.webp?ts=1690367780)
.webp?ts=1690357017)
Privacy policy
Introduction and general information
Thank you for your interest in our website. The protection of your personal data is very important to us. In the following, you will find information on how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal regulations on data protection.
Responsible person in the sense of the DSGVO
sodasan Wasch- und Reinigungsmittel GmbH
Rudolf-Diesel-Str.19
26670 Uplengen
Germany
Contact details of the data protection officer
Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
When contacting the data protection officer, please name the company to which your inquiry refers. Please refrain from enclosing sensitive information, such as a copy of an ID card, with your inquiry.
Definitions
Our data protection declaration should be simple and understandable for everyone. In this privacy policy, the official terms of the General Data Protection Regulation (GDPR) are generally used. The official definitions are explained in Art. 4 DSGVO.
Access to and storage of information in terminal equipment
By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.
In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 (1) Sentence 1, (2) No. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Article 6 (1) a DSGVO. The consent can be revoked at any time for the future. The provisions of the DSGVO and the German Federal Data Protection Act (BDSG) apply to the processing of your personal data.
For further information on the processing of your personal data and the relevant legal bases in this context, please refer to the following sections on the specific processing activities on our website.
Web hosting
This website is hosted by an external service provider (hoster). The hosting of this website takes place in Germany Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the site
Browser used
Operating system used
IP address used
Personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, website accesses and other data generated via a website.
We collect the listed data in order to ensure a smooth connection of the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The legal basis for the processing of the data is our legitimate interest in the correct display and functionality of our website in accordance with Art. 6 (1) lit. f DSGVO.
We have concluded an order processing agreement with the provider in accordance with the requirements of Art. 28 DSGVO, in which we oblige the provider to protect our customers' data and not to pass it on to third parties.
Server log files
When you call up our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:
Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser and operating system used
(Complete) IP address of the requesting computer
Amount of data transferred
We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 (1) lit. f DSGVO.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. After 14 days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user.
In addition, the data is processed in anonymized form for statistical purposes, if necessary. This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.
Server log files
When you access our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:
Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser and operating system used
(Complete) IP address of the requesting computer
Amount of data transferred
We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 (1) lit. f DSGVO.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. After 14 days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user.
In addition, the data is processed in anonymized form for statistical purposes, if necessary. This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.
Comment function
As a user of our website, you have the opportunity to leave comments on individual articles in our store. For this we need your name or a pseudonym and your e-mail address (will not be published). Furthermore, your IP address and the time of publication will be logged and stored for 7 days. This storage of the IP address is done for security reasons and in the event that the person concerned violates the rights of third parties by a submitted comment or posts illegal content. We need your e-mail address to contact you in case a third party objects to your published content as illegal.
The storage of comments is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.
The storage of additional information (IP address and email address) is based on our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO.
We reserve the right to delete comments if they are objected to by third parties as unlawful.
The collected IP and email addresses are deleted after 7 days.
If you would like us to delete one of your published comments, please contact us.
Registration of a customer account
You have the possibility to create a customer account in our online store in order to order goods. In the course of registering and setting up your customer account, we collect and use the following personal data:
- First name, last name and title
- e-mail address
- Your address
- Date and time of registration
In addition, voluntary information can be provided (e.g. telephone number). Mandatory information, which is provided for the purpose of registration, is marked in the input mask with an asterisk as a required field.
The legal basis for data required to provide the customer account and order goods is Art. 6 para. 1 lit. b DSGVO.
For the processing of voluntary information, the legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a DSGVO. Your data will be deleted as soon as the user account on our website is deleted and insofar as no legal retention obligations exist. A change and / or deletion of their customer account, including the data provided by you, you can usually make after a login directly in your user account or by sending a message to the responsible person mentioned in the introduction.
Contact form and contact by e-mail
If you send us inquiries via contact form or e-mail, your data from the inquiry form or your e-mail, including the personal data you provide there, will be stored by us for processing the inquiry and in case of follow-up questions. The specification of an e-mail address is required for contacting us, the specification of your first and last name and your telephone number is voluntary. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO and, if applicable, Art. 6 (1) lit. b DSGVO, if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6 (1) lit. f DSGVO.
Newsletter (Brevo)
If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail as mandatory information.
Additional data may be provided in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.
We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, want to receive newsletters in the future. With the confirmation, you give us your consent pursuant to Art. 6 para. 1 lit. a DSGVO that we may use your personal data for the purpose of sending the desired newsletter.
When registering for the newsletter, we store, in addition to the e-mail address required for sending, the IP address through which you registered for the newsletter, as well as the date and time of registration and confirmation, in order to be able to track possible misuse at a later date.
You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an e-mail to the responsible person named above. After unsubscribing, your e-mail address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.
Our e-mail newsletters are sent via a technical service provider, to whom we pass on the data you provided when registering for the newsletter.
The service provider uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Email service provider:
Service provider: Sendinblue GmbH
Address: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany.
Privacy policy: https://www.brevo.com/de/legal/privacypolicy/
Cookies
Our website uses so-called "cookies". Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.
The processing of data through the use of strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 (1) lit. f DSGVO in the technically error-free provision of our services. For details on the processing purposes and legitimate interests, please refer to the explanations on the specific data processing.
The processing of personal data through the use of other cookies is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time for the future. Insofar as such cookies are used for analysis and optimization purposes, we will inform you separately about this within the framework of this data protection declaration and obtain your consent in accordance with Art. 6 (1) lit. a DSGVO.
You can set your browser so that you are
be informed about the setting of cookies,
allow cookies only in individual cases,
exclude the acceptance of cookies for certain cases or in general,
activate the automatic deletion of cookies when closing the browser.
The cookie settings can be managed under the following links for the respective browsers:
Google Chrome, Mozilla Firefox , Edge (Microsoft), Safari, Opera
You can also manage cookies of many companies and functions used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called "do-not-track function". When this function is activated, the respective browser tells advertising networks, websites and applications that you do not want to be "tracked" for behavioral advertising and the like.
You can get information and instructions on how to edit this feature, depending on your browser provider, from the links below:
Google Chrome, Mozilla Firefox, Edge (Microsoft), Safari, Opera
Additionally, you can prevent loading of so-called scripts by default. "NoScript" allows JavaScripts, Java and other plug-ins to run only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).
Please note that if you disable cookies, the functionality of our website may be limited.
Google Analytics 4
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which can be used to analyze the use of websites.
When using Google Analytics 4, so-called "cookies" are used. The information collected by cookies about your use of the website (including the IP address transmitted by your terminal device, shortened by the last digits, see below) is usually transmitted to a Google server and stored and processed there. In the process, information may also be transmitted to the servers of Google LLC, which is based in the USA, where it may be further processed.
When using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is always collected and processed by default and automatically only in a shortened form, so that a direct personal reference of the collected information is excluded. This automatic anonymization is carried out by Google shortening the IP address transmitted by your terminal device within member states of the European Union (EU) or other contracting states to the Agreement on the European Economic Area (EEA) by the last digits.
On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports (reports) on your website activities or your usage behavior and to provide us with further services related to your website usage and internet usage. In this context, the IP address transmitted and shortened by your terminal device within the scope of Google Analytics 4 will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be retained for 2 months and then deleted.
Google Analytics 4 also enables the creation of statistics with statements about age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the involvement of third-party information via a special function, the so-called "demographic characteristics". This makes it possible to determine and distinguish user groups of the website for the purpose of targeting marketing measures. However, data collected via the "demographic characteristics" cannot be assigned to a specific person and thus not to you personally. This data collected via the "demographic characteristics" function is retained for 2 months and then deleted.
All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the terminal device used by you for the use of the website, will only take place if you have given us your express consent for this in accordance with Art. 6 (1) lit. a DSGVO. Without your consent, Google Analytics 4 will not be used during your use of the website.
In connection with this website, the "UserIDs" function is also used as an extension of Google Analytics 4. By assigning individual UserIDs, we can have Google create cross-device reports (so-called "cross-device tracking"). This means that your usage behavior can also be analyzed across devices if you have given your corresponding consent to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a DSGVO, if you have set up a personal account by registering on this website and are logged into your personal account on different end devices with your relevant login data. The data collected in this way shows, among other things, on which end device you clicked on an ad for the first time and on which end device the relevant conversion took place.
We have concluded a so-called order processing agreement with Google for our use of Google Analytics 4, by which Google is obliged to protect the data of our website users and not to pass it on to third parties.
As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de
Details on the processing triggered by Google Analytics 4 and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
Google Tag Manager
This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Through this service, website tags can be managed via an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user's IP address is transmitted to Google to establish the connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
We use the Google Tag Manager on the basis of your consent pursuant to Art. 6 (1) lit. a DSGVO.
Since there is a transfer of the IP address to Google in the USA, further protection mechanisms are required to ensure the data protection level of the DSGVO. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
YouTube
On our website, we embed videos from "YouTube", a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). The legal basis for the processing of your personal data is your consent granted for this purpose pursuant to Art. 6 (1) lit. a DSGVO.
If the playback of embedded YouTube videos is started by your consent, the provider "YouTube" uses cookies to collect information about user behavior. According to information from "YouTube", these are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behavior. If you are logged in to Google, your data is directly assigned to your account when you click on a video. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. Google stores this data as usage profiles and uses them for the purposes of advertising, market research and / or needs-based design of its websites. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this purpose.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, Google uses standard data protection clauses in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.
Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy?hl=de&gl=de.
Change cookie settings
You can revoke or change your cookie settings at any time. To do so, call up the cookie settings again via our integrated thumbprint. You can find this at any time on the bottom left of the website."
or
You can revoke or change your cookie settings at any time. To do so, call up the cookie settings again via this link (embed hyperlink to cookie settings).
External links
Social networks (Facebook, Twitter, Instagram) are only embedded on our website as a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. Only after the redirection, user information is transferred to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection provisions of the providers you use.
Data transfer and recipients
Your personal data will not be transferred to third parties unless
- if we have explicitly indicated this in the description of the respective data processing,
- if you have given your express consent to this in accordance with Art. 6 Para. 1 lit. a DSGVO,
- the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 (1) (f) DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) c DSGVO, and
- as far as this is necessary for the processing of contractual relationships with you according to Art. 6 para. 1 lit. b DSGVO.
In addition, we use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with which we have concluded order processing agreements in accordance with Art. 28 DSGVO, if necessary. These are bound by our instructions and are regularly monitored by us. These are, among others, service providers for hosting, sending emails and maintenance and care of our IT systems, etc. The service providers will not pass this data on to third parties.
Data security
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
Duration of storage of personal data
The duration of the storage of personal data is measured by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfillment or initiation of a contract or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for these purposes or you have exercised your right of revocation or objection.
Your rights
In the following, you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:
The right to request information about your personal data processed by us pursuant to Article 15 of the GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
The right, in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or completion of your personal data stored by us.
The right, pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
The right to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO.
The right, pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
The right to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace for this purpose.
The right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right of objection
Insofar as your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.
If you wish to exercise your right of revocation or objection, an e-mail to info@sodasan.com is sufficient
Legal obligations
The provision of personal data for the decision on the conclusion of a contract, the performance of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the performance of the contract or pre-contractual measures.
Automated decision making
Automated decision-making or profiling in accordance with Art. 22 DSGVO does not take place.
Subject to change
We reserve the right to adapt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.
Status of this data protection declaration: 23.05.2023
Data protection declaration Ordering process
Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.
Responsible person
Contact us at any time. The person responsible for data processing is: Kathrin Linnemann-Hülßner, Eisenstraße 11, 26215 Wiefelstede Deutschland, 04402-9393750, sodasan-shop@bio-linn.com
Customer account Orders
Shipping companies
Payment service providers Credit check
We use the PayPal Check-Out payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the payment service. With the selection and use of payment via PayPal, credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO.
Cookies may be stored that enable your browser to be recognised. The resulting data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest in a customer-oriented range of varying payment methods. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
Credit card via PayPal, direct debit via PayPal & "Pay later" via PayPal.
For individual payment methods such as credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal, PayPal reserves the right, if necessary, to obtain credit information on the basis of mathematical-statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a weighed decision on the establishment, implementation or termination of the contractual relationship. The credit information may include probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical methods and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for a contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO for our overriding legitimate interest in protecting against payment default when PayPal makes advance payments.
You have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) DSGVO for reasons arising from your particular situation by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide it will result in the contract not being concluded with the payment method you have chosen.
Local third-party providers
When paying via the payment method of a local third-party provider, the data required for payment processing is transmitted to PayPal. This processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO. For the execution of this payment method, the data may then be forwarded by PayPal to the respective provider. This processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO. Local third-party providers may be, for example:
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany).
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
Purchase on account via PayPal
When paying via the payment method purchase on account, the data required to process the payment is first transmitted to PayPal. For the execution of this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO. Ratepay may conduct a credit check on the basis of mathematical-statistical methods using credit agencies according to the procedure already described above. The data processing serves the purpose of credit assessment for contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO from our overriding legitimate interest in protecting against payment default when Ratepay makes advance payments. For more information on data protection and which credit agencies Ratpay uses, please visit https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
For more information on data processing when using PayPal, please see the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Rights of persons affected and storage duration
Prinzenstraße 5
30159 Hannover
Tel.: +49 511 1204500
Fax: +49 511 1204599
E-Mail: poststelle@lfd.niedersachsen.de