Data protection declaration
Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.
Your data may be transferred to third countries outside the European Union for which an adequacy decision has been made by the EU Commission.
Contact
Responsible person
Contact us at any time. The person responsible for data processing is: Mathias Schmidt, Blumenstraße 70, 99092 Erfurt Deutschland, +49 (0) 361 / 30 25 81 24, review@bme24.com
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Finally your data will be deleted, unless you have agreed to further processing and use.
You have the option to send us images via e-mail in connection with the order of a personalized product.
With the transmission of your images, we may collect your personal data (image of an identifiable person) only to the extent provided by you. The purpose of data processing is to create personalized products. The sent image serves as a template for the product and is used for this purpose (e.g. T-shirt print). The processing is carried out on the basis of Art. 6 para. 1(b) GDPR and is required for the completion of a contract with you.
Your data will not be transferred.
We only use the image you send within the scope of service provision. Your data will then be deleted subject to legal retention periods, provided that you have not consented to further processing and use.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
Use of WeTransfer
We use the WeTransfer service of WeTransfer B.V. (Willem Fenengastraat 19, 1096 BL Amsterdam, Netherlands; "WeTransfer") to send files up to 2 GB in size at your request.
The purpose of using this service is to transfer large files in high quality. For this purpose, we pass on your e-mail address and the file to be transferred to WeTransfer. WeTransfer generates a download link that is sent to you and us by e-mail. The data is encrypted during transmission and storage by WeTransfer and can only be accessed via the download link.
Your personal data may be transmitted to WeTransfer servers in the USA and temporarily stored there (partly unencrypted). For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). WeTransfer is not certified under the TADPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, viewable at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
Processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent, insofar as you have expressly consented to the use of WeTransfer.
You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal.
For more information about data protection when using WeTransfer, please visit: https://wetransfer.com/legal/privacy.
Orders
Your data may be transferred to third countries outside the European Union for which an adequacy decision has been made by the EU Commission.
Advertising
Use of Brevo (formerly Sendinblue)
We use the service of Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin; "Brevo") for the newsletter dispatch within the scope of order processing.
We pass on the information you provide when registering for the newsletter (e-mail address, first and last name, if applicable) to Brevo. The data processing serves the purpose of sending the newsletter and its statistical evaluation.
In order to evaluate newsletter campaigns, the sent e-mail newsletters contain a 1×1 pixel graphic (tracking pixel) and/or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked any integrated links. Within this context, your personal data such as IP address, browser type and device as well as the time of opening may also be collected. From this data, user profiles can be created under a pseudonym. The data collected will not be used to identify you personally. The collected data is only used for statistical analysis to improve newsletter campaigns.
The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
You can find more information and Brevo's privacy policy at: https://www.brevo.com/de/legal/privacypolicy/.
Merchandise management
AbamSoft ®, Inh. André Bachmann, Maassenstraße 64, 46514 Schermbeck
Payment service providers Credit check
Use of PayPal
On our website we use the PayPal payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, the data required for processing the payment will be transmitted to PayPal in order to enable us to fulfil the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
All PayPal transactions are subject to PayPal Privacy Policy. You can find these at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Use of payment methods of Novalnet AG
The data controller has integrated components from Novalnet AG on this website. Novalnet AG is a full payment service provider that handles payment processing, among other things. If the data subject selects a payment method during the ordering process in the online store, the data of the data subject is automatically transmitted to Novalnet AG. By selecting a payment option, the data subject consents to the transfer of personal data for the purpose of processing the payment.
The personal data transmitted to Novalnet is usually first name, last name, address, gender, e-mail address, IP address and, if applicable, date of birth, telephone number, cell phone number and other data required to process a payment. Personal data relating to the respective order is also required to process the purchase contract. In particular, there may be a mutual exchange of payment information, such as bank details, card number, expiry date and CVC code, data on goods and services, prices.
The purpose of the data transfer is, in particular, identity verification, payment administration and fraud prevention. The controller will transfer personal data to Novalnet AG in particular if there is a legitimate interest in the transfer. The personal data exchanged between Novalnet AG and the controller may be transmitted by Novalnet AG to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness.
Novalnet AG also passes on personal data to service providers or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed.
The data subject has the option of withdrawing consent to the handling of personal data at any time from Novalnet AG. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
Credit and identity checking when paying by invoice via Novalnet
Cookies
Our website uses cookies. Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.
Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
technically necessary cookies
Insofar as no other information is given in the data protection declaration below we use only these technically necessary cookies cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognise your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.
The use of cookies or comparable technologies is carried out on the basis of Art. 25 para. 2 TDDDG. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services.
You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.
Use of the Cookie Consent Manager CCM19
On our website, we use the Cookie Consent Manager CCM19 from Papoo Software & Media GmbH (Auguststr. 4, D-53229 Bonn, Germany; "CCM19").
The plug-in enables you to give your consent to data processing via the website, in particular to set cookies, as well as to make use of your right of revocation for consents already provided. The data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus to comply with legal obligations. Cookies are used for this purpose. Among other things, the following information can be collected, stored and, if necessary, transferred to CCM19: randomly assigned ID, consent status, date and time of consent/rejection. The data is stored for one year and one month and then deleted. This data will not be passed on to any other third parties.
The data processing is carried out on the basis of Article 6 para. 1 lit. c GDPR to comply with a legal obligation.
For more information about data protection at CCM19, please visit: https://www.ccm19.de/datenschutzerklaerung.html.
Analysis Advertising tracking
The IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Google uses technologies such as cookies, web storage in the browser and tracking pixels that enable an analysis of your use of the website. The use of cookies or similar technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a DSGVO.
The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a DSGVO. You may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
We also use the Google Signals service in this context. Google Signals enables cross-device tracking. Hence, your data can be analysed across devices if you have enabeled "personalised advertising" in your account settings and your end devices are linked to your Google account. This makes it possible to identify which device is searching for products and then return to complete purchases on another device, such as a tablet.The cross-device reports created in this context contain only aggregated data. We therefore only receive statistics generated on the basis of Google Signals. To prevent Google Signals from collecting and storing data across devices, you can deactivate the "personalised advertising" function in your Google Account settings. For more information, please visit https://support.google.com/ads/answer/2662922?hl=de. For more information on data processing and data protection for Google Signals, please visit https://support.google.com/analytics/answer/7532985?hl=en.
The information generated by this about your use of this website is usually transferred to a Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
Both Google and US government agencies have access to your data.
For more information on terms of use and data protection, please visit https://policies.google.com/technologies/partner-sites and https://policies.google.com/privacy?hl=de&gl=de.
Use of Google Ads conversion tracking
Our website uses the online marketing program "Google Ads", including conversion tracking (evaluation of user actions). Google conversion tracking is a service operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google Ads customer receives a different cookie. It is therefore not possible to track cookies relating to the websites of Ads customers.
The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users. We use the extended implementation of the consent mode (Advanced Consent Mode). In this case, user data is transmitted to Google in the form of “pings” even if consent has not been granted. These pings may contain the following information, among others: IP address to derive the IP country (the IP address is not logged), date and time of the page view, URL of the pages visited, user agent, referrer URL (website from which you accessed our website) or information about the triggering of website events such as a conversion. On the basis of this information, Google models user data in order to be able to carry out a comprehensive usage analysis despite the refusal of consent.
Your data may be transmitted to Google LLC servers in the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You will find more information as well as Google’s data privacy policy at: https://www.google.com/policies/privacy/
Use of the remarketing or "similar target groups" function by Google Inc.
Our website uses the remarketing or "similar target groups" function by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
This application serves to analyse visitor behaviour and visitor interests.
Google uses cookies to analyse website use, forming the basis for producing interest-related adverts. Cookies allow for the recording of website visits as well as anonymised data on the use of the website. The personal data of website visitors is not saved. If you then visit another website in the Google display network you will then be shown adverts which are more likely to take previous areas of product and information interest into account.
Your data may be transmitted to Google LLC servers in the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on Google remarketing as well as the associated data privacy policy at: https://www.google.com/privacy/ads/
Our website uses Microsoft Advertising from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft").
The processing of data serves the purposes of marketing and advertising and the purpose of measuring the success of the advertising measures (conversion tracking). This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. It is, however, not possible to identify this user personally through this process. Microsoft Advertising uses technology such as cookies and tracking pixels which make it possible to analyse your use of the website. If you click on adverts placed by Microsoft Advertising, a cookie is placed on your computer for conversion tracking. This cookie has limited validity and cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Microsoft can recognise that you have clicked on the advert and were forwarded to this page. In this process the following information, inter alia, can be collected: IP address, identifiers (indicators) assigned by Microsoft, information on the browser and device you are using, Referrer URL (website via which you accessed our website), URL of our website.
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
More information on data protection and the cookies used by Microsoft can be found at: https://privacy.microsoft.com/de-de/privacystatement
Plug-ins
Our website uses the Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). This application manages JavaScript tags and HTML tags which are used in particular to implement tracking and analysis tools. The data processing serves to facilitate the needs-based design and optimisation of our website. The Google Tag Manager itself neither stores cookies nor processes personal data. It does, however, enable the triggering of further tags which may collect and process personal data. You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/intl/de/tagmanager/use-policy.html
Use of Wordfence
We use the Wordfence security plugin from Defiant Inc. (00 5th Ave Ste 4100, Seattle, WA 98104, USA "Wordfence") on our website as part of order processing. Data processing is used in particular to protect against viruses and malware, to detect and defend against brute force and DDoS attacks. For this purpose, Wordfence uses cookies to categorise website visitors as questionable or harmless. For this purpose, the IP address of the website visitor is stored on the Wordfence servers. IP addresses classified as harmless are placed on a whitelist. Dubious IP addresses, on the other hand, are placed on a blacklist. For this purpose, our website establishes a permanent connection to the Wordfence servers so that Wordfence can compare its databases with the access requests sent to our website and block them if necessary.
Your data will be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Wordfence is not certified under the TADPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://www.wordfence.com/standard-contractual-clauses/.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 para. 1 sentence 1 of the TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on Wordfence’s collection and use of data and your associated rights and options for protecting your privacy in Wordfence’s privacy policy: https://www.wordfence.com/privacy-policy/ and https://www.wordfence.com/help/general-data-protection-regulation/#standard-contractual-clauses.
Friendly Captcha (Bot/spam protection)
We use the “Friendly Captcha” service on our website (www.friendlycaptcha.com).
This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
Friendly Captcha is a new type of privacy-friendly security solution to make it increasingly difficult for automated programs and scripts (so-called “bots”) to use our website.
For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor’s end device can establish a connection to Friendly Captcha’s servers in order to receive a computational task from Friendly Captcha. The visitor’s end device solves the computational task, which requires certain system resources, and sends the computational results to our web server. Our server contacts the Friendly Captcha server via an API and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, further process or reject them.
The data is used exclusively for the protection against spam and bots as described above.
Friendly Captcha does not set or read cookies on the visitor’s end device.
IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.
If personal data is stored, this data will be deleted after 30 days.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests).
Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
Bootstrap CDN
On our website we integrate the CSS framework Bootstrap of the company LLC. NetDNA, 3575, Cahuenga Blvd Suite 630, Los Angeles, CA 90068, USA (hereinafter: Bootstrap CDN) in order to optimally display the content we offer on the various end devices and to reduce the loading speed of our website. Bootstrap CDN is a public content delivery network (CDN) for the provision of content. Bootstrap CDN users can load CSS, JavaScript and images remotely from their servers. The use or integration of Bootstrap CDN is necessary for the purposes mentioned to safeguard our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
If Java Script is activated in your browser and no (Java) Script blocker is installed, your browser will transmit personal data (e.g. your IP address and browser) to Bootstrap CDN when you load our website.
You can find the provider’s privacy policy at https://www.bootstrapcdn.com/privacy-policy/
jQuery
We also integrate jQuery or jQueryUI technologies on our website to further optimize loading speeds. This means that when you visit our website, program libraries are retrieved from servers of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and downloaded from Google’s content delivery network. Personal data (e.g. your IP address and browser) is transferred to Google in the process. The use or integration of jQuery is necessary for the purposes mentioned to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
You can find more information about jQuery at: https://developers.google.com/speed/libraries/#jquery
You can find Google’s privacy policy at https://www.google.com/policies/privacy/.
1. general scope and description of data processing
We use FAST to correctly allocate the success of an advertising medium. The data is automatically deleted after 90 days. No profiling takes place. FAST uses a unique key that third parties cannot assign and therefore users cannot be traced. Personalized advertising is not possible with FAST.
FAST establishes a connection between a click on an advertising medium, e.g. an advertisement, and an action, e.g. a purchase or a login or registration.
The information transmitted to us serves the sole purpose of correctly allocating the success of an advertising medium and the corresponding billing.
FAST does not store any cookies or cookie-like data on your end device.
When generating the device fingerprint, only non-personal parameters are merged (browser settings, time zone, CPU class, color depth, browser language, etc.).
2. scope and description of the processing of data when using Google Ads / Microsoft Ads
During a campaign, the order number and the shopping cart value of the order are usually also transmitted and stored by us for 90 days. Personal data such as name, telephone number or address are expressly not recorded or stored.
The following values may also be transmitted:
– ID (consecutive number)
– ClickID
– Time of purchase
– Currency
– Conversion name (store order or lead)
The device fingerprint is processed on the server of the respective customer. Insofar as integration takes place via Google Tag Manager, the device fingerprint is processed via the Smarketer Host Europe server in Strasbourg.
Thanks to high security standards, such as an HTTPS connection, the conversion data is sent on our HOST-Europe server located in Strasbourg. The transfer of the export file and the processing of the data (ClickID, conversion name, timestamp, order value, currency) takes place in accordance with Google Ads / Microsoft Ads on an American server.
The software is set up so that no profiling takes place.
3. purposes of the processing
The information transmitted to us serves the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing and is justified by our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
4. duration of storage
The data of the processing described here will be automatically deleted after a maximum storage period of 90 days.
Operator:
Name: AdsXpress GmbH
Postal address: Salzufer 8, 10587 Berlin
E-mail: info@adsxpress.de
5. possibility of objection and removal
You can prevent tracking by deactivating FAST Tracking via an opt-out link on the respective page. To do so, please contact us at info@adsxpress.de.
Rights of persons affected and storage duration
You can lodge a complaint with, among others, the supervisory authority responsible for us, which you may reach at the following contact details:Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit
Postfach 90 04 55
99107 Erfurt
oder
Häßlerstrasse 8
99096 Erfurt
Tel.: +49 361 573112900
Fax: +49 361 573112904
E-Mail: poststelle@datenschutz.thueringen.de
If personal data is being processed for the purposes of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct advertising.
last update: 22.10.2024