Privacy policy

This privacy policy applies to the collection, processing and use of your personal data ("data processing") when using MAVOLU. Personal data refers to all data with which you can be personally identified.

The protection of your personal data is of particular concern to us. We therefore collect and process your data exclusively on the basis of the statutory provisions, in particular the provisions of the BDSG and the DS-GVO. In this data protection information, we inform you about the most important aspects of data processing within the framework of our website.

In the following, we would like to inform you in detail about which data we collect, process and use for which purpose and how you can object to this data processing.

1. Name and address of the responsible party

The responsible party for data processing within the meaning of the General Data Protection Regulation (GDPR) is

Nadja Gegner, MAVOLU, Böcklinstr. 9, 10245 Berlin, Germany, Tel.: +49 30 53145652, E-Mail: hello@mavolu.com

The entity in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2. Scope of the processing of personal data

For security purposes and safeguarding the transmission of sensitive information, such as personal data and confidential content (e.g., orders or queries directed to the controller), this website employs SSL or TLS encryption. You can identify an encrypted connection by observing the character string https:// and the padlock symbol displayed in your browser's address bar.

3. Data collection when you visit our website

When you use our website for informational purposes only, meaning you do not register or provide us with any information, we exclusively gather data transmitted by your browser to our server, referred to as "server log files." During your website visit, we collect the following technically essential data for the purpose of displaying the website to you:

Our visited website
The date and time at the moment of access
Amount of data sent in bytes
The source/reference from which you came to the page
Which browser is used
Which operating system is used
IP address used (if applicable: in anonymised form)

Data processing is conducted in compliance with Article 6(1) point f GDPR, based on our legitimate interest to enhance the stability and functionality of our website. Your data will not be shared or utilised for any other purposes. Nonetheless, we retain the right to review the server log files later if there are specific indications of illegal usage.

4. Hosting and content delivery network

For the hosting of our website and the display of the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Kanada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. oder Shopify (USA) Inc.

All data gathered on our website is processed on the servers of our service provider. We have established a data processing agreement with the provider, which guarantees the safeguarding of data belonging to our website visitors and prevents unauthorised sharing with third parties.

Regarding data transfers to the USA, the provider relies on the standard contractual clauses issued by the European Commission, designed to uphold compliance with European data protection standards.

In the event of data transfers to Canada, an adequate level of data protection is ensured through an adequacy decision made by the European Commission.

5. Cookies

To enhance your experience while visiting our website and enable the functionality of specific features, we employ cookies – small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (referred to as "session cookies"), while others remain on your device for an extended period, enabling the retention of page settings (known as "persistent cookies"). In the latter case, you can determine the duration of storage by reviewing your web browser's cookie settings.

If individual cookies set by us also process personal data, such processing is conducted either in accordance with Art. 6 (1) point b GDPR for the performance of the contract, in accordance with Art. 6 (1) point a GDPR in the case of consent given or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

You have the option to configure your browser settings to receive notifications about the placement of cookies. This allows you to make individual decisions regarding whether to accept them or opt out of accepting cookies for specific situations or in a general sense.

However, please be aware that if you choose not to accept cookies, the functionality of our website may be restricted or limited.

6. Contacting us

When you reach out to us, such as through a contact form or email, we collect personal data. The specific data collected via the contact form is outlined in the respective contact form itself. This data is stored and utilized solely for the purpose of responding to your inquiry, establishing contact, and managing the associated technical aspects.

The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted once your inquiry has been fully processed. This deletion occurs when it can be reasonably inferred from the circumstances that the relevant matters have been conclusively resolved, provided there are no legal storage obligations to the contrary.

7. Data processing when opening a customer account and for contract processing

According to Art. 6 (1) point b GDPR, personal data will be collected and processed as necessary if you choose to provide this data when creating a customer account. The specific data required for opening an account can be found in the input fields of the corresponding form on our website. You have the option to delete your customer account at any time by sending a message to the contact address of the responsible party mentioned above. Upon deletion of your customer account, your data will be erased, provided that all contracts established through it have been fully executed, there are no legal obligations for data retention, and there is no legitimate interest on our part that necessitates ongoing storage.

8. Commentary function

In the context of the commentary feature on this website, when you leave a comment, we collect and subsequently publish the comment itself, along with information regarding the time of your comment and the name you have chosen as a commentator. Additionally, we log and store your IP address for security purposes. This IP address is retained as a precaution in case the individual in question violates the rights of third parties or posts illegal content in their comment. We also require your email address to be able to reach out to you if a third party raises objections to the lawfulness of your published content. The legal basis for storing your data is established under both Article 6(1) point b and f GDPR. We maintain the right to remove comments if they are contested as unlawful by third parties.

9. Use of client data for direct advertising

9.1 Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you updates and information about our offers. The only required information for sending the newsletter is your email address. Providing additional data is optional and will be used to personalize our communication with you.

We implement a double opt-in procedure for sending the newsletter. This means that we will send you the email newsletter only after you have explicitly confirmed your consent to receive it. Afterward, you will receive a confirmation email, prompting you to confirm your desire to receive the newsletter in the future by clicking on a designated link.

By clicking the confirmation link, you provide your consent for the utilization of your personal data in accordance with Article 6(1)(a) of the GDPR. When you register for the newsletter, we retain the IP address provided by your Internet service provider (ISP) as well as the date and time of registration. This is done to track potential misuse of your email address in the future.

The data collected during your newsletter registration is exclusively used for promotional purposes through the newsletter. You have the option to unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the responsible party mentioned at the beginning of this statement. Upon unsubscribing, your email address will be promptly removed from our newsletter distribution list, unless you have expressly granted consent for further data usage, or we have legal grounds to utilize your data more extensively, as outlined in this declaration.

9.2 Newsletter via MailChimp

Our email newsletters are sent via the following provider: The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

In pursuit of our legitimate interest in efficient and user-friendly newsletter marketing, we transmit the data you provide during newsletter registration to our service provider, as permitted by Article 6(1)(f) of the GDPR, so that they can distribute the newsletter on our behalf.

With your explicit consent in accordance with Article 6(1)(a) of the GDPR, the provider also conducts a statistical assessment of the success of newsletter campaigns by employing web beacons or tracking pixels in the emails sent. These tools allow us to measure the opening rates and specific interactions with the newsletter content. During this process, information related to your device (e.g., time of access, IP address, browser type, and operating system) is collected and analyzed, but it is not combined with other data records.

You have the option to withdraw your consent for newsletter tracking at any time, and this will take effect for future communications.

We have established an agreement for data processing with the provider, ensuring the protection of data belonging to visitors to our site and prohibiting the sharing of data with third parties.

Regarding data transfers to the USA, the provider relies on the standard contractual clauses issued by the European Commission, which are designed to maintain compliance with European data protection standards.

10. Processing of data for the purpose of order handling

10.1 To facilitate the processing of contracts, including delivery and payment purposes, personal data collected by us will be shared with the designated transportation company and the designated credit institution, as permitted under Article 6(1)(b) of the GDPR.

In the event that we owe you updates for goods with digital components or for digital products, based on an existing contract, we will use the contact information you provided when placing the order (such as name, address, and email address) to personally inform you about upcoming updates. This communication will occur through appropriate means, such as post or email, within the legally mandated timeframe, in accordance with our legal obligation under Article 6(1)(c) of the GDPR. Your contact details will be strictly used for the purpose of notifying you about updates that are owed by us, and we will only process this information to the extent required for the specific notification.

In order to fulfil your orders, we also collaborate with certain service providers who assist us in executing the contracts we have entered into. Certain personal data is transmitted to these service providers in accordance with the following information.

10.2 Use of Payment Service Providers

10.2.1 Apple Pay

If you choose the payment method "Apple Pay" provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your terminal device operated with iOS, watchOS or macOS by debiting a payment card which has been deposited with "Apple Pay". Apple Pay employs security features integrated into both the hardware and software of your device to safeguard your transactions. To authorize a payment, it is necessary to enter a code that you have previously defined and verify it using either the "Face ID" or "Touch ID" function on your device.

For the purpose of processing payments, the information you provided during the ordering process, in conjunction with details about your order, will be securely transmitted to Apple in an encrypted format. Apple then encrypts this data once more using a developer-specific key before sending it to the payment service provider associated with the payment card stored in Apple Pay for payment processing. This double encryption ensures that only the website where the purchase was initiated can access the payment information. Following the completion of the payment, Apple sends your device account number and a transaction-specific dynamic security code back to the originating website to confirm the transaction.

If personal data is involved in the described data transmissions, such processing is conducted solely for the purpose of payment processing, as specified in accordance with Article 6(1)(b) of the GDPR.

Apple retains anonymised transaction data, including approximate purchase amounts, approximate dates and times of transactions, and whether the transactions were successfully completed. Anonymisation ensures that there is no possibility of identifying individuals from this data. Apple utilises this anonymised data to enhance the functionality of Apple Pay and other Apple products and services.

When you utilize Apple Pay on your iPhone or Apple Watch to finalize a purchase initiated through Safari on your Mac, there is secure and encrypted communication between your Mac and the authorization device via Apple's servers. Apple does not handle or store this information in any manner that would allow for personal identification. If you wish to deactivate the option to use Apple Pay on your Mac, you can do so in your iPhone settings. Simply navigate to "Wallet & Apple Pay" and disable "Allow payments on Mac."

For additional details on Apple Pay privacy, please visit the following web address:

https://support.apple.com/en-gb/HT203027

10.2.2 Google Pay

If you choose the payment method "Google Pay" provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application of your mobile device, given it is running at least Android 4.4 ("KitKat") and has an NFC function by charging a payment card deposited at Google Pay or a payment system verified there (for example PayPal). To authorise a payment through Google Pay exceeding 25 euros, you must first unlock your mobile device using the appropriate verification method, such as face recognition, a password, fingerprint, or a pattern. This additional layer of security ensures the integrity of the transaction.

For the purpose of facilitating payment processing, the information you provided during the order placement, along with order details, will be transmitted to Google. Google then sends your payment information, stored in Google Pay, in the form of a unique transaction number to the originating website. This transaction number is used to verify the payment but does not contain any actual payment data from your chosen payment method stored in Google Pay. Instead, it is generated and transmitted as a uniquely valid numeric token.

It's important to note that in all transactions conducted via Google Pay, Google functions solely as an intermediary to facilitate the payment transaction. The transaction itself is conducted exclusively between you and the originating website, with the payment being debited from the payment method stored within your Google Pay account.

If personal data are involved in the described data transmissions, such processing is conducted exclusively for the purpose of payment processing, as specified in accordance with Article 6(1)(b) of the GDPR.

Google retains the right to collect, store, and analyse certain transaction-specific information for each transaction carried out via Google Pay. This information may encompass the date, time, and amount of the transaction, the merchant's location and description, a description provided by the merchant regarding the goods or services purchased, any photos attached to the transaction, the names and email addresses of the seller and buyer (or sender and recipient), the payment method used, your description of the transaction's purpose, and, if applicable, any offers associated with the transaction.

According to Google, this processing is conducted exclusively in accordance with Article 6(1)(f) of the GDPR, relying on the legitimate interest in proper accounting, transaction data verification, and optimisation and maintenance of the functionality of the Google Pay service.

Furthermore, Google retains the right to merge the processed transaction data with other information collected and stored by Google when using other Google services. This may be done for a comprehensive understanding of user behaviour and preferences across various Google services, while adhering to applicable privacy regulations.

The terms of use of Google Pay can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en

Further information on data protection at Google Pay can be found through the following link:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

10.2.3 Klarna

All the online payment methods from this provider are available on the following website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you choose a payment method that requires an advance payment, such as credit card payment, your payment details provided during the order process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the content of your order, will be shared with the payment provider in accordance with Article 6(1)(b) of the GDPR. In such instances, your data will only be shared for the purpose of processing the payment with the provider and solely to the extent necessary to fulfil this specific purpose.

When you select a payment method provided by a service that offers advance payments, such as invoice purchase, instalment purchase, or direct debit, you will also be required to provide specific personal data during the order process. This information typically includes your first and last name, street address, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, details about alternative payment methods you may wish to provide.

In order to protect our legitimate interest in determining the solvency of our customers, we share this data with the provider for the purpose of conducting a credit check, as outlined in Article 6(1)(f) of the GDPR. Using the personal data you provide, along with additional data such as your shopping cart, invoice total, order history, and payment history, the provider assesses whether the payment option you have chosen can be approved considering payment and/or bad debt risks.

Additionally to internal provider criteria, identity and creditworthiness information from the following credit agencies might also be included in the decision-making process as part of the application review in accordance with Art. 6 (1) point f GDPR:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may include probability values known as score values. If score values are a part of the credit report's outcome, they are derived from a scientifically recognized mathematical-statistical method. The calculation of these score values may involve various factors, including but not limited to, address data.

You have the right to object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still have the right to process your personal data if it is necessary for the contractual processing of payments.

10.2.4 Shopify Payments

The online payment methods from this provider are available on the following website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Irland

If you choose a payment method that involves making an advance payment, such as credit card payment, your payment information provided during the order process (including name, address, bank and payment card details, currency, and transaction number), along with details about the contents of your order, will be shared with the payment provider in accordance with Article 6(1)(b) of the GDPR. In such instances, your data will only be shared for the purpose of processing the payment with the provider and solely to the extent necessary to fulfil this specific purpose.

10.2.5 SOFORT

The online payment methods from this provider are available on the following website: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany

11. Web analysis services

This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which can be used to analyse the use of websites.

Google Analytics 4 also enables the creation of statistics that provide insights into the age, gender, and interests of website users. These statistics are generated through an evaluation of interest-based advertising and may involve the use of third-party information, facilitated by a specific feature known as "demographic characteristics." This functionality allows for the categorisation and differentiation of groups of website users, aiding in targeted marketing efforts. However, it's important to note that data collected through the "demographic characteristics" feature cannot be attributed to a specific individual, including you. The data gathered through the "demographic characteristics" function is retained for two months and then deleted.

All of the processes described above, in particular the utilisation of Google Analytics cookies to store and access information on the device you use to access the website, will only occur if you have provided us with explicit consent in accordance with Article 6(1)(a) of the GDPR. Without your consent, Google Analytics 4 will not be employed while you use the website. You retain the right to withdraw your consent at any time, with future effect. To do so, you can deactivate this service using the "Cookie Consent Tool" made available on the website.

On this website, the "Google Signals" service can also be employed as an extension of Google Analytics 4. Google Signals allows for the creation of cross-device reports by Google, a practice referred to as "cross-device tracking." If you have enabled "personalised ads" in your Google account settings and have connected your internet-enabled devices to your Google account, Google can analyse user behaviour across various devices and construct database models based on this information. This is possible if you have given your consent to the use of Google Analytics in accordance with Article 6(1)(a) of the GDPR (as explained above).

The data takes into account the logins and types of devices used by all website visitors who were logged into a Google account and completed a conversion. This data provides insights, among other things, into which device you initially clicked on an advertisement and on which device the associated conversion occurred.

It's important to note that when Google Signals is utilised, we do not receive any personal data from Google. Instead, we receive statistics generated based on Google Signals. You have the option to deactivate the "personalised ads" feature in your Google account settings to disable cross-device analysis. To do so, please refer to the instructions on this page:

https://support.google.com/ads/answer/2662922?hl=de

Further information can be found here:

https://support.google.com/analytics/answer/7532985?hl=de

As an extension of Google Analytics 4, the "UserIDs" function can also be employed on this website. By assigning individual UserIDs, we enable Google to create cross-device reports, commonly referred to as "cross-device tracking." This means that your usage behaviour can be analysed across different devices if you have provided your consent for the use of Google Analytics in accordance with Article 6(1)(a) of the GDPR. Additionally, this functionality requires you to have a personal account registered on this website and to be logged into your personal account on various devices using your login credentials.

The data collected through this method provides insights into various aspects of user behaviour, including which device you initially used to click on an advertisement and on which device the relevant conversion occurred.

For our use of Google Analytics 4, we have entered into a data processing agreement with Google. Under this agreement, Google is obligated to protect the data of our website users and refrain from sharing it with third parties.

To guarantee compliance with the European data protection standards, even in cases where data is transferred from the EU or EEA to the USA with possible subsequent processing, Google relies on the standard contractual clauses issued by the European Commission. We have contractually established this agreement with Google.

For more legal information concerning Google Analytics 4, including a copy of the mentioned standard contractual clauses, you can refer to the following link:

https://policies.google.com/privacy?hl=en

Details on the processing triggered by Google Analytics 4 and Google's handling of data from websites can be found here:

https://policies.google.com/technologies/partner-sites

12. Site functionalities

Shopsync for Shopify: our website uses the Shopify app "Shopsync" operated by ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.

ShopSync is employed to synchronize the newsletter service "Mailchimp" with our Shopify account. This synchronization operates in two key ways:

1. Updates in Mailchimp email lists, such as a recipient opting out, are automatically reflected in Shopify.
2. New contact data generated through contracts and transactions on Shopify are automatically transferred to the Mailchimp email lists.

This integration ensures that both platforms remain up-to-date with relevant contact information and preferences.

In the first case, data processing is conducted in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in effectively and cross-systemically maintaining records of advertising recipients and efficiently tracking legally significant status changes.

In the second case, data processing relies solely on the express consent of the user, in accordance with Article 6(1)(f) of the GDPR. This consent is obtained following the conclusion of a contract on Shopify for inclusion in the Mailchimp email list. The information transmitted from ShopSync to Mailchimp in this context includes the user's first and last name, address, email address, as well as transaction-related details (such as purchase amount, time, and date of purchase).

It's important to note that data transmitted in this manner is not stored or retained by ShopSync after synchronisation. All information synchronised between Shopify and Mailchimp is transmitted using Secure Socket Layer (SSL) technology, ensuring that the data remains encrypted throughout the synchronisation process.

The synchronisation process requires the transfer of information over a secure connection to servers hosted by Amazon Web Services in the USA.

13. Tools and Miscellaneous

13.1 This website employs a "cookie consent tool" to effectively obtain user consent for cookies and cookie-based applications that require such consent. The "cookie consent tool" is presented to users as an interactive user interface when they visit the page. Users can provide consent for specific cookies and/or cookie-based applications by checking the appropriate boxes within the tool. Using this tool, cookies and services that necessitate consent are only loaded if the user grants the corresponding consent by checking the relevant box. This ensures that these cookies are only placed on the user's device if consent has been given.

The tool also sets technically necessary cookies to save your cookie preferences. In general, personal user data is not processed. If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, then this is done in accordance with Art. 6 (1) GDPR based on our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Further legal basis for this processing is provided by Article 6(1)(c) of the GDPR. As the entity responsible for data processing, we are obliged by law to make the use of technically unnecessary cookies contingent upon the user's consent.

For more detailed information about the operator and the settings available in the cookie consent tool, please refer to the corresponding user interface directly on our website.

13.2 Lexoffice

For the execution of our accounting, we use the service of the cloud-based accounting software of the following provider: Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany

The provider processes incoming and outgoing invoices, and if applicable, the bank transactions of our company. This processing is conducted with the aim of automatically recording invoices, reconciling them with transactions, and generating financial accounting data through a semi-automated process.

To the extent that personal data is processed within this context, such processing is carried out in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in efficiently organizing and documenting our business transactions.

14. Rights of the data subject

14.1 Under the applicable data protection law, you have the following comprehensive rights as data subjects (rights of information and intervention) in relation to the data controller regarding the processing of your personal data:

Right of access by the data subject pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to be informed pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw a given consent pursuant to Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

14.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE ENGAGE IN THE PROCESSING OF YOUR PERSONAL DATA BASED ON OUR DOMINANT LEGITIMATE INTEREST, YOU RETAIN THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME, WITH EFFECT FOR FUTURE ACTIONS, BASED ON CIRCUMSTANCES ARISING FROM YOUR SPECIFIC SITUATION.

IF YOU CHOOSE TO EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE RELEVANT DATA. HOWEVER, WE MAINTAIN THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF SUCH PROCESSING IS REQUIRED TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU MAINTAIN THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME. THIS OBJECTION CAN BE EXERCISED AS PREVIOUSLY DESCRIBED.

UPON EXERCISING YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA FOR DIRECT ADVERTISING PURPOSES.

15. Duration of storage of personal data

The duration of personal data storage is determined by the applicable legal basis, the purpose of processing, and, if relevant, the specific legal retention periods (such as commercial and tax retention periods). In case personal data is processed based on an individual's express consent under Article 6(1)(a) of the GDPR, such data shall be retained until the data subject revokes their consent.

If there are legal storage periods for data that is processed within the framework of legal or similar obligations based on Article 6(1)(b) of the GDPR, this data will be routinely deleted after the expiration of the storage periods if it is no longer necessary for the fulfilment or initiation of the contract and/or if we no longer have a justified interest in retaining it further.

When processing personal data based on Article 6(1)(f) of the GDPR, this data is stored until the data subject exercises their right of objection in accordance with Article 21(1) of the GDPR, unless we can provide compelling grounds for processing that outweigh the interests, rights, and freedoms of the data subject, or the processing is necessary to assert, exercise, or defend legal claims.

If personal data is processed for the purpose of direct marketing under Article 6(1)(f) of the GDPR, this data is stored until the data subject exercises their right of objection pursuant to Article 21(2) of the GDPR. Unless otherwise specified in the information provided in this declaration regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.