data protection

privacy policy

Introduction

With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. This data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

As of March 28, 2024

Created with Datenschutz-Generator.de by Dr. Thomas Schwenke

responsible person

younikat GmbH
Am Weißbach 66
82396 Pähl

E-mail address:

kundenservice@vegdog.de

Imprint:

https://www.vegdog.de/pages/impressum

Overview of processing

The following overview summarises the types of data processed and the purposes of their processing and refers to the persons concerned.

types of data processed

inventory data.
payment details.
location data.
contact details.
content data.
contract data.
usage data.
Meta-, communication- and procedural data.
Image and/or video recordings.
Event data (Facebook).

categories of data subjects

Customers.
employees.
interested parties.
communication partner.
users.
business and contractual partners.
Persons depicted.

purposes of processing

Provision of contractual services and customer service.
contact requests and communication.
security measures.
direct marketing.
reach measurement.
tracking.
office and organizational procedures.
remarketing.
conversion measurement.
click tracking.
target group formation.
A/B testing.
Managing and responding to inquiries.
Content Delivery Network (CDN).
feedback.
heatmaps.
Marketing.
Profiles with user-related information.
Provision of our online offering and user-friendliness.
Information technology infrastructure.

Relevant legal bases

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.

Consent (Article 6 (1) sentence 1 lit. a) GDPR) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
Legal obligation (Article 6 (1) sentence 1 lit. c) GDPR) – The processing is necessary to fulfill a legal obligation to which the controller is subject.
Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail.

In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). The BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may apply.

security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, securing availability and separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to threats to data. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Shortening the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address is shortened (also known as "IP masking"). The last two digits or the last part of the IP address after a period are removed or replaced by placeholders. The shortening of the IP address is intended to prevent or significantly complicate the identification of a person based on their IP address.

TLS encryption (https): We use TLS encryption to protect the data you transmit via our online service. You can recognize encrypted connections of this type by the prefix https:// in the address bar of your browser.

transmission of personal data

As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the corporate group: We may transfer personal data to other companies within our corporate group or grant them access to this data. If this transfer is for administrative purposes, the data is transferred based on our legitimate business and commercial interests or if it is necessary to fulfil our contractual obligations or if there is consent from the data subject or legal permission.

data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transmission, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, if certifications or binding internal data protection regulations exist (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

deletion of data

The data we process is deleted in accordance with legal requirements as soon as the consents to processing are revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or it is no longer required for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Our data protection notices may also contain further information on the storage and deletion of data, which apply primarily to the respective processing operations.

use of cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or the functions used in an online service. Cookies can also be used for different purposes, e.g. to ensure the functionality, security and convenience of online services and to create analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users, unless this is not required by law. Consent is not necessary in particular if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service that they have expressly requested (i.e. our online offering). The revocable consent is clearly communicated to users and contains information on the respective cookie usage.

Notes on data protection legal bases: The data protection legal basis on which we process users' personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and improving its usability) or, if this is done as part of fulfilling our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We will explain the purposes for which we process cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage period: With regard to the storage period, the following types of cookies are distinguished:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed his or her device (e.g. browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The user data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to processing in accordance with the legal requirements in Art. 21 GDPR. Users can also declare their objection via the settings of their browser, e.g. by deactivating the use of cookies (although this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ .

Further information on processing procedures, methods and services:

Processing of cookie data based on consent: We use a cookie consent management procedure within the framework of which the consent of users to the use of cookies or the processing and providers mentioned in the cookie consent management procedure can be obtained and managed and revoked by the users. The declaration of consent is stored so that it does not have to be requested again and so that consent can be proven in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used.
ccm19: Cookie consent management; Service provider: Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany; Website: https://www.ccm19.de/ ; Privacy policy: https://www.ccm19.de/datenschutzerklaerung.html ; Further information: A pseudonymous user ID with the consent status is stored.

Business Services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the framework of contractual and comparable legal relationships as well as related measures and within the framework of communication with the contractual partners (or pre-contractually), e.g. to answer inquiries.

We process this data in order to fulfil our contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedy in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and the company organization. In addition, we process the data on the basis of our legitimate interests in proper and economical business management and in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. The contractual partners are informed about other forms of processing, e.g. for marketing purposes, in the context of this data protection declaration.

We inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after statutory warranty and similar obligations have expired, i.e., generally after 4 years, unless the data is saved in a customer account, e.g. as long as it must be kept for legal archiving reasons. The statutory retention period is ten years for documents relevant for tax purposes as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents and other organizational documents and accounting documents, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance sheet, annual financial statements or management report was drawn up, the commercial or business letter was received or sent, or the accounting document was created, the recording was made or the other documents were created.

To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply to the relationship between the users and the providers.

Types of data processed: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. e-mail, telephone numbers); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
Affected persons: customers; interested parties; business and contractual partners.
Purposes of processing: Provision of contractual services and customer service; Security measures; Contact requests and communication; Office and organizational procedures; Administration and response to requests; Conversion measurement (measurement of the effectiveness of marketing measures); Profiles with user-related information (creation of user profiles).
Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR); Legal obligation (Art. 6 Para. 1 Clause 1 Letter c) GDPR); Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).

Further information on processing procedures, methods and services:

Customer account: Contractual partners can create an account within our online offering (e.g. customer or user account, "customer account" for short). If the registration of a customer account is required, contractual partners will be informed of this as well as of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent logins and use of the customer account, we save the customers' IP addresses along with the access times in order to be able to prove registration and prevent any misuse of the customer account. If customers have canceled their customer account, the data relating to the customer account will be deleted, unless their retention is required for legal reasons. It is the responsibility of the customer to back up their data when the customer account is canceled; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).
Watch list/wish list: Customers can create a product/wish list. In this case, the products will be stored as part of the fulfillment of our contractual obligations until the account is deleted, unless the product list entries are removed by the customer or we expressly inform the customer of different storage periods; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).
Customer loyalty program/customer card: We process customer data as part of our customer loyalty program for the purpose of fulfilling the services provided to participating customers as part of the customer loyalty program. For this purpose, the information collected from customers and, where necessary, marked as such is stored in a customer profile. The profile also processes information about the use of the customer loyalty program and the use of the associated services and benefits and, only if necessary for the aforementioned purposes, passes this on to third parties (e.g. service providers). The customer profiles are deleted after participation has ended and only archived with the respective data to the extent that this may be necessary for statutory retention purposes or the fulfillment of statutory (up to 11 years for tax information from the end of the year in which it was created) or contractual claims (up to three years from the end of the year of termination); legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).
Economic analyses and market research: For business reasons and in order to be able to identify market trends and the wishes of contractual partners and users, we analyse the data available to us on business transactions, contracts, inquiries, etc., whereby the group of persons affected may include contractual partners, interested parties, customers, visitors and users of our online offer. The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we can take into account the profiles of registered users, including their information, e.g. on services used, if available. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e. anonymized values. Furthermore, we take the privacy of the users into account and process the data for the analysis purposes as pseudonymously as possible and, if possible, anonymously (e.g. as summarized data); legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).
Shop and e-commerce: We process our customers' data to enable them to select, purchase or order the selected products, goods and associated services, as well as to pay for and deliver or execute them. If necessary to execute an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such in the order or comparable purchase process and includes the information required for delivery, provision and billing, as well as contact information in order to be able to hold any consultations; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Providers and services used in the course of business activities

As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers ("services" for short) in compliance with legal requirements. Their use is based on our interest in the proper, lawful and economical management of our business operations and our internal organization.

Types of data processed: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); contract data (e.g. subject of the contract, term, customer category).
Affected persons: customers; interested parties; users (e.g. website visitors, users of online services); business and contractual partners; employees (e.g. employees, applicants, former employees).
Purposes of processing: Provision of contractual services and customer service; office and organizational procedures.
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

payment methods

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and, in addition to banks and credit institutions, use other service providers for this purpose (collectively "payment service providers").

The data processed by the payment service providers includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, only information confirming or rejecting the payment. The payment service providers may transmit the data to credit agencies. This transmission is for the purpose of checking identity and creditworthiness. For this purpose, we refer to the terms and conditions and the data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to payment transactions and can be accessed on the respective websites or transaction applications. We also refer to these for further information and to assert revocation, information and other rights of those affected.

Types of data processed: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status); contact data (e.g. e-mail, telephone numbers).
Affected persons: customers; interested parties.
Purposes of processing: Provision of contractual services and customer service.
Legal basis: Contractual performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR).

Further information on processing procedures, methods and services:

Google Pay: payment services (technical connection of online payment methods); service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR); website: https://pay.google.com/intl/de_de/about/ ; data protection declaration: https://policies.google.com/privacy .
Klarna / Sofortüberweisung: payment services (technical connection of online payment methods); service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR); website: https://www.klarna.com/de ; data protection declaration: https://www.klarna.com/de/datenschutz .
PayPal: payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR); website: https://www.paypal.com/de ; data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
Shop Pay (Shopify): payment services (technical connection of online payment methods); service provider: Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR); website: https://www.shopify.de ; data protection declaration: https://www.shopify.de/legal/datenschutz .

provision of the online offer and web hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status); content data (e.g. entries in online forms); image and/or video recordings (e.g. photographs or video recordings of a person).
Affected persons: Users (e.g. website visitors, users of online services); business and contractual partners; persons depicted.
Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures; Content Delivery Network (CDN); Office and organizational procedures.
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity and software that we rent from a corresponding server provider (also called "web host") or obtain from other sources; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).
Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files can include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes will not be deleted until the incident in question has been finally resolved.
shopify: Platform through which e-commerce services are offered and carried out. The services and processes carried out in connection with them include in particular online shops, websites, their offers and content, community elements, purchase and payment transactions, customer communication as well as analysis and marketing; Shopify uses the CDN services Shopify CDN and Shopify Cloud to provide the web content. Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; Website: https://www.shopify.de ; Privacy Policy: https://www.shopify.de/legal/datenschutz .
Shopify uses third-party services to provide its services, in particular:

Amazon AWS
Bugsnag
Cloudflare
Google Maps
Google Cloud Platform
fashion

List of subprocessors: https://help.shopify.com/de/manual/your-account/privacy/subprocessors

PageFly: Support in the creation and optimization of Shopify shops and associated websites; Service provider: BraveBits JSC., 2th floor Ecolife Capitol, 58 To Huu, Me Tri, Nam Tu Liem District, Hanoi, Vietnam 100000; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Website: https://pagefly.io/ ; Privacy policy: https://pagefly.io/pages/privacy-policy .
Amazon CloudFront: Content Delivery Network (CDN) - service that enables the faster and more secure delivery of online content, particularly large media files such as graphics or program scripts, using regionally distributed servers connected via the Internet; service provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); website: https://aws.amazon.com/de/cloudfront/ ; privacy policy: https://aws.amazon.com/privacy/ ; contract processing agreement: https://aws.amazon.com/de/compliance/gdpr-center/ ; standard contractual clauses (ensuring data protection level when processing in third countries): inclusion in the contract processing agreement.
Google Photos: Online service for storing images and videos; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Website: https://www.google.com/photos/about/ ; Privacy Policy: https://policies.google.com/privacy .

contact and inquiry management

When you contact us (e.g. by post, contact form, e-mail, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to answer the contact inquiries and any requested measures.

Types of data processed: contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
Data subjects: communication partners.
Purposes of processing: contact requests and communication; administration and response to inquiries; feedback (e.g. collecting feedback via online form); provision of our online offer and user-friendliness.
Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Further information on processing procedures, methods and services:

Contact form: If users contact us via our contact form, email or other communication channels, we process the data communicated to us in this context to process the communicated request; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Reviews.io : We collect and manage our product reviews via the Reviews.io service ( service provider : Reviews.io 29 St Nicholas Place, Leicester, LE1 4LD UK). When you create a product review, a personal user account is automatically created for you at Reviews.io. By submitting your review, you consent to the processing by the service provider Reviews.io. Legal basis : Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR). Data protection declaration : https://www.reviews.io/legal/user-privacy-policy

newsletters and electronic notifications

We only send newsletters, emails and other electronic notifications (hereinafter "newsletters") with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent. In addition, our newsletters contain information about our services and us.

To subscribe to our newsletter, it is generally sufficient to provide your email address. However, we may ask you to provide a name for the purpose of addressing you personally in the newsletter or other information if this is necessary for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter is always carried out using a so-called double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using someone else's email address. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address in a block list (so-called "block list") for this purpose alone.

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it was carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

Contents:

Information about us, our services, promotions and offers.

Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status); usage data (e.g. websites visited, interest in content, access times).
Data subjects: communication partners.
Purposes of processing: direct marketing (e.g. by e-mail or post).
Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
Opt-out option: You can cancel your subscription to our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Further information on processing procedures, methods and services:

Measuring opening and click rates: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from its server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us to recognize the reading habits of our users and adapt our content to them or to send different content according to the interests of our users. The measurement of the opening rates and click rates as well as the storage of the measurement results in the user profiles and their further processing are based on the user's consent. A separate revocation of the success measurement is unfortunately not possible; in this case the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted; legal basis: consent (Art. 6 Para. 1 Clause 1 Letter a) GDPR).
Mailchimp: email sending and email marketing platform; service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website: https://mailchimp.com ; privacy policy: https://mailchimp.com/legal/ ; contract processing agreement: https://mailchimp.com/legal/ ; standard contractual clauses (ensuring data protection level when processing in third countries): inclusion in the contract processing agreement; further information: special security measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/ .
Klaviyo : We use the "Klaviyo" service on our website, an email marketing and automation tool operated by Klaviyo Inc., 125 Summer St, Boston, MA 02110, USA. Klaviyo enables us to create and send targeted email campaigns and analyze user behavior in order to optimize our marketing measures. Data processing and sharing: When using Klaviyo, the following personal data may be collected and processed:
- E-mail address
- name
- Usage data (e.g. opening and click rates of emails)
- Other voluntary information (e.g. preferences and interests)
This data is collected by Klaviyo in order to send you personalized email campaigns, analyze your interactions with these emails and adapt our marketing strategies accordingly. Klaviyo may use cookies for this purpose, which are stored on your device. The information generated by cookies about the use of the email campaigns is transferred to a Klaviyo server and stored there. Legal basis: Your data is processed on the basis of your consent (Art. 6 Para. 1 lit. a GDPR) for receiving email marketing and on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR) for analyzing and optimizing our marketing measures. Data protection information : Legal Terms & Policies: Email Marketing & SMS | Klaviyo Legal

As a customer of younikat GmbH, you will receive a limited number of

Product recommendations, surveys and requests for product reviews, even if you have not subscribed to a newsletter. When selecting individual product recommendations, we prefer to use the data from your previous orders in compliance with the legal provisions. If you do not wish to receive individual product recommendations from us by email, you can unsubscribe at any time.

by clicking on the unsubscribe link available in each email or by sending an email to kundenservice@vegdog.de .

web analysis, monitoring and optimization

Web analysis (also known as "reach measurement") is used to evaluate the flow of visitors to our online offering and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify at what time our online offering or its functions or content are most frequently used or invite reuse. We can also understand which areas require optimization.

In addition to web analysis, we can also use testing procedures to test and optimize, for example, different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a device and read from it. The information collected includes in particular websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to us or the providers of the services we use collecting their location data, location data can also be processed.

The IP addresses of the users are also stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analysis, A/B testing and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status); content data (e.g. entries in online forms); Event data (Facebook) ("Event data" is data that we can transmit to Facebook, for example via Facebook pixel (via apps or other means) and that relates to people or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event data is processed for the purpose of creating target groups for content and advertising information (custom audiences); event data does not contain the actual content (such as comments written), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups created from it when our Facebook account is deleted).
Affected persons: users (e.g. website visitors, users of online services); communication partners.
Purposes of processing: Remarketing; target group formation; reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g. interest/behavior-related profiling, use of cookies); provision of our online offer and user-friendliness; direct marketing (e.g. by email or post); conversion measurement (measurement of the effectiveness of marketing measures); marketing; click tracking; A/B tests; heat maps (mouse movements by users that are summarized to form an overall picture).
Security measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Google Optimize: Software for analyzing and optimizing online offers based on feedback functions as well as pseudonymously conducted measurements and analyses of user behavior, which can include in particular A/B tests (measurement of the popularity and user-friendliness of different content and functions), measurement of click paths and interaction with content and functions of the online offer; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website: https://optimize.google.com ; Privacy policy: https://policies.google.com/privacy ; Order processing agreement: https://business.safety.google/adsprocessorterms ; Standard contractual clauses (guaranteeing data protection level when processing in third countries): https://business.safety.google/adsprocessorterms ; Further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).
Google Analytics: web analysis, reach measurement and measurement of user flows; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); website: https://marketingplatform.google.com/intl/de/about/analytics/ ; privacy policy: https://policies.google.com/privacy ; order processing agreement: https://business.safety.google/adsprocessorterms ; standard contractual clauses (guaranteeing data protection level when processing in third countries): https://business.safety.google/adsprocessorterms ; possibility of objection (opt-out): opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de , settings for the display of advertisements: https://adssettings.google.com/authenticated ; Further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).
Google Universal Analytics: reach measurement and web analysis - We use Universal Analytics, a version of Google Analytics, to conduct user analysis based on a pseudonymous user identification number. This identification number does not contain any clear data, such as names or e-mail addresses. It is used to assign analysis information to a user, e.g. to recognize which content users have accessed during use or whether they access our online offering again. Pseudonymous profiles of users are created with information from the use of various devices; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com ; T&Cs: https://business.safety.google/adsprocessorterms/ ; Privacy Policy: https://policies.google.com/privacy ; Order processing agreement: https://business.safety.google/adsprocessorterms ; Standard contractual clauses (guaranteeing data protection level when processing in third countries): https://business.safety.google/adsprocessorterms ; Possibility of objection (opt-out): Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de , Settings for the display of advertisements: https://adssettings.google.com/authenticated ; Further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).
Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to recognize which content users have accessed within one or more usage processes, which search terms they have used, accessed them again or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users who refer to our online offering and technical aspects of their devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used. Analytics provides higher-level geographic location data by collecting the following metadata based on the IP search: "City" (and the derived latitude and longitude of the city), "Continent", "Country", "Region", "Subcontinent" (and the ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. The user's IP address is not logged and is shortened by the last two digits by default. The IP address is shortened on EU servers for EU users. In addition, all sensitive data collected from users in the EU is deleted before it is recorded via EU domains and servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/ ; Data protection declaration: https://policies.google.com/privacy ; Data processing agreement: https://business.safety.google/adsprocessorterms/ ; Standard contractual clauses (guaranteeing data protection level when processing in third countries): https://business.safety.google/adsprocessorterms ; Possibility of objection (opt-out): Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de , Settings for the display of advertisements: https://adssettings.google.com/authenticated ; Further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).
Google Signals (Google Analytics feature): Google Signals is session data from websites and apps that Google associates with users who are logged in to their Google accounts and have enabled ad personalization. This association of data with these logged in users is used to enable cross-device reporting, cross-device remarketing, and cross-device conversion measurement. These include: Cross-platform reporting - linking data across devices and activities from different sessions using your user ID or Google Signals data to understand user behavior at every step of the conversion process, from initial contact to conversion and beyond; Remarketing with Google Analytics - creating remarketing audiences from Google Analytics data and sharing these audiences with linked advertising accounts; Demographics and interests - Google Analytics collects additional information about demographics and interests of users who are logged in to their Google accounts and have enabled ad personalization; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 Letter a) GDPR); Website: https://support.google.com/analytics/answer/7532985?hl=de ; Privacy Policy: https://policies.google.com/privacy ; Contract processing agreement: https://business.safety.google/adsprocessorterms ; Standard contractual clauses (ensuring data protection level when processing in third countries): https://business.safety.google/adsprocessorterms ; Further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).
Target group formation with Google Analytics: We use Google Analytics to display the ads placed within advertising services of Google and its partners only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined based on the websites visited) that we transmit to Google (so-called "remarketing" or "Google Analytics audiences"). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interests of users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website: https://marketingplatform.google.com ; Legal basis: https://business.safety.google/adsprocessorterms/ ; Data protection declaration: https://policies.google.com/privacy ; Data processing agreement: https://business.safety.google/adsprocessorterms/ ; Further information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices ; Data processing conditions for Google advertising products and standard contractual clauses for third country transfers of data: https://business.safety.google/adsprocessorterms .
Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offering (for further information, please refer to this data protection declaration). The Tag Manager itself (which implements the tags) therefore does not create user profiles or store cookies, for example. Google only learns the user's IP address, which is necessary to run the Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 Letter a) GDPR); Website: https://marketingplatform.google.com ; Data protection declaration: https://policies.google.com/privacy ; Order processing agreement: https://business.safety.google/adsprocessorterms ; Standard contractual clauses (guaranteeing data protection level when processing in third countries): https://business.safety.google/adsprocessorterms .
Mailchimp: email sending and email marketing platform; service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website: https://mailchimp.com ; privacy policy: https://mailchimp.com/legal/ ; contract processing agreement: https://mailchimp.com/legal/ ; standard contractual clauses (ensuring data protection level when processing in third countries): inclusion in the contract processing agreement; further information: special security measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/ .
Facebook pixel and target group creation (custom audiences): With the help of the Facebook pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), Facebook is able to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and do not appear annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion measurement"); service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.facebook.com ; Privacy Policy: https://www.facebook.com/about/privacy ; Further information: Event Users' data, i.e. behavioral and interest information, is processed for the purposes of targeted advertising and target group formation on the basis of the agreement on joint responsibility ("Add for Controllers", https://www.facebook.com/legal/controller_addendum ). Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
Microsoft Clarity: Software for analyzing and optimizing online offerings based on feedback functions as well as pseudonymously conducted measurements and analyses of user behavior, which can include in particular A/B tests (measurement of the popularity and user-friendliness of different content and functions), measurement of click paths and interaction with content and functions of the online offering; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website: https://clarity.microsoft.com/ ; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement .
TikTok Pixel: A TikTok pixel is an HTML code that is loaded when a user visits a website. When a user visits our online offering, the pixel is triggered and tracks the user's behavior and conversions (possible purposes: measuring campaign performance, optimizing ad delivery, building custom and similar target groups); service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; legal basis: consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); website: https://ads.tiktok.com/help/article?aid=6669727593823993861 ; privacy policy: https://www.tiktok.com/de/privacy-policy .
Hotjar : Hotjar stores pseudonymized user and behavior data for website analysis. Cookies may also be used for this purpose. Service provider: Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta. Legal basis : Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR) Data protection declaration : https://www.hotjar.com/legal/policies/privacy/

online marketing

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used as well as information on usage times and functions used. If users have consented to the collection of their location data, this can also be processed.

The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of the online marketing process, but rather pseudonyms. This means that neither we nor the providers of the online marketing process know the actual identity of the users, only the information stored in their profiles.

The information in the profiles is usually stored in cookies or using similar processes. These cookies can generally also be read later on other websites that use the same online marketing process and analyzed for the purposes of displaying content, as well as supplemented with further data and stored on the server of the online marketing process provider.

In exceptional cases, clear data can be assigned to profiles. This is the case if, for example, the users are members of a social network whose online marketing processes we use and the network links the users' profiles with the aforementioned information. Please note that users can make additional agreements with the providers, e.g. by giving their consent during registration.

In principle, we only receive access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, ie, for example, to the conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

Types of data processed: Content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status); Event data (Facebook) ("Event data" is data that we can transmit to Facebook, for example via Facebook pixel (via apps or other means) and that relates to people or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event data is processed for the purpose of creating target groups for content and advertising information (custom audiences); event data does not contain the actual content (such as comments written), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups created from it when our Facebook account is deleted).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behavior-related profiling, use of cookies); conversion measurement (measurement of the effectiveness of marketing measures); target group formation; marketing; profiles with user-related information (creation of user profiles); provision of our online offer and user-friendliness; remarketing.
Security measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
Opt-out option: Please refer to the privacy policy of the respective provider and the opt-out options provided by the provider (so-called “opt-out”). If no explicit opt-out option has been provided, you have the option of deactivating cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore also recommend the following opt-out options, which are summarized for each region: a) Europe: https://www.youronlinechoices.eu . b) Canada: https://www.youradchoices.ca/choices . c) USA: https://www.aboutads.info/choices . d) Cross-regional: https://optout.aboutads.info .

Further information on processing procedures, methods and services:

Facebook pixel and target group creation (custom audiences): With the help of the Facebook pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), Facebook is able to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and do not appear annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion measurement"); service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.facebook.com ; Privacy Policy: https://www.facebook.com/about/privacy ; Further information: Event Users' data, i.e. behavioral and interest information, is processed for the purposes of targeted advertising and target group formation on the basis of the agreement on joint responsibility ("Add for Controllers", https://www.facebook.com/legal/controller_addendum ). Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
Facebook advertisements: placement of advertisements within the Facebook platform and evaluation of the ad results; service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website: https://www.facebook.com ; privacy policy: https://www.facebook.com/about/privacy ; possibility of objection (opt-out): we refer to the data protection and advertising settings in the user profile on the Facebook platform as well as in the context of Facebook's consent process and Facebook's contact options for exercising information and other data subject rights in Facebook's privacy policy; further information: event data of users, i.e. behavioral and interest information, is processed for the purposes of targeted advertising and target group formation on the basis of the agreement on joint responsibility ("Add-on for responsible parties", https://www.facebook.com/legal/controller_addendum ). The joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
Google Ad Manager: We use the "Google Marketing Platform" (and services such as "Google Ad Manager") to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.). The Google Marketing Platform is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to display ads for and within our online offering in a more targeted manner in order to only present users with ads that potentially correspond to their interests. If, for example, a user is shown advertisements for products in which he was interested on other online offers, this is referred to as "remarketing"; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website: https://marketingplatform.google.com ; Privacy Policy: https://policies.google.com/privacy ; Further information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices ; Data processing conditions for Google advertising products: Information about the services, data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms ; if Google acts as a processor, data processing conditions for Google advertising products and standard contractual clauses for third country transfers of data: https://business.safety.google/adsprocessorterms .
Google Ads and conversion measurement: Online marketing procedures for the purpose of placing content and advertisements within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the advertisements. In addition, we measure the conversion of the advertisements, i.e. whether users have taken them as an opportunity to interact with the advertisements and use the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR), Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://marketingplatform.google.com ; Privacy Policy: https://policies.google.com/privacy ; Further information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices ; Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms .
Google Ads Remarketing: Google Remarketing, also called retargeting, is a technology that adds users who use an online service to a pseudonymous remarketing list so that users can be shown ads on other online offerings based on their visit to the online service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website: https://marketingplatform.google.com ; Privacy policy: https://policies.google.com/privacy ; Further information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices ; Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms .
Advanced conversions for Google Ads: When customers click on our Google ads and then use the advertised service (so-called "conversion"), the data entered by the user, such as the email address, name, home address or telephone number, can be transmitted to Google. The hash values are then compared with the users' existing Google accounts in order to better evaluate and improve the users' interaction with the ads (e.g. clicks or views) and thus their performance; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website: https://support.google.com/google-ads/answer/9888656 .
Google Adsense with personalized ads: We use the Google Adsense service with personalized ads, with the help of which ads are displayed within our online offering and we receive remuneration for their display or other use; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com ; Privacy policy: https://policies.google.com/privacy ; Further information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices ; Data processing conditions for Google advertising products: Information about the services, data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms .
Instagram advertisements: placement of advertisements within the Instagram platform and evaluation of the ad results; service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal basis: consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); website: https://www.instagram.com ; privacy policy: https://instagram.com/about/legal/privacy ; possibility of objection (opt-out): we refer to the data protection and advertising settings in the user profile on the Instagram platform as well as in the context of Instagram's consent process and Instagram's contact options for exercising information and other data subject rights in Instagram's privacy policy; further information: event data of users, i.e. behavioral and interest information, is processed for the purposes of targeted advertising and target group formation on the basis of the agreement on joint responsibility ("Addendum for Responsible Parties", https://www.facebook.com/legal/controller_addendum ). The joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
Microsoft Advertising (formerly Bing Ads): online marketing process for the purpose of placing content and advertisements within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the advertisements. In addition, we measure the conversion of the advertisements, i.e. whether users have taken them as an opportunity to interact with the advertisements and use the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; legal basis: consent (Art. 6 Para. 1 S. 1 lit. a) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); website: https://about.ads.microsoft.com/ ; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement ; Opt-out option:https://account.microsoft.com/privacy/ad-settings/ ; Further information:https://about.ads.microsoft.com/de-de/policies/legal-privacy-and-security .
TikTok: social network/video platform; service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://www.tiktok.com ; privacy policy: https://www.tiktok.com/de/privacy-policy .
TikTok Pixel: A TikTok pixel is an HTML code that is loaded when a user visits a website. When a user visits our online offering, the pixel is triggered and tracks the user's behavior and conversions (possible purposes: measuring campaign performance, optimizing ad delivery, building custom and similar target groups); service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; legal basis: consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); website: https://ads.tiktok.com/help/article?aid=6669727593823993861 ; privacy policy: https://www.tiktok.com/de/privacy-policy .
Tiktok advertisements: placement of advertisements within the Tiktok platform and evaluation of the ad results; service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; legal basis: consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); website: https://ads.tiktok.com/ ; privacy policy: https://www.tiktok.com/de/privacy-policy .
Mailchimp tracking: success analysis; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); standard contractual clauses (ensuring data protection level when processing in third countries): inclusion in the order processing contract; order processing contract: https://mailchimp.com/legal/; further information: special security measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/; service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; website: https://mailchimp.com ; privacy policy: https://mailchimp.com/legal/ .
OptiMonk : We use the “OptiMonk” service from OptiMonk International Zrt., 4028 Debrecen, Kassai út 129, Hungary, to optimize our website. OptiMonk enables us to evaluate and improve our website and advertising campaigns using usage data. Legal basis : Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR) Data protection declaration : https://www.optimonk.com/privacy-policy
LoyaltyLion: We use the LoyaltyLion service on our website, provided by LoyaltyLion Ltd. (20 Farringdon Street, London, EC4A 4EN ) , a customer loyalty program for managing loyalty points and rewards. With LoyaltyLion we can offer our customers a personalized and tailored loyalty program.

Your data is processed to provide our loyalty program, to track your points and rewards and to analyze and optimize our customer loyalty measures. The processing is based on your consent (Art. 6 Para. 1 lit. a GDPR) and/or our legitimate interest (Art. 6 Para. 1 lit. f GDPR) to ensure better customer loyalty and satisfaction.

For more information about data processing by LoyaltyLion, please see LoyaltyLion’s privacy policy: https://loyaltylion.com/privacy
Poptin : We use the Poptin service on our website, provided by Poptin Ltd. , a tool for creating pop-ups and forms. The use of this service enables us to interact with our website visitors in a targeted manner, for example by displaying offers or collecting contact information.

Poptin may collect data such as IP address, information about the browser used and session duration. When you fill out a pop-up form, the information you enter (e.g. name, email address) will be transmitted to us and processed.

Poptin processes data to improve the user-friendliness of our website, to personalize offers and to enable effective communication with our website visitors. The processing is based on our legitimate interest in optimizing the use of our website in accordance with Art. 6 (1) (f) GDPR.
Privacy Policy: Privacy Policy – Poptin GDPR Information: GDPR – Poptin

customer surveys

We, younikat GmbH , take the protection of your personal data very seriously. In the following, we would like to inform you about how we process your data as part of the customer survey or the competition and what rights you have in connection with your personal data.

1) Who is responsible for processing my data?

younikat GmbH
Johannisplatz 11
81667 Munich
Email: kundenservice@vegdog.de
Tel.: +49 89 69 314 77 99 // Open Monday to Friday from 10 a.m. to 12 p.m.

Company headquarters: Munich
Munich District Court HR B 218193
Tax number: 143/194/21468
VAT identification number according to Section 27a of the Sales Tax Law: DE300116659

Management: Dipl. Ing. Tessa Zaune-Figlar, Valerie Henssen

2) How can I contact the data protection officer?

You can reach our data protection officer at datenschutz@vegdog.de . He will be happy to answer any questions you may have about data protection.

3) How will my data be processed if I participate in the survey?

We collect and process your data because we have given your permission to process it. The legal basis for data processing arises in particular from Art. 6 (1) (a) (consent) or Art. 6 (1) (f) (legitimate interest) GDPR.

If the survey includes a free text field, we will collect the data you provide in your answer. Please do not enter any personal data in free text fields.

3a) Collection of technically necessary data and log files

When you participate in our survey, we collect the data that your browser sends to us. Specifically, this is the following data:

start time of participation
end time of participation
Pseudonymized hash of the IP address (to filter duplicates)

This data is collected and processed in order to be able to show you the survey, to ensure and improve stability, and for security reasons. The legal basis for this processing is Art. 6 Paragraph 1 Letter f of GDPR. The data is deleted as soon as it is no longer required for the purposes mentioned above. The collection of this data and the storage of the data in log files is essential for the operation of the website. The user therefore has no option to object.

3b) Use of cookies

In addition, cookies are used when you use our website. Cookies are small text files that are stored on your computer by us or by another party (you can find more detailed information in the description of our analysis methods below) and through which certain information is passed on to the party that placed the cookies. Cookies are always assigned to a browser. Using cookies makes it impossible to run programs or transmit viruses to your PC. You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. However, this may mean that you cannot use all the functions of our website. You are also free to delete all cookies at any time using the settings in your browser.

The survey website uses the following types of cookies:

Technically necessary cookies:

We use technically necessary cookies to make the survey user-friendly and effective. In detail, the following data is stored in the cookies and sent to us:

Session Cookie:
- Type of processing: To answer a survey, a session cookie is set for the participant.
- Purpose of processing: The session cookie is used to recognize ongoing participation and to ensure a smooth survey process (correct questions, pages and answers submitted as well as allocation of current participation).
- Circle of those affected: Interested parties and visitors to the website Deletion of data: The data is deleted when the browser is closed.

Session Cookie: CSRF Token
- Type of processing: When answering a survey, a CSRF token is set for the participant.
- Purpose of processing: To protect the participant's data against cross-site request forgery (https://de.wikipedia.org/wiki/Cross-Site-Request-Forgery)
- Circle of those affected: interested parties and visitors to the website
- Deletion of data: Deletion occurs when the browser is closed.

4) Processing of personal data in the context of the survey

Questions are asked as part of surveys. You have the opportunity to answer them voluntarily and anonymously. The aim of the survey is to get to know our customers and the target groups behind them better. To this end, conclusions are drawn in aggregate form about the purchasing behavior of different groups of people, how these groups of people are composed based on the socio-demographic characteristics surveyed, and what the needs, experiences, opinions and wishes of these groups of people are. This aggregated data is used to improve our services and our product range. Three months after the survey has ended, all data that allows conclusions to be drawn about natural persons will be deleted. The survey data will be stored in an anonymized form.

5) To which categories of recipients will my data be transmitted?

For surveys we use the service provider TYPEFORM SE, calle de Pallars 108 (Aticco), 08018 – Barcelona, Spain. Further information about the company can be found on their website at https://www.typeform.com/ ; Typeform's privacy policy can be found here: https://admin.typeform.com/to/dwk6gt/ .

Your data will not be passed on to third parties. We treat your data confidentially. The technical platform used by TYPEFORM SE is AWS (Amazon Web Services) based in the USA. All data is stored there in encrypted form. The subcontractor's employees have no access to the stored data. There is a contract based on the EU standard contractual clauses (2021/914 of June 4, 2023).

Within younikat GmbH, only those departments and employees who need access to your data to fulfil the purposes mentioned above will have access to it.

6) Will the data also be transmitted to recipients in countries outside the European Economic Area?

Yes. Your survey data will be transmitted by Typeform SE to the AWS data center in the third country USA, but will only be stored there in encrypted form. The current EU SCC (2021/914 of June 4, 2023) serves as the legal basis.

7) How will my data be processed if I participate in the competition?

We process your data (email address) as part of the competition exclusively on the basis of your consent to carry out the lottery process.

If entries from participants are published as part of the competition (e.g. as part of a vote or presentation of the competition entries or the winners or reporting on the competition), we would like to point out that only the first names of the participants will be published in this context. This ensures that your personal rights are taken into account appropriately.

In principle, participants' data (here: email address) will be deleted no later than 6 months after the end of the competition. Winners' data may be retained for longer, for example to answer queries about the prizes or to fulfill the prize requirements; in this case, the retention period depends on the type of prize and is up to three years for items or services, for example, in order to be able to process warranty claims. Participants' data may also be stored for longer, for example in the form of reporting on the competition in online and offline media.

If data was collected for other purposes as part of the competition, its processing and the retention period are governed by the data protection information for this use (e.g. in the case of registration for the newsletter as part of a competition).

Types of data processed: inventory data (e.g. names, addresses); content data (e.g. entries in online forms); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
Affected persons: competition participants.
Purpose of processing: Conducting competitions.
Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

8) Data security

younikat GmbH uses technical and organizational security measures (so-called TOMs) in line with the current state of the art to protect the data you provide to us from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

To conduct surveys, we have concluded a contract with Typeform SE based on the EU standard contractual clauses (2021/914 of June 4, 2023), in which the measures for the security of processing are also reliably documented by the subcontractor AWS.

9) What rights do I have regarding my data?

As a data subject, you have the following rights if the requirements are met:

Right to information (Article 15 GDPR); the restrictions of Section 34 BDSG apply here and, with regard to the right to erasure, the exceptions of Section 35 BDSG apply.
Right to rectification (Article 16 GDPR)
Right to erasure (Article 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to data portability (Article 20 GDPR), i.e. the right to request the release of the personal data you have provided in a structured, common and machine-readable format.
Right to object to processing (Article 21 GDPR):

RIGHT OF OBJECTION Art. 21 GDPR If we process your data based on legitimate interests (Art. 6 Para. 1 lit. f GDPR) or to perform a public task (Art. 6 Para. 1 lit. e GDPR) and if your particular situation gives rise to reasons against this processing, you have the right to object to this processing in accordance with Art. 21 Para. 1 GDPR. In addition, you have the right to object to any type of processing for direct marketing purposes in accordance with Art. 21 Para. 2 and 3 GDPR. You can send us your objection at any time without any form. To ensure the best possible processing, we ask you to use the following contact details: kundenservice@vegdog.de

10) Right to lodge a complaint with a supervisory authority

In accordance with Art. 77 GDPR, you can lodge a complaint with a data protection supervisory authority at any time. This applies without prejudice to other administrative or judicial remedies.

The supervisory authority responsible for younikat GmbH is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de

Presences in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because it could, for example, make it more difficult to enforce user rights.

Furthermore, the data of users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the user's usage behavior and the resulting interests. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the user's interests. For these purposes, cookies are usually stored on the user's computers in which the user's usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles regardless of the devices used by the user (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective processing methods and the options for objection (opt-out), please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Types of data processed: contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Instagram: social network; service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website: https://www.instagram.com ; privacy policy: https://instagram.com/about/legal/privacy .
Facebook Pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for collecting (but not further processing) data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy ), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see "Device information" in the Facebook Data Policy: https://www.facebook.com/policy ). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, so-called "Page Insights", to page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum ), which in particular regulates which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of those affected (ie users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular the right to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data ); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website: https://www.facebook.com ; Privacy Policy: https://www.facebook.com/about/privacy ; Standard contractual clauses (ensuring data protection levels when processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum ; Further information: Agreement on joint responsibility:https://www.facebook.com/legal/terms/information_about_page_insights_data . The joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
TikTok: social network/video platform; service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://www.tiktok.com ; privacy policy: https://www.tiktok.com/de/privacy-policy .
Twitter: social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); data protection declaration: https://twitter.com/privacy , (Settings: https://twitter.com/personalization ).
YouTube: social network and video platform; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); data protection declaration: https://policies.google.com/privacy ; possibility of objection (opt-out): https://adssettings.google.com/authenticated .

Plugins and embedded functions and content

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content or functions. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and can contain, among other things, technical information about the browser and operating system, referring websites, the time of the visit and other information about the use of our online offer, as well as be linked to such information from other sources.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status); inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); location data (information on the geographical position of a device or person).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offer and user-friendliness; provision of contractual services and customer service.
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use to display or make our online offering more user-friendly). The respective providers collect the IP address of the user and can process this for the purposes of transmitting the software to the user's browser as well as for security purposes and to evaluate and optimize their offering. - We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use to display or make our online offering more user-friendly). The respective providers collect the IP address of the user and can process this for the purposes of transmitting the software to the user's browser as well as for security purposes and to evaluate and optimize their offering; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Google Fonts (obtained from Google server): Obtaining fonts (and symbols) for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform presentation and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment. This data can be processed on a server of the provider of the fonts in the USA - When visiting our online offer, the user's browser sends their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, and the referring URL (i.e. the web page where the Google font should be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. The Google Fonts Web API requires the user agent to customize the font that is generated for the respective browser type. The user agent is logged primarily for debugging purposes and is used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts Analytics page. Finally, the referring URL is logged so that the data can be used for production maintenance and to generate an aggregated report on the top integrations based on the number of font requests. According to Google, it does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://fonts.google.com/ ; Privacy policy: https://policies.google.com/privacy ; Further information: https://developers.google.com/fonts/faq/privacy?hl=de .
Google Maps: We integrate the maps of the “Google Maps” service provided by Google. The data processed may include, in particular, IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Website: https://mapsplatform.google.com/ ; Privacy Policy: https://policies.google.com/privacy .
Google Maps APIs and SDKs: Interfaces to Google's map and location services, which allow, for example, the addition of address entries, location determinations, distance calculations or the provision of additional information on stands and other locations; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website: https://mapsplatform.google.com/ ; Privacy Policy: https://policies.google.com/privacy .
reCAPTCHA: We integrate the "reCAPTCHA" function to be able to recognize whether entries (e.g. in online forms) are made by people and not by automatically acting machines (so-called "bots"). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). The data processing is based on our legitimate interest in protecting our online offering from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website: https://www.google.com/recaptcha/ ; Privacy policy: https://policies.google.com/privacy ; Possibility of objection (opt-out): Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de , Settings for the display of advertisements: https://adssettings.google.com/authenticated .
hCaptcha : We use the "hCaptcha" service on our website, which is operated by Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA. hCaptcha is designed to ensure that certain entries on our website are made by a natural person and not by an automated program (bot). This protects our website from misuse and unwanted access. When using hCaptcha, the following personal data may be collected and processed: IP address, information about the browser and operating system used, mouse movements and click behavior, time spent on the website and other hCaptcha-specific data required to verify human actions. This data is transmitted to hCaptcha servers in the USA and stored there. hCaptcha uses this data to determine whether the entries on our website come from a human or a bot. In the course of this, information may be processed and stored using cookies or similar technologies.
Legal basis : Legitimate interest (Art. 6 Para. 1 lit. f GDPR) to ensure the security of our website and to protect us against automated interventions (e.g. by bots).
Website : https://www.hcaptcha.com/ Privacy Policy : https://www.hcaptcha.com/gdpr
YouTube videos: video content; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website: https://www.youtube.com ; privacy policy: https://policies.google.com/privacy ; possibility of objection (opt-out): opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de , settings for the display of advertisements: https://adssettings.google.com/authenticated .
YouTube videos: video content; YouTube videos are embedded via a special domain (recognizable by the component "youtube-nocookie") in the so-called "extended data protection mode", which means that no cookies are collected on user activities in order to personalize video playback. Nevertheless, information on the user's interaction with the video (e.g. remembering the last playback point) can be stored; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website: https://www.youtube.com ; data protection declaration: https://policies.google.com/privacy .
Font Awesome (obtained from the provider's server): Obtaining fonts (and symbols) for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform presentation and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment; Service provider: Fonticons, Inc. , 6 Porter Road Apartment 3R, Cambridge, MA 02140, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website: https://fontawesome.com/ ; Privacy policy: https://fontawesome.com/privacy .
Webgains Affiliate Marketing: We use the "Webgains Affiliate Marketing" service on our website, an affiliate network operated by Webgains GmbH, Frankenstraße 150C, 90461 Nuremberg Germany . Webgains enables us to integrate advertising partners on our website and receive commissions via affiliate links. Data processing and transfer: When using Webgains, the following personal data may be collected and processed:
- IP address
- Usage data (e.g. affiliate links clicked, pages visited)
- transaction data (e.g. purchases via affiliate links)
This data is collected by Webgains to enable the tracking and billing of affiliate commissions. To do this, Webgains may use cookies that are stored on your device. The information generated by cookies about the use of this website (including your IP address) is transferred to a Webgains server and stored there.

Legal basis: Your data is processed on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) to analyze and optimize our affiliate marketing and to process commission payments. Data protection declaration : Data protection declaration | WEBGAINS GIVES YOU THE EDGE

Change and update of the privacy policy

We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting us.

rights of the data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

Right to object: You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. If the personal data concerning you are processed in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
Right to withdraw consent: You have the right to withdraw consent at any time.
Right to information: You have the right to request confirmation as to whether data concerning you is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
Right to rectification: You have the right, in accordance with the statutory provisions, to request that the data concerning you be completed or that inaccurate data concerning you be rectified.
Right to erasure and restriction of processing: You have the right, in accordance with the statutory provisions, to request that data concerning you be erased immediately or, alternatively, to request that the processing of the data be restricted in accordance with the statutory provisions.
Right to data portability: You have the right to receive the data concerning you that you have made available to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transmitted to another controller.
Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you violates the provisions of the GDPR.

definitions of terms

This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined primarily in Art. 4 GDPR. The legal definitions are binding. The following explanations, however, are primarily intended to help you understand. The terms are sorted alphabetically.

A/B tests: A/B tests are used to improve the user-friendliness and performance of online services. Users are shown different versions of a website or its elements, such as input forms, on which the placement of the content or the labels of the navigation elements may differ. User behavior, such as staying on the website for longer or interacting with the elements more frequently, can then be used to determine which of these websites or elements are more in line with the needs of the users.
Content Delivery Network (CDN): A "Content Delivery Network" (CDN) is a service that enables the faster and more secure delivery of the content of an online offering, particularly large media files such as graphics or program scripts, using regionally distributed servers connected via the Internet.
Heatmaps: "Heatmaps" are mouse movements of users that are summarized to form an overall picture that can be used to identify, for example, which website elements are preferred and which website elements users prefer less.
Click tracking: Click tracking allows you to see the movements of users within an entire online offering. Since the results of these tests are more accurate when user interaction can be tracked over a certain period of time (e.g. so that we can find out whether a user likes to return), cookies are usually stored on users' computers for these testing purposes.
Conversion measurement: Conversion measurement (also known as "visit action evaluation") is a process that can be used to determine the effectiveness of marketing measures. To do this, a cookie is usually stored on the user's device within the websites on which the marketing measures take place and then retrieved again on the target website. For example, this allows us to see whether the ads we have placed on other websites were successful.
Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any type of automated processing of personal data that consists in using this personal data to analyze, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information relating to demographics, behavior and interests, such as interaction with websites and their content, etc.) (e.g. interests in certain content or products, click behavior on a website or location). Cookies and web beacons are often used for profiling purposes.
Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include the behavior or interests of visitors in certain information, such as the content of websites. With the help of reach analysis, website owners can, for example, recognize at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of the website to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online offering.
Remarketing: “Remarketing” or “retargeting” is when, for example, for advertising purposes, it is noted which products a user was interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
Location data: Location data is generated when a mobile device (or another device with the technical requirements for location determination) connects to a radio cell, a WLAN or similar technical intermediaries and location determination functions. Location data is used to indicate the geographically definable position on earth of the respective device. Location data can be used, for example, to display map functions or other location-dependent information.
Tracking: "Tracking" is when the behavior of users can be tracked across multiple online offerings. As a rule, behavior and interest information with regard to the online offerings used is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to correspond to their interests.
Controller: The “controller” is the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data.
Processing: "Processing" is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically every handling of data, be it collection, evaluation, storage, transmission or deletion.
Target group formation: Target group formation (English "custom audiences") is when target groups are determined for advertising purposes, e.g. displaying advertisements. For example, based on a user's interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online shop in which he viewed the products. "Lookalike audiences" (or similar target groups) are, in turn, when the content assessed as suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are generally used for the purposes of forming custom audiences and lookalike audiences.

data protection

privacy policy

Introduction

table of contents

responsible person

Overview of processing

types of data processed

categories of data subjects

purposes of processing

Relevant legal bases

security measures

transmission of personal data

data processing in third countries

deletion of data

use of cookies

Business Services

Providers and services used in the course of business activities

payment methods

provision of the online offer and web hosting

contact and inquiry management

newsletters and electronic notifications

web analysis, monitoring and optimization

online marketing

customer surveys

Presences in social networks (social media)

Plugins and embedded functions and content

Change and update of the privacy policy

rights of the data subjects

definitions of terms

Hilfe & Service

Gesetzliches

Kundenservice