Privacy Policy

1. Data protection at a glance
General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. You can find detailed information on data protection in our data protection declaration listed below this text.

Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the "Note on the responsible body" section of this data protection declaration.

How do we collect your data?
Your data is collected when you provide it to us. This can, for example, be data that you enter in a contact form.

Other data is automatically collected or obtained with your consent when you visit the website through our IT systems. These are mainly technical data (e.g. internet browser, operating system or time of page visit). This data is collected automatically as soon as you enter this website.

What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to demand the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to demand the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the responsible supervisory authority.

You can contact us at any time with regard to these and other questions about data protection.

Analysis Tools and Third-Party Tools
When you visit this website, your surfing behavior may be statistically evaluated. This is mainly done with so-called analysis programs.
Detailed information on these analysis programs can be found in the following privacy policy.

2. General Information and Mandatory Information
Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
If you use this website, various personal data will be collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the internet (e.g. when communicating by email) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.

Responsible Party
The responsible party for data processing on this website is:
Stiftung Nationales Automuseum
The Loh Collection gGmbH
Hauptstraße 154
35716 Ewersbach
Phone: +49 2774 923 650
Email: info@nationales-automuesum.de
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage Duration
Unless a specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, the deletion will take place after the expiration of these reasons.

Note on data transfer to the US and other third countries
We use tools from companies based in the US or other countries that do not have a sufficient level of data protection. If these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that these countries may not guarantee a level of data protection comparable to that of the EU. For example, US companies are required to disclose personal data to law enforcement agencies without the affected person being able to legally challenge this. Therefore, it cannot be ruled out that US authorities (such as intelligence agencies) may process, analyze and store your data located on US servers for surveillance purposes. We have no control over these processing activities.

Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of data processing carried out before revocation remains unaffected by the revocation.

Right to object in specific cases and against direct marketing (Art. 21 GDPR)
IF THE PROCESSING OF YOUR PERSONAL DATA IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPULSORY LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 ABS. 1 GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSES OF DIRECT ADVERTISING (OBJECTION ACCORDING TO ART. 21 ABS. 2 GDPR).

Right to lodge a complaint with a supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website
If, after the conclusion of a paid contract, there is an obligation to provide us with your payment details (e.g. account number for direct debit), this data is required for payment processing.
Payment transactions via the usual payment methods (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
When communication is encrypted, your payment data, which you transmit to us, cannot be read by third parties.

Information, Deletion, and Correction
You have the right, within the framework of applicable legal provisions, to obtain information about your stored personal data, their origin and recipients, and the purpose of data processing, as well as a right to correction or deletion of these data. For this purpose, as well as for any further questions concerning personal data, you can contact us at any time.

Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data. To do so, you can contact us at any time. The right to restrict processing exists in the following cases:
If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have objected pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, these data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising, or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the European Union or a member state.

Objection to Promotional Emails
The use of contact data published in the context of the imprint obligation for sending unsolicited advertising and information materials is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam emails.

3. Data collection on this website
Cookies

Our website uses so-called "cookies". Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These allow us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to analyze user behavior or display advertising.
Cookies that are necessary for electronic communication (necessary cookies) or for providing certain functions requested by you (functional cookies, e.g. for the shopping cart function) or for optimizing the website (e.g. cookies for measuring web audiences) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of his services. If consent to the storage of cookies has been requested, the storage of the relevant cookies will be based solely on this consent (Art. 6 para. 1 lit. a GDPR); the consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies and allow cookies only in individual cases, accept cookies for certain cases, or generally exclude them and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be limited.
To the extent that cookies are used by third-party companies or for analysis purposes, we will inform you separately within the scope of this data protection declaration and, if necessary, ask for your consent.

Consent with Usercentrics
This website uses the Usercentrics consent technology to obtain your consent for storing certain cookies on your device or for using certain technologies in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter referred to as "Usercentrics").
When you enter our website, the following personal data is transferred to Usercentrics:
Your consent(s) or withdrawal of your consent(s)
Your IP address
Information about your browser
Information about your device
Time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser to assign the given consent or its withdrawal to you. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected.
The use of Usercentrics is to obtain the legally required consents for using certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Data processing agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a data protection requirement contract that ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with GDPR.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address
These data are not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - for this purpose, the server log files must be recorded.

Contact form
If you send us inquiries via the contact form, your data from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Inquiry via Email, Phone, or Fax
If you contact us via email, phone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We will not disclose this data without your consent.
The processing of this data is based on Art. 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) of the GDPR) or on your consent (Art. 6(1)(a) of the GDPR), provided that this has been requested.
The data sent to us by you through contact inquiries will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after completion of processing your request). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.

Hubspot CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc., 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as "Hubspot CRM").
Hubspot CRM enables us, among other things, to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to record, sort, and analyze customer interactions via email, social media, or phone across different channels. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.
The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in efficient customer management and communication. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Please refer to Hubspot's privacy policy for more details: https://legal.hubspot.com/de/privacy-policy.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. For more details, please refer to: https://www.hubspot.de/data-privacy/privacy-shield.

Data Processing Agreement
We have concluded a data processing agreement (DPA) with the provider mentioned above. This is a legally required agreement that ensures that this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Registration on this website
You can register on this website to use additional features on the site. The data you enter for registration will be used only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.
We will use the email address provided during registration to inform you of important changes such as changes to the scope of the offer or technically necessary changes.
The processing of the data entered during registration is carried out for the purpose of performing the usage relationship established by registration and, if applicable, initiating further contracts (Art. 6 para. 1 lit. b GDPR).
The data collected during registration will be stored by us as long as you are registered on this website and will be deleted afterwards. Legal retention periods remain unaffected.

4. Analysis Tools and Advertising
Google Tag Manager

We use Google Tag Manager on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform its own analysis. It is only used for managing and playing back the tools that are integrated through it. However, Google Tag Manager does record your IP address, which can also be transmitted to Google's parent company in the United States.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in a fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, dwell time, operating systems used, and the user's origin. This data may be combined by Google in a profile that is assigned to the respective user or their device.
Furthermore, we can record your mouse and scroll movements and clicks with Google Analytics, among other things. Google Analytics also uses various modeling approaches to supplement the recorded data sets and employs machine learning technologies in data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising. If a corresponding consent has been requested (e.g., consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information on how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Data Processing Agreement
We have concluded a data processing agreement with Google and fully comply with the strict requirements of German data protection authorities when using Google Analytics.

Data Retention
Data stored by Google on a user and event level, linked to cookies, user IDs (e.g., User ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID), will be anonymized or deleted after 2 months. For more information, please refer to the following link: https://support.google.com/analytics/answer/7667196?hl=en

Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Targeted advertisements can also be displayed based on user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements resulted in corresponding clicks.
The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in an effective marketing of his products and services.
The transfer of data to the USA is based on the Standard Contractual Clauses of the European Commission. For details, see: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Remarketing
This website uses the functions of Google Analytics Remarketing, which is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user behavior on our website (e.g. clicking on certain products) to categorize you into specific advertising target groups, and then show you suitable advertising messages when you visit other online offers (remarketing or retargeting).
In addition, the advertising target groups created with Google Remarketing can be linked to Google's cross-device functions. This enables interest-based, personalized advertising messages that have been tailored to you based on your previous usage and browsing behavior on one device (e.g. mobile phone) to be displayed on another of your devices (e.g. tablet or PC).
If you have a Google account, you can opt out of personalized advertising by following this link: https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective marketing of its products. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
For further information and the privacy policy, please see Google's privacy policy at: https://policies.google.com/technologies/ads?hl=en.

Target group formation with customer matching
For target group formation, we use customer matching with Google Remarketing. In this process, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the relevant customers are Google users and are logged into their Google account, they will be shown appropriate advertising messages within the Google network (e.g. on YouTube, Gmail, or in the search engine).

Facebook Pixel
This website uses the visitor action pixel from Facebook for conversion tracking. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
This allows the behavior of website visitors to be tracked after they have clicked on a Facebook ad and been redirected to the provider's website. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous to us as the operator of this website, and we cannot draw any conclusions about the user's identity. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. As a result, Facebook can enable the display of ads on Facebook pages and outside of Facebook. We, as the website operator, cannot influence this use of the data.
The use of Facebook Pixel is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after forwarding is not part of the joint responsibility. Our joint obligations have been set out in an agreement on joint processing. You can find the wording of the agreement here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of its products. You can exercise your rights as a data subject (e.g. information requests) directly with Facebook for data processed by Facebook. If you exercise your data subject rights with us, we are obliged to forward them to Facebook.
You can find more information on privacy protection in the Facebook privacy policy: https://www.facebook.com/about/privacy/.
You can also deactivate the remarketing function "Custom Audiences" in the advertising settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen if you are logged into Facebook.
If you do not have a Facebook account, you can deactivate Facebook's usage-based advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

5. Newsletter
Newsletter Data

If you would like to receive the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered into the newsletter registration form is based exclusively on your consent (Art. 6 (1) lit. a GDPR). You can revoke your consent to the storage of the data, the email address, and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from our newsletter distribution list after you unsubscribe. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion under our legitimate interests pursuant to Art. 6 (1) lit. f GDPR.
Data that has been stored by us for other purposes remains unaffected by this.
After you have been removed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if necessary to prevent future mailings. The data from the blacklist is used only for this purpose and is not combined with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest pursuant to Art. 6 (1) lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.

6. Plugins and Tools
Adobe Fonts

This website uses web fonts provided by Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you access this website, your browser loads the required fonts directly from Adobe to display them correctly on your device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This allows Adobe to know that this website was accessed via your IP address. According to Adobe, no cookies are stored when providing fonts.
The storage and analysis of data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the font on his website. If consent has been requested (e.g. consent to store cookies), processing will be carried out solely on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.
For more information about Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
You can find Adobe's privacy policy at: https://www.adobe.com/de/privacy/policy.html

Google Maps
This page uses the Google Maps map service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the features of Google Maps, it is necessary to store your IP address. This information is usually transmitted to and stored on a Google server in the United States. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of a uniform presentation of fonts. When you access Google Maps, your browser loads the necessary web fonts into your browser cache to display texts and fonts correctly.
The use of Google Maps is in the interest of an attractive presentation of our online offerings and an easy location of the places we have indicated on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
The data transfer to the USA is based on the Standard Contractual Clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on how user data is handled, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en.

7. eCommerce and Payment Providers
Processing of Data (Customer and Contract Data)
We collect, process, and use personal data only to the extent necessary for the establishment, content design, or modification of the legal relationship (inventory data). This is based on Art. 6 (1) (b) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures. We only collect, process, and use personal data about the use of this website (usage data) to the extent necessary to enable or bill the user for the use of the service.
The customer data collected will be deleted after the order has been completed or the business relationship has ended. Legal retention periods remain unaffected.

Data Transfer Upon Conclusion of Contract for Online Shops, Retailers, and Shipment of Goods
If you order goods from us, we will transfer your personal data to the shipping company commissioned with the delivery and to the payment service provider commissioned with payment processing. Only data necessary for the fulfillment of the respective task will be disclosed to the respective service provider. The legal basis for this is Art. 6 (1) (b) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6 (1) (a) GDPR, we will also provide your email address to the shipping company commissioned with the delivery, so that it can inform you about the shipping status of your order by email; you can revoke your consent at any time.

Payment Services
We integrate third-party payment services on our website. If you make a purchase from us, your payment data (e.g. name, payment amount, bank details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective provider's contractual and data protection provisions apply to these transactions. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contractual performance) as well as in the interest of a smooth, comfortable, and secure payment process (Art. 6 para. 1 lit. f GDPR). To the extent that your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consents are revocable at any time for the future.
We use the following payment services/payment service providers on this website:

PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
For more information on PayPal's privacy practices, please see their privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Klarna
The provider of this payment service is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna"). Klarna offers various payment options (e.g. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
You can read more about this in Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/.

Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard").
Mastercard may transfer data to its parent company in the United States. The transfer of data to the United States is based on Mastercard's Binding Corporate Rules. Details can be found at the following links: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA
The provider of this payment service is Visa Europe Services Inc., Branch Office London, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as "VISA").
The United Kingdom is considered a data protection safe third country. This means that the United Kingdom has a level of data protection that corresponds to the level of data protection in the European Union.
VISA may transfer data to its parent company in the United States. The transfer of data to the United States is based on the standard contractual clauses of the European Commission. Details can be found at the following link: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
You can find more information in VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.