Privacy Policy

FALKE B2B (merchant portal)

General information about the processing of your data

We are obliged by law to inform you about the processing of your personal data (hereinafter referred to as “data”) when you use our website. We take the protection of your personal information very seriously. This data protection notice informs you about the details of the processing of your data and about your legal rights in this regard. For terms such as “personal data” and “processing”, the legal definitions pursuant to Art. 4 GDPR apply. We reserve the right to adapt the privacy policy with future effect, in particular in the event of further development of the website, the use of new technologies or changes to the legal bases or the corresponding case law. We recommend that you read this privacy policy from time to time and take a printout or a copy for your records.

Scope

This privacy policy applies to all pages of https://www.falkeb2b.com. It does not cover any linked websites of other providers.

Responsible provider

The following party is responsible for the processing of personal data within the scope of this privacy policy:

Falke KGaA

Oststraße 5

57392 Schmallenberg

Germany

b2b@FALKE.com

Questions about data protection

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:

Spirit Legal Fuhrmann Hense Partnership of Lawyers

Attorney-at-law and data protection officer

Peter Hense

Postal address:

Data protection officer

c/o Falke KGaA

Oststraße 5

57392 Schmallenberg

Germany

datenschutz@falke.com

Contact via encrypted online form:

Contact data protection officer

Security

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to current standards.

Your rights

You have the following rights with regard to the personal data concerning you that you can assert against us:

Right of access: You can request access to the personal data concerning you which we process, as set forth in Art. 15 GDPR.
Right to rectification: If the information concerning you is not (or no longer) correct, you can request its rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing: Pursuant to Art. 18 GDPR, you have the right to demand that the processing of your personal data be restricted.
Right to object to processing: Pursuant to Art. 21(1) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which occurs based on Art. 6(1) Sentence 1(e) or (f) GDPR. If you object, we will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). Furthermore, under Art. 21(2) GDPR you have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that this is related to such direct marketing. In this privacy policy, we draw your attention to this right to object when describing each processing operation.
Right to withdraw your consent: If you have given your consent for processing, you have a right to withdraw that consent under Art. 7(3) GDPR.
Right to data portability: You have the right to receive the personal data you have given us in a structured, commonly used, machine-readable format (“data portability”) and the right to transfer this data to another controller, if the prerequisites of Art. 20(1)(a), (b) GDPR are fulfilled (Art. 20 GDPR).

You can assert your rights by informing us using the contact details specified above under “Responsible provider” or by contacting the data protection officer designated by us.

If you believe that the processing of your personal data violates data protection law, then under Art. 77 GDPR you also have the right to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority responsible for the controller: North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information, Postfach 200444, 40102 Düsseldorf, +49211/38424-0, poststelle@ldi.nrw.de.

Using our website

In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you. This involves the following data being processed:

Browser type/browser version
Operating system used
Language and version of the browser software
Date and time of access
IP address
Content of the request (specific page)
Access status/HTTP status code
Referrer URL (website visited before)
Volume of data transferred.

It is necessary for this data to be processed temporarily in order to make it technically possible for you to visit our website and to deliver the website to your device. The access data is not used to identify individual users and is not combined with other data sources. The data is also stored in log files, in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests lie in ensuring the functionality, integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, defending against requests that would overload the service as well as against bots. The access data will be erased as soon as it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the website, this is the case when you end your visit to the website. The log data is generally stored directly and in such a way that it can only be accessed by administrators, and it is erased after 30 days at the latest. After that, it is only indirectly available by reconstructing backups, and is finally erased after a maximum of four weeks.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Cookies

In addition to the aforementioned access data, so-called cookies are stored in the internet browser of the device you use to access the website. These are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Cookies do not become part of the device system and cannot execute programs. They serve to make our website user-friendly. The use of cookies may be technically necessary or may occur for other purposes (e.g. analysis/evaluation of website use).

Technically necessary cookies

Some elements of our website require that the retrieving browser can be identified even after a page change. This involves processing the following data in the cookies:

Language settings
Items in shopping basket
Log-in information.

The user data collected by technically necessary cookies is not processed to create user profiles. We also use session cookies, which store a session ID that can be used to assign various requests from your browser to the shared session. Session cookies are required for using the website. In particular, they enable us to recognise the device used when you return to the website. If you use our login area, we use this cookie to recognise you on subsequent visits to the website; otherwise you would have to log in again each time you visited. The legal basis of this processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in the processing lie in providing the aforementioned special functionality and thereby making the use of our website more attractive and effective. The session cookies are erased as soon as you log out or, depending on which browser you are using and your browser settings, when you close the browser.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You can object to this processing by cookies by adjusting your browser settings to disable or restrict cookies. Cookies that have already been saved can be deleted at any time in your browser settings. You can also prevent the use of cookies by opening your browser in “private mode”.

Technically non-essential cookies

In addition, we also use cookies on the website to enable an analysis of users’ surfing behaviour. For example, this involves processing the following data in the cookies:

Frequency of page views
Use of website functions.

The legal basis of this processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests lie in making the website more efficient and attractive. The technically non-essential cookies are automatically erased after a specified period, which may vary depending on the cookie. Where we integrate cookies from third-party providers into our website, we point this out to you separately below.

Contacting our company

When you contact our company, e.g. by email, we will process the personal data you provide for the purpose of processing your enquiry. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in processing your enquiry also lies in responding to it. The data will not be transmitted to third parties in this context. As soon as processing is no longer necessary, we will erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data.

Processing for contractual purposes

We process your personal data if and to the extent necessary for the initiation, creation, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6(1) Sentence 1(b) GDPR. It is necessary for you to provide your data in order to conclude the contract and you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to conclude and/or execute a contract. Once the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or erased, unless we are entitled to keep processing the data on the basis of a consent granted by you (e.g. consent to the processing of your email address for sending promotional emails), a contractual agreement, a statutory authorisation (e.g. authorisation to send direct marketing) or on the basis of justified interests (e.g. retention for asserting claims).

Your personal data will be passed on to third parties if

it is necessary for the creation, execution or termination of legal transactions with our company (e.g. when transmitting data to a payment service provider/a shipping company to process a contract with you) (Art. 6(1) Sentence 1(b) GDPR), or
a subcontractor or party we use to perform our obligations, which we use exclusively within the framework of providing the offers or services requested by you, needs this data (unless you are expressly informed otherwise, such auxiliary parties are only entitled to process the data insofar as this is necessary for the provision of the offer or service), or
there is an enforceable official order (Art. 6(1) Sentence 1(c) GDPR), or
there is an enforceable court order (Art. 6(1) Sentence 1(c) GDPR), or
we are legally obliged to do so (Art. 6(1) Sentence 1(c) GDPR), or
the processing is necessary in order to protect the vital interests of the data subject or another natural person (Art. 6(1) Sentence 1(d) GDPR), or
this is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1) Sentence 1(e) GDPR), or
we can cite our overriding legitimate interests, or those of a third party, in the disclosure (Art. 6(1) Sentence 1(f) GDPR).

Your personal data will not be transmitted to other persons, companies or bodies unless you have effectively consented to such transmission. The legal basis of the processing is then Art. 6(1) Sentence 1(a) GDPR. In this privacy policy, we draw your attention to the respective recipients when describing each processing operation.

Online ordering system

If you wish to place an order in our online shop, it is necessary and obligatory for the initiation and conclusion of the contract that you provide personal data such as your customer number. The mandatory data required for order and contract processing is marked as such; further information is provided voluntarily. We process your data for order processing and will send you an invoice via our central sales system for this purpose, which will in particular involve forwarding payment data to the relevant payment service provider or to our main bank, depending on the payment method you have chosen (bank transfer, direct debit or centralised payment via a buying group). The legal basis for the data processing is Art. 6(1) Sentence 1(b) GDPR. The provision of your data is necessary and obligatory in order to conclude and execute the contract. If you do not provide your data, it will not be possible to conclude and/or execute a contract. To prevent unauthorised third parties from accessing your personal data, the order process on the website is encrypted using TLD technology. You can create a customer account in which we store your data for future visits to the website. When you create a customer account, the data you enter is processed. Once you have successfully registered, you can edit or erase all further data independently in your customer account. As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce the processing to compliance with our existing legal obligations.

Customer account

If you have created a customer account and wish to use it on our website, you must register by providing the following information:

First and last name

FALKE customer number
Company
Position
Salutation
Email address
Password chosen by you.

You do not have to enter a real name and are free to use the website pseudonymously. When you register, your IP address and the date and time of registration will also be processed. Your data will be erased as soon as it is no longer required for achieving the purpose of its processing. This is the case for the data collected during the registration process if the registration on the website is cancelled or modified.

The following functions are available to you in the login area:

Edit your profile data
Place orders
View past orders
Download delivery notes and invoices
Manage, change or cancel your newsletter subscription.

If you use the login area of the website, e.g. to edit your profile data or to view your previous orders and bookings, we also process the data about your person required for the initiation or performance of the contract, in particular address data and information about the payment method. The legal basis for the processing is Art. 6(1) Sentence 1(b) GDPR. The provision of your data is necessary and obligatory in order to conclude and execute the contract. If you do not provide your data, you will not be able to register or use the login area, which means that it will not be possible to conclude and/or execute a contract. As soon as it is no longer required for achieving the purpose of its processing, the data will be erased or, if we are subject to statutory retention obligations, the processing will be restricted accordingly. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce the processing to compliance with our existing legal obligations.

Email marketing

In the login area (at https://www.falkeb2b.com/de/de/newsletter) and in the website footer, you have the possibility to subscribe to our regular email newsletter, which we use to send you the latest information about our shop. You can choose between the following options when you register for the newsletter:

FALKE legwear
FALK ESS
BURLINGTON
ESPRIT.

In future our newsletter will inform you about the following content:

Information about new functions of our online shop
Interesting offers from our portfolio, in particular on various product categories of the FALKE brand (for example socks or stockings in various formats, slippers or a wide variety of clothing), and the Burlington and Esprit brands (men’s, women’s and children’s socks)
Information about company events
Customer feedback queries.

To register for the newsletter, it is essential that you enter a valid email address and your recipient name. If it is possible for you to subscribe to further newsletters on our website, you will receive further information on the content of those newsletters at an appropriate stage in the process. Registering for our email newsletter takes the form of a so-called double opt-in process. Once you have entered the data marked as mandatory, we will send you an email to the email address you have provided, in which we ask you to expressly confirm your subscription to the newsletter (by clicking on a confirmation link). This is how we ensure that you really want to receive our email newsletter. If no confirmation takes place within 24 hours, we block the information transferred to us and erase it automatically after one month at the latest. After your confirmation, we will process the email address and name/pseudonym of the recipient concerned for the purpose of sending our email newsletter. The legal basis for the processing is Art. 6(1) Sentence 1(a) GDPR. We erase this data when you unsubscribe from the newsletter. We process this data until two years after termination of the contract. If registration for the newsletter takes place and it is unrelated to the conclusion of a contract, we process this data until two years after termination of the usage. We erase this data when the newsletter subscription ends.

You can withdraw your consent to the processing of your email address for receiving the newsletter at any time, either by sending us a message (see the contact details under “Responsible provider”) or by clicking directly on the unsubscribe link in the newsletter. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Furthermore, the following data is processed at the time of subscription:

IP address
Date/time of registration for the newsletter
Time when you click on the confirmation link.

We also process your IP address, the time of registration for the newsletter and the time of your confirmation in order to document your newsletter registration and to prevent abuse of your personal data. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in this processing lies in fraud prevention. We erase this data at the latest when the newsletter subscription ends.

We also evaluate the opening/click rates of our newsletters when they are sent out. For this analysis, the emails sent out contain so-called web beacons or tracking pixels, which display single-pixel image files that are also embedded in our website. The processing is carried out for the purpose of analysing how our newsletters are read. Here we record when you read our newsletters, which links you click on in them and draw conclusions about the interests of our customers. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in this processing lie in measuring the reach and producing statistical analyses of our newsletters and optimising our email marketing. The information is processed for as long as you have subscribed to the newsletter. Once you unsubscribe, we process the data for purely statistical purposes and anonymously.

We would like to point out that you can object to receiving direct marketing and to the processing of the data for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). To do this, click on the unsubscribe link in the relevant email or send us your objection to the contact details provided under “Responsible provider”.

Mapp email marketing service

We use Mapp, an email marketing service provided by Mapp Digital US, LLC (9276 Scranton Rd. Suite 500, San Diego, CA 92121, US); representative in the European Union: Mapp Digital Germany GmbH (Dachauer Str. 63, 80335 Munich, Germany, hereinafter referred to as Mapp). If you have registered for the newsletter, the data provided during registration will be stored and processed on Mapp’s servers in the US or other countries outside the EU. Mapp has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Mapp’s certification at https://www.privacyshield.gov/participant?id=a2zt00000008UhnAAE&status=Active. Mapp processes the data required to send and analyse the newsletters on our behalf. The newsletters contain what are known as web beacons, which are pixel-sized files that are retrieved from the Mapp server when the newsletter is opened. In the context of the retrieval, technical information – such as the browser used, time of the page retrieval and IP address – is processed. This information is processed for the purpose of analysing and technically improving our services. Furthermore, it is analysed whether and when newsletters are opened and which links are clicked on by the reader. This information can theoretically be assigned to individual newsletter recipients. However, neither we nor Mapp have any intention of monitoring individual recipients; the analysis of the information mentioned serves rather to recognise the overall reading habits, opening and click rates of all recipients. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests are being able to measure reach, create statistical analyses as well as for the adaptation, optimisation and more targeted control of our newsletter content. For more information on the storage period, please refer to Mapp’s privacy notice at https://mapp.com/privacy/.

feedbaxx

For customer feedback requests we use feedbaxx, a service provided by feedbaxx GmbH (Roßstraße 96, 40476 Düsseldorf, hereinafter referred to as feedbaxx). If you have placed an order in our online shop, the relevant data (in particular product, name and email address) will be transmitted to feedbaxx and stored and processed on its servers in Germany. feedbaxx processes this information for sending and analysing the requests for feedback on our behalf. The purpose of this processing is the regular improvement of our products and purchasing in our online shop. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests are in receiving customer feedback to regularly improve our products and services. For more information on the storage period, please refer to the feedbaxx privacy policy at https://feedbaxx.com/datenschutz/.

We would like to point out that you can object to receiving direct marketing and to the processing of the data for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). After exercising your right of objection, we will erase your data in connection with the sending of advertising to existing customers. To do this, click on the unsubscribe link in the relevant email or send us your objection to the contact details provided under “Responsible provider”.

Ordering product catalogues

Our website gives you the opportunity to download product catalogues in PDF format, in which we provide information about our products. The product catalogues contain information about our products, such as colour and size selections, material compositions, washing information as well as pictures and descriptive texts about products. For the purpose of product presentation, we process device information such as your IP address and the date and time of the download when you retrieve these catalogues. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests lie in particular in clearly presenting our product range and in providing our customers with the best possible information about our products.

Hosting

We use external hosting services provided by PlusServer GmbH (Hohenzollernring 72, 50672 Cologne, Germany) which serve to provide the following services: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. For these purposes, all of the data required for the operation and use of our website – including the access data mentioned under “Using our website” – is processed. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. By using external hosting services, our aim is to make the provision of our website efficient and secure.

Content delivery network

In addition, we use the services of the content delivery network (hereinafter referred to as CDN) of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, US; hereinafter referred to as Cloudflare) on our website for the purpose of allowing our website to be displayed more quickly. When you visit the website, the CDN caches a library on your device in order to avoid reloading the content. During this process, device information such as your IP address is transmitted to the provider in the US. Cloudflare has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and has thus committed to complying with European data protection standards: https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. By using Cloudflare, we are pursuing our legitimate interest in faster website display, reduced bandwidth usage as well as a more effective and improved presentation of our website. For further information about the protection of your data and how long Cloudflare stores your data, please refer to https://www.cloudflare.com/en-gb/privacypolicy/.

DataTables

We use the services of the DataTables content delivery network (CDN), which is provided by Spry Media Ltd. (Mayfield, Forgandenny, Perth, United Kingdom, PH2 9EQ) for the purpose of allowing our website to be displayed more quickly. When you visit our website, the CDN caches a library on your device. This avoids the need to reload the content and ensures that the content is made available quickly. During this process, device information such as your IP address is transmitted to the provider. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. By using the CDN, we are pursuing our legitimate interest in faster website retrieval as well as a more effective and improved presentation of our website. For further information about data protection, please refer to https://datatables.net/privacy.

Integration of third-party content

The website integrates third-party content such as videos, maps and graphics from other websites. This integration always requires that the providers of this content (“third-party providers”) perceive the IP addresses of users. This is because without the IP address they would not be able to send the content to the browser of the respective user. As such, the IP address is required to display this content. In the following, we inform you about the services from external providers currently in use on our website, about the respective processing in each case, and about how you can object.

Google Fonts

We use web fonts, which are provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). When you retrieve a website, your browser loads the required web fonts from Google into your browser cache in order to display texts and fonts correctly. For this purpose, the browser transmits your IP address to Google in order to establish a connection to Google’s servers. Google thus receives the information that you have accessed our website. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. By using web fonts from Google, we are pursuing the legitimate interest of a uniform and visually appealing presentation of our website. Google also processes your data in the US and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Further information about the purpose and scope of the processing by Google and the storage period in the case of Google’s web fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy statement: https://policies.google.com/privacy.

Google Tag Manager

Our website uses Google Tag Manager, which is provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). Google Tag Manager is a solution that allows website tags to be managed through a single interface. The Google Tag Manager tool itself (which implements the tags) is a cookieless domain and does not record any personal data. The tool triggers other tags, which in turn may record data; our privacy policy explains this separately in each case. Google Tag Manager does not access this data. If deactivation has occurred at the domain or cookie level, it will remain effective for all tracking tags implemented with Google Tag Manager.

Vimeo

We use plug-ins from Vimeo to integrate videos on our website. Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, US. We use this processing of data by the plug-ins to pursue the purpose of integrating visual content (“videos”) on the website that we have published on https://www.vimeo.com. If you visit one of our web pages with a Vimeo plug-in, this establishes a connection to Vimeo’s servers. When this happens, the Vimeo server is notified of which web page you have visited. In addition, some of the data mentioned under “Using our website” is transmitted. This occurs regardless of whether you are logged in to your Vimeo user account or whether no such user account exists. If you are simultaneously logged in as a member of Vimeo, Vimeo will associate this information with your personal user account. When using the plug-ins, e.g. playing a video by pressing the play button, this information is also assigned to your user account. Vimeo stores your data as usage profiles and processes it, regardless of whether you have a Vimeo account, for purposes of advertising, market research and/or the demand-oriented design of websites. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. With this data processing, we are pursuing our legitimate interests in making our website more attractive and offering you additional services. Vimeo also processes your data on servers in the US and has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/eu-us-framework). You can view its certification at https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active. For further information about the protection of your data and how long Vimeo stores your data, please refer to https://vimeo.com/privacy.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. There are various ways in which you can object to the processing: by disabling the button for processing non-essential cookies at https://vimeo.com/cookie_policy at the bottom of the website; by disabling cookies in your browser settings; or by opening your browser in “private mode”, in order to prevent the use of cookies.

Services for statistical, analysis and marketing purposes

We use services from third parties for statistical, analysis and marketing purposes. This enables us to offer you a user-friendly, optimised experience when visiting the website. The third-party providers use cookies to control their services (see “Cookies” above). In the following, we inform you about the services from external providers currently in use on our website, about the respective processing in each case, and about how you can object.

Google Analytics

In order to tailor our website perfectly to user interests, we use Google Analytics, a web analytics service from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). The web analytics service Google Analytics uses technologies such as cookies, tracking pixels and device fingerprinting to track specific user behaviour on websites. To this end, cookies (see “Cookies” above) are stored on your device. Google uses the cookies to process the information generated about the use of our website by your device – e.g. the fact that you have visited a certain page – and processes, among other things, the data mentioned under “Using our website”, in particular your IP address, browser information, the website visited before and the date and time of the server request, for the purpose of statistical analysis of how people use our website. This website uses Google Analytics with the “anonymizeIp()” extension. This shortens IP addresses before they are processed, in order to make it much more difficult to identify individuals. According to Google, your IP address is shortened beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On our behalf, Google will process this information for the purpose of evaluating your use of this website, compiling reports for us on website activity, and – where we point this out separately – providing us with other services relating to website usage. Google will not associate the IP address transmitted by your browser for these purposes with any other data held by Google. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in this processing lie in the statistical analysis of how people use our website, reach measurement as well as the optimisation and improvement of our website. Your data processed in connection with Google Analytics will be erased after fourteen months at the latest. For the exceptional cases in which your data is transferred to the US, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. For further information about privacy at Google, please refer to http://www.google.de/intl/en/policies/privacy.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. There are various ways in which you can object to the processing: by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en; by disabling cookies in your browser settings; or by opening your browser in “private mode”, in order to prevent the use of cookies.

Google DoubleClick

Our website also uses the online marketing tool DoubleClick, which is provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). Google’s DoubleClick online advertising service uses technologies such as cookies, tracking pixels, and device fingerprinting to deploy ads that are relevant to users, improve campaign performance reports, or prevent users from seeing the same ads more than once. Google uses cookies (see “Cookies” above) to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. Google uses cookies to process the information generated by your device about the use of our website and interactions with our website as well as the data mentioned under “Using our website”, in particular your IP address, browser information, the website visited before and the date and time of the server request, for the purpose of deploying personalised ads. This allows Google and its partner sites to display ads based on previous visits to websites. In addition, DoubleClick can use cookies to record conversions related to ad requests. This happens for example when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and buys something there. By integrating DoubleClick, Google receives the information that you have retrieved the corresponding part of our website, or that you have clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will obtain and store your IP address. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We are pursuing our legitimate interests in recognising users of our website on other websites, showing them advertising that is of interest to them, and making our website more interesting for our users. In addition, we have a legitimate interest in measuring the reach of ads and optimising them as well as in the traceability and improvement of advertising expenditure. Google processes the data in the US and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The maximum storage period with Google is thus 13 months. For further information about the protection of your data and how long Google stores your data, please refer to https://policies.google.com/privacy.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. There are various ways in which you can object to the processing: by downloading and installing the browser plug-in available via the following link: https://www.google.com/settings/ads/plugin; by disabling cookies in your browser settings; or by opening your browser in “private mode”, in order to prevent the use of cookies.