Datenschutzerklärung

In this privacy policy, we have provided information about the collection of personal data when using our services and website. Personal data includes all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. A legal definition of personal data can be found in Art. 4 No. 1 GDPR.

1. Controller

The controller responsible for data processing is:

Name: Lisann Binder

Address: C/o Postflex #6035, Emsdettener Str. 10, 48268 Greven

Telephone number: +49 15560030383

Email: findyourway@samavarta.com

Link to the legal notice: https://www.samavarta.com/impressum

2. Processing of your data

We only process personal data of our users to the extent it is necessary to provide a functional website and our content and services. The processing of the personal data of our users takes place regularly only with the consent of the user. An exception is applicable in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by law.

The type, scope and purpose of the processing of your data is generally based on the contractual or pre-contractual relationship existing between us. In this sense, the data processed by us includes all data that is or has been provided by you for the purpose of using the contractual or pre-contractual services and that is required for processing your request or the contract concluded between us. Unless otherwise stated in this privacy policy, the processing of your data is limited to the data that is necessary and expedient to answer your inquiries and/or to fulfill the contract concluded between you and us, to protect our rights and to fulfill legal obligations. We will inform you which data is required for this before or during the data collection. If it is necessary to fulfill the contract concluded between us, to protect your vital interests or due to legal provisions, we will transfer your data to third parties, such as (judicial) authorities, billing offices and tax consultants, in compliance with our professional confidentiality requirements. If we use third-party providers to provide our services, the data protection notices of the respective third-party providers is also applicable.

Categories of data concerned - Inventory data (e.g. names, addresses) - Payment data (e.g. bank details, invoices) - Contact data (e.g. email address, telephone number, postal address) - Contract data (e.g. subject matter of contract, duration of contract) - Health data (e.g. complaints, diagnoses) - Communication data

1. Data subjects – Customers, Interested parties, Business and contractual partners

2. Purpose of processing - Processing of contractual services, Communication, Responding to contact requests, Office and organizational procedures

3. Legal bases - Art. 6 para. 1 lit. b GDPR: Contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. c GDPR: legal obligation, Art. 6 para. 1 lit. f GDPR: legitimate interest, Art. 9 para. 2 lit. a GDPR: Consent

3. Your rights

Under the GDPR, you are entitled to the rights listed below, which you can assert at any time with the controller named in paragraph 1 above .

Right to information: You have the right to request information from us as to whether and which of your data we process.
Right to rectification: You have the right to request the rectification of inaccurate data or the completion of incomplete data.
Right to erasure: You have the right to request the erasure of your data.
Right to restriction: In certain cases, you have the right to request that we only process your data to a limited extent.
Right to data portability: You have the right to request that we transfer your data to you or another controller in a structured, commonly used and machine-readable format.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority of your usual place of residence, your workplace or our company headquarters is responsible.
Right to withdraw consent: You have the right to withdraw your consent to the data processing at any time.
Right to object: You have the right to object at any time to the processing of your data, which we base on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If you make use of your right to object, we will ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that there are compelling legitimate grounds for data processing that outweigh your interests and rights. Irrespective of the above, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time. Please address your objection to the contact address of the controller given in paragraph 1 above

4. Deletion of data

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage is no longer applicable to it. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract. However, in an event we still need to retain (certain parts of) your data for other purposes, for example because this is required by tax retention periods (usually 6 years for business correspondence or 10 years for accounting documents), or the assertion, exercise or defense of legal claims arising from contractual relationships (up to four years), or the data is required to protect the rights of another natural or legal person, we will only delete (that part of) your data after these periods have expired. Until the expiry of these periods, however, we restrict the processing of this data to these purposes (fulfillment of retention obligations).

5. Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The data is also stored in the log files of our system. This data is not stored together with other personal data of the users.

5.1. Data concerned:

(1) Information about the browser type and the version used

(2) The user's operating system

(3) The user's internet service provider

(4) The user's IP address

(5) Date and time of access

(6) Websites from which the user's system accesses our website

(7) Websites that are accessed by the user's system via our website

5.2. Legal basis:

Art. 6 para. 1 lit. f GDPR (legitimate interest)

5.3. Purpose of data processing:

The temporary storage of the user’s IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, we use the data for the technical optimization of the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

5.4. Duration of storage:

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

5.5. Objection and removal options:

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user will have no option to object.

6. Cookies

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our website functional. Some elements of our website requires that the accessing browser can be identified even after a page change. We use the following types of cookies when you visit our website:

Temporary cookies: These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. The session cookies are deleted when you log out or close your browser.

Permanent cookies: Permanent cookies remain stored even after you close your browser. This allows our website to recognize your computer when you return to our website. Information on language settings or log-in information, for example, is stored in these cookies. These cookies can also be used to document and store your surfing behavior. This data can be used for statistical, marketing and personalization purposes.

Necessary cookies: These are cookies that are absolutely necessary for the operation of our website in order to save logins or shopping baskets for the duration of your session or cookies that are set for security reasons.

Statistical, marketing and personalization cookies:

These are cookies that are used for analysis purposes or to measure reach. Such “tracking” cookies can be used in particular to store information on search terms entered or the frequency of page views. In addition, the surfing behavior of an individual user (e.g. viewing certain content, use of functions, etc.) can also be stored in a user profile. Such profiles are used to show users content that corresponds to their potential interests. If we use services that store cookies on your device for statistical, marketing and personalization purposes, we will inform you about this separately in the following sections of our privacy policy or when obtaining your consent.
When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

6.1. Data concerned:

Usage data, communication data

6.2. Legal basis:

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has consented to this. Otherwise, the legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

6.3. Purpose of data processing:

The purpose of using technically necessary cookies is to enable users to use websites. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. These purposes also constitute our legitimate interest in the subsequent processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

6.4. Duration of storage, objection and removal options:

Cookies are stored on the user's computer and transmitted from there to our website. As a user, you therefore also have full control over the use of cookies. You can deactivate or restrict the storage of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

7. Web hosting

We use a provider to maintain our website, on whose server our website is stored and made available for retrieval on the internet (hosting). The provider may process all data transmitted via the browser you use that is generated when you use our website. This includes, in particular, your IP address, which the provider requires in order to be able to deliver our online offer to the browser you are using, as well as all entries you make via our website. In addition, the provider we use may also collect:

(1) the date and time of access to our website

(2) time zone difference to Greenwich Mean Time (GMT)

(3) access status (HTTP status)

(4) the amount of data transferred

(5) the internet service provider of the accessing system

(6) the browser type and the version you use

(7) the operating system you use

(8) the website from which you may have accessed our website

(9) the pages or sub-pages you visit on our website.

The aforementioned data is stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our website.

Sending e-mails: In addition to hosting our website, we have also commissioned our provider to send, receive and store our e-mails. For this purpose, our provider processes the e-mail addresses of the recipients and senders as well as other data generated during e-mail communication (meta-communication data such as time, IP address, etc.) and the content of the respective e-mails. We would like to draw your attention to the fact that e-mails are generally sent unencrypted. We therefore accept no responsibility for the transmission path of e-mails between the sender and receipt on our server.

7.1. Data concerned:

Content data, usage data, communication data

7.2 Purpose of processing:

Displaying our website, ensuring the operation of our website

7.3 Legal basis:

Legitimate interest, Art. 6 para. 1 lit. f GDPR

7.4. Web host commissioned by us:

Wix Service provider:

Wix.com Ltd, Nemal St. 40, 6350671 Tel Aviv, Israel

Website: https://de.wix.com/

8. Contacting us

If you contact us via email, social media, telephone, fax, post, one of our contact forms or otherwise and provide us with personal data such as your name, telephone number or email address or provide further information about yourself or your request, we will process this data to answer your inquiry within the framework of the pre-contractual or contractual relationship existing between us.

8.1. Data concerned:

Inventory data, contact data, content data, contract data

8.2. Purpose of processing:

communication and responding to contact inquiries, office and organizational procedures

8.3. Legal basis:

performance of contract and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

9. Contact form

There are several contact forms on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. You can use the contact form to ask us questions about the booking process, quests and similar topics. In order to provide you with the best possible service, we need your full first and last name and your e-mail address. Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

9.1. Data concerned:

Contact data (first name, surname, email address, telephone number, other)

9.2. Legal basis for data processing:

The legal basis for processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. The legal basis for processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

9.3. Purpose of data processing:

We process the personal data from the input screen solely to process the contact. If you contact us by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

9.4. Duration of storage:

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The user has the option to withdraw their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The following is a description of how to withdraw consent and object to storage. All personal data stored in the course of contacting us will be deleted in this case.

10. Email marketing

With your consent, you can subscribe to our newsletter/mailing, which we use to keep you informed about our services and individual programs. We use a method called double opt-in procedure to subscribe to our newsletter/mailing. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted. In addition, we store the IP addresses used at the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The only mandatory information for sending the newsletter/mailing is your e-mail address and your first name. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter/mailing. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. You can revoke your consent to the sending of the newsletter at any time and also unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by an e-mail or by sending a message to the contact details given in the imprint. The data provided by you when registering for the newsletter will be stored by us until you cancel your subscription exclusively for the purpose of sending the newsletter.

10.1. Legal basis for data processing:

The legal basis for processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent.

10.2. Purpose of data processing:

The purpose of collecting the user's email address is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

10.3. Duration of storage:

The data provided by you for the purpose of subscribing to the newsletter will be stored by us or the reseller and newsletter service provider until you unsubscribe from the newsletter and your name is deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this. After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the reseller and the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

10.4. Objection and removal options:

The subscription to the newsletter can be canceled by the user concerned at any time. There is a corresponding link in every newsletter for this purpose. This also makes it possible to withdraw consent to the storage of any personal data collected during the registration process.

11. Social networks

We operate our online presences within and through the social networks listed below. If you visit one of these sites, the data listed below will be collected and processed by the respective provider. As a rule, this data is collected for advertising and market research purposes and user profiles are created. Data can be stored in the user profiles regardless of the device you use. This is particularly the case if you are a member of the respective platform and are logged in to it. The usage profiles can be used by the providers to show you interest-based advertising. You have the right to object to the creation of user profiles. To exercise this right, you must contact the respective provider. If you have an account with one of the providers listed below and are logged in there when you visit our website, the respective provider may collect data about your usage behavior on our website. To prevent your data from being linked in this way, you can log out of the provider's service before visiting our site. You can find out for what purpose and to what extent data is collected by the provider in the respective privacy policies of the providers provided below. We would also like to point out that, depending on the country of domicile of the provider named below, the data collected via its platform may be transferred and processed outside the European Union.

11.1. Data concerned:

Inventory and contact data (e.g. name, address, telephone number)

11.2. Processing purpose:

Communication and marketing, tracking and analysis of user behavior

11.3. Legal basis:

Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests Art. 6 para. 1 lit. f GDPR

11.4. Objection options:

For the respective opt-out options, please refer to the information provided by the providers linked below.

11.5. We use the following social media:

(1) Facebook

Service provider: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA

Registered office in the EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irelan

Website: https://www.facebook.com/ - Privacy policy: https://www.facebook.com/about/privacy/ -

(2) Instagram

Service provider: TikTok Technology Limited, 10, Earlsfort Terrace, Dublin, D02 T380, Ireland

Website: https://www.instagram.com/

(3) TikTok

Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland

Website: https://www.tiktok.com/

12. Use of Facebook Pixel, Facebook Custom Audiences and Facebook Conversions

The Facebook network is operated by the company Meta Platforms. When the term “Facebook” is used below, this refers to Meta Platforms. We use Facebook Pixel, Custom Audiences and Facebook Conversions on our website. “Facebook” is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook's “Custom Audiences” marketing tool helps to reduce wastage in the context of marketing. We have installed a Facebook “tracking pixel” (“Facebook pixel”) in the head section of the website, which is retrieved from the Facebook servers each time our website is accessed and registers the access there. This allows website visitors to be specifically included in a custom audience. The marketing tool is a targeting option that uses the Facebook pixel to match visitors to our website with people on Facebook. We can target visitor groups with Facebook ads. According to Facebook, the pixel plays out browser information, websites visited and the hashed Facebook ID of the website user. It cannot be ruled out that Facebook also transmits the information to a server in a third country. You can find more information about the Facebook pixel at: https://www.facebook.com/business/help/651294705016616 You can find more information about Facebook Custom Audiences at: https://developers.facebook.com/docs/marketing-api/audiences-api/websites and https://developers.facebook.com/docs/facebook-pixel/pixel-with-ads/conversiontracking. An adequacy decision (Art. 45 GDPR) of the EU Commission - the Trans-Atlantic Data Privacy Framework (TADPF) - is in place for the USA. Meta Platforms Inc. has certified itself in accordance with the TADPF and is thus committed to complying with European data protection principles.

12.1. Purpose of processing:

By integrating the Facebook pixel, the use of Facebook Custom Audiences and Facebook Conversions, we pursue the purpose of reducing wastage in the context of marketing and placing advertising optimized for the website visitors. The purpose of processing the data using Facebook Custom Audiences from Website is to compile statistics to create user categories in order to enable interest-based targeting of advertising material and advertising measures on the internet. This enables us to continuously improve our offering.

12.2. Legal basis:

The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. a) GDPR. The data controller for your information is Facebook Ireland Ltd. You can contact this company online or by post at Facebook Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland. The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, if you do not provide the data, you may not be able to use this function of our website or not be able to use it to its full extent.

13. Use of Google Adwords, Google Tag Manager, Google Ads Remarketing, Google Optimize, Google Apis, Youtube

We use various services of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland on our website. By integrating Google services, Google may collect and process information (including personal data). It cannot be ruled out that Google may also transmit the information to a server in a third country. The transmission to the USA depends on the function in which personal data is transmitted. As the controller, we may ourselves transfer data to Google in USA for further use. An adequacy decision (Art. 45 GDPR) of the EU Commission is in place for USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google Ireland Limited has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles. The transfer can also be based on standard contractual clauses. Google has undertaken to comply with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 95/46/EC (Standard Contractual Clauses - SCC). You can find more information on the Standard Contractual Clauses at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimensiondata-protection/standard-contractuals-clauses-scc_de and at https://policies.google.com/privacy/frameworks?hl=de. We ourselves cannot influence which data Google actually collects and processes. However, Google states that the following information (including personal data) may be processed: - Log data (in particular the IP address) - Location-related information - Unique application numbers - Cookies and similar technologies Information on the types of cookies used by Google can be found at https://policies.google.com/technologies/types . If you are logged into your Google account, Google may add the processed information to your account and treat it as personal data, depending on your account settings. You can prevent this data from being added directly by logging out of your Google account or by making the appropriate account settings in your Google account. You can also change your cookie settings (e.g. delete cookies, block cookies, etc.). You can find more information on this under paragraph 6 above “Cookies”. You can find more information in Google's privacy policy, which you can access here: https://www.google.com/policies/privacy/ You can find information on Google's privacy settings at https://privacy.google.com/take-control.html

13.1. Google Tag Manager:

We use Google Tag Manager on our website. Google Tag Manager is a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager allows us to integrate various codes and services on our website in an organized and simplified manner. The Google Tag Manager implements the tags or “triggers” the integrated tags. When a tag is triggered, Google may process information (including personal data) and process it. You can also find more detailed information about Google Tag Manager on the websites https://www.google.de/tagmanager/use-policy.html and at https://www.google.com/intl/de/policies/privacy/index.html under the section “Data that we receive based on your use of our services”. Furthermore, we have concluded an order processing contract with Google for the use of Google Tag Manager (Art. 28 GDPR). Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.

Data concerned: Online identifiers; IP address

Legal basis: The legal basis for the processing of personal data described here as part of the measurement procedure is your express consent in accordance with Art. 6 para. 1 lit. a) GDPR. The legal basis for the processing of data that is processed in the context of obtaining consent is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. We have a legitimate interest in being able to prove that you have given your consent to the measurement procedure (Art. 7 para. 1 GDPR).

The purpose of processing is to be able to integrate various services in a simplified and clear manner. In addition, the integration of the Google Tag Manager optimizes the loading times of the various services.

Revocation and objection

You have a right of revocation. You can withdraw your consent at any time without giving reasons. To do so, simply contact the controller specified under paragraph 1 above. You have the option of preventing all Google Tag Manager tags from being sent. All you need to do is click on this opt-out link to place the Google Tag Manager deactivation cookie in your browser. You also have the right to object. You can send or inform us of your objection at any time (e.g. by e-mail). The processed information is only stored for as long as necessary for the intended purpose or as required by law. The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide such data may mean that you will not be able to use our website or will not be able to use it to its full extent.

13.2. Google Tag Manager: Google Ads Remarketing: We use the remarketing function within the Google Ads service. With the remarketing function, we can present users of our website with advertisements based on their interests on websites within the Google advertising network (in Google Search or on YouTube, so-called “Google Ads” or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g., which offers a user was interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google Display Network. These cookies are used to record the visits of these users. The cookies are used to uniquely identify a web browser on a specific device and not to identify a person.

1. Deletion/revocation: You can deactivate this tool via the cookie settings. The cookie settings can be found at the bottom of the homepage. Lifetime of cookies: up to 180 days (this only applies to cookies set via this website).
2. Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

Google Ads Conversion: We use the Google Ads Conversion service to draw attention to our attractive offers with the help of advertising material (so-called Google Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the advertising campaign data. We are interested in showing you advertisements that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs. These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your device. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that a user no longer wishes to be addressed) are usually stored as analysis values for this cookie. These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of Ads customers and the cookie stored on their computer has not yet expired, Google and the customers can recognize that a user clicked on the ad and was redirected to this page. Each Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify the users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge. By integrating Ads Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out your IP address and store it.

Google Maps: This website uses Google Maps to display interactive maps and to provide directions. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA. When you access a web page on our website that contains Google Maps, your browser establishes a direct connection with Google's servers. The map content is transmitted by Google directly to your browser, which integrates it into the website. We therefore have no influence on the scope of the data collected by Google in this way. To the best of our knowledge, following data may be collected:

1. Date and time of the visit to the website in question
Internet address or URL of the website accessed
IP address, (start) address entered as part of route planning.

We have no influence on the further processing and use of the data by Google and can therefore accept no responsibility for this. If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use the map display. The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options to protect your privacy can be found in Google's data protection information (https://policies.google.com/privacy?hl=de).

14. Online store

If you use our online store, we process your data for the purpose of processing and delivering your orders and to ensure the security of our information technology systems. We process your personal data in order to enable you to purchase the selected products as well as their payment and delivery. For this purpose, we forward the data required for the payment and processing of your order to our partners. We or our partners use the services of banks and payment service providers to process payment transactions. You have the option of creating a customer account. To register, we need your full first and last name, your address and your e-mail address. This data is required to provide you with a booking history and to simplify any future bookings.

Categories of data concerned: Master data, contact data, usage data, connection data, contract data, payment data
Legal basis: Processing of data to ensure the security of our information technology systems: legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Processing of data for the purpose of processing your purchase in the online store: Art. 6 para. 1 lit. b GDPR.

15. Payment service providers

As part of contractual and other legal relationships, due to the legal obligations or otherwise on the basis of our legitimate interests, we offer our data subjects efficient and secure payment options (Wix Payments (credit card, instant bank transfer, Klarna, PayPal)) and use other payment service providers in addition to banks and credit institutions (collectively “payment service providers”). The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the respective payment service providers' terms and conditions and data protection information. Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects. Your data is transmitted to the payment providers on the basis of Art. 6 para. 1 lit. a GDPR (consent) and/or Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract).

We use the following service providers:

(1) PayPal

Service provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

Website: https://www.paypal.com/

(2) Sofortüberweisung

Service provider: Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany

Website: https://www.klarna.com/sofort/

On our website we offer, among other things, payment by “Sofortüberweisung”. The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have opted for “Sofortüberweisung” payment method, you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also checked automatically. In addition to the PIN and the TAN, the payment data entered by you and your personal data are also transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), e-mail address, IP address and any other data required for the payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent attempts of any fraudulent activity.

(3) Credit card / Wix Payments

Service provider: equensWorldline SE, operating under the registered trade name Worldline Financial Services, Postbus 30500, 3503 AH Utrecht, The Netherlands

Website: https://worldline.com/de-de/home

16. Web analysis and statistics

We use web analysis services to record and statistically evaluate the flow of visitors to our website. Among other things, such services collect data about the website from which you came to our website (so-called referrers), which pages of our website you accessed, how long you visited our pages and what interactions you made there. In addition to this, data on the browser, computer system and device type you are using is also collected. Further, demographic information, such as age or gender, can also be collected as pseudonymous values via such a service. If you have consented to the collection of your location data, this may also be processed, depending on the provider. In order to collect and store this data, the web analysis service we use places a cookie on the end device you are using, which also collects the IP address assigned to you. However, this is shortened using a so-called IP masking procedure so that the IP address can no longer be assigned to your visit to our website. No other clear data such as names or e-mail addresses are stored. Neither we nor the service we use know the identity of visitors to our website.

Data concerned: Usage data (e.g. access data, websites clicked on); communication data (e.g. information about the device used, IP address)
Legal basis: The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.
Purpose of data processing: The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.
Duration of storage: The data is deleted as soon as it is no longer required for our recording purposes.
Objection and removal options: Cookies are stored on the user's computer and transmitted to our website by the user. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the storage of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
We use the following service providers for this purpose:

(1) Google Analytics

Service provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Registered office within the EU: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Website: https://marketingplatform.google.com/intl/de/about/analytics/

Privacy policy: https://policies.google.com/privacy?hl=de - Opt-out option: If you do not want your data to be used by Google Analytics, you can set an opt-out plugin that will prevent your data from being collected on our website in the future. You can obtain this plugin here: https://tools.google.com/dlpage/gaoptout?hl=de

An adequacy decision (Art. 45 GDPR) of the EU Commission - the Trans-Atlantic Data Privacy Framework (TADPF) - is in place for the USA. The service provider we use, Google Inc., has been certified in accordance with the TADPF and has therefore undertaken to comply with European data protection principles. In addition, the service provider uses the so-called standard contractual clauses (Art. 46 (2) and (3) GDPR). Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries. Through these clauses, the providers undertake to comply with the European level of data protection when processing the relevant data, even if the data is stored, processed and managed in the USA.

17. Security measures

We also take state-of-the-art technical and organizational security measures to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by the third parties.