If we are obliged to delete your personal data in accordance with the aforementioned principles and if we have made your personal data public, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data.

2.4 The right to restriction of processing, Article 18 GDPR

Under the following conditions, you have the right to demand that we restrict the processing of your personal data, namely if:

• the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
• you have objected to processing pending the verification whether our legitimate grounds override yours.

2.5 The right to data portability, Article 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

• the processing is based on consent or on a contract and
• the processing is carried out using automated procedures.

In exercising your right to data portability, you have the right to have your personal data transmitted directly from one controller to another, where technically feasible.

2.6 Right to object to data processing, Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on your consent or on our legitimate interest; this also applies to profiling.
Following your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Direct advertising:

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

2.7 Right to withdraw consent

If you have given us your consent to process your personal data (e.g. for sending newsletters), you also have the right to withdraw this consent at any time with effect for the future. The revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.
>The revocation can be made informally.

2.8 Right to lodge a complaint with a supervisory authority, Article 77 GDPR

In addition, you have the right to lodge a complaint against us with a data protection supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that our processing of your personal data infringes applicable data protection law.
The supervisory authority responsible for us is the
Bavarian State Office for Data Protection Supervision, Promenade 27 (Schloss), 91522 Ansbach, telephone: +49 (0) 981 53 1300, fax: +49 (0) 981 53 98 1300, e-mail: poststelle@lda.bayern.de.

3. data processing when visiting our websites

It is generally possible to use our website without actively providing personal data. However, every time you visit our website, i.e. even when using it for purely informational purposes, we collect various data and information for technical reasons and store it in so-called log files or server log files (log files) on our server. This only concerns the personal or personally identifiable data that your browser transmits to our server.

Recorded and stored:

• the IP address (Internet Protocol address),
• the date and time of access to our website,
• the browser software/browser types (computer programs for displaying websites) used to access our website as well as their versions and language,
• the operating system and version used by the person accessing our system,
• the Internet service provider of the accessing system,
• Content of the request (content of the specific pages accessed),
• Access status/HTTP status code (response provided by the server to each HTTP request, representing the status of the request),
• the website from which our website is accessed,
• Time zone difference to Greenwich Mean Time (GMT).

The storage of the IP address - even if only for a short time - is technically necessary due to the way the Internet works. However, before we process and store your IP address, it is shortened and only used in this unrecognizable (anonymous) form. The full IP address is not stored. It is no longer possible to identify you after it has been shortened.
We also do not use the other information and data mentioned above to draw conclusions about you and/or to identify you. Data that makes it possible to identify you will be anonymized as soon as possible.
The data and information listed above are collected by us exclusively to display our websites to you and to ensure their stability and security and to optimize our websites in this respect. The collection of the aforementioned data therefore serves the purpose of improving the data security of the programs and systems we use. In addition, we use the data for the anonymous, statistical evaluation of your movements on our websites.
The log files are stored separately from your other personal data, which you may have provided to us yourself when visiting our website, and are not merged with this data. The log files are deleted after 7 days.
The legal basis for the collection of the aforementioned data is our legitimate interest (Article 6(1)(f) GDPR) in the functionality and security of our websites. In addition, we have a legitimate interest in using the anonymous or anonymized data to evaluate user behavior on our website in order to assess the effectiveness of our website design and structure.

4. cookies

We use so-called cookies on our websites. Cookies are small text files that are sent to your browser by our server when you or your browser access our website for the first time, together with the website you have accessed. Your browser stores the cookie(s) on the hard disk of your end device.
Cookies cannot be used to transfer malware or viruses to your end device, execute programs or open pop-up windows. They are also not used to send spam. Rather, cookies are used to obtain certain information.
We differentiate between technically necessary cookies, which enable the operation of the website in the first place, and voluntary cookies. Voluntary cookies are only set with your consent. Please note that if you only allow the technically necessary cookies, some functions of the websites will only be usable to a limited extent or not at all.

4.1 Technically necessary cookies

We use this data or the technically necessary cookies we use to make our website more effective, secure and user-friendly overall and, for example, to find out which goods are already in your shopping cart or whether a pop-up window has already been displayed to you.

4.1.1 Method of use

We use the following technically necessary cookies:

4.1.2 Legal basis for use

We have a legitimate interest (Article 5(1)(f) GDPR) in the use of cookies. This applies to cookies that are required to use the functions of our websites (e.g. shopping cart function), as these are necessary for the functionality and best possible provision of our services.

4.2 Voluntary cookies

4.2.1 Legal basis

The setting of voluntary cookies takes place exclusively with your consent (Article 6 (1) (a) GDPR). Please note that if you only allow the technically necessary cookies, some functions of the websites will only be usable to a limited extent or not at all.

4.3 Further options for influencing the setting of cookies through settings in your browser

If you do not wish cookies to be stored on your device, either generally or individually, you can configure your browser settings to suit your preferences via the corresponding menu item.
At this point, we would like to point out that this may mean that not all functions of our websites are available or can be used.
Cookies that are stored on your end device for the duration of the respective session can be removed from your end device - in addition to the option of blocking them - regardless of whether their use is time-limited or unrestricted.
To do this, you can call up the corresponding functions in your browser and delete the history.
Flash cookies can be prevented by installing a corresponding "add-on", e.g. "Better Privacy" for Mozilla Firefox or the Adobe Flash Killer cookie for Google Chrome.
By selecting private mode in your browser, you can prevent the setting or use of HTML5 Storage Objetcs.
We generally recommend that you delete your browser history and cookies regularly.

5. data processing when using the contact form

You have the possibility to send us an inquiry via our contact form.

5.1 Use of the contact form

If you use this option, we will only collect the personal data that you provide as part of your request. Your e-mail address is required information, without which it is unfortunately not possible to send your request to us. You are also welcome to provide us with your first name, surname or title (Mrs/Mr) so that we can address you correctly in our reply.

5.2 Data processing

The processing of your data that you provide in the context of your request via our contact form is based on the consent to processing (Article 6 (1) (a) GDPR), which you give us by sending us your request, or on our legitimate interest (Article 6 (1) (f) GDPR) in the possibility of answering inquiries addressed to us.
If a contractual relationship is established between us as a result of you contacting us, the data processing is carried out to carry out pre-contractual measures (Article 6(1)(b) GDPR).

5.3 Storage period

We store the data that we receive from you via the contact form until your inquiry has been fully processed. Subject to your consent to the storage of your data for further purposes (e.g. sending newsletters), we will delete your data after processing your request, unless a contractual relationship has been established between us as a result of the contact. In this case, we store the data, if necessary, until the expiry of the retention periods under commercial and tax law.

5.4 Right to withdraw consent

You can revoke this consent at any time with effect for the future. Your revocation does not mean that the lawfulness of the processing of your personal data ceases to apply until your revocation.
In the event that a contract is concluded between you and us as a result of contacting us, the data storage is based on a contract or on necessary pre-contractual measures.
To exercise your right of revocation, simply send us a short e-mail or choose another form of contact. You will find the contact details in our legal notice or at the beginning of this declaration.

6. data processing for inquiries by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we will collect and process the personal data that you provide to us in this context (name, inquiry, telephone number, e-mail address, fax number, if applicable, e.g. e-mail signature, your address, if provided as part of the inquiry). We use your personal data exclusively to process your request. The data will not be passed on to third parties without your consent.

6.1 Data processing

The processing of your data that you provide in the context of your request via our contact form is based on the consent to processing (Article 6 (1) (a) GDPR), which you give by sending us your request, or on our legitimate interest (Article 6 (1) (f) GDPR) in the possibility of answering inquiries addressed to us.
If you enter into a contractual relationship with us as a result of contacting us (membership), the data processing is carried out for the implementation of pre-contractual measures (Article 6 (1) (b) GDPR).

6.2 Storage period

We store the data that we receive from you via the contact form until your inquiry has been fully processed. Subject to your consent to the storage of your data for further purposes (e.g. sending newsletters), we will delete your data after processing your request, unless a contractual relationship has been established between us as a result of the contact. In this case, we store the data, if necessary, until the expiry of the retention periods under commercial and tax law

6.3 Right to withdraw consent

You can revoke your consent to data processing at any time with effect for the future. Your revocation does not mean that the lawfulness of the processing of your personal data ceases to apply until your revocation.
To exercise your right of revocation, simply write us a short e-mail or choose another form of contact. You will find the contact details in our legal notice or at the beginning of this declaration.

7. SSL or TLS encryption

We use TLS (Transport Layer Security) encryption technology on our websites where personal data can be entered (in particular the ordering process, logging into the customer account, subscribing to our newsletter). This is a protocol for encrypting data transmissions in order to prevent unauthorized access by third parties to your personal data, in particular your bank or financial data. You can recognize the encryption by the designation "https://".

8. google web fonts and google material icons

We use so-called web fonts and material icons on our websites in order to display the content on our websites in an appealing, correct and uniform manner across all browsers. The appealing and correct presentation of our content represents a legitimate interest.
The web fonts and material icons we use are web fonts and material icons from Google LLC (Google), Amphitheatre Parkway, Mountain View, CA 94043, USA.
Web fonts and material icons make it possible to use fonts and icons that are not stored on the PC of the visitor to our site or the device used to visit our site.
The fonts and icons used on the website you have accessed are loaded into your browser cache by your browser when you access this page so that the content (texts and characters, icons) is displayed correctly. The browser you are using establishes a connection with the Google servers. As part of this connection between your browser and Google, Google is informed that your IP address has accessed our website. However, according to Google's presentation, there is no combination of otherwise known personal data (e.g. if you are logged into your Google account at the time you access our website) and the fact that your IP address is transmitted to Google when you access a website.
The CSS (Cascading Style Sheets - a programming or style sheet language with which the content on our site is given its appearance, e.g. the color display of individual words or paragraphs) are stored in the cache for 24 hours according to Google.
According to Google, the font files and icons themselves are stored in the cache for one year. You can find more information on data storage and Google Web Fonts at the following link: https://developers.google.com/fonts/faq.
Further information on data use by Google can be found here: https://policies.google.com/privacy?hl=de.
If your browser does not support Google Web Fonts or access is prevented, the content will be displayed in a standard font that is stored on the device you are using.

9. explanation of terms

The basis for the following definitions is the General Data Protection Regulation (GDPR) of the European Union (Regulation EU 2016/679 of the European Parliament and of the Council).

9.1 "Responsible party"

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
>In principle, the controller is the natural person or the company which, alone or jointly with others, determines the purposes and means of the processing of personal data.

9.2 "Personal data"

Personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In addition to your first and last name, address, telephone number, email address, date of birth, etc., personal data also includes the IP address used, information about the devices you use, voice recordings, your customer card number, your account data, your credit card numbers and, for example, physical characteristics such as your gait or appearance.

9.3 "Processing"

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Your data is also processed, for example, when you present your customer card at the checkout as part of the payment process or make a payment with your EC card.

9.4 "Third party"

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

9.5 "Restriction of processing"

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

9.6 "Pseudonymization"

The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information is called pseudonymization. This additional information. In addition, technical and organizational measures must be taken to ensure that the personal data is not assigned to an identified or identifiable natural person.

9.7 "Consent"

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.