Data Protection

1. Preamble 

In operating our website www.superbloom.de (hereinafter referred to as "website") we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the Basic Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). With our data protection regulations we want to inform you which personal data we collect from you, for which purposes and on which legal basis we use them and if necessary to whom we disclose them. Furthermore, we will explain to you which rights you are entitled to in order to protect and enforce your data protection.

2. Terms 

Our data protection regulations contain technical terms that are contained in the DSGVO and the BDSG. For your better understanding, we would like to explain these terms in simple words in advance:

2.1 Personal data

"Personal data" means any information relating to an identified or identifiable person (Art. 4 No. 1 FADP). Information relating to an identified person may, for example, be the name or the e-mail address. However, personal data also includes data where the identity is not immediately apparent but can be determined by combining one's own information or that of others and thus finding out who it is. A person becomes identifiable, for example, by providing their address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here is all information that in any way allows an inference to a person.

2.2 Processing

Art. 4 No. 2 DPA defines "processing" as any operation involving personal data. This applies in particular to the collection, recording, organisation, arrangement, storage, adaptation or alteration, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linkage, restriction, deletion or destruction of personal data.

3. Person in charge

Responsible for data processing:

Company: Superbloom Festival GmbH & Co. KG ("we")

Represented by: Marko Hegner (Managing Director), Thomas Resch (Managing Director)

Phone: +49 30 403 67 050
Fax: +49 30 403 67 0533
Address: Pfuelstraße 5, 10997 Berlin
E-mail: info@superbloom.de

4. Data protection commissioner

We have appointed an external data protection officer for our company. You can reach him at:

Name: Reinher Karl
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg
Phone: +49 40 18189800
Fax: + 49 40 181898099
E-mail: datenschutz@habewi.de

5. Processing frame: web page

As part of the website with the URL www.superbloom.de, we process the personal data of you listed in detail in section 6.17 below. We only process data of yours that you actively provide on our website (e.g. by filling out forms) or that you automatically provide when using our services.

Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we, as the client, are authorised to issue instructions to our contractor. For the operation of our website we use external service providers for hosting, as well as for maintenance, care and further development. Should further external service providers be used for individual processing operations listed in section 6.17, they will be named there.

For the hosting of our website we use the external service provider DigitalOcean, LLC New York, NY 101 6th Ave with server location Frankfurt am Main. A data transfer to third countries does not take place and is not planned. We will inform you about exceptions to this principle in the processing operations described below.

6. Provision of the website and server log files

6.1 Description of processing

Every time you call up the website, we automatically record information that your browser sends to our server (so-called log files). These are the following data: 

These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to deliver our website to the end device of a user. For this purpose, the user's IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files.

6.2 Purpose

Processing is carried out to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.

6.3 Legal basis

The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in item 6.2.

6.4 Storage period

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. Log files are deleted after 7 days.

7. Purchase

7.1 Description of processing

You can shop on our website as a guest or as a registered user. Within the scope of your order process we process personal data from you. The mandatory fields marked with an asterisk "*" in our online shop must be filled in by you. Otherwise it is not possible for us to conclude a purchase contract with you and send you the desired goods. All other details are voluntary. When shopping on our website, you can also select one of the payment methods offered to settle the purchase price. When completing your order, the data required for payment will be passed on to the respective payment service provider. If you shop on our website as a registered user, you can enter your billing and delivery addresses, as well as your preferred method of payment in your user profile for a faster and more convenient ordering process.

7.2 Purpose

The processing takes place for the conclusion and processing of sales contracts.

7.3 Legal basis

The processing is necessary for the conclusion and performance of the purchase contracts (Art. 6 para. 1 lit. b DSGVO).

7.4 Storage period

Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, after two years, we will restrict the processing. This means that your data will then only be stored separately to comply with the statutory retention periods and will be deleted immediately after their expiry.

7.5 Receiver

To process your payment, personal data will be forwarded to one of the external payment service providers listed below and selected by you in the course of your purchase:

8. Contact by E-Mail

8.1 Description of processing

You can contact us via the e-mail addresses given on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

8.2 Purpose

The data transmitted with and in your e-mail are used exclusively for the purpose of processing and answering your request.

8.3 Legal basis

If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the purpose of fulfilling the contract (Art. 6 para. 1 lit. b DSGVO).

8.4 Storage period

The data will be deleted by us as soon as they are no longer necessary for the purpose of their collection. This is usually the case when the respective communication with you has ended. The communication is terminated when it can be concluded from the circumstances that your request has been finally clarified. If legal retention periods prevent deletion, the data will be deleted immediately after expiry of the legal retention period.

9. Cookies

9.1 Description of processing

Our website uses cookies. Cookies are small text files that are stored on the user's end device when visiting a website. Cookies contain information that enables the recognition of a terminal device and possibly certain functions of a website. In most cases we only use so-called "session cookies". These are automatically deleted when you end your internet session and close the browser. Other cookies remain stored on your end device for a longer period of time. We use the following cookies on our website:

9.2 Purpose

We use cookies to make our website more user-friendly and to offer the functions described in clause 9.1.

9.3 Legal basis

The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in item 9.2. If you are asked by us for consent in the context of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary.

9.4 Storage period

Cookies are automatically deleted at the end of a session or when the specified storage period expires. Since cookies are stored on your terminal device, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, individual functions of our website cannot be used or can only be used to a limited extent. If we obtain consent for the use of cookies via a cookie banner or a cookie content tool, you can revoke this consent at any time in the settings of the cookie banner or cookie content tool with effect for the future.

10. Newsletter

10.1 Description of processing

We send out a newsletter at regular intervals. With the newsletter we inform you about topics concerning the Superbloom Festival. You will only receive our newsletter if you actively subscribe to our mailing list. You can subscribe to it by filling out and sending a newsletter registration form on our website. To subscribe to the newsletter you only need to enter your e-mail address. All other details (such as your first name and surname) are voluntary and are used solely to personalise the e-mails.

We use the so-called double opt-in procedure to carry out and verify newsletter registrations. A registration takes place in several steps. First you register for the newsletter on our website. You will then receive an e-mail from us to the e-mail address you have provided. With this e-mail we ask you to confirm that you have actually subscribed to the newsletter and wish to receive it. A confirmation is made by clicking on a confirmation link in the e-mail. Only after a successful confirmation we will add you to our newsletter distribution list and send you e-mails in the future. Within the scope of the double opt-in procedure, we save the date, time and your IP address both during registration and confirmation.

If you purchase goods or services on our website and enter your e-mail address, we may subsequently use it to send you a newsletter for existing customers. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services.

10.2 Purpose

The processing is done in order to offer the newsletter function and to send newsletter e-mails to subscribers. The collection and storage of date, time and IP addresses during newsletter registration serves the documentation of granted consent and protection against the misuse of e-mail addresses.

10.3 Legal Basis

The processing of our subscriber newsletter is based on a consent pursuant to Art. 6 para. 1 lit. a DSGVO. Your consent is voluntary. The collection and storage of the date, time and IP addresses when registering for the newsletter is necessary to safeguard the predominant legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 10.2.

10.4 Storage duration and contradiction

If you do not confirm your subscription to our newsletter within 24 hours of receiving the corresponding registration e-mail, your data will be automatically deleted. We process your personal data for the duration of your newsletter subscription.

You can cancel your subscription to our newsletter at any time by withdrawing your consent. A simple declaration by e-mail to info@superbloom.de is sufficient for this purpose. It is also possible to unsubscribe from the newsletter by clicking on the unsubscribe link in every newsletter e-mail. With the revocation of your consent, no more newsletters will be sent to you and your personal data will be removed from our active mailing list. To enforce your revocation, we will add your e-mail address to our so-called black list in a restricted manner. In this way we can ensure that you will not receive any newsletters from us in the future and that your e-mail address will not be misused by third parties.

10.5 Recipients and transfers to third countries

For the administration of our newsletter distribution list and for sending the e-mails we use the services of the newsletter provider Mailchimp. This takes place in the context of an order processing. Mailchimp is an offer of The Rocket Science Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318, USA (in the following called "Mailchimp"). With your newsletter registration the data given during the registration process is transferred to Mailchimp and processed on Mailchimp servers in the USA. Mailchimp is subject to the EU-US Privacy Shield. Further information about the EU-US-Privacy-Shield can be found at https://www.privacyshield.gov/EU-US-Framework. For more information on data protection at Mailchimp, please see the service provider's privacy policy at http://mailchimp.com/legal/privacy/.

11. Social Networks

11.1 Description of processing

Our website does not use so-called social media plugins. The logos of the social networks Facebook, Twitter, Instagram and Snapchat displayed on our website are merely linked to the corresponding profiles of our company. If you click on one of the logos, you will be redirected to the external website of the respective social network.

However, our profiles within the social networks also constitute data processing. If you are logged in to the respective social network when you visit such a profile, this information is assigned to your user account there. If you interact with our profile, e.g. "share", "link" or "retweet" a post, this information is also stored in your user account. Through the so-called "Insights" on our Facebook page, we have the possibility to obtain statistical data. These statistics are provided by Facebook. The "Insights function" is not subject to change. We cannot decide to turn this function on or off. It is available to all Facebook fan page operators, regardless of whether you use the Insights function of Facebook or not. We are provided with data for a selectable period of time and for the following groups of affected persons: Fans, subscribers, people reached and people interacting. These are the following categories of personal information: Total number of page views, "likes me" information including origin, page activity, post interactions, reach, post reach (divided into organic, viral and paid interactions), comments, shared content, responses, and demographic analysis, i.e., country of origin, gender and age. Because of the Facebook Terms of Use - which every user must agree to in order to use Facebook - we are able to identify subscribers and fans of our site and view their profiles.

The social networks with which you communicate store your data using pseudonyms as user profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your end device. Further information on cookies can be found in section 9. You have a right of objection to the creation of these user profiles, for the exercise of which you must contact the social networks directly.

11.2 Purpose

We maintain profiles with the aforementioned social networks for the purpose of up-to-date and supportive public relations and corporate communication with customers and interested parties.

We use the "Facebook Insights" function to make our contributions on our Facebook fan page more attractive to our visitors. For example, we are able to use visitors' preferred visiting times to optimize the scheduling of our posts.

11.3 Legal basis

The legal basis for data processing within the scope of our profiles on social networks is the protection of our predominant legitimate interests (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in item 11.2. If you are asked by us for consent in the context of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 para. 1 lit. a DSGVO. With regard to our Facebook fan page, data processing is also based on an agreement on joint responsibility in accordance with Art. 26 DSGVO between us and Facebook, which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum.

11.4 Recipients and transfers to third countries

The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection regulations.

The social networks also process your personal data in the USA and have submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.

12. YouTube-Videos

12.1 Description of processing

Our website uses services from "YouTube" a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as "YouTube"). YouTube is represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube by embedding individual videos from the platform on our website as so-called iFrames so that they can be played directly on our website. The videos are embedded in the "enhanced privacy mode" offered on YouTube, which means that no personal data will be transferred from you to Google as long as you do not play the videos.

Only when a video is played does a data transfer to Google occur, over which we have no influence. If you play an embedded video on a subpage of our website, Google is informed which subpage you have visited and which video you have viewed. If necessary, your IP address is also transmitted to Google. If you are logged in as YouTube or Google user, Google will assign this information to your user account. Google stores your data as user profiles and uses them for advertising purposes, for market research and/or for the design of the Google websites according to your needs. You have a right of objection to the creation of these user profiles, for the exercise of which you must contact Google directly. Further information on data protection at Google can be found at https://policies.google.com/privacy?hl=de-DE.

12.2 Purpose

The processing is done to be able to show you videos on our website.

12.3 Legal basis

The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in item 12.2.

12.4 Recipients and transfers to third countries

By integrating YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

13. Google Analytics 

13.1 Description of processing

Our website uses "Google Analytics", a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Analytics uses cookies (see clause 9), which enable an analysis of your use of our offer. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. However, we use Google Analytics exclusively with IP anonymisation. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.

The statistics created by Google Analytics record, in particular, how many users visit our website, from which country or location the access takes place, which sub-pages are called up and via which links or search terms visitors reach our website. The user conditions of Google Analytics can be found at https://marketingplatform.google.com/about/analytics/terms/de/. An overview of data protection at Google Analytics is available at http://www.google.com/intl/de/analytics/learn/privacy.html. The Google data protection declaration can be viewed at https://policies.google.com/privacy?hl=de-DE.

13.2 Purpose

The processing is done in order to be able to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.

13.3 Legal basis

The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in item 13.2. If you are asked by us within the framework of a cookie banner or cookie content tool for consent, which also covers the use of Google Analytics, then the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary.

13.4 Storage period and right of objection

We have explained the storage period as well as your control and setting options for cookies in section 9. You can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=de. The analysis data processed and stored by Google Analytics will be automatically deleted by us after 14 months. If we obtain consent for the use of Google Analytics via a cookie banner or a cookie content tool, such consent can be revoked by you at any time within the settings of the cookie banner or cookie content tool with effect for the future.

13.5 Recipients and transfers to third countries

Google Analytics is a service provider for us within the scope of an order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

14. Google Adwords Conversion and Google Remarketing

14.1 Description of processing

Our website uses the advertising service "Google Adword Conversion", which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). With the help of Google Adwords Conversions, we can place advertisements on external websites to draw your attention to our offers. Furthermore, the service enables us to determine the reach and success of individual advertising measures. Our advertisements are delivered by Google via so-called "Ad Servers". For this purpose, Google uses so-called "Ad Server" cookies, which measure certain parameters for measuring success, such as the display of the ads or clicks by users. If you reach our website via a Google ad, Google Adwords will store a cookie in your terminal device (see clause 9). According to Google, these cookies are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually stored as analysis values. The cookies enable Google to recognize your internet browser.

If you visit websites of an Adwords customer and the cookie stored on your device has not expired, Google and the customer can recognize that the user clicked on the ad and was redirected to our website. A different cookie is assigned to each Adwords client. This means that cookies cannot be tracked on the websites of Adwords customers. We ourselves do not process personal data with our Google Adwords advertising measures. Google only provides us with statistical analyses. By means of these evaluations we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information. When you visit our website, a connection to the Google servers is therefore established. We have no influence on the scope and further use of the data collected by Google through the use of Google Adwords Conversion and therefore inform you according to our state of knowledge: Through the integration of Google Adwords Conversion, Google receives information about which subpage of our website you have called up or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that Google will find out your IP address and save it.

Our website also uses the advertising service "Google Remarketing", which is also operated by Google. With Google Remarketing, we can address you again with advertisements for our offers after visiting our website on other websites that have joined the Google advertising network. Google also uses cookies for this purpose, which are stored in your browser and which are used to record and evaluate your usage behaviour when visiting various websites. Google can thus determine your previous visit to our website and show you advertisements for our offers on other websites. A combination of the data collected in the course of remarketing with your personal data, which may be stored by Google, does not take place by Google according to its own statements. In particular, according to Google, pseudonymisation is used in remarketing.

Further information on data protection at Google can be found here: https://policies.google.com/privacy?hl=de and https://services.google.com/sitestats/de.html.

14.2 Purpose

Processing is carried out in order to carry out targeted online advertising for our own offers and to evaluate their effectiveness and reach.

14.3 Legal basis

The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in item 14.2. If you are asked by us for consent in the context of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary.

14.4 Storage period and right of objection

We have explained the storage period as well as your control and setting options for cookies in section 9. You can object to data processing by Google Adwords Conversion and Google Remarketing at any time via the following website: http://www.google.com/ads/preferences. If we obtain consent to use Google Adwords Conversion and Google Remarketing via a cookie banner or a cookie content tool, you can revoke this consent at any time in the settings of the cookie banner or cookie content tool with effect for the future.

14.5 Recipients and transfers to third countries

Through the integration of Google Adwords Conversion and Google Remarketing, personal data may be transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

15. Facebook Pixel

15.1 Description of processing

Our website uses the remarketing service "Facebook Pixel", which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). Via the "Facebook Pixel" it is possible for us to place advertisements on the social network, which are targeted at those Facebook users who have shown interest in our offer - e.g. through an earlier visit to our website. With the help of the "Facebook Pixel", we can also track and evaluate the effectiveness and reach of our advertising on Facebook by recording whether Facebook users interact with our ads on the social network by clicking on the ads to be forwarded to our website. Therefore, when you visit our website, a connection to the Facebook servers is established and the "Facebook pixel" is embedded in our website. In addition, it is possible that Facebook may store a cookie (see clause 9 above) on your end device. If you are logged in to Facebook or log in to Facebook later, your visit to our website will be assigned to your user account. The data collected about you using the "Facebook Pixel" is anonymous to us. They do not provide us with any conclusions about your person. However, a connection to your user profile is possible on Facebook. The data processing by Facebook takes place in accordance with the company's data policy, which can be found at https://www.facebook.com/policy.php.

15.2 Purpose

Processing is carried out in order to carry out targeted online advertising for our own offers and to evaluate their effectiveness and reach.

15.3 Legal basis

The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in item 15.2. If you are asked by us within the framework of a cookie banner or cookie content tool for consent, which also covers the use of the Facebook pixel, then the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary.

15.4 Storage period and right of objection

We have explained the storage period as well as your control and setting options for cookies in section 9. If we obtain consent to use the Facebook Pixel via a cookie banner or a cookie content tool, such consent can be revoked by you at any time within the settings of the cookie banner or the cookie content tool with effect for the future. You can object to the data collection by the "Facebook Pixel" and the use of your data for the display of Facebook advertisements at any time.

15.5 Recipients and transfers to third countries

Through the integration of the "Facebook Pixel", personal data may be transmitted to Facebook. Facebook also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

16. New Relic

16.1 Description of processing

On this website we use the web analysis service of New Relic, which is operated by New Relic Inc.,188 Spear Street, Suite 1200 San Francisco, CA 94105, USA. It enables us to collect statistical evaluations of the speed of the website, to determine whether the website can be accessed and how quickly the respective page is displayed when accessed. New Relic uses cookies. These cookies serve, among other things, to recognize the web browser and thus serve to collect statistical data. Your IP address is recorded, but is pseudonymised immediately after the collection and before storage. This measure excludes the possibility of a personal reference. Further information on data protection at New Relic can be found at https://newrelic.com/privacy and https://www.newrelic.de/cookie-policy.

16.2 Purpose

The processing is done in order to be able to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.

16.3 Legal basis

The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in item 16.2. If you are asked by us for consent in the context of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary.

16.4 Storage period and right of objection

We have explained the storage period as well as your control and setting options for cookies in section 9. You may refuse the use of cookies at any time with future effect by deactivating them in your browser settings. The analysis data processed and stored by New Relic will be automatically deleted by us after one year. If we obtain consent to use New Relic via a cookie banner or a cookie content tool, you can revoke your consent at any time in the settings of the cookie banner or the cookie content tool with future effect.

16.5 Recipients and transfers to third countries

New Relic acts as a service provider for us within the framework of order processing. New Relic also processes personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

17. Safety precautions 

In order to protect your personal data from unauthorised access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognize the active SSL or TLS encryption by a small lock logo, which is displayed on the far left in the address line of the browser.

18. Rights concerned 

With regard to the data processing by our company described above, you are entitled to the following data subject rights:

18.1 Information (Art. 15 DSGVO) 

You have the right to ask us to confirm whether we process personal data concerning you. If this is the case, you have the right, under the conditions set out in Art. 15 of the DSGVO, to access this personal data and the other information listed in Art. 15 DSGVO.

18.2 Corrigendum (Art. 16 DSGVO) 

You have the right to ask us to correct incorrect personal data concerning you and, if necessary, to complete incomplete personal data.

18.3 Quenching (Art. 17 DSGVO) 

You have the right to demand from us that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 DSGVO applies in detail, e.g. if your data is no longer required for the purposes we pursue.

18.4 Restriction of data processing (Art. 18 DSGVO) 

You have the right to request us to restrict processing if one of the conditions listed in Art. 18 DSGVO is met, e.g. if you dispute the accuracy of your personal data, the data processing will be restricted for the time necessary to allow us to verify the accuracy of your data.

18.5 Data transferability (Art. 20 DSGVO) 

You have the right, under the conditions set out in Art. 20 DSGVO, to request the surrender of data concerning you in a structured, common and machine-readable format.

18.6 Revocation of consents (Art. 7 Abs. 3 DSGVO) 

You have the right to revoke your consent at any time in the event of processing based on consent. The revocation is valid from the time of its assertion. In other words, it is effective for the future. The processing does not become retroactively illegal by the revocation of the consent.

18.7 Grievance (Art. 77 DSGVO) 

If you believe that the processing of personal data concerning you violates the DSGVO, you have the right to complain to a supervisory authority. You can exercise this right before a supervisory authority in the EU Member State in which you are resident, in your place of work or in the place where the alleged infringement occurred.

18.8 Prohibition of automated decisions/ profiling (Art. 22 DSGVO) 

Decisions that have legal consequences for you or that significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision making, including profiling, with respect to your personal data.

18.9 Dissension (Art. 21 DSGVO) 

If we process your personal data on the basis of Art. 6 Para. 1 lit. f DSGVO (to safeguard overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies if there are reasons arising from your particular situation. Following an objection, we will no longer process your personal data, unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms. Nor do we have to stop processing if it serves to assert, exercise or defend legal claims. In any case - even regardless of any particular situation - you have the right to object at any time to the processing of your personal data for direct marketing purposes.

February 2020