Data protection

Privacy Statement

We are very pleased that you have shown an interest in our company. Data protection is very important to the management of Gertraud Gruber Kosmetik GmbH & Co. KG. In principle, the website of Gertraud Gruber Kosmetik GmbH & Co. KG can be used without any input of personal data. Processing of personal data may become necessary, however, if a data subject wishes to avail him- or herself of specific services of our company via our website. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always conducted in compliance with the General Data Protection Regulation, and in accordance with the applicable country-specific data-protection provisions in effect for Gertraud Gruber Kosmetik GmbH & Co. KG. Our company would like to use this Privacy Statement to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this Privacy Statement.

1. Definitions

The Privacy Statement of Gertraud Gruber Kosmetik GmbH & Co. KG is based on the terms used by the European issuer of directives and regulations in its General Data Protection Regulation (GDPR). Our Privacy Statement is intended to be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we would like to begin by explaining the terminology used herein.

The terms we use in this Privacy Statement include the following:

a) Personal data

‘Personal data’ denotes all of the information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). A natural person is considered ‘identifiable’ if he or she can be identified, directly or indirectly, in particular through the assignment of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressive of the physical, physiological, genetic, psychological, economic, cultural or social identity of said person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller in charge of the processing.

c) Processing

‘Processing’ is taken to denote any operation or set of operations performed on personal data, whether or not by automated means. These operations can include the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

d) Restriction of processing

‘Restriction of processing’ entails the marking of stored personal data with the aim of limiting their processing in future.

e) Profiling

‘Profiling’ refers to any form of automated processing of personal data consisting of the use of these personal data to evaluate certain personal aspects relating to a natural person, and specifically to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

‘Pseudonymisation’ is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organisational measures that ensure that these personal data are not attributed to an identified or identifiable natural person.

g) Controller or party responsible for processing

The ‘controller or party responsible for processing’ is the natural or legal person, public authority, agency or any other body which, acting alone or jointly with others, determines the purposes and means involved in the processing of personal data. Where the purposes and means of such processing are laid down by the laws of the European Union, or by the laws of the Member States, provision can be made for the controller or the specific criteria for its designation under European Union law or the laws of the Member States.

h) Processor

A ‘processor’ is a natural or legal person, public authority, agency or other body that processes personal data on the controller’s behalf.

i) Recipient

The ‘recipient’ is a natural or legal person, public authority, agency or other body to whom or which personal data are disclosed, regardless of whether this recipient is a third party or not. Public authorities that may be entitled to receive personal data under European Union law or the laws of the Member States within the framework of a particular investigation mandate are not, however, regarded as recipients.

j) Third party

A ‘third party’ is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are authorised to process personal data under the direct authority of the controller or processor.

k) Consent

‘Consent’ by the data subject is any freely given, specific, informed and unambiguous expression of the data subject’s wishes by which he or she, in the form of a statement or some other clear, affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the party responsible for processing

The controller for the purposes of the General Data Protection Regulation, other data-protection laws applicable in the Member States of the European Union and other provisions of a character relevant to data protection is the following:

Gertraud Gruber Kosmetik GmbH & Co. KG

Südliche Hauptstraße 37
DE 83700 Rottach-Egern am Tegernsee
Telefon: +49(0)8022-27 98 0
Telefax: +49(0)8022-27 98 70
e-Mail: DATENSCHUTZ@GERTRAUD-GRUBER.DE

3. Name and address of the Data Protection Officer

The controller’s Data Protection Officer is:

Softwareentwicklung und Projektmanagement
Zertifizierter Datenschutzbeauftragter (TÜV®)
Herr Veith Krahl
Altvaterweg 3
83052 Bruckmühl
Germany
Tel.: +49 (0) 8062 / 7258132
E-Mail: mail@veit-krahl.de
URL: www.veit-krahl.de

Any data subject can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

4. Cookies

The Gertraud Gruber Kosmetik GmbH & Co. KG website uses cookies. Cookies are text files that an Internet browser places and stores on a computer system.

Numerous websites and servers use cookies. Many cookies contain what is referred to as a ‘cookie ID’. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers containing other cookies. A particular internet browser can be recognised and identified by the unique cookie ID.

By using cookies, Gertraud Gruber Kosmetik GmbH & Co. KG provides users of this website with services that are more user-friendly than would be the case without cookies.

Cookies make it possible to optimise the information and offers on our website in the interest of the user. As indicated, cookies make it possible for us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data with each visit to the website, as the website and the cookie stored on the user’s computer system has stored the necessary data. Another example is the cookie of a shopping basket in the Online Shop. The Online Shop uses a cookie to note the items that a customer has placed in his or her virtual shopping basket.

The data subject can prevent our website from setting cookies at any time through an appropriate setting of the Internet browser used, thereby permanently objecting to the setting of cookies. Cookies that have already been stored can also be deleted at any time using an Internet browser or other software programs. This can be done using any conventional Internet browser. If the data subject deactivates the storage of cookies in the Internet browser used, some functions of our website may not be fully usable.

5. Collection of general data and information

The Gertraud Gruber Kosmetik GmbH & Co. KG website collects an array of general data and information whenever a data subject or automated system accesses the website. These general data and this information are stored in the log files on the server. The information recorded may include (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (known as the ‘referrer’), (4) the sub-pages on our website accessed via an accessing system, (5) the date and time the website was accessed, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other, similar data and information used for security purposes in the event of attacks on our IT systems.

Gertraud Gruber Kosmetik GmbH & Co. KG does not draw any conclusions about the data subject when it uses these general data and this information. Rather, this information is required in order (1) to deliver the contents of our website correctly, (2) to optimise the contents of our website as well as the advertising for the latter (3) to ensure the long-term operability of our IT systems and the technology of our website, and (4) to provide law-enforcement agencies with the information required to investigate and prosecute cyberattacks. With this purpose in mind, Gertraud Gruber Kosmetik GmbH & Co. KG statistically evaluates the anonymously collected data and information with the aim of improving data protection and data security in our company, ultimately to ensure optimum protection for the personal data we process. The anonymous data contained in the server log files are stored separately from all the personal data a data subject provides.

6. Registration on our website

The data subject has the opportunity to register on the controller’s website by providing personal data. The personal data transmitted to the controller are determined by the respective entry screen used for registration. The personal data entered by the data subject shall be collected and stored solely for internal use by the controller, and for the latter’s own purposes. The controller may arrange for transmission to one or more processors – to a parcel service provider, for instance – which will also use the personal data exclusively for an internal purpose attributable to the controller.

When registering on the controller’s website, the IP address assigned at the time to the data subject by the Internet Service Provider (ISP) is stored, along with the date and time of registration. These data are stored in such a manner as this is the only way to prevent abuse of our services; if need be, these data can also be used to shed light on any criminal offences committed. In this respect, the storage of these data is required for the protection of the controller. These data are not disclosed to third parties unless required by law, or unless their disclosure is in furtherance of a criminal prosecution.

Registering data subjects who provide personal data voluntarily serves controllers’ interest in offering the data subject content or services that can only be offered to registered users due to the nature of the matters involved. Registered persons are free to amend the personal data provided upon registration at any time, or to have it entirely deleted from the controller’s database altogether.

Upon request, the controller will at any time provide every data subject with information as to which personal data relating to the data subject are stored. Furthermore, the controller will rectify or erase personal data upon request or notice by the data subject, provided there are no legally stipulated retention obligations to the contrary.

7. Subscribing to our newsletter

The Gertraud Gruber Kosmetik GmbH & Co. KG website offers users an opportunity to subscribe to our company’s newsletter. The personal data transmitted to the data controller when the newsletter subscription is ordered stems from the input screen used for this purpose.

If you would like to receive the newsletter offered on the website, we will require you to provide an e-mail address along with information that permit us to verify that you are the owner of the e-mail address provided and consent to receive the newsletter.

When you register to receive the newsletter, we also store the IP address of the computer system used by the data subject, as assigned by the Internet Service Provider (ISP), at the time of registration, as well as the date and time of registration. These data must be collected to trace (possible) misuse of a data subject’s e-mail address at a later point in time; these data thus provide legal protection for the controller.

We use what is referred to as a ‘double opt-in’ procedure to ensure that the newsletter is sent with your consent. In the course of this, the potential recipient can be included in a distribution list. Subsequently, the user is given an opportunity to confirm his or her registration in a legally compliant manner by means of a confirmation e-mail. Only if such confirmation is provided can the address be added to a de facto distribution list.

We use these data exclusively to transmit the information and offers requested.

Gertraud Gruber Kosmetik GmbH & Co. KG newsletters contain what are known as ‘tracking pixels’. A tracking pixel is a miniature graphic embedded in e-mails that are sent in HTML format to enable log file recording and log file analysis. This permits statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, xx can determine whether and when a data subject has opened an e-mail, and which of the links in the e-mail the data subject called up.

Such personal data as are collected using the tracking pixels contained in the newsletter are stored and evaluated by the controller in order to optimise newsletter distribution and to tailor the content of future newsletters to create an even closer fit with the interests of the data subject. These personal data are not disclosed to third parties. Data subjects are entitled at all times to revoke the declaration of consent separately provided in this connection using the double opt-in procedure. The controller will delete these personal data following a revocation . Gertraud Gruber Kosmetik GmbH & Co. KG automatically interprets a request to unsubscribe from the newsletter as a revocation of consent.

The newsletter software used is SENDINBLUE. Your data will thus be transmitted to Sendinblue GmbH. Sendinblue is prohibited from selling your data and from using it for purposes other than the distribution of newsletters. Sendinblue is a certified German provider that was selected in accordance with the requirements of the General Data Protection Regulation and the German Federal Data Protection Act. For more information, visit: SENDINBLUE-INFORMATIONEN-NEWSLETTER-EMPFÄNGER .

You may revoke the consent granted for storage of these data and of the e-mail address, and to their use for distribution of the newsletter, at any time, e.g. by using the ‘Unsubscribe’ link in the footer area of every newsletter, via e-mail sent to: unsubscribe@gruber-kosmetik.de or at:

ABMELDUNG NEWSLETTER oder ABMELDUNG NEWSLETTER PARTNER ( B2B )

8. Contact us via the website

Due to legal regulations, the Gertraud Gruber Kosmetik GmbH & Co. KG website contains information that permits rapid electronic contact with our company as well as direct communication with us; this also includes a general electronic mail (‘e-mail’) address. If a data subject contacts the controller by e-mail or via a contact form, any personal data the data subject transmits are automatically stored. Such personal data voluntarily transmitted by a data subject to the controller are stored for the purpose of processing or of contacting the data subject. These personal data will not be disclosed to third parties..

9. Routine deletion and blocking of personal data

The controller processes and stores the data subject’s personal data only for the period necessary to achieve the purpose of storage or where provided for by the European issuer of directives and regulations or by the measures of another legislative body in laws or regulations to which the controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European issuer of directives and regulations or another competent legislative body has expired, the personal data will be blocked as a matter of routine or erased, as required by law.

10. Rights of the data subject

a) Right to confirmation

Every data subject has the right, as granted by the European issuer of directives and regulations, to demand confirmation from the controller of whether their personal data are being processed. If a data subject wishes to exercise this right to confirmation, they may contact one of the controller's employees at any time.

b) Right to information

Every data subject has the right, as granted by the European issuer of directives and regulations, to obtain, at any time and free of charge, information from the controller with regard to any personal data stored in regard to them, as well as a copy of that information. Furthermore, the European issuer of directives and regulations has granted the data subject access to the following information:

the purposes for the processing

the categories of personal data processed

the recipients or categories of recipients to whom the personal data have been or are still being disclosed – particularly recipients in third countries or international organisations

if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

the existence of a right of rectification or erasure of personal data concerning the data subjects, or of a right to restrict processing by the controller, or of a right to object to this processing

the right to lodge a complaint with a supervisory authority

if the personal data have not been obtained from the data subject: all available information on the origin of the data

the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – reliable information about the logic involved and the scope and the desired effects of such processing for the data subject

Furthermore, the data subject has a right to information as to whether his or her personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information about suitable guarantees in connection with the transfer.

If a data subject wishes to exercise this right to information, he or she may contact one of the controller's employees at any time.

c) Right of rectification

Every data subject has the right, granted by the European issuer of directives and regulations, to request the immediate rectification of inaccurate personal data pertaining to them. Furthermore, taking into account the purposes of the processing, the data subject has the right to request that incomplete personal data be completed, including by means of a supplementary declaration.

If a data subject wishes to exercise this right to rectification, they may contact one of the data controller's employees at any time.

d) Right of erasure (right to be forgotten)

Every data subject has the right, as granted by the European issuer of directives and regulations, to request the controller’s prompt erasure of personal data, an obligation that obtains where one of the following grounds applies, provided that processing is not necessary:

The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.

The data subject withdraws his or her consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and where there are no other legal grounds for the processing.

The data subject objects to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.

The personal data have been unlawfully processed.

The personal data must be erased to meet a legal obligation to which the controller is subject under Union or Member State law.

The personal data have been collected in relation to the offer of information-society services in accordance with Art. 8(1) GDPR.

If one of the above-mentioned reasons applies and a data subject wishes the erasure of personal data stored with Gertraud Gruber Kosmetik GmbH & Co. KG, that individual may contact one of the controller’s employees at any time. The employee at Gertraud Gruber Kosmetik GmbH & Co. KG will arrange for the erasure request to be handled without delay.

If the personal data have been publicly disclosed by Gertraud Gruber Kosmetik GmbH & Co. KG, and if our company, as the controller, has an obligation to delete the personal data pursuant to Article 17(1) GDPR, Gertraud Gruber Kosmetik GmbH & Co. KG shall take appropriate steps, including technical measures, taking the available technology and the implementation costs into account, to notify other controllers that process the published personal data of the data subject’s requested erasure of all links to these personal data or of copies or replications of these personal data from these other controllers, provided such processing is not necessary. The employee at Gertraud Gruber Kosmetik GmbH & Co. KG will arrange the necessary steps in the individual case.

e) Right to restrict processing

Every data subject has the right, as granted by the European issuer of directives and regulations, to demand the restriction of processing if one of the following conditions is met:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data in question.

The processing is unlawful, and the data subject refuses erasure of the personal data, instead requesting restriction of the use of the personal data.

The controller no longer requires the personal data for processing purposes, but the data subject requires these for the establishment, exercise or defence of legal claims.

The data subject has filed an objection to processing in accordance with Art. 21(1) GDPR, and it has not yet been established whether the controller’s legitimate grounds for processing override the grounds of the data subject.

If one of the above-mentioned prerequisites exists and a data subject wishes the erasure of personal data stored with Gertraud Gruber Kosmetik GmbH & Co. KG, that individual may contact one of the controller’s employees at any time for this purpose. The employee at Gertraud Gruber Kosmetik GmbH & Co. KG will arrange for a restriction in processing.

f) Right to data portability

Every data subject has the right, granted by the European issuer of directives and regulations, to receive personal data relating to them, and provided by them to a data controller, in a structured, current and machine-readable format. The data subject also has the right to transfer these data to another controller without hindrance by the controller to whom the personal data have been provided, as long as the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on an agreement pursuant to Article 6(1)(b) GDPR, and the processing is carried out by means of automated procedures, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where this is technically feasible, and if doing so does not adversely impinge upon the rights and freedoms of others.

In order to assert this right to data portability, the data subject may contact an employee of Gertraud Gruber Kosmetik GmbH & Co. KG at any time.

g) Right to object

Each data subject has the right granted by the European issuer of directives and regulations, to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, which is based on subsections (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

In the event of an objection, Gertraud Gruber Kosmetik GmbH & Co. KG will no longer process the personal data unless we can demonstrate compelling, legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or unless the processing is in the service of the establishment, exercise or defence of legal claims.

If Gertraud Gruber Kosmetik GmbH & Co. KG processes personal data in order to carry out direct advertising, the data subject has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to profiling in connection with such direct advertising. If the data subject objects to processing by Gertraud Gruber Kosmetik GmbH & Co. KG of his or her data for direct marketing purposes, Gertraud Gruber Kosmetik GmbH & Co. KG will cease processing the personal data for these purposes.

The data subject also has the right to object, on grounds arising from his or her particular situation, to the processing of personal data concerning him or her by Gertraud Gruber Kosmetik GmbH & Co. KG, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, unless such processing is necessary for the performance of a task in the public interest.

In order to exercise the right to object, the data subject may directly contact any employee of Gertraud Gruber Kosmetik GmbH & Co. KG, or another employee. The data subject also has the option, in the context of the use of information-society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated procedures using technical specifications.

h) Right to revoke the data-protection declaration of consent

Every data subject has the right, granted by the European issuer of directives and regulations, to revoke at any time a declaration of consent to the processing of personal data.

If the data subject wishes to exercise his or her right to revoke a declaration of consent, he or she may contact an employee of the controller at any time.

11. Data protection for job applications and during the job-application process

The controller collects and processes the personal data of job candidates for the purpose of facilitating the application process. Processing may also be carried out electronically. This is particularly the case if a candidate sends the controller corresponding application documents electronically, e.g. by e-mail or using a web form found on the website. If the controller concludes an employment agreement with a candidate, the data transmitted will be stored for the purpose of processing the employment relationship, in compliance with applicable statutory provisions. If the controller does not conclude an employment agreement with a candidate, the application materials will automatically be erased two months after notification of the decision of refusal, provided there are no other legitimate interests that would stand in the way of erasure. Other legitimate interests in this respect might be, for example, a burden of proof in proceedings under the German General Equal Treatment Act [AGG].

12. Data-protection provisions relative to the operation and use of Facebook

The controller has integrated components of the Facebook company on this website. Facebook is a social network.

A social network is an Internet-based social meeting place, an online community that typically enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of views and experiences or can afford members of the Internet community to provide others with personal or enterprise-related information. Facebook enables users of its social network to create private profiles, upload photos and network via friendship requests, among other things.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject resides outside the USA or Canada, the controller responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Every time one of the individual pages of this website operated by the controller in which a Facebook component (Facebook plug-in) has been integrated, the respective Facebook component automatically prompts the web browser on the data subject’s IT system to download from Facebook a representation of the respective Facebook component. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/. This technical process provides Facebook with information about the specific sub-page of our website visited by the data subject involved.

If the data subject is simultaneously logged in to Facebook, Facebook recognizes which specific sub-page of our website the data subject visits during each visit to our website, and throughout the respective visit to our website. This information is collected by the Facebook component and assigned by Facebook to the respective data subject’s Facebook account. If the data subject clicks one of the Facebook buttons integrated on our website – the ‘Like’ button, for example – or enters a comment, Facebook assigns this information to the data subject’s personal Facebook user account and stores these personal data.

The Facebook component will always notify Facebook that the data subject has visited our website if the data subject is logged in to Facebook at the same time as he or she accesses our website; this occurs regardless of whether the data subject clicks the Facebook component or not. If the data subject does not wish for this information to be transmitted to Facebook, he or she can prevent its transmission by logging out of his or her Facebook account before calling up our website.

The data policy published by Facebook and available at https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer/ provides information on the collection, processing and use of personal data by Facebook. That policy also explains the setting options Facebook offers for the protection of the data subject’s privacy. In addition, various applications are available that make it possible to suppress data transmission to Facebook. The data subject can use applications such as these to suppress the transmission of data to Facebook.

13. Data-protection provisions relative to the operation and use of images from Getty Images

The controller has integrated components of Getty Images company on this website. Getty Images is an American photo agency. A photo agency is a company that offers photographs and other image material on the market. Photo agencies typically market photographs, illustrations and film material. A variety of customers, and particularly website operators, editors of print and TV media and advertising agencies, license the images they use through a photo agency.

The operating company of the Getty Images components is Getty Images International, 1st Floor, The Herbert Building, The Park, Carrickmines, Dublin 18, Ireland.

Getty Images permits the embedding of stock images (free of charge, where applicable). Embedding is the incorporation or integration of a certain external content, such as text, video or image data, that has been provided by a third-party website and is then presented on a website of its own. Images are embedded using what is known as an ‘embedding code’. An embedding code is an HTML code integrated into a website by a website operator. If an embedding code has been integrated by a website operator, the external content of the other website is displayed immediately by default as soon as a website is visited. To display the external content, the external content is loaded directly from the other website. Getty Images provides further information about the embedding of content at https://www.gettyimages.co.uk/resources/embed.

The IP address of the Internet connection via which the data subject accesses our website is transmitted to Getty Images through the technical implementation of the embedding code that enables display of the images provided by Getty Images. Getty Images also makes a record of our website, the type of browser used, the browser language and the time and duration of access. Getty Images may also collect navigation information; this is information about which of our subpages the data subject has visited and which links were clicked, as well as other interactions that the data subject performed when visiting our website. These data can be stored and evaluated by Getty Images

Additional information, together with the applicable privacy policy of Getty Images, can be found at https://www.gettyimages.co.uk/company/privacy-policy.

14. Data-protection provisions regarding the operation and use of Google Analytics (with anonymisation function)

The controller has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analytics comprises the survey, collection and analysis of data regarding website visitors’ behaviour. A web analytics service collects, among other things, data about the website from which a data subject has accessed a website (known as the ‘referrer’), which subpages of the website have been accessed and how often and for how long a subpage has been viewed. Web analytics is used mainly to optimise a website, and to facilitate cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the suffix ‘_gat._anonymizeIp’ for web analytics via Google Analytics. With this suffix, Google shortens and anonymises the data subject’s IP address when our websites are accessed from a Member State of the European Union, or from another Signatory State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor traffic on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports showing us the activities on our websites, and to provide other services relating to use of our website.

Google Analytics places a cookie on the data subject’s IT system. Cookies themselves have already been explained above. Placement of this cookie enables Google to analyse the use of our website. With every call-up of one of the individual pages of this website operated by the controller, in which a Google Analytics component has been integrated, the Google Analytics component automatically prompts the web browser on the data subject’s IT system to transmit data to Google for purposes of online analytics. Through this technical process, Google receives information about personal data such as the data subject’s IP address; Google uses this information, among other things, to track the origin of visitors and clicks, and subsequently to facilitate settlement of commissions.

Cookies are used to store personal information, such as the time of access, the location from which access was obtained and the frequency of the data subject’s visits to our website. Accordingly, whenever someone visits our website, these personal data, including the IP address of the Internet connection used by the data subject, are transmitted to Google in the United States of America. Google stores these personal data in the United States of America. Google may disclose personal data collected through the technical process to third parties.

The data subject can prevent our website from setting cookies at any time, as already described above, by means of an appropriate setting of the Internet browser used, thereby permanently objecting to the setting of cookies. Such a setting on the Internet browser used would also keep Google from placing a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics can be deleted at any time using the Internet browser or other software programs.

The current link is: BROWSER PLUGIN

You can always prevent collection by Google Analytics by clicking on the following link. This places what is known as an ‘opt-out cookie’ that prevents future capture of your personal data during visits to our website GOOGLE ANALYTICS DEAKTIVIEREN

Google Analytics is also used on this website to evaluate data from AdWords & double-click cookies for statistical purposes. If you would like to opt out of this, you may deactivate this setting at any time with the aid of the GOOGLE ANZEIGENVORGABEN-MANAGER

Furthermore, it is possible for the data subject to object to and prevent the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do so, the data subject must download and install a browser add-on from https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information regarding visits to web pages may be transmitted to Google Analytics. Google considers installation of the browser add-on tantamount to an objection. If the data subject’s IT system is subsequently deleted, formatted or reinstalled, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their control, the browser add-on can be reinstalled or reactivated.

Additional information and the applicable provisions of Google’s privacy policy can be found at https://policies.google.com/privacy?hl=en-GB and https://marketingplatform.google.com/about/analytics/terms/us/. Google Analytics is explained in greater detail at https://marketingplatform.google.com/intl/en_uk/about/.

15. Data-protection provisions relative to the operation and use of Instagram

The controller has integrated components of the Instagram service on this website. Instagram is a service designated as an audiovisual platform; it allows users to share photos and videos, as well as to disseminate such data across social networks.

The operating company of Instagram’s services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Every time one of the individual pages of this website operated by the controller in which a Instagram component (Insta-button) has been integrated, the respective Instagram component automatically prompts the web browser on the data subject’s IT system to download from Instagram a representation of the respective Instagram component. This technical process provides Instagram with information about the specific sub-page of our website visited by the data subject involved.

If the data subject is simultaneously logged in to Instagram, Instagram recognises which specific sub-page of our website the data subject visits during each visit to our website, and throughout the respective visit to our website. This information is collected by the Instagram component and assigned by Instagram to the respective data subject’s Instagram account. If the data subject activates one of the Instagram buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

The Instagram component will always notify Instagram that the data subject has visited our website if the data subject is logged in to Instagram at the same time as he or she accesses our website; this occurs regardless of whether the data subject clicks the Instagram component or not. If the data subject does not wish for this information to be transmitted to Instagram, he or she can prevent its transmission by logging out of his or her Instagram account before calling up our website.

Additional information and the applicable provisions of Instagram’s privacy policy can be found at https://help.instagram.com/155833707900388?cms_id=155833707900388 and https://www.instagram.com/about/legal/privacy/.

16. Data-protection provisions relative to the operation and use of YouTube

The controller has integrated components of YouTube on this website. YouTube is an Internet video portal that allows video publishers to post video clips – and other users to view, rate and comment on them – free of charge. YouTube permits the publication of all manner of videos, which is why entire film and television programs, as well as music videos, trailers or videos produced by the users themselves, can be called up via the Internet portal.

YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Every time one of the individual pages of this website operated by the controller in which a YouTube component (YouTube video) has been integrated, the respective YouTube component automatically prompts the web browser on the data subject’s IT system to download from YouTube a representation of the respective YouTube component. More information about YouTube can be found at https://www.youtube.com/yt/about/de/. This technical process provides YouTube and Google with information about the specific sub-page of our website visited by the affected data subject.

If the data subject is logged in to YouTube at the same time, YouTube recognises which specific subpage of our website he or she is visiting when calling up a sub-page containing a YouTube video. This information is collected by YouTube and Google and associated with the data subject’s respective YouTube account.

The YouTube component will always notify YouTube and Google that the data subject has visited our website if the data subject is logged in to YouTube at the same time as he or she accesses our website; this occurs regardless of whether the data subject clicks a YouTube video or not. If the data subject does not wish for this information to be transmitted to YouTube and Google, he or she can prevent its transmission by logging out of his or her YouTube account before calling up our website.

The data protection regulations published by YouTube, which are to be found at https://policies.google.com/privacy?hl=en-GB&gl=de/, provide information about how personal data are collected, processed and used by YouTube and Google.

17. Payment method: data-protection provisions relative to PayPal as payment method

The controller has integrated components of PayPal on this website. PayPal is an online provider of payment services. Payments are processed via what are known as ‘PayPal accounts’; these are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit card if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and provides buyer-protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If, when ordering from our Online shop, the data subject selects ‘PayPal’ as his or her payment option, data about the data subject are automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of the personal data required for payment processing.

The personal data transmitted to PayPal are typically the individual’s first name, last name, address, e-mail address, IP address, telephone number, mobile phone number, or other data required for payment processing. Personal data in connection with the respective order are also required to process the purchase agreement.

The purpose for data transmission is to process payments and prevent fraud. The controller will transmit personal data to PayPal particularly if there is a legitimate interest for the transmission. Personal data exchanged between PayPal and the controller may be transferred by PayPal to credit agencies. The purpose of this transmission is to verify identity and creditworthiness.

PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent necessary to meet contractual obligations, or for the processing of order data.

The data subject has the option of revoking his or her consent to PayPal for the handling of his or her personal data at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.

The applicable data-protection provisions of PayPal may be called up from https://www.paypal.com/webapps/mpp/ua/privacy-full.

18. Data-protection provisions relative to the operation and use of Google reCAPTCHA

Our website uses Google reCaptcha to check and prevent automated servers known as ‘bots’ from accessing and interacting with our website. This is a service provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as ‘Google’). This service allows Google to determine from which website a request has been sent, and from which IP address you use what is referred to as the ‘reCAPTCHA input box’. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service. The legal basis is for this is Article 6(1) of the General Data Protection Regulation. Our legitimate interest lies in ensuring the security of our website, and in the prevention of unwanted, automated access in the form of SPAM. Alternatively, you may also send us an email addressed to INFO@GERTRAUD-GRUBER.DE.

19. Basis in law for processing

Art. 6(1)(a) GDPR serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6(1)(b) GDPR. The same applies to such processing methods as are necessary to carry out pre-contractual measures, such as in cases of enquiries about our products or services. If our company is subject to a legal obligation as a result of which processing of personal data is required, for example to fulfil tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured at our company and their name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. The processing would then be based on Art. 6(1)(d) GDPR. Finally, processing operations might be based on Art. 6(1)(f) GDPR. Processing operations not covered by any of the bases in law mentioned above are legally grounded if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overriding. We have express authority to carry out such processing operations as these have been specifically mentioned under European law. In this respect, the law represented the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2, GDPR).

20. Legitimate interests in processing pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business operations for the well-being of all our employees and our shareholders.

21. Duration for which the personal data will be stored

The criterion for the duration of the storage of personal data is the statutory retention period in question. After the deadline, the corresponding data will be routinely deleted if they are no longer required for fulfilling the contract or for initiating a contract.

22. Legal or contractual requirements to provide personal data; necessity for conclusion of contract; obligation of the data subject to provide personal data; possible consequences of non-provision

We inform you that the provision of personal data is required by law in some cases (e.g. tax regulations) or may also result from contractual provisions (e.g. information about the contract partner). In order to conclude a contract, at times it may be necessary for a data subject to provide us with personal data that we must subsequently process. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would mean the contract with the data subject cannot be concluded. Before the data subject provides personal data, they must contact one of our employees. Our employee will inform the data subject, on a case-by-case basis, as to whether provision of personal data is required by law or by contract, or is required to conclude the contract, whether there is an obligation to provide personal data, and of the consequences of failure to provide personal data.

This Privacy Policy has been drawn up through the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, in cooperation with the DATENSCHUTZ ANWÄLTEN DER KANZLEI WILDE BEUGER SOLMECKE | RECHTSANWÄLTE

This website uses cookies. We use cookies to personalise content and advertising, to provide social media features and to analyse access to our website. We also share information about your use of our website with our partners for social media, advertising and analytics. Our partners may combine this information with other data that you have provided to them or that they have collected from your use of their services.

Cookies are small text files that websites can use to make a user’s experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. We require your permission for all other types of cookies.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

You may modify or revoke your consent to the cookie declaration on our website at any time.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

When contacting us regarding your consent, you are kindly requested to provide your Consent ID and date.

Your consent applies to the following domains: www.gertraud-gruber.de Your current status: Reject. Your Consent ID: g6Oy70boNr4dY22tFW5BNDF+1jqELVH+fyZP5LimRSRQginZ5CUqGw==Consent date: Friday, 16 September 2022 09:04:55 CEST Modify consent The most recent update to the Cookie Statement occurred on 8 November 2022 and was updated by Cookiebot:

Necessary (20)

Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.