Personal data is information relating to an identified or identifiable person. This primarily includes
information that enables conclusions to be drawn regarding your identity, e.g. your name, your telephone number, your
address or your email address. Statistical data that we collect, for example, when you visit our website, and that
cannot be associated with you, is not considered personal data.
- 1. Contacts
- 2. Data processing on our website
- 2.1 Accessing our website/access data
- 2.2 Contacting us
- 2.3 Orders
- 2.4 Credit check
- 2.6 Creation of a customer account
- 2.7 Booking appointments online
- 2.8 Video consultation
- 2.9 Measurement of pupillary distance
- 2.10 Newsletter
- 2.11 Existing customer advertising via email
- 2.12 Job applications
- 2.13 Integration of the Trusted Shops Trustbadge
- 2.14 Trustpilot reviews
- 2.15 Coupon offer from Sovendus GmbH
- 3. Processing your data for advertising purposes
- 3.1 Mailshots
- 3.2 Customer surveys
- 3.3 Interest-oriented product presentations
- 5. Presence on social media
- 6. Disclosure of data
- 7. Transfer of data to third countries
- 8. Storage duration
- 9. Your rights, in particular revocation and objection
- 10. Your obligation to provide data
Your contact and what is known as the "controller" responsible for processing your personal data when you visit this
website within the meaning of the General Data Protection Regulation (GDPR) is
Mister Spex SE
Greifswalder Straße 156
Tel: +49 800 (0)810 8090
Fax: +49 30
You may also contact our data protection officer at any time should you have questions
about data protection in connection with our products or the use of our website. They can be contacted via the above
postal address and at the previously stated email address (to be marked: "FAO data protection officer"). We must
emphasise that if using this email address, the contents are not read exclusively by our data protection officer.
Should you wish to exchange confidential information, please make direct contact via this email address prior to doing
2. Data processing on our website
2.1 Accessing our website/access data
Every time you use our website, we collect access data automatically transmitted by your browser in order to enable
your visit to the website. Access data includes the following in particular:
- IP address of the requesting device
- Date and time of request
- Address of accessed website and requesting website
- Information on the browser and operating system used
- Online identifiers (e.g. device IDs, session IDs)
This access data must be processed in order to enable you to visit the website and
ensure the uninterrupted functionality and security of our systems. In addition to the purposes set out above, the
access data is also temporarily stored in internal log files in order to generate statistical data on the use of our
website, to evolve our website based on our visitors' usage patterns (e.g. if the proportion of mobile devices
accessing our website increases), and to perform general administrative maintenance on our website.
basis is Article 6(1)(1)(b) of the GDPR, insofar as the page view occurs in the course of the initiation or
implementation of a contract, and otherwise Article 6 (1)(1)(f) of the GDPR due to our legitimate interest in
maintaining the permanent functionality and security of our systems.
Log files are stored for 20 days before
being anonymised and deleted.
2.2 Contacting us
There are various ways you can contact us (in particular via contact form, telephone, email). In this context, we
process your data exclusively for the purpose of communicating with you.
The legal basis is Article 6(1)(1)(b) of
the GDPR, insofar as your information is required to answer your enquiry or to initiate or implement a contract, and
otherwise Article 6(1)(1)(f) of the GDPR due to our legitimate interest in you making contact with us and us being
able to answer your enquiry. We only make promotional telephone calls if you have given your consent. If you are not
an existing customer, we shall only send you promotional emails on the basis of your consent. The legal basis in such
instances is Article 6(1)(1)(a) of the GDPR.
The data collected by us when using the contact form is
automatically erased once your request has been completely processed, unless we still need your request to fulfil
contractual or statutory obligations (cf. section 8 "Storage duration").
During an order process, we collect mandatory data required to process the contract:
- Form of address
- First name and surname
- Date of birth
- Invoice and shipping address
Information such as your telephone number is optional so that we may also contact you by these means in the event of
Should you buy contact lenses or prescription glasses from us, we will also collect and store your
prescription values. The same will apply if you have a refraction test at one of our stores or at one of our partner
opticians. Should the latter be the case, the data will be received directly from the partner optician you
We also offer you various payment options. Depending on the payment method you select in the order
process, we will pass on the payment data collected for this purpose to the financial institution handling the payment
and, as applicable, to payment service providers contracted by us or selected by you.
The legal basis for the
processing is Article 6(1)(1)(b) of the GDPR. Insofar as we process health data (prescription values) from you, the
appropriate legal basis is Article 9 (2)(h) of the GDPR.
2.4 Credit check
If you have selected the payment option "purchase on account" or "direct debit" as part of the order process, we will
transmit the personal data you specified when placing your order (name, address, email address, date of birth and
telephone number, if applicable) as well as information on the corresponding products to Arvato Payment Solutions GmbH
(Gütersloher Straße 123, DE-33415 Verl, "Arvato") so that we are able to decide whether we can grant you this payment
method (passive payment method control). For this purpose, we are provided with a projection, in particular on payment
probabilities as a score value, based on mathematical-statistical methods (in particular, logistic regression approach
and comparisons with groups of persons who have shown similar payment behaviour in the past), taking into account
address data and prior payment experience.
Article 6(1)(b) and (f) of the GDPR are the legal basis for this
processing. Our legitimate interest is to also be able to offer you risky payment methods such as purchase on
2.6 Creation of a customer account
When you place your order, you can also open a customer account on our website at the same time. You can also create
a digital account in our stores. Creating such an account, and thus the conclusion of a user contract for the creation
of the customer account, is voluntary and takes place on the basis of Article 6(1)(b) of the GDPR. As long as your
customer account exists, the data that you provide in the context of your previous orders will be stored there in
addition to your orders. You may terminate your customer account at any time; notification in text form (e.g. email,
fax, letter) is sufficient for this.
When you select the payment method "credit card", you add a link to your
credit card information in your customer account so it is not necessary for you to enter your credit card information
every time you place a new order. Storage of this link is in our legitimate interest and for the purpose of offering
you this convenience function. It is based on Article 6(1)(f) of the GDPR. In principle, we do not store your credit
card data ourselves. Our PCI-DSS-certified payment service provider PAYONE GmbH, Fraunhoferstraße 2-4, DE-24118 Kiel,
Germany, is responsible for the storage and processing of credit card information. To prevent abuse in the event of
unauthorised access, the full credit card number is never visible in your customer account. Should you wish to delete
a credit card from your customer account, you can do so on the "Payment" page. Please note that if you select this
payment option, we may contact you and request that you provide us with proof of identity for verification purposes.
This serves our legitimate interest as per Article 6(1)(f) of the GDPR to protect you and us from credit card abuse.
Of course, we will only use the proof of identity you send us to verify your identity, deleting it after the legal
retention period has expired.
Of course, it is also possible to place an order with us without opening a customer
account. Should you wish to do so, simply select the option "Order as a guest". If you order from us without creating
a customer account, your data will be processed as described above for the fulfilment of the purchase contract and for
Should you purchase an item at one of our Mister Spex stores to take home immediately, the
purchase can be assigned to an existing or new customer account by means of automated matching of your email address.
The assignment is voluntary and not a prerequisite for a purchase to be taken home immediately.
2.7 Booking appointments online
When using the online appointment system, personal data is transmitted to the online appointment and customer
management system of TerminApp GmbH, Balanstraße 73, DE-81541 Munich. You will be asked to provide certain data in
this context, such as your name, email address and, if applicable, your telephone number (depending on the data sheet,
further information is possible on a voluntary basis). When you make your first booking, a customer profile is created
within the booking system in which the data you have provided is stored. The sole purpose of this is to identify you
beyond doubt, process your request and to be able to provide you with information and advice as requested. The legal
basis for this processing is Article 6(1)(b) of the GDPR.
You will receive a confirmation of the booking prior to
the appointment, as well as an appointment reminder via text and/or email. We process your data exclusively for the
purpose of providing the service and to remind you of the upcoming appointment, in order to minimise appointment
cancellations as far as possible. The legal basis for this processing is our aforementioned legitimate interest as per
Article 6(1)(f) of the GDPR.
2.8 Video consultation
We offer you the option of having a video consultation with one of our customer advisers. Our website uses the Timify
app from the provider TerminApp GmbH, Balanstr. 73, DE-81541 Munich (hereinafter referred to as "Timify").
utilise this offer, you can book an appointment via our website (www.misterspex.de/service/videoberatung). The email
address you provide when booking an appointment will be sent to Timify and processed in order to send you an email
confirming your appointment. In addition, the audio and visual information created during the video consultation will
be transmitted to Timify, although it will not be recorded.
The legal basis for this processing is Article
6(1)(b) of the GDPR. Should you also provide special categories of personal data (Article 9 of the GDPR) such as
health data during the video consultation, the processing is carried out on the legal basis of Article 9(2)(h) and (3)
of the GDPR.
Further information can also be found in the Timify
2.9 Measurement of pupillary distance
We will need your pupillary distance ("PD") in order to manufacture your glasses. This may be specified at the time
of purchase. Should you not have provided this information at the time of purchase, different options are available to
you for providing us with this parameter. Once you have completed the purchase, we will send you an email containing
the relevant information.
On the one hand, we offer you the option of printing out a template and taking the PD
measurement yourself. In this case, no personal data will be processed.
Alternatively, you may use our Mister
Spex app, which is available in the App Store for iOS devices. The aforementioned email will contain a link to this.
Every time you use our app, we collect data automatically transmitted by the app in order to enable the app to
function. This data particularly includes:
- IP address of the requesting device
- Date and time of the request
- Information about the operating system and technical information regarding the device
This data processing is required in order to enable the app to function and to ensure the security of our systems.
The specified data is also temporarily stored in internal log files for the purposes described above. The data stored
in the log files does not enable us to draw any direct conclusions relating to your person – in particular, we only
save IP addresses in truncated form. The log files are stored for 30 days and then deleted.
The legal basis for
this data processing is our aforementioned legitimate interest as per Article 6(1)(f) of the GDPR.
In order to
automatically determine your PD, our app requires access to your device's cameras, including the TrueDepth sensor, in
order to capture your face in 3D. You will be asked explicitly to consent to these rights so that you can decide
directly here. In this context, we process your image data (full face and side photo) and the corresponding measured
values (in particular: pupil distance, fitting height and other necessary facial parameters such as face width, nose
shape and ear attachment points).
In order to be able to assign this information to your order, your order ID and
email address will also be processed in the app.
The legal basis for this aforementioned processing is Article
6(1)(b) of the GDPR, as this is the only way we can produce the matching glasses and fulfil the purchase contract.
You have the opportunity to subscribe to our newsletter, in which we provide you with regular information about
innovations to our products and campaigns.
Subscribing to our newsletters utilises the double opt-in procedure,
i.e. we will only send you newsletters by email if you confirm, by clicking on a link in our notification email, that
you are the owner of the specified email address. If you confirm your email address, we will store your email address,
the time of sign-up, and the IP address used during the sign-up process until such time as you unsubscribe from the
newsletters. The sole purpose of this storage is to send you the newsletters and be able to prove that you signed up
to receive them. You may unsubscribe from the newsletter at any time. Each newsletter contains an unsubscribe link.
Alternatively, you may of course also simply send a message using the contact details given above or in the newsletter
(e.g. by email or letter). The legal basis for the processing is your consent as per Article 6(1)(1)(a) of the
Our newsletters employ customary technologies used to measure interactions with newsletters (e.g. opening
email, clicked links). We use this data for general statistical analysis as well as to optimise and evolve our content
and customer communications. This is done with the help of small graphical elements embedded in our newsletters
(pixels). The legal basis for this is your consent as per Article 6(1)(1)(a) of the GDPR. We want to use our
newsletter to share content of maximum relevance to our customers and to better understand the actual interests of our
readers. For this reason, the links contained in the newsletters are also provided with parameters so that we can
assign your interaction (clicked links) to the respective campaign. This information will be linked to your customer
profile for analysis. If you do not want the analysis of usage behaviour, you may unsubscribe from the newsletter
service. Data relating to interaction with our newsletters is stored for 13 months and then deleted.
2.11 Existing customer advertising via email
If you make a purchase from us, we will also use your contact details to email you further information about our
products that is relevant to you ("existing customer advertising"). This may include, in particular, news, promotions
and offers as well as feedback requests and other surveys.
The legal basis for this data processing is Article
6(1)(f) of the GDPR in conjunction with Section 7(3) of the German Act against Unfair Competition (UWG), according to
which the data processing is permissible for the exercising of legitimate interests, insofar as this concerns the
storage and further use of the data for advertising purposes.
To enable us to provide you with exclusively
relevant offers within the scope of the newsletter for existing customers, a customer segmentation is also carried out
using the data you provided when placing your order. The legal basis for this is our aforementioned legitimate
interest as per Article 6(1)(f) of the GDPR.
You may object to the use of your data for advertising purposes at
any time by using a corresponding link in the emails or by notifying the above contact details (e.g. by email or
letter), without incurring any costs other than the transmission costs in accordance with the basic tariffs.
2.12 Job applications
You can apply for job vacancies with us using our Workday applicant management system (Workday Limited, The Kings
Building, May Lane, Dublin 7, Ireland). The purpose of the data collection is the selection of applicants for the
possible establishment of an employment relationship. In particular, we collect the following data for the receipt and
processing of your application: first name and surname, email address, application documents (e.g. references, CV),
date of earliest possible start and expected salary. The legal basis for the processing of your application documents
is Article 6(1)(1)(b) and Article 88(1) of the GDPR in conjunction with Section 26(1)(1) of the German Data Protection
Act (BDSG). Insofar as the data is classed as special categories of personal data, such as data on your health, which
you yourself communicate to us (e.g. information about a severely disabled person), the processing takes place based
on Article 6(1)(1)(b), Article 9, Article 88 of the GDPR, section 26(3)(1) of the German Data Protection Act (BDSG).
We store your personal data after receipt of your application. Should we hire you as an employee, we will store
your application data for a maximum period of three years beyond the termination of the relevant employment
Should we reject your application, we shall store your application data for a maximum period of
six months beyond the rejection of your application, unless you give consent (Article 6(1)(1)(a), Article 88 of the
GDPR, section 26(1)(1) of the German Data Protection Act) to a longer period of storage or the storage is required for
legal or statutory requirements.
We have concluded a processing contract with Workday. Some data is processed on
a server in the USA. In the event that personal data is transferred to the USA or other third countries, we have
concluded standard contractual clauses with Workday as per Article 46(2)(c) of the GDPR.
2.13 Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Seal of Approval and any
reviews collected, as well as to offer Trusted Shops products to buyers after they place an order. The Trustbadge and
the services promoted there are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, DE-50823 Cologne,
When the Trustbadge is called up, the web server automatically saves a server log file entry and
documents the call. For example, the log file entry contains your IP address, the date and time of the call, the
amount of data transferred and the requesting provider (access data). This access data is not evaluated and will be
automatically overwritten at the latest 90 days after the end of your site visit.
This serves to safeguard our
predominantly legitimate interests in optimised marketing within the framework of balancing interests by enabling
secure purchasing in accordance with Article 6 (1)(1)(f) of the GDPR.
Further personal data (in particular, order
data, hashed email address, amount, currency, payment method) is transferred to the Trusted Shops GmbH if, after
conclusion of an order, you decide to use Trusted Shops products or have already registered to use them. To this end,
automatic processing of personal data from the order data takes place. Whether you as a buyer are already registered
for use of a product is automatically checked on the basis of a neutral parameter that uses the email address hashed
by a cryptological one-way function. Before it is transmitted, the email address is converted to this hash value,
which cannot be decrypted for Trusted Shops. After checking for a match, the system automatically deletes the
parameter. Trusted Shops GmbH is responsible for this aforementioned processing. The contractual agreement between you
2.14 Trustpilot reviews
We use the review service provided by f Trustpilot A/S, Pilestræde 58, 3rd floor, DK-1112 Copenhagen K, Denmark
("Trustpilot"). This enables us to receive feedback from you in order to be able to improve our offering or our shop
or to design it according to customer wishes.
Once you have placed an order, we will send you an email containing a link which, when you
click on it, will take you to the Trustpilot website. You can then submit a review there. Only if you actually click
on the link contained in the email will we transmit your hashed email address, your name and your customer number for
verification purposes and thus on the basis of our legitimate interest as per Article 6(1)(f) of the GDPR. Posting a
review is of course entirely voluntary. Details regarding the collection of data by Trustpilot on its platform can be
2.15 Coupon offer from Sovendus GmbH
Our website offers the option for you to claim coupon offers from Sovendus GmbH, Moltkestr. 11, DE-76133 Karlsruhe
("Sovendus"). When you click on the corresponding banner, the hash value of your email address and your IP address are
transmitted to Sovendus. The pseudonymised hash value of the email address is used to take into account any objection
to advertising by Sovendus. The legal basis for this processing is Article 6(1)(c) of the GDPR.
We also transmit
the pseudonymised order number, session ID, coupon code and time stamp to Sovendus for billing purposes. The legal
basis for this processing is Article 6(1)(b) of the GDPR.
For further information on the processing of your data
by Sovendus, please refer to the relevant privacy notices.
3. Processing your data for advertising purposes
In addition to processing your data to fulfil the contracts you enter into with us, we also use your data to enable
us to exchange information with you about your orders, to communicate with you about specific products or marketing
promotions and to recommend products or services that may be of interest to you.
If you have entered into a contract with us, we will treat you as an existing customer. If this is the case, we
process your postal contact data in use this method to send you information about new products and services. The legal
basis for this is Article 6(1)(f) of the GDPR.
3.2 Customer surveys
Within the scope of our services, we provide you with information and offers from Mister Spex based on your
interests. Even if you have not subscribed to a newsletter, we will send you a limited number of product
recommendations, surveys and requests for product reviews. When selecting individual product recommendations, our
preference is to use the order data from your previous orders in compliance with the statutory provisions. In
accordance with the interaction, the email contains further information on how you can submit a corresponding review.
The product review is of course voluntary. The legal basis is Article 6(1)(f) of the GDPR.
3.3 Interest-oriented product presentations
We make every effort to make our online shop as attractive as possible for you. In order to prioritise products in
which you have an interest, we use technology to optimise the product presentation according to demographic factors
associated with your customer profile. For this purpose, we use the services of ODOSCOPE GmbH, Aachener Straße
524-528, DE-50933 Cologne ("ODOSCOPE"). If you have set up a customer account with us and are logged in, we transmit
your date of birth to this service provider, which performs an appropriate product ranking for us.
basis for this processing is our legitimate interest in an optimised product presentation in accordance with Article
6(1)(f) of the GDPR.
by third parties.
A cookie is a small text file stored by the browser on your device. Cookies are not used to
execute programs or load viruses on your computer. Comparable technologies are in particular web storage (local /
session storage), fingerprints, tags or pixels. Most browsers are configured to accept cookies and similar
technologies by default. As a rule, however, you can adjust your browser settings so that cookies or similar
technologies are rejected or are only stored after you have provided your consent. It is possible that some of our
services may fail to function properly if you reject cookies or similar technologies.
The tools we use are listed
below in our cookie directive, sorted by category. In
particular, we wish to inform you about the providers of the tools, the duration
for which cookies are stored and the disclosure of the data to third parties. We also explain the cases in which we
voluntary consent to use the tools and how you can withdraw this consent.
5. Presence on social media
We maintain an online presence on social media, allowing us to communicate with existing and potential customers and
provide information about our products.
User data is generally processed by social media for market research and
marketing purposes. This makes it possible to create user profiles based on users' interests. Cookies and other
identifiers are stored on users' computers for this purpose. These user profiles are used as the basis for displaying
advertising, for example, on social media, as well as on third-party websites.
As part of maintaining our online
presence, we may access information such as statistics on the use of our online presence provided by the social media
platforms. These statistics are aggregated and may include, in particular, demographic information and data on the
interaction with our online presence and the posts and content distributed via this. Please refer to the list below
for details and links to the social media data that we, as operators of the online presence, are able to
The legal basis for the data processing is Article 6(1)(1)(f) of the GDPR, based on our legitimate
interest in providing effective information to and communication with users, and, as per Article 6(1)(1)(b) of the
GDPR, in maintaining contact with our customers, providing them with information, and carrying out the steps required
prior to entering into a contract with future and potential customers.
The legal basis of the data processing
carried out by social media platforms can be found in their privacy policies. The links below also contain information
on how data is processed and how you can object to data processing.
We would like to point out that queries
relating to data protection are best resolved by contacting the social media platforms themselves, as only they have
access to the data and are able to take direct action: Below is a list containing information about the social media
platforms on which we maintain a presence:
- Facebook (USA and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland)
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
- Xing/Kununu (XING SE, Dammtorstraße 30, DE-20354 Hamburg)
6. Disclosure of data
We will generally only disclose the data we collect if
- you have given your express consent as per Article 6(1)(1)(a) of the GDPR
- disclosure as per Article 6(1)(1)(f) of the GDPR is necessary in order to assert, exercise, or defend legal claims
and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your
- we are legally obliged to disclose it as per Article 6(1)(1)(c) of the GDPR
- this is legally permissible and, as per Article 6(1)(1)(b) of the GDPR, is necessary for the processing of
contractual relationships with you or for steps prior to entering into a contract carried out at your request.
Some data processing may be carried out by our service providers. In addition to the service providers mentioned in
provide and further develop corresponding apps for us, IT service providers that maintain our systems, agencies,
market research companies, Group companies, payment service providers, newsletter distributors, logistics service
providers and consulting firms.
Should we disclose data to our service providers, they may use the data solely
for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are
contractually bound by our instructions, have appropriate technical and organisational measures in place to protect
the rights of data subjects, and are regularly monitored by us.
In addition, a transfer of your data may occur in
connection with official enquiries, court orders, and legal proceedings if they are deemed necessary for legal
prosecution or enforcement.
7. Transfer of data to third countries
partly located in "third countries" (outside the EU or the European Economic Area) or process personal data there,
i.e. countries that do not have a level of data protection comparable to that in the European Union. Where this is the
case and where the European Commission has not adopted an adequacy decision (Article 45 of the GDPR), we have taken
precautions to ensure an adequate level of data protection for any transfers of data. These include the European
Union's standard contractual clauses and binding internal data protection regulations.
Where this is not
possible, we use as the legal basis for data transfers the exceptions set out in Article 49 of the GDPR, in particular
your explicit consent or the necessity of the transfer for the performance of a contract or fulfilment of steps
required prior to entering into a contract.
If data is to be transferred to a third country and neither an
adequacy decision nor other suitable guarantees are available, there exists the possibility and risk that authorities
in the third country (e.g. secret services) may obtain access to the transferred data for the purpose of collecting
and analysing it, and that your rights as a data subject may not be enforceable. You will be informed of this when
your consent is obtained via the cookie banner.
8. Storage duration
We generally only store personal data for as long as is necessary to fulfil the purposes for which we have collected
the data. We then immediately erase the data, unless we need it until the end of the statutory limitation or warranty
period for evidence purposes for civil law claims or due to statutory retention obligations.
purposes, we must keep contractual data for another three years from the end of the year in which the business
relationship with you ends. Any claims shall become statute-barred at the earliest after the statutory period of
Even after this time, we still need to store some of your data for accounting purposes. We are
obliged to do so on the basis of statutory documentation obligations that may arise from the German Commercial Code,
the German Fiscal Code, the German Banking Act, the German Money Laundering Act, and the German Securities Trading
Act. The periods they stipulate for the retention of documents range from two to ten years.
9. Your rights, in particular revocation and objection
You are entitled to the rights of a data subject as formulated in Articles 15 to 21, Article 77 of the GDPR at all
- Right to revocation of your consent;
- Right to object to the processing of your personal data (Article 21 of the GDPR);
- Right to access your personal data processed by us (Article 15 of the GDPR);
- Right to rectify your personal data that is incorrectly stored with us (Article 16 of the GDPR);
- Right to erasure of your personal data (Article 17 of the GDPR);
- Right to limit the processing of your personal data (Article 18 of the GDPR);
- Right to data portability of your personal data (Article 20 of the GDPR);
- Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR).
In order to assert your rights described here, you may contact us at any times using the contact details given above.
This also applies should you wish to obtain copies of guarantees to prove an adequate level of data protection. If the
respective legal requirements are met, we will comply with your data protection request.
Your requests regarding
your assertion of data protection rights and our replies to these requests will be stored for documentation purposes
for a period of up to three years and, in some cases in relation to the assertion, exercise or defence of legal
claims, for a longer period. The legal basis is Article 6 (1)(1)(f) of the GDPR, based on our interest in defending
against possible civil law claims as
per Article 82 of the GDPR, the avoidance of administrative fines as per Article 83 of the GDPR and compliance with
our accountability obligations as per Article 5(2) of the GDPR.
You shall have the right to withdraw consent once given to us at any time. Should you do so, we will not
continue to process data based on this consent in the future. Withdrawal of consent will not affect the lawfulness
of the processing carried out on the basis of the consent prior to withdrawal.
If we process your data on the basis of legitimate interests, you have the right to object to the processing
of your data on grounds relating to your particular situation at any time. Should you object to data processing for
direct marketing purposes, you have a general right to object, which we shall comply with even if you do not state
any reasons for your objection.
Should you wish to exercise your right to withdraw or object, simply send an informal email to the contact
details given above.
Finally, you have the right to file a complaint with a data protection supervisory authority. You may exercise
this right before a supervisory authority in the Member State in which you are staying, working or the alleged
infringement took place. The responsible supervisory authority in Berlin, the location of our registered office, is:
Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, DE-10969 Berlin, Germany.
10. Your obligation to provide data
Fundamentally, you have no contractual or statutory obligation to provide us with personal data. However, should you
not provide the personal data requested by us for the registration or sales process and marked as mandatory, we may
not be able to conclude a contract with you.
official requirements change.
Version: 1.0 / Last updated: Juni 2021