1. Introduction
With the following information, we aim to provide you, as the “data subject,” with an overview of how we process your personal data and your rights under data protection laws. Generally, using our websites does not require entering personal data. However, if you wish to use special services of our company via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.
As a Swiss company, we are subject to the applicable data protection regulations and laws of Switzerland. To legally offer our services in the European Union (EU), we adhere to Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”).
When operating our website, we act as the controller within the meaning of the GDPR and process personal data based on legal permission norms or your voluntarily given consent for data collection.
The processing of personal data, such as your name, address, or email address, is always in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Novustat GmbH. With this privacy policy, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.
As the controller responsible for processing, we have implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed through this website. However, internet-based data transmissions can generally have security gaps, making absolute protection impossible. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or postal mail.
2. Controller
The controller within the meaning of the GDPR is:
Novustat GmbH, Roosstr. 43, 8832 Wollerau, Switzerland
Representative of the controller: Dr. Robert Grünwald
3. Data Protection Officer
The person responsible for data protection within Novustat GmbH is Gabriel Krause, Ul. Płk F. Nullo 38/92, 31-543 Kraków, Poland. You can reach him at any time at the following email address: info@novustat.com. We place great importance on strictly adhering to our legal information obligations, providing timely information to you as the data subject, and carrying out notifications, deletions, etc., in accordance with the law.
4. Definitions
This privacy policy is based on the terms used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our privacy policy should be both easy to read and understandable for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
In this privacy policy, we use, among other terms, the following definitions:
4.1 Personal Data
Personal data refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
4.2 Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.
4.3 Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
4.4 Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
4.5 Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
4.6 Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
4.7 Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
4.8 Recipient
A recipient is a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
4.9 Third Party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
4.10 Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5. Legal Basis of Processing
Article 6(1)(a) GDPR serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations necessary for carrying out pre-contractual measures, for example, in the case of inquiries about our products or services.
If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his or her name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Article 6(1)(d) GDPR.
Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations not covered by any of the aforementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if you are a client of our company (Recital 47 Sentence 2 GDPR).
6. Transfer of Data to Third Parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal data with third parties if:
- You have given your explicit consent according to Article 6(1)(a) GDPR.
- The disclosure is permissible under Article 6(1)(f) GDPR to protect our legitimate interests and there is no reason to believe that you have an overriding legitimate interest in not having your data disclosed.
- In the event that a legal obligation exists for the disclosure according to Article 6(1)(c) GDPR.
- This is legally permissible and required for the processing of contractual relationships with you according to Article 6(1)(b) GDPR.
7. Technology
7.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the site operator. You can recognize an encrypted connection by the browser’s address line switching from “http://” to “https://” and by the lock symbol in your browser line.
We use this technology to protect your transmitted data.
7.2 Data Collection When Visiting the Website
When you visit our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). Our website collects a series of general data and information each time you or an automated system calls up a page. This general data and information are stored in the server log files. The following may be recorded:
- Browser types and versions used,
- The operating system used by the accessing system,
- The website from which an accessing system reaches our website (so-called referrer),
- The sub-websites that are accessed via an accessing system on our website,
- The date and time of access to the Internet site,
- An abbreviated Internet protocol address (anonymized IP address),
- The Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about your person. Instead this information is needed to:
- Deliver the content of our website correctly,
- Optimize the content of our website as well as the advertising for it,
- Ensure the long-term functionality of our IT systems and website technology, and
- Provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
Therefore, we analyze anonymously collected data and information statistically, with the aim of increasing data protection and data security in our company, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.
8. Cookies
8.1 General Information about Cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.
Cookies contain information related to the specific device used. However, this does not mean that we gain direct knowledge of your identity.
The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
Additionally, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what inputs and settings you made so that you do not have to enter them again.
We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time.
8.2 Legal Basis for Using Cookies
The data processed by cookies, which are required for the proper functioning of the website, are necessary to safeguard our legitimate interests as well as those of third parties according to Article 6(1)(f) GDPR.
For all other cookies, you have given your consent through our opt-in cookie banner in accordance with Article 6(1)(a) GDPR.
9. Content of Our Website
9.1 Data Processing for Order Handling
We transmit personal data to third parties only if this is necessary within the framework of contract processing, for example, to the credit institution entrusted with the payment processing.
Any further transmission of data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without explicit consent, for example, for advertising purposes.
The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
9.2 Contact Form
When contacting us (e.g., via contact form or email), personal data is collected. The data collected in the case of a contact form can be seen from the respective contact form. This data is stored and used solely for the purpose of responding to your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request according to Article 6(1)(f) GDPR. If your contact is aimed at concluding a contract, then an additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted after the final processing of your request, provided there are no statutory retention requirements.
9.3 Services / Digital Goods
We transmit personal data to third parties only if this is necessary within the framework of contract processing, for example, to the credit institution entrusted with the payment processing.
Any further transmission of data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without explicit consent, for example, for advertising purposes.
The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
10. Our Activities on Social Networks
To communicate with you on social networks and inform you about our services, we operate own pages on these networks. When you visit our pages on social media, we and the provider of the respective social media platform are jointly responsible for the processing operations triggered by your visit that involve personal data according to Article 26 GDPR.
We are not the original provider of these pages but use them within the scope of the possibilities offered by the respective providers.
Therefore, we point out that your data may be processed outside the European Union or the European Economic Area. This may pose data protection risks for you as it could be more difficult to exercise your rights, such as your right to access, deletion, objection, etc., and the processing in social networks often occurs directly for advertising purposes or for the analysis of user behavior by the providers, without us being able to influence this. If usage profiles are created by the provider, cookies are often used, or the usage behavior is directly assigned to your own member profile on the social networks (if you are logged in).
The described processing operations of personal data are carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest and the legitimate interest of the respective provider to communicate with you in a timely manner or to inform you about our services. If you are required to give your consent to the respective providers for data processing as a user, the legal basis refers to Article 6(1)(a) GDPR in conjunction with Article 7 GDPR.
Since we do not have access to the data inventories of the providers, we recommend that you assert your rights (e.g., to access, correction, deletion, etc.) directly with the respective provider. For further information on the processing of your data in the social networks and the possibility of your objection or revocation (opt-out), we refer to the following linked information of the respective providers.
10.1 Facebook
Responsible for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: Facebook Privacy Policy
Opt-Out and Ad Settings: Facebook Ad Preferences
Facebook is part of the EU-U.S. Privacy Shield agreement: Privacy Shield
10.2 Instagram
Responsible for data processing in Germany:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: Instagram Privacy Policy
Opt-Out and Ad Settings: Instagram Privacy and Security
Facebook is part of the EU-U.S. Privacy Shield agreement: Privacy Shield
10.3 LinkedIn
Responsible for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy: LinkedIn Privacy Policy
Opt-Out and Ad Settings: LinkedIn Ad Settings
LinkedIn is part of the EU-U.S. Privacy Shield agreement: Privacy Shield
10.4 Twitter
Responsible for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy Policy: Twitter Privacy Policy
Access to Your Data: Twitter Data Settings
Opt-Out and Ad Settings: Twitter Ad Settings
Twitter is part of the EU-U.S. Privacy Shield agreement: Privacy Shield
10.5 YouTube
Responsible for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: Google Privacy Policy
Opt-Out and Ad Settings: Google Ad Settings
Google is part of the EU-U.S. Privacy Shield agreement: Privacy Shield
11. Web Analysis
11.1 Facebook Pixel (Custom Audience)
This website uses the “Facebook Pixel” of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). If an express consent is given, it allows the tracking of users’ behavior after they have been redirected to the provider’s website by clicking on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising measures.
The collected data is anonymous to us, thus providing no conclusions about the identity of users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes, according to the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). You may allow Facebook and its partners to serve ads on and off Facebook. A cookie may be stored on your device for these purposes. These processing operations only take place when express consent is given in accordance with Article 6(1)(a) GDPR.
Facebook Inc. based in the USA is certified under the EU-U.S. Privacy Shield agreement, ensuring compliance with the level of data protection applicable in the EU.
To disable the use of cookies on your computer, you can set your Internet browser so that cookies can no longer be stored on your computer in the future, or cookies that have already been stored are deleted. Disabling all cookies may mean that some functions on our Internet pages can no longer be executed. You can also disable the use of cookies by third parties such as Facebook on the following website of the Digital Advertising Alliance: [optout.aboutads.info](https://optout.aboutads.info/).
You can further disable cookies for reach measurement and advertising purposes via the following websites:
– [optout.networkadvertising.org](http://optout.networkadvertising.org/)
– [youronlinechoices.com/uk/your-ad-choices](http://www.youronlinechoices.com/uk/your-ad-choices/)
Please note that this setting will also be deleted if you delete your cookies.
11.2 Google Analytics
We use Google Analytics, a web analysis service provided by Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies (see section “Cookies”) are used. The information generated by the cookie about your use of this website such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Hostname of the accessing computer (IP address),
- Time of the server request,
is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and Internet usage for market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of Google. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by selecting the appropriate settings on your browser software; however, we point out that in this case, you may not be able to use all the functions of this website to their full extent.
These processing operations only take place when express consent is given in accordance with Article 6(1)(a) GDPR.
You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on the following link: Disable Google Analytics. An opt-out cookie will be set, which will prevent the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
11.3 Jetpack (formerly WordPress Stats)
This website uses the WordPress tool Jetpack to statistically analyze visitor access. The provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA.
Automattic has submitted to the Privacy Shield agreement between the European Union and the USA and is certified. This obligates Automattic to comply with the standards and regulations of European data protection law. More information can be found at: Privacy Shield
Jetpack uses cookies that are stored on your computer and allow an analysis of the use of the website. The information generated by the cookies about the use of our website is stored on servers in the USA. Your IP address is anonymized after processing and before storage.
Jetpack cookies remain on your end device until you delete them.
These processing operations only take place when express consent is given in accordance with Article 6(1)(a) GDPR.
You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of our website may be limited.
You can object to the collection and use of your data for the future by setting an opt-out cookie in your browser by clicking on the following link: optout.quantcast.com.
If you delete the cookies on your computer, you must set the opt-out cookie again.
12. Advertising
12.1 Google Ads with Conversion Tracking
We have integrated Google Ads on this website. Google Ads is an online advertising service that allows advertisers to place ads in both Google’s search engine results and the Google advertising network. Google Ads allows an advertiser to predefine specific keywords by means of which an ad is displayed in Google’s search engine results only when the user retrieves a keyword-relevant search result with the search engine. In the Google advertising network, the ads are distributed on relevant web pages using an automated algorithm and in accordance with the predefined keywords.
The operating company of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of Google Ads is to promote our website by displaying interest-based advertising on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website.
If you reach our website via a Google ad, a so-called conversion cookie will be stored on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping cart of an online shop system, have been called up on our website. The conversion cookie enables both us and Google to track whether a user who has reached our website via an AdWords ad has generated sales, i.e., completed or cancelled a purchase.
The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used to determine the total number of users who were referred to us via Ads ads to determine the success or failure of the respective Ads ad and to optimize our Ads ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could identify you.
The conversion cookie stores personal information, such as the web pages visited by you. Each time you visit our web pages, your personal data, including the IP address of the internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer this personal data collected through the technical process to third parties.
You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on your IT system. In addition, a cookie already set by Google Ads can be deleted at any time via the Internet browser or other software programs.
Furthermore, you have the option of objecting to interest-based advertising by Google. To do this, you must access the link google.de/settings/ads from each of the Internet browsers you use and make the desired settings there.
These processing operations only take place when express consent is given in accordance with Article 6(1)(a) GDPR.
Further information and the applicable data protection provisions of Google can be found at: Google Privacy Policy.
13. Plugins and Other Services
13.1 Google reCAPTCHA
We use the reCAPTCHA function provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on this website. This function primarily serves to distinguish whether an input is made by a natural person or abusively by automated processing. The service includes the transmission of the IP address and possibly further data required by Google for the reCAPTCHA service to Google.
These processing operations only take place when express consent is given in accordance with Article 6(1)(a) GDPR.
Google Ireland Limited, based in Ireland, is certified under the EU-U.S. Privacy Shield agreement, ensuring compliance with the level of data protection applicable in the EU.
Further information on Google reCAPTCHA and Google’s privacy policy can be found at: Google Privacy Policy.
13.2 Google Web Fonts
We use web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the uniform display of fonts on our website. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, the browser you use must connect to the Google servers. This informs Google that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. These processing operations only take place when express consent is given in accordance with Article 6(1)(a) GDPR.
Google Ireland Limited, based in Ireland, is certified under the EU-U.S. Privacy Shield agreement, ensuring compliance with the level of data protection applicable in the EU.
Further information about Google Web Fonts can be found at Google Web Fonts FAQ and in Google’s Privacy Policy: Google Privacy Policy.
13.3 Proven Expert
We use Proven Expert to integrate customer reviews on our website. This allows you to review services on our website. When you create a review, the plugin captures and stores your email address and other technical data such as your IP address and information about the web browser you are using in an associated log file. In addition, the Proven Expert plugin also stores other voluntary information you may provide.
These processing operations only take place when express consent is given in accordance with Article 6(1)(a) GDPR.
The applicable data protection provisions of Expert Systems AG can be found at Proven Expert Privacy Policy.
13.4 Vimeo (Videos)
Plugins from the video portal Vimeo, operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA, are integrated into our website. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Vimeo’s servers. The content of the plugin is transmitted by Vimeo directly to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted by your browser directly to a Vimeo server in the USA and stored there.
If you are logged into Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account. If you interact with the plugins (e.g., by pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.
These data processing operations are carried out in accordance with Article 6(1)(f) GDPR based on Vimeo’s legitimate interest in market research and the demand-oriented design of the service.
If you do not want Vimeo to directly associate the data collected via our website with your Vimeo account, you must log out of Vimeo before visiting our website.
The purpose and scope of the data collection and the further processing and use of the data by Vimeo, as well as your related rights and setting options to protect your privacy, can be found in Vimeo’s privacy policy: Vimeo Privacy Policy.
For Vimeo videos embedded on our site, the tracking tool Google Analytics is automatically integrated. This is Vimeo’s own tracking, to which we do not have access and which cannot be influenced by our site. Google Analytics uses “cookies,” text files that are stored on your computer and allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there.
These processing operations only take place when express consent is given in accordance with Article 6(1)(a) GDPR.
13.5 YouTube (Videos)
We have integrated components of YouTube on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate, and comment on them for free. YouTube permits the publication of all types of videos, so that complete movies and TV shows, as well as music videos, trailers, and user-made videos, are available on the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Each time one of the individual pages of this website, operated by us and on which a YouTube component (YouTube video) has been integrated, is called up, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at YouTube About.
During this technical procedure, YouTube and Google are informed about which specific subpage of our website you visited. If the data subject is logged into YouTube at the same time, YouTube recognizes which specific subpage of our website you are visiting when you call up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.
YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the time of calling up our website; this happens regardless of whether you click on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desired by you, you can prevent the transmission by logging out of your YouTube account before calling up our website.
These processing operations only take place when express consent is given in accordance with Article 6(1)(a) GDPR.
The data protection regulations published by YouTube, which are available at Google Privacy Policy, provide information on the collection, processing, and use of personal data by YouTube and Google.
13.6 Contact Form 7
The plugin Contact Form 7 is a service for creating contact forms. The Contact Form plugin is used solely to forward entered form data in an encrypted manner to the email address of our company. Additional storage, e.g., in the WordPress database, does not take place. Further information and the applicable data protection provisions of Contact Form can be found at Contact Form 7 Plugin and Rock Lobster.
Contact Form is open-source software. Communication between the browser and the server is exclusively via HTTPS (SSL/TLS) encryption. The use of Contact Form is based on Article 6(1)(f) GDPR, i.e., due to a legitimate interest in a technical solution for our contact form. Insofar as Contact Form is also used in conjunction with cookies, the use is based on Article 6(1)(a) GDPR, i.e., with your consent, which we obtain within the framework of cookie consent with the corresponding plugin.
13.7 Cookie Consent
To request your consent to store cookies, we use the “Cookiebot” tool from Cybot, based in Denmark. You can change or revoke your consent at any time in the cookie settings. The query and use of the plugin are based on our legitimate interest in enabling the use of additional plugins, in accordance with Article 6(1)(f) GDPR. As a result of the balancing of interests, we have concluded that the use of the plugin is sensible, necessary, and permissible to obtain your consent to set cookies. You can regulate and block the use of plugins within your browser. You have the option to refuse your consent at any time.
14. Payment Providers
14.1 PayPal
We have integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which are virtual private or business accounts. Additionally, PayPal offers the possibility to process virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services.
The operating company of PayPal in Europe is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you choose “PayPal” as a payment option during the order process in our online shop, your data will automatically be transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for the payment process.
The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for the payment processing. To process the purchase contract, such personal data is also necessary, which is in connection with the respective order.
The transmission of data is intended for payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies. This transmission is intended for identity and creditworthiness checks.
PayPal may disclose personal data to affiliated companies and service providers or subcontractors, to the extent necessary to fulfill contractual obligations or for data to be processed on behalf of the company.
You have the option to revoke your consent to the handling of personal data at any time from PayPal. A revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.
The use of PayPal is in the interest of proper and smooth payment processing. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.
The applicable data protection provisions of PayPal can be found at PayPal Privacy Policy.
15. Newsletter
15.1 Newsletter Delivery to Existing Customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range via email. In this regard, we do not need to obtain separate consent from you according to § 7(3) UWG. The data processing is based solely on our legitimate interest in personalized direct advertising according to Article 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, no email will be sent by us. You are entitled to object to the use of your email address for the above-mentioned advertising purposes at any time with effect for the future by notifying the controller mentioned at the beginning. For this, you only incur transmission costs according to the basic rates. After receiving your objection, the use of your email address for advertising purposes will cease immediately.
15.2 Other Mailings
Any other mailings with direct advertising are sent based on data collected from public sources. The use of the data is based on the legitimate interest within the meaning of Article 6(1)(f) GDPR. The processing is considered lawful under Recital 47 of the EU GDPR. The above provisions for newsletter delivery apply accordingly.
16. Your Rights as a Data Subject
16.1 Right to Confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
16.2 Right to Access (Article 15 GDPR)
You have the right to obtain free information from us at any time about the personal data stored about you and a copy of this data in accordance with the statutory provisions.
16.3 Right to Rectification (Article 16 GDPR)
You have the right to request the correction of incorrect personal data concerning you. You also have the right, considering the purposes of the processing, to request the completion of incomplete personal data.
16.4 Right to Erasure (Article 17 GDPR)
You have the right to request that personal data concerning you be deleted immediately, provided that one of the statutory reasons applies and to the extent that processing or storage is not required.
16.5 Right to Restriction of Processing (Article 18 GDPR)
You have the right to request the restriction of processing from us if one of the statutory conditions is met.
16.6 Right to Data Portability (Article 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided, provided that the processing is based on consent according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract according to Article 6(1)(b) GDPR and the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, in exercising your right to data portability according to Article 20(1) GDPR, you have the right to request that the personal data be transferred directly from one controller to another, where technically feasible and insofar as this does not adversely affect the rights and freedoms of others.
16.7 Right to Object (Article 21 GDPR)
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Article 6(1)(e) (data processing in the public interest) or (f) (data processing based on a balance of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Article 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
In individual cases, we process personal data to carry out direct advertising. You can object to the processing of personal data for such advertising at any time. This also applies to profiling, as far as it is related to such direct advertising. If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.
You also have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out by us for scientific or historical research purposes or for statistical purposes according to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.
You are free to exercise your right to object concerning the use of services of the information society, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
16.8 Right to Withdraw Consent
You have the right to withdraw consent to the processing of personal data at any time with effect for the future.
16.9 Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority for data protection about our processing of personal data.
17. Routine Storage, Deletion, and Blocking of Personal Data
We process and store your personal data only for the period necessary to achieve the storage purpose or as provided for by the statutory provisions to which our company is subject.
If the storage purpose ceases to apply or a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
18. Duration of Storage of Personal Data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.
19. Currency and Amendment of the Privacy Policy
This privacy policy is currently valid and has the status: July 2024.
Due to the further development of our websites and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed out at any time on the website under Novustat Privacy Policy.