Data Protection Declaration
1. Information on the collection of personal data and contact details of the controller
1.1 In the following, we inform you of the processing of personal data when using our website. Personal data means all data that can be attributed to you personally, e.g. name, address, e-mail addresses, user behaviour. We would like to inform you of our processing operations and at the same time fulfil our legal duties, in particular those under the EU General Data Protection Regulation (GDPR).
1.2 The controller as per Art. 4 Para. 7 GDPR responsible for data processing on this website is Beurer Europe GmbH, Söflinger Straße 218, 89077 Ulm, Germany, Tel.: +49 (731) 3989-0, Fax: +49 (731) 3989-139, E-mail: imprint@beurer.de.
1.3 The controller has appointed a data protection officer. The data protection officer can be reached here: Data Protection Officer Beurer Europe GmbH, Söflinger Straße 218 89077 Ulm, Germany Tel.: 0731/3989-0 E-Mail: datenschutz@beurer.de
1.4 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the string “https://” and the lock symbol in your browser bar.
1.5 When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and your telephone number, as applicable) will be stored by us in order to answer your questions. If the request is assigned to a contract, we delete the data arising in this context after the periods for the term of the contract, otherwise we delete it after storage is no longer necessary, or we restrict processing if there are statutory retention obligations.
1.6 If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail below about the respective processes.
2. Your rights
2.1 You have the following rights towards a controller with regard to your personal data:
- Right to access,
- Right to correction or deletion,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.
2.2 You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
3. Data collection when visiting our website
When you use the website for informational purposes, i.e. simply view it without registering and without otherwise providing us with information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security, which is why we have to process it. The legal basis is Article 6(1)(1)(f) GDPR.
- Date and time of access
- Volume of data transferred in bytes
- Source/reference from which you arrived at the site
- Browser used
- Operating system used
- Domain and IP address used (in anonymised form, if applicable)
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (site visited)
- Access status/HTTP status code
- Browser software language and version
Processing takes place in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use. The data is stored for 30 days.
4. Other features and offers of our website
4.1 In addition to the use of our website for purely informative purposes, we offer various services that you can use if you are interested and use other usual functions for analysing or marketing our offers, which are presented in greater detail below. For this purpose, you usually have to provide additional personal data or we process such additional data that we use to perform the respective services. The aforementioned principles of data processing apply to all data processing purposes described here.
4.2 In some cases, we use external service providers to process your data. These service providers have been carefully selected by us, are bound by our instructions and inspected on a regular basis.
4.3 We may also pass on your personal data to third parties if we offer participation in promotional events, competitions, contracts or similar services together with partners. Depending on the service, your data may also be collected by the partners on their own responsibility. You can find more information by entering your details or in the description of the respective offers below.
4.4 If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences this has in the description.
5. Objection to the processing of your data or withdrawal of consent
5.1 If you have granted your consent to the processing of your data, you can revoke it at any time. Such revocation affects the legality of the processing of your personal data after you have granted your consent to us. The legality of the processing of your data up to the time of revocation remains unaffected.
5.2 If we base the processing of your personal data on the balancing of interests, you can object to the processing. This is particularly the case if the processing is not necessary for the fulfilment of a contract with you, which we describe in the following description of the functions. When exercising such an objection, please state the reasons why we should not process your individual-related data as we had been doing. In the event you raise an objection, we will examine the state of affairs and either discontinue or adjust the data processing, or present you with our urgent interests worthy of protection based on which we will continue the processing.
5.3 Of course, you may object to the processing of your personal data for purposes of advertising and data analysis at any time. The best way to raise an objection to advertising is to use the contact details provided above.
6. Cookies
6.1 In addition to the above-mentioned data, we use technical tools for various functions when you use our website, in particular cookies that may be stored on your end device. When you visit our website and at any time thereafter, you can choose whether to allow cookies to be set in general or choose which individual additional functions you wish to select. You can make changes in your browser settings or via our Consent Manager. Below, we first describe cookies from a technical point of view (6.2), before we go into greater detail on your individual selection options by describing technically necessary cookies (6.3) and cookies that you can choose or deselect (6.4).
6.2 Cookies are text files or information in a database that are stored on your hard drive and are associated with the browser you use so that certain information can flow to the place that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer, but are primarily used to make the Internet offer faster and more user-friendly. This website uses the following types of cookies, the function and legal basis of which we will explain below:
- Transient cookies: Such cookies, in particular session cookies, are automatically deleted when the browser is closed or when you log out. They contain a session ID. This allows different requests from your browser to be assigned to the shared session and your computer can be recognised when you return to our website.
- Persistent cookies: These are deleted automatically after a predefined period of time, which is defined differently depending on the cookie. You can view the cookies set and their duration at any time in your browser settings and delete the cookies manually.
- Other technologies: These functions are not based on cookies, but on similar technical mechanisms, such as Flash cookies, HTML5 objects or an analysis of your browser settings. The result is also that we can use the technologies described below. Here, too, you can of course agree or object.
6.3 Essential functions required for technical reasons to display the website: The technical design of the website requires us to use technologies such as cookies in particular. Without these technologies, our website cannot be displayed (completely correctly) or it would not be possible to enable the support functions. These are generally transient cookies that are deleted at the end of your visit to our website, or at the latest when you close your browser. You cannot opt out of these cookies if you wish to use our website. The individual cookies are visible in the Consent Manager. The legal basis for data processing is Art. 6(1)(1)(f) GDPR.
6.4 Optional cookies when granting your consent: We only set various cookies with your consent, which you can select when you first visit our website using the cookie consent tool. The functions are only activated with your consent and can in particular be used to enable us to analyse and improve visits to our website, to make it easier for you to use it via different browsers or end devices, to recognise you during a visit or to display advertisements (e.g. to tailor advertising to your interests, measure the effectiveness of advertisements or show interest-based advertising). The legal basis for data processing is Art. 6(1)(1)(a) GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing until withdrawal. The functions we use, which you can select and revoke individually via the Consent Manager, are described below. Please note that if you do not accept cookies, the functionality of our website may be limited.
7. Other services and functions used on this website
7.1 Data processing when opening a customer account
In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed to the extent necessary if you provide us with it when opening a customer account. You can find out which data is required to open an account on the input screen of the corresponding form on our website. You can delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted, provided that all contracts concluded on this basis have been completely fulfilled, there are no legal retention periods and we have no legitimate interest in retaining the data for longer.
7.2 Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6(1)(f) GDPR).
Shopify also processes data about you in the USA, among other places. Data transfer to the USA takes place on the basis of Art. 45 GDPR in conjunction with Adequacy Decision C(2023) 4745 of the European Commission, as the data recipient has undertaken to comply with the principles of data processing of the Data Privacy Framework (DPF). We have concluded a data processing agreement with Shopify.
As the basis for processing data for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or transferring data there, Shopify uses standard contractual clauses (= Art. 46 Para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Shopify undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the United States. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More information on the standard contractual clauses and on the data processed through the use of shopify can be found in the privacy policy at https://www.shopify.de/legal/datenschutz or https://help.shopify.com/en/manual/your-account/privacy/GDPR/gdpr-faq#will-shopify-sign-standard-contractual-clauses.
7.3 Heroku
We use Heroku for our website. This is a container-based cloud platform for developing and deploying web applications. The service provider is the American company salesforce.com Inc., One Market Street, Suite 300, San Francisco, CA 94105, USA. The legal basis for the use of Heroku is our legitimate interest under Art. 6(1)(1)(f) GDPR. Our legitimate interest here is the technically flawless and optimised provision of our services.
Salesforce also processes data about you in the USA, among other places. Salesforce is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the US. Furthermore, Salesforce uses standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. These clauses oblige Salesforce to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the United States. These clauses are based on an implementing decision of the EU Commission. You can find the decision as well as the relevant standard contractual clauses and more here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Data Processing Addendum, which corresponds to the standard contractual clauses, can be found at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.
You can find out more about the data processed through the use of Salesforce in the privacy policy at https://www.salesforce.com/de/company/privacy/.
7.4 Scaleway
We use the subdomain data.beurer.com of an Internet service provider to maintain our online presence. This subdomain is used by an Internet service provider whose server stores the website and makes our website available on the Internet. The following data is collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s Internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites accessed by the user’s system via our website
The data is stored in log files at our technical service provider, SCALEWAY SAS, 8 rue de la Ville l'Evêque, 75008 Paris/France. The legal basis for the temporary storage of data is Art. 6(1)(f) GDPR. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. For these purposes, our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.
The above-mentioned data is stored in the log files in order to ensure the functionality of our website. We also use this data to optimise the website and to ensure the security of our information technology systems (e.g. attack detection). For these purposes, our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Log files are stored for seven days.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, the user does not have the option of raising an objection.
Legal basis: The Internet service provider processes the aforementioned data on our behalf, Art. 28 GDPR. Data is processed on the basis of our legitimate interest in the efficient and secure provision of our Internet offer, Art. 6(1)(f) GDPR. If you only use our website for information purposes, our Internet service provider only collects the personal data that the browser you use transmits to its server. The data is stored as log files on the servers of our Internet service provider. This is necessary in order to be able to display the website on the end device you are using and to ensure stability and security. Our legitimate interest in data processing is based on the above purposes. Legal basis: Data is processed on the basis of our legitimate interest in the efficient and secure provision of our Internet offer, Art. 6(1)(f) GDPR. Duration: The above data for the provision of our website is stored for a certain period of time and then deleted.
7.5 Integration of the Trusted Shops Trustbadge
Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected reviews) and to offer Trusted Shops products to buyers after an order. This serves to safeguard our overriding legitimate interests in optimal marketing within the framework of a balance of interests by enabling secure purchasing in accordance with Art. 6(1)(1)(f) GDPR. The Trustbadge and the services advertised with it are an offer of Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with which we are jointly responsible under data protection law in accordance with Art. 26 GDPR. Within the framework of this data protection notice, we hereby inform you about the main content of the contract as per Art. 26(2) GDPR.
Contact Trusted Shops within the scope of the joint responsibility existing between us and Trusted Shops in the event of data protection issues and to assert your rights using the contact options provided in the data protection information. Regardless of this, however, you can always contact the person responsible of your choice. Your request will then be forwarded to the other controller for a response if necessary.
The Trustbadge is provided by a US CDN (Content Delivery Network) provider. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed for the USA here. Service providers used from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). You can find more information here. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as an appropriate guarantee.
When the Trustbadge is called up, the web server automatically saves a server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. The IP address is anonymised immediately after collection, so the data stored cannot be attributed to your person. The anonymised data is used in particular for statistical purposes and for error analysis.
Once the order has been completed, the Trustbadge accesses the order information stored in your end device (order amount, order number, product purchased if applicable) as well as the e-mail address. This is necessary in order to be able to offer you the Trusted Shops services and to have your order secured automatically if necessary. For this purpose, your e-mail address is hashed using a cryptological one-way function and transmitted to Trusted Shops. The legal basis is Art. 6(1)(1)(f) GDPR.
This serves to check whether you are already registered for services with Trusted Shops and is therefore necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services in accordance with Art. 6(1)(1)(f) GDPR. If this is the case, further processing will take place in accordance with the contractual agreement concluded between you and Trusted Shops. If you have not yet registered for the services, you will then be given the opportunity to do so for the first time. Further processing after registration is also based on the contractual agreement with Trusted Shops. If you do not register, all data transmitted will be automatically deleted by Trusted Shops, whereupon it will no longer be possible to identify you.
Trusted Shops uses service providers in the fields of hosting, monitoring and logging. The legal basis is Art. 6(1)(f) GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed for the USA here and for Israel here. Service providers used from the USA are generally certified under the EU-U.S. Data Privacy Framework. You can find more information here. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as an appropriate guarantee.
7.6 PayPal
We offer the option of processing the payment transaction via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6(1)(f) GDPR). In this context, we pass on the following data to PayPal to the extent necessary for the performance of the contract (Art. 6(1)(b) GDPR):
- First name
- Surname
- Address
- E-mail address
- Telephone number
The processing of the data specified under this section is neither legally nor contractually required. We will not be able to process payments via PayPal unless you submit your personal data. You have the option to choose a different payment method.
PayPal carries out a credit check for various services such as payment by direct debit in order to ensure your willingness and ability to pay. This corresponds to PayPal’s legitimate interest (in accordance with Art. 6(1)(f) GDPR) and serves the performance of the contract (in accordance with Article 6(1)(b) GDPR). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made or rejected or is pending verification.
Further information on objection and cancellation options regarding PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Your data will be stored until payment processing is completed. This also includes the time required for processing refunds, receivables management and fraud prevention. We will store your data until the respective statutory retention periods elapse.
7.7 Trusted Returns
For efficient processing of returns, we use “Trusted Returns”, a service of Trusted Returns GmbH, Peter-Joseph-Lenne-Straße 5, 51377 Leverkusen, Germany. The integration of the service gives you the option of initiating a return process directly on our website. For this purpose, customer data (first name, surname, address, e-mail address), order data, return data, shipping data and the delivery status in accordance with Art. 6 (1)(b) GDPR and on the basis of our legitimate interest pursuant to Art. 6(1)(f)) GDPR to an efficient returns management to Trusted Returns. Trusted Returns stores your data exclusively in German data centres of Hetzner GmbH or Ionos GmbH. Based on the entries made and using the software provided by Trusted Returns, we verify your return eligibility. Once the return process has been completed, the data provided will be deleted by Trusted Returns. We have entered into a data processing agreement with Trusted Returns, in which we have obliged Trusted Returns to process and protect our customers’ data in accordance with legal requirements. Details of Trusted Returns’ data protection statement can be found here: https://trustedreturns.com/de.
7.8 Shopify Payments
We use the payment service provider “Shopify Payments”, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, payment processing is carried out via the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6(1)(b) GDPR. Your data will only be shared for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. You can find more information about Shopify Payments’ data protection at the following website: https://www.shopify.com/legal/privacy.
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
7.9 Google Tag Manager
We use the service called Google Tag Manager from Google. “Google” is a group of companies made up of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA as well as other affiliated companies of Google LLC. Google Tag Manager is an auxiliary service and only processes personal data itself for purposes required for technical reasons. The Google Tag Manager ensures that other components are loaded, which in turn may collect data. Google Tag Manager does not access this data. Further information on Google Tag Manager can be found in Google’s data protection provisions at https://www.google.com/intl/de/policies/privacy/.
The purpose of the processing is to initiate, control and administer other services on our website. The legal basis for processing: a legitimate interest that overrides the rights and freedoms of the data subjects (Art. 6(1)(f) GDPR). Legitimate interests in this context: strong economic interest in the safe and functioning operation of the technical systems, compliance with legal and contractual obligations. Data is transferred to the data processor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This may also involve the transfer of personal data to a country outside the European Union. Data transfer to the USA takes place on the basis of Art. 45 GDPR in conjunction with Adequacy Decision C(2023) 4745 of the European Commission, as the data recipient has undertaken to comply with the principles of data processing of the Data Privacy Framework (DPF). We have concluded a data processing agreement with Google.
7.10 Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google").
Categories of data processed: technical connection data of server access (IP address, date, time, site requested, browser information) and data for the creation of usage statistics. Purpose of processing: Prevention of non-human and automated inputs. Legal basis for processing: Your consent under Art. 6(1)(a) GDPR. Data is transferred to the independent controller Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for the transfer of data to Google Ireland Limited is your consent in accordance with Art. 6(1)(a) GDPR. This may also involve the transfer of personal data to a country outside the European Union. Data transfer to the USA takes place on the basis of Art. 45 GDPR in conjunction with Adequacy Decision C(2023) 4745 of the European Commission, as the data recipient has undertaken to comply with the principles of data processing of the Data Privacy Framework (DPF).
Data processing takes place on the basis of your consent granted using the Consent Tool in accordance with Art. 6(1)(a) GDPR. Further information on Google reCAPTCHA and Google’s data protection statement can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
7.11 Use of Salesforce Service Cloud and Marketing Cloud
Data that you provide to us via our website (e.g. in purchase forms, newsletter registration, as part of a competition) is stored in the Salesforce Service Cloud and used to send order confirmations and shipping notes.
We also use the Salesforce Marketing Cloud to send our newsletters, for automated mailings (e.g. welcome mailings) and for advertising campaigns in social networks and online advertising on other websites. For this purpose, the data of the newsletter subscriber is transferred to the marketing cloud. Salesforce Marketing Cloud data is stored and processed on Salesforce servers in the USA. Salesforce also processes data about you in the USA, among other places. Salesforce is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the US.
Furthermore, Salesforce uses standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. These clauses oblige Salesforce to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the United States. These clauses are based on an implementing decision of the EU Commission. You can find the decision as well as the relevant standard contractual clauses and more here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Data Processing Addendum, which is based on standard contractual clauses, can be found at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.
We receive information about the click behaviour of users via the Marketing Cloud with the help of web beacons and pixels as well as the iGoDigital tracking service, which is part of Salesforce. Interaction data is saved directly to the user in the Marketing Cloud so that we can send you targeted advertising via AdStudio, e.g. also via social networks. We can specify the groups of users to whom the advertisements are to be displayed (“Custom Audiences”). For this purpose, personal data is shared with Facebook (including Instagram), Google, Twitter, Pinterest and LinkedIn after pseudonymisation in accordance with the SHA 256 procedure.
If you do not wish to do so, you have the option of displaying personalised advertising in your account settings on the social networks. In addition, you may use a different e-mail address for newsletters or registration with us than that for your social media accounts.
The data in the Salesforce Service or Salesforce Marketing Cloud is used exclusively by us. Your data will not be sold to third parties, individuals or institutions under any circumstances.
The processing of your data in the Salesforce Service Cloud is based, where relevant, on our legitimate interest in using a CRM system as per Art. 6(1)(1)(f) GDPR, otherwise on your consent pursuant to Art. 6(1)(1)(a) GDPR. The processing of your data in the Salesforce MarketingCloud is based on your consent in accordance with Art. 6(1)(1)(a) GDPR.
Further information on the Salesforce Service Cloud and the Salesforce Marketing Cloud can be found in the Salesforce data protection statement, which can be accessed at the following URL: https://www.salesforce.com/de/company/privacy/
7.12 Data processing for the purpose of processing shipping
We pass on your data to the shipping service provider commissioned with the delivery for the purpose of fulfilling the contract in accordance with Art. 6(1)(1)(b) GDPR, insofar as doing so is necessary to deliver the goods ordered. If you have given us your express consent to this during or after your order, we will grant this consent in accordance with Art. 6(1)(1)(b) GDPR, forward your telephone number and, if applicable, your e-mail address to the selected shipping service provider so that they can contact you for the purpose of announcing or coordinating delivery before delivery. Consent can be withdrawn at any time by sending a message to the contact option described in this data protection statement or directly to the shipping service provider at the contact address listed below. After revocation, we will delete the data you have provided for this purpose, unless you have expressly consented to the further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.
As a shipping service provider, we use:
Parcel One
Otto-Hahn-Straße 21
35510 Butzbach, Germany
Germany
7.13 Cookiebot
We use the consent management service Cookiebot, Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics). This enables us to obtain and manage the consent of website users for data processing. Processing is necessary for the fulfilment of a legal obligation (Art. 7(1) GDPR), to which we are subject (Art. 6(1)(1)(c) GDPR). For this purpose, the following data is processed with the help of cookies:
- Your IP address (the last three digits are set to '0').
- Date and time of consent.
- Browser information.
- URL from which the consent was sent.
- An anonymous, random and encrypted key.
- Consent status of the end user, as proof of consent.
The key and consent status are stored in the browser for 12 months using the cookie “CookieConsent”. This will keep your cookie preference for subsequent site requests. The key can be used to prove and track their consent.
If you activate the “collective consent” service function to enable consent for multiple websites through a single end-user consent, the service also stores a separate, random, unique ID with your consent. If all of the following criteria are met, this key is stored in encrypted form in the third-party cookie “CookieConsentBulkTicket” in your browser:
- You activate the collective consent function in the service configuration.
- You allow third-party cookies via browser settings.
- You have disabled “Do not track” in your browser settings.
- You accept all or at least certain types of cookies if you give your consent.
The functionality of the website is not guaranteed without processing. Usercentrics is the recipient of your personal data and acts as a processor for us. The processing takes place in the European Union. You can find more information on the options for objection and elimination with regard to Usercentrics at: https://www.cookiebot.com/de/privacy-policy/
Your personal data will be deleted continuously after 12 months or immediately after the termination of the contract between us and Usercentrics. Please note our general statements on the deletion and deactivation of cookies in this statement.
7.14 MaxMind Geolocation
On our website, we use the GeoIP2 country database provided by MaxMind Inc., 14 Spring Street, 3rd Floor, Waltham, MA 02451, USA. In the database, approximate location/geolocation data is assigned to the IP addresses used based on the country of origin from which the IP address originates. These databases are used to estimate your location at country level based on the identified IP address. Based on this, your view of our website is automatically set to the corresponding delivery country, currency and language. The database is installed locally at our premises. There is no connection to MaxMind servers. No personal data is passed on to third parties.
The evaluation of your IP address in order to estimate your country location takes place on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the correct presentation of country-specific content on the website. You can find more information at: https://support.maxmind.com/. You can access the data protection notice at: https://www.maxmind.com/en/privacy-policy.
7.15 Semknox
Our website uses a service of SEMKNOX GmbH, Webergasse 1, 01067 Dresden for the internal product search. This is used to show you the products that match your search query via our website. For this purpose, your search query is sent directly to SEMKNOX. This also includes the transmission of your IP address and, if applicable, a random session ID. The IP address is used for IT and system security purposes and anonymized within 12 days by truncating the last eight digits.
To enable the search function, SEMKNOX uses “cookies”, i.e. text files that are stored on your computer and are active for 24 hours. The information generated by the cookie about your use of the search function as a user is transferred to a server in Germany hosted by SEMKNOX. SEMKNOX will use this information on our behalf to answer your search request and optimise the search function used. You can deactivate the use of cookies in your browser or object to the use of the tool with the consent tool we use by not granting your consent. In this case, however, it may not be possible to use the search function or it may only be possible to use it to a limited extent.
The processing of the information generated by the cookie and transmitted to SEMKNOX is based on Art. 6(1)(f) GDPR for the purpose of designing our website in line with needs and optimising our offer.
7.16 Facebook
Our online offer uses the Facebook pixel from the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”). If a user clicks on an advertisement placed by us that is displayed on Facebook, an add-on is added to the URL of our linked site by Facebook pixels. If our site allows data to be shared with Facebook via pixels, this URL parameter is written to the user’s browser via a cookie, which sets our linked site itself. This cookie is then read by the Facebook Pixel and enables the data to be forwarded to Facebook.
With the help of the Facebook pixel, Facebook is able to determine the visitors of our online offer as a target group for the display of advertisements (“Facebook Ads”). Accordingly, we make use of the Facebook pixel in order to display Facebook ads which we have placed only to Facebook users who have shown interest in our online offer or exhibit certain features (such as interest in particular subjects or products which can be determined based on the websites visited), which we transmit to Facebook (known as “Custom Audiences”). With the help of the Facebook pixel, we also seek to ensure that our Facebook ads correspond to the potential interests of the users and do not pose a nuisance. This way, we can continue to evaluate the effectiveness of the Facebook advertisements for statistical and market research purposes by tracking whether users are forwarded to our website after clicking on a Facebook ad (known as “Conversion”).
The data collected is anonymous to us and therefore does not allow us to draw conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to display advertisements on and outside Facebook.
We have also activated Automatic Advanced Matching in the Facebook pixel function. This function of the pixel enables us to send hashed e-mails, names, gender, city, state, postal code and date of birth or telephone number as additional information to Facebook, provided you have made this data available to us. This activation enables us to customise advertising campaigns on Facebook even more precisely to people who are interested in our services or products.
The data processing which goes along with the use of the Facebook Pixel takes place exclusively with your express consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.
7.17 Pinterest Retargeting pixel
This website has an integrated pixel (Pinterest tag) from Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). The pixel can be used to collect, store and evaluate information about the surfing behaviour of visitors to the website in pseudonymised form. The information can be assigned to the user’s person with the help of other information that Pinterest has stored about the user, e.g. because the user has an account on the social network Pinterest.
Pinterest uses an algorithm to analyse surfing behaviour and can then display targeted product recommendations as personalised advertising banners on the user’s Pinterest account. Pinterest may also combine the information collected via the pixel with other information that Pinterest has collected via other websites and/or in connection with the use of the social network “Pinterest” and thus create pseudonymised usage profiles. However, the information collected cannot be used to personally identify visitors to this website under any circumstances.
All processing described above, in particular the setting of cookies for reading information on the terminal device used, will only be carried out if you have granted us your express consent to do so in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.
7.18 Pinterest tag conversion tracking
This website uses the “Pinterest Tag” conversion tracking technology of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). If you have reached our website from a pin on Pinterest, we will place a cookie on your computer that interacts with a “tag” that is also implemented in the form of a JavaScript code from Pinterest. Cookies are small text files that are stored on your end device. These cookies expire after 180 days and are not used to identify individuals.
If the user is redirected from a pin on Pinterest on pages of this website and the cookie has not yet expired, the tag records certain user actions predefined by us and can track these (e.g. completed transactions, leads, search queries on the website, visits to product pages). When executing such an action, your browser sends an HTTP request from the cookie to the Pinterest server via the Pinterest tag, which transmits certain information about the action (including the type of action, time, browser type of the end device).
This transmission enables Pinterest to compile statistics on the usage behaviour on our website after forwarding from a Pinterest pin, which serves us to optimise our offer. However, we do not receive any information that can be used to identify users personally.
All processing described above, in particular the setting of cookies for reading information on the terminal device used, will only be carried out if you have granted us your express consent to do so in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.
7.19 Google Analytics 4
If you have given your consent, Google Analytics 4 – a web analysis service of Google LLC – is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of cookies about your use of this website is generally transferred to a Google server in the USA, where it is stored.
We use the User ID function. The user ID enables us to assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices. We use Google signals. This means that Google Analytics collects additional information about users who have activated personalised ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.
With Google Analytics 4, IP address anonymization is activated by default. Because of IP anonymisation, your IP address will be shortened by Google within European Union Member States or in other states party to the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and shortened there in exceptional circumstances. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
Your user behaviour during your visit to the website is recorded in the form of “events”. Events can be:
- Page views
- First visit to the website
- Start of the session
- Visited websites
- Your “click path”, interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page [90%])
- Clicks on external links
- Internal search queries
- Integration with videos
- File downloads
- Ads seen/clicked on
- Language setting
The following is also recorded:
- Your approximate location (region)
- Date and time of visit
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your Internet provider
- The referrer URL (the website/advertising via which you accessed this website)
On behalf of the operator if this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.
Recipients of the data are/may be:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
The European Commission passed its adequacy decision for the US on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and transfer to third countries (e.g. to Singapore) cannot be ruled out completely, we have also concluded the EU standard contractual clauses with the provider.
The data sent by us and linked to cookies are automatically deleted after 2 months. The maximum service life of Google Analytics cookies is 2 years. Data whose retention period has been reached are automatically deleted once a month.
The legal basis for this data processing is your consent in accordance with Art. 6(1)(1)(a) GDPR and § 25(1)(1) TDDDG [Telecommunications Digital Services Data Protection Act]. You can revoke your consent at any time with effect for the future by accessing the cookie settings under the link in Section 6.4 of this Data Protection Statement and changing your selection there. This has no effect on the lawfulness of the processing carried out on the basis of the consent up to the time of revocation.
You can also prevent the storage of cookies from the outset by configuring the corresponding setting in your browser software. However, if you configure your browser to reject all cookies, the functionality of this and other websites may be restricted. Furthermore, you can prevent Google from gathering data produced by the cookie and relating to your use of the website (incl. your IP address), as well as the processing of this data by Google, by:
- not giving your consent to the setting of the cookie, or
- downloading and installing the browser add-on for deactivating Google Analytics HERE.
Further information on the terms of use of Google Analytics and data protection at Google can be found at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.
7.20 Google Custom Match
We use Google Customer Match based on your consent (Art. 6(1)(a) GDPR) in connection with the use of our newsletter. We upload encrypted e-mail addresses to a Google portal in order to personalise advertising for our customers who are also Google users. For this purpose, the addresses are encrypted locally on our systems, i.e. converted (“hashed”) into a combination of different letters and numbers, and transferred to Google. Google compares these hash values with all Google users and can thus determine which of our customers also use Google products. We can then place advertisements in Google searches, Gmail, YouTube and what is known as the Display Network. When placing advertisements, Google takes into account other information linked to your Google account, which can also be obtained on third-party websites. The advertisements also enable us to reach new people who are likely to be interested in our products as they are similar to our existing customers.
You can prevent the collection of the data generated by the cookies and related to your use of this website, as well as the processing of this data by Google, by calling up the Google advertising settings and setting the personalisation option to “Off”. Data transfer to the USA takes place on the basis of Art. 45 GDPR in conjunction with Adequacy Decision C(2023) 4745 of the European Commission, as the data recipient has undertaken to comply with the principles of data processing of the Data Privacy Framework (DPF). We have concluded a data processing agreement with Google.
7.21 Criteo (Criteo SA)
Personal data is processed when you visit this website. Categories of data processed: Data on the use of the website and the logging of clicks on individual elements. Purpose of processing: Survey of usage behaviour, analysis of the impact of online marketing measures and selection of online advertising on other platforms, which are automatically selected by means of real-time bidding based on usage behaviour. Legal basis for processing: Your consent under Art. 6(1)(a) GDPR. Data is transferred to the independent controller Criteo SA, 32 Rue Blanche, 75009 Paris, France. The legal basis for the transfer of data to Criteo SA is your consent as per Art. 6(1) a GDPR.
All processing described above, in particular the setting of cookies for reading information on the terminal device used, will only be carried out if you have granted us your express consent to do so in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.
7.22 Google Ads
Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing, which we use to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google sets a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit.
Any further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalise the ads you see on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. In the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. in the USA. Data transfer to the USA takes place on the basis of Art. 45 GDPR in conjunction with Adequacy Decision C(2023) 4745 of the European Commission, as the data recipient has undertaken to comply with the principles of data processing of the Data Privacy Framework (DPF). We have concluded a data processing agreement with Google.
The legal basis for data processing is Art. 6(1)(a) GDPR. Details on the processing initiated by Google Ads Remarketing and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
You can permanently object to Google Ads Remarketing setting cookies by downloading and installing the Google browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout
Further information and the data protection provisions regarding advertising and Google can be found here: https://www.google.com/policies/technologies/ads/
All processing described above, in particular the setting of cookies for reading information on the terminal device used, will only be carried out if you have granted us your express consent to do so in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.
Google Ads Conversion Tracking
We also use conversion tracking as part of the use of the Google AdWords service. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). When you click on an advertisement placed by Google, a cookie for the conversion tracking will be set on your computer/end device. These cookies cease to be valid after 30 days, do not contain any personal data and are cannot be used to identify users personally. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking.
The legal basis for this data processing is Art. 6(1)(a) GDPR. You can deactivate interest-based advertisements on Google as well as interest-based Google advertisements on the web (within the Google display network) in your browser by activating the “Off” button at www.google.de/settings/ads or by deactivating them at www.aboutads.info/choices/. Further information on your settings options in this regard and data protection at Google can be found at www.google.de/intl/de/policies/privacy/?fg=1.
Google Enhanced Conversion Tracking
We have set up Enhanced Conversions as part of our use of Google AdWords. Enhanced Conversions is a feature that can improve the accuracy of conversion tracking while protecting user privacy by supplementing existing conversion tags with the hashed first-party conversion data from the website. Hashing the first-party data before sending it to Google Ads ensures the protection of your personal data, as personal information is converted into a hashed/pseudonymised (SHA256) string.
You can prevent Google Ads from collecting it by not granting your consent. You can also view and manage the consents you have given even after they have been granted under Section 6.4 of this declaration. Google also offers you the option of downloading and installing a browser add-on to deactivate Google Analytics, which can be found here: https://tools.google.com/dlpage/gaoptout?hl=de
You can obtain information on data protection with Google Ads at the following URL: https://ads.google.com/intl/de_de/home/faq/gdpr/
7.23 Beurer SSO
Registration via Beurer SSO: As a central authentication platform, we use our own SSO (Single Sign-On) procedure, which you can use to log in to many different services of Beurer GmbH and the Beurer Europe GmbH webshop using the same login. So if you decide to create a customer account, you will have to create an SSO account with Beurer GmbH. Here, you will have to enter your e-mail address and a password. The provision of this data is necessary for the fulfilment of the contract, its processing is based on Art. 6(1)(b) GDPR. The password you enter is not saved in plain text, but exclusively in the form of a password hash.
The personal data you enter will be stored for the purpose of creating and providing your customer account. The provision of this data is necessary for the fulfilment of the contract, its processing is based on Art. 6(1)(b) GDPR. The data will be stored until you delete the last customer account that uses SSO authentication, unless Beurer GmbH is obliged to store the data beyond this time for other reasons.
Login process via SSO: To verify authorisation, the following information is transmitted in encrypted form to the SSO server operated by Beurer GmbH (identity provider - “iP”) during the registration process: (i) e-mail address (ii) password. If the data entered matches an existing combination of e-mail address and password hash in the system, iP transmits an access token containing the e-mail address you entered in encrypted form to the website that requested the authentication (i.e. the website which you want to log in to using the SSO service).
Data processing within the scope of your SSO account takes place in joint responsibility with Beurer GmbH, Söflinger Straße 218, 89077 Ulm, Germany. Beurer GmbH and Beurer Europe GmbH have concluded an agreement on this as per Art. 26(1) GDPR. We will be glad to provide you with further information on joint responsibility, in particular on the functions and relationships of the joint controllers with data subjects, upon request.
7.24 AWIN Performance Advertising Network
We take part in the Performance Advertising Network of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter “AWIN”). In its tracking services, AWIN stores cookies on the end devices of users who visit or use its customers’ websites or other online offers (e.g. to subscribe for a newsletter or place an online order) to document transactions (e.g. of “sales leads”). These cookies serve the sole purpose of correctly allocating the success of an advertisement and the corresponding billing within its network.
A cookie only stores information about when a particular advertisement was clicked on by an end device. The AWIN tracking cookies an individual sequence of digits which cannot be assigned to the individual user and which documents the partner program of an advertiser, the publisher and the time of the user's action (click or view). AWIN also collects information about the end device from which a transaction is carried out, e.g. the operating system and the accessing browser.
All processing described above, in particular information being read out on the end device used, only takes place if you have granted your express consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.
Further information on AWIN’s use of data can be found in the company’s data protection statement: https://www.awin.com/de/datenschutzerklarunghttps://www.awin.com/de/rechtliches
7.25 Makaira A/B testing
This website analyses user behaviour by means of A/B testing. This way, we can show you our website with varying content, depending on profile allocation. This allows us to analyse our offer, improve it regularly and make it more interesting for you as a user. The legal basis for A/B testing is our legitimate interest in product improvement in accordance with Art. 6(1)(f) GDPR.
The service provider for the analysis is Makaira GmbH, Rudolf-Diesel-Str. 11, 69115 Heidelberg, Germany. The third-party provider’s information on data protection can be found at https://www.makaira.io/de/datenschutz. The legal basis for processing (where applicable) is Art. 6(1)(f) GDPR (legitimate interest), otherwise your consent pursuant to Art. 6(1)(1)(a) GDPR
Cookies are stored on your computer for this analysis. The data controller stores the information it collects this way exclusively on its server in the EU. You can prevent the analysis by deleting existing cookies and blocking the storage of cookies. Please be advised that if you do not allow cookies to be stored, you may not be able to make full use of all the features of our website.
Before the analyses are carried out, the IP addresses are processed further in shortened form so that they cannot be directly linked to individuals. The IP address transmitted by your browser will not be merged with other data.
You can prevent cookies by changing the settings in your web browser. You can prevent the use of A/B testing by activating the opt-out plug-in. You can also prevent your data from being processed by not granting us your consent to data processing with the help of the consent tool we use.
Another analysis service provider is Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland with the Google Optimize service. The third-party provider’s information on data protection can be found at https://policies.google.com/privacy?hl=de&gl=de. The legal basis for using third parties is Art. 6(1)(f) GDPR (legitimate interest).
7.28 Use of YouTube videos
This website uses the YouTube embedding function to display and play videos from the provider YouTube, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This uses the enhanced data protection mode, which, according to provider specifications, only initiates the storage of user information when the video(s) is/are played back. When playback of embedded YouTube videos is started, the provider “YouTube” uses cookies to collect information about user behaviour. According to “YouTube” notices, these are used to collect video statistics, improve user-friendliness and prevent abusive behaviour, among other things. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. You have the right to object to the creation of these user profiles which you must contact YouTube to exercise. In the use of YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA. Data transfer to the USA takes place on the basis of Art. 45 GDPR in conjunction with Adequacy Decision C(2023) 4745 of the European Commission, as the data recipient has undertaken to comply with the principles of data processing of the Data Privacy Framework (DPF). We have concluded a data processing agreement with Google.
Independently of the playback of embedded videos, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations without our influence. All processing described above, in particular reading out information on the terminal device used via tracking pixel, will only be carried out if you have granted us your express consent to do so in accordance with Art. 6(1)(a) GDPR. YouTube videos will not be used during your visit to our website without this consent. You have the right to revoke the consent you granted with future effect at any time. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website via alternative options which you can find out about on the website.
Further information on data protection at YouTube can be found in the YouTube terms of use at https://www.youtube.com/static?template=terms and in Google’s data protection statement at https://www.google.de/intl/de/policies/privacy
7.29 MyFonts counter
We use WebFonts from MyFonts Inc, 500 Unicorn Park Drive, Woburn, MA 01801, USA, to display fonts in a uniform manner. If you consent to the use of cookies by WebFonts using the consent tool we use, the following data will be collected when the page is accessed:
- IP address
- Date and time of retrieval
- Data volume transferred
- Requesting provider
The legal basis is Art. 6(1)(a) GDPR. You can revoke the use of cookies at any time by opting out. The purpose of the data processing is for counting the number of page access instances and for the MyFonts invoicing based on these page counts. The data is stored until the purpose has been fulfilled. Data transfer to the USA takes place on the basis of Art. 45 GDPR in conjunction with Adequacy Decision C(2023) 4745 of the European Commission, as the data recipient has undertaken to comply with the principles of data processing of the Data Privacy Framework (DPF). We have concluded a data processing agreement with the provider.
7.30 Use of tracking technology by XAD spoteffects
We collect data to measure the use of our digital offering. Our website uses services provided by XAD spoteffects (XAD spoteffects GmbH, Saarstr. 7, 80797 Munich, Germany, https://xadspoteffects.com/), a third-party company, to analyse our users’ browsing habits on the basis of their consent (Art. 6(1)(a) GDPR). To do this, XAD spoteffects uses cookies that track how the user interacts with our website. XAD spoteffects collects information provided by the browser, such as IP addresses and proxy IP as well as language and time zone, for geolocation purposes relating to the user, user agent (e.g. computer, tablet, mobile device) and to determine whether the user carries out certain activities on the website. The data is collected and evaluated exclusively in pseudonymous form, meaning that as a basic principle no conclusions can be drawn about your identity. The cookies of XAD spoteffects are deleted after 12 months at the latest. You can object to or revoke your consent to the use of cookies at any time on the cookie banner. For more information about XAD spoteffects cookies and how they are used, please see the XAD spoteffects data protection statement at https://xadspoteffects.com/en/privacy-policy#page-content
7.31 Kameleoon
With your consent, our website uses services provided by Kameleoon GmbH, Beim Alten Ausbesserungswerk 4, 77654 Offenburg, Germany (as the German representative of SAS Kameleoon, 12 rue de la Chaussée d'Antin, 75009 Paris, France). We use the services to optimise our website and personalise the content. Kameleoon enables an analysis of user behaviour based on user segmentation. This enables us to evaluate how individual user segments use the website so that it can be continuously improved.
To perform the analysis, Kameleoon uses cookies that are linked to your pseudonymised ID. As part of this analysis, your IP address is completely anonymised and not stored. The user behaviour and the information generated by the cookie are transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymised form. The IP address transferred from your browser within the scope of the Kameleoon services is not linked with other Kameleoon data. The anonymised data that is collected is evaluated over a maximum period of 365 days.
The legal basis and possibility of withdrawal for this data processing is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings and changing your selection there. More information about how Kameleoon processes your data can be found at: https://www.kameleoon.com/de/datenschutz
7.32 Matomo
We use the open source web analysis service Matomo. Matomo enables us to collect and analyse data about the use of our website by website visitors. This allows us to find out, among other things, when which pages were accessed and from which region they came. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6(1)(f) GDPR. As website operator, we have a legitimate interest in analysing user behaviour in order to optimise our internet offer as well as our advertising. If the relevant consent has been requested, processing takes place exclusively on the basis of Art. 6 (1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) as defined by the TDDDG [Telecommunications Digital Services Data Protection Act]. Consent can be revoked at any time without having to fill out a form.
We use IP anonymization when conducting analyses with Matomo. In so doing, your IP address will be shortened before the analysis so that it can no longer be clearly assigned to you. We have configured Matomo so that it will not store cookies in your browser. We host Matomo exclusively on our own servers, so all analysis data remains with us and is not passed on.
7.33 B-ITE
BITE Applicant Management The applicant platform “BITE” of the provider BITE GmbH (hereinafter “BITE”), Magirus-Deutz-Straße 12, 89077 Ulm, Germany, is integrated on our website to handle our application process. As soon as you click on a job offer on our website, you will be redirected via your browser to the BITE platform, through which Beurer Europe GmbH publishes its job advertisements and through which your personal data will be processed if you file an application. We, Beurer Europe GmbH, remain accountable to you from a data protection point of view. We have concluded a contract for order data processing with BITE GmbH in accordance with Art. 28 GDPR.
You have the option of uploading your application documents as part of the online application in the respective job advertisement on the BITE platform. This will register you as an applicant with us (in BITE) and your application documents will be stored and processed there. If you file a paper application with us, we will scan your application documents and also record you as an applicant in BITE and save and process your application documents in BITE.
More information about BITE can be found here: https://www.b-ite.de/legal-notice.html.
Internal processing Your applicant data will be viewed by the HR department once your application has been received. Appropriate applications are then forwarded internally to the business unit managers for the open position in question. The next steps will then be coordinated. As a general rule, only those persons within the company who need access to your data in order for our application process to run smoothly will have access to your data.
7.34 NEO Commerce
We have integrated the guided selling service Neocom of Neo Commerce GmbH (hereinafter “Neocom”), Max-Bill-Str. 8, 80807 Munich, on our website in order to provide you with digital interactive product advice. When you start this product consultation, you can find your desired product in a quiz-like, guided process and at the end you will receive a product recommendation, which you can then have sent to you by e-mail if you wish.
During the consultation Neocom collects the following browser information: Browser type and version, IP address, language of the browser software. In addition, a session ID is generated and temporarily stored on your device during the browser session in order to be able to offer the consultation. The purpose is to enable the correct and complete display and execution of digital product advice, similar to a shopping basket function. The legal basis for requesting browser information is our legitimate interest in enabling the service in accordance with Article 6(1)(1)(f) GDPR).
The legal basis for generating and storing the session ID during the browser session is your consent in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings and changing your selection there. With your consent, we will continue to create and store a persistent Neocom session ID on your device. This is a purchase tracking tool that enables us to track whether a purchase has been made from us following the product consultation – even across multiple browser sessions. The legal basis is your consent in accordance with Art. 6(1)(1)(a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings and changing your selection there. The persistent session ID is deleted after a maximum of 365 days.
Neocom uses other services for product consulting. You can find details on this here.
7.35 AMEO - Amazon Advertising Tag
The website uses an Amazon Advertising Tag on all pages. This is a tool that uses advertising cookies to create user profiles. Data is collected that tracks the user's interaction with our website, such as IP addresses and proxy IP as well as language and time zone for the user's geolocation, user agent (e.g. computer, tablet, mobile device) and information provided by the browser.
Amazon processes your data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR to create campaign reports on the website target group, track conversions, click events and targeted advertising outside our website (retargeting) and is responsible for compliance with data protection. The data is collected and analysed anonymously so that it is not possible to draw any conclusions about your identity.
You can object to the use of cookies at any time via the cookie banner or revoke your consent at any time. The cookies will be deleted after 12 months at the latest.
7.36 Use of the Taboola native advertising service
We have integrated the Taboola native advertising service from Taboola Europe Limited, Aldgate House, 2nd Floor, 33 Aldgate High Street, London EC3N 1DL, United Kingdom (hereinafter “Taboola”) on our website. As soon as you access our website via Taboola ads, we can track your activities on this website after clicking on an advertisement within the Taboola advertising network.
Processing of personal data by Taboola
The following data is collected and processed when Taboola is used:
- Crash data
- Date and time of visit
- Device information (e.g. operating system, device type)
- Geographical location
- IP address
- Referrer's URL
- Websites visited
- Event information
Taboola uses cookies and pixel technologies on your device for this purpose. Information is stored for a maximum of 13 months since your last interaction with the service. For more information about the cookies Taboola uses, see Taboola Cookie Policy.
Purpose of data processing
Taboola processes the data for the following purposes:
- Showing adverts
- Analysing and optimising marketing campaigns
- Personalising content and ads
- Providing services
Legal basis for processing
The legal basis for Taboola’s collection and processing of your personal data is your consent in accordance with Article 6(1)(1)(a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings on our website and changing your selection there.
Data processing in third countries
In providing the service, your data may be transferred to countries outside the European Union, including:
- Israel
- United States of America
- United Kingdom
- Hong Kong
- Singapore
Please note that these countries may not have a level of data protection comparable to that in the EU. Further information on the protection measures taken can be found in Taboola’s Privacy Policy.
Further information
For further information on Taboola’s data processing, please see the company’s Privacy Policy.
7.37 Use of the Outbrain native advertising service
We have integrated the Outbrain native advertising service from Outbrain UK Limited, Craven House, 121 Kingsway, London, WC2B 6PA, United Kingdom (hereinafter “Outbrain”) on our website. As soon as you access our website via Outbrain ads, we can track your activities on this website after clicking on an advertisement within the Outbrain advertising network.
Processing of personal data by Outbrain
The following data is collected and processed when Outbrain is used:
- Anonymised IP address
- Browser type
- Date and time of visit
- Device information (e.g. operating system, device type)
- Referrer's URL
- Websites visited
Outbrain uses cookies and pixel technologies on your device for this purpose. Information is stored for a maximum of 13 months since your last interaction with the service. For more information about the cookies used by Outbrain, see Outbrain’s Cookie Policy.
Purpose of data processing
Outbrain processes the data for the following purposes:
- Showing adverts
- Conversion tracking (measuring the success of advertising campaigns)
Legal basis for processing
The legal basis for Outbrain’s collection and processing of your personal data is your consent in accordance with Article 6(1)(1)(a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings on our website and changing your selection there.
Data processing in third countries
In providing the service, your data may be transferred to countries outside the European Union, including:
- United States of America
Please note that these countries may not have a level of data protection comparable to that in the EU. Further information on the protection measures taken can be found in Outbrain’s Privacy Policy.
Further information
For further information on Outbrain’s data processing, please see the company’s Privacy Policy.
8. Use of customer data for direct marketing
8.1 Subscription to our e-mail newsletter
If you subscribe to our e-mail newsletter, we will use your e-mail address to regularly send you our newsletter for marketing purposes and to track your usage behaviour. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used in order to be able to address you personally. We use the double opt-in process for sending newsletters, which ensures that you do not receive newsletters until you have explicitly confirmed your consent to receiving the newsletter by clicking on a verification link sent to the specified e-mail address.
By activating the confirmation link, you grant us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. In this process, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of the login in order to be able to trace possible misuse of your e-mail address at a later time.
If you use our newsletter, we will track your personal usage behaviour based on your consent pursuant to Art. 6(1)(a) GDPR. This enables us to determine, for example, whether you have received and opened the newsletter and what content you have clicked on there. Based on your user behaviour, we will send you advertising content tailored to your needs.
The data we collect when you register for the newsletter is used strictly for its specific purpose. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named at the beginning. After unsubscribing, your e-mail address will be deleted immediately from our newsletter mailing list, unless you have expressly consented to the further use of your data or we reserve the right to use your data beyond this, which is permitted by law and which we inform you about in this statement. You may subsequently receive one more issue of the newsletter from us for technical reasons.
8.2 Sending newsletters via Salesforce
Our e-mail newsletters are sent via Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (hereinafter referred to as “Salesforce”), to which we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6(1)(f) GDPR and serves our legitimate interest in using an advertising-effective, secure and user-friendly newsletter system. The data you enter for the purpose of subscribing to the newsletter (e.g. e-mail address) is stored on Salesforce’s servers in the EU.
Salesforce uses this information to send and statistically evaluate newsletters on our behalf. For the purpose of evaluation, the newsletters sent by email contain web beacons or tracking pixels, which represent one-pixel image files stored on our website. In this way, it is possible to determine whether a newsletter message has been opened and which links have been clicked. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on such links. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is collected exclusively in pseudonymised form and is not linked to your other personal data; direct personal identification is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. The legal basis is your consent when subscribing to the newsletter.
If you no longer consent to the data analysis for statistical evaluation purposes, you must withdraw your corresponding consent. You will then no longer be able to receive the newsletter. We have entered into a data processing agreement with Salesforce, which obliges Salesforce to protect our customers’ data and not to disclose it to third parties. You can find more information about Salesforce data analysis here: https://www.salesforce.com/en/company/privacy/.
8.3 Goods availability notification via e-mail
For items that are temporarily unavailable, you can sign up to receive e-mail notifications of stock availability. We will send you a one-off e-mail notification about the availability of the item you have selected. Your e-mail address is the only information required to send this notification. The provision of further data is voluntary and may be used to address you personally. We use the double opt-in process for sending e-mails, which ensures that you only receive a notification if you have explicitly confirmed your consent to this by clicking on a verification link sent to the specified e-mail address.
By activating the confirmation link, you grant us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. In this process, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of the login in order to be able to trace possible misuse of your e-mail address at a later time. The data we collect when registering for our e-mail notification service on the availability of goods is used strictly for a specific purpose. You can unsubscribe from the availability notifications at any time by sending a corresponding message to the person responsible mentioned at the beginning. After unsubscribing, your e-mail address will be deleted immediately from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and which we inform you about in this statement.
8.4 Data processing for order processing
If necessary for the fulfilment of the contract for delivery and payment purposes, the personal data collected by us in accordance with Art. 6 (1)(b) GDPR to the commissioned transport company and the commissioned credit institution. If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data you provided when placing the order (name, address, e-mail address) in order to provide you with information within the framework of our legal information obligations in accordance with Art. 6(1)(c) GDPR by means of a suitable communication channel (e.g. by post or e-mail) about upcoming updates within the period provided for by law. Your contact data will be used strictly for the sole purpose of notifying you of updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.
In order to process your order, we also cooperate with the service provider(s) below, who assist us in full or in part in the performance of contracts concluded. Certain personal data will be transferred to these service providers in accordance with the following information.
9. Online applications via form
We offer prospective employees the opportunity to apply online using an application form on our website. Inclusion in the application process requires that applicants provide us with all personal data necessary for an informed and informed assessment and selection via the form. The required information includes general information about the person (name, address, telephone or electronic means of contact) as well as performance-specific proof of the qualifications required for a position. Medical information may also be required, which must take particular account of employment and social law in the interests of social protection in the applicant’s person.
When the form is submitted, the applicant data is transmitted to us in encrypted form according to the state of the art, stored by us and evaluated exclusively for the purpose of processing the application. The legal basis for this processing is always Art. 6 (1)(b) GDPR (for processing in Germany in conjunction with Section 26(1) of the Federal Data Protection Act (BDSG), in which the application process is regarded as the initiation of an employment contract. If special categories of personal data as defined by Art. 9(1) GDPR (e.g. medical data such as information about severe disability status) are requested from applicants, the processing is carried out in accordance with Art. 9(2)(b) GDPR so that we can exercise the rights arising from labour law and social security and protection law and fulfil our obligations in this regard.
Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9(1)(h) GDPR when it is carried out for healthcare or occupational medicine purposes, for assessing the applicant’s work ability, for medical diagnostics, healthcare or social care, or for the administration of health or social care systems and services. If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws his/her application prematurely, his/her data transmitted in the form will be deleted after notification to that effect within 6 months at the latest. This period is based on our legitimate interest in being able to answer any follow-up questions relating to the application and, where applicable, to comply with our proof obligations under the regulations on equal treatment of applicants. If the application is successful, the data provided will be processed on the basis of Art. 6 (1)(b) GDPR (for processing in Germany in conjunction with Section 26(1) BDSG) for the purposes of carrying out the employment relationship.
10. Applications for job advertisements by e-mail
On our website, we advertise current job vacancies in a separate section, for which interested parties can apply to the contact address provided via e-mail. Inclusion in the application process requires applicants to provide us with all personal data necessary for an informed and informed assessment and selection together with the application by e-mail. The information required includes general information about the person (name, address, telephone or electronic means of contact) as well as service-specific proof of the qualifications required for a position. Medical information may also be required, which must take particular account of employment and social law in the interests of social protection in the applicant’s person.
Please refer to the respective job advertisement to find out which elements an application must contain in order to be considered and in which form these components must be sent by e-mail. After receiving the application sent using the e-mail contact address provided, we will store the applicant data and analyse it exclusively for the purpose of processing the application. For queries arising in the course of processing, we use either the e-mail address provided by the applicant with their application or a specified telephone number at our discretion.
The legal basis for this processing, including contact for queries, is in principle Art. 6 (1)(b) GDPR (for processing in Germany in conjunction with Section 26(1) of the Federal Data Protection Act (BDSG), in which the application process is regarded as the initiation of an employment contract. If special categories of personal data as defined by Art. 9(1) GDPR (e.g. medical data such as information about severe disability status) are requested from applicants, the processing is carried out in accordance with Art. 9(2)(b) GDPR so that we can exercise the rights arising from labour law and social security and protection law and fulfil our obligations in this regard.
Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9(1)(h) GDPR when it is carried out for healthcare or occupational medicine purposes, for assessing the applicant’s work ability, for medical diagnostics, healthcare or social care, or for the administration of health or social care systems and services. If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws their application prematurely, their data transmitted by e-mail as well as all electronic correspondence, including the original application e-mail, will be deleted after notification to that effect within 6 months at the latest. This period is based on our legitimate interest in being able to answer any follow-up questions relating to the application and, where applicable, to comply with our proof obligations under the regulations on equal treatment of applicants. If the application is successful, the data provided will be processed on the basis of Art. 6 (1)(b) GDPR (for processing in Germany in conjunction with Section 26(1) BDSG) for the purposes of carrying out the employment relationship.
11. Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law). When processing personal data on the basis of express consent pursuant to Art. 6(1)(a) GDPR, this data is stored until the data subject withdraws their consent. Are there statutory retention periods for data that are processed within the framework of legal or similar obligations based on Art. 6 (1)(b) GDPR, this data is routinely deleted after the expiry of the retention periods, provided that it is no longer required for the performance or initiation of the contract and/or there is no legitimate interest on our part in continued storage.
When processing personal data on the basis of Art. 6(1)(f) GDPR, this data is stored until the data subject’s right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims. When processing personal data for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, this data is stored until the data subject’s right to object pursuant to Art. 21(2) GDPR. Unless otherwise stated in the other information in this statement on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
12. Disclosure of data
Entities within Beurer GmbH that require access to data in order to fulfil contractual and legal obligations receive access to the data. Beurer GmbH’s external service providers may also receive these data. These service providers may be:
- the service providers named in this data protection statement, insofar as you are involved in the use of the corresponding services or there is another legitimate basis (e.g. our legitimate interest in data processing, insofar as we can base the processing on this)
- Affiliated companies, where these are required for the fulfilment of the contract
- Service providers for processing customer service enquiries
- IT service providers, hosting service providers, and service providers for operating the IT system
- Service providers for newsletter dispatch, following the provision of consent
13. Sending letters
The data (name, company, address) of existing customers is stored and can be used for mailing letters such as invitations. The legal basis is Art. 6(1)(f) GDPR, the data is stored in compliance with the further legal provisions (e.g. retention obligations) until the end of the contractual relationship or until withdrawal. You can object to this procedure at any time with effect for the future by sending an e-mail to datenschutz@beurer.de.