DATA PROTECTION

DATA PROTECTION

1) Information about the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we will inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Hansa Brain GmbH, Jungfernstieg 44, 20354 Hamburg, Germany, Tel .: +49 (0) 40 32 088 993, E-Mail: jauns @ hansabrain .de. The person responsible for the processing of personal data is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data.
1.3 The person responsible has appointed a data protection officer, who can be reached as follows: "IT-Recht Kanzlei, Alter Messeplatz 2, 80339 Munich, +49 (0) 89/130 1433-0, info@it-recht-kanzlei.de"
1.4 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or. TLS encryption. You can recognize an encrypted connection by the character string "https: //" and the lock symbol in your browser line.

2) Data collection when you visit our website
When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source / reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymous form)
The processing takes place in accordance with Art. 6 Para. 1 lit.f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

3) hosting
Hosted by Wix
We use the website construction kit system from Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel ("Wix") for the purpose of hosting and displaying the website on the basis of processing on our behalf. All data collected on our website is processed on the Wix servers. As part of the aforementioned services from Wix, data can also be transmitted to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, as part of further processing. In the event that data is transmitted to Wix in Israel, the European Commission's adequacy decision guarantees the appropriate level of data protection. Further information on data protection from Wix can be found on the following website: https://de.wix.com/about/privacy
The scope of the processing of personal data is shown below. Further processing on servers other than those mentioned above by Wix will only take place within the framework specified below.

4) cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable your browser to be recognized the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either to carry out the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 Para. 1 lit.f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
Please note that you can set your browser so that you are informed about the setting of cookies and individually decide whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of every browser, which explains how you can change your cookie settings. You can find these for the respective browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) contact
When you contact us (e.g. using the contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit.f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR. Your data will be deleted after your request has been processed. This is the case when it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention requirements.

6) Data processing when opening a customer account and for contract processing
In accordance with Article 6 (1) (b) GDPR, personal data will continue to be collected and processed if you provide us with them for the purpose of executing a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We save and use the data you have provided to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked with due regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we reserve the right to further use your data as permitted by law has been.

7) Data processing for order processing
7.1 To process your order, we work together with the following service provider (s) who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for forwarding the data is Article 6 Paragraph 1 lit. b GDPR.
7.2 Use of payment service providers (payment services)
- giropay
When paying via "giropay", payment is processed by giropay GmbH, An der Welle 4, 60322 Frankfurt / Main, to whom we pass on the information you provided during the ordering process along with information about your order. Your data is passed on in accordance with Art. 6 Paragraph 1 lit. b GDPR exclusively for the purpose of processing payments and only to the extent that it is necessary for this. You can find more information about the data protection provisions of giropay GmbH at the following Internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung
- Klarna
If a Klarna payment service is selected, the payment will be processed by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable the processing of the payment, your personal data (first and last name, street, house number, zip code, city, gender, email address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, type of delivery) passed on to Klarna for the purpose of the identity and credit check, provided that you have expressly consented to this in accordance with Art. 6 Para. 1 lit. a GDPR as part of the ordering process. You can see here which credit agencies your data can be forwarded to:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
Your personal details are processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
treated.
- Wix Payments
If you choose the Wix Payments payment method, the payment will be made through the payment system of Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel ("Wix"). Wix Payments enables payment using all major credit card formats and, depending on the region, additional payment methods. The individual payment methods offered via Wix Payments will be communicated to you on our website.
For payments via Wix Payments, your payment details (e.g. payment amount, information on the means of payment used, details of the payee) and your confirmation that the payment details are correct will be collected by Wix to carry out the payment in accordance with Art. 6 (1) (b) GDPR , processed and transmitted to the credit institute commissioned with the payment. This processing only takes place insofar as it is actually necessary for the execution of the payment. Wix then authenticates the payment using the authentication method stored for you at your financial institution.
As part of the aforementioned services, data can also be transmitted by further processing on behalf of Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA.
In the event that data is transmitted to Wix in Israel, the European Commission's adequacy decision guarantees the appropriate level of data protection.
Further information on data protection from Wix can be found on the following website: https://de.wix.com/about/privacy

8) rights of the data subject
8.1 The applicable data protection law grants you comprehensive data protection rights (information and intervention rights) to the person responsible with regard to the processing of your personal data, about which we inform you below:
- Right to information in accordance with Art. 15 GDPR: In particular, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed Planned storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if we did not collect it from you, the existence of automated decision-making including profiling and, if necessary, meaningful information about the logic involved and the scope and the intended effects of such processing, as well as your right to be informed about the guarantees in accordance with Art. 46 GDPR when your data is forwarded in Third countries exist;
- Right to correction according to Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and / or completion of your incomplete data stored by us;
- Right to deletion according to Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request that the processing of your personal data be restricted as long as the correctness of your data is checked, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have objected to reasons of your particular situation, as long as it is not certain whether ours legitimate reasons prevail;
- Right to information in accordance with Art. 19 GDPR: If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to correct or delete the data to all recipients to whom the personal data relating to you has been disclosed or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another person responsible, if this is technically feasible ;
- Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. If you withdraw your consent, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal;
- Right to complain in accordance with Art. 77 GDPR: If you are of the opinion that the processing of your personal data violates the GDPR, you have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement.
8.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR MAINLY LEGITIMATE INTEREST, YOU HAVE THE AT ANY TIME TO PROCESS YOUR PERSONAL DATA, FOR REASONS THAT WE GIVE UPON YOUR SPECIFIC SITUATION.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED. FURTHER PROCESSING IS RESERVED IF WE CAN PROVE COMPULSORY REASONS FOR THE PROCESSING, THAT OUTSIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS OR IF THE PROCESSING OR EXPRESSION APPLIES.
IF YOUR PERSONAL DATA IS PROCESSED BY US IN ORDER TO OPERATE DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY OBJECTIVE AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA AFFECTED FOR DIRECT ADVERTISING PURPOSES.

9) Duration of storage of personal data
The duration of the storage of personal data is based on the respective legal basis, the processing purpose and - if relevant - additionally based on the respective statutory retention period (e.g. commercial and tax retention periods).
When processing personal data on the basis of express consent in accordance with Article 6 (1) (a) GDPR, this data is stored until the person concerned revokes his or her consent.
If there are statutory retention periods for data that are processed in the context of legal or similar obligations on the basis of Art. 6 Paragraph 1 lit. and / or we have no legitimate interest in further storage.
When processing personal data on the basis of Art. 6 Paragraph 1 lit.f GDPR, this data is stored until the person concerned exercises his right of objection under Art. 21 Paragraph 1 GDPR, unless we can have compelling reasons worthy of protection prove for the processing that the interests, rights and freedoms of the data subject outweigh, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Art. 6 Para. 1 lit.f GDPR, these data are stored until the person concerned exercises his right of objection under Art. 21 Paragraph 2 GDPR.
Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.