Passa alla homepage
Passa alla homepage

Privacy policy


Thank you for visiting our online shop or for contacting us in another way. We place particular importance on the protection of personal data. Use of the website is generally possible without providing any personal data. However, if you wish to make use of an offer from our company online, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject. The processing of personal data, such as the name, address, email address, or phone number of a data subject, is always carried out in accordance with the current Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR), and the Telecommunications-Telemedia Data Protection Act (TDDG). With this privacy policy, our company wishes to inform data subjects about the nature, scope, and purpose of the personal data we process, as well as to explain the rights they are entitled to. Our company has implemented numerous technical and organizational measures to ensure the highest possible level of protection for the personal data processed. However, internet-based data transmissions may have security vulnerabilities, meaning that absolute protection cannot be guaranteed.

  1. Definitions 
  2. Controller 
  3. Data Protection Officer 
  4. General Information on Data Processing 
  5. Provision of the Website and Creation of Log Files 
  6. Use of Cookies 
  7. Consent Management Tool 
  8. Contact Form and Email Contact 
  9. Automatic Email Archiving 
  10. Registration, Customer Account 
  11. Order Processing and Dropshipping
  12. Use of Payment Service Providers 
  13. PayPal 
  14. Mollie 
  15. Automatic Identity and Credit Check when Choosing the "PayPal" Payment Method 
  16. Google
  17. Google Tag Manager
  18. Web Analytics via Google Analytics
  19. Rights of the Data Subject 


I. Definitions

The privacy policy of our company is based on the GDPR. Our privacy policy is intended to be easily readable and understandable. To ensure this, we first explain the terms used:

  1. Personal Data refers to any information that can identify or make an individual (data subject) identifiable. A person is considered identifiable if they can be directly or indirectly recognized through features such as name, identification number, location data, online identifier, or special characteristics. These features may relate to physical, genetic, mental, economic, cultural, or social identity (Art. 4 Para. 1 GDPR).
  2. Data Subject is any identified or identifiable natural person whose personal data is processed by the controller.
  3. Processing refers to any operation or set of operations performed on personal data, whether automated or not. This includes collecting, storing, organizing, modifying, retrieving, using, transmitting, distributing, aligning, restricting, deleting, or destroying data.
  4. Restriction of Processing is the marking of stored personal data to limit its future processing.
  5. Profiling means automated processing of personal data to evaluate personal aspects of a natural person. This includes analyzing or predicting aspects such as work performance, financial situation, health, preferences, interests, behavior, or location.
  6. Pseudonymization means processing personal data in a way that it can no longer be attributed to a specific individual without additional information. These additional details are stored separately and protected by technical and organizational measures to prevent identification.
  7. Controller or Controller for Processing refers to the natural or legal person, authority, institution, or other entity that alone or jointly with others determines the purposes and means of processing personal data.
  8. Processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the controller.
  9. Recipient is a natural or legal person, authority, institution, or other entity to whom personal data is disclosed, regardless of whether they are a third party. However, authorities that may receive personal data under a specific investigation mandate according to Union law or the law of the member states are not considered recipients.
  10. Third Party is any natural or legal person, authority, institution, or other entity other than the data subject, the controller, the processor, and the persons authorized to process personal data under the direct authority of the controller or processor.
  11. Consent is any freely given, informed, and unambiguous indication of the data subject’s wishes, expressed through a statement or clear affirmative action, which signifies agreement to the processing of their personal data.


II. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection legal provisions, is:
Micony GmbH represented by Frederic Horsch
Sitzenhof 1
92421 Schwandorf
Phone: +49 162 5715510
Email: hey@ag-parts.de
Website: https://shop.horsch.com

III. Data Protection Officer

For questions regarding data protection, please feel free to contact hey@ag-parts.de. A Data Protection Officer has not yet been appointed.


IV. General Information on Data Processing

  1. Scope of Processing Personal Data
    We process personal data only when necessary to provide our website, content, or services. This is generally done with the user's consent, unless prior consent is not possible for practical reasons and is legally permitted.
  2. Legal Basis for Processing Personal Data
    Where we obtain consent from the data subject for processing personal data, Article 6(1)(a) GDPR serves as the legal basis.
    The processing of personal data to fulfill a contract with the data subject is based on Article 6(1)(b) GDPR. This also applies to data processing necessary for the execution of pre-contractual measures.
    Where the processing of personal data is required to fulfill a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
    If the processing is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.
    If the processing is necessary for the purposes of legitimate interests pursued by our company or a third party, and the interests, rights, and freedoms of the data subject do not override these legitimate interests, it is based on Article 6(1)(f) GDPR.
  3. Data Deletion and Storage Duration
    Personal data will be deleted or blocked once the purpose for storing it no longer applies. Extended storage is only permitted if required by European or national legislators in Union regulations, laws, or other provisions to which the controller is subject. The data will also be deleted after the legal retention periods established therein have expired unless they are still required for contract formation or contract performance.

V. Provision of the Website and Creation of Log Files

  1. Description and Scope of Data Processing
    For the operation of the online shop, a hosting service provider is used, on whose European servers the content of the website is stored.
    The hosting service provider has been carefully selected, and all necessary measures have been taken to ensure that the data processing is compliant with data protection laws (e.g., by concluding a data processing agreement).
    Each time our website is accessed, our system automatically collects data and information from the requesting computer system.
    The following data is collected:
  2. Information about the browser type and version used
  3. The operating system of the user
  4. The user's internet service provider
  5. The IP address of the user
  6. Date and time of access
  7. Websites from which the user's system accesses our website
  8. Websites accessed by the user's system via our website
  9. Retrieved file
  10. Amount of data sent

These data are also stored in the log files of our system. No storage of these data in combination with other personal data of the user takes place.

  1. Legal Basis for Data Processing
    The legal basis is Article 6(1)(f) GDPR (legitimate interest).
  2. Purpose of Processing
    The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. To do this, the IP address of the user must remain stored for the duration of the session.
    The storage in log files is done to ensure the functionality of the website. In addition, the data helps us to technically optimize the website and ensure the security of our information technology systems. These purposes constitute our legitimate interest under Article 6(1)(f) GDPR.
    No evaluation of the data for marketing purposes takes place in this context.
  3. Duration of Storage
    The data will be deleted once they are no longer necessary for the purpose of their collection. In the case of data collection for the provision of the website, this occurs once the respective session has ended.
    In the case of data stored in log files, this occurs after no later than seven days. Extended storage is possible. In this case, the IP addresses of the users are deleted or anonymized so that the identification of the requesting client is no longer possible.
  4. Right to Object and Removal
    The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Therefore, there is no possibility for the user to object.


VI. Use of Cookies

  1. Description and Scope of Data Processing
    Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored (set) on the user's operating system. Cookies are set by our website or external web services to maintain the full functionality of our website, improve user-friendliness, or track the purpose indicated by your consent. The cookies contain a characteristic string that allows for the unique identification of the browser when the website is revisited, as some elements of our website require that the requesting browser can be identified even after switching pages.
    The cookies store and transmit data such as:
  • Language settings
  • Log-in information
  • Items in a shopping cart

When accessing our website, the user is informed about the use of cookies for analysis and marketing purposes and their consent is obtained for processing the personal data used in this context. A reference to this privacy policy is also provided.

  1. Legal Basis for Data Processing
    If you have given us consent, the legal basis for processing personal data using cookies (e.g., for analysis and marketing purposes) is Article 6(1)(a) GDPR in connection with Article 25(1) TDDDG.
    The legal basis for processing personal data using technically necessary cookies within the meaning of Section 25(2) TDDDG is Article 6(1)(f) GDPR.
    You can withdraw your consent at any time with future effect by deactivating this service in the "Privacy Settings" on this page.
  2. Purpose of Data Processing
    Cookies are set by our website or external web services to maintain the full functionality of our website, improve user-friendliness, or track the purpose indicated by your consent. We can also recognize individual visitors using pseudonyms, which allows us to offer more personalized services.
  3. Duration of Storage
    Our cookies are stored until they are deleted in your browser or, if they are session cookies, until the session expires.
  4. Right to Object and Removal
    Cookies are stored on the user's computer and transmitted to our site. Therefore, you, as a user, have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the storage of cookies. Already stored cookies can be deleted at any time, which can also be done automatically. If cookies are disabled for our website, not all features of the website may be fully accessible.


VII. Consent Management Tool

  1. Description and Scope of Data Processing
    When accessing our website, we display a notice about "Privacy Settings," through which we manage our consent management. Our Consent Manager is controlled by the necessary "CookieConsent" cookie. This mechanism is used to manage your consent for the use of cookies on our website.
    If the "CookieConsent" cookie is not present, the Consent Manager will be displayed. If you reject the use of optional cookies, the "CookieConsent" cookie will be set to "Mandatory" and various standard delete cookies will be set. After restarting the browser, the Consent Manager will be shown again.
    When you give consent for technically necessary services in the Consent Manager, the value "mandatory" is stored in the "CookieConsent" cookie with a "|" separator. For example, if consent is given for all services, the value would be:
    "mandatory|Marketing|Stats|External|Unclassified".
    External media such as Google Maps or YouTube are blocked by default. If the string "External" is included in the "CookieConsent" cookie, these external media are loaded afterward. If you give consent within the blocked media container, the value in the "CookieConsent" cookie is extended by "external," and the corresponding content is loaded afterward.
    If the "Marketing," "Stats," or "Unclassified" strings are included in the value of the "CookieConsent" cookie, the Google Tag Manager is triggered, controlling the corresponding services based on the given value. Otherwise, the Google Tag Manager remains inactive. For previously given consent, the final step is executed immediately.
    Your consent is valid until the end of the browser session.
  2. Legal Basis for Data Processing
    The legal basis for using consent management is Article 6(1)(c) GDPR. The legal basis for processing personal data using technically necessary cookies within the meaning of Section 25(2) TDDDG is also Article 6(1)(f) GDPR.
  3. Purpose of Data Processing
    Consent management is used to manage your consent for the use of cookies on our website.
  4. Duration of Storage, Right to Object and Removal
    You can change your settings or withdraw your consent with future effect at any time by deactivating the corresponding category in the "Privacy Settings" on this page.


VIII. Contact Form and Email Contact

  1. Description and Scope of Data Processing
    Our website features a contact form that can be used for electronic communication. If a user takes advantage of this option, the data entered in the input mask will be transmitted and stored. This data includes: first name, last name, email address, phone number, subject, and message. At the time the message is sent, the following data is also stored:
    (1) The user's IP address
    (2) The date and time of registration
    For processing the data, we obtain your consent via a clear affirmative action or behavior during the submission process, and refer to this privacy policy. Alternatively, you may contact us via the provided email address. In this case, the personal data transmitted via email will be stored. No data is shared with third parties in this context. The data is used exclusively for processing the communication.
  2. Legal Basis for Data Processing
    The legal basis for data processing is, if the user has provided consent, Art. 6 Para. 1 lit. a DSGVO (GDPR). The legal basis for processing data transmitted via email is Art. 6 Para. 1 lit. f DSGVO. If the email contact aims at the conclusion of a contract, Art. 6 Para. 1 lit. b DSGVO also serves as the legal basis for processing.
  3. Purpose of Data Processing
    The processing of personal data from the input mask serves solely to handle the contact. In the case of email contact, the legitimate interest in processing the data is also present. The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information systems.
  4. Storage Duration
    The data will be deleted once it is no longer required to achieve the purpose of its collection and there are no legal retention periods preventing deletion. For personal data from the contact form and those transmitted via email, this occurs when the conversation with the user is deemed to be completed. A conversation is considered finished when it is evident from the circumstances that the matter in question has been conclusively resolved. The additional personal data collected during the submission process will be deleted no later than seven days after the completion of the submission.
  5. Right to Object and Removal
    The use of the contact forms is voluntary. The user has the right to withdraw consent for the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In this case, the conversation cannot be continued. All personal data that was stored during the contact process will be deleted.


IX. Automated Email Archiving

  1. Description and Scope of Data Processing
    Please note that our email system includes an automated archiving process. All incoming and outgoing emails are digitally archived in a tamper-proof manner.
  2. Legal Basis for Data Processing
    Art. 6 Para. 1 lit. c DSGVO (legal obligation). The legal obligation arises from compliance with tax and commercial law requirements (e.g., §§ 146, 147 AO, §§ 238, 257 HGB).
  3. Purpose of Data Processing
    The purpose of archiving is to comply with tax law (e.g., §§ 146, 147 AO – obligation to retain emails of tax relevance) and commercial law requirements (e.g., §§ 238, 257 HGB – obligation to archive business correspondence).
  4. Storage Duration
    The storage of our email communication occurs until the expiration of tax and commercial retention obligations. The retention period can be up to 10 years.
  5. Right to Object and Removal
    You may object to the processing at any time in accordance with Art. 21 DSGVO and request the deletion of data in accordance with Art. 17 DSGVO. Your rights and how to exercise them are detailed in the lower section of this privacy policy.


X. Registration, Customer Account

  1. Description and Scope of Data Processing
    On our website, we offer users the option to register by providing personal data. This data is entered into an input form on the HORSCH portal, transmitted to HORSCH, and stored. You will receive an email from noreply@horsch.com with a time-limited link to confirm your registration. The data is not shared with third parties. The following data is collected during the registration process:
    • Email address.
      At the time of registration, the following data is also stored:
      (1) The user's IP address
      (2) The date and time of registration.
      During the registration process, your consent to the processing of this data is obtained. To place an order, you must complete the required fields in your customer account and choose a payment method.
  1. Legal Basis for Data Processing
    The legal basis for the processing of data is, in case the user has provided consent, Art. 6 Para. 1 lit. a GDPR. If registration and use of the customer account are for the performance of a contract in which the user is a party or for carrying out pre-contractual measures, the additional legal basis for data processing is Art. 6 Para. 1 lit. b GDPR.
  2. Purpose of Data Processing
    Once the user has registered, the processing is necessary to fulfill a contract with the user or for carrying out pre-contractual measures.
  3. Duration of Storage
    The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. This is the case for data collected during the registration process to fulfill a contract or to carry out pre-contractual measures once the data is no longer required for the execution of the contract. Even after the contract is concluded, it may be necessary to retain personal data of the contractual partner in order to comply with contractual or legal obligations.
  4. Right to Object and Removal
    As a user, you have the right to cancel your registration at any time. The data stored about you can be modified at any time. Deletion of your customer account is also possible at any time. To do so, simply send a message to one of the responsible parties mentioned above. After account deletion, your data will be removed, provided all contracts have been concluded, there are no legal retention obligations, and no legitimate interest on our part in further storage. If the data is required for the performance of a contract or the execution of pre-contractual measures, early deletion of the data is only possible if no contractual or legal obligations prevent deletion.

XI. Order Processing and Dropshipping

  1. Description and Scope of Data Processing
    For placing an order without registration, click the "Direct to PayPal" button in the cart status window, which you can reach by clicking on the cart icon. You can complete your purchase there without registration either directly through your PayPal account by logging into PayPal, or you can select "Pay with Credit or Debit Card" if you do not have a PayPal account. After submitting your email address, you can choose to pay via direct debit or credit/debit card via PayPal. To place an order with registration and a customer account, you must complete the required fields in your customer account and choose a payment method. After the order is placed, Micony GmbH processes this data and instructs external shipping partners/carriers to deliver the goods.
  2. Legal Basis for Data Processing
    According to Article 6 Paragraph 1 lit. b GDPR, your personal data is collected and processed to the necessary extent by us, our partner HORSCH Maschinen SE & Co. KG, and the payment provider you choose, when you place an order.
  3. Purpose of Data Processing
    For payment purposes, you will be directly forwarded to our payment providers. For order processing, the execution of goods delivery, and possible service or return handling, Micony GmbH processes your order data and instructs external shipping partners/carriers to deliver the goods.
  4. Duration of Storage
    The data will be deleted as soon as they are no longer required to achieve the purpose of their collection.
  5. Right to Object and Removal
    As a user, you have the right to cancel your registration at any time. The data stored about you can be modified at any time. If the data is required for the performance of a contract or the execution of pre-contractual measures, early deletion of the data is only possible if no contractual or legal obligations prevent deletion.


XII. Use of Payment Service Providers

We process your payment information for the purpose of payment processing when you purchase a product. Depending on the payment method, we forward your payment information to third parties. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR. We use external payment service providers, through whose platforms you and we can perform payment transactions. The data processed by payment service providers includes master data such as name and address, bank data such as account numbers or credit card numbers, as well as passwords, TANs, checksums, and contract-related information. These details are necessary to carry out transactions. Please note that only the payment service providers process and store this data. We do not receive account- or credit card-related information, but only confirmations or negative reports of the payment. It is possible that payment service providers may pass this data on to credit agencies to conduct identity and credit checks. For details on this and the exercise of withdrawal, access, and other rights of the data subject, please refer to the terms and conditions and privacy notices of the respective payment service provider.

1. PayPal

If you choose PayPal as your payment method, your payment data will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal") for payment processing. For the following payment methods, PayPal reserves the right to perform a credit check: Credit card via PayPal, direct debit via PayPal, or "Pay on Invoice" via PayPal. PayPal uses the result of the credit check to assess the statistical probability of a payment default. This assessment serves as the basis for deciding whether the respective payment method will be provided. The credit check may contain so-called score values that represent probability values. If score values are included in the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Various data, including address data, are taken into account in calculating the score values. For more information, refer to PayPal’s privacy policy: PayPal Privacy Policy.

2. Mollie

For additional payment methods, we use the external payment service provider Mollie (Mollie B.V, Keizersgracht 313, 1016 EE Amsterdam, Netherlands). Mollie processes the following payment methods:

When you make a payment, the payment data you enter is transmitted to both Mollie and the payment provider you selected. The transmission of your data to Mollie is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the right to withdraw your consent to data processing at any time. Withdrawal does not affect the effectiveness of data processing in the past. For payment transactions, the terms and conditions and privacy notices of the respective payment providers apply, which are also accessible within the respective websites or transaction applications. We refer to these documents for further information and the exercise of withdrawal, access, and other rights of the data subject. For further details on payments via Mollie, please refer to the following link: Mollie Privacy Policy.


XIII. Automated Identity and Credit Check when Choosing the Payment Method "PayPal"

  1. Description and Scope of Data Processing
    If you choose "PayPal" as the payment method, we transmit your personal customer data collected during the order process to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal") for payment processing. If you consent, the following data will be affected by the data transmission: first and last name, street, house number, postal code, city, date of birth, phone number, and order-related data.
  2. Legal Basis for Data Processing
    Art. 6 para. 1 lit. b GDPR (performance of (pre-)contractual measures).
  3. Purpose of Data Processing
    If you select the payment method "PayPal," PayPal will perform a credit check. Mathematical-statistical methods are used to calculate a rating regarding the likelihood of a payment default (i.e., the calculation of a scoring value). PayPal bases its decision on whether the respective payment method is offered on the calculated scoring value. The calculation of the scoring value follows recognized scientific methods. Please refer to PayPal’s privacy policy for further details: PayPal Privacy Policy.
  4. Duration of Storage
    We will store the relevant data for payment processing as long as it is necessary for the transaction. If the data is subject to statutory retention periods, it will be deleted after the retention period expires. The duration of data storage by PayPal is specified in PayPal’s privacy policy: PayPal Privacy Policy.
  5. Right to Object and Removal
    You can object to the processing of your data at any time according to Art. 21 GDPR and request the deletion of your data according to Art. 17 GDPR. Your rights and how to exercise them are outlined at the end of this privacy notice.


XIV. Google

We use the Google service on our site, provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. The transfer of personal data also takes place to the USA. In regard to the transfer of personal data to the USA, there is an adequacy decision under the EU-US Data Privacy Framework by the EU Commission according to Article 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual protection level of the GDPR applies for the transfer.

The legal basis for the processing of personal data is your consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, which you have provided on our website.

We use Google to load additional Google services on the website. The service is used to provide additional Google services, such as necessary data processing for streaming and font provision, as well as relevant content from Google Search. It is technically required to exchange information already held by Google about the website visitor between Google services and to provide the visitor with individualized content tailored to their Google account.

For processing, the service or we collect the following data: Background data stored in the Google user account or other Google services about the website visitor, background data for the provision of Google services, such as streaming or advertising data, data about the user's interaction with Google Search, information about the device used, IP address, browser, and other data from Google services for providing Google services related to our website.

If the service is active on our website, our site establishes a connection to the servers of Google Ireland Limited and transfers the necessary data. As part of the order processing, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services to provide background services for displaying and processing data of the services provided by Google. This may also involve data transmission to Google services such as Google APIs, Doubleclick, Google Cloud, Google Ads, and Google Fonts in accordance with the Google Privacy Policy. The provider's certification under the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/list.

You may withdraw your consent at any time. For more information on withdrawing your consent, please refer to either the consent itself or the end of this privacy policy.

For more information on how the transferred data is handled, see the provider's privacy policy at https://policies.google.com/privacy. The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=en.

XV. Google Tag Manager

We use the Google Tag Manager service on our site, provided by Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. The transfer of personal data also takes place to the USA. In regard to the transfer of personal data to the USA, there is an adequacy decision under the EU-US Data Privacy Framework by the EU Commission according to Article 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual protection level of the GDPR applies for the transfer.

The legal basis for the processing of personal data is your consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, which you have provided on our website.

Google Tag Manager offers a technical platform to execute and manage other web tools and web tracking programs using "tags." In this context, Google Tag Manager stores cookies on your computer and analyzes your browsing behavior (called "tracking") when web tracking tools are executed via Google Tag Manager. The data generated by the "tags" is aggregated, stored, and processed under a unified user interface in Google Tag Manager. All integrated "tags" are listed separately in this privacy policy. When using our website with the integration of "tags" via Google Tag Manager, data such as your IP address and user activities is transmitted to Google's servers. Google Tag Manager ensures that the IP address is anonymized before transmission by anonymizing the source code. With Tag Manager, data from various service providers (Google and third parties) can be linked and analyzed based on so-called tag management. Google Tag Manager helps us compile reports about website activities and control the web tools on our site.

For processing, the service or we collect the following data: cookies, web tracking data, outgoing or incoming links, information generated by the integration and activation of JavaScript code on the website by Google Tag Manager, and the web tools triggered by Google Tag Manager.

The provider's certification under the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/list.

You may withdraw your consent at any time. For more information on withdrawing your consent, please refer to either the consent itself or the end of this privacy policy.

For more information on how the transferred data is handled, see the provider's privacy policy at https://policies.google.com/privacy. The provider also offers an opt-out option at https://policies.google.com/privacy.


XVI. Web Analysis through Google Analytics

We use the Google Analytics service on our site, provided by Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. The transfer of personal data also takes place to the USA. In regard to the transfer of personal data to the USA, there is an adequacy decision under the EU-US Data Privacy Framework by the EU Commission according to Article 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual protection level of the GDPR applies for the transfer.

The legal basis for the processing of personal data is your consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, which you have provided on our website.

Google Analytics is a web tracker that analyzes the behavior of website visitors and their interactions with our website, providing us with insights and predictions about the content and products of our website and their popularity (called tracking). We have integrated Google Analytics so that the service can compile an analysis of users' browsing behavior. To do this, Google collects the page interactions of website visitors with our website and any existing information that may result from reading cookies or other storage technologies and prepares it for us statistically. Google Analytics uses data processing technologies that enable tracking of individual website visitors and their interactions with other Google services, such as the Google Ads advertising network. Data from other Google services is also used to fill data gaps and generate comprehensive statistics about our website's content using machine learning technologies, modeled statistics, and forecasting functions. If Google Analytics is active on our website, the data collected by Google Analytics is transmitted to the servers of Google Ireland Limited. As part of the order processing, personal data may also be transferred to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. We conduct analysis through Google Analytics to constantly optimize and improve the availability of our internet offering. This is known as reach measurement.

For processing, the service or we collect the following data: data on interactions of website visitors with the website content, data on handling the displayed services on our website, data from external Google services if they interact with our website (such as advertising data or data regarding behavior related to advertising), data about the general geographic origin, browser used, operating system, and further information about the device used.

Google Analytics will store the relevant web tracking data for as long as necessary to fulfill the contracted web service. The data collection and storage will be anonymized. If individual interactions from website visitors allow a personal reference to be made, we will delete the collected data once the purpose is achieved. The data will be deleted no later than when it no longer falls under any legal retention obligations. As a rule, we will delete this data no later than after 12 months. The provider's certification under the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/list.

You may withdraw your consent at any time. For more information on withdrawing your consent, please refer to either the consent itself or the end of this privacy policy.

For more information on how the transferred data is handled, see the provider's privacy policy at https://policies.google.com/privacy. The provider also offers an opt-out option at https://tools.google.com/dlpage/gaoptout?hl=en.

XVII. Rights of Data Subjects

We are aware that you have certain rights when it comes to the processing of your data. In the following sections, we inform you about the rights you have and how you can exercise them.

  1. Right to Access (Art. 15 GDPR):
    You have the right to request information from us about the personal data we process about you and the purpose of the processing. If the request for information is not made in writing via a contact address already stored in our systems, we kindly ask for your understanding that we may require proof from you to confirm your identity.
  2. Right to Rectification (Art. 16 GDPR):
    You have the right to have incorrect or incomplete personal data we have stored about you corrected.
  3. Right to Erasure (Art. 17 GDPR):
    You have the right to request the deletion of your personal data if it is no longer needed or if the processing violates data protection regulations.
  4. Right to Restriction of Processing (Art. 18 GDPR):
    You have the right to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, or you have objected to the processing.
  5. Right to Data Portability (Art. 20 GDPR):
    You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
  6. Right to Object (Art. 21 GDPR):
    You have the right to object to the processing of your personal data if the processing is based on legitimate interests or is for direct marketing purposes.
  7. Right to Withdraw Consent (Art. 7 (3) GDPR):
    You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  8. Right to Lodge a Complaint with a Supervisory Authority:
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or the place of the alleged infringement if you believe that the processing of your personal data violates the GDPR. The supervisory authority that receives the complaint will inform the complainant of the status and outcome of the complaint, including the possibility of judicial remedy under Art. 78 GDPR.

As of: 26.03.2025