Privacy Policy

Responsible for data processing is:

MH Natural Cosmetics UG (limited liability)

Hochstädter Str. 9
13347 Berlin

We appreciate your interest in our online shop. The protection of your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Access Data and Hosting

You can visit our websites without providing any personal information. Each time a webpage is accessed, the web server automatically stores a so-called server log file, which includes, for example, the name of the requested file, your IP address, date and time of access, transmitted data volume, and the requesting provider (access data) and documents the access. This access data is used solely for the purpose of ensuring the smooth operation of the site and improving our offering. This serves to protect our legitimate interests, which outweigh our interests, in the correct presentation of our offering in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in the designated forms on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: United Kingdom, USA

There is a decision of the European Commission on an adequate level of data protection for the USA as a basis for a transfer to a third country, provided the respective service provider is certified. Until certification by our service providers, data transfer continues to be based on this foundation: Standard contractual clauses of the European Commission.

Our service providers are located and/or use servers in these countries: Brazil, India, Singapore There is no adequacy decision of the European Commission for these countries. Our cooperation with you is based on these guarantees: Standard contractual clauses of the European Commission.

2. Data Processing for Contract Processing and Contact

2.1 Data Processing for Contract Processing

For the purpose of contract processing (including inquiries and processing of any existing warranty and performance claims, as well as any legal obligation to update) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as in these cases, we need the data to process the contract and cannot send the order without providing it. The data collected can be seen from the respective input forms.

For more information on the processing of your data, especially regarding the disclosure to our service providers for the purpose of order, payment, and shipping processing, please refer to the following sections of this privacy policy. After the contract has been fully processed, your data will be restricted for further processing and deleted after the tax and commercial retention periods in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data beyond that, which is legally permitted and about which we inform you in this statement.

2.2 Customer Account

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we use your data for the purpose of opening a customer account and storing your data for further future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or through a designated function in the customer account. After deleting your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data beyond that, which is legally permitted and about which we inform you in this statement.

2.3 Contact

As part of customer communication, we collect personal data for processing your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR when you voluntarily provide it to us when contacting us (e.g., via contact form or email). Mandatory fields are marked as such because in these cases, we need the data to process your contact. The data collected can be seen from the respective input forms. After processing your request, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data beyond that, which is legally permitted and about which we inform you in this statement.

3. Data Processing for the Purpose of Shipping

For the purpose of contract fulfillment in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we forward your data to the shipping service provider commissioned with the delivery, to the extent necessary for the delivery of ordered goods.

Data Transfer to Shipping Service Providers for Shipping Notification

If you have given us your express consent for this during or after your order, we will, due to this consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, forward your email address to the selected shipping service provider so that they can contact you for the purpose of delivery notification or coordination before delivery.
The consent can be revoked at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond that, which is legally permitted and about which we inform you in this statement.

Contact Addresses of Shipping Service Providers:

General Logistics Systems Germany GmbH & Co. OHG
GLS Germany-Straße 1 – 7
DE-36286 Neuenstein
Germany

United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany

Hermes Germany GmbH
Essener Straße 89
D-22419 Hamburg
Germany

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

DPD Deutschland GmbH
Wailandtstraße 1
63741 Aschaffenburg
Germany

4. Data Processing for Payment Processing

In the processing of payments in our online shop, we collaborate with the following partners: technical service providers, financial institutions, payment service providers.

4.1 Data Processing for Transaction Handling

Depending on the selected payment method, we disclose the data necessary for transaction processing to our technical service providers, who act as data processors for us, or to the commissioned financial institutions or the selected payment service provider, to the extent necessary for payment processing. This is for the performance of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment service providers collect the data required for transaction processing themselves, e.g., on their own website or through a technical integration in the ordering process. The data protection declaration of the respective payment service provider applies in this respect.
For questions about our partners for payment processing and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

4.2 Data Processing for the Purpose of Fraud Prevention and Optimization of our Payment Processes

If necessary, we provide our service providers with additional data that they use together with the data necessary for the payment transaction as our data processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, handling of contested payments, support of accounting). This is for the protection of our legitimate interests in preventing fraud and ensuring efficient payment management, within the scope of a balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

5. Email Advertising

5.1 Email Newsletter with Registration

If you subscribe to our newsletter, we will use the data required or separately provided by you to regularly send you our email newsletter based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the recipient list unless you have expressly consented to the further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data for other purposes, which are permitted by law and about which we inform you in this statement.

5.2 Newsletter Dispatch

The newsletter may also be sent by our service providers as part of processing on our behalf. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

6. Cookies and Other Technologies

6.1 General Information

To make visiting our website attractive and to enable the use of certain functions, we use technologies, including so-called cookies, on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e., after you close your browser (session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies).

Privacy Protection for End Devices

When using our online offering, we use technologies that are absolutely necessary to provide the expressly requested telemedia service. The storage of information on your device or access to information already stored on your device does not require your consent.

For non-essential functions, the storage of information on your device or access to information already stored on your device requires your consent. Please note that if you do not give your consent, parts of the website may not be fully functional. Your consents, if given, remain in effect until you adjust or reset the respective settings on your device.

Subsequent data processing by cookies and other technologies

We use technologies that are essential for using specific functions of our website (e.g., shopping cart function). These technologies collect and process IP address, visit time, device and browser information, as well as information about your use of our website (e.g., information about the content of the shopping cart) as part of a balancing of interests, predominantly legitimate interests, in the optimized presentation of our offering pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

We also use technologies to fulfill the legal obligations to which we are subject (e.g., to be able to prove consents to the processing of your personal data) and for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

The cookie settings for your browser can be found at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have given your consent to the use of technologies pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy. If you do not accept cookies, the functionality of our website may be restricted.

6.2 Consent Manager Platform (CMP)

On our website, we use a consent management service (“Consent Manager Platform (CMP)”) to inform you about the cookies and other technologies we use on our website, as well as to obtain, manage, and document your potentially required consent to the processing of your personal data by these technologies. This is necessary pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR to fulfill our legal obligation pursuant to Art. 7 para. 1 GDPR to be able to prove your consent to the processing of your personal data. The used Consent Manager Platform (CMP) is provided by CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, which processes your data on our behalf.

After submitting your cookie declaration on our website, the web server stores the following data: IP address, device information, browser information, selected language, accessed website or its URL, date and time of your declaration of consent, as well as information about your consent behavior.

In addition, the following technologies are used that contain information about your consent behavior: Cookies, Logfiles

Your data will be deleted after one year unless you have expressly consented to the further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data for other purposes, which are permitted by law and about which we inform you in this statement.

Our service providers are based and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: United Kingdom

6.3 Information on Third-Country Transfer (Transfer of Data to Third Countries)

We use technologies from service providers on our website whose registered office and/or server locations may be located in third countries, outside the EU or EEA. If there is no adequacy decision by the EU Commission for this country, an adequate level of data protection must be ensured by means of other suitable guarantees.

Suitable guarantees in the form of contractually agreed standard data protection clauses of the EU Commission or binding corporate rules are generally possible but require a prior examination by the contracting parties as to whether an adequate level of protection can be ensured. According to the case law of the ECJ, additional protective measures may be necessary for this purpose.

We have generally agreed to the standard data protection clauses issued by the EU Commission with the technology providers we use that process personal data in a third country. If possible, we also agree on additional guarantees to ensure that sufficient data protection is guaranteed in third countries without an adequacy decision.

Nevertheless, it may happen that despite all contractual and technical measures, the level of data protection in the third country does not correspond to that of the EU. In such cases, we ask you, if necessary, as part of the cookie consent, for your consent under Art. 49 para. 1 lit. a GDPR for the transfer of your personal data to a third country.
There is a particular risk here that, from a European data protection perspective, local authorities in the third country may not have sufficiently limited access rights to your personal data, and we as the data exporter or you as the data subject may not be aware of this and/or you may also have insufficient legal remedies available to prevent and/or counter such access.

In particular, the following countries are currently classified as third countries without an adequacy decision by the EU Commission (example list):

China
Russia
Taiwan

You can find out to which third countries we transfer data in the data protection notices for the respective tool and/or consent management service/Consent Manager Platform (CMP) used by us.

7. Use of Cookies and Other Technologies

If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, we use the following cookies and other technologies from third-party providers on our website. After the purpose has been fulfilled and the use of the respective technology by us has ended, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your options for revocation can be found in the “Cookies and Other Technologies” section. Further information, including the basis of our cooperation with individual providers, can be found with each technology. If you have questions about the providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

7.1 Use of Google Services

We use the following technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected about your use of our website through Google technologies is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. Unless otherwise stated for the individual technologies, data processing is based on an agreement between joint controllers according to Art. 26 GDPR.

Additional information about data processing by Google can be found in Google’s privacy policy.

Our service providers are based and/or use servers in countries outside the EU and the EEA for which the European Commission has established an adequate level of data protection by decision.

Our service providers are based and/or use servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission.

Google Analytics

For the purpose of website analysis, data (IP address, visit time, device and browser information, and information about your use of our website) is automatically collected and stored with Google Analytics, from which pseudonymous usage profiles are created. Cookies may be used for this purpose. If you visit our website from the EU, your IP address will be stored on a server located in the EU to derive location data and then immediately deleted before the traffic is forwarded to processing on other servers of Google. Data processing is based on an agreement on commissioned data processing by Google.

Google Ads

For advertising purposes in Google search results and on third-party websites, the so-called Google Remarketing Cookie is set when you visit our website. This cookie enables interest-based advertising through the collection and processing of data (IP address, visit time, device and browser information, and information about your use of our website) using a pseudonymous cookie ID and based on the pages you have visited. Further data processing only takes place if you have activated the “personalized advertising” setting in your Google account. If you are logged into your Google account during your visit to our website in this case, Google uses your data together with Google Analytics data to create and define cross-device remarketing audience lists.

For website analysis and event tracking, we measure your subsequent usage behavior through Google Ads Conversion Tracking when you have accessed our website through a Google Ads advertisement. Cookies may be used for this purpose, and data (IP address, visit time, device and browser information, and information about your use of our website based on predefined events such as visiting a webpage or signing up for a newsletter) may be collected, from which pseudonymous usage profiles are created.

YouTube Video Plugin

To embed third-party content, data (IP address, visit time, device and browser information) is collected via the YouTube Video Plugin used in the extended privacy mode, transmitted to Google, and then processed by Google only when you play a video.

7.2 Use of Facebook Services

Facebook Analytics

Within the Facebook Business Tools, statistics on visitor activities on our website are created from the data collected with the Facebook Pixel. Data processing is based on an agreement on commissioned data processing by Facebook (by Meta). The analysis serves the optimal presentation and marketing of our website.

Facebook Ads (Ad Manager)

We advertise this website on Facebook (by Meta) and other platforms through Facebook Ads. We determine the parameters of each advertising campaign. For the precise implementation, especially the decision on the placement of ads for individual users, Facebook (by Meta) is responsible. Unless otherwise stated for the individual technologies, data processing is based on an agreement between joint controllers according to Art. 26 GDPR. The joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this.

7.3 Other Providers of Web Analysis and Online Marketing Services

Use of Pinterest Tag for Web Analysis and Advertising Purposes

For web analysis and advertising purposes on Pinterest and third-party websites, data (IP address, visit time, device and browser information) is automatically collected when you visit our website with technologies from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). This is done through the collection and processing of data using pseudonymous cookie IDs and based on the pages you have visited and predefined events such as visiting a webpage or signing up for a newsletter. Interest-based advertising is enabled. Usage profiles are created from the collected data using pseudonyms. Pinterest will merge this information with additional data from your Pinterest account to compile reports on website activities and to provide other services related to website usage. We have no influence on the data processing by Pinterest and only receive statistics created based on the Pinterest Tag. For website analysis and event tracking, we measure your subsequent usage behavior when you have accessed our website through a Pinterest advertisement. The automatically collected information by Pinterest is usually transferred to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there. Data processing is based on an agreement between joint controllers according to Art. 26 GDPR.

Our service providers are based and/or use servers in countries outside the EU and the EEA for which the European Commission has established an adequate level of data protection by decision.

8. Integration of Trusted Shops Trustbadges/Other Widgets

If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, Trusted Shops widgets for displaying Trusted Shops services (e.g., quality seals, collected reviews) and offering Trusted Shops products for buyers after an order are integrated on this website. The Trustbadge and the services advertised with it are provided by Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”), with whom we are jointly responsible under Art. 26 GDPR. In the context of this privacy policy, we will inform you about the essential contract contents according to Art. 26 para. 2 GDPR.

In the context of the joint responsibility between us and Trusted Shops AG, please contact Trusted Shops for data protection questions and to assert your rights, preferably using the contact options provided in the privacy information. Regardless, you can always contact the responsible party of your choice. Your request will then be forwarded to the other responsible party for response if necessary.

8.1 Data Processing when Integrating the Trustbadge/Other Widgets

The Trustbadge is provided by a US-based CDN provider (Content Delivery Network). An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which is available for the USA here. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If service providers from the USA are not certified under the DPF, standard contractual clauses have been concluded as an appropriate guarantee.

When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, transmitted data volume, and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection, so that the stored data cannot be assigned to your person. The anonymized data is used, in particular, for statistical purposes and for error analysis.

8.2 Data Processing after Order Completion

If you have given your consent, the Trustbadge accesses order information (order amount, order number, possibly purchased product) stored in your end device after order completion, and your email address is hashed using cryptographic one-way function. The hash value is then transmitted to Trusted Shops together with the order information pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

This serves to check whether you are already registered for Trusted Shops services. If this is the case, further processing takes place in accordance with the contractual agreement between you and Trusted Shops. If you are not registered for the services or do not give your consent for automatic recognition via the Trustbadge, you will have the opportunity to manually register for the services or to secure the order within the framework of your possibly existing usage agreement.

For this purpose, the Trustbadge accesses the following information stored in your end device after completing your order: order amount, order number, and email address. This is necessary so that we can offer you buyer protection. Data transmission to Trusted Shops only takes place if you actively decide to conclude buyer protection by clicking on the appropriately labeled button in the so-called Trustcard. If you choose to use the services, further processing is based on the contractual agreement with Trusted Shops pursuant to Art. 6 para. 1 lit. b GDPR, to complete your registration for buyer protection, secure the order, and possibly send you review invitations by email later.

Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (i.e. USA). An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which is available for the USA here. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If service providers from the USA are not certified under the DPF, standard contractual clauses have been concluded as an appropriate guarantee.

When the trust badge is accessed, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, transmitted data volume, and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection, so that the stored data cannot be assigned to your person. The anonymized data is used, in particular, for statistical purposes and for error analysis.

9. Social Media

9.1 Social Plugins from Facebook (by Meta), Instagram (by Meta), Pinterest, Whatsapp

On our website, social buttons from social networks are used. These are merely embedded as HTML links on the page, so no connection to the servers of the respective provider is established when you access our website. Clicking on one of the buttons opens the website of the respective social network in a new window of your browser, where you can, for example, click the Like or Share button.

9.2 Our Online Presence on Facebook (by Meta), Twitter, Instagram (by Meta), Youtube, Pinterest, LinkedIn

If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media mentioned above, from which pseudonymous usage profiles are created. These profiles can be used to display ads within and outside the platforms that presumably match your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as contact options and your rights and privacy settings, please refer to the privacy policies linked below. If you still need assistance with this, you can contact us.

Facebook (by Meta): Offered by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Data processing when visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers according to Art. 26 GDPR. More information (Insights data).
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. There is a European Commission decision on an adequate level of data protection for the USA as the basis for a third-country transfer, provided the respective service provider is certified. Certification is available. Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. For these countries, there is no European Commission adequacy decision. Our collaboration with them is based on these guarantees: Standard Contractual Clauses of the European Commission.
Twitter: Offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”). Information automatically collected by Twitter about your use of our online presence on Twitter is usually transmitted to a server of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, and stored there.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection. Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no European Commission adequacy decision. Our collaboration with them is based on Standard Contractual Clauses of the European Commission.
Instagram (by Meta): Offered by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is usually transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there. Data processing when visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers according to Art. 26 GDPR. More information (Insights data)
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. There is a European Commission decision on an adequate level of data protection for the USA as the basis for a third-country transfer, provided the respective service provider is certified. Certification is available. Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. For these countries, there is no European Commission adequacy decision. Our collaboration with them is based on these guarantees: Standard Contractual Clauses of the European Commission.
YouTube: Offered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Information automatically collected by Google about your use of our online presence on YouTube is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection. Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no European Commission adequacy decision. Our collaboration with them is based on Standard Contractual Clauses of the European Commission.
Pinterest: Offered by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). Information automatically collected by Pinterest about your use of our online presence on Pinterest is usually transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection. Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no European Commission adequacy decision. Our collaboration with them is based on Standard Contractual Clauses of the European Commission.
LinkedIn: Offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). Information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually transmitted to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and stored there.
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA. There is a European Commission decision on an adequate level of data protection for the USA as the basis for a third-country transfer, provided the respective service provider is certified. Until certification by our service providers, data transmission continues to be based on this foundation: Standard Contractual Clauses of the European Commission.

10. Contact Options and Your Rights

10.1 Your Rights

As a data subject, you have the following rights:

According to Art. 15 GDPR, the right to obtain information about the extent to which we process your personal data.
According to Art. 16 GDPR, the right to promptly request the correction of inaccurate or completion of your stored personal data.
According to Art. 17 GDPR, the right to request the deletion of your stored personal data, unless further processing is necessary for the exercise of the right to freedom of expression and information; to fulfill a legal obligation; for reasons of public interest; or for the assertion, exercise, or defense of legal claims.
According to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you; the processing is unlawful, but you reject its deletion; we no longer need the data, but you need it for the assertion, exercise, or defense of legal claims; or you have objected to processing according to Art. 21 GDPR.
According to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format, or to request the transmission to another controller.
According to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. Usually, you can contact the supervisory authority of your usual place of residence or work or our company headquarters for this purpose.

Right to Object

To the extent that we process personal data to safeguard our predominantly legitimate interests within the scope of a balancing of interests, as explained above, you have the right to object to this processing for the future. If the processing is carried out for the purposes of direct marketing, you can exercise this right at any time as described above. If the processing serves other purposes, you have the right to object only if there are reasons arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

10.2 Contact Options

For questions regarding the collection, processing, or use of your personal data, for information, correction, restriction, or deletion of data, as well as revocation of granted consents or objection to specific data use, please contact us directly using the contact details in our imprint.