Data Protection
Data Protection
Data Protection
When you use our services, Direkt + Online GmbH will process your personal data. With this privacy policy we would like to inform you how and why we process your data and how we ensure that it remains confidential and protected.
We automatically collect the data that is generated when you access our digital offerings. Otherwise, we collect data on the basis of your input or communications or through the use of cookies or similar technologies.
Providing the content
Further development of user-friendliness
Communication
Direct marketing
In order to use our digital offerings, it may be necessary to transfer certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. However, we only permit processing of your data in a third country if the special requirements of Art. 44 GDPR and consequently the guarantee of an adequate level of data protection in the country are met. This means that the third country must either have an adequacy decision from the European Commission or appropriate safeguards pursuant to Art. 46 GDPR or one of the requirements of Art. 49 GDPR. Unless otherwise stated below, we use as appropriate guarantees the applicable Standard Contractual Clauses for the transfer of personal data to processors in third countries.
In order to protect your privacy and to ensure a level of protection appropriate to the risk, we take technical and organizational measures. We take these measures in accordance with the legal requirements, considering the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedom of natural persons, which are reviewed and adapted on a regular basis. The measures ensure the confidentiality, integrity, availability and resilience of your data. This includes, among other things, the use of recognized encryption methods (SSL or TLS) and pseudonymization.
However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions not within our sphere of responsibility. In particular, data disclosed unencrypted - e.g., if this is done by e-mail - can be read by third parties. We have no technical influence on this.
We delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it.
However, if necessary, we must continue to store your data until the expiry of the retention obligations and periods issued by the legislator or supervisory authorities, which may result from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act (usually 6 to 10 years). In addition, we may retain your data until the expiry of the statutory limitation periods (i.e. usually 3 years; in individual cases, however, up to 30 years), insofar as this is necessary for the assertion, exercise or defense of legal claims. After that, the corresponding data will be deleted.
You can contact the data protection officer with your request by mail or e-mail, swmh-datenschutz@atarax.de, with your request.
This privacy notice will be adjusted from time to time. The date of the last update can be found at the beginning of this information.
You can obtain an overview of all the tools and cookies we use as well as a withdrawal option by clicking on Privacy Settings in the footer of the respective website.
In the following, you will receive data protection information in detailed form.
We use cookies and similar technologies to offer you the best experience when using our digital offerings. We use them to ensure functionality, IT security and fraud prevention.
You can find an overview of the technologies used and revocation or objection options under data protection settings in the footer of the website you are visiting.
If cookies, device identifiers or other personal data are stored or retrieved on your end device for processing, this is done on one of the legal bases of Art. 6 GDPR.
In order to be able to provide the telemedia service expressly requested by you, we also take into account the provisions of Section 25 of the Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG), in particular the necessity pursuant to Section 25 (2) No. 2 TDDDG.
When you use our offerings, we automatically use absolutely necessary technologies to enable the usability of the functions provided and to ensure the security and stability of our offer:
The processing of the IP address is absolutely necessary to enable the delivery of our offerings to your end device and to measure the efficiency and performance of our offerings. Usage profiles are not created in the process. Our servers store your IP address for up to seven days for the purpose and interest of being able to guarantee the security of our offer. The other data is deleted after 30 days.
The legal basis for the aforementioned data processing is our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR.
We cannot do without certain cookies and similar technologies, as they are indispensable for our telemedia service and business model - as requested by the user. In addition to data, we need to provide and ensure functionality and security. The following tools and cookies are essential technologies.
The legal basis for the data processing described below is our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| _icl_visitor_lang_js | Hosting | 1 day | Cookie |
| elementor | Hosting | Session | Cookie |
| elementor | Hosting | unlimited | Local storage |
| wp-wpml_current_language | Cell | Session | Cookie |
| wpml_browser_redirect_test | Hosting | Session | Cookie |
In order to obtain and store your consent under data protection law, we use the consent management platform from Sourcepoint (Sourcepoint Technologies, Inc., 228 Park Avenue South, #87903, New York, NY 10003-1502, United States). This sets cookies that are absolutely necessary in order to query the consent status and thus to be able to play out corresponding content.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| consentUUID | UniqueUserID to store the consent status of the user | 12 months | Cookie |
| _sp_su | Marking of users for the sample of the reporting of the consent rates | 12 months | Cookie |
| _sp_user_consent | UUniqueUserID to retrieve the user's consent status stored in our database when needed | 12 months | local storage |
| _sp_local_state | Determine if a user has seen the Consent banner so that it is shown only once | 12 months | local storage |
| _sp_non_keyed_local_state | Information about the metadata and the UniqueUserID of the user | 12 months | local storage |
We aim to constantly develop and improve our products. For this purpose, we require usage analysis that goes beyond mere reach measurement. Usage analysis serves to evaluate the flow of visitors to our online offerings and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With their help, we can recognize, for example, when our digital offerings are most frequently used or which functions are readily reused. This allows us to identify which areas need optimization.
In addition to usage analysis, we also use test procedures, for example, to test different versions of our online offerings or their components.
For these purposes, profiles, i.e. data summarized for a usage process are created and information is stored in and read from a browser or terminal device. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. Only if you have consented to the collection of your location data will it be processed.
The IP addresses of the users are also stored. We use an IP masking method (i.e. pseudonymization by shortening the IP address) for your protection. Generally, the data stored in the context of web analytics, A/B testing and optimization is not clear user data (such as e-mail addresses or names), but pseudonyms, so that neither we nor the providers of the software used, who act for us as processors, know the actual identity of the users.
We use the web analysis platform Matomo to analyze visitor data. This serves us for product optimization based on our legitimate interest, Art. 6 para. 1 sentence 1 lit. f) GDPR. For this purpose, the following usage information is transmitted to our server and stored for analysis purposes
The storage period is 14 months (applies to data at user and event level).
No cookies are placed on your computer as part of our web analysis. The data is also not passed on to third parties.
If you do not agree to the completely anonymous storage and analysis of this data from your visit, you can object to the storage and use in the data protection settings (accessible via the footer of the website). In this case, an opt-out cookie will be stored in your browser, which means that Matomo will no longer collect any session data.
Your data will be processed on the basis of your consent.
If you order one of our offers, we require your address, contact and communication data as well as your bank and, if applicable, credit card data upon conclusion of the contract.
The processing of the personal data provided by you is necessary for the fulfillment of a contract.
The data will be deleted as soon as they are no longer required for the aforementioned purposes. However, we store your personal data as long as we are legally obliged to do so, for example due to retention obligations or limitation periods of potential legal claims that have not yet expired.
We pass on your payment data to the commissioned credit institution or the respective payment service provider as part of the processing of payments. The processing is carried out to fulfill the contract. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR.
When you contact us, we only collect personal data (e.g. name, e-mail address, telephone number) if you provide us with this information voluntarily. You can send this information to us by email or letter, for example. Your personal data will only be used to contact you or for the purpose for which you have provided us with this data, e.g. to process your inquiries, technical administration of the website and customer management.
Any communication of this information (including information on communication channels such as e-mail address, telephone number) is expressly on a voluntary basis. The data will be used exclusively to process your request if the data processing is necessary for the fulfillment of the contract or if there is a legitimate interest to do so. In the case of a telephone inquiry, your data will also be processed by telephone applications and, in some cases, by a voice dialogue system in order to support us in the distribution and processing of the inquiries.
This data is passed on to our service providers for customer service and is deleted if it is no longer required.
We also use your contact data for advertising purposes in addition to contract-related use. This is only done if you have expressly consented (Art. 6 para. 1 lit. a) GDPR) or on the basis of our legitimate interest in direct advertising (Art. 6 para. 1 lit. f) GDPR), for example for information about the same and similar products of our company (Section 7 para. 3 UWG).
The data processed by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. Deletion generally takes place after two years of inactivity.
We store the proof of your consent, which we provide via the double opt-in procedure, for 3 years even if you withdraw your consent (Art. 6 para. 1 lit. c), Art. 5 para. 1 lit. a), Art. 7 para. 1, Art. 6 para. 1 lit. f) GDPR)
If you no longer wish to receive advertising, you can withdraw your respective consent or object to advertising at any time.
We maintain presences in the "social media". To the extent that we have control over the processing of your data, we will ensure that applicable data protection regulations are complied with. In the following, you will find the most important information on data protection law with regard to our company websites.
Responsible for the company appearances in the sense of the General Data Protection Regulation as well as other data protection regulations are besides us:
We process the data for statistical purposes in order to be able to further develop and optimize the content and to make our offer more attractive. This data includes the total number of page views, page activities, and data and interactions provided by visitors. These are processed and made available by the social networks. We have no influence on the generation and presentation.
In addition, your personal data is processed for market research and advertising purposes. It is possible, for example, that usage profiles are created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not collected directly from your end devices may also be stored in your usage profiles. The storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
Beyond that, we do not collect or process any personal data.
The processing of your personal data by us is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR.
Since we do not have complete access to your personal data, you should contact the providers of the social media directly when asserting your data subject rights, because they each have access to the personal data of their users and can take appropriate measures and provide information.
If you still need help, we will of course try to support you. Our contact.
Controller is
Direkt + online GmbH
Martin-Kollar-Str. 5
D-81829 München
atarax Unternehmensgruppe
Luitpold-Maier-Str. 7
D-91074 Herzogenaurach
Telefon: 09132 79800
E-Mail: swmh-datenschutz@atarax.de.
Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR or pursuant to Art. 6 (1)e GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR. In the event of such an objection, we will no longer process your personal data, unless we can prove compelling reasons for processing worthy of protection that outweigh the interests, rights and freedoms of the person concerned or the processing serves to assert, exercise or defend legal claims.
In the case of direct marketing, you have the right to object to the processing of personal data relating to you at any time. If you object to processing for the purposes of direct marketing, the personal data will no longer be processed for those purposes.
With this privacy policy, we fulfill the information requirements according to the GDPR. Our General Terms and Conditions also contain data protection information. In these, it is once again described in detail how in particular the processing of your personal data is carried out, which we require for the execution of the contracts and for the purpose of an identity and credit check.
Our websites can contain links to websites of other providers. We have no influence on this and do not monitor the compliance of other providers with applicable data protection provisions.
We reserve the right to alter and/or adjust this data protection declaration at any time, taking into consideration the current applicable data protection provisions.