Data privacy

We take data protection seriously

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. This information is essential for the technical transmission of the web pages and secure server operation. There is no personalized evaluation of this data.

If you send us data via the contact form, this data will be stored on our servers as part of the data backup process. Your data will only be used by us to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties.

Responsible body:

Cherry SE
Rosental 7, c/o Mindspace
80331 Munich
Phone: +49 9643 2061 100
info@cherry.de

Personal data

Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to disclose any personal data in order to visit our website. In some cases we need your name and address as well as other information in order to be able to offer you the requested service.

The same applies if we supply you with information material on request or if we answer your inquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to be able to offer you our service or to pursue our commercial objectives.

Contacting us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.

The response to contact requests in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of the legitimate interests in responding to the inquiries.

  • Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).
  • Affected persons: Communication partner.
  • Purposes of processing: Contact requests and communication.
  • Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 lit. f. GDPR).

Automatically saved data

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Amount of data transferred

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.  

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. It is not possible for us to identify individual persons from this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymized form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts.

Information about specific data processing on the website

If necessary, in deviation from or in addition to the general information above, you will find details below on the individual data processing on our website.

Contact form

Purpose of the processing: Processing and, if necessary, answering the request of the form sender

Legal basis: Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR), if your request serves to clarify a contractual relationship. Our legitimate interest (Art. 6 para. 1 lit. f GDPR) for all other inquiries, as we are interested in a quick response to your inquiry.

Recipient, if applicable (in case of forwarding): The data will not be passed on to third parties and/or to a third country.

If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees): Data transfer to a third country does not take place and is not planned.

Duration of data storage: See General deadlines for data deletion

Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity: There is no obligation.

Consequences of non-compliance (failure to provide the required data): none

Existence of automated decision-making, if applicable: In this context, we do not use automated decision-making.

If applicable, origin of the data (if not collected directly from the data subject): The data originates from the person concerned.

Where applicable, categories of personal data (if not collected directly from the data subject): In this context, we do not use automated decision-making.

Change of purpose, if applicable: none

User login

Purpose of the processing: Data type: User name, password

Purpose of the survey: Access for the user

Legal basis (pursuant to Art. 6 / 9 GDPR): Protection of legitimate interests (Art. 6 para. 1 f), Performance of a contract (Art. 6 para. 1 b), Implementation of pre-contractual measures (Art. 6 para. 1 b)

Recipient, if applicable (in case of forwarding): The data will not be passed on to third parties and/or to a third country.

If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees): Data transfer to a third country does not take place and is not planned.

Duration of data storage: See General deadlines for data deletion

Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity: The user account cannot be created without the data.

Consequences of non-compliance (failure to provide the required data): The user account cannot be created without the data.

Existence of automated decision-making, if applicable: In this context, we do not use automated decision-making.

If applicable, origin of the data (if not collected directly from the data subject): The data originates from the person concerned.

Change of purpose, if applicable: none

Customer account and product order

Purpose of the processing of general data

Data type: 

  1. Salutation, title, first name, surname, street, no., zip code, city, country, date of birth (optional)
  2. E-mail address, password
  3. Telephone number (optional)

Purpose of the survey: 

  1. Unique identification of the customer account, processing of the product purchase, delivery, payment transactions, processing of complaints
  2. Authentication, independent resetting of the password
  3. Contact by telephone

Legal basis: Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR)

Recipient - Parcel service provider:

  • dataform dialogservices GmbH
  • DSV Air & Sea Germany GmbH

Logistics service provider:

  • DHL Paket GmbH
  • DACHSER SE

Payment service provider:

  • PAYONE GmbH
  • PayPal (Europe) S.à r.l. et Cie, S.C.A.
  • Visa Europe Management Services Limited, German Branch
  • Mastercard Europe SA
  • American Express Europe S.A.
  • Amazon Payments Europe, S.C.A.

If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees): Data transfer to a third country does not take place and is not planned.

Duration of data storage: See General deadlines for data deletion

Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity: The data (in the mandatory fields) must be provided as part of the underlying contract.

Consequences of non-compliance (failure to provide the required data): It is not possible to create a customer account in this case.

Existence of automated decision-making, if applicable: In this context, we do not use automated decision-making.

If applicable, origin of the data (if not collected directly from the data subject): The data originates from the person concerned.

Where applicable, categories of personal data (if not collected directly from the data subject): The data originates from the person concerned.

Change of purpose, if applicable: none

Cookies

We use cookies on this website; these are small text files that are stored on your computer via your internet browser (e.g. Google Chrome, Safari, Firefox, Edge). These cookies are used for various purposes: Many cookies are technically necessary to provide you with certain website functions (e.g. shopping cart functions, saving your login information), other cookies are used for the security of your data or the website and some cookies can be used to analyze your user behavior. The latter cookies may contain a so-called cookie ID - a unique identifier consisting of a character string that enables websites and servers to be assigned to the storing browser.
 Cookies that are necessary to carry out the transmission of a message via a public telecommunications network and cookies that are absolutely necessary to provide you with an expressly requested function are referred to as "technically necessary cookies" and may be set without your explicit consent (Section 25 (2) TTDSG). All other cookies are subject to consent (Section 25 (1) TTDSG); regulated by our consent management platform
where applicable.
We use cookies in part only for the duration of your visit to the website, in part for a predefined period and in part permanently. You can delete all these cookies manually or automatically at any time via your web browser.
 It is possible to use our website (although possibly not to its full extent) without cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser so that it notifies you as soon as cookies are sent.

Web tracking technologies - managed with Usercentrics

We use the consent management platform of Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which we have integrated the following services to manage all cookies, website and tracking technologies that require consent or opt-out in compliance with data protection regulations:

Facebook

Plugins from the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

You can recognize the Facebook plugins by the Facebook logo or the "Like" button on this website. You can find an overview of the Facebook plugins here:

developers.facebook.com/docs/plugins/

When you visit this website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at

de-de.facebook.com/privacy/explanation

If you do not want Facebook to associate your visit to this website with your Facebook user account please log out of your Facebook user account.

The Facebook plugins are used on the basis of Art. 6 para. 1 lit. f GDPR. 

The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

www.facebook.com/legal/EU_data_transfer_addendum

de-de.facebook.com/help/566994660333381

www.facebook.com/policy.php

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to place advertisements in the Google search engine or on third-party websites.

When the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). We as the website operator can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time. Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles.

Details can be found here:

policies.google.com/privacy/frameworks

privacy.google.com/businesses/controllerterms/mccs/

Google Adsense

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in "non-personalized" mode. In contrast to personalized mode, the advertisements are therefore not based on your previous user behavior and no user profile is created for you. Instead, so-called "contextual information" is used to select the advertisements. The selected advertisements are then based, for example, on your location, the content of the website you are on or your current search terms. You can find out more about the differences between personalized and non-personalized targeting with Google AdSense here:

support.google.com/adsense/answer/9007336

Please note that cookies or comparable recognition technologies (e.g. device fingerprinting) may also be used when using Google Adsense in non-personalized mode. According to Google, these are used to combat fraud and abuse.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time.

Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles. Details can be found here: privacy.google.com/businesses/controllerterms/mccs/

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in:

adssettings.google.com/authenticated

You can find more information about Google's advertising technologies here:

policies.google.com/technologies/ads

www.google.de/intl/de/policies/privacy/

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a device ID.

We can also use Google Analytics to track your mouse and scroll movements and clicks, among other things.

Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time. Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles. Details can be found here:

privacy.google.com/businesses/controllerterms/mccs/

We use Google signals. When you visit our website, Google Analytics records, among other things, your Location, search history and YouTube history as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.

Google Fonts

We integrate the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/policies/privacy/, Opt-Out: adssettings.google.com/authenticated.

External fonts in the form of Google Fonts are used on this website for the uniform display of fonts. Google Fonts is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ("Google").

When you visit our website, your browser loads the required web fonts directly from a Google server into your browser cache in order to display texts and fonts correctly. This tells the server which of our web pages you have visited. The IP address of the browser of the end device of the visitor to this website is also stored by Google. If your browser does not support web fonts, a standard font will be used by your computer.

The legal basis for the use of Google Fonts is Art. 6 I (f) GDPR. Our legitimate interest arises from the fact that we can present the fonts to you in a uniform form. Google LLC. is certified under the US Privacy Shield to ensure a level of data protection appropriate to the GDPR.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that we use to implement tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. 

The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

GStatic

We use the Gstatic service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: www.google.com on our website. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF - commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

Gstatic is a background service used by Google to retrieve static content in order to reduce bandwidth usage and load required catalog files in advance. In particular, the service loads background data for Google Fonts and Google Maps.

As part of order processing, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. You can access the certification under the EU-US Data Privacy Framework at www.dataprivacyframework.gov/s/participant-search/participant-detail.

You can withdraw your consent at any time. You can find more information on withdrawing your consent either in the consent itself or at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at policies.google.com/privacy.

The provider also offers an opt-out option at support.google.com/My-Ad-Center-Help/answer/12155451.

LinkedIn

This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time you access a page on this website that contains LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to this website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

The LinkedIn plugin is used on the basis of Art. 6 para. 1 lit. f GDPR. 

The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-derschweiz?lang=de

Further information on this can be found in LinkedIn's privacy policy at: www.linkedin.com/legal/privacy-policy

Magento

This is an e-commerce platform. This service improves the shopping experience.

Processing company:

Adobe Systems Incorporated
345 Park Avenue. San Jose, CA 95110-2704, United States of America

Data processing purposes: E-Commerce / Advertising / Optimization / Personalization

This list contains all (personal) data collected during or through the use of the service

IP address, anonymous traffic data, credit and debit card number, pages visited, Service user actions, postal address, screen resolution, browser language, Name and version of the services used, browser type, telephone number, MAC address (Media Access Control), device type, referrer URL, search terms, demographic data, statistical data, cookie ID, advertisements viewed, advertisements clicked on, geographic location, browser version, e-mail address, hardware type, device operating system, device manufacturer, device model, usage data, success rates of advertising campaigns, browser information, device information

Legal basis

The required legal basis for the processing of data is stated below.

Art. 6 para. 1 s. 1 lit. f GDPR

Place of processing: United States of America

Storage period: The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is deleted as soon as it is no longer required for the processing purposes.

Data recipient

Adobe Systems Incorporated
Google LLC

Data protection officer of the processing company

Below you will find the e-mail address of the data protection officer of the processing company. legal@magento.com

Click here to read the data processor's privacy policy: magento.com/legal/terms/privacy

Microsoft Advertising

We use the Microsoft Advertising service of the provider Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads) on our website. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted advertisements via the Microsoft Bing search engines. Microsoft Advertising uses cookies for this purpose. Personal data is processed in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.

Microsoft Advertising collects data via UET, which we can use to track target groups thanks to remarketing lists. For this purpose, a cookie is stored on the end device used when you visit our website. This enables Microsoft Advertising to recognize that our website has been visited and to display an advertisement when Microsoft Bing or Yahoo is used later. The information is also used to create conversion statistics, i.e. to record how many users have reached our website after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information with which users can be personally identified.

Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Processing only takes place with your consent in accordance with § 25 TTDSG or Art. 6 para. 1 lit. a GDPR. You can revoke your consent via our Consent Management Tool.

In the case of Microsoft services, the transfer of data to Microsoft Corp. in the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Microsoft can be found in Microsoft's privacy policy at privacy.microsoft.com/de-de/privacystatement.

Microsoft Clarity

This website uses Clarity. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA98052-6399 (USA), docs.microsoft.com/en-us/clarity/ (hereinafter referred to as "Clarity").

Clarity is a tool for analyzing user behavior on this website. Clarity records in particular mouse movements and creates a graphical representation of which part of the website users scroll particularly frequently (heat maps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behavior within our website.

Clarity uses technologies that enable the recognition of the user for the purpose of analyzing the user behavior (e.g. cookies or the use of device fingerprinting). Your personal data is stored on Microsoft's servers (Microsoft Azure Cloud Service) in the USA.

The use of Clarity is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective user analysis. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Further details on Clarity's data protection can be found here: docs.microsoft.com/en-us/clarity/faq

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

YouTube

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection is established to the servers of YouTube is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.

If necessary, further data processing operations may be carried out after the start of a YouTube video over which we have no influence. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

You can find more information about data protection at YouTube in their privacy policy at: policies.google.com/privacy

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly being revised. Please ensure that you have the latest version.

Rights of data subjects

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to complain in accordance with the requirements of data protection law.

Right to information: You can request information from us as to whether and to what extent we process your data.

Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure: You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

Right to restriction of processing: You can request that we restrict the processing of your data if

  • you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • you have objected to the processing of the data.

Right to data portability: You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

  • we process this data on the basis of your revocable consent or for the performance of a contract between us, and
  • this processing is carried out using automated procedures.

If technically feasible, you can request that we transfer your data directly to another controller.

Right of objection: If we process your data for legitimate interests, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right of appeal: If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Changes to this privacy policy

We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.

All interested parties and visitors to our website can contact us regarding data protection issues at:

Mr. Christian Volkmer

Projekt 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg

Phone: 0941 2986930
Fax: 0941 29869316
E-mail: anfragen@projekt29.de
Internet: www.projekt29.de