1) Information on the collection of personal data and contact details of the responsible person
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. In this context, personal data is all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (DSGVO) is Dr. Gupta Verlags GmbH, Am Stadion 3b, 40878 Ratingen, Germany, Tel.: 0210293450, Fax: 02102934520, E-Mail: email@example.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the string „https://“ and the lock symbol in your browser line.
2) Data collection when visiting our website
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called „server log files“). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymised form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
4) Contacting us
When contacting us (e.g. via contact form or e-mail), personal data is processed – exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5) Data processing when opening a customer account
Pursuant to Art. 6 para. 1 lit. b DSGVO, personal data will continue to be collected and processed to the extent required in each case if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no legal retention periods are opposed and no legitimate interest on our part in the continued storage exists.
6) Comment function
Within the framework of the comment function on this website, in addition to your comment, details of the time at which the comment was created and the comment name you have chosen will be stored and published on this website. Furthermore, your IP address will be stored for security reasons in order to enable an attribution to the author in case of illegal comments. Your e-mail address will be stored for the purpose of contacting you in the event that a third party should object to your published content as being illegal.
7) Use of customer data for direct marketing purposes
- Newsletter dispatch via Sendinblue
Our e-mail newsletters are sent via the technical service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 Para. 1 lit. f DSGVO and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data you enter for the purpose of receiving the newsletter (e.g. email address) is stored on Sendinblue’s servers in the EU.
Sendinblue uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the sent emails contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively in pseudonymised form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Furthermore, Sendinblue may use this data itself in accordance with Art. 6 (1) lit. f DSGVO on the basis of its own legitimate interest in the needs-based design and optimisation of the service as well as for market research purposes, for example to determine which countries the recipients come from. However, Sendinblue does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
We have concluded an order processing agreement with Sendinblue, with which we oblige Sendinblue to protect our customers‘ data and not to pass it on to third parties.
8) Data processing for order processing
8.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b DSGVO.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you personally by suitable means of communication (e.g. by post or e-mail) about upcoming updates within the legally stipulated period of time within the framework of our statutory duty to inform pursuant to Art. 6 (1) lit. c DSGVO. Your contact details will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.
In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the performance of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
8.2 Use of payment service providers (payment services)
If you choose a payment method from the payment service provider PAYONE, the payment will be processed via the payment service provider PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, to whom we will pass on the information you provided during the ordering process, together with information about your order, in accordance with Art. 6 Para. 1 lit. b DSGVO. Your data will only be passed on for the purpose of payment processing with the payment service provider PAYONE and only insofar as it is necessary for this purpose.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – „purchase on account“ or „payment by instalments“ via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter „PayPal“) as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b DSGVO and only insofar as this is necessary for the payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal or – if offered – „purchase on account“ or „payment by instalments“ via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
9) Web analytics services
Google Analytics 4
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“), to analyse the use of websites.
When using Google Analytics 4, so-called „cookies“ are used as standard. Cookies are text files that are stored on your terminal device and enable an analysis of your use of a website. The information collected by cookies about your use of the website (including the IP address transmitted by your terminal device, shortened by the last few digits, see below) is usually transmitted to a Google server and stored and processed there. This may also result in the transmission of information to the servers of Google LLC, a company based in the USA, where the information is further processed.
When using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is always collected and processed automatically and by default only in an anonymised manner, so that the information collected cannot be directly related to a person. This automatic anonymisation is carried out by Google shortening the IP address transmitted by your terminal device within member states of the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA) by the last digits.
Google uses this and other information on our behalf to evaluate your use of the website, to compile reports on your website activities and usage behaviour and to provide us with other services related to your website and internet usage. In this context, the IP address transmitted and shortened by your terminal device within the scope of Google Analytics 4 will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be stored for 2 months and then deleted.
Google Analytics 4 also enables the creation of statistics with statements about age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the inclusion of third-party information via a special function, the so-called „demographic characteristics“. This makes it possible to determine and distinguish user groups of the website for the purpose of targeting marketing measures. However, data collected via the „demographic characteristics“ cannot be assigned to a specific person and thus also not to you personally. This data collected via the „demographic characteristics“ function is kept for two months and then deleted.
All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the end device used by you for the use of the website, only takes place if you have given us your express consent for this in accordance with Art. 6 Para. 1 lit. a DSGVO. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the „Cookie Consent Tool“ provided on the website.
In connection with this website, the „UserIDs“ function is also used as an extension of Google Analytics 4. By assigning individual UserIDs, we can have Google generate cross-device reports (so-called „cross-device tracking“). This means that your usage behaviour can also be analysed across devices if you have given your corresponding consent to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a DSGVO, if you have set up a personal account by registering on this website and are logged into your personal account on different end devices with your relevant login data. The data collected in this way shows, among other things, on which end device you clicked on an ad for the first time and on which end device the relevant conversion took place.
In connection with this website, the Google Signals service is also used as an extension of Google Analytics 4. With Google Signals, we can have Google create cross-device reports (so-called „cross-device tracking“). If you have activated „personalised ads“ in your Google account settings and linked your internet-enabled end devices to your Google account, Google can analyse usage behaviour across devices and create database models based on this if you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a DSGVO. This takes into account the logins and device types of all website users who were logged into a Google account and performed a conversion. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the relevant conversion took place. We do not receive any personal data from Google, but only statistics compiled on the basis of Google Signals. You have the option of deactivating the „personalised ads“ function in the settings of your Google account and thus turning off the cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de
Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de
We have concluded a so-called order processing agreement with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties.
To ensure compliance with the European level of data protection, also in the event of any transfer of data from the EU or EEA to the USA and possible further processing there, Google refers to the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.
Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites.
10) Retargeting/ Remarketing/ Referral advertising
Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing, with which we advertise for this website in Google search results, as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“). For this purpose, Google sets a cookie in the browser of your terminal device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. Further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google Account and using information from your Google Account to personalise the ads you see on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data in order to form target groups. The use of Google Ads Remarketing may also involve the transmission of personal data to the servers of Google LLC. in the USA.
Details on the processing triggered by Google Ads Remarketing and on Google’s handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites.
You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the Google browser plug-in available at the following link:
All processing described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service in the „cookie consent tool“ provided on the website.
11) Site functionalities
11.1 – Google Web Fonts
This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“) for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This may also result in the transmission of personal data to the servers of Google LLC. in the USA. In this way, Google learns that our website has been accessed via your IP address. The processing of personal data in the course of establishing a connection with the provider of the fonts is only carried out if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with future effect by deactivating this service in the „cookie consent tool“ provided on the website. If your browser does not support web fonts, a standard font will be used by your computer.
11.2 Google reCAPTCHA
On this website we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“). This function is primarily used to distinguish whether an entry is made by a natural person or is abused by machine and automated processing. The service includes the sending of the IP address and, if applicable, further data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in determining individual personal responsibility on the Internet and the prevention of abuse and spam. The use of Google reCAPTCHA may also involve the transmission of personal data to the servers of Google LLC. in the USA.
Further information on Google reCAPTCHA and Google’s data protection declaration can be found at: https://www.google.com/intl/de/policies/privacy/.
Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the option described above for making an objection.
12) Tools and other
- Transmission of error messages to LogRocket
We have implemented the service of LogRocket Inc, One Kendall Square, B6201, Cambridge, MA 02139, USA („LogRocket“) on our website for the automatic transmission of error reports.
In the event of technical complications or functional impairments in connection with the operation of the website, LogRocket sends automatic error reports containing information on the respective source of the error and its origin. Server information as well as usage parameters such as the IP address, the browser used, time stamps and the URL accessed are transmitted.
Depending on the origin of the error, error reports may also contain further personal customer data that we have collected and stored in the course of concluding contracts (in particular first and last name, address, e-mail address). This is always conceivable if the error occurs in connection with a software-based processing of customer data.
If personal data are also involved in the information thus transmitted, the processing is carried out pursuant to Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in an efficient error cause analysis to improve the reliability and functionality of our Internet presence.Further information on the data protection provisions of LogRocket can be found here: https://logrocket.com/privacy/
13) Rights of the data subject
13.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective prerequisites for exercising these rights:
- Right to information pursuant to Art. 15 DSGVO;
- Right to rectification pursuant to Art. 16 DSGVO;
- Right to erasure pursuant to Art. 17 DSGVO;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to information pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent granted pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 DSGVO.
13.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
14) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the processing purpose and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, this data is stored until the data subject revokes his/her consent.
If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) DSGVO, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract and/or there is no justified interest on our part in continuing to store it.
When processing personal data on the basis of Article 6(1)(f) of the GDPR, such data shall be stored until the data subject exercises his/her right to object pursuant to Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6(1)(f) DSGVO, such data shall be stored until the data subject exercises his or her right to object pursuant to Art. 21(2) DSGVO.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.