Name and contact of the person responsible in accordance with Article 4 (7) GDPR
Bold & AmbitioS Beauty GmbH Winterhuder Weg 136a, D-22085 Hamburg
Telephone: +49 40 80 9783
Security and protection of your personal data
We consider it our primary task to protect the confidentiality of the personal data you have provided and to protect them from unauthorized access. We therefore apply extreme care and the latest security standards to ensure maximum protection of your personal data.
As a private law company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organizational measures that ensure that the regulations on data protection are observed both by us and by our external service providers.
The legislator calls for personal data to be processed in a legitimate manner, according to faithful and faith and in a manner that is understandable for the data subject ("Legality, Processing according to faith Transparency"). To ensure this, we will inform you about the individual legal definitions that are also used in this data protection declaration:
1. Personal data
"Personal data" are all information that is based on an identified or identifiable natural person (hereinafter "affected person") relate; A natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by assigning to an identifier such as a name, to an identification number, location data, for an online detection or for one or more special characteristics, the expression of the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person.
"Processing" is everyone, with or without the help of automated procedures, carried out process or any such series of transaction in connection with personal data
How to collect, record, organize, to arrange, to store, to adapt or change, to read out, to query, to use, to use, to disclose them to be made by transmission, distribution or other form of provision, comparison or link Restriction, deletion or annihilation.
3. Restriction of processing
"Restriction of processing" is the marking of stored personal data with the aim of restricting your future processing.4. Profiling
"Profiling" is every type of automated processing of personal data that is used in the fact that this personal data is used in order to evaluate certain personal aspects that relate to a natural person, in particular to aspects regarding work, economic situation, health, Personal preferences, interests, reliability, behavior, place of residence or change of location of this natural person to analyze or predict.
"File System" is every structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is managed centrally, decentralized or from functional or geographical points of view.
"Responsible" is a natural or legal person, authority, institution or other body that decides on the purposes and means of processing personal data alone or together with others; If the purposes and funds of this processing are specified by the Union law or the right of the Member States, the person responsible or the specific criteria can be provided for his naming under Union law or the law of the Member States.
8. Order processor
"Processor" is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
"Recipient" is a natural or legal person, authority, facility or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a certain investigation mandate according to the Union law or the law of the Member States are not considered a recipient; This data is processed by the authorities mentioned in accordance with the applicable data protection regulations in accordance with the purposes of processing.
"Third" is a natural or legal person, authority, institution or other body, in addition to the person concerned, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.
One "Consent" The person concerned is voluntary for the specific case, in an informed manner and unequivocally submitted expression of will in the form of an explanation or any other clear confirming action with which the person concerned means that they agree to the processing of the personal data relating to them .
Legality of processing
The processing of personal data is only legitimate if there is a legal basis for processing. The legal basis for processing can be – F GDPR be in particular:
a. The data subject has given their consent to the processing of the personal data relating to them for one or more specific purposes;
b. The processing is necessary for the fulfillment of a contract whose contracting party is the data subject, or for the implementation of pre -contractual measures that are carried out at the request of the person concerned;
c. The processing is necessary to fulfill a legal obligation that the person responsible is subject to;
d. Processing is necessary to protect vital interests of the data subject or another natural person;
e. Processing is necessary for the performance of a task that is in the public interest or in the exercise of public violence that has been transferred to the person responsible;
f. The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and fundamental freedoms of the data subject, who require the protection of personal data, outweigh, especially if the person concerned is one Child acts.
Information about the collection of personal data
(1) In the following we inform about the collection of personal data when using our website. Personal data are z. B. Name, address, email addresses, user behavior.
(2) If you contact us by email or via a contact form, the data you provide (your email address, possibly your name and telephone number) will be saved by us to answer your questions. We delete the data incurred in this context after the storage is no longer necessary, or processing is restricted if there are legal retention obligations.
Collection of personal data when visiting our website
When using the website, i.e. if you do not register or otherwise send us information, we only collect the personal data that your browser transmits to our server. If you want to look at our website, we will collect the following data that is technically necessary for us to display our websiteAnd to ensure the stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
- IP address
- Date and time of the request
– Time zone difference to the Greenwich Mean Time (GMT) Content of the requirement (specific page)
-Access status/http status code
- Jamount of data transferred
- Website from which the requirement comes
– Operating system and its surface
- Language and version of the browser software.
(1) In addition to the data mentioned above, cookies are saved on your computer when using our website. Cookies are small text files that are saved on your hard drive to the browser you used and through which certain information will flow through the place that sets the cookie. Cookies cannot run programs or transferred viruses to your computer. They serve to make the internet offer overall more user -friendly and more effective.
(2) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see a.)
– Persistent cookies (see b.).
a. Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These save a so-called session ID, with which different inquiries from your browser can be assigned to the joint session. This allows your computer to be recognized if you are on our website
to return. The session cookies are deleted when they log out or close the browser.
b. Persistent cookies are automatically deleted after a given duration, which can differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
c. You can configure your browser setting according to your wishes andz. B. reject the acceptance of third-party cookies or all cookies. So-called. “Third party Cookies " are cookies that have been set by a third party, consequently not through the actual website on which you are currently located. We would like to point out that by deactivating cookies you may not be able to use all functions of this website.
Other functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you usually have to provide other personal data that we use to provide the respective service and apply to the above -mentioned principles for data processing.
(2) In some cases we use the processing of your data external service providers. These were carefully selected and commissioned by us, are tied to our instructions and are checked regularly.
(3) We can also pass on your personal data to third parties if action participation, competitions, contracts or similar services are offered by us together with partners. You can find more information on this when specifying your personal data or below in the description of the offer.
(4) Insofar as our service providers or partners are based in a state outside of the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
Use of our web shop
(1) If you want to order in our web shop, it is necessary for the conclusion of the contract to provide your personal data that we need to process your order. Mandatory information required for the processing of the contracts is marked separately, further information is voluntary. We process the data you provide to process your order. To do this, we can pass on your payment data to our house bank. The legal basis for this is Art. 6 Section. 1 P. 1 lit. b GDPR. You can voluntarily create a customer account through which we can save your data for later further purchases. When creating an account at "My
Account" the data you provide are canceled. All other data, including your user account, can always be deleted in the customer area
(2) We are obliged to save your address, payment and order data for a period of ten years based on commercial and tax law requirements. However, after two years, we make a restriction of processing d. H. Your data will only be used to comply with the legal obligations.
(3) To prevent unauthorized access to third parties to your personal data, in particular financial data, the ordering process is encrypted via TLS technology.
Data protection regulations when using external payment service providers
(1) We offer several payment methods for the use of the web shop and use different payment service managers. Depending on which payment method you choose, different data will be transmitted to the respective payment service provider. The legal basis for the transmission is Art. 6 Section. 1 S. 1 lit. a GDPR. Below we list our payment service providers.
If you choose the PayPal payment method, your personal data will be transmitted to PayPal. The opening of a PayPal account is a prerequisite for the use of PayPal. With the use or opening of a PayPal account, the name, address, telephone number and email address must be transmitted to PayPal. The legal basis for the transmission of the data is Article 6 (1) lit. a GDPR (consent) and Article 6 (1) lit. b GDPR (processing of a contract).
The operator of the PayPal payment service is:
PayPal (Europe) S.à r.l. et cie, s.c.a. 22-24 Boulevard Royal
With the PayPal payment option, you agree to the transmission of the personal data such as name, address, telephone number and email address. The further data is collected from PayPal's data protection declaration from PayPal. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-fullb. Instant Banking
If you choose the payment method immediately, your personal data will be sent to the operator of immediately banking.
The legal basis for the transmission of the data is Article 6 (1) sentence 1 lit. a GDPR (consent) and Article 6 (1) sentence 1 lit. b GDPR (processing of a contract).
The operator of the payment service immediately banking is:
Telephone: 0049 89 20 889-500 Fax: 0049 89 20 889-120 Contact: firstname.lastname@example.org
Sofort GmbH collects the following data:
• Name, date of birth, title, invoice-and delivery address, email address, mobile phone number
Information about ordered products
Information on income, credit obligations and payment notice
Location -related information
- IP address
You can find detailed information on the data protection regulations of SOFORT GmbH at https://www.sofort.de/datenschutz.html
If you choose the Klarna payment method, your personal data will be transmitted to the operator of Klarna. The legal basis for the transmission of the data is Article 6 (1) lit. a GDPR (consent) and Article 6 (1) lit. b GDPR (processing of a contract).
The operator of the Klarna payment service is:
Klarna Bank (Publ) Sveafen 46
111 34 Stockholm Sweden
Telephone: 0046 8-120 120 00 Fax: 0046 8-120 120 99 Contact: email@example.com
Klarna collects the following data:
- Name, date of birth, title, invoice and delivery address, email address, mobile phone number
- Information about ordered products- Information on income, credit obligations and payment notice
- IP address
Detailed information on the data protection regulations of Klarna Bank (Publ) can be found at https://www.klarna.com/de/datenschutz/
(1) With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an email to the specified email address in which we ask you to confirm that you would like the sending of the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to be able to clarify a possible misuse of your personal data.
(3) The mandatory information for sending the newsletter is solely your email address. The specification of further, separately marked data is voluntary and is used to be able to address it personally. After your confirmation, we save your email address for the purpose of sending the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and cancel the newsletter. You can explain the revocation by clicking on the link provided in every newsletter email, via this form of the website, by email to firstname.lastname@example.org or by a message to the contact details specified in the imprint.
(5) We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the sent e-mails include so-called web beacons or tracking pixels that represent one-pixel image files stored on our website. For the evaluations, we link the data mentioned above and the web biaCons with your email address and an individual ID. The data is collected exclusively pseudonymized, so the IDS are not linked to their further personal data, direct personal relationship is excluded. You can contradict this tracking at any time by clicking on the separate link provided in every email or inform us about another contact path. The information is saved as long as you have subscribed to the newsletter. After deregistration, we save the data purely statistically and anonymously.
Our offer is basically aimed at adults. People under the age of 18 should not transmit any personal data to us without the consent of parents or legal guardians.
Rights of the data subject
(1) Revocation of the consent
If the processing of personal data is based on a granted consent, you have the right to revoke your consent at any time. The revocation of the consent does not affect the legality of the processing due to the consent until the revocation.
You can contact us at any time to exercise the right of withdrawal.
(2) Right to confirmation
You have the right to request confirmation from the person responsible for whether we process your personal data. You can request confirmation at any time under the contact details mentioned above.
(3) Right of information
If personal data is processed, you can request information about this personal data and the following information at any time:
the processing purposes;
the categories of personal data that are processed;
the recipients or categories of recipients, compared to the personal
Data have been disclosed or are still disclosed, especially with recipients
in third countries or at international organizations;
If possible, the planned duration for which the personal data is stored,
or, if this is not possible, the criteria for determining this duration;
the existence of a right to correct or delete the personal data relating to it or to restriction of processing by the
Responsible or a right to object to this processing;
the existence of a right to complain to a supervisory authority;
If the personal data is not collected by the data subject, all
Available information about the origin of the data;
the existence of automated decision making including profiling according to
Article 22 paragraphs 1 and 4 GDPR and – At least in these cases – meaningful information about the logic involved as well as the scope and the desired effects of such processing for the person concerned.
If personal data is transmitted to a third country or an international organization, you have the right to be informed about the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission. We provide a copy of the personal data that are the subject of processing. For all other copies you apply for, we can request an appropriate fee based on the administrative costs. If you make the application electronically, the information must be made available in a common electronic format, unless it indicates anything else. The right to receive a copy in accordance with paragraph 3 must not affect the rights and freedoms of other people.
(4) Right to correction
You have the right to request the correction of you to the relevant personal data. Taking into account the purposes of processing, you have the right to complete incomplete personal data – also by means of a supplementary explanation – to demand.
(5) Right to deletion ("Right to forget")
You have the right to request from the person responsible for being deleted immediately, and we are obliged to delete personal data immediately, provided that one of the following reasons applies:
The personal data is no longer necessary for the purposes for which they were collected or processed in any other way.
The data subject revokes their consent, on which the processing in accordance with Article 6 paragraph 1 letter A or Article 9 paragraph 2 letter a GDPR, and there is no other legal basis for processing.
The data subject objects to the processing in accordance with Article 21 (1) GDPR and there are no priority legitimate reasons for the processing, or the data subject occurs in accordance with Article 21 (2) GDPR.
The personal data was illegally processed.
The deletion of the personal data is to fulfill a legal
Obligation according to the Union law or the law of the Member States,
which the person responsible is subject.
The personal data was used in relation to the services offered
Information society collected in accordance with Article 8 (1) GDPR.
If the person responsible has made the personal data publicly and is obliged to delete them in accordance with paragraph 1, he takes appropriate measures, including a technical manner, in order to take into account the available technology and the implementation costs, in order to use it to process data processing, which process the personal data to inform that a data subject has requested that you delete all links to these personal data or from copies or replications of this personal data.
The right to deletion ("Right forgotten will") If there is no need for the processing:
– to exercise the right to freedom of expression and information;
– To fulfill a legal obligation that the processing according to the law of the Unionor the Member States to which the person responsible is subject requires, or to perform a task that is in the public interest or in the exercise of public violence that has been transferred to the person responsible;
– for reasons of public interest in the area of public health in accordance with Article 9 paragraph 2 letters H and I and Article 9 (3) GDPR;
– for archive purposes, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right mentioned in paragraph 1 is expected to make or seriously impair the objectives of this processing, or seriously
- to assert, exercise or defend legal claims.
(6) Right to restrict the processing
You have the right to restrict the processing of your personal
To request data if one of the following requirements is met:
the correctness of the personal data is denied by the data subject, for a duration that enables the person responsible to check the correctness of the personal data,
The processing is illegal and the data subject rejects the personal data deleted and instead requires the restriction of the use of personal data;
The person responsible no longer needs the personal data for the purpose of processing, but the person concerned, however, needs them to assert, exercise or defend legal claims or
The data subject has lodged an objection to the processing in accordance with Article 21 (1) GDPR, as long as it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the person concerned.
If the processing has been restricted in accordance with the above requirements, this personal data is – apart from their storage – Only processed with the consent of the data subject or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for the reasons of an important public interest in the Union or a Member State.
In order to assert the right to restrict the processing, the person concerned can contact us at any time under the contact details given above.
(7) Right to data portability
You have the right to obtain the personal data you have relating to us in a structured, common and machine -readable format, and you have the right to provide this data to another person responsible without disabilities by the person responsible, to whom the personal data have been sent, if:
a. Processing on consent in accordance with Article 6 (1) letter A or Article 9 paragraph 2 letter a or on a contract in accordance with Article 6 (1) letter b GDPR is based on and
b. The processing is carried out using automated procedures.
When exercising the right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data is sent directly to another person responsible, insofar as this is technically feasible. The exercise of the right to data portability leaves the right to deletion ("Right forgotten will") untouched. This right does not apply to processing that is necessary for the performance of a task that is in the public interest or in the exercise of public violence that has been transferred to the person responsible.
(8) Right of objection
You have the right to object at any time against the processing of personal data relating to you based on Article 6 (1) letter E or F GDPR; This also applies to a profiling based on these provisions. The person responsible no longer processes the personal data, unless he can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If personal data is processed in order to operate direct mail, you have the right to object at any time to the processing of personal data relating to the purpose of such advertising; This also applies to profiling, insofar as such direct advertising is connected. If you contradict processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
In connection with the use of the services of the information society, it can exercise your right to object using automated procedures, regardless of Directive 2002/58/EC, in which technical specifications are used.
You have the right to object to the personal data relating to you, which is relevant to you, which is relevant to you for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1), unless, unless, The processing is necessary to fulfill a task in the public interest.
You can exercise the right to object at any time by contacting the respective responsible person.
(9) Automated decisions in individual cases including profiling
You have the right, not one only on automated processing – including profiling – to be subjected to a decision that has a legal effect on them or that they are significantly impaired in a similar way. This does not apply if the decision:
a. is necessary for the conclusion or fulfillment of a contract between the data subject and the person responsible,
b. on the basis of legal provisions of the Union or the Member States, which the person responsible are subject to, and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject
c. with the express consent of the data subject.
The person responsible takes appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain the intervention of a person on the part of the person responsible, to state one's own point of view and to contest the decision.
The person concerned can exercise this right at any time by turning to the respective person responsible.
(10) Right to complain to a supervisory authority
You also have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your place of residence or the location of the presumed violation, without prejudice to any other administrative or judicial remedy Personal data violates this regulation.
(11) Right to effective legal remedies
Without prejudice to an available administrative or extrajudicial legal remedy, including the right to a complaint with a supervisory authority in accordance with Article 77 GDPR, the processing of your personal data was violated of this regulation.
Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so -called. "Cookies", Text files that are stored on your computer and that enable an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. In the event of activation of IP anonymization on this website, your IP address will be shortened beforehand within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services related to website usage and internet usage.
(2) The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
(3) You can prevent the storage of cookies by setting your browser software; However, we would like to point out that in this case you may not be able to use all functions of this website in full. You can also prevent Google (including your IP address) to Google as well as the processing of this data by Google by the Cookie and related to your use of the website by Google by the following link. Download and install: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the expansion "_AnonymizeiP ()". As a result, IP addresses are further processed, so that personal relationship can be excluded. Insofar as the data collected about them has a personal reference, it will be excluded immediately and the personal data will be deleted immediately.
(5) We use Google Analytics to analyze and improve the use of our website. We can improve our offer via the statistics obtained and, as a user, make more interesting. Personal data can be transferred to the server in the USA. If you accept the cookie, explicitly declare yourself in accordance with Art. 49 Para. 1 Lit. a) GDPR that your personal data will be transferred to the USA. We would like to point out that the United States was classified by the European Court of Justice (ECJ) as an unsafe third country, for which there is no appropriateness and no suitable guarantees to enforce its rights. In particular, it cannot be ruled out that state (surveillance) authorities also access your personal data without any legal remedies and process it. The legal basis for processing is Art. 6 Para. 1 S. 1 lit. a and Art. 49 Para. 1 lit. a GDPR.
(6) Information from the third party: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions:
http://www.google.com/analytics/terms/de.html, as well as the data protection declaration: https://policies.google.com/privacy?hl=de&gl=de.
Use of social media links
We are currently using various links to different social media platforms, such as Facebook, Instagram and Pinterest. These are not social media plugins, but only links. If you click one of the links, you will reach the respective provider of the website and your IP address will be transmitted. If you are logged in at the same time as the respective social media account, further data may be collected by the respective provider.
Use of social media plugins
(1) We are currently using the following social media plug-ins: [Facebook, Google+, Twitter, Xing, T3N, LinkedIn, Flattr]. We use the so-called two-click solution. This means that if you visit our site, no personal data will initially be passed on to the providers of the plug-in. You can recognize the provider of the plug-in by marking on the box about its initial letter or the logo. We open up the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and activate it will the plug-in provider get the information that you have accessed the corresponding website of our online offer. In addition, the data collected when visiting our website are transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after survey. By activating the plug-in, personal data will be transmitted from you to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider makes the data collection in particular via cookies, we recommend deleting all cookies to your browser's safety settings before clicking on the grayed box.
(2) We have no influence on the data and data processing processes collected, nor are the full scope of the data collection, the purposes of processing, and the storage periods are known. We also do not provide any information to delete the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses it for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation takes place in particular (also for users that are also logged in) to display needs -based advertising and to inform other users of the social network about their activities on our website. You have a right to object to the formation of these user profiles, whereby you have to contact the respective plug-in provider to exercise it. We offer you the opportunity to interact with social networks and other users through the plug-ins, so that we can improve our offer and to be more interesting for you as a user. The legal basis for the use of plug-ins is Art. 6 Para. 1 S. 1 lit. a GDPR.
(4) Data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be assigned directly to your account with the plug-in provider. If you press the activated button and z. B. Linking the page, the plug-in provider also saves this information in your user account and publicly inform your contacts. We recommend that you log out regularly after using a social network, but in particular before activating the button, as you can avoid an assignment to your profile with the plug-in provider.
(5) Further information on the purpose and scope of the data collection and your processing by the plug-in provider can be found in the data protection declarations of these providers that are communicated below. There you will also receive further information on your rights and
Settings for protecting your privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection information:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/18632568085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http: //www.facebook .com/About/Privacy/Your-Info#Everyoneinfo.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/privacy?hl=de.
(7) Personal data can be transmitted there for providers based in the USA. If you accept the cookies, explicitly declare yourself in accordance with Art. 49 Para. 1 Lit. a) GDPR that your personal data will be transferred to the USA. We would like to point out that the United States was classified by the European Court of Justice (ECJ) as an unsafe third country, for which there is no appropriateness and no suitable guarantees to enforce its rights. In particular, it cannot be ruled out that state (surveillance) authorities also access your personal data without any legal remedies and process it. The legal basis for processing is Art. 6 Para. 1 S. 1 lit. a and Art. 49 Para. 1 lit. a GDPR.
Existing an automated decision -making process
We do without automatic decision making or profiling.