Font Awesome from Fonticons Inc (307 S Main St., Suite 202, Bentonville, AR, 72712-9214 USA “Font Awesome”). The purpose of data processing is to ensure a uniform display of fonts and icons on our website. To load the fonts, a connection to FontAwesome’s servers is established when you visit the site. Cookies may be used for this purpose. Among other things, your IP address and information about the browser you are using will be processed and transmitted to FontAwesome. User data may be transferred to third countries, such as the United States. With regard to the United States, the EU Commission’s adequacy decision, the Transatlantic Data Privacy Framework (TADPF). Font Awesome is not TADPF-certified. The use of cookies or comparable technologies is based on the user’s consent pursuant to Article 25(1), sentence 1 of the GDPR in conjunction with Article 6( 1(a) of the GDPR. Article 6(1)(a) of the GDPR. The processing of the user’s personal data is based on the user’s consent pursuant to Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

For more information on data processing and protection, please visit https://fontawesome.com/privacy and https://fontawesome.com/support below.

Use of Doofinder

On our website, we use the “Doofinder” search function provided by DooFinder S.L. (Madrid 28037, Rufino González 23 bis, 1º 1, Spain; “Doofinder”).

The purpose of data processing is to make it easier to find information on our website and to make it more user-friendly.

When using the search function on our website, the following information, among other things, is processed: IP address, information about the device used (e.g., device type, model, and version), and an anonymized user ID.

Your personal data is processed pursuant to Article 6(1)(f) f of the GDPR due to our overriding legitimate interest in making our website as user-friendly as possible. You have the right to object at any time—for reasons related to your particular situation — against the processing of personal data concerning them pursuant to Article 6(1)(f) of the GDPR.

More information on data protection at Doofinder can be found at https://www.doofinder.com/en/privacy-policy.

Data subject rights and retention period

Retention period

After the contract has been fully processed, the data will initially be stored for the duration of the warranty period and subsequently in accordance with statutory retention periods, in particular under tax and commercial law, and will then be deleted upon expiration of this period, unless the user has consented to further processing and use.

Rights of the data subject

If the legal requirements are met, the user has the following rights under Articles 15–20 of the GDPR: the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability.

You also have the right to object to processing based on Article 6(1)(f) of the GDPR and to processing for direct marketing purposes in accordance with Article 21(1) of the GDPR.

Right to lodge a complaint with a supervisory authority

Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that your personal data is being processed unlawfully.

You may file a complaint with the supervisory authority competent for us, which can be contacted using the following contact details:

President of the Personal Data Protection Office ul. Stawki 2 00-193 Warsaw

Right to Object

If the processing of personal data described here is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right to object to such processing at any time with future effect for reasons arising from your particular situation.

Upon objection, the processing will be terminated unless we can demonstrate compelling legitimate grounds for the processing that override the user’s interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defense of legal claims.

Last updated: 09/22/2025