Data Protection

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and we appreciate your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

1.2 The data controller for this website, within the meaning of the General Data Protection Regulation (GDPR), is PAJ UG (limited), Am Wieschen 1, 51570 Windeck, Germany, Tel.: +49 (0) 2292 39 499 59, Email: info@paj-gps.de. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 The data controller has appointed a data protection officer, who can be contacted as follows: Johannes Schmitz, Am Wieschen 1, 51570 Windeck, +49 (0) 2292 3949959, j.schmitz@paj-gps.de

2) Collection of Data When Visiting Our Website

2.1 When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called “server log files”). When you visit our website, we collect the following data that is technically necessary to display the website to you:

The website visited by you
Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the site
Browser used
Operating system used
IP address used (possibly in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the sequence “https://” and the lock symbol in your browser line.

3) Cookies

In order to make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and enable us to save page settings (so-called “persistent cookies”). In the latter case, you can check the duration of storage in your web browser’s cookie settings.

If some of the cookies we use also process personal data, such processing is carried out in accordance with Art. 6(1)(b) GDPR for the performance of the contract, in accordance with Art. 6(1)(a) GDPR in the event of consent given, or in accordance with Art. 6(1)(f) GDPR to protect our legitimate interests in the optimal functionality of the website and a user-friendly and effective design of the visit to the page.

You can configure your browser to be informed about the setting of cookies and to decide individually on their acceptance or to exclude the acceptance of cookies for specific cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contact

4.1 Zammad

For processing customer inquiries, we use the email ticket system of the following provider: Zammad GmbH, Marienstraße 11, 10117 Berlin, Germany.

When you send contact requests through our website via email, they are stored and organized in the ticket system to enable chronological processing and improve the service experience. You can track the current status of your request processing via the individually assigned ticket number.

For the organization and processing of inquiries, personal data is collected, transmitted to the provider, stored, and read to the extent of its provision, but at least name, surname, and email address.

The legal basis for processing this data is our legitimate interest in efficient customer service management, responding as quickly as possible to your inquiry, and optimizing our service offering in accordance with Art. 6(1)(f) GDPR.

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and prohibit unauthorized transmission to third parties.

4.2 WhatsApp Business

We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, using the “Business” version of WhatsApp.

If you contact us via WhatsApp for a specific business purpose (e.g., a placed order), we store and use the mobile number you use on WhatsApp and, if provided, your first and last name in accordance with Art. 6(1)(b) GDPR to process and respond to your inquiry. With the same legal basis, we may ask you to provide further data (order number, customer number, address, or email) to assign your inquiry to a specific process.

If you use our WhatsApp contact for general inquiries (such as about our service range, availability, or our website), we store and use the mobile number you use on WhatsApp and, if provided, your first and last name in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in efficiently and promptly providing the requested information.

Your data is always used only to respond to your inquiry via WhatsApp. No transmission to third parties takes place.

Please note that WhatsApp Business has access to the address book of the mobile device we use to operate our WhatsApp Business account and automatically transfers the phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device in whose address book only the WhatsApp contact details of those users who have also contacted us via WhatsApp are stored.

This ensures that anyone whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts by accepting WhatsApp’s terms of use the first time they used the app on their device, in accordance with Art. 6(1)(a) GDPR. Therefore, the transmission of data from users who do not use WhatsApp and/or who have not contacted us via WhatsApp is excluded.

For more information on the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights and options to protect your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

As part of the aforementioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework (EU-US Data Privacy Shield), which ensures compliance with the European data protection level based on a adequacy decision of the European Commission.

4.3 In the context of contacting us (e.g., via a contact form or email), personal data is processed exclusively for the purpose of processing and responding to your inquiry and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact is directed to the conclusion of a contract, then the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted when it can be deduced from the circumstances that the matter in question has been conclusively resolved and provided there are no legal retention obligations.

5) Commentary Function

Within the framework of the comment function on this website, in addition to your comment, details such as the time of creation of the comment and the commentator’s name you have selected are also stored and published on this website. Additionally, your IP address is logged and stored. This IP address storage is carried out for security reasons and in the event that the affected person violates the rights of third parties or publishes illegal content with a comment. We need your email address to contact you in case a third party alleges that the published content is illegal.

The legal bases for storing your data are Art. 6(1)(b) and (f) GDPR. We reserve the right to delete comments if they are contested as illegal by third parties.

6) Use of Customer Data for Direct Advertising

6.1 Subscription to our email newsletter

When you subscribe to our email newsletter, we regularly send you information about our offers. The only requirement for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the double opt-in procedure, which ensures that you only receive the newsletter once you have explicitly confirmed your consent to receive it via a verification link sent to the provided email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. We record the IP address provided by your internet service provider (ISP) as well as the date and time of subscription, to be able to trace any possible misuse of your email address at a later time. The data collected during newsletter subscription is used strictly for specific purposes.

You can unsubscribe from the newsletter at any time using the unsubscribe link provided in the newsletter or by sending a message to the responsible party mentioned at the beginning. Once unsubscribed, your email address will be immediately deleted from our newsletter distributor, unless you have given express consent for further use of your data or we reserve the right to use your data for additional purposes permitted by law and about which we will inform you in this statement.

6.2 Klaviyo

The sending of our email newsletter is done through this provider: Klaviyo, 225 Franklin St, Boston, MA 02110, USA.

Based on our legitimate interest in effective and user-friendly newsletter marketing, we transmit the data provided during newsletter registration to this provider for handling newsletter distribution on our behalf in accordance with Art. 6(1)(f) GDPR.

Subject to your express consent under Art. 6(1)(a) GDPR, the provider also performs statistical evaluation of newsletter campaign success using web beacons or tracking pixels in sent emails, which can measure open rates and specific interactions with newsletter content. Device-specific information (e.g., access time, IP address, browser type, and operating system) is also collected and evaluated, but not combined with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have entered into a data processing agreement with the provider that protects the data of visitors to our website and prohibits transmission to third parties.

6.3 Product availability notification by email

For temporarily unavailable items, you can subscribe to receive email notifications about product availability. We only need your email address to send you this notification. Providing additional data is voluntary and can be used to address you personally. For sending emails, we use the double opt-in procedure, which ensures that you will only receive a notification after you have expressly confirmed your consent via a verification link sent to your email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. We save the IP address assigned by your Internet service provider (ISP) and the date and time of subscription, to be able to track any possible misuse of your email address at a later time. The data collected when registering for our product availability email notification service is used strictly for specific purposes.

You can unsubscribe from availability notifications at any time by sending a message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our distribution list unless you have given express consent for further use of your data or we reserve the right to use your data for additional purposes permitted by law and about which we will inform you in this statement.

6.4 Email Shopping Cart Reminders

If you abandon your purchase with us before completing the order, you have the option to be reminded via email about the contents of your virtual shopping cart once.

We only need your email address to send this reminder. Providing additional data is voluntary and can be used to address you personally. For email delivery, we use the double opt-in procedure, ensuring that you will only receive a notification after you have explicitly confirmed your consent via a verification link sent to your email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR to send a shopping cart reminder. We save the IP address assigned by your Internet service provider (ISP) as well as the date and time of subscription, to be able to track any possible misuse of your email address at a later time. The data collected when registering for our email notification service is used strictly for specific purposes.

You can unsubscribe from shopping cart reminders at any time by sending a message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our distribution list unless you have given express consent for further use of your data or we reserve the right to use your data for additional purposes permitted by law and about which we will inform you in this statement.

6.5 Visitor Recovery Software

This website utilizes the visitor recovery software solution provided by Exceed Solutions GmbH, c/o Bennet Polenz, Bunsenstr. 5, 22765 Hamburg.

We process your session data (URL, referrer URL, page access times and redirects, content information about the user’s session, e.g., products in the cart; product price; categories, delivery price, purchase time, etc.), session ID for identification, to present you with additional products that may be of interest. To the extent that we store or access this information on your device, this is done based on your consent in accordance with § 25 Abs. 1 TTDSG. Subsequent processing of your personal data is also based on your consent.

7) Data Processing for Order Management

7.1 To the extent necessary for contract performance for delivery and payment purposes, the personal data collected by us will be transmitted according to Art. 6(1)(b) GDPR to the responsible carrier and the responsible bank.

If, based on a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provide when placing the order (name, address, email address) to personally inform you about pending updates within the legally prescribed period via the appropriate communication medium (e.g., by postal or email), in accordance with our legal information obligations according to Art. 6(1)(c) GDPR. Your contact details will be strictly used for the purpose of communicating the updates we owe and will be processed only to the extent necessary for each information.

To process your order, we also work with the following service provider(s) who assist us wholly or partially in executing the closed contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Amazon Fulfillment (FBA)

For order management, we use the following provider: Amazon EU S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg.

The name, address, and other personal data are transmitted exclusively for the purpose of managing the online order to the provider according to Art. 6(1)(b) GDPR. The transmission of your data only occurs to the extent that it is actually necessary for order management.

7.3 Use of Payment Service Providers (Payment Services)

– Amazon Pay

One or more online payment methods from the following provider are offered on this website: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg.

When selecting a payment method from the provider in which you pay in advance (e.g., credit card payment), your payment data communicated during the ordering process (including name, address, banking and payment card information, currency, and transaction number) and information about the content of your order are transmitted to the provider according to Art. 6(1)(b) GDPR. The transmission of your data in this case occurs exclusively for payment processing with the provider and only to the extent necessary.

– Apple Pay

If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the “Apple Pay” function of your device operated by iOS, watchOS, or macOS by loading a stored payment card into “Apple Pay”. Apple Pay uses security features built into your device’s hardware and software to protect your transactions. Therefore, releasing a payment requires entering a code previously set by you and verification via your device’s “Face ID” or “Touch ID” function.

For payment processing, your information communicated during the ordering process along with information about your order is transmitted in encrypted form to Apple. Apple then encrypts this data again with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay to carry out the payment. Encryption ensures that only the website from which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number along with a specific transaction-specific dynamic security code back to your origin website to confirm the success of the payment.

If personal data is processed in the described transfers, processing will be carried out exclusively for payment processing according to Art. 6(1)(b) GDPR.

Apple retains anonymized transaction data, which includes the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization ensures complete detachment from any personal data. Apple uses this anonymized data to improve “Apple Pay” and other Apple products and services.

When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorizing device communicate through an encrypted channel to Apple’s servers. Apple does not process or store any of this information in a format that can personally identify you. You can disable the option to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and turn off the “Allow payments on Mac” option.

You can find more information about data protection with Apple Pay at the following Internet address: https://support.apple.com/de-de/HT203027

– PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

When selecting a payment method from the provider, in which you pay in advance, your payment data communicated during the ordering process (including name, address, banking and payment card information, currency, and transaction number), as well as information about the content of your order, will be transmitted to the same according to Art. 6(1)(b) GDPR. The transmission of your data in this case is made exclusively for the purpose of processing the payment with the provider and only to the extent necessary.

When selecting a payment method where we pay in advance, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data from an alternative payment method).

To protect our legitimate interest in determining your solvency in such cases, this data will be transmitted according to Art. 6(1)(f) GDPR to the provider for the purpose of credit checking. The provider will assess the possibility of granting you the selected payment method based on the personal data provided by you and other data (such as cart content, invoice amount, order history, payment experiences), considering the risks of non-payment and/or credit.

Credit information may contain probability values (so-called score values). To the extent that score values influence the result of credit information, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, but not exclusively, address data.

You can object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still be authorized to process your personal data to the extent necessary for payment processing under the contract.
– Stripe

One or more online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

When selecting a payment method from the provider, in which you pay in advance (such as credit card payment), your payment data communicated during the ordering process (including name, address, banking and payment card information, currency, and transaction number), as well as information about the content of your order, will be transmitted to the provider according to Art. 6(1)(b) GDPR. The transmission of your data in this case is made exclusively for the purpose of processing the payment with the provider and only to the extent necessary.

When selecting a payment method where the provider pays in advance (such as invoice or installment purchase, or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data from an alternative payment method).

To protect our legitimate interest in determining the solvency of our customers, this data will be transmitted according to Art. 6(1)(f) GDPR to the provider for the purpose of credit checking. The provider will assess the possibility of granting you the selected payment method based on the personal data provided by you and other data (such as cart content, invoice amount, order history, payment experiences), considering the risks of non-payment and/or credit.

8) Web Analytics Services

8.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), to analyze the usage of our website.

By default, when visiting the website, cookies for Google Analytics 4 are set, which are small text fragments stored on your device and collect certain information. This information includes your IP address, which is truncated by Google in its last digits to prevent direct identification of individuals.

The information is transmitted to Google servers and processed there. This may also involve transfers to Google LLC based in the USA.

Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website usage and internet usage. The IP address transmitted and truncated by your browser as part of Google Analytics is not combined with other Google data. The data collected in the context of Google Analytics 4 is stored for two months and then deleted.

All the processing described above, especially the setting of cookies on the device used, only occurs if you give us your explicit consent according to Art. 6(1)(a) GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with future effect. To exercise your right to revoke, deactivate this service using the “cookie consent tool” provided on the website.

We have entered into a data processing agreement with Google that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

You can find more legal information about Google Analytics 4 at https://policies.google.com/privacy?hl=en&gl=en and https://policies.google.com/technologies/partner-sites

Demographic Features
Google Analytics 4 uses the special function “demographic features” and can generate statistics that provide information about the age, gender, and interests of site visitors. This is done by analyzing advertising and third-party information. This allows for identifying audiences for marketing activities. However, the data collected cannot be associated with a specific person and is deleted after two months of storage.

Google Signals
As an extension of Google Analytics 4, this website may use Google Signals to enable cross-device reporting. If you have activated personalized ads and have linked your devices to your Google account, Google can analyze your cross-device usage behavior, subject to your consent to use Google Analytics, according to Art. 6(1)(a) GDPR, and create database models, including cross-device conversions. We do not receive personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the “Personalized advertising” feature in your Google account settings. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en For more information about Google Signals, visit the following link: https://support.google.com/analytics/answer/7532985?hl=en

UserIDs
As an extension of Google Analytics 4, this website may use the “UserIDs” feature. If you have given your consent to use Google Analytics 4 according to Art. 6(1)(a) GDPR, have created an account on this site, and have logged in on various devices with that account, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with the European data protection level according to a decision of adequacy by the European Commission.

8.2 Microsoft Clarity

This website uses the web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

By using cookies and/or similar technologies (tracking pixels, web beacons, algorithms to read device and browser information), the service collects and stores pseudonymized visitor data, including device information such as IP address and browser data, to statistically analyze usage behavior on our website and create pseudonymized usage profiles. This allows, among other things, the evaluation of movement patterns (e.g., heatmaps) showing the duration of page visits and interactions with page content (such as text entries, scrolls, clicks, and mouse movements). Pseudonymization essentially removes the possibility of direct identification of the individual. No combination is made with other clear data collected about you.

All the processes described above, especially reading or storing information on the device used, are only carried out if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent given at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.

We have entered into a data processing agreement with the provider ensuring the protection of our site visitors’ data and prohibiting unauthorized disclosure to third parties.

9) Page Functionality

Google Web Fonts

This page uses Web Fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, for a uniform presentation of fonts.

When you access a page, your browser loads the necessary Web Fonts into your cache to display texts and fonts correctly, and establishes a direct connection to the provider’s servers. During this process, certain browser information, including your IP address, is sent to the provider.

Data may also be transmitted to: Google LLC, USA.

The processing of personal data when connecting to the font provider is only carried out if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect by deactivating this service using the cookie consent tool provided on the website. If your browser does not support Web Fonts, a standard font from your computer will be used.

For data transfers to the USA, the provider has adhered to the EU-US Privacy Shield, which ensures compliance with the European data protection level according to a decision of adequacy by the European Commission.

10) Cookie Consent Tool

This website uses a cookie consent tool to obtain effective user consents for cookies requiring consent and cookie-based applications. The cookie consent tool is presented to users in the form of an interactive user interface when accessing the page, where consents for certain cookies and/or cookie-based applications can be given by checking boxes. The tool ensures that all cookies/services requiring consent are only loaded if the respective user has given explicit consent. This ensures that such cookies are only installed on the user’s device if consent is given.

The tool sets technically necessary cookies to save your cookie preferences. No personal data of users is processed in general.

If personal data is processed in individual cases to store, assign, or record cookie settings (such as IP address), this is done in accordance with Art. 6(1)(f) GDPR, based on our legitimate interest in a user-specific, user-friendly consent management for cookies, and therefore on a legal configuration of our internet presence.

Another legal basis for processing is Art. 6(1)(c) GDPR. As controllers, we are legally obligated to make the use of cookies that are not technically necessary dependent on the consent of the respective user.

To the extent necessary, we have entered into a data processing agreement with the provider ensuring the protection of our page visitors’ data and prohibiting unauthorized transfer to third parties.

You can find more information about the operator and the settings options of the cookie consent tool directly in the corresponding user interface on our website.

11) Rights of the Data Subject

11.1 The applicable data protection law grants you the following rights vis-à-vis the controller concerning the processing of your personal data (rights of access and intervention), for which reference is made to the corresponding legal basis:

Right of access according to Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to erasure according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to be informed according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to withdraw consent granted according to Art. 7(3) GDPR;
Right to lodge a complaint according to Art. 77 GDPR.

11.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE AFFECTED DATA. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ESTABLISH, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA TO CARRY OUT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THIS PURPOSE. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF YOUR DATA FOR DIRECT MARKETING PURPOSES.

12) Duration of Personal Data Storage

The duration of personal data storage is based on the corresponding legal basis, the purpose of processing, and, if applicable, also on relevant legal retention periods (e.g., commercial and tax retention periods).

When personal data is processed based on express consent in accordance with Art. 6(1)(a) GDPR, it will be stored until you revoke your consent.

If there are legal retention periods for data processed in the context of contractual obligations or similar based on Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods expire, provided it is no longer necessary for contract execution or preparation and/or there is no legitimate interest on our part in its continued storage.

When personal data is processed based on Art. 6(1)(f) GDPR, it will be stored until you exercise your right to object according to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

In the case of processing personal data for direct marketing purposes based on Art. 6(1)(f) GDPR, it will be stored until you exercise your right to object according to Art. 21(2) GDPR.

Unless otherwise specified elsewhere in this statement regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.