Privacy policy

The data controller is:

SHIAWA GmbH
Hermannstr. 5A
70178 Stuttgart

info@shiawa.com

Thank you for your interest in our online shop. Protecting your privacy is very important to us. Below we provide you with detailed information on the handling of your data.

Access data and hosting

You can visit our websites without providing any personal information. Each time a website is accessed, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and the improvement of our services. This serves to protect our legitimate interests in the correct presentation of our offer, which weigh up the interests against each other in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. All access data is deleted no later than seven days after the end of your visit to our website.

1.1 Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of a processing operation on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact options described in this privacy policy.

1.2 Content Delivery Network

For the purpose of a shorter loading time, we use a so-called Content Delivery Network (“CDN”) for some offers. With this service, content, e.g. large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers work for us within the framework of order processing. Our service providers are located and/or use servers in countries outside the EU and EEA. For these countries there is no adequacy decision of the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact options described in this privacy policy.

Data- and contract processing and contact

2.1 Data processing for contract implementation

For the purpose of contract processing (incl. enquiries about and processing of any existing warranty and performance claims as well as any statutory update obligations) in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as we require the data in these cases to process the contract and cannot process the order without it. Which data is collected is shown in the respective input forms.

Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. after complete processing of the contract, your data will be restricted for further processing and, after expiry of the retention periods under tax and commercial law in accordance with Art. 6 Para. 1 S. 1 lit. c DSGVO deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.2 Customer account

We collect personal data if you voluntarily provide it to us when opening a customer account. Mandatory fields are marked as such, as we require the data in these cases to open the customer account and you cannot complete the account opening without providing it. Which data is collected is shown in the respective input forms. We use the data you provide to process the contract and handle your enquiries in accordance with Art. 6 para. 1 S. 1 lit. b DSGVO. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose within the customer account. After deletion of your customer account, your data will be deleted unless you expressly consent to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.3 Contacting

In the context of customer communication, we collect data in order to process your enquiries in accordance with Art. 6 para. 1 S. 1 lit. b DSGVO if you voluntarily provide us with this data when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, as in these cases we compulsorily require the data to process your contact. Which data is collected is shown in the respective input forms. After your enquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

Data processing for the purpose of shipment handling

For the purpose of contract fulfillment according to Art. 6 (1) sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, as far as this is necessary for the delivery of ordered goods.

4. data processing for payment purposes

When processing payments in our online shop, we work together with these partners: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction management

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who work for us within the framework of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves the fulfilment of the contract according to Art. 6 para. 1 S. 1 lit. b DSGVO. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
If you have any questions about our payment processing partners and the basis of our cooperation with them, please use the contact option provided in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes

Where applicable, we provide our service providers with further data, which they use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimisation of our payment processes (e.g. invoicing, processing of contested payments, accounting support). Pursuant to Art. 6 1 S. 1 lit. f DSGVO, this serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which are predominant in the context of a balancing of interests.

4.3 Identity and credit check when selecting Klarna payment services

Klarna direct debit, purchase on account via Klarna
If you choose to use the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as Klarna), we will forward your data to Klarna as part of the payment and contract processing pursuant to Art. 6 para. 1 S. 1 lit. b) DSGVO. This data is transmitted so that Klarna can create an invoice for the invoice processing you have requested and carry out an identity and credit check. Please understand that we can offer you the respective Klarna payment method only if it is made possible based on the results of the credit check. Detailed information on this and the credit reporting agencies used can be found in Klarna’s privacy policy.

4.4 Identity and Credit Check When Selecting Purchase on Account via PayOne

Wenn Sie sich für die Zahlungsart Kauf auf Rechnung (angeboten über die PayOne GmbH, Lyoner Str. 9, 60528 Frankfurt a. M., Deutschland (im Folgenden PayOne)) entscheiden, leiten wir Ihre Daten im Rahmen der Zahlungs- und Vertragsabwicklung gemäß Art. 6 Abs. 1 S. 1 lit. b) DSGVO an PayOne weiter. The transmission of this data is carried out so that PayOne can create an invoice for the billing process you requested and perform an identity and credit check. Please understand that we can offer you the purchase on account via PayOne only if it is made possible based on the results of the credit check. Detailed information on this and the credit reporting agencies used can be found in PayOne’s privacy policy .

Data processing within the Shiawa application

5.1 Amazon Web Services (AWS)
We are using services of Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS), for hosting of the Shiawa Applikation. This is in line with our legitimate interest (Art. 6(1)(f) of the GDPR).

AWS is a secure cloud services platform that provides computing power, database storage, content delivery, and other features to enable the operation of our application.

To operate Shiawa, we primarily use infrastructure provided by AWS located in Frankfurt am Main, Germany.

This refers to:

Storing data in AWS RDS and AWS S3
Hosting the application on AWS EC2 instances
Content delivery via AWS Cloudfront
Storing logfiles in AWS Cloudwatch and AWS S3

Besides data that users enter directly in shiawa, the following data is processed in AWS:

ip address in server log-files
email adress of the user

AWS is a recipient of your personal data and acts as a data processor on our behalf. This corresponds to our legitimate interest within the meaning of Art. 6(1)(f) of the GDPR, as we do not operate our own data center.

We have taken measures to ensure that your data is securely transmitted, processed, and stored, including the use of encryption and other security protocols.

Data Processing Agreement: We have entered into a Data Processing Agreement (DPA) with AWS, ensuring that AWS processes our customers’ personal data only according to our instructions and in compliance with our privacy policies, as well as German and European data protection laws.

Sub-Processors: AWS may use other companies as sub-processors to provide specific services on its behalf. In such cases, AWS takes steps to ensure that these third-party companies also adhere to our data protection standards and relevant legal requirements. A current list of these sub-processors is available upon request.

By accepting the terms and conditions when creating an account, the user agrees to the processing of their data.

Without this the functionality of the application is not possible.

Your personal data will be stored by AWS for as long as necessary for the described purposes. We delete stored server log files after 2 weeks.

For further information on options for objection and removal concerning AWS, please refer to: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please refer to: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

5.2 Sendgrid

As part of our communication and notification system, we use SendGrid, a service provided by Twilio Inc. (hereinafter “SendGrid”), to send and manage emails related to the use of our app. These are transactional emails such as confirmations, notifications, password resets, and others that are essential for the app’s functionality and communication with you as a user.

Data Transmission and Processing: When we send emails to you through our app, certain information, including your email address and the email content, is transmitted to SendGrid to facilitate the delivery of the message. This data is processed and stored on SendGrid’s secure servers, and SendGrid will use this information solely for the purpose of email delivery and management on our behalf and in accordance with our instructions.

Data Processing Agreement: We have entered into a data processing agreement with SendGrid to ensure that they process our customers’ personal data only according to our instructions and in compliance with our privacy policies and applicable data protection laws.

Logging: For the purposes of quality control and ensuring the reliability of email delivery, SendGrid may log data about the email delivery, including the time of delivery, recipient information, and whether the email was successfully delivered. These logs are used for analytical purposes and to improve the service.

Your Rights: If you wish to opt out of receiving certain types of emails, you can adjust the relevant settings in your user account or use the unsubscribe links provided in our emails. Please note that certain communications are necessary for the functioning of our app and cannot be unsubscribed from.

For more information about SendGrid and their handling of personal data, please refer to SendGrid’s privacy policy at: [Link to SendGrid’s Privacy Policy] https://www.twilio.com/en-us/legal/privacy. If you have any questions or concerns regarding the processing of your data by SendGrid, please feel free to contact us.

Advertisements via E-Mail, mail, phone

6.1 Email Newsletter with Registration, Newsletter Tracking with Separate Consent

When you subscribe to our newsletter, we use the data necessary for this purpose or provided separately by you to regularly send you our email newsletter based on your consent in accordance with Art. 6(1)(a) of the GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a dedicated link in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6(1)(a) of the GDPR, or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

If you have also given us your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR to analyze our newsletters, we also assess your interaction with our newsletter by measuring, storing, and evaluating opening rates and click rates for the purpose of designing future newsletter campaigns (“Newsletter Tracking”).

For these evaluations, the sent emails may contain one-pixel technologies (such as web beacons or tracking pixels) that are stored on our website. For the evaluations, we specifically link the following “newsletter data”:

url from which a page has been requested (so called Referrer-URL),
date and time of the request,
user agent of the web browser,
ip address of the device used to access the site,
the email address,
date and time of subscriptions and confirmation

and a tracking pixel with your email address or ip address and an individual id. Links contained in the newsletter may also include this ID.

Opting out of newsletter tracking is possible at any time and can be done either by sending a message to the contact option described or via a dedicated link in the newsletter.

The information is stored for as long as you are subscribed to the newsletter.

6.2 E-Mail-Newsletter without registration and your right to opt out

If we obtain your email address in connection with the sale of services, and you have not objected to this, we reserve the right to regularly send you offers for similar products from our range via email, based on § 7(3) of the German Unfair Competition Act (UWG). This serves to protect our legitimate interests in promoting and advertising to our customers, which are considered predominant in the context of a balancing of interests.
You can object to this use of your email address at any time by sending a message to the contact option described in this privacy policy or through a dedicated link in the promotional email, without incurring any costs other than the transmission costs according to the basic rates.
Upon unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) sentence 1 lit. a GDPR, or we have reserved the right to further data use which is permitted by law and about which we inform you in this policy.

6.3 Newsletter

The newsletter and the newsletter tracking described above are potentially also dispatched by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact options described in this privacy policy.

The newsletter is potentially also dispatched by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact options described in this privacy policy.

Our service providers are located and/or use servers in the USA and other countries outside of the EU and the EEA. For these countries there is no adequacy decision of the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission.

6.4 Postal mail ads and your right to opt out

Furthermore, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, such as sending interesting offers and information about our products via postal mail. This serves to protect our legitimate interests in addressing our customers for advertising purposes, which are deemed predominant within the context of a balancing of interests, in accordance with Art. 6(1)(f) of the GDPR. You can object to the storage and use of your data for these purposes at any time by sending a message to the contact option described in this privacy policy.

6.5 Phone ads

If you have given your consent in accordance with Art. 6(1)(a) of the GDPR, we will use the data necessary for this purpose or provided separately by you for our own advertising purposes, such as informing you about interesting offers and our products. You can revoke your consent at any time, either by sending a message to the contact option described in this privacy policy or by verbally notifying us during any call. After revocation, we will delete your telephone number unless you have expressly consented to further use of your data or we reserve the right to further use your data in a manner that is permitted by law and about which we inform you in this statement.

Cookies and other technologies

7.1 General Informationen

To make visiting our website attractive and to enable the use of certain features, we use technologies including so-called cookies on various pages. Cookies sind kleine Textdateien, die automatisch auf Ihrem Endgerät gespeichert werden. Einige der von uns verwendeten Cookies werden nach Ende der Browser-Sitzung, also nach Schließen Ihres Browsers, wieder gelöscht (sog. Sitzungs-Cookies). Andere Cookies verbleiben auf Ihrem Endgerät und ermöglichen uns, Ihren Browser beim nächsten Besuch wiederzuerkennen (persistente Cookies).
We use such technologies that are strictly necessary for the use of certain features of our website (e.g., shopping cart function). Through these technologies, IP address, time of visit, device and browser information, as well as information about your use of our website (e.g., information about the contents of the shopping cart) are collected and processed. This serves the overriding legitimate interests in an optimized presentation of our offerings according to Art. 6 para. 1 sentence 1 lit. f GDPR, based on a balance of interests.

Additionally, we use technologies to comply with legal obligations to which we are subject (e.g., to be able to demonstrate consents to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

Cookie-Preferences for your browser can be found under the these links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of technologies according to Art. 6 (1) sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy. If you do not accept cookies, the functionality of our website may be restricted.

7.2 Cookiebot Consent Management Platform

On our website, we use Cookiebot to inform you about the cookies and other technologies we use on our website, and to obtain, manage, and document your potentially required consent to the processing of your personal data by these technologies. This is necessary in accordance with Art. 6 (1) sentence 1 lit. c GDPR to fulfill our legal obligation under Art. 7 (1) GDPR to be able to demonstrate your consent to the processing of your personal data, to which we are subject. Cookiebot is a service offered by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, which processes your data on our behalf.
After you make your cookie declaration on our website, Cookiebot’s web server stores your anonymized IP address, the date and time of your declaration, browser information, the URL from which the declaration was sent, information on your consent behavior, and an anonymous random key. Additionally, a cookie is used that contains the information about your consent behavior and the key. Your data will be deleted after twelve months unless you have explicitly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, or we reserve the right to use the data beyond this in a manner that is permitted by law and about which we have informed you in this declaration. This practice is a part of ensuring compliance with legal requirements regarding data privacy, specifically those concerning the documentation of consent for data processing activities. The use of services like Cookiebot helps in maintaining a record of the consents and the specific preferences that users have communicated, ensuring that their choices regarding cookie usage and data processing are respected and clearly recorded.

Use of Cookies and other technologies for web analytics and advertisements

If you have given your consent in accordance with Art. 6(1)(a) of the GDPR, we use the following cookies and other third-party technologies on our website. Once the purpose is fulfilled and the use of the respective technology by us ends, the data collected in this context will be deleted. You can withdraw your consent at any time with effect for the future. For more information on your options for revocation, please refer to the section “Cookies and Other Technologies.” Further information, including the basis of our collaboration with individual providers, can be found with each technology. If you have any questions about the providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

8.1 Use of Adobe-Diensten for web analytics and ads

We use the following technologies provided by Adobe Systems Software Ireland Limited, Ireland, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (“Adobe”). The information automatically collected through Adobe technologies about your use of our website is typically transmitted to a server of Adobe, Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA, and stored there. The United States does not have an adequacy decision from the European Commission. Our cooperation is based on the European Commission’s standard data protection clauses. If your IP address is collected through Adobe technologies, it is truncated or replaced with a generic IP address before being stored on Adobe servers by activating the appropriate settings.

Adobe Analytics

For the purpose of website analysis, Adobe Analytics automatically collects and stores data (IP address, time of visit, device and browser information, as well as information about your use of our website) from which usage profiles are created using pseudonyms. Cookies and tags in page elements may be used for this purpose. If your IP address is collected through Adobe technologies, it is truncated or replaced with a generic IP address before being stored on Adobe servers by activating the appropriate settings. The pseudonymized usage profiles are not merged with personal data about the bearer of the pseudonym without separate, explicit consent. Adobe is acting on our behalf for these purposes.

Adobe Fonts

To ensure consistent presentation of content on our website, data (IP address, time of visit, device and browser information) is collected by the script code “Adobe Fonts,” transmitted to Adobe, and subsequently processed by Adobe. We have no influence on this subsequent data processing. The data processing is based on an agreement between joint controllers in accordance with Art. 26 of the GDPR.

8.2 Use of Google-Services for web analytics and ads

We use the following technologies provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected through Google technologies about your use of our website is typically transmitted to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. The United States does not have an adequacy decision from the European Commission. Our cooperation with them is based on the European Commission’s standard data protection clauses. If your IP address is collected through Google technologies, it is truncated before being stored on Google servers by activating IP anonymization, except in exceptional cases where the full IP address is transferred to a Google server and then truncated. Unless otherwise specified for each technology, data processing is based on an agreement between joint controllers in accordance with Article 26 of the GDPR. For more detailed information regarding data processing by Google, please refer to Google’s privacy policy.

Google Analytics

For the purpose of website analysis, data (IP address, visit timestamp, device and browser information, and information about your use of our website) are automatically collected and stored using Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address is generally not merged with other data from Google. Data processing is based on an agreement on data processing with Google.

For the purpose of optimizing the marketing of our website, we have enabled data sharing settings for “Google products and services.” This allows Google to access and use the data collected and processed by Google Analytics to improve Google services. The data sharing with Google under these data sharing settings is based on an additional agreement between controllers. We have no control over the subsequent data processing by Google.

For the creation and execution of tests, we also use the extension function of Google Analytics called Google Optimize.

For the purpose of optimizing the marketing of our website, we utilize the so-called User-ID function. With this function, we can assign a unique, permanent ID to your interaction data across one or more sessions on our online presence, allowing us to analyze your user behavior across devices and sessions.

For web analytics, the Google Analytics extension feature called Google Signals enables “Cross-Device Tracking.” If your internet-enabled devices are linked to your Google account and you have activated the “personalized advertising” setting in your Google account, Google can generate reports on your usage behavior, especially cross-device user numbers, even when you switch devices. We do not process personal data in this regard; we only receive statistics created based on Google Signals.

For web analytics and advertising purposes, the Google Analytics extension feature uses the DoubleClick cookie to recognize your browser when you visit other websites. Google will use this information to compile reports on website activity and provide other services related to website usage.

Google AdSense

Our website markets ad space for third-party ads through Google AdSense. These ads are displayed to you at various locations on this website. The DoubleClick cookie is used to show you more relevant ads by collecting and processing data (IP address, visit time, device and browser information, as well as information about your website usage). Additionally, it automatically assigns a pseudonymous user ID that helps determine your interests based on visits to this and other websites.

Google Ads

For advertising purposes in Google search results and on third-party websites, the Google Remarketing cookie is set when you visit our website. It enables interest-based advertising through the collection and processing of data (IP address, visit time, device and browser information, as well as information about your website usage) and a pseudonymous cookie ID. This is done based on the pages you have visited. Additional data processing only occurs if you have activated the “personalized advertising” setting in your Google account. In this case, if you are logged into your Google account while visiting our website, Google uses your data along with Google Analytics data to create and define cross-device remarketing audience lists.

For website analysis and event tracking, we measure your subsequent usage behavior using Google Ads Conversion Tracking when you arrive on our website through a Google Ads advertisement. This may involve the use of cookies and the collection of data (IP address, visit time, device and browser information, as well as information about your website usage based on events predefined by us, such as visiting a webpage or signing up for a newsletter). From this data, pseudonymous usage profiles are created.

Google Maps

For visual representation of geographical information, Google Maps collects data about your usage of the Maps features, including your IP address and location data. This data is transmitted to Google and subsequently processed by Google. We have no control over this subsequent data processing.

Google reCAPTCHA

For the purpose of protecting against misuse of our web forms and spam from automated software (so-called bots), Google reCAPTCHA collects data (IP address, visit time, browser information, as well as information about your website usage). It conducts an analysis of your usage of our website through JavaScript and cookies. In addition, other cookies stored in your browser by Google services are evaluated. There is no reading or storing of personal data from the input fields of the respective form.

Google Fonts

For the consistent presentation of content on our website, data (IP address, visit time, device and browser information) is collected by the script code “Google Fonts,” transmitted to Google, and subsequently processed by Google. We have no control over this subsequent data processing.

YouTube Video Plugin

For embedding third-party content, data (IP address, visit time, device, and browser information) is collected through the YouTube Video Plugin in the extended privacy mode we use. This data is transmitted to Google and subsequently processed by Google only when you play a video.

8.3 Use Microsoft Services for web analytics and ads

We use the following technologies provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”). Data processing is based on an agreement between joint controllers in accordance with Article 26 of the GDPR. The information automatically collected through Microsoft technologies about your use of our website is typically transmitted to a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, and stored there. The United States does not have an adequacy decision from the European Commission. Our cooperation with them is based on the European Commission’s standard data protection clauses. For further information on data processing by Microsoft, please refer to Microsoft’s privacy policy.

Microsoft Advertising

For advertising purposes in Bing, Yahoo, and MSN search results, as well as on third-party websites, the Microsoft Advertising Remarketing cookie is set when you visit our website. It enables interest-based advertising through the collection and processing of data (IP address, visit time, device and browser information, as well as information about your website usage) and a pseudonymous cookie ID. This is done based on the pages you have visited.

For website analysis and event tracking, we measure your subsequent usage behavior using Microsoft Advertising Universal Event Tracking (UET) when you arrive on our website through a Microsoft Advertising advertisement. This may involve the use of cookies and the collection of data (IP address, visit time, device and browser information, as well as information about your website usage based on events predefined by us, such as visiting a webpage or signing up for a newsletter). From this data, pseudonymous usage profiles are created. If your internet-enabled devices are linked to your Microsoft account and you have not deactivated the “interest-based advertising” setting in your Microsoft account, Microsoft can create reports on usage behavior, especially cross-device user numbers, even when you switch devices, known as “Cross-Device Tracking.” We do not process personal data in this regard; we only receive statistics created based on Microsoft UET.

Bing Maps

For the visual representation of geographical information, Bing Maps collects data about your usage of the Maps features, including your IP address and location data. This data is transmitted to Microsoft and subsequently processed by Microsoft. We have no control over this data processing.

8.4 Use of Facebook-Services for web analytics and ads

Use of Facebook Pixel

We use the Facebook Pixel as part of the technologies provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”). The Facebook Pixel automatically collects and stores data (IP address, visit time, device and browser information, as well as information about your website usage based on events predefined by us, such as visiting a webpage or signing up for a newsletter). From this data, pseudonymous usage profiles are created. As part of the so-called extended data matching, information for matching purposes is also collected and hashed, which can identify individuals (e.g., names, email addresses, and phone numbers). When you visit our website, the Facebook Pixel automatically sets a cookie that enables the recognition of your browser when you visit other websites. Facebook (by Meta) will merge this information with additional data from your Facebook account and use it to compile reports on website activities and provide other services related to website usage, especially personalized and group-based advertising.
The information automatically collected through Facebook (by Meta) technologies about your usage of our website is typically transmitted to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. The United States does not have an adequacy decision from the European Commission. If data transfer to the USA falls under our responsibility, our cooperation is based on the European Commission’s standard data protection clauses. For further information on data processing by Facebook, please refer to Facebook’s privacy policy. Facebook (by Meta).

Facebook Analytics

Within the Facebook Business Tools framework, statistics on visitor activities on our website are generated from the data collected by the Facebook Pixel. Data processing is based on an agreement on data processing by Facebook (by Meta). The analysis aims to optimize the presentation and marketing of our website.

Facebook Ads (Ad Manager)

We advertise this website through Facebook Ads on Facebook (by Meta) and other platforms. We determine the parameters of each advertising campaign. For the precise implementation, especially the decision on ad placement for individual users, Facebook (by Meta) is responsible. Unless otherwise specified for individual technologies, data processing is based on an agreement between joint controllers under Article 26 of the GDPR. Joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. Subsequent data processing by Meta Platforms Ireland is not covered by this joint responsibility.

Based on the statistics about visitor activities on our website created through Facebook Pixel, we conduct group-based advertising on Facebook (by Meta) through Facebook Custom Audience, where we determine the characteristics of the respective target audience. In the context of determining the specific target audience as part of the extended data matching (as mentioned above), Facebook (by Meta) acts as our data processor.

Based on the pseudonymous cookie ID set by the Facebook Pixel and the data collected about your usage behavior on our website, we conduct personalized remarketing advertising through Facebook Pixel.

We use Facebook Pixel Conversions to measure your subsequent usage behavior for web analysis and event tracking when you arrive at our website via a Facebook Ads advertisement. Data processing is based on an agreement for data processing by Facebook (by Meta).

8.5. HubSpot

Extent of Processing of Personal Data

We use features provided by HubSpot Inc., 2nd Floor, 25 First Street, Cambridge, MA 02141, USA (hereinafter referred to as “HubSpot”). This is an integrated software solution that allows us to cover various aspects of our online marketing activities. These include, among others: email marketing (newsletters as well as automated mailings, e.g., for providing downloads), social media publishing & reporting, reporting (especially traffic sources, access data, etc.), contact management (especially user segmentation & CRM), landing pages, and contact forms. HubSpot places a cookie on your computer. This can store and evaluate personal data, especially user activity (including which pages have been visited and which elements have been clicked on), device and browser information (including IP address and operating system), data about displayed advertisements (including which advertisements were shown and whether the user clicked on them), and data from advertising partners (especially pseudonymous user IDs).

Further information about data processing by hubspot can be found under:

https://legal.hubspot.com/de/privacy-policy

Purpose of data processing

The use of the HubSpot plugin is solely for the purpose of optimizing our marketing efforts.

Legal basis for the processing of personal data

The legal basis for processing users’ personal data is primarily the user’s consent, according to Art. 6(1)(a) of the General Data Protection Regulation (GDPR).

Duration for storing data

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, such as for tax and accounting purposes.

Revocation and Deletion Options.

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You can prevent the collection and processing of your personal data by HubSpot by blocking the storage of third-party cookies on your computer, using the “Do Not Track” feature in a supported browser, disabling the execution of script code in your browser, or using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) installed in your browser.

Further informationen about your right to revoke consent or opt-out from HubSpot can be found under:

https://legal.hubspot.com/de/privacy-policy

Social Media

9.1 Social Plugins of Facebook (by Meta), Twitter, Instagram (by Meta), Pinterest, Xing, Addthis, Whatsapp

On our website, we use social buttons from social networks. These are simply embedded into the page as HTML links, so no connection to the servers of the respective provider is established when you visit our website. When you click on one of the buttons, the website of the respective social network opens in a new window of your browser, where you can, for example, click the “Like” or “Share” button.

9.2 Our page on Facebook (by Meta), Twitter, Instagram (by Meta), Youtube, Pinterest, LinkedIn, Xing

As far as you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the social media platforms mentioned above. From this data, usage profiles are created using pseudonyms. These can be used, for example, to display advertisements within and outside the platforms that are presumed to correspond to your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and privacy settings, please refer to the data protection information linked below for each provider. If you still need assistance with this, you can contact us.

Facebook (by Meta) is provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transferred to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. Data processing in the context of visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (Insights data information) can be found hier.

Twitter is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”). The information automatically collected by Twitter about your use of our online presence on Twitter is generally transferred to a server of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.

Instagram (by Meta) is provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is generally transferred to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. The data processing in the context of visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers in accordance with Article 26 of the GDPR. Further information (Information on Insights data) can be found here.

YouTube is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google about your use of our online presence on YouTube is typically transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.

Pinterest is offered by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). The information automatically collected by Pinterest about your use of our online presence on Pinterest is typically transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.

LinkedIn is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is typically transmitted to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.

Xing is provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

Contact options and your rights

10.1 Your rights

Your have the following rights:

according to Art. 15 of the GDPR, you have the right to request information about the personal data we process about you to the extent specified therein;
according to Art. 16 of the GDPR, you have the right to promptly request the correction of inaccurate or completion of your personal data stored with us;
according to Art. 17 of the GDPR, you have the right to request the deletion of your personal data stored with us, unless further processing is required,
- to exercise the right to freedom of expression and information;
- to comply with a legal obligation;
- for reasons of public interest or
- for the establishment, exercise, or defense of legal claims;
according to Art. 18 GDPR, the right to request the restriction of the processing of your personal data,
- in case the accuracy of the data is contested by you;
- the processing is unlawful, but you oppose the erasure of the data;
- we no longer need the data, but you require them for the establishment, exercise, or defense of legal claims,
- or you have objected to the processing pursuant to Art. 21 GDPR;
according to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request their transmission to another controller;
according to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your habitual residence, place of work, or our company headquarters.

10.2 Contact

If you have any questions about the collection, processing, or use of your personal data, requests for information, correction, restriction, or deletion of data, as well as the revocation of granted consents or objections to specific data usage, please contact us directly using the contact information provided in our imprint.

Deletion of data

We only store personal data of the data subject for the period necessary to achieve the purpose of storage. If the purpose of storage ceases to apply, a storage period expires, or consent is revoked, the personal data will be deleted by Shiawa in accordance with legal regulations.

Right to data portability, Art. 44 GDPR

You have the right to data portability for a reasonable fee, such as when switching to a new provider. Shiawa will provide the necessary conditions for this.