Privacy policy
We would like to inform you below about the processing of personal data when using our website.
1. Controller
Responsible for this website is:
LPP Lotao Pack and Production GmbH
Gubener Strasse 47
10243 Berlin
Further information about our company and the persons authorized to represent can be found in our imprint.
2. What data is processed?
Legal bases of data processing
In order to be able to offer you our website and the associated services, we process personal data on the basis of the following legal bases:
• Consent (Art. 6 Para. 1 lit. a) GDPR)
• to fulfill contracts (Art. 6 Para. 1 lit. b) GDPR
• on the basis of a balance of interests (Art. 6 Para. 1 lit. f) GDPR)
• to fulfill a legal obligation (Art. 6 Para. 1 lit. c) GDPR).
In connection with the respective processing, we will refer to the corresponding terms so that you can classify on which basis we process personal data.
If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time with effect for the future.
If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 GDPR.
Access Data
When you visit our website, personal data is processed in order to be able to display the content of the website on your device.
In order for the pages to be displayed in your browser, the IP address of the end device you are using must be processed. There is also further information about the browser of your end device.
We are obliged under data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems.
For this purpose and for this interest, the following data is logged on the basis of a weighing of interests:
• IP address of the calling computer (for a maximum of 7 days)
• Operating system of the calling computer
• Browser version of the calling computer
• Name of retrieved file
• Date and time of retrieval
• amount of data transferred
• Referring URL.
The IP address will be deleted from all systems used in connection with the operation of this website after 7 days at the latest. We can then no longer establish a personal reference from the remaining data.
The data is also used to identify and correct errors on the website.
Contact Form
We offer a contact form on our website, which you can use to request information about our products or services or to contact us in general. We have marked the data that you absolutely need to answer an inquiry as mandatory fields. Information on other data fields is voluntary.
We need this information to process your request, to address you correctly and to send you an answer. The data processing takes place in the case of specific inquiries for the fulfillment of a contract or the initiation of a contract. In the case of general inquiries, the processing takes place on the basis of a balance of interests.
Inquiries received via the contact form on our website are processed electronically by us in order to answer your inquiry. In this context, other people or departments and possibly third parties may also be informed of the form content that you have sent.
The form data is transmitted over the Internet via encrypted connections.
Newsletter
You can also subscribe to an email newsletter on our website. In addition to the voluntary information in the respective form, we only process your e-mail address. However, this is also mandatory in order to be able to send you the newsletter.
You can unsubscribe from the newsletter at any time. Alternatively, you will find a link to unsubscribe in every newsletter email.
In order to be able to analyze the popularity of our newsletter broadcasts and to be able to optimize them, we log when e-mails are opened and links are clicked. This usage analysis is based on a weighing of interests. You can object to this processing by unsubscribing from the newsletter.
Newsletter dispatch by Klaviyo
We use the Klaviyo component to send our newsletter. Klaviyo is a service provided by Klaviyo Inc, Boston, USA. Your data stored when registering for the newsletter (e-mail address, name if applicable, IP address, date and time of your registration) will be transmitted to a Klaviyo Inc. server in the USA and stored there. For more information on privacy at Klaviyo, visit: http://klaviyo.com/privacy/. You can cancel or revoke your subscription to this newsletter and thus your consent to the storage of your data at any time for the future. Details on this can be found in the confirmation email and in each individual newsletter. Klaviyo does not use the data of our newsletter recipients to write to them themselves or to pass them on to third parties. Further information on Klaviyo's data protection notices (processing according to standard contractual clauses) can be found at https://www.klaviyo.com/legal/dpa.
Online shop system Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") for the purpose of hosting and displaying the online shop on the basis of a processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned Shopify services, data may also be processed as part of further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc .or Shopify (USA) Inc. In the case of the transmission of data to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision.
Further information on Shopify's data protection is available on the following website: https://www.shopify.de/legal/datenschutz
With regard to the display of suitable products on your end device, we process data from the use of the online shop on the basis of a weighing of interests.
Cookies
Cookies are used on our website. Cookies are small pieces of text information that are stored on your end device via your browser. The cookies are required to enable certain functions of our website.
We use both session cookies, which are automatically deleted from your browser immediately after you have finished visiting the website.
In the field of web analysis, however, we also use so-called persistent cookies, which are not automatically deleted after the end of your visit to our website.
You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, we would like to point out that the use of our website may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.
The use of cookies is based on a balance of interests. Our interest is the user-friendly visit to our website.
Kickbite
Description of the processing
Our website uses the service "Kickbite", which is operated by Kickbite GmbH, Mehringdamm 32-34. 10961 Berlin (hereinafter referred to as "Kickbite"). Through Kickbite, it is possible for us to understand and improve the use of our online offering and the effectiveness of its design. With Kickbite, we can analyze the interactions and movement, as well as the course of visits to our website (so-called customer journey). Tracking technologies are used for this purpose. These help us to understand which areas of our online offering are particularly helpful for visitors and at which points users often get stuck or leave the website. As a result of this analysis, we can adapt and optimize our online offer. Kickbite does not use cookies for this purpose, but does use
other tacking technologies, namely so-called device fingerprinting, which, however, does not store any data on the user's terminal device. In addition, Kickbite uses a so-called browser cache ID (_kbuid) and the hash value of the e-mail address, but not the actual e-mail address of the user. The processed data is only stored pseudonymously or anonymously and is not merged with other personal data about the user (name, address, etc.). In particular, this involves an IP address collected during a website visit but only stored in abbreviated form. The service also collects the following personal data of visitors: user agent information (browser, operating system, device), user ID (only for users who log in to the website), user events (pages visited, URLs, referring page and link), events (e.g. "add to cart"), order ID (only for conversion events), order amount (only for conversion events). If you came to our website via Google ads - your Google visitor ID and - if you came to our website via Facebook ads - your Facebook visitor ID will also be recorded, which Kickbite takes from the cookies of Google and Facebook respectively. For more information on Kickbite's privacy policy, please visit https://www.kickbite.io/use-kickbite-privacy-policy.
Purpose
The processing takes place in order to be able to analyze the usage behavior on our website (customer journey). This serves the processing of the needs-based design and improvement of our online offer.
Legal basis
The processing is based on consent pursuant to Art. 6 (1) lit. a DSGVO. This is obtained by us via our Consent Tool. Such consent is voluntary.
Storage period and right of objection, revocation of consent We have explained the storage period, as well as your control and setting options of
tracking technologies in the section cookies. You can revoke your consent to the use of the Kickbite service via our Consent Tool at any time within the settings of the Consent Tool with effect for the future.
Recipients
Kickbite GmbH acts for us as an order processor and is bound by our instructions. The information collected is not otherwise passed on to third parties.
Web analysis Google Analytics
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer), we use Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and internet usage. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; In addition, users can prevent the data generated by the cookie and related to their use of the online offer from being collected and processed by Google by downloading and installing the browser plug-in available under the following link: https://tools .google.com/dlpage/gaoptout.
You can find more information on data use by Google, setting and objection options on the Google website: https://www.google.com/policies/privacy/partners/ ("Data use by Google when you use our partners' websites or apps" ), https://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), https://www.google.com/settings/ads (“Manage information that Google uses to show you advertising fade in")
Deployment and use of Google AdWords
The person responsible for processing has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads in both Google's search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define certain keywords that will be used to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword-related search result. In the Google advertising network, the ads are distributed to topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords.
The operator of the Google AdWords services is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to promote our website by displaying interest-based advertising on the websites of third-party companies and in the search engine results of the Google search engine and displaying third-party advertising on our website.
If a person concerned reaches our website via a Google ad, a so-called conversion cookie is stored on the information technology system of the person concerned by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to determine whether certain sub-pages, such as the shopping cart from an online shop system, were accessed on our website. The conversion cookie enables both us and Google to understand whether a person who came to our website via an AdWords ad generated revenue, i.e. completed or canceled a purchase.
The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. In turn, we use these visit statistics to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future . Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify the person concerned.
The conversion cookie is used to store personal information, such as the website visited by the person concerned. Accordingly, each time you visit our website, personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
The person concerned can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do this, the person concerned must call up the link www.google.de/settings/ads from each of the Internet browsers they use and make the desired settings there.
Further information and Google's applicable data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/.
Use of Google Fonts
To make visiting our website attractive, we use external fonts from Google Fonts. These are loaded from the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) when you visit the site. Google does not store any cookies in your browser. According to our information, however, the IP address of the user's end device is transmitted to Google and stored. This processing is based on our overriding legitimate interest in optimal marketing of our offer in accordance with Article 6 Paragraph 1 f) GDPR.
It cannot be ruled out that data will be transmitted to Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google ensures an appropriate level of data protection via the EU standard contractual clauses. You can access a copy of the contractual clauses here: https://policies.google.com/privacy/frameworks?hl=de&gl=de
Use of Google Tag Manager
Our website uses Google Tag Manager. The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source code of our website, for example to record specified usage data. The Google Tag Manager does not use cookies and does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. Some of the data is stored on a Google server in the USA. If a deactivation has been made at the domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.
You can also find more information in the information from Google on the Tag Manager.
Use of YouTube
We use YouTube LLC's YouTube video embedding function on our website. (901 Cherry Ave., San Bruno, CA 94066, USA; "YouTube").YouTube is a company affiliated with Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").The function shows videos stored on YouTube in an iFrame on the website. The option "Extended data protection mode" is activated. As a result, YouTube does not store any information about visitors to the website. Only when you watch a video is information about it sent to YouTube and stored there. You can find more information about the collection and use of data by YouTube and Google, your rights in this regard and options for protecting your privacy in YouTube's data protection information (https https://www.youtube.com/t/privacy).
Use of Facebook Pixel
Due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
With the help of the Facebook pixel, Facebook is able to determine the visitors of our offer as a target group for the display of advertisements, so-called "Facebook ads". Accordingly, we use the Facebook pixel to only display the Facebook ads we have placed to those Facebook users who have also shown an interest in our website or who have certain characteristics that we transmit to Facebook (also known as "pixel events " and e.g. containing the e-mail address of the user). This means that with the help of the Facebook pixel we want to ensure that our Facebook ads correspond to the potential interest of the user and are not annoying. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.
The Facebook pixel is integrated directly by Facebook when you visit our website and can save a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook while logged in, the visit to our website will be noted in your profile. The data collected about you is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. If we should transmit data to Facebook for comparison purposes, this will be encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of making a comparison with the data that is similarly encrypted by Facebook.
If we should transmit data to Facebook for comparison purposes, this will be encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of making a comparison with the data encrypted by Facebook.
The processing of the data by Facebook takes place within the framework of Facebook's data usage guidelines. Accordingly, general information on the display of Facebook ads in Facebook's data usage guidelines: https://www.facebook.com/policy.php. You can find specific information and details about the Facebook pixel and how it works in the Facebook help area: https://www.facebook.com/business/help/651294705016616.
You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To do this, you can call up the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tabs=ads or the objection via the EU page https://www.youronlinechoices .com/uk/your-ad-choices/ explain. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Tik Tok Pixel
We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok advertiser tool from the two providers
• TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and
• TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both hereinafter collectively referred to as “TikTok”).
The TikTok Pixel is a snippet of JavaScript code that allows us to understand and track visitor activity on our website. The Tiktok Pixel collects and processes information about the creators of our website or the devices they use (so-called event data).
The event data collected via the TikTok Pixel is used to target our ads and to improve ad delivery and personalized advertising. For this purpose, the event data collected on our website using the TikTok pixel is transmitted to Facebook TikTok.
Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the TikTok Pixel, via which information is stored on the device you are using. Such storage of information by the TikTok pixel or access to information that is already stored in your end device only takes place with your consent. The legal basis for the collection and transmission of personal data by us to TikTok is therefore Article 6 (1) (a) GDPR. You can revoke your consent at any time via our consent management tool.
This collection and transmission of the event data is carried out by us and TikTok as jointly responsible. We have entered into a processing agreement with TikTok as joint controllers, which sets out the distribution of data protection obligations between us and TikTok. In this Agreement, we and TikTok have agreed, among other things,
• that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR on the joint processing of personal data;
• that TikTok is responsible for enabling the rights of data subjects pursuant to Art. 15 to 20 GDPR with regard to the personal data stored by Facebook Ireland after joint processing.
You can check the agreement between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871.
TikTok is solely responsible for the processing of the transmitted event data that follows the transmission. For more information on how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, see TikTok's data policy at https://www.tiktok.com/legal/privacy -policy?lang=de-DE.
Review.io
We use "Review.io", a product of the company REVIEWS.io 2020 GMBH, Stralauer Allee 6, 10245 Berlin, Germany.
Review.io is a marketing solution for collecting and managing customer reviews. We use it to collect reviews from our customers in the form of text, video or photo and to display these reviews on our website, on Google and on our social network platforms.
All information collected by us is subject to this data protection declaration and is processed on the basis of our legitimate interests (exclusively to optimize our marketing measures and to improve the quality of our website) in accordance with Art. 6, Para. 1, Let. f of the GDPR.
For this purpose, we have concluded a data processing agreement with Review.io, in which Review.io undertakes to process user data in strict compliance with our instructions and the data protection standards of the European Union.
For more information about the type of data Review.io collects, see the Review.io Terms of Service and Privacy Policy: https://www.reviews.io/front/data-protection.
3. Purposes of processing personal data
We process the aforementioned data for the operation of our website and for the fulfillment of contractual obligations towards our customers or the protection of our legitimate interests.
In the case of inquiries from you outside of an active customer relationship, we process the data for sales and advertising purposes. You can object to the use of your personal data for advertising purposes at any time.
4. Voluntary Disclosures
If you voluntarily provide us with data, e.g. in forms, and this is not required for the fulfillment of our contractual obligations, we process this data on the legitimate assumption that the processing and use of this data is in your interest.
5. Recipients / disclosure of data
Data that you provide to us will not be passed on to third parties. In particular, your data will not be passed on to third parties for their advertising purposes.
However, we may use service providers to operate this website or for other products or services from us. Here it can happen that a service provider gains knowledge of personal data. We select our service providers carefully - especially with regard to data protection and data security - and take all data protection measures required for permissible data processing.
6. Data processing outside the European Union
As far as personal data is processed outside the European Union, you can see this from the previous statements.
7. Data Protection Officer
We have appointed a data protection officer. You can reach this as follows:
LPP Lotao Pack and Production GmbH
- Data Protection Officer –
Email: datenschutz@lotao.de
8. Data transmission upon conclusion of contract for online shop, dealer and goods dispatch
We only transmit personal data to third parties if this is necessary in the context of contract processing, for example to the company entrusted with the delivery of the goods or the bank responsible for processing the payment. Any further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 Paragraph 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.
9. Payment Services
We integrate payment services from third party companies on our website. If you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contract and data protection provisions of the respective provider apply to these transactions. The payment service providers are used on the basis of Art. 6 Para. 1 lit. b GDPR (contract processing) and in the interest of a payment process that is as smooth, convenient and secure as possible (Art. 6 Para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Article 6 (1) (a) GDPR is the legal basis for data processing; Consent can be revoked at any time for the future.
Klarna
The person responsible for processing has integrated components from Klarna on this website. Klarna is an online payment service provider that enables purchases on account or flexible installment payments. Klarna also offers other services, such as buyer protection or an identity and credit check. Klarna's operating company is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden If you select either the “purchase on account” or “installment purchase” payment option, the data of the person concerned is automatically transmitted to Klarna. By selecting one of these payment options, the person concerned agrees to the transfer of personal data required to process the invoice or installment purchase or to check identity and creditworthiness. The personal data transferred to Klarna is usually first name, last name , address, date of birth, gender, email address, IP address, telephone number, mobile phone number and other data required to process an invoice or installment purchase. Personal data related to the respective order are also required to process the purchase contract. In particular, there may be a mutual exchange of payment information, such as bank details, card number, expiry date and CVC code, number of items, item number, data on goods and services, prices and taxes, information on previous purchasing behavior or other information on the financial situation of the person concerned .The transmission of the data is aimed in particular at identity verification, payment administration and fraud prevention. The person responsible for processing will transmit personal data to Klarna in particular if there is a legitimate interest in the transmission. The personal data exchanged between Klarna and the person responsible for processing are transmitted by Klarna to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Klarna also passes on the personal data to affiliated companies (Klarna Group) and service providers or subcontractors insofar as this is necessary to fulfill contractual obligations or the data is to be processed on behalf of the customer Establishment, implementation or termination of a contractual relationship, Klarna collects and uses data and information about the previous payment behavior of the person concerned as well as probability values for their behavior in the future (so-called scoring). The scoring is calculated on the basis of scientifically recognized mathematical-statistical methods. The data subject has the option of revoking their consent to Klarna for the handling of personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing. Klarna's applicable data protection regulations can be found at https://cdn.klarna.com/1.0/shared/content/policy/ data/de_de/data_protection.pdf can be accessed.
PayPal
On our website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
If you choose to pay via PayPal, the payment details you enter will be sent to PayPal.
Your data is transmitted to PayPal on the basis of Article 6 (1) (a) GDPR (consent) and Article 6 (1) (b) GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.
Amazon Pay
If you select the payment method "Amazon Pay", the payment will be processed via the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: “Amazon Payments”), to whom we pass on the information you provided during the ordering process together with the information about your order in accordance with Article 6 (1) (b) GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent that it is necessary for this. You can find more information about the data protection provisions of Amazon Payments at the following Internet address: https://pay.amazon.de/help/201751600
Apple Pay
If you choose the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the "Apple Pay" function of your device running iOS, watchOS or macOS by debiting a payment card stored with "Apple Pay". Apple Pay uses security features built into your device's hardware and software to protect your transactions. In order to release a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, the information you provide during the ordering process, along with the information about your order, will be sent to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is sent to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment details. After payment is made, Apple will send your device account number and a transaction-specific dynamic security code to the originating website to confirm payment success.
If personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
Apple retains anonymized transaction information, including approximate purchase amount, date and time, and whether the transaction was successfully completed. The anonymization completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that personally identifies you. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.
You can find further information on data protection with Apple Pay at the following Internet address: https://support.apple.com/de-de/HT203027
Google Pay
If you decide to use the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment will be processed using the “Google Pay” application on your device with at least Android 4.4 ("KitKat") operated mobile device with an NFC function by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To release a payment via Google Pay of more than €25, you must first unlock your mobile device using the verification measure set up (e.g. face recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provide during the ordering process together with the information about your order will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the source website, which is used to verify that the payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a uniquely valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment stored with Google Pay.
If personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photographs you included with the transaction, the name and email addresses of the seller and buyer, or of the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing takes place exclusively in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and functional maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.
The Google Pay Terms of Use can be found here:
payments.google.com/payments/apis-secure/u/0/get_legal_document
Further information on data protection with Google Pay can be found at the following Internet address:
payments.google.com/payments/apis-secure/get_legal_document
10. Your rights as a data subject
You have the right to information about the personal data concerning you. You can contact us at any time for information.
In the case of a request for information that is not made in writing, we ask for your understanding that we may require evidence from you that proves that you are the person you say you are.
Furthermore, you have the right to correction or deletion or to restriction of processing, insofar as you are legally entitled to this.
Finally, you have the right to object to the processing within the framework of the legal requirements. The same applies to a right to data portability.
11. Deletion of Data
We generally delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still required in order to fulfill contractual services, to be able to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory storage obligations, deletion can only be considered after the respective storage obligation has expired.
12. Right to lodge a complaint with a supervisory authority
You have the right to complain to a data protection supervisory authority about the processing of personal data by us.
13. Changes to this Privacy Notice
We revise this data protection notice when changes are made to this website or for other reasons that make this necessary. You can always find the current version on this website.
Status: 05/23/2018