Go to homepage
€0.00*

Privacy Policy

Introduction and General Information

Thank you for your interest in our website. Protecting your personal data is very important to us. Below, you will find information on how your data is handled when using our website. The processing of your data complies with the legal data protection regulations.

Controller under GDPR

sodasan Washing and Cleaning Products
Rudolf-Diesel-Str. 19
26670 Uplengen
Germany

Data Protection Officer Contact Details

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
Email: datenschutzbeauftragter@datenschutzexperte.de

Please mention the company your inquiry refers to when contacting the Data Protection Officer. Avoid including sensitive information, such as a copy of your ID, in your inquiry.

Definitions

Our Privacy Policy is designed to be simple and comprehensible for everyone. In this Privacy Policy, we generally use the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Article 4 GDPR.

Access and Storage of Information on End Devices

When using our website, access to information (e.g., IP address) or storage of information (e.g., cookies) on your end devices may occur. This access or storage may involve further processing of personal data as defined by the GDPR.

When such access or storage is essential for the error-free technical provision of our services, it is based on Section 25(1) Sentence 1, Section 25(2) No. 2 of the TTDSG (German Telecommunications-Telemedia Data Protection Act).

In cases where such actions serve other purposes (e.g., customizing our website), they are based on your consent under Article 6(1)(a) GDPR. Consent can be withdrawn at any time for future use. For processing your personal data, the provisions of the GDPR and the Federal Data Protection Act (BDSG) apply.

Further details about the processing of your personal data and the relevant legal bases can be found in the subsequent sections covering specific processing activities on our website.

Web Hosting

This website is hosted by an external service provider (Host). Hosting is performed in Germany.

Data Collected:

  • Visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/referral from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used

Personal data collected on this website is stored on the servers of the host. This may include IP addresses, contact inquiries, meta and communication data, website access, and other data generated via a website.

The data listed above is collected to ensure a smooth connection to the website and the error-free technical provision of our services. Processing of this data is essential to provide you with the website. The legal basis for processing the data is our legitimate interest in correctly displaying and operating our website, in accordance with Article 6(1)(f) GDPR.

We have entered into a data processing agreement with the provider in accordance with Article 28 GDPR, requiring them to protect our customers' data and not disclose it to third parties.

Server Log Files

When accessing our website, data must be transmitted from your internet browser to our web server for technical reasons. The following data is recorded during an active connection for communication between your internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status
  • Browser and operating system used
  • (Full) IP address of the requesting computer
  • Amount of data transferred

The listed data is collected to ensure a smooth connection to the website and the error-free technical provision of our services. The log files are used for system security and stability analysis as well as for administrative purposes. The legal basis for processing the data is our legitimate interest in protecting and operating our website in accordance with Article 6(1)(f) GDPR.

For technical security reasons, particularly to prevent attacks on our web server, this data is stored temporarily. After 14 days, the data is anonymized by shortening the IP address at the domain level, making it impossible to associate it with an individual user.

The data may also be processed anonymously for statistical purposes. At no time will this data be stored together with other personal data of the user, matched with other data sets, or shared with third parties.

Comment Functionality

As a user of our website, you have the opportunity to leave comments on individual articles in our shop. For this, we require your name or pseudonym and your email address (which will not be published). Additionally, your IP address and the time of publication will be logged and stored for seven days.

The storage of the IP address is for security reasons and in case the affected person violates the rights of third parties or posts illegal content through a comment. We need your email address to contact you if a third party deems your published content illegal.

Storing comments is based on your consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time with future effect by sending us a simple email. The legality of the data processing that occurred before the withdrawal remains unaffected.

Additional information storage (IP address and email address) is based on our legitimate interest under Article 6(1)(f) GDPR. We reserve the right to delete comments if they are reported as unlawful by third parties. The collected IP and email addresses are deleted after seven days.

If you want us to delete one of your published comments, please contact us.

Registering a Customer Account

You have the option to create a customer account in our online shop to place orders. During registration and setup of your customer account, we collect and use the following personal data:

  • First and last name, including title
  • Email address
  • Address
  • Date and time of registration

You may also provide optional information (e.g., telephone number). Required fields for registration purposes are marked as mandatory with an asterisk in the input form.

The legal basis for processing data necessary to provide the customer account and order goods is Article 6(1)(b) GDPR. For the processing of optional information, the legal basis is your consent pursuant to Article 6(1)(a) GDPR.

Your data will be deleted as soon as the customer account on our website is deleted, provided there are no legal retention obligations. You can usually modify and/or delete your customer account, including the data provided, directly in your user account after logging in or by contacting the responsible party mentioned above.

Contact Form and Email Communication

If you send us inquiries via the contact form or email, the information you provide in the form or email, including any personal data you provide, will be stored for the purpose of processing the inquiry and for any follow-up questions. Providing an email address is necessary to contact you; providing your first and last name and phone number is optional. This data will not be shared without your consent.

The legal basis for data processing is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) GDPR and, where applicable, Article 6(1)(b) GDPR if your inquiry relates to concluding a contract. Your data will be deleted once your inquiry has been fully processed, provided there are no legal retention obligations. You may object to the processing of your personal data at any time under Article 6(1)(f) GDPR.

Newsletter (Brevo)

If you wish to subscribe to the newsletter offered on our website, which provides regular information about our products and offers, we require your email address as a mandatory field.

Additional data may be provided to personalize the newsletter and/or identify you if you exercise your rights as a data subject.

We use the double opt-in procedure for sending newsletters. This means that we will only send you a newsletter after you have explicitly confirmed that you consent to receiving newsletters. To confirm, you will first receive an email with a link that you must click to confirm your consent to receiving newsletters. By confirming, you give your consent in accordance with Article 6(1)(a) GDPR for the use of your personal data for the purpose of sending the newsletter.

When signing up for the newsletter, we store the email address required for sending it, as well as the IP address used during registration and the date and time of registration and confirmation, to detect any misuse at a later date.

You can unsubscribe from the newsletter at any time via the link included in every newsletter or by contacting the controller mentioned above via email. After unsubscribing, your email address will be immediately removed from our newsletter distribution list unless you have explicitly consented to further use of the collected data or further processing is legally permissible.

Email Service Provider

Our email newsletters are sent via a technical service provider to whom we provide the data collected during newsletter registration.

The service provider uses this information to send the newsletters and to statistically analyze the newsletters on our behalf. For analysis, the emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This allows us to determine if a newsletter was opened and which links were clicked. Using conversion tracking, it can also be analyzed whether a predefined action (e.g., purchasing a product on our website) occurred after clicking a link in the newsletter.

Technical information (e.g., time of retrieval, IP address, browser type, and operating system) is also collected. The data is collected exclusively in pseudonymized form and is not linked to your other personal data, ensuring no direct personal identification. This data is used solely for statistical analysis of newsletter campaigns. The results of these analyses can be used to tailor future newsletters better to the interests of recipients.

If you object to the statistical evaluation of data for analysis purposes, you must unsubscribe from the newsletter.

Sendinblue GmbH

Service Provider: Sendinblue GmbH
Address: Köpenicker Str. 126, 10179 Berlin
Privacy Policy: https://www.brevo.com/de/legal/privacypolicy/

Cookies

Our website uses so-called “cookies.” Cookies are small text files that are either stored temporarily for the duration of a session (session cookies) or permanently on your device (persistent cookies). Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them or your web browser performs automatic deletion.

Cookies serve various functions. Many cookies are technically necessary as certain website functions would not work without them (e.g., shopping cart functionality or language settings). Other cookies are used to analyze user behavior or display advertisements.

Data processing through the use of strictly necessary cookies is based on our legitimate interest under Article 6(1)(f) GDPR in ensuring the error-free technical provision of our services. Details regarding processing purposes and legitimate interests can be found in the explanations of specific data processing activities.

The processing of personal data through the use of other cookies is based on your consent under Article 6(1)(a) GDPR. Consent can be withdrawn at any time for future use. If cookies are used for analysis and optimization purposes, we will inform you separately in this privacy policy and obtain your consent under Article 6(1)(a) GDPR.

Managing Cookies

You can configure your browser to:

  • Inform you about the setting of cookies,
  • Allow cookies only in individual cases,
  • Exclude the acceptance of cookies for certain cases or generally,
  • Automatically delete cookies when closing the browser.

Cookie settings can be managed for the respective browsers under the following links:

You can also individually manage cookies for many companies and features used for advertising. Use the appropriate user tools available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Do-Not-Track Function

Most browsers offer a so-called “Do-Not-Track” function. When this function is activated, your browser informs advertising networks, websites, and applications that you do not wish to be “tracked” for behavioral advertising and similar purposes.

Information and instructions on how to modify this function can be found depending on your browser provider at the following links:

Preventing Scripts

You can also prevent scripts from being loaded by default. “NoScript” allows the execution of JavaScripts, Java, and other plugins only on trusted domains of your choice. Information and instructions on how to modify this function can be obtained from your browser provider (e.g., for Mozilla Firefox at: https://addons.mozilla.org/en/firefox/addon/noscript/).

Please note that disabling cookies may limit the functionality of our website.

Google Analytics 4

This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows for the analysis of website usage.

When using Google Analytics 4, so-called "cookies" are employed. Information collected through these cookies about your use of the website (including the IP address transmitted by your device, truncated to exclude the last digits, see below) is generally transmitted to and stored on a Google server. This may also involve the transfer of information to Google LLC servers located in the USA, where further processing of the information may occur.

When using Google Analytics 4, the IP address transmitted by your device during your use of the website is always and automatically collected and processed in a truncated form to exclude direct personal identification. This automatic anonymization ensures that the IP address transmitted by your device is truncated by Google within member states of the European Union (EU) or other contracting states to the Agreement on the European Economic Area (EEA).

On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports on your website activities and usage behavior, and to provide other services related to website and internet usage to us. The IP address transmitted by your device in the context of Google Analytics 4 is not combined with other Google data. The data collected through the use of Google Analytics 4 is stored for 2 months and then deleted.

Google Analytics 4 also allows, via a special function known as “demographic characteristics,” the creation of statistics containing information about the age, gender, and interests of website users. This is based on an analysis of interest-based advertising and the use of third-party information. This allows for the identification and differentiation of user groups on the website for the purpose of targeted marketing measures. Data collected via the "demographic characteristics" function cannot be assigned to a specific person and, therefore, not to you personally. This data is stored for 2 months and then deleted.

All of the above-described processing activities, particularly the setting of Google Analytics cookies for the storage and retrieval of information on the device you use to access the website, are carried out only if you have given us your explicit consent pursuant to Article 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the website.

In connection with this website, Google Analytics 4 also uses the "User IDs" feature. By assigning individual User IDs, we can use Google to create cross-device reports ("Cross Device Tracking"). This means that your usage behavior can also be analyzed across devices, provided you have given your corresponding consent to the use of Google Analytics 4 pursuant to Article 6(1)(a) GDPR and have registered a personal account on this website, logging in with your corresponding credentials on various devices. The data collected in this way shows, for example, on which device you first clicked on an ad and on which device the related conversion occurred.

We have entered into a data processing agreement with Google for the use of Google Analytics 4, which obligates Google to protect our website users’ data and not disclose it to third parties.

Since the transmission of personal data to the USA is involved, additional protective measures are necessary to ensure a data protection level compliant with the GDPR. To this end, we have agreed with the provider on standard contractual clauses pursuant to Article 46(2)(c) GDPR. These clauses obligate the recipient of the data in the USA to process the data in compliance with the data protection level in Europe. In cases where this contractual extension cannot ensure compliance, we strive for further agreements and assurances from the recipient in the USA.

Further legal information on Google Analytics 4, including a copy of the mentioned standard contractual clauses, can be found at the following link: https://policies.google.com/privacy?hl=en

Google Tag Manager

This website uses Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows website tags to be managed via an interface. Google Tag Manager only implements tags, which means no cookies are used, and only the user's IP address is transmitted to Google for connection purposes. Google Tag Manager triggers other tags that may, in turn, collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, it remains effective for all tracking tags implemented with Google Tag Manager.

We use Google Tag Manager based on your consent under Article 6(1)(a) GDPR.

Since the transmission of the IP address to Google involves data transfer to the USA, additional protection mechanisms are necessary to ensure compliance with GDPR data protection levels. To achieve this, we have entered into standard contractual clauses under Article 46(2)(c) GDPR with the provider. These clauses require the recipient in the USA to process the data according to European data protection standards. If this cannot be ensured, we strive for additional regulations and assurances from the recipient in the USA.

YouTube

We embed videos from "YouTube," a social media platform operated by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereafter referred to as "Google"), on our website. The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR.

When playback of embedded YouTube videos is initiated with your consent, YouTube sets cookies to collect information about user behavior. According to YouTube, these cookies are used, among other things, to gather video statistics, improve user experience, and prevent abusive actions. If you are logged into Google, your data will be directly associated with your account when you click on a video. If you do not wish this association with your YouTube profile, you must log out before activating the button. Google stores this data as usage profiles and uses it for advertising, market research, and/or tailoring its websites to user needs. Such analysis occurs particularly (even for users not logged in) to provide demand-oriented advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly to exercise this right.

Since personal data may be transmitted to the USA, additional protection mechanisms are required to ensure GDPR-compliant data protection levels. Google uses standard contractual clauses under Article 46(2)(c) GDPR to ensure compliance. These clauses require the recipient in the USA to process data according to European data protection standards. If this cannot be ensured, we strive for additional regulations and assurances from the recipient in the USA.

For more information about data protection and data usage by Google, please visit the following Google website: https://policies.google.com/privacy?hl=en&gl=en

Changing Cookie Settings

You can withdraw or modify your cookie settings at any time. To do so, revisit the cookie settings through our integrated thumbprint icon, which you can find at the bottom left of the website.

External Links

Social networks (Facebook, Twitter, Instagram) are only integrated as links to the corresponding services on our website. When you click on the embedded text/image links, you are redirected to the page of the respective provider. Only after the redirection will user information be transmitted to the respective provider. Please refer to the privacy policies of the respective providers for information on handling your personal data when using these websites.

Data Sharing and Recipients

Your personal data will not be transferred to third parties unless:

  • we have explicitly indicated this in the description of the respective data processing,
  • you have given explicit consent under Article 6(1)(a) GDPR,
  • the transfer is necessary for asserting, exercising, or defending legal claims under Article 6(1)(f) GDPR, and there is no reason to assume you have an overriding interest in the non-disclosure of your data,
  • there is a legal obligation for the transfer under Article 6(1)(c) GDPR, or
  • it is necessary for the execution of contractual relationships with you under Article 6(1)(b) GDPR.

We also use external service providers carefully selected and contracted in writing to process our services. Where necessary, we have entered into data processing agreements under Article 28 GDPR with these providers. These providers are bound to our instructions and are regularly monitored by us. Examples include providers for hosting, email dispatch, and IT system maintenance and servicing. These service providers will not share your data with third parties.

Data Security

In accordance with Article 32 GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons. For security purposes and to protect the transmission of confidential content, this website uses SSL encryption.

Duration of Personal Data Storage

The duration of personal data storage is determined by the applicable statutory retention periods (e.g., under commercial or tax law). After the respective period expires, the corresponding data is routinely deleted. If the data is required for contract fulfillment or initiation, or if we have a legitimate interest in its continued storage, the data will be deleted when it is no longer needed for these purposes or when you exercise your right to withdraw consent or object.

Your Rights

Below is information on the rights you have under applicable data protection laws regarding the processing of your personal data:

  • The right, pursuant to Article 15 GDPR, to request information about your personal data processed by us. Specifically, you can request details about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the source of your data if not collected by us, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about its details.
  • The right, pursuant to Article 16 GDPR, to request the immediate correction of inaccurate or incomplete personal data stored by us.
  • The right, pursuant to Article 17 GDPR, to request the erasure of your personal data stored by us unless the processing is necessary for exercising the right to freedom of expression and information, fulfilling a legal obligation, reasons of public interest, or for asserting, exercising, or defending legal claims.
  • The right, pursuant to Article 18 GDPR, to request the restriction of processing your personal data if you contest the accuracy of the data, the processing is unlawful, but you oppose its erasure, we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to the processing pursuant to Article 21 GDPR.
  • The right, pursuant to Article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer of such data to another controller.
  • The right, pursuant to Article 77 GDPR, to lodge a complaint with a supervisory authority. Typically, you can contact the supervisory authority of the federal state where our organization is located, your usual place of residence, or your workplace.
  • The right, pursuant to Article 7(3) GDPR, to withdraw consent previously granted at any time with future effect. In the event of withdrawal, we will immediately delete the affected data unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Object

If your personal data is processed by us on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right, pursuant to Article 21 GDPR, to object to the processing of your personal data for reasons arising from your particular situation. If your objection is directed against the processing of personal data for direct marketing purposes, you have a general right to object without the need to provide a specific reason.

If you wish to exercise your right to withdraw consent or object, simply send an email to info@sodasan.com.

Legal Obligations

The provision of personal data for decisions regarding contract conclusion, contract performance, or the execution of pre-contractual measures is voluntary. However, we can only make decisions regarding contractual measures if you provide such personal data that is necessary for the conclusion of the contract, contract performance, or pre-contractual measures.

Automated Decision-Making

No automated decision-making or profiling takes place pursuant to Article 22 GDPR.

Reservation of Changes

We reserve the right to adapt or update this privacy policy as necessary, in compliance with applicable data protection regulations. This allows us to adjust the policy to meet current legal requirements and to account for changes in our services, e.g., when introducing new services. The version of the privacy policy applicable at the time of your visit will apply.

Effective date of this privacy policy: 23.05.2023

Privacy Policy for Order Processing

Unless otherwise specified below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for concluding a contract. You are not obligated to provide the data. Failure to provide the data has no consequences. This only applies as long as no other information is given in the following processing activities.

Personal data refers to all information related to an identified or identifiable natural person.

Contact

Responsible Party

If you wish to contact us, the responsible party for data processing is: Kathrin Linnemann-Hülßner, Eisenstraße 11, 26215 Wiefelstede, Germany, Tel: +49 4402-9393750, Email: sodasan-shop@bio-linn.com

Customer-Initiated Contact via Email

If you contact us via email, we will collect your personal data (name, email address, message text) only to the extent provided by you. The data processing is carried out to process and respond to your inquiry.

  • Article 6(1)(b) GDPR: Contractual fulfillment
  • Article 6(1)(f) GDPR: Legitimate interest

Customer Account Orders

Customer Account

When you create a customer account, we collect your personal data as provided in the account setup. Data processing is carried out to enhance your shopping experience and simplify order processing.

Collection, Processing, and Transfer of Personal Data in Orders

During order placement, we collect and process your personal data only to the extent necessary for fulfilling and processing your order and responding to your inquiries.

Your data may be shared with shipping companies, payment service providers, and IT service providers as required. We comply with all legal requirements in this process.

Shipping Service Providers

Transfer of email address to shipping companies for shipping status notifications.

We provide your email address to the shipping company as part of the contractual process if you have expressly consented to this during the order process. The transfer is made to inform you of the shipping status via email. The processing is based on your consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time by notifying us or the shipping company without affecting the legality of the processing carried out on the basis of consent before withdrawal.

Payment Service Providers and Credit Check

Use of PayPal Express

We use the PayPal Express payment service from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449, Luxembourg; "PayPal") on our website. Data processing is carried out to offer you payment through the PayPal Express service. To integrate this payment service, it is necessary for PayPal to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when accessing the website. Cookies may also be used for this purpose. These cookies enable the recognition of your browser.

The processing of your personal data is based on Article 6(1)(f) GDPR, reflecting our overriding legitimate interest in offering various customer-oriented payment methods. You have the right to object to the processing of your personal data for reasons arising from your particular situation. By selecting and using PayPal Express, the data required for payment processing will be transferred to PayPal to fulfill the contract using your chosen payment method. This processing is based on Article 6(1)(b) GDPR.

Further information on data processing when using the PayPal Express payment service can be found in PayPal's privacy policy at: www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS.

Use of PayPal Checkout

We use the PayPal Checkout payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449, Luxembourg; "PayPal") on our website. The purpose of the data processing is to offer you payment via this service. When selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the personal data required for payment processing is transmitted to PayPal to fulfill the contract using the chosen payment method. This processing is based on Article 6(1)(b) GDPR.

Cookies may be stored to enable the recognition of your browser. This data processing is based on Article 6(1)(f) GDPR due to our overriding legitimate interest in providing a customer-friendly range of payment methods. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

Credit Card via PayPal, Direct Debit via PayPal & "Pay Later" via PayPal

For specific payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to conduct a credit check based on mathematical and statistical procedures using credit reference agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit reference agency and uses the obtained information about the statistical probability of payment default to make a balanced decision about the establishment, execution, or termination of the contractual relationship.

The credit check may include probability values (score values) calculated based on scientifically recognized mathematical-statistical procedures, including address data in the calculations. Your legitimate interests are taken into account in accordance with legal requirements. The data processing serves the purpose of credit assessment for contract initiation. This processing is based on Article 6(1)(f) GDPR due to our overriding legitimate interest in protecting against payment default when PayPal provides advance payments. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation by notifying PayPal. Providing the data is necessary for concluding the contract using your chosen payment method. Failure to provide the data will result in the inability to conclude the contract using your selected payment method.

Third-Party Providers

When paying via a third-party provider, the personal data required for payment processing is transmitted to PayPal. This processing is based on Article 6(1)(b) GDPR. For this payment method, the data may then be passed on by PayPal to the respective provider. This processing is also based on Article 6(1)(b) GDPR. Examples of local third-party providers include:

  • Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
  • giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)

Invoice Purchase via PayPal

When paying via the invoice purchase method, the personal data required for payment processing is first transmitted to PayPal. For this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") to fulfill the contract using your selected payment method. This processing is based on Article 6(1)(b) GDPR.

Ratepay may conduct a credit check based on mathematical and statistical procedures (probability or score values) using credit reference agencies. For more information on data protection and the credit reference agencies used by Ratepay, visit Ratepay Privacy Policy and Ratepay Credit Agencies.

Data Subject Rights and Storage Duration

Storage Duration

After complete contractual fulfillment, the data is stored for the duration of the warranty period and subsequently in accordance with statutory retention periods, particularly tax and commercial law retention periods, and is deleted after these periods expire unless you have consented to further processing and use.

Rights of Data Subjects

If the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: the right to access, rectify, delete, restrict processing, and data portability. You also have the right to object to processing based on Article 6(1)(f) GDPR and to processing for direct marketing purposes under Article 21(1) GDPR.

Right to Complain to a Supervisory Authority

According to Article 77 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your personal data is unlawful. You can lodge a complaint, for example, with the supervisory authority responsible for us:

Data Protection Commissioner for Lower Saxony
Prinzenstraße 5
30159 Hanover
Tel.: +49 511 1204500
Fax: +49 511 1204599
Email: poststelle@lfd.niedersachsen.de

Right to Object

If the processing of your personal data described here is based on our legitimate interest under Article 6(1)(f) GDPR, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation.

Once you have objected, the processing of the affected data will end unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

Last updated: November 29, 2023