Data Protection - Lizenzero Europe

Version: June 13, 2022

The protection and security of your data is an important concern for us, Interseroh+ GmbH, which we take into account in all our business processes. In this data privacy statement, we would therefore like to give you an overview of the aspects of our online offering that are relevant to data protection. In the following we explain:

Which data we collect when you use the online offering of Interseroh+ GmbH.
The purposes for which this data is processed by Interseroh+ and third parties.
What rights and choices you have regarding the processing of your data.
How to contact us about data privacy.

When does this data privacy statement apply?

This data protection statement applies to the online offering of Interseroh+ GmbH LIZENZERO under the domain lizenzero.eu and the social media presence of Lizenzero (hereinafter “social media presence”). Interseroh+ GmbH’s own data privacy statements, which you can call up within the corresponding offerings, apply in each case to online offerings of the company other than those mentioned above.

1. Controller and personal contact

The controller for data processing within the meaning of the European General Data Protection Regulation (GDPR) is

Interseroh+ GmbH

Stollwerckstr. 9a

51149 Cologne, Germany

When this data privacy statement refers to “we”, “us” or “Interseroh”, this refers exclusively to Interseroh+ GmbH.

If you have any questions about data protection in connection with our products and services or the use of our website, you can also contact our data protection officer at any time. The latter can be reached at the above postal address (attn. data protection officer) as well as at datenschutz@interzero.de.

2. Data processing when visiting our websites

2.1. Access data that is automatically recorded

You can visit our websites without providing any personal information. Only access data that is automatically transmitted to us by your browser will then be recorded. This includes, for example, your online identifiers (e.g. IP address, session IDs, device IDs); information about the web browser and operating system used; if applicable, the web page from which you access our websites (i.e. if you have accessed one of our web pages via a link); the names of the files requested (i.e. which texts, videos, images, etc. you have viewed on our websites); the language settings of your browser, error reports, if applicable, and the times of individual access.

The processing of this access data is necessary to enable you to visit and comfortably use our websites and to guarantee their long-term functionality and security.

The access data is also stored for 14 days in internal log files in order to compile statistical data on the use of our website. This enables us to continuously optimise and further develop our websites with regard to the usage habits and technical equipment of our users and to eliminate disruptions and security risks.

The legal basis for this data processing is Article 6 Paragraph 1 Letter f GDPR.

2.2. Cookies

We use our own cookies and cookies of third-party providers on our websites. A cookie is a standardised text file that is stored by your browser for a defined period of time. Cookies enable the local storage of information such as language settings and temporary identification features which can be requested by the server that set the cookie during subsequent web page views. You can view and delete the cookies used in the security settings of your browser. You can configure your browser settings according to your wishes and thus e.g. refuse the acceptance of cookies of third-party providers or all cookies. We would like to point out that in this case you may not be able to use all the functions of our websites.

For detailed information please see our cookie layer. There you can decide which cookies you would like to accept and which ones not.

Our own cookies are used to make your visit to our websites more user-friendly and secure. The legal basis for the associated data processing is Article 6 Paragraph 1 Letter f GDPR.

We use cookies of third-party providers for web analysis and advertising purposes. You will find more detailed information on this under Section 2.5. of this data privacy statement.

2.3. Your messages and communications

We collect all information and data that you provide to us through our websites. For example, at various points on our websites you have the option of sending us messages via functions such as the “contact form” or “contact”. Any mandatory information required for these functions is marked as such.

Your details will be used by us exclusively to process your request.

We delete the resulting data after the storage is no longer necessary, or limit the processing if there are legal storage obligations.

Your message will only be forwarded to another Interseroh company or to external third parties if this is necessary to process your request (for example, we will forward your message to another Interseroh company if it is responsible for your request). If you do not want your message to be passed on to another Interseroh company, you can inform us of this directly in your message – also as a precaution, of course. We will then forward your message to the other Interseroh company without any information that could identify you (e.g. your name, customer numbers or contact details).

The legal basis for the data processing described above is Article 6 Paragraph 1 Letter b of the GDPR.

We use the ticket system of the service provider Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102 (“Zendesk”) to process incoming messages. For this purpose, the messages we receive from Zendesk are stored in the Zendesk ticket system on our behalf and processed there by us. We have concluded an order processing contract with Zendesk in which it was agreed that Zendesk may only process the data according to our instructions, that it is stored separately from other customer data and that the data protection level of the GDPR is complied with. You can find more information on data processing by Zendesk in Zendesk’s privacy policy at https://www.zendesk.com/company/privacy.

2.4. Integration of YouTube videos

We use YouTube videos on parts of our websites. YouTube is a video platform operated by the Google company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). The YouTube videos can be played directly on our websites. They are embedded in “extended data-protection mode”, i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only if you play the videos will data be transmitted to YouTube. We have no influence on this data transmission. This is your personal decision. Please decide individually, if you wish to transfer data to the USA or not.

If you visit a website with embedded YouTube videos, YouTube and Google obtain the access data accrued thereby and the information that you have visited the page on our website in question. This will happen irrespective of whether or not you are logged into YouTube or Google. If you are logged into Google, you data will be associated directly with your Google account. If you do not wish them to be associated with your profile at YouTube, you must log out before playing a video. YouTube and Google may use your access data to produce user profiles for purposes of marketing, marketing research and needs-based design of their own websites. You have a right to object to the formation of these user profiles, in which case the objection must be sent directly to YouTube. You will find further information in Google’s Privacy Policy, which also applies to YouTube.

The legal basis for the foregoing data processing, insofar as we are the controlling body, is Article 6 (1) (f) of the GDPR.

2.5. Web Analysis

2.5.1. Google Analytics

Our websites use the web analysis service Google Analytics, which is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies to collect your access data when you visit our websites. The access data is summarised by Google on our behalf into pseudonymous user profiles and transferred to a Google server in the USA. Your IP address will be anonymised first. We are therefore unable to determine which user profiles belong to a particular user. We cannot identify you on the basis of the data collected by Google, nor can we tell how you use our websites.

By clicking on “I accept” in the cookie banner, you also consent to your data being processed in the USA in accordance with Art. 49 (1) sentence 1 (a) GDPR. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for control and surveillance purposes, possibly without the option of taking legal recourse. If you click on “Only accept essential cookies”, no such transfer as described above will take place.

Google will use the information obtained from cookies on our behalf to evaluate the use of our websites, compile reports on website activity and provide other services relating to website activity and internet usage for us. You can also find further information on this in the Data Privacy Statement of Google Analytics.

You can object to the creation and evaluation of pseudonymous user profiles by Google described above at any time. You have several options for this:

You can set your browser to block cookies from Google Analytics.
You can adjust your Google ads settings on Google.
You can set a deactivation” cookie by clicking here: Disable Google Analytics
You can install the deactivation plug-in provided by Google at https://tools.google.com/dlpage/gaoptout?hl=en on your Firefox, Internet Explorer or Chrome (this option does not work on mobile devices).

In case personal data are transferred to the USA, the EU standard contractual clause should be agreed with the respective providers and the provider’s statement as to whether they comply with the EU data protection level should be checked.

The legal basis for this data processing is Article 6 (1) (f) of the GDPR.

2.5.2. Google Optimize

Our website also uses Google Optimize. Google Optimize analyses the use of various versions of our website and helps us improve user friendliness in accordance with user behaviour on the website. Google Optimize is a tool integrated in Google Analytics. How to object to use of the services or analysis services is described in 2.5.1.

2.5.3. Google Adwords Conversion Tracking

We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for the purpose of optimising our website.

Google Adwords will place a cookie (see section 2.2) on your computer if you have accessed our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on the AdWords customer’s website and the cookie has not expired, Google and the customer will be able to see that the user clicked on the ad and was directed to that page. Each Adwords customer receives a different cookie. Therefore it is not possible to trace cookies via the websites of Adwords customers. The information collected with the aid of the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking.

Adwords customers learn the total number of users who clicked on their ad and were directed to a page tagged with a conversion tracking tag. However, they do not receive information enabling them to personally identify users. Should you not wish to participate in the tracking procedure, you may also refuse to set a cookie as required for this purpose – for example, by setting your browser to deactivate the automatic setting of cookies in general.

You may also disable cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”. Google’s privacy instruction on conversion tracking can be found here (https://services.google.com/sitestats/de.html).

2.5.4. Google Tag Manager

Our website uses Google Tag Manager, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The Tag Manager is used to manage website tags more efficiently. A website tag is a placeholder that is stored in the source code of our website, for example, to record the integration of frequently used web page elements (e.g. code for the web analysis service). The Google Tag Manager manages without the use of cookies.

In case personal data is transferred to the US, the EU standard contractual clause has to be concluded with the respective providers and a statement by the provider has to be examined to see whether it complies with the EU level of data protection. You can disable data transfers from the US by setting your browser accordingly. Further information can also be found in the Google Tag Manager information.

The legal basis for the data processing described above is Article 6 Paragraph 1 Letter f of the GDPR.

2.5.5. Mouseflow

This website uses Mouseflow, a web analytics tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect randomly selected individual visits (using an anonymous IP address only). The mouse movements, mouse clicks and keyboard interactions are logged at random, along with the intention of individual visits to this site as so-called session replays to reproduce and evaluate the so-called heat maps and determine potential improvements for this site. Furthermore, Mouseflow also serves multiple choice surveys on select pages to measure user satisfaction with the website or specific content. Surveys displayed and survey results are also stored in the cookie.

The Mouseflow cookie will be deleted after 90 days. The data collected by Mouseflow are non-personal and will not be disclosed to third parties and will be stored for a period of 3 months. The storage and processing of the collected data takes place within the EU. If you do not want to be tracked by Mouseflow on any websites using this cookie, you may object to this at the following link: https://mouseflow.de/opt-out/

The legal basis for the data processing described above is Article 6 Paragraph 1 Letter f of the GDPR.

2.6 Data transmission to the USA

3. Orders in the Lizenzero.eu shop

For orders in the Lizenzero.eu Shop, a customer account is required. You can find the conditions of participation at https://www.lizenzero.eu/en/agb/. For the registration for the customer account we require the following mandatory information from you:

First name
Surname
Email address
Password
Company
VAT ID No.
Tax number
Billing address

For the processing of orders we require the following additional data from you:

Registration number of the Zentrale Stelle Verpackungsregister (National Authority Packaging Register)
Payment method and payment data
Information on packaging quantaties

In addition, you can provide voluntary information after registration, e.g. your telephone number. We process the data provided by you in order to set up and provide your customer account and to fulfil the contract. The purposes primarily depend on the service you have commissioned and include, for example:

Provision of licensing services
Payment processing
Execution of customer service

The legal basis for this processing of your data is Article 6 Paragraph 1 Letter b GDPR.

4. Payment processing via BS Payone

We have commissioned BS PAYONE GmbH, Fraunhoferstraße 2-4, 24118 Kiel, with the processing of payments (PayPal, SEPA direct debit, bank transfer). For this purpose, BS PAYONE GmbH requires, among other things, your name and address, account number and sort code or credit card number (including validity period), invoice amount and currency as well as the transaction number. BS PAYONE GmbH may use this information for the purpose of payment processing and forward it to us. BS PAYONE is obliged to treat the information in accordance with the data protection laws. You can read the data protection regulations of PAYONE GmbH under https://www.payone.com/datenschutz/.

5. Data processing for social media presences

Lizenzero is represented on the following networks with its own social media accounts:

On these sites we tell you the latest news from Lizenzero and everything we have been doing, and we are glad to use the facilities provided by the social networks to communicate directly with their members.

Please note, however, that we have no influence of the data processing carried out by the social networks. Therefore please check carefully what personal information and what messages you send us via the social networks and, in case of doubt, use other ways of contacting us which we provide. We therefore cannot undertake any liability for the conduct of the operators of these social networks and of their other members.

If you communicate with us via our social media accounts, we shall process the information supplied to us for this purpose by the social network in question (e.g. your name, your profile page and the contents of the messages which you have sent to us) in accordance with the purpose for which you have sent it (e.g. service requests, suggestions and criticism). We shall erase the data thus accrued after their storage is no longer necessary, or we shall restrict their processing should statutory data retention obligations exist. In the case of public posts on our social media accounts, we shall decide in the individual case, weighing your interests and ours, whether and when we may delete these.

In the cookie banner, we have given you the choice to agree or not to the reloading of images from third-party providers. Only when you have clicked on Agree there will images and other data from third-party providers be reloaded. Your IP address will be transmitted to external servers (Facebook, Google, Instagram, Twitter, etc.). You can find out about the data protection of these providers on the respective pages. To facilitate your future visits, we store your consent in our cookie documentation. You can revoke this consent at any time at datenschutz@interzero.de.

The legal basis for the foregoing data processing will depend on the purpose of your message. Should the purpose be that of using our customer service or of requesting provision by Interseroh+, the legal basis will be Article 6 (1) (b) of the GDPR. Otherwise the legal basis will be Article 6 (1) (f) of the GDPR. Insofar as you have consented to the processing of the foregoing data, the legal basis is Article 6 (1) (a) of the GDPR.

6. Online advertising

We use the access data which is generated when you visit our websites to place advertisements in the online offerings of other providers (retargeting). In this way, we would like to present you with personalised advertising, i.e. advertising that is aligned to your interests and is therefore more relevant for you. For this purpose we also participate in the advertising networks of Google (Google advertising network) or Microsoft Bing Ads (“Bing advertising network”). This enables us to place personalised advertisements in the online offerings of other providers who participate in these advertising networks (as so-called publishers). Further information can be obtained from the operators of the respective advertising networks:

The legal basis for the data processing described below is Article 6 Paragraph 1 Letter f GDPR.

6.1 Google Analytics Audience

We also use Google Analytics’ Audience feature on our websites. This feature enables Google to contact you on our behalf with personalised advertising when you visit websites of other providers that also participate in the Google advertising network. Google uses the pseudonymous usage profiles and cookies generated by Google Analytics (see Section 2.5.1.) during use of our websites to determine your interests. On the basis of these pseudonymous usage profiles, Google can present you with personalised advertisements on the advertising spaces connected to the Google advertising network (e.g. Google can present you with advertising for a service or product offered by Interseroh+ about which you have previously informed yourself on one of our websites).

You can deactivate the processing of your data for personalised online advertising within the Google advertising network at any time. There are several ways to do this:

You can set your browser to block cookies from the www.googleadservices.com domain.
You can customise your ad settings on Google at https://www.google.de/settings/ads.
You can install the free deactivation plug-in from Google in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin (this does not work with browsers for mobile devices).
In addition, you can also deactivate personalised advertising from Google and many other providers that are part of the self-regulatory campaign “Your Online Choices”, also centrally on the website http://www.youronlinechoices.eu.

Please note that if you opt out of personalised advertising, Google will only display general advertising that has not been selected based on the access data collected about you.

6.2 Google Ads Lead Form

As part of our ad placement via Google, we also use the “Lead Form” function. This gives you the opportunity to request individual support from us by providing your email address and telephone number. The user information received from you will be used by us exclusively for the purpose described in the lead form (consultation). The information provided will neither be sold nor misused in any other way, which of course also includes disproportionately frequent contact by us.

6.3 Bing Ads

Our website uses Bing Ads, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft uses cookies and similar technologies to present you with advertisements that are relevant to you. The use of these technologies enables Microsoft and its partner sites to serve ads based on previous visits to our or other sites on the Internet. The access data collected in this context can be transferred by Microsoft to a server in the USA for evaluation and stored there.

If you do not want Microsoft to process your access data in this way, you may opt out of the setting of cookies of third-party providers required for this purpose. You can also prevent the collection and processing of this data by Microsoft by declaring your objection under the following link: http://choice.microsoft.com/de-DE/opt-out. For more information about data privacy and the cookies used by Microsoft and Bing Ads, visit the Microsoft website at https://privacy.microsoft.com/enus/privacystatement.

6.4 Facebook Ads

Our website uses the Facebook pixel, a service of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“).

Scope of processing: If you activate the Facebook pixel for our site, cookies are stored, which allow your browser to be recognised by a unique identifier when you visit pages on our website or other pages that use the Facebook pixel.

If you have activated the Facebook pixel for our site, the following data on page views and data from cookies, including the identifier stored in the cookie, are processed each time a page of our website that uses the Facebook pixel is called up and are usually transmitted to a Facebook server in the USA and stored there. The following data is transmitted:

Pixel ID
Data from Facebook cookies
“Button-Click-Data” (Details of buttons that the user has clicked and the page to which the user was redirected)
eCommerce Tracking

The pixel we use is not used in the “Lookalike Audience” variant, i.e. no further personal data is transmitted to Facebook by us.

The data collected is only made available to us by Facebook in the form of anonymised reports. However, we assume that Facebook can merge the data transmitted by us with any Facebook account of the data subject and use it for its own purposes, including the creation of meaningful profiles about data subjects. Facebook uses the data collected to create interest profiles that serve as the basis for the creation of target groups known as “Custom Audiences”. Facebook may add you to such an audience and display interest-based ads to you when you visit Facebook-owned pages. For more information about Facebook’s privacy policy, please visit the following addresses:

Facebook’s data policy: https://www.facebook.com/privacy/explanation
Facebook’s terms of use: https://www.facebook.com/legal/terms
Terms of use for data processing: https://www.facebook.com/legal/terms/dataprocessing
On Facebook cookies: https://www.facebook.com/policies/cookies/
On data collected via the Facebook pixel: https://developers.facebook.com/docs/facebook-pixel/implementation/gdpr
On the storage period of Custom Audiences: https://www.facebook.com/business/help/419552341510847

Purpose of the processing: We use the Facebook pixel in order to be able to advertise our offer on Facebook according to the target group. By assigning data subjects to a target group that is relevant for us, Facebook enables us to use our advertising media effectively. By using the Facebook pixel, we want to ensure that our advertisements on Facebook pages correspond to the potential interest of a user and do not appear intrusive.

Storage period: Data subjects who have been added to a “custom audience” are removed from the target group after 180 days, provided they have not been included again in the meantime by visiting the site. We do not store any personal data. Otherwise, the storage of personal data is governed by Facebook’s data protection regulations (see above).

Possibility of objection and removal: You can view the status of your consent via our Consent Manager and revoke a granted consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Your decision to use the service is stored in a cookie (see above). It is only valid for this browser and must be renewed after the specified period of validity has expired.

Registered users of the Facebook platform can select on the page https://www.facebook.com/settings?tab=ads which types of advertisements are displayed to them on within Facebook.

The legal basis for the data processing described above is Article 6 Paragraph 1 Letter b of the GDPR.

6.5 LinkedIn Ads

Our website uses the conversion tool “LinkedIn Insight Tag” from LinkedIn Ireland Unlimited Company, Wilton place, Dublin 2, Ireland. This tool creates a cookie in your web browser, which enables the collection of the following data, among others: IP address, device and browser properties and page events (e.g. page views). This data is encrypted, anonymised within seven days and the anonymised data is deleted within 90 days.

LinkedIn does not share any personal data with us, but offers anonymised reports on website audience and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. We can use this data to display targeted advertising outside our website without identifying you as a website visitor.

You can find more information on data protection at LinkedIn in the LinkedIn data protection information: https://www.linkedin.com/legal/privacy-policy

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To disable the Insight tag on our website (“opt-out”) click here.

The legal basis for the data processing described above is Article 6 Paragraph 1 Letter b of the GDPR.

6.6 Integration of the Trusted Shop Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any ratings collected as well as to offer the Trusted Shops products to buyers after an order. This serves to safeguard our overriding legitimate interests in optimal marketing within the framework of a balancing of interests by enabling secure purchasing in accordance with Art. 6 Par. 1 Sentence 1 Letter f GDPR. The Trustbadge and the services advertised thereby are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided by a CDN (Content-DeliveryNetwork) provider as part of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured in accordance with the data privacy statement of Trusted Shops GmbH. You can find this statement here https://www.trustedshops.de/impressum/#datenschutz.

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the retrieval, the amount of data transferred and the requesting provider (access data) and documents the retrieval. Individual access data is stored in a security database for the analysis of security vulnerabilities. The log files are automatically deleted 90 days after creation at the latest.

Further personal data is transferred to Trusted Shops GmbH if you decide after conclusion of an order to use Trusted Shops products or have already registered for the use. The contractual agreement between you and Trusted Shops applies. For this an automatic collection of personal data from the order data takes place. Whether you as a buyer are already registered for a product use is automatically checked on the basis of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted for Trusted Shops, before transmission. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfilment of our and Trusted Shops’ overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional valuation services in accordance with Art. 6 Par. 1 Sentence 1 Letter f GDPR. Further details, including regarding objections, can be found in the Trusted Shops data privacy statement linked above and in the Trustbadge.

6.7 Trustpilot

We participate in the rating procedure of the provider Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark.

Trustpilot offers users the opportunity to rate our services. Users who have used our service are asked for consent to send the rating request. Provided that the users have given their consent (for example by clicking on a checkbox or link), they will receive a rating request with a link to a rating page. In order to ensure that the users have actually used our services, we transmit to Trustpilot the data required for this with regard to the user and the service used (this includes the name, the e-mail address and a reference number). This data is used solely to verify the authenticity and address of the user.

The legal basis for the processing of the user’s data in the context of the evaluation procedure is consent pursuant to Art. 6 para. 1 lit. a. DSGVO.

In order to submit a rating, it is necessary to open a customer account with Trustpilot. In this case, the terms and conditions and data protection information of Trustpilot apply. In order to maintain the neutrality and objectivity of the ratings, we have no direct influence on the ratings and cannot delete them ourselves. For this purpose, we ask users to contact Trustpilot.

Furthermore, we can integrate the Trustpilot widget into our website. A widget is a functional and content element integrated within our online offer that displays variable information. Although the corresponding content is displayed within our online offer, it is retrieved at that moment from the servers of Trustpilot. This is the only way to always show the current content, especially the current rating. For this purpose, a data connection must be established from the website accessed within our online offer to Trustpilot and Trustpilot receives certain technical data (access data, including the IP address), which are necessary so that the content can be delivered. Furthermore, Trustpilot receives information that users have visited our online offer. This information may be stored in a cookie and used by Trustpilot to recognise which online services participating in the Trustpilot rating process have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes.

The legal basis for the processing of the user’s data in the context of the integration of the widget is our legitimate interest in informing our users about the quality of our services pursuant to Art. 6 para. 1 lit. f. DSGVO. If we ask users to consent to the processing of their data through the use of cookies, the legal basis of the processing is Art. 6 para. 1 lit. a. DSGVO.

For more information on the processing of their data by Trustpilot, as well as on their rights to object and other data subject rights, users can refer to Trustpilot’s privacy policy: https://de.legal.trustpilot.com/end-user-privacy-terms.

7. Newsletter

You have the possibility to subscribe to our newsletter, in which we inform you regularly about innovations to our products and promotions.

We use the so-called double opt-in procedure for the ordering of our newsletters, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided (this step may be omitted if we already know your e-mail address from other contexts, in particular a registration for a customer account). If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The storage serves the sole purpose to send you the newsletter and to be able to prove your registration. The legal basis for the processing is your consent (Article 6 Paragraph 1 Letter a GDPR).

In our newsletter we use technologies that are usual on the market to measure the interactions with the newsletter (e.g. opening of the e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimisation and further development of our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The data is collected exclusively under a pseudonym and is not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest pursuant to Article 6 Paragraph 1 Letter f GDPR. We want to use our newsletter to share content that is as relevant to our customers as possible and to better understand what readers are actually interested in. If you do not wish the analysis of user behaviour to be carried out, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. The data relating to the interaction with our newsletters is stored pseudonymously for 30 days and then completely anonymised.

Unsubscribing from the newsletter is possible at any time, e.g. via the unsubscribe link at the end of each newsletter. Alternatively, you can also send your unsubscribe request at any time to the contact details listed above.

8. Data transfer to third countries

As explained in this privacy policy, we use various services whose providers are partly located in so-called third countries (such as the USA), i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these states, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions to Art. 49 DSGVO, in particular your express consent or the necessity of the transfer for the performance of the contract.

If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it. In addition, it may not be possible to guarantee the enforceability of your data subject rights. When obtaining your consent via the cookie banner, you will also be informed of this.

9. Disclosure of data

9.1. General Principle

As a matter of principle, we only pass on your data if:

you have given your express consent pursuant to Article 6 Paragraph 1 Letter a GDPR,
the disclosure is required pursuant to Article 6 Paragraph 1 Letter f GDPR for the assertion, exercise or defence of Interseroh+’s legal claims and there is no reason to assume that you have an overriding interest that is worthy of protection in not disclosing your data,
we are legally obliged under Article 6 Paragraph 1 Letter c GDPR to disclose or
the disclosure is permitted by law and required under Article 6 Paragraph 1 Letter b GDPR for the performance of contractual relationships with you or for the implementation of pre-contractual measures which are taken at your request.

9.2. Transfer to external Interseroh+ service providers

Part of the data processing described in this data privacy statement may be carried out on our behalf by external service providers. In addition to the service providers mentioned in this data privacy statement, this may include, in particular, data centres that store our websites and databases, IT service providers that maintain our systems, and consulting firms.

If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures at their disposal to protect the rights of the persons concerned and are regularly monitored by us.

If we pass on your data beyond the scope of this data privacy statement to a service provider based in a country outside the European Economic Area (EEA), we will, if applicable, inform you separately about this circumstance and on which concrete guarantees the data transfer is based. If you would like to receive copies of guarantees proving an adequate level of data protection, please contact our Data Protection Officer (see Section 1).

9.3. Transfer to Cloudflare

We use Cloudflare, a Content Delivery Network of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Content delivery networks such as Cloudflare provide server capacity for website operators so that the services can be used optimally even with high data throughput. Therefore Cloudflare accelerates our online service and at the same time protects it from attacks by third parties. Further information can be found in the Cloudflare data privacy provisions: https://www.cloudflare.com/security-policy/.

9.4. Transfer to reCAPTCHA

To protect our website from automated, computer-controlled data input, we use the “reCAPTCHA” service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereafter called “reCAPTCHA”. By using this service, we can make a distinction between input that has been entered by human users and abusive, automatic machine input. The legal basis for the data processing described is Art. 6 (1) (f) of the GDPR. We have a legitimate interest in processing these data to ensure the security of our website and protect us from automated input (attacks).

As far as we are aware, the following information is transferred to Google: referrer URL, IP address, the activities of website visitors, information about the operating system, browser and duration of visits, cookies, display instructions and scripts, the input activities of the user as well as mouse movements near or in the “reCAPTCHA” checkbox.

The IP address identified as part of the “reCAPTCHA” procedure is not aggregated with other data held by Google unless you happen to be logged onto your Google account while using the “reCAPTCHA” plug-in. If you want to prevent the transfer and storage of your personal data and data about your use of our website by Google, then you must log out of your Google account before visiting our website and before using the reCAPTCHA plug-in.

Use of the information collected by the reCAPTCHA service is governed by the Google Privacy Policy: https://policies.google.com/privacy?hl=en.

If you do not wish to transfer your data to the USA, you can always log out at https://adssettings.google.com/authenticated.

10. Storage period

Unless otherwise stated in this data privacy statement, we will store and use your data only as long as it is necessary to fulfil our contractual or legal obligations or the purposes for which the data was collected. However, after the statutory limitation period has expired, we will restrict the processing, i.e. your data will only be used to comply with legal obligations.

We shall then delete the data without delay, unless we need the data until the end of the statutory limitation period for purposes of proof for civil law claims or because of statutory storage obligations. We may still have to store your data for accounting reasons afterwards. We are obliged to do so because of legal documentation obligations which may arise from the Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The time limits specified there for the retention of documents are between two and ten years.

The legal basis for this data processing for the purpose of fulfilling legal documentation and storage obligations is Article 6 Paragraph 1 Letter c GDPR.

11. Your rights

In order to assert your statutory data protection rights described below, you can contact our data protection officer (see Section 1) at any time:

You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing to you in the context of the provision of information and provide you with an overview of the data stored about your person.
If data stored by us is incorrect or no longer up-to-date, you have the right to have this data rectified.
You can also request the deletion of your data. Should deletion not be possible in exceptional cases due to other legal provisions, the data will be blocked so that they are only available for this legal purpose.
You can also have the processing of your data restricted, e.g. if you are of the opinion that the data stored by us is incorrect.
You have the right to data transferability, i.e. that we send you a digital copy of the personal data provided by you upon request.

You also have the right to complain to a data protection supervisory authority. For Interseroh+, this is the State Commissioner for Data Protection and Freedom of Information for North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf.

12. Right of revocation and objection

If you would like to make use of your following rights of revocation or objection, an informal communication to the contact data mentioned above under Section 1 is sufficient.

Revocation of consent

Pursuant to Article 7 Paragraph 2 GDPR, you have the right to revoke your consent to us at any time. The consequence of this is that we will no longer continue the data processing based on this consent in the future. The revocation of your consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.

Objection to the processing of your data

If we process your data on the basis of legitimate interests pursuant to Article 6 Paragraph 1 Letter f GDPR, you have the right pursuant to Article 21 GDPR to object to the processing of your data if there are reasons which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection which will be implemented by us even if no reasons are given.

13. Data security

For our online services, we maintain appropriate technical measures to guarantee data security, in particular to protect your data from the dangers of data transmissions and from unauthorised access by third parties. These will be adapted in each case to the current state of the art accordingly. We use Transport Layer Security (TLS), which encrypts the information you enter, to secure the personal information you provide on our website.

14. Changes to this data privacy statement

From time to time we update this data privacy statement, for example if we adapt our website or if the legal or regulatory requirements change.

Here you can download the data protection policy of Interseroh+ GmbH:

Data Protection Policy Interseroh+ GmbH