Privacy policy of Pickware GmbH Status: 01.03.2021

Responsible body and data protection officer

The responsible body pursuant to Article 4 (7) of the General Data Protection Regulation (GDPR) or service provider pursuant to Section 13 of the German Telemedia Act (TMG) is:

Pickware GmbH
Goebelstraße 21
64293 Darmstadt

You can contact the data protection officer at:

Pickware GmbH
The Data Protection Officer
Goebelstraße 21
64293 Darmstadt
[email protected]

Source of personal data

We process personal data that we receive from you in the course of your visit to our websites pickware.de or account.pickware.de (hereinafter referred to as "websites") when you contact us by e-mail, telephone or via a contact form.

Categories of personal data processed

If you visit or use our website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. We collect the following data, which is technically necessary for us to display our website and to ensure its stability and security

This data is used exclusively for internal statistical purposes. The legal basis is Article 6 para. 1 lit. f) GDPR.

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie with certain information. Cookies cannot execute programmes or transmit viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

This website uses the following cookies:

The websites also use so-called pixel tags. These can send personal data such as your IP address, the referrer URL of the websites visited, the time at which the pixel was viewed, the browser used and previously set cookie information to a web server. This makes it possible to carry out reach measurements and other statistical evaluations, which serve to optimise our offer.

We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

We also use cookies and pixels to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies and pixels enable us to automatically recognise that you have already been to our website when you visit it again. These are automatically deleted after a defined period of time.

We also use cookies and pixel tags to carry out tracking and targeting measures. In this way, we want to ensure a needs-based design and continuous optimisation of our websites. On the other hand, we use these measures to ensure that we only display advertisements on your end devices that are based on your actual or perceived interests.

The data processed by cookies and pixel tags are necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Article 6 (1) sentence 1 lit. f) GDPR. If you have explicitly consented to the setting of cookies for the use of analysis, tracking and targeting services or similar services when calling up our websites, we set the cookies and pixel tags and process the data collected by cookies based on your consent in accordance with Article 6 (1) sentence 1 lit. a) GDPR. You can find more details in the description of the services. These cookies are automatically deleted after a defined period of time. If we use cookies and pixel tags based on your consent, you can revoke your consent for the future at any time via the cookie management tool. Most browsers are set to accept cookies or pixel tags. However, you can also deactivate the storage of cookies in your browser or set your browser so that you receive a message as soon as cookies are sent. However, we would like to point out that if you completely deactivate cookies, you may not be able to use all the functions of this website.

If you contact us by e-mail, telephone or via a contact form, the data you provide (e.g. name, e-mail address, telephone number, if applicable, occasion) will be stored by us in order to answer your questions.

In addition to the purely informational use of our websites, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data that we use to provide the respective service and for which the aforementioned data processing principles apply. You will find further explanations below.

Transmission to third countries

Personal data is only transferred to countries outside the European Union (EU) if the conditions of Article 44 ff. GDPR are met. A third country is a country outside the European Union (EU) in which the GDPR is not directly applicable.

The EU Commission has not issued an adequacy decision for the USA pursuant to Article 45 (1) GDPR. This is because, according to the European Court of Justice in its ruling of 16.07.2020 (Case C-311/18, "Schrems II"), there is no level of data protection in the USA that would be comparable to that in the EU. When transferring personal data to the US, there is a theoretical risk that US authorities could gain access to the personal data on the basis of the surveillance programmes PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act) and on the basis of Executive Order 12333 or Presidential Police Directive 28. According to the European Court of Justice, EU citizens do not have effective legal protection against these accesses in the US or the EU.

We only transfer your personal data to the USA or other third countries if either

Customer account and order

When using our online shop at www.pickware.de/shop, the prior creation of a customer account is required.

When opening a customer account, we collect your personal data to the extent specified there. When you place an order, we collect and use your personal data only to the extent necessary to fulfil and process your order and to deal with your enquiries. The data processing serves the purpose of improving your shopping experience and processing your order. The processing is carried out to fulfil the contract concluded with you in accordance with Article 6 Para. 1 S. 1 lit. b) GDPR).

Your data will not be passed on to third parties without your express consent. The only exceptions to this are our service partners that we need to process the contractual relationship or service providers that we use as part of order processing. In addition to the recipients named in the respective clauses of this data protection declaration, these are, for example, recipients of the following categories: Shipping service providers, payment service providers, merchandise management service providers, service providers for order processing, web hosts, IT service providers and dropshipping merchants.

PayPal

We use the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process is automatically transmitted to PayPal. This regularly involves the following data:

The data transmitted to PayPal may be transferred by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may also pass on your data to third parties if this is necessary for the fulfilment of contractual obligations or if the data is to be processed on behalf of PayPal. You can find PayPal's privacy policy at https://www.paypal.com/de/­webapps/­mpp/ua/­privacy-full.

The legal basis for the data processing is Article 6 para. 1 sentence 1 lit. b) GDPR, as the processing of the data is necessary for the payment with PayPal and thus for the execution of the contract.

Stripe

We use the payment service provider Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA (hereinafter "Stripe"). If you choose Stripe as your payment method, your data required for the payment process is automatically transmitted to Stripe. This is regularly the following data:

According to its own information, Stripe collects further data for its own purposes such as abuse prevention and further development of its products as well as for marketing purposes. This includes in particular technical usage data (IP address, device identifier or information on the operating system).

The data transmitted to Stripe may be transferred by Stripe to credit agencies. The purpose of this transfer is to check your identity and creditworthiness. Stripe may also pass on your data to third parties if this is necessary for the fulfilment of contractual obligations or if the data is to be processed on behalf of Stripe. Some of the data processing by Stripe takes place on servers in the USA. We have concluded a contract with Stripe incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA). You can find Stripe's privacy policy at https://stripe.com/de/privacy.

The legal basis for the data processing is Article 6 para. 1 sentence 1 lit. b), 49 para. 1 lit. b) GDPR, as the processing of the data is necessary for the payment with Stripe and thus for the performance of the contract.

Online surveys

We regularly collect online surveys with the purpose of continuously improving our offers. Participation in such a survey is exclusively voluntary and can be terminated at any time without giving reasons by closing the browser window.

Data processing is limited to data that you provide voluntarily when participating in the survey. Data processing only takes place with your consent (Article 6 para. 1 p. 1 lit. a) GDPR).

Some surveys offer the option of linking the previously anonymous information with your person or your company by entering personal data (e.g. name of the person, name of the company, internet address of the company). The survey data collected in this way may be combined with information from past and future business relationships between you or your company and our services and stored together. The purpose of this link is to improve our offers and to increase the quality of the business relationship.

Unless otherwise stated, the collection, processing and evaluation of the data is anonymous and does not allow any conclusions to be drawn about your person.

Unless otherwise stated, the surveys are conducted using "Formstack", a data management system of the US provider Formstack, LLC, 8604 Allisonville Rd, Ste. 300 Indianapolis, IN 46250, USA. The anonymised as well as personal data is stored on Formstack's servers in the USA. We have concluded a contract with Formstack incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA). Further information on Formstack's data protection policy can be found at https://www.formstack.com/­legal/website-privacy-policy.

Appointments

We use the service "youcanbook.me", offered by the company YouCanBook.me Ltd, 38 Mill Street, Bedford, MK40 3HD, United Kingdom, to make appointments.

By using this service, your data, i.e. first name, last name, telephone number, e-mail address, as well as all other data voluntarily provided by you, will be transferred to youcanbook.me. Only the information below the data marked with an asterisk is mandatory. The legal basis for this processing is our legitimate interest according to Article 6 para. 1 lit. f) GDPR in offering you a user-friendly, time-saving and progressive way of making an appointment with us. The provision of further data can be helpful, but is not mandatory (voluntary information, Article 6 para. 1 p. 1 lit. a) GDPR).

Furthermore, we would like to point out that you are not obliged to use this service to make an appointment. If you do not wish your data to be processed in this way, please use another way to contact us or make an appointment, e.g. by e-mail or telephone.

For more information on the "youcanbook.me" tool, please see the youcanbook.me privacy policy: https://youcanbook.me/terms/.

Newsletter

You can subscribe to our newsletter via our website. The newsletter is sent using "MailChimp", a newsletter sending platform of the US provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The use of MailChimp takes place within the framework of your consent to the sending of newsletters in accordance with Article 6 para. 1 p. 1 lit. a) GDPR.

The email addresses of our newsletter recipients, as well as their other data described in these notes, are stored on the servers of MailChimp in the USA. We have concluded a contract with Rocket Science Group LLC that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA). Further information on data processing by Rocket Science Group LLC can be found at https://mailchimp.com/legal/data-processing-addendum.

In addition, we will only transfer your data if you expressly consent to the processing by MailChimp. In this case, you also consent to the transfer of your data to the USA in accordance with Article 49 (1) a) GDPR, knowing the risks described in section 4. You can revoke your consent for the future at any time. To do so, you can use the link that you will find at the end of each newsletter.

Registration for our newsletter takes place in a so-called double opt-in process. This means that you leave your email address in the registration form on our website. After registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with MailChimp are also logged.

The newsletters contain a "web beacon", i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on the retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor that of MailChimp to observe individual users. The analyses serve us much more to recognise the reading habits of our users in pseudonymised form and to adapt our content to them or to send different content according to the interests of our users.

There are cases where we direct newsletter recipients to MailChimp's websites. For example, our newsletters contain a link that newsletter recipients can use to access the newsletter online (e.g. in the event of display problems in the email programme). Furthermore, newsletter recipients can subsequently correct their data, such as the email address. Likewise, the privacy policy of MailChimp can only be accessed on their site. In this context, we would like to point out that cookies are used on MailChimp websites and that personal data is processed by MailChimp, its partners and service providers (e.g. Google Analytics).

Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google"). In this context, pseudonymous usage profiles are created and cookies are used.

The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is usually transmitted to Google servers in the USA and processed there.

Google Analytics is used within the scope of your consent according to (Article 6 para. 1 sentence 1 lit. a) GDPR) for the analysis and optimisation of our online offer as well as the economic operation of this website. Google therefore processes the information on our behalf in order to evaluate the use of the website, to compile reports on website activities and to provide us with further services associated with website and internet use for the purposes of market research and demand-oriented design of these Internet pages.

In addition, we use the data collected by Google Analytics as part of the Google tool Optimize. Together with an additional cookie, Optimize allows us to test different versions of a website and how users react to these different versions. For example, we can test at which point within the website a particular piece of information is most attractive. The additional cookie is used to determine whether you participate in a test and determines the end of the test (A/B testing).

We have concluded an order processing contract with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.

We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address will not be merged with other data from Google.

If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process the data on behalf.

The information generated by the cookies set by Google Analytics about the use of our websites is transferred to Google servers in the USA and processed there. The transmitted data are only pseudonyms, a conclusion to your name is not possible. We have concluded a contract with Google that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).

In addition, we will only transfer your data if you expressly consent to the processing by Google. In this case, you consent to the transfer of your data to the USA in accordance with Article 49 (1) a) GDPR, knowing the risks described in section 4.

You can revoke your consent for the future at any time via the cookie management tool.

Google Tag Manager

The Google Tag Manager tool of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (is used on our websites). We use the Google Tag Manager to manage the tools about which we provide information in this privacy policy. For details regarding these tools, please refer to the information regarding the specific tool.

The Tag Manager tool itself, which implements the tags, is a cookieless domain. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. For more information on Google Tag Manager, please see the usage guidelines for this product.

It cannot be ruled out that the information generated by the use of the Google Tag Manager about the use of our websites is transmitted to Google servers in the USA and processed there. The transmitted data are only pseudonyms, a conclusion to your name is not possible. We have concluded a contract with Google that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).

Google Ads (Conversion Tracking)

We use Google Ads Conversion Tracking of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland on our website. The service enables us to design, statistically record, optimise and play out advertising content in line with demand. We rely on such advertising content to ensure the visibility of our offer. The use of Google Ads Conversion Tracking takes place within the framework of your consent in accordance with Article 6 para. 1 p. 1 lit. a) GDPR. In this case, you also consent to the transfer of your data to the USA in accordance with Article 49 Para. 1 lit. a) GDPR, in the knowledge of the risks described in Section 4. You can revoke your consent for the future at any time via the cookie management tool.

Google Ads sets a cookie on your computer if you have accessed our website via a Google ad. These cookies lose their validity after 30 days. If the user visits certain pages of the Ads client's website and the cookie has not yet expired, Google and the client can recognise that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted in to conversion tracking. We learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, you will not receive any information that personally identifies users.

The information generated by the cookie about your use of our website is transmitted to a Google server in the USA and stored there. The transmitted data are only pseudonyms, an inference to your name is not possible. We have concluded a contract with Google that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies, or by revoking your consent via the cookie management tool.

Google's privacy policy on conversion tracking can be found at https://services.google.com/­sitestats/de.html.

Use of the remarketing or "similar target groups" function of Google Inc.

We use the remarketing or "similar target groups" function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland on our websites. This function serves the purpose of analysing visitor behaviour and visitor interests. Google uses cookies to carry out the analysis of website usage, which forms the basis for the creation of interest-based advertisements. The cookies are used to record visits to the website and anonymised data on website usage. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas.

The use of the "Similar target groups" function takes place within the scope of your consent pursuant to Article 6 para. 1 sentence 1 lit. a) GDPR. In this case, you consent to the transfer of your data to the USA in accordance with Article 49 Para. 1 lit. a) GDPR in the knowledge of the risks described in Section 4. You can revoke your consent for the future at any time.

Your data will also be transferred to the USA. We have concluded a contract with Google that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).

You can find more information about Google Remarketing at https://support.google.com/google-ads/answer/2549063?hl=de.

Facebook Remarketing

We use the "Custom Audiences" remarketing function of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter Facebook) on our websites. This is a targeting service provided by Facebook. Facebook Custom Audience allows us to target advertising campaigns to individuals. This enables us to display individually tailored and interest-based advertising on Facebook to certain groups of pseudonymised visitors to our website who also use Facebook.

The Facebook pixel is a JavaScript code that makes it possible to track the activities of visitors on websites where the pixel is used. The Facebook pixel collects and stores, among other things, IP address, browser information, source and target page, referrer data. In addition, the pixel recognises which activities have been carried out on the website, such as click behaviour. The setting of the pixel and the processing of the personal data is based on your consent in accordance with Article 6 para. 1 sentence lit. a) GDPR.

This information is transferred to Facebook servers in the USA. There, it is automatically checked whether you have saved a Facebook cookie. The Facebook cookie is used to automatically determine whether you belong to the target group that is relevant for us. If you belong to the target group, you will be shown corresponding ads from us on Facebook. During this process, you will not be personally identified either by us or by Facebook.

We are joint controllers with Facebook with regard to the use of the Facebook Custom Audience Pixel pursuant to Article 26 of the GDPR. We have concluded a joint responsibility contract to determine the respective responsibilities for the fulfilment of the obligations under the GDPR. In this contract, it was agreed that we fulfil the information obligations and Facebook is responsible for the fulfilment of the rights of the data subjects according to Artt. 15-23 GDPR. Facebook bases the processing of the data on the consent of the Facebook users according to Article 6 para. 1 p. 1 lit. a) GDPR and the legitimate interests of Facebook according to Article 6 para. 1 p. 1 lit. f) GDPR. You can find more information on this in Facebook's data protection information, or here. You can contact Facebook's data protection officer here.

You can opt out of the use of the Custom Audiences service on the Facebook website. After logging in to your Facebook account, you can access the settings for Facebook ads.

The information generated by the Facebook pixel, such as IP address, browser used and source and destination page, is usually sent to servers in the USA. Facebook transfers personal data to the US or other countries outside the EU that may not offer data protection standards comparable to those in the EU. We have concluded a contract with Facebook incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).

In addition, we will only transfer your data if you consent to the processing by Facebook. In this case, you also consent to the transfer of your data to the USA in accordance with Article 49 (1) a) GDPR, knowing the risks described in section 4. You can revoke your consent for the future at any time via the cookie management tool.

YouTube

We use the YouTube video embedding function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube") on our websites. YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The function displays videos stored on YouTube in an iFrame on the website. The option "Extended data protection mode" is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video is information about it transmitted to YouTube and stored there. The data processing is based on your consent in accordance with Article 6 para. 1 p. 1 lit. a) GDPR.

Your data may be transferred to the USA. We have concluded a contract with Google that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).

In addition, we will only transfer your data if you expressly consent to the processing by Google. In this case, you also consent to the transfer of your data to the USA in accordance with Article 49 (1) a) GDPR, knowing the risks described in section 4. You can revoke your consent for the future at any time.

Nähere Informationen zur Erhebung und Nutzung der Daten durch YouTube und Google, über deine diesbezüglichen Rechte und Möglichkeiten For more information about protecting your privacy, please see Google's privacy policy.

Social Media Plugins

We use social network plug-ins on our website. In order for you to retain control over your data, we use the privacy-safe "Shariff" buttons. Without your explicit consent, no links to the servers of the social networks are established and consequently no data is transmitted.

"Shariff" is a development by the specialists of the computer magazine c't. It enables more privacy on the internet and replaces the usual "share" buttons of social networks. More information about the Shariff project can be found here. When you click on the buttons, a pop-up window appears in which you can log in to the respective provider with your data. Only after you have actively logged in will a direct connection to the social networks be established.

By logging in, you give your consent to the transfer of your data to the respective social media provider in accordance with Article 6 para. 1 p. 1 lit. a) GDPR). Among other things, your IP address and the information about which of our pages you have visited will be transmitted. If you are connected to one or more of your social network accounts at the same time, the collected information will also be assigned to your corresponding profiles. You can only prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons.

It cannot be ruled out that your data will be stored on the servers of the plug-in providers in the USA. We have concluded a contract with the respective plugin providers that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).

In addition, we will only transfer your data if you expressly consent to the processing by the plug-in provider. In this case, you also consent to the transfer of your data to the USA in accordance with Article 49 (1) a) GDPR, knowing the risks described in section 4.

You can find more information about the scope and purpose of the collection and use of the data as well as about your rights in this regard and options for protecting your privacy in the linked data protection notices of the providers:

Cloudflare

This website uses services of Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA (hereinafter "Cloudflare"). Cloudflare operates a content delivery network (CDN) and provides protection functions for the website (web application firewall). The data transfer between your browser and our servers flows through Cloudflare's infrastructure and is analysed there to prevent attacks. Cloudflare uses cookies to enable you to access our website. The use of Cloudflare is in the interest of a secure use of our website and the defence against harmful attacks from outside. This constitutes a legitimate interest within the meaning of Article 6 para. 1 lit. f) GDPR.

Your data will also be transferred to the USA. We have concluded a contract with Cloudfare that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).

For more information, please see the Cloudflare privacy statement: https://www.cloudflare.com/de-de/privacypolicy/.

Google Fonts

This site uses so-called web fonts for the uniform display of fonts. They are provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). provided. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google's servers in the USA. This enables Google to know that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 Para. 1 lit. f) GDPR.

According to Google, the collection, storage and use of data is limited to what is necessary for the efficient provision of fonts. When using the web fonts, personal data is only collected or transmitted to the minimum extent technically necessary. Google also states that it does not merge the data with other Google services.

If your browser does not support web fonts, a standard font from your computer will be used.

jsdelivr.com-CDN

In order for us to be able to deliver our individual web pages to you quickly and flawlessly on all different devices, we use the open source services of jsdelivr.com from the Polish company ProspectOne, Królewska 65A/1, 30-081, Kraków, Poland. This is a content delivery network (CDN). This is a network of regionally distributed servers that are connected via the internet. This enables content, especially large files, to be delivered quickly and optimally even during large peak loads. This constitutes a legitimate interest within the meaning of Article 6 para. 1 lit. f) GDPR.

In order to provide this service, your browser may send personal data to jsdelivr.com. jsDelivr may therefore collect and store user data such as IP address, browser type, browser version, which web page is loaded or the time and date of the page visit. Cookies are not set.

If you want to prevent this data transfer, you can install a JavaScript blocker (for example https://noscript.net/). Please note that this will prevent the website from providing the usual service (such as fast loading speed).

For more information on data processing by jsDelivr, please see the company's privacy policy at https://www.jsdelivr.com/privacy-policy-jsdelivr-net.

Sendgrid

We use the Sendgrid service of Twilio Sendgrid Inc, 1801 California St #500 Denver, CO 80202, USA (hereinafter "Sendgrid") to send some emails. Sendgrid is used to send confirmation emails, transaction confirmations and emails with important information regarding existing requests. The dispatch via a specialised service provider is necessary to ensure the delivery of the e-mails to your e-mail account and to reduce the probability of these e-mails being classified as "spam" by your e-mail provider. This constitutes a legitimate interest within the meaning of Article 6 Para. 1 lit. f) GDPR. In addition, the use of Sendgrid is necessary for the fulfilment of the contract with you (Article 6 para. 1 lit. b) GDPR).

The data provided with the respective request, including e-mail address, name and requested service, are processed.

We have concluded a contract with Sendgrid that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).

For more information on Sendgrid Inc.'s privacy policy, please see the privacy policy at the following link: https://sendgrid.com/policies/privacy/.

Categories of recipients of personal data

We have some of the aforementioned processes and services carried out by carefully selected service providers who comply with data protection regulations. These external service providers are bound by our instructions and are regularly monitored.

With regard to the disclosure of data to other recipients, we only disclose information about you if this is required by law, you have consented or we are authorised to disclose. If these conditions are met, recipients of personal data may include:

Purposes for which the personal data are to be processed and legal basis for the processing

We process your personal data in compliance with the applicable legal data protection regulations. The processing is lawful beyond the purposes and legal bases described above in the context of the tools used if the following conditions are met:

a) Consent (Article 6 para. 1 p. 1 lit. a) GDPR

The lawfulness for the processing of personal data is given in the case of consent for processing for specified purposes (e.g. processing of your enquiry, use of data for marketing purposes). Consent given can be revoked at any time with effect for the future.

b) Due to contractual obligations (Article 6 para. 1 p. 1 lit. b) GDPR)

We process personal data in order to fulfil our contractual obligations or to carry out pre-contractual measures upon request. The purposes of the data processing result primarily from your specific request.

c) Due to legal requirements (Article 6 para. 1 p. 1 lit. c) GDPR:

We are subject to various legal obligations. These include, among others:

d) Within the framework of the balancing of interests (Article 6 para. 1 p. 1 lit. f) GDPR

Where necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties. Examples:

Intention to transfer the personal data to a third country or an international organisation

An active transfer of personal data to a third country only takes place if this has been expressly indicated under point 4 or within the scope of the aforementioned services.

Criteria for determining the period for which personal data are stored

The data is stored in accordance with statutory data processing regulations and in compliance with statutory retention periods. We process and use your data exclusively for the purposes for which you have authorised us and for as long as the data is required for these purposes.

If the data are no longer required for the purpose or for the fulfilment of legal obligations, they are usually deleted, unless their further processing - limited in time and scope - is necessary for the following purposes:

Data protection rights

You have the following rights in relation to personal data relating to you:

Within the scope of the right to information (Article 15 GDPR) and the right to deletion (Articles 16, 17 GDPR), the restrictions pursuant to Sections 34, 35 BDSG apply.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you that is carried out on the basis of Article 6 (1) sentence 1 lit. e) GDPR (data processing in the public interest) and Article 6 (1) sentence 1 lit. f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

In individual cases, we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made without formalities and should preferably be addressed to:

Pickware GmbH
Goebelstraße 21
64293 Darmstadt
[email protected]

Consent given can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018.

Furthermore, you have the right to lodge a complaint about the processing of your personal data by us with a competent data protection authority (Article 77 GDPR in conjunction with Section 19 BDSG).

Data security

We protect your information through modern security systems and adhere to the data protection and security regulations within the framework of the GDPR.

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge. These are adapted to the current state of the art.

Online forms on our website are sent with SSL encryption to protect the data you enter. However, we cannot guarantee that the information sent cannot be viewed by third parties during transmission. Therefore, you should not send passwords, credit card numbers or other information that you wish to keep secret.

Obligation to provide data and possible consequences of not providing data

When using our offers, you must provide the personal data that is necessary for the fulfilment of the purpose or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract with you.

Existence of automated decision-making including profiling

As a rule, we do not use fully automated decision-making or profiling in accordance with Article 22 GDPR to establish and implement the business relationship. Should we use these procedures in individual cases, we will inform you separately if this is required by law.

Changes to the data protection notice

We are continuously developing and optimising our services. It may therefore be that we add new functionalities. Should this have an impact on the way your personal data is processed, we will inform you in good time in our data protection information.

We use third-party cookies, such as Google and Facebook, to constantly improve our website and provide you with an optimized user experience and relevant advertising. You can find more information about this in our Privacy Statement.

Privacy Settings

Below you will find an overview of all cookies. You can object to the use of optional cookies if necessary. You can find more information about the cookies we use in our Privacy Statement.

Essential

Essential cookies enable the basic operation of the website and are necessary for its proper functioning. For more information, please see our Privacy Statement.

Marketing

We use cookies from third parties such as Google and Facebook. They record user behaviour in order to provide you with personalised offers and guarantee an optimal user experience. For more information, please see our Privacy Statement.

Google Analytics and Facebook tracking have been disabled. Google Analytics and Facebook tracking have been enabled. Thanks for your support!