Privacy statement

Privacy statement

I. Name and address of the person responsible

Responsible in regard of the EU General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

audiohub GmbH
Schall St. 13-17
50931 Cologne
Germany
Phone: +49 221 66959652
E-Mail: info@audiohub.com
Website: www.audiohub.com

II. General information on data processing

1. Scope of the processing of personal data

We only collect and use personal data of our users insofar as it is necessary to provide a functional website as well as our contents and services. The collection and use of personal data of our users takes place regularly only with the user's consent. An exception applies in those cases where prior consent cannot be obtained, and the processing of the data is permitted by law.

To avoid spam during registration and login processes, we use the "Friendly Captcha" service from Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee. The IP address of the user is processed once for a few seconds, but not saved. Cookies are not set.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

In case the processing of personal data is required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

The legal basis for the use of "Friendly Captcha" is Art. 6 Para. 1 lit. f DSGVO. The use of "Friendly Captcha" serves to ensure the availability of our website, which also represents our legitimate interest in using it.

3. Data erasure and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

For the purpose of using "Friendly Captcha" see above.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If data is stored in log files, this is the case after 30 days at the latest. Further storage is possible. In this case, IP addresses of users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Possibility of opposition and elimination

Collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

We also use cookies on our website which enable an analysis of the user's surfing behaviour. In this way, the following data can be transmitted:

Further information on the analysis cookies can be found in this data protection declaration under the following points:

V. Google Analytics
VI Google Remarketing
VII Google AdWords

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change. We need cookies for the following applications:

The user data collected by technically necessary cookies are not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.

For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

4. Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

V. Google Analytics

1. Description and scope of data processing

Insofar as you have given your consent, we use the component Google Analytics (with anonymization function) with regard to this website. Google Analytics is a web analytics service. A web analysis service collects, among other things, data on the website from which a person has accessed a website, which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for cost-benefit analysis of Internet advertising.

The Google Analytics component is operated by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

We use the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, Google shortens and anonymizes the IP address of the Internet connection of the person concerned when accessing our website from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

By setting the cookie, Google is enabled to analyse the use of our website. Each time you access one of the individual pages of this website, the Internet browser on your terminal device is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently enable commission statements.

Cookies are used to store personal information, such as access time, the location from which access originated and the frequency of visits to our website. Each time you visit our website, this personal data, including the IP address of the Internet connection you use, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties.

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider in order to establish an adequate level of data protection. Google Ireland's parent company, Google LLC, is based in California, USA. Transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The US is currently considered a third country from a data protection point of view. They do not have the same rights there as within the EU/ EEA. You may not have any legal recourse against access by authorities.

2. Legal basis of data processing

The legal basis for data processing is your consent pursuant to Art. 6 para. 1 (a) of the GDPR.

3. Purpose of data processing

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained to evaluate the use of our website, among other things, in order to provide us with online reports, which the activities on our Internet pages, and to provide other services in connection with the use of our Internet page.

For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

4. Possibility of opposition and elimination

You can prevent the setting of cookies at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your end device. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, you have the opportunity to object to and prevent the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, you must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout This browser add-on informs Google Analytics via JavaScript that no data and information on visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered a contradiction by Google. If your information technology system is deleted, formatted or reinstalled at a later time, the browser add-on must be reinstalled to disable Google Analytics. If you uninstall or deactivate the browser add-on, you have the option of reinstalling or reactivating the browser add-on.

Further information and Google's current privacy policy can be found at https://policies.google.com/privacy?hl=en&gl=de and https://www.google.com/analytics/terms/us.html. Google Analytics will be explained in more detail under this link https://www.google.com/intl/en_uk/analytics/#?modal_active=none.

VI. Google AdWords

1. Description and scope of data processing

Insofar as you have given your consent, we use the Google AdWords service for this website. Google allows advertisers to serve ads in both Google's search engine results and the Google Advertising Network. Google AdWords allows an advertiser to pre-define certain keywords to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. On the Google Network, ads are distributed to thematically relevant websites using an automatic algorithm and using the previously defined keywords.

The operator of Google AdWords services is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

If a person comes to our website via a Google ad, a so-called conversion cookie is stored on this person's information technology system by Google. A conversion cookie loses its validity after thirty days and is not used to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to determine whether certain sub-pages, such as the shopping basket of an online shop system, have been called up on our website. The conversion cookie enables both us and Google to track whether a person who has accessed our website via an AdWords ad has generated revenue, i.e. has completed or cancelled a purchase of goods.

The data and information collected through the use of the conversion cookie is used by Google to generate visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who have been referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the person concerned.

The conversion cookie is used to store personal information, such as the websites visited by the person concerned. Personal data, including the IP address of the Internet connection used by the person concerned, is therefore transferred to Google in the United States of America each time he or she visits our Internet pages. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties.

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider in order to establish an adequate level of data protection. Google Ireland's parent company, Google LLC, is based in California, USA. Transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The US is currently considered a third country from a data protection point of view. They do not have the same rights there as within the EU/EEA. You may not have any legal recourse against access by authorities.

2. Legal basis for data processing

The legal basis for data processing is your consent pursuant to Art. 6 Para. 1 (f) of the GDPR

3. Purpose of data processing

The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the websites of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

4. Duration of storage

The data sent by us and linked to cookies is automatically deleted after two months. Data exceeding storage duration limits are deleted automatically once a month.

5. Possibility of opposition and elimination

You can prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on your mobile device. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

You may also object to interest-based advertising by Google. To do this, you must access the link www.google.de/settings/ads from any Internet browser you use and make the required settings there.

Further information about the terms of use of Google Analytics and data protection at Google is available at https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de

VII. Google Remarketing

1. Description and scope of data processing

Insofar as you have given your consent, we use the Google Remarketing service on this website. Google Remarketing is a feature of Google AdWords that allows a company to display advertisements to Internet users who have previously visited the company's website. The integration of Google Remarketing therefore allows a company to create user-related advertisements and consequently to display interest-relevant advertisements to the Internet user.

Google Remarketing uses a cookie on the user's end device for this purpose. It has already been explained above what cookies are. By setting the cookie, Google will be able to recognize the visitor to our website when he or she subsequently visits websites that are also members of the Google advertising network. Every time a website on which the Google Remarketing service has been integrated, the person's Internet browser automatically identifies itself with Google. As part of this technical procedure, Google obtains knowledge of personal data, such as the IP address or the user's surfing behaviour, which Google uses, among other things, to display interest-relevant advertising.

The cookie is used to store personal information, such as the Internet pages visited by the user. Accordingly, personal data, including the IP address of the user's Internet connection, is transferred to Google in the United States of America each time he or she visits our Internet pages. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties.

The operator of Google Remarketing services is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The services of Google Remarketing are operated by Google LLC, 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider in order to establish an adequate level of data protection. Google Ireland's parent company, Google LLC, is based in California, USA. Transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The US is currently considered a third country from a data protection point of view. They do not have the same rights there as within the EU/ EEA. You may not have any legal recourse against access by authorities.

2. Legal basis for data processing

The legal basis for data processing is your consent pursuant to Art. 6 para. 1 (a) of the GDPR.

3. Purpose of data processing

The purpose of Google Remarketing is to display interest-relevant advertising. Google Remarketing allows us to display advertisements on the Google Advertising Network or on other websites that are tailored to the individual needs and interests of Internet users.

4. Duration of storage

The data will be deleted within 30 days.

5. Possibility of opposition and elimination

You can prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your end device. In addition, a cookie already set by Google can be deleted at any time via the Internet browser or other software programs.

You may also object to interest-based advertising by Google. To do this, the person concerned must access the www.google.de/settings/ads link from each of the Internet browsers they use and make the required settings there.

Further information and Google's current privacy policy can be found at https://policies.google.com/privacy?hl=en&gl=de.

VIII. Newsletter

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input mask will be transmitted to us. These are:

In addition, the following data is collected upon registration:

Your consent will be obtained for the processing of your data during the registration process and reference will be made to this data protection declaration.

To register for our newsletter, we use the so-called double opt-in procedure. As soon as users register on our site, they will receive an e-mail requesting confirmation of their registration. In this way, we want to prevent registrations being made with external e-mail addresses.

If you purchase goods or services on our website and enter your e-mail address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only send direct advertising for our own similar goods or services.

The data will be used exclusively for the dispatch of the newsletter.

2. Use of the mail service provider Sendinblue

Our newsletters are sent using "Sendinblue" - a newsletter service provider. This is a newsletter dispatch platform from Sendinblue GmbH, Köpenicker Strasse 126, 10179 Berlin.

Sendinblue's servers and data center are located in Germany. Sendinblue has been certified by TÜV-Rheinland with regard to its data protection management system (valid until September 2021) and works in accordance with GDPR.

Sendinblue uses the data to send and evaluate the newsletter in accordance with our order. Sendinblue does not use the data for its own purposes.

3 Statistical survey and analyses

Each newsletter contains a so-called "web-beacon". This is a pixel-sized file that is retrieved by Sendinblue when the newsletter is opened. This provides Sendinblue with technical information such as

This data is used for the technical improvement of the service.

In addition, the "web beacons" are used to determine whether the newsletter has been opened, when it is opened and which links are clicked. Although it is possible to assign the data to individual users, neither we nor Sendinblue want to monitor the individual users. Only the reading habits of the users are to be recognized in order to adapt the contents to the users. Different contents should be sent according to the interests of our users.

4. Legal basis for data processing

The legal basis for the processing of data by the user after registration for the newsletter is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

The legal basis for sending the newsletter after the sale of goods or services is § 7 Abs. 3 UWG in the case of similar goods and services.

The use of Sendinblue and the performance of statistical surveys and analyses are based on our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our legitimate interest can be seen in the safe and user-friendly use of the newsletter. This serves on the one hand our economic interest and on the other hand the expectations of the users.

5. Purpose of data processing

The collection of the user's e-mail address serves to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

6. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process will generally be deleted after a period of seven days.

7. Possibility of opposition and elimination

The subscription of the newsletter can be cancelled by the affected user at any time. For this purpose there is a corresponding link in every newsletter. This also enables the revocation of the consent to the storage of personal data collected during the registration process.

IX. Registration

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and saved. The following data is collected during the registration process:

In case of the registration of a business customer from other EU countries, the VAT ID is also collected and passed on to the European Commission (Tax and Customs Union, EU VIES). The VAT ID is validated via the interface "VAT Information Exchange System (MIAS)" (see also http://ec.europa.eu/taxation_customs/vies/?locale=de).

At the time of registration, the following data will also be stored:

We use the so-called double opt-in procedure for registration on our website. As soon as users register on our site, they will receive an e-mail asking them to confirm their registration via an activation link. In this way we want to prevent registrations with foreign e-mail addresses. The corresponding e-mails are sent via the service provider Sendinblue, an offer of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.

The required data (name and e-mail address) will be used by Sendinblue to send the double opt-in e-mail with the activation link. Sendinblue does not pass the data on to third parties.

We also use Sendinblue as part of the "Forgot Password" function. The user's name and e-mail address are sent to Sendinblue . Furthermore, this data is used by Sendinblue only for the intended purpose and are not passed on to third parties.

We have concluded a data processing agreement with Sendinblue . This is a contract which obliges Sendinblue to protect the user's data, to process the user's data only according to our data protection regulations and not to pass on the user's data to third parties.

Alternatively, users can register via Google Open Authentication (OAuth). All users need to do is use the "Register via Google" button. You will then be redirected to Google, where you will select and return your corresponding Google Account. We will then receive all the data necessary for registration from Google.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR.

The legal basis for the transmission of the VAT ID to the European Commission is Art. 6 para. 1 lit. c GDPR, as for tax reasons we are obliged to have the VAT ID verified by the European Commission if the "commercial" type of customer has been selected or the user comes from a country of the European Union that is not Germany.

3. Purpose of data processing

A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

This is the case for data storage to fulfill a contract or to carry out pre-contractual measures, when the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

5. Possibility of opposition and elimination

As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time.

If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

X. Dispatch of order confirmations

1. Description and scope of data processing

After the purchase process has been completed, we will send users an order confirmation in accordance with legal requirements. The dispatch takes place likewise via the dispatch service provider Sendinblue (compare VIII. Newsletter 2).

To enable Sendinblue to send the order confirmation, we send the following data to Sendinblue:

The data will be used by Sendinblue to send the order confirmation. Sendinblue does not pass the data on to third parties.

We have concluded a data processing agreement with Sendinblue. This is a contract which obliges Sendinblue to protect the user's data, to process the user's data only according to our data protection regulations and not to pass on the user's data to third parties.

2. Legal basis for data processing

The legal basis for the processing of the data is our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

We use Sendinblue to ensure fast, reliable and automated processing of the purchase process. This is also where our legitimate interests lie.

XI. PayPal

1. Description and scope of data processing

We have integrated the payment service PayPal on our website. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and provides buyer protection services.

PayPal's European operating company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If you select "PayPal" as payment option in our online shop during the order process, data is automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is generally first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data in connection with the respective order are also necessary for the processing of the purchase contract.

2. Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 lit. a GDPR.

3. Purpose of data processing

The purpose of data transmission is to process payments and prevent fraud. The controller will provide PayPal with personal data, especially if there is a legitimate interest in the transfer. Personal data exchanged between PayPal and the controller may be transferred by PayPal to credit reference agencies. The purpose of this transmission is to verify identity and creditworthiness.

PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.

4. Possibility of opposition and elimination

The person concerned has the option to revoke his/her consent to the handling of personal data with PayPal at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.

PayPal's current privacy policy can be found at https://www.paypal.com/en/webapps/mpp/ua/privacy-full

XII. Stripe

1. Description and scope of data processing

We have integrated the payment service Stripe on our website. Stripe offers through direct connections to all leading card networks such as Visa, Mastercard and American Express the possibility to process virtual payments via credit cards.

Stripe's services are operated by Stripe Inc, 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. The operating company is certified under the EU-U.S. Privacy Shield. With this certification Stripe undertakes to comply with EU data protection regulations.

If you select "credit card payment" as payment option in our online shop during the order process, data will be automatically transmitted to Stripe. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

The personal data transmitted by us to Stripe are necessary for payment processing (name and credit card data).

Stripe may receive additional information from the credit card provider. However, we have no influence on this.

2. Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 lit. a GDPR.

3. Purpose of data processing

The purpose of data transmission is to process payments.

4. Possibility of opposition and elimination

The person concerned may revoke his/her consent to Stripe's handling of personal data at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.

Stripe's current privacy policy can be found at https://stripe.com/de/privacy

XIII. Rights of the person concerned

If your personal data is processed you are a ‘data subject’ in terms of the GDPR and you have the following rights against the person responsible:

1. Right to information

You can ask the person in charge to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the person responsible:

(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

2. The right to correction

You have a right of rectification and/or completion against the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.

3. Right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

(1) if you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the data controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
(4) if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right to cancellation

a. Deletion duty

You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b. Information to third parties

If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

c. Exemptions

The right to cancellation does not exist insofar as the processing is necessary

(1) to exercise freedom of expression and information;
(2) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.

5. Right to information

If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

The person responsible shall have the right to be informed of such recipients.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

(1) processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2) processing is carried out by means of automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

7. Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

8. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) the legislation of the Union or of the Member States to which the person responsible is subject is admissible and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
(3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.

10. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.