Privacy Policy

1) Introduction and contact details of the person responsible

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we will inform you about how your personal data is handled when you use our website. Personal data is all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Felipe Rodriguez Silva, DIGICOM MEDIA LIMITED, Suite C, Level 7, World Trust Tower, 50 Stanley Street, Central HK, Tel.: on request, email: office@vamaro.de. The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

2) Data collection when you visit our website

2.1 If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the site server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if necessary: in anonymized form)

Processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or. TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.

2.3

By using our website, you (the visitor) agree to allow third parties to process your IP address to determine your location for currency conversion purposes. You also agree that this currency will be stored in a session cookie on your browser (a temporary cookie that is automatically removed when you close your browser). We do this so that the selected currency remains selected and consistent when browsing our website, so that prices can be converted into your (the visitor's) local currency.

3) Hosting & Content Delivery Network

Shopify

To host our website and display the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data will also be transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is guaranteed by an adequacy decision by the European Commission.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close the browser (so-called “session cookies”), while some of these cookies remain on your device for a longer period of time and enable you to save page settings (so-called “persistent cookies”). In the latter case, you can find out the storage period in the overview of the cookie settings in your web browser.

If personal data is also processed through individual cookies we use, the processing takes place in accordance with Article 6 (1) (b) GDPR either to implement the contract, in accordance with Article 6 (1) (a) GDPR in the event of consent being given or in accordance with Article 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contact us

When you contact us (e.g. via contact form or email), personal data is processed - exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Article 6 (1) (b) GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

6) Comment function

As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commenter name you chose are saved and published on this website. Furthermore, your IP address is logged and stored. The IP address is stored for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content through a comment made. We need your email address in order to contact you if a third party should complain that your published content is illegal.

The legal basis for storing your data is Article 6 Paragraph 1 Letters b and f GDPR. We reserve the right to delete comments if they are criticized by third parties as being unlawful.

7) Use of customer data for direct advertising

7.1 Sign up for our email newsletter

If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. To send the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter once you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when registering for the newsletter is used strictly for a specific purpose.

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the person responsible mentioned at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.

7.2 Klaviyo

Our email newsletters are sent via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when registering for the newsletter to this provider in accordance with Article 6 (1) (f) GDPR so that they can send the newsletter on our behalf.

Subject to your express consent in accordance with Article 6 Para. 1 lit. Device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but is not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with future effect.

We have concluded an order processing agreement with the provider, which protects the data of our site visitors and prohibits passing it on to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection levels on the basis of an adequacy decision by the European Commission.

7.3 Goods availability notification via email

For items that are temporarily unavailable, you can sign up to receive email inventory availability notifications. We will send you a one-off email informing you about the availability of the item you have selected. The only mandatory information for sending this notification is your email address. Providing further data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure to send emails, which ensures that you only receive a notification once you have expressly confirmed your consent to this by clicking on a verification link sent to the email address provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when you register for our email notification service about product availability is used strictly for the intended purpose.

You can unsubscribe from availability notifications at any time by sending a message to the person responsible mentioned at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.

7.4 Shopping cart reminders via email

If you cancel your purchase with us before completing the order, you have the option of receiving a one-time email reminder of the contents of your virtual shopping cart.

The only mandatory information for sending this reminder is your email address. Providing further data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure to send emails, which ensures that you only receive a notification once you have expressly confirmed your consent to this by clicking on a verification link sent to the email address provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR to send a shopping cart reminder. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when you register for our email notification service is used strictly for the intended purpose.

You can unsubscribe from shopping cart reminders at any time by sending a message to the person responsible mentioned at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.

8) Data processing for order processing

8.1 Transmission of image files for order processing via upload function

On our website we offer customers the opportunity to order the personalization of products by sending image files via an upload function. The submitted image motif is used as a template for personalizing the selected product.

Using the upload form on the website, the customer can send one or more image files from the memory of the device used to us directly via automated, encrypted data transfer. We then collect, save and use the transmitted files exclusively to produce the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to special service providers for the preparation and processing of the order, you will be explicitly informed about this in the following paragraphs. No further transfer will take place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all of the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Article 6 Paragraph 1 Letter b GDPR.

After the order has been processed, the transmitted image files will be automatically and completely deleted.

8.2 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Article 6 Paragraph 1 Letter b of the GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact details you provided when ordering (name, address, email address) in order to inform you personally about upcoming updates within the legally stipulated period of time by an appropriate means of communication (e.g. by post or email) within the framework of our legal information obligations in accordance with Article 6 Paragraph 1 Letter c of the GDPR. Your contact details will be used strictly for the purpose of communicating updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.3 To fulfill our contractual obligations to our customers, we work with external shipping partners. We will pass on your name and delivery address and, if necessary for delivery, your telephone number, to a shipping partner selected by us exclusively for the purpose of delivering goods in accordance with Art. 6 Para. 1 lit. b GDPR.

8.4 Use of payment service providers (payment services)

-Amazon Pay

One or more online payment methods from the following provider are available on this website: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg

If you choose a payment method from the provider with which you pay in advance (e.g. credit card payment), the payment data you provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to them in accordance with Article 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of processing payments with the provider and only to the extent that it is necessary for this purpose.
-Apple Pay

If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the “Apple Pay” function of your iOS, watchOS or macOS-operated device by charging a payment card stored with “Apple Pay”. Apple Pay uses security features built into your device's hardware and software to protect your transactions. In order to approve a payment, you must enter a code previously specified by you and verify it using the “Face ID” or “Touch ID” function of your device.

For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. Encryption ensures that only the website through which the purchase was made can access the payment details. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.

If personal data is processed during the transfers described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.

Apple retains anonymized transaction information, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can be used to identify you. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.

Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Google Pay

If you choose the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment will be processed via the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and with an NFC function by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). In order to approve a payment via Google Pay in the amount of more than €25, you must first unlock your mobile device using the verification measure that has been set up (e.g. facial recognition, password, fingerprint or pattern).

For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the originating website, which is used to verify a payment made. This transaction number does not contain any information about the real payment details of your payment methods stored with Google Pay, but is created and transmitted as a one-time valid numerical token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively between the user and the source website by debiting the payment method stored with Google Pay.

If personal data is processed during the transfers described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.

Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photographs you included with the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, the verification of process data and the optimization and functionality of the Google Pay service.

Google also reserves the right to combine the processed process data with other information that is collected and stored by Google when you use other Google services.

The Google Pay terms of use can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacy notice&ldl=en
- Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method in which the provider makes advance payment (e.g. invoice or installment purchase or direct debit), you will also be asked to provide certain personal data during the ordering process (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if necessary data on an alternative means of payment).

In order to protect our legitimate interest in determining our customers' ability to pay, we will forward this data to the provider for the purpose of a credit check in accordance with Article 6 Paragraph 1 Letter f of the GDPR. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment history), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks.

In addition to the provider's internal criteria in accordance with Article 6 Paragraph 1 Letter f of the GDPR, identity and creditworthiness information from the following credit agencies can also be included in the decision as part of the application review:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
-Paypal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you choose a payment method from the provider with which you pay in advance, the payment data you provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to them in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of processing payments with the provider and only to the extent that it is necessary for this purpose.

If you choose a payment method in which we pay in advance, you will also be asked to provide certain personal data during the ordering process (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, and if necessary, data on an alternative means of payment).

In order to protect our legitimate interest in determining your ability to pay in such cases, we will forward this data to the provider for the purpose of a credit check in accordance with Article 6 Paragraph 1 Letter f of the GDPR. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment history), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks.

One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

One or more online payment methods from the following provider are available on this website: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany

9) Retargeting/remarketing and conversion tracking

9.1 Meta Pixel with advanced data matching

Within our online offering, we use the “Meta Pixel” service from the following provider in the extended data comparison mode: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Meta”)

If a user clicks on an ad we place on Facebook or Instagram, the URL of our linked page is expanded by a parameter using “Meta Pixel”. After redirection, this URL parameter is then entered into the user's browser by a cookie that our linked page sets itself. In addition, this cookie records specific customer data such as the email address, which we collect on our website linked to the Facebook or Instagram ad during processes such as purchasing, account logins or registrations (extended data matching). The cookie is then read and enables the data, including specific customer data, to be transmitted to Meta.

We use "Meta Pixel" with advanced data matching to make our advertisements (so-called "Ads") on Facebook and/or Instagram more effective and to ensure that they correspond to the interests of users or have certain characteristics (e.g. interests in certain topics or products, which are determined based on the websites visited), which we transmit to Meta (so-called "Custom Audiences").

We also analyze the effectiveness of our advertisements by tracking whether users were redirected to our website after clicking on an advertisement (conversion). Compared to the standard version of "Meta Pixel", the advanced data matching feature helps us better measure the effectiveness of our advertising campaigns by recording more attributed conversions.

All transmitted data is stored and processed by Meta so that an assignment to the respective user profile is possible and Meta uses the data for its own advertising purposes in accordance with Meta's data usage guidelines (https://www.facebook.com/about/privacy/) can use. The data may enable Meta and its partners to place ads on and off Facebook.

All processing described above, in particular the setting of cookies to read information on the device used, will only be carried out if you have given us your express consent to this in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

The information generated by Meta is usually transferred to a Meta server and stored there; In this context, there may also be a transfer to Meta Platforms Inc. servers in the USA.

For data transfers to the USA, the provider has joined the EU-US data protection framework (EU-US Data Privacy Framework), which ensures compliance with European data protection levels on the basis of an adequacy decision by the European Commission.

9.2 Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. Any further data processing will only take place if you have agreed to Google that your internet and app browser history will be linked by Google to your Google account and that information from your Google account will be used to personalize ads that you view on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google temporarily links your personal data with Google Analytics data to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. come to the USA.

All processing described above, in particular the setting of cookies to read information on the device used, will only be carried out if you have given us your express consent to this in accordance with Article 6 (1) (a) GDPR. Without this consent, retargeting technology will not be used during your visit to the site.

You can revoke your consent at any time with future effect. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.

Details about the processing initiated by Google and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner sites

Further information about Google's data protection regulations can be found here: https://business.safety.google/intl/en/privacy/ and https://www.google.de/policies/privacy/

9.3 Pinterest retargeting pixels

This website uses retargeting technology from the following provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

This makes it possible to specifically target visitors to our website who have already shown an interest in our shop and our products with personalized, interest-based advertising. The display of advertising is based on a cookie-based analysis of previous and current usage behavior, but no personal data is stored. In cases of retargeting technology, a cookie is stored on your computer or mobile device to collect pseudonymized data about your interests and thus tailor advertising to the information stored. These cookies are small text files that are stored on your computer or mobile device. You will be shown advertising that most likely corresponds to your product and information interests.

All processing described above, in particular the setting of cookies to read information on the device used, will only be carried out if you have given us your express consent to this in accordance with Article 6 (1) (a) GDPR. Without this consent, retargeting technology will not be used during your visit to the site.

You can revoke your consent at any time with future effect. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.

9.4 TikTok pixels

This website uses conversion tracking technology from the following provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

If you came to our website from an advertisement on the provider's domain, the success of the advertisement can be tracked using cookies and/or comparable technologies (tracking pixels, web beacons, pings or HTTP requests).

For this purpose, certain device and browser information, including your IP address, is read using tracking technology in order to record and evaluate user actions predefined by us (e.g. completed transactions, leads, search queries on the website, views of product pages). This makes it possible to create statistics about usage behavior on our website after being redirected from an advertisement, which we use to optimize our offering.

We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

10) Page functionalities

10.1 Endereco

In order to enable checking certain entries in the address form of the ordering process of our web shop for input errors in real time, we use the services of the following provider: Endereco UG, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany

The provider validates the address entered, verifies the spelling and adds any missing data if necessary. If addresses are not unique, correct alternative suggestions are displayed. For this purpose, the address data you enter will be transmitted to the provider, stored and evaluated there.

This processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in properly recording the customer's correct address data in order to conscientiously fulfill our contractual delivery obligations and to prevent contract execution problems.

The provider processes the affected data separately and does not merge it with other data sets and deletes it as soon as its status or correctness has been confirmed, but no later than after 30 days.

10.2 Applications for job advertisements via email

We advertise currently vacant positions in a separate section on our website, for which interested parties can apply by email to the contact address provided.

Applicants must provide all personal data necessary for an informed assessment, including general information such as name, address and contact details, as well as performance-related evidence and, where applicable, health-related information. Details on how to apply can be found in the job advertisement.

Once the application has been received by email, the data will be stored and evaluated exclusively for the purpose of processing the application. If we have any questions, we use either the applicant's email address or telephone number. The processing is carried out on the basis of Article 6 Paragraph 1 Letter b of the GDPR (or Section 26 Paragraph 1 of the BDSG), in the sense of which going through the application process is considered to be the initiation of an employment contract.

If special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data such as information about severely disabled status) are requested from applicants as part of the application process, processing takes place in accordance with Art. 9 Para. 2 lit. b. GDPR, so that we can exercise the rights under labor law and social security and social protection law and fulfill our obligations in this regard.

Cumulatively or alternatively, the processing of special categories of data may also be based on Article 9 (1) (h) of the GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for assessing the applicant's ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the administration of systems and services in the health or social sector.

If the applicant is not selected or if an applicant withdraws their application prematurely, their submitted data and all electronic correspondence, including the application email, will be deleted after a corresponding notification at the latest after 6 months. This deadline is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, in being able to meet our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be processed on the basis of Article 6 Paragraph 1 Letter b GDPR (when processed in Germany in conjunction with Section 26 Paragraph 1 BDSG) for the purpose of carrying out the employment relationship.

11) Tools and miscellaneous

- easybill
To carry out the accounting, we use the cloud-based accounting software service from easybill GmbH, Düsselstr. 21, 41564 Kaarst (“easybill”). easybill processes incoming and outgoing invoices as well as our company's bank transactions in order to automatically record invoices, match them to the transactions and create financial accounting from them in a semi-automated process.
If personal data is also processed, the processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business processes.
Further information about easybill GmbH, the automated processing of data and the data protection regulations can be found at easybill.de/privacy

12) Rights of the person concerned

12.1 The applicable data protection law grants you the following data subject rights (rights of information and rights of intervention) vis-à-vis the person responsible for the processing of your personal data, whereby reference is made to the legal basis listed for the respective exercise requirements:

Right to information in accordance with Art. 15 GDPR;
Right to rectification in accordance with Art. 16 GDPR;
Right to deletion in accordance with Art. 17 GDPR;
Right to restriction of processing in accordance with Art. 18 GDPR;
Right to information in accordance with Art. 19 GDPR;
Right to data portability in accordance with Art. 20 GDPR;
Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR;
Right to complain in accordance with Art. 77 GDPR.

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCE OF INTERESTS BASED ON OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION TO INSERT.

IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN PROOF COMPLEX REASONS FOR THE PROCESSING THAT ARE worthy of protection, which OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE YOUR OPT-OUT AS DESCRIBED ABOVE.

IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT ADVERTISING PURPOSES.

13) Duration of storage of personal data

The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing and - if relevant - additionally based on the respective legal retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of express consent in accordance with Article 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed within the framework of legal or transaction-like obligations on the basis of Article 6 Para. 1 lit.

When processing personal data based on Art.

When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until you exercise your right to object in accordance with Article 21 Paragraph 2 of the GDPR.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Data protection