Shellfire
Shellfire
Version: June 2025
This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online services and associated websites, functions and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online services"). With regard to the terminology used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
| Name/Company: | Shellfire GmbH |
|---|---|
| Street, No.: | Altkönigstraße 10A |
| Postal Code, City, Country: | 61389 Schmitten, Germany |
| Managing Directors: | Florian Gattung, Maximilian Behr |
| Email Address: | hosting@shellfire.de |
| Phone: | +49 6101 659 252 40 |
| Commercial Register Court: | Amtsgericht Königstein |
| Commercial Register Number: | HRB 11030 |
| VAT ID: | DE352237087 |
A data protection officer is not required to be appointed according to Art. 37 GDPR and § 38 BDSG (German Federal Data Protection Act), because (a) regularly fewer than 20 people are involved in the automated processing of personal data and (b) the core activity does not include large-scale, regular and systematic monitoring of data subjects.
No special categories of data are processed.
Hereinafter, we also collectively refer to the affected persons as "users".
Version: June 2025
In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures as well as answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. The storage or reading of information on terminal equipment (e.g. cookies, pixels) is carried out – unless technically absolutely necessary – exclusively on the basis of your consent according to § 25 para. 1 TDDDG (German Telecommunications and Digital Services Data Protection Act) in conjunction with Art. 6 para. 1 lit. a GDPR; technically necessary processes are based on § 25 para. 2 TDDDG.
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an action on your part (e.g. consent) or other individual notification becomes necessary.
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk; The measures include in particular the securing of confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, securing availability and their separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data and response to data threats. Furthermore, we consider the protection of personal data already during development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by privacy-friendly default settings (Art. 25 GDPR).
Security measures include in particular the encrypted transmission of data between your browser and our server.
If we disclose data to other persons and companies (processors or third parties), transmit them or otherwise grant access to the data, this only takes place on the basis of legal permission (e.g. when transmission of data to third parties, such as payment service providers, according to Art. 6 para. 1 lit. b GDPR is required for contract fulfillment), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using contractors, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of using third-party services or disclosure or transmission of data to third parties, this only occurs if it is to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country when the special requirements of Art. 44 ff. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the EU-US Data Privacy Framework (Adequacy Decision (EU) 2023/1795)). If the respective service provider does not participate in the DPF, transmission only takes place with simultaneous activation of suitable guarantees (Art. 46 GDPR) and informed consent according to Art. 49 para. 1 lit. a GDPR. For US service providers without DPF certification, we use the Standard Contractual Clauses (Decision (EU) 2021/914); furthermore, we inform you about remaining risks (Art. 46 para. 2 c GDPR). Processing is also carried out on the basis of compliance with officially recognized special contractual obligations (so-called "Standard Contractual Clauses" according to EU Commission Decision (EU) 2021/914). With our VPN service, users can prevent the processing of their data outside the EU at any time by selecting a Shellfire server in one of the EU member states. When selecting a location outside the EEA, traffic data may be generated in the third country. Payment data may be processed outside the EU depending on the chosen payment service provider (e.g. PayPal, Stripe).
You have the right to request confirmation about whether relevant data is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
You have the right according to Art. 16 GDPR to request the completion of data concerning you or the correction of incorrect data concerning you.
You have the right according to Art. 17 GDPR to request that relevant data be deleted immediately, or alternatively according to Art. 18 GDPR to request a restriction of processing of the data.
You have the right to request that the data concerning you that you have provided to us according to Art. 20 GDPR be received and their transmission to other controllers be demanded.
You also have the right according to Art. 77 GDPR to lodge a complaint with the competent supervisory authority.
You have the right to withdraw given consents according to Art. 7 para. 3 GDPR with effect for the future.
You can object to the future processing of data concerning you according to Art. 21 GDPR at any time. The objection can particularly be made against processing for purposes of direct marketing.
We use temporary and permanent cookies, i.e. small files that are stored on users' devices (explanation of the term and function, see last section of this privacy policy). Some cookies serve security purposes or are necessary for the operation of our online services (e.g., for displaying the website). For all other cookies that are not technically necessary (e.g. for reach measurement and marketing purposes), we obtain your consent according to § 25 TDDDG, about which users are informed in the course of the privacy policy. The use of our site is also possible without consent to technically non-necessary cookies; cookies are only set after consent. The following notices apply equally to reach measurement and comparable technologies. Cookies and comparable technologies in the categories Performance, Targeting and Marketing are only set after you have expressly consented via our consent banner (§ 25 para. 1 TDDDG).
After giving consent, you can object to this at any time for the future. An objection against the use of cookies used for online marketing purposes can be made for many services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case, not all functions of this online service may be usable. The withdrawal function is always accessible via the fingerprint symbol at the bottom left; your decision is stored for 180 days in a consent cookie.
The data we process is deleted or restricted in its processing according to Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored with us is deleted as soon as it is no longer required for its purpose and there are no legal retention obligations opposing deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements, retention takes place in particular for 6 years according to § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual accounts, commercial letters, booking documents, etc.) as well as for 10 years according to § 147 para. 1 AO (books, records, situation reports, booking documents, commercial and business letters, documents relevant for taxation, etc.).
We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services according to Art. 6 para. 1 lit. b GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
Users can optionally create a user account, in which they can in particular view their orders and the status of their booked services and, if applicable, modify them. As part of the registration process, the required mandatory information is communicated to users. The user accounts are not public and cannot be indexed by search engines. When users have cancelled their user account, their data relating to the user account is deleted, provided that their retention is not necessary for commercial or tax law reasons according to Art. 6 para. 1 lit. c GDPR. It is the responsibility of users to secure their data before the end of the contract after successful cancellation. We are entitled to irrevocably delete all data of the user stored during the contract period.
As part of registration and re-registration as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the users' interests in protection against abuse and other unauthorized use. A transmission of this data to third parties generally does not take place, unless it is required for the prosecution of our claims or there is a legal obligation according to Art. 6 para. 1 lit. c GDPR.
In the context of using our VPN services, no personal data (e.g. IP addresses) is stored.
We process usage data (e.g., the visited websites of our online services, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to display to the user, for example, product recommendations based on their previously used services. The legal basis is your consent according to Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG (if you have given this in the consent banner); processing without terminal equipment access is alternatively based on Art. 6 para. 1 lit. f GDPR (legitimate interest in direct marketing).
Deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of retaining the data is reviewed every three years; in the case of legal archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligations); information in the customer account remains until its deletion.
When contacting us (via contact form or email), the user's information is processed for processing the contact request and its handling according to Art. 6 para. 1 lit. b GDPR.
The users' information can be stored in our Customer Relationship Management System ("CRM System") or comparable inquiry organization.
We delete inquiries if they are no longer required. We review the necessity every two years; inquiries from customers who have a customer account are stored permanently and we refer to the customer account information for deletion. In the case of legal archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligations).
When users leave comments or other contributions, their IP addresses are stored for 7 days based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR.
This is done for our security, in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be held liable for the comment or contribution and are therefore interested in the identity of the author.
We collect, based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR, data about every access to the server on which this service is located (so-called server logfiles). The access data includes the name of the accessed webpage, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Logfile information is stored for security reasons (e.g. to investigate abuse or fraud) for a maximum of seven days and then deleted. Data whose further retention is necessary for evidence purposes is excluded from deletion until the final clarification of the respective incident.
On the servers of our VPN service, no personal data is stored.
A user has the opportunity within our VPN apps to voluntarily send local logfiles of the terminal device (e.g. smartphone or desktop computer) to us to support them in analyzing errors or connection problems. The transmission and storage of these logfiles is carried out encrypted.
We maintain online presences within social networks and platforms based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR, in order to communicate with customers, prospects and users active there and inform them about our services. When accessing the respective networks and platforms, the terms of service and the data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. posting contributions on our online presences or sending us messages.
Wir setzen auf Grundlage Ihrer Einwilligung (§ 25 Abs. 1 TDDDG i. V. m. Art. 6 Abs. 1 lit. a DSGVO) Google Analytics 4, einen Webanalysedienst der Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland ("Google") ein. Die Google LLC tritt nur als Unterauftragsverarbeiter auf. Google verwendet Cookies. Die durch das Cookie erzeugten Informationen über Benutzung des Onlineangebotes durch die Nutzer werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert. Wir haben mit Google einen Auftragsverarbeitungsvertrag (Art. 28 DSGVO) abgeschlossen, der die EU-SCC enthält.
Datenempfänger: Google Ireland Ltd. (EU) und Google LLC (USA, DPF-zertifiziert). Google ist nach dem EU-US Data Privacy Framework (Angemessenheitsbeschluss (EU) 2023/1795) zertifiziert und bietet hierdurch eine Garantie, das europäische Datenschutzrecht einzuhalten. Die aktuelle DPF-Liste ist unter https://www.dataprivacyframework.gov/ abrufbar. Soweit kein Angemessenheitsbeschluss besteht, erfolgt die Übermittlung auf Grundlage Ihrer ausdrücklichen Einwilligung nach Art. 49 Abs. 1 lit. a DSGVO.
Google wird diese Informationen in unserem Auftrag benutzen, um die Nutzung unseres Onlineangebotes durch die Nutzer auszuwerten, um Reports über die Aktivitäten innerhalb dieses Onlineangebotes zusammenzustellen und um weitere, mit der Nutzung dieses Onlineangebotes und der Internetnutzung verbundene Dienstleistungen, uns gegenüber zu erbringen. Dabei können aus den verarbeiteten Daten pseudonyme Nutzungsprofile der Nutzer erstellt werden.
Wir setzen Google Analytics 4 ein, um die durch innerhalb von Werbediensten Googles und seiner Partner geschalteten Anzeigen, nur solchen Nutzern anzuzeigen, die auch ein Interesse an unserem Onlineangebot gezeigt haben oder die bestimmte Merkmale (z.B. Interessen an bestimmten Themen oder Produkten, die anhand der besuchten Webseiten bestimmt werden) aufweisen, die wir an Google übermitteln (sog. "Remarketing-", bzw. "Google-Analytics-Audiences"). Mit Hilfe der Remarketing Audiences möchten wir auch sicherstellen, dass unsere Anzeigen dem potentiellen Interesse der Nutzer entsprechen und nicht belästigend wirken.
Wir setzen Google Analytics 4 nur mit aktivierter IP-Anonymisierung ein. Das bedeutet, die IP-Adresse der Nutzer wird von Google innerhalb von Mitgliedstaaten der Europäischen Union oder in anderen Vertragsstaaten des Abkommens über den Europäischen Wirtschaftsraum gekürzt. Nur in Ausnahmefällen wird die volle IP-Adresse an einen Server von Google in den USA übertragen und dort gekürzt.
Die von dem Browser des Nutzers übermittelte IP-Adresse wird nicht mit anderen Daten von Google zusammengeführt. Die Nutzer können die Speicherung der Cookies durch eine entsprechende Einstellung ihrer Browser-Software verhindern; die Nutzer können darüber hinaus die Erfassung der durch das Cookie erzeugten und auf ihre Nutzung des Onlineangebotes bezogenen Daten an Google sowie die Verarbeitung dieser Daten durch Google verhindern, indem sie das unter folgendem Link verfügbare Browser-Plugin herunterladen und installieren: https://tools.google.com/dlpage/gaoptout?hl=de.
Weitere Informationen zur Datennutzung durch Google, Einstellungs- und Widerspruchsmöglichkeiten erfahren Sie auf den Webseiten von Google: https://www.google.com/intl/de/policies/privacy/partners, https://policies.google.com/technologies/ads, https://adssettings.google.com/authenticated.
Die personenbezogenen Daten werden nach 14 Monaten oder dem von Google unterstützten, kürzeren Speicherintervall anonymisiert oder gelöscht.
Die genannten Dienste werden erst aktiviert, nachdem Sie in unserem Consent-Manager (Banner) aktiv zugestimmt haben (§ 25 Abs. 1 TDDDG).
Wir nutzen auf Grundlage Ihrer Einwilligung (§ 25 Abs. 1 TDDDG / Art. 6 Abs. 1 lit. a DSGVO) die Marketing- und Remarketing-Dienste (kurz "Google-Marketing-Services") der Google Ireland Limited (EU) / Google LLC (USA, DPF-zertifiziert), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Diese Dienste werden erst nach Speicherung Ihrer Auswahl im Consent-Manager geladen.
Google ist nach dem EU-US Data Privacy Framework (Angemessenheitsbeschluss (EU) 2023/1795) zertifiziert und bietet hierdurch eine Garantie, das europäische Datenschutzrecht einzuhalten.
The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner to present users only with advertisements that potentially match their interests. If a user is shown advertisements for products that they were interested in on other websites, this is referred to as "Remarketing". For these purposes, when our and other websites where Google Marketing Services are active are accessed, a Google code is executed directly by Google and so-called (Re)marketing tags (invisible graphics or code, also referred to as "Web Beacons") are integrated into the website. With their help, an individual cookie, i.e., a small file is stored on the user's device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user visited, what content they were interested in and which offers they clicked on, as well as technical information about the browser and operating system, referring websites, visit time and other information about the use of the online service. The user's IP address is also captured, whereby we inform in the context of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is transmitted in full to a Google server in the USA and shortened there. The IP address is not combined with user data within other Google services. The above-mentioned information can also be combined by Google with such information from other sources. When the user subsequently visits other websites, advertisements targeted to their interests can be displayed.
User data is processed pseudonymously in the context of Google Marketing Services. This means Google does not store and process, for example, the user's name or email address, but processes the relevant data cookie-based within pseudonymous user profiles. This means from Google's perspective, the advertisements are not managed and displayed for a concretely identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google's servers in the USA.
Among the Google Marketing Services we use is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "Conversion Cookie". Cookies can therefore not be tracked across AdWords customers' websites. The information obtained with the help of the cookie serves to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their advertisement and were redirected to a page marked with a conversion tracking tag. However, they do not receive information that would allow them to personally identify users.
We may also use the service "Google Optimizer". Google Optimizer allows us to track in the context of so-called "A/B testing" how different changes to a website affect (e.g., changes to input fields, design, etc.). For these testing purposes, cookies are stored on users' devices. Only pseudonymous user data is processed.
Furthermore, we may use the "Google Tag Manager" to integrate and manage Google analysis and marketing services on our website.
Further information about data use for marketing purposes by Google can be found on the overview page: https://policies.google.com/technologies/ads, Google's privacy policy is available at https://policies.google.com/privacy.
If you wish to object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated.
The mentioned services are only activated after you have actively consented in our Consent Manager (Banner) (§ 25 para. 1 TDDDG).
Within our online service, based on your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG) and for these purposes, the so-called "Facebook Pixel" of the social network Facebook, which is operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used.
Facebook is certified under the EU-US Data Privacy Framework (Adequacy Decision (EU) 2023/1795) and thereby provides a guarantee that European data protection law is complied with.
With the help of the Facebook Pixel, it is possible for Facebook to determine the visitors of our online service as a target group for the display of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook Pixel to show the Facebook Ads placed by us only to such Facebook users who have also shown interest in our online service or who have certain characteristics (e.g., interests in certain topics or products, which are determined based on the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of users and do not have a disruptive effect. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook advertisement (so-called "Conversion").
The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook Ads, in Facebook's data usage policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and its functionality can be found in Facebook's help area: https://www.facebook.com/business/help/651294705016616.
You can object to data collection by the Facebook Pixel and the use of your data for displaying Facebook Ads. To set what types of advertisements are shown to you, you can visit the page set up by Facebook and follow the instructions on settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are made platform-independently, i.e., they are adopted for all devices, such as desktop computers or mobile devices.
To prevent the collection of your data via the Facebook Pixel on our website, please click
the following link:
The use of Facebook Pixel and Facebook Social Plugin is on this page:
Note: If you click the link, an "opt-out" cookie will be stored on your device. If you
delete the cookies in this browser, you will need to click the link again. Furthermore, the
opt-out only applies within the browser you are using and only within our web domain on
which the link was clicked.
You can also object to the use of cookies that serve reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
The mentioned services are only activated after you have actively consented in our Consent Manager (Banner) (§ 25 para. 1 TDDDG).
Based on your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG), we use Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The Plugins may represent interactive elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white "f" on blue tile, the terms "Like", "Gefällt mir" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the EU-US Data Privacy Framework (Adequacy Decision (EU) 2023/1795) and thereby provides a guarantee to comply with European data protection law.
When a user accesses a function of this online service that contains such a plugin, their device establishes a direct connection with Facebook's servers. The content of the plugin is transmitted directly from Facebook to the user's device and integrated into the online service. User profiles can be created from the processed data. We therefore have no influence on the scope of data that Facebook collects with the help of this plugin and inform users according to our knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online service. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, for example by pressing the Like button or leaving a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook learns and stores their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
The purpose and scope of data collection and further processing and use of data by Facebook as well as the related rights and settings options for protecting users' privacy can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.
To prevent the collection of your data via the Facebook Social Plugin on our website,
please click the following link:
The use of Facebook Pixel and Facebook Social Plugin is on this page:
Note: When you click the link, an "opt-out" cookie is stored on your device. If you
delete the cookies in this browser, you must click the link again. Furthermore, the
opt-out only applies within the browser you are using and only within our web domain on
which the link was clicked.
If a user is a Facebook member and does not want Facebook to collect data about them via this online service and link it with their member data stored on Facebook, they must log out of Facebook before using our online service and delete their cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
The aforementioned services are only activated after you have actively consented in our Consent Manager (banner) (§ 25 para. 1 TDDDG).
With the following information, we inform you about the contents of our newsletter as well as the registration, sending and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
Newsletter content: We send newsletters, emails and other electronic notifications with advertising information (hereinafter "Newsletter") only with the consent of the recipients or legal permission. If the contents of a newsletter are specifically described during registration, they are decisive for users' consent. Otherwise, our newsletters contain information about our products, offers, promotions and our company.
Double opt-in and logging: Registration for our newsletter is carried out using a so-called double opt-in procedure. This means you will receive an email after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else's email address. Newsletter registrations are logged in order to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation times, as well as the shortened IP address. Changes to your data stored with the shipping service provider are also logged.
The newsletter is sent by Shellfire.
Registration data: To register for the newsletter, it is sufficient to provide your email address.
Performance measurement - The newsletters may contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the shipping service provider's server when the newsletter is opened. During this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are collected. This information is used to technically improve the services based on technical data or target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. This information can be assigned to individual newsletter recipients for technical reasons. However, it is not our aim to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The sending of the newsletter and the performance measurement are based on the consent of the recipients according to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG or based on the legal permission according to § 7 para. 3 UWG.
The logging of the registration procedure is based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR and serves to prove consent to receiving the newsletter.
Cancellation/Withdrawal - Newsletter recipients can cancel receiving our newsletter at any time, i.e. withdraw their consent. A link to cancel the newsletter can be found at the end of each newsletter. This simultaneously extinguishes their consent to performance measurement. A separate withdrawal of performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be cancelled. Upon unsubscribing from the newsletter, the personal data will be deleted, unless their retention is legally required or justified, in which case their processing is limited to these exceptional purposes only. We may in particular store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them for newsletter sending purposes, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of possibly defending against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.
We set up digital services and content plugins and external content within our online services only after your consent according to Art. 6 para. 1 lit. a DSGVO i. V. m. § 25 para. 1 TDDDG (carried out via the consent banner), to provide their content and services, such as videos or fonts, to be integrated into our online services (hereinafter collectively referred to as "content"). This requires always that the third-party providers of these content, who receive the IP address of the user, since they could not send the content to the user's browser without the IP address. The IP address is therefore necessary for the display of this content. We only use such content if the respective providers of these content only use the IP address for the delivery of the content. Third parties can also use so-called pixel tags (invisible graphics or code, also referred to as "web beacons") for statistical or marketing purposes. Through these "pixel tags", information such as the visitor traffic on our website can be evaluated. The pseudonymous information can also be stored in cookies on the user's device and include, among other things, technical information about the browser and operating system, referring websites, access times, and other information about the use of our online services.
The following table provides an overview of third parties and their content, as well as links to their data protection declarations, which contain further information about data processing and, in some cases, opposition possibilities (so-called opt-out):
