If we are obliged to erase in accordance with the aforementioned principles and we have made your personal data public, we will take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform the other data controllers that process the personal data that you have requested that they erase all links to, or copies or replications of, that personal data.

2.4 The right to restriction of processing, Article 18 GDPR

Under the following conditions, you have the right to demand that we restrict the processing of your personal data, namely if:

• the accuracy of the personal data is contested by you for a period of time that enables us to verify the accuracy of the personal data;
• the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data;
• we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims, or
• you have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.

2.5 The right to data portability, Article 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format.
In addition, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

• the processing is based on consent or on a contract and
• the processing is carried out with the aid of automated procedures.

When exercising your right to data portability, you have the right to obtain that your personal data be transferred directly from one controller to another controller where this is technically feasible.

2.6 Right to object to data processing, Article 21 DSGVO

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of your consent or on the basis of our legitimate interest; this also applies to profiling.
After your objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Direct mail:

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is carried out for scientific or historical research purposes, or for statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

2.7 Right to revoke consent

If you have given us your consent to process your personal data (e.g. for sending newsletters), you also have the right to revoke this consent at any time with effect for the future. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
>The revocation is possible informally.

2.8 Right of appeal to a supervisory authority, Article 77 DSGVO

In addition, you also have the right to lodge a complaint against us with a data protection supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you are of the opinion that our processing of your personal data violates applicable data protection law.
The supervisory authority responsible for us is the
Bavarian State Office for Data Protection Supervision, Promenade 27 (Schloss), 91522 Ansbach, phone: +49 (0) 981 53 1300, fax: +49 (0) 981 53 98 1300, e-mail: poststelle@lda.bayern.de.

3. data processing when visiting our websites

The use of our website is generally possible without the active provision of personal data. However, every time our website is accessed, i.e. even for purely informational use, various data and information is collected by us for technical reasons and stored in so-called log files or server log files (log files) on our server.

Captured and stored:

• the IP address (Internet Protocol address),
• the date and time of access to our website,
• the browser software/browser types (computer programs for displaying web pages) used to access our website, as well as their versions and language,
• the operating system accessed by our system and its version,
• the Internet service provider (ISP) of the accessing system,
• Content of the request (content of the specific pages accessed),
• Access status/HTTP status code (response delivered by the server to each HTTP request, representing the status of the request),
• the website from which our website is accessed,
• Time zone difference from Greenwich Mean Time (GMT).

The storage of the IP address - even if only for a short time - is technically necessary due to the way the Internet works. However, before we process and store your IP address, it is shortened and used only in this unrecognizable (anonymous) form. A storage of the complete IP address does not take place. An assignment to you is no longer possible after the shortening.
The other information and data mentioned above are also not used by us to draw conclusions about you and/or to identify you. Data that makes it possible to identify you personally will be anonymized as soon as possible.
The above-mentioned data and information are collected by us exclusively in order to display our web pages to you and to ensure their stability and security and to optimize our web pages in this respect. The collection of the aforementioned data thus serves the purpose of improving the data security of the programs and systems we use. In addition, we use the data for the anonymous, statistical evaluation of your movements on our websites.
The log files are stored separately from your other personal data, which you may have provided to us yourself in the course of visiting our pages, and are not merged with them. The log files are deleted after 7 days.
The legal basis for the collection of the aforementioned data is our legitimate interest (Article 6 (1) (f) DSGVO) in the functionality and security of our websites. In addition, we have a legitimate interest in using the anonymous or anonymized data to evaluate user behavior on our pages in order to evaluate the effectiveness of our website design and structure.

4. cookies

We use so-called cookies on our websites. Cookies are small text files that are sent to your browser by our server the first time you or your browser request our website together with the requested website. Your browser stores the cookie(s) on the hard drive of your end device.
Cookies cannot be used to transfer malware or viruses to your end device, run programs or open pop-up windows. They are also not used to send spam. Rather, cookies are used to obtain certain information.
We distinguish between technically necessary cookies, which enable the operation of the website in the first place, and voluntary cookies. The setting of voluntary cookies takes place exclusively with your consent. Please note that if you only allow the technically necessary cookies, some functionalities of the websites are only limited or not usable.

4.1 Technically necessary cookies

We use this data and the technically necessary cookies we use to make our website more effective, safer and more user-friendly overall and, for example, to find out which goods are already in your shopping basket or whether a pop-up window has already been displayed to you.

4.1.1 Mode of use

We use the following technically necessary cookies:

4.1.2 Legal basis for use

There is a legitimate interest for us (Article 5 (1) lit. f DSGVO) in the use of cookies. This applies to cookies that are required to use the functions of our websites (e.g. shopping cart function), as these are necessary for the functionality and best possible provision of our services.

4.2 Voluntary cookies

4.2.1 Legal basis

Voluntary cookies are only set with your consent (Article 6 para. 1 lit. a DS-GVO). Please note that if you only allow the technically necessary cookies, some functionalities of the websites are only limited or cannot be used.

4.3 Further possibilities to influence the setting of cookies through settings in your browser

If you do not wish cookies to be stored in general or individual cookies to be stored on your end device, you can configure your browser settings to suit your preferences via the corresponding menu item.
At this point, we would like to point out that this may mean that not all functions of our websites are available or can be used.
Cookies that are stored on your terminal device during the respective session can be removed from your terminal device - in addition to the option of blocking them; regardless of whether the use is limited in time or unlimited.
To do this, you can call up the corresponding functions in your browser and delete the chronicle.
Flash cookies can be prevented by installing a corresponding "add-on", e.g. "Better Privacy" for Mozilla Firefox or the Adobe Flash Killer Cookie for Google Chrome.
By selecting private mode on your browser, you can prevent the setting or use of HTML5 Storage Objetcs.
In general, we recommend that you regularly delete your browsing history and cookies.

5. data processing when using the contact form

You have the possibility to send us an inquiry via our contact form.

5.1 Use of the contact form

If you use this option, only the personal data that you provide as part of your enquiry will be collected. Your e-mail address is required information, without which it is unfortunately not possible to send your enquiry to us. You are also welcome to provide us with your first name, surname or title (Ms/Mr) so that we can address you correctly in our reply.

5.2 Data processing

The processing of your data, which you provide in the context of your inquiry via our contact form, is based on the consent to processing (Article 6 (1) a DSGVO), which you give us by sending us your inquiry, or on our legitimate interest (Article 6 (1) f DSGVO) in the possibility to respond to inquiries directed to us.
If a contractual relationship is established between us as a result of you contacting us, the data processing is carried out for the implementation of pre-contractual measures (Article 6 para. 1 lit. b DSGVO).

5.3 Storage duration

We store the data we receive from you via the contact form until your enquiry has been fully processed. Subject to your consent to store your data for further purposes (e.g. newsletter dispatch), we will delete your data after completing the processing of your enquiry, unless a contractual relationship has come into being between us as a result of the contact being made. In this case, we store the data, as far as necessary, until the expiry of the retention periods under commercial and tax law.

5.4 Right to revoke consent

You can revoke this consent at any time with effect for the future. Your revocation does not lead to the fact that the lawfulness of the processing of your personal data ceases to apply until your revocation.
In the event that as a result of contacting us a contract should come into being between us and you, the data storage is based on contract or on necessary pre-contractual measures.
To exercise your right of revocation, simply write us a short e-mail or choose another form of contact. You can find the contact details in our imprint or at the beginning of this statement.

6. data processing for enquiries by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we collect and process the personal data that you provide to us in this context (name, enquiry, telephone number, e-mail address, fax number, if applicable, e.g. e-mail signature, your address, if provided as part of the enquiry). We use your personal data exclusively for processing your request. The data will not be passed on to third parties without your consent.

6.1 Data processing

The processing of your data, which you provide in the context of your inquiry via our contact form, is based on the consent to processing (Article 6 (1) a) DSGVO), which you give and with the sending of your request, or based on our legitimate interest (Article 6 (1) f) DSGVO) in the possibility to respond to inquiries directed to us.
Should a contractual relationship arise as a result of you contacting us (membership), the data processing is carried out for the implementation of pre-contractual measures (Article 6 para. 1 lit. b) DSGVO).

6.2 Storage duration

We store the data we receive from you via the contact form until your enquiry has been fully processed. Subject to your consent to store your data for further purposes (e.g. newsletter dispatch), we will delete your data after completing the processing of your enquiry, unless a contractual relationship has come into being between us as a result of the contact being made. In this case, we store the data, insofar as necessary, until the expiry of the retention periods under commercial and tax law.

6.3 Right to revoke consent

You can revoke your consent to data processing at any time with effect for the future. Your revocation does not lead to the fact that the lawfulness of the processing of your personal data ceases to apply until your revocation.
To exercise your right of revocation, simply write us a short e-mail or choose another form of contact. You will find the contact details in our imprint or at the beginning of this statement.

7. SSL or TLS encryption

We use the encryption technology TLS (Transport Layer Security) on our websites through which personal data can be entered (in particular the ordering process, logging into the customer account, registration for our newsletter). This is a protocol for encrypting data transmissions in order to prevent unauthorised access by third parties to your personal data, in particular your bank or financial data. You can recognise the encryption by the designation "https://".

8 Google Web Fonts and Google Material Icons

We use so-called web fonts and material icons on our websites in order to display the content on our websites in an appealing, correct and consistent manner across browsers. The appealing and correct display of our content represents a legitimate interest.
The web fonts and material icons we use are web fonts and material icons of Google LLC (Google), Amphitheatre Parkway, Mountain View, CA 94043, USA.
Web fonts and material icons make it possible to use fonts and icons that are not stored on the PC of the visitor to our site or the device used to visit our site.
The fonts and icons used on the website you visit are loaded into your browser cache by your browser when you call up this page, so that the content (text and characters, icons) is displayed correctly. During this process, the browser you are using establishes a connection with Google's servers. Within the scope of this connection between your browser and Google, Google receives knowledge that your IP address has accessed our website. According to Google's representation, however, there is no merging of otherwise known personal data (e.g. if you are logged into your Google account at the time of accessing our website) and the fact that your IP address is transmitted to Google when you access a website.
The CSS (Cascading Style Sheets - a programming or stylesheet language, with which the content on our site is given its appearance, for example, the color representation of individual words or paragraphs), are stored according to Google 24 hours in the cache.
The font files and icons themselves are cached for one year, according to Google. More information on data storage and Google Web Fonts can be found at the following link: https://developers.google.com/fonts/faq.
For more information on Google's use of data, please click here: https://policies.google.com/privacy?hl=de.
If your browser does not support Google Web Fonts or if access is prevented, the content will be displayed in a standard font that is stored on the terminal device you are using.

9. explanation of terms

The basis for the following definitions is the Privacy Policy-Grundverordnung (DS-GVO) of the European Union (Regulation EU 2016/679 of the European Parliament and of the Council).

9.1 "Responsible person

Controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
>Thus, the controller is, in principle, the natural person or the undertaking which alone or jointly with others determines the purposes and means of the processing of personal data.

9.2 "personal data

Personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data includes first and last name, address, telephone number, email address, date of birth, etc., as well as the IP address used, information about the devices you use, voice recordings, your customer card number, your account data, your credit card numbers, as well as, for example, physical characteristics such as your gait or your appearance.

9.3 "Processing"

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Your data is also processed, for example, when you present your customer card at the checkout as part of the payment process or make a payment with your EC card.

9.4 "Third party"

Third party means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

9.5 "Restriction of processing"

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

9.6 "Pseudonymization"

The processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information is called pseudonymisation. This additional information is. In addition, technical and organisational measures shall be taken to ensure that the personal data are not attributed to an identified or identifiable natural person.

9.7 "Consent"

Consent shall be understood as any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.