data protection

This data protection declaration provides you with information about the collection, processing and use of your personal data Stimio GmbH , Mollenbachstraße 13, 71229 Leonberg, Germany (hereinafter: “Stimio” or “we”) as part of your visit to this website.

The person responsible for data processing in accordance with the General Data Protection Regulation (GDPR) is:

Stimio GmbH
Mollenbachstrasse 13
71229 Leonberg
Tel.: +49 7152 3515758
Email: support@stimio.com
Website: www.stimio.com

II. Type, purpose and legal basis for the processing of personal data

The use of our website is generally possible without providing personal data.

However, we would like to point out that when you access our website, access data is collected and stored in the server log files. This particularly concerns the following data:

• Browser type / your browser version
• operating system used
• the website from which you visit us / referrer URL
• Date and time of your visit
• Your IP address in anonymized form
• Host name of the accessing computer
• Amount of data sent in bytes
• If necessary, consent and revocation regarding cookies

The information is provided by our hosting provider, Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, collected and passed on to us. This information is evaluated exclusively in anonymized form to ward off and detect attacks and to optimize the offer (processing of personal data as part of a balancing of interests in accordance with Art. 6 Para. 1 f GDPR) and then deleted after 6 months at the latest.

We do not merge this data with other data sources. We reserve the right to subsequently evaluate the data if there are concrete indications of illegal use.

2. Contact – telephone/email/fax

If you contact us by email or telephone, we will process the personal data you provide. The processing is based on Article 6 Paragraph 1 Letter b GDPR. We will delete your personal data after processing your request if it is no longer necessary for the purposes for which it was collected and we are not subject to any contractual or legal retention obligations. Please also read “IX. Right of those affected, 3. Right to deletion”.

3. Consent

In order to be able to process your personal data lawfully, we will obtain your consent to process your personal data in individual cases. We will expressly inform you about the purpose of the intended data processing. The processing is based on Art. 6 Para. 1 lit. a GDPR

Your data will only be processed if you give us your consent. It is possible that processing your request is not possible without your consent and must therefore be made dependent on this. The data is processed exclusively for the purpose(s) expressly stated.

You can revoke your consent at any time with future effect. The revocation has no influence on the lawfulness of the processing up to the time of revocation. Please also read “V. Rights of those affected “6. Revocation of consent”.

4. Use of our contact form

We use a contact form on our website. We make this service available to you so that you can contact us electronically. If you would like to contact us using this form, we will process the information and data you provide.
In order to use this form you must provide mandatory information. These are marked as such. The mandatory information includes the following data:

• Salutation, your first name and last name
• Your email address
• Your phone number
• a message to be written including the subject

By providing your data and submitting your request, you consent to the processing of your personal data. We therefore base the legal basis for data processing on Article 6 (1) (a) GDPR. (Please also read “III. Type, purpose and legal basis for the processing of personal data 3. Consent” and “V. Rights of those affected 6. Revocation of consent”)

You can find out more about the storage period under “III. Storage period”.

5. Contract processing / orders in the online shop

Your personal data is processed when you send us an inquiry, as part of a pre-contractual legal relationship or to carry out a contractual relationship after placing an order in our shop on the basis of our General Terms and Conditions.

To the extent that this is necessary to fulfill the contract, in individual cases we also process personal data that is lawfully taken from publicly accessible sources (e.g. commercial registers, lists of debtors, the Internet) or that is lawfully transmitted to us by third parties (e.g. credit agencies). became.

The data collected may include:

• personal data (title, name, birthday)
• Contact details (delivery address, billing address, email address, telephone number)
• Financial data (name of account holder, IBAN, BIC)
• Contract data (services purchased, purchase price, payment modalities)

The basis for data processing is Article 6 Paragraph 1 Letter b GDPR.

Your delivery address will be passed on to a logistics company commissioned to ship your order. The basis for data processing is Article 6 Paragraph 1 Letter b GDPR.

Certain information is mandatory. These are marked as such. The information is voluntary. Please note, however, that we cannot conclude a contract without providing the mandatory personal data.

6. Creating a customer account

Your personal data will also be processed if you create and maintain a customer account with us when placing orders.

In this respect, the processing serves the purpose of making it easier and quicker to process future orders and to be able to track past orders. The basis for data processing is Article 6 Paragraph 1 Letter b GDPR.

The data collected and stored corresponds to the data mentioned in section 5. In any case, the data will be stored for as long as the customer account exists. After the customer account has been closed, the general information on storage applies (see Section III.).

7. Processing after weighing up interests (Art. 6 Para. 1 f GDPR)

If your interests in data processing conflict with our interests, we will weigh up your interests. We will weigh up your interests and our interests against each other. If the balance of interests shows that our interest outweighs your interest, we will process your personal data on the legal basis of Article 6 Paragraph 1 Letter f) GDPR.

Our interests and purposes are, for example:

• Ensuring the IT security and integrity of our systems
• Preventing or solving crimes
• Assertion or defense of legal claims

III. Storage period

We only store your personal data for as long as is necessary and your data is not subject to statutory retention obligations under the Tax Code (AO) or the Commercial Code (HGB). We delete your data after the purpose has been achieved and, if there is a legal obligation, after the statutory retention period has expired.

IV. Joint processing

We sometimes process the data collected from you together with other responsible parties. This currently applies to the respective partner through whose online shop you place an order. You can find the details of the partner in question in the imprint of the respective shop. There are agreements with all of our partners regarding joint processing within the meaning of Art. 26 GDPR.

• Both persons responsible remain authorized to process data as far as this concerns the management and processing of your order inquiries and completed orders (Art. 6 Para. 1 S. 1 lit. b) GDPR).
• We fulfill the information obligations to you in accordance with Articles 13 and 14 GDPR.
• We are responsible for fulfilling your data subject rights and accepting such requests. Without prejudice to this, you can also contact the relevant partner directly.
• We are responsible for checking and processing any data breaches within the meaning of Articles 33 and 34 GDPR.
  
  

V. Sharing of data

We generally do not pass on your personal data. If we have delegated the performance of a task to external service providers, we will only pass on your data if we require the external third parties, if necessary, to comply with data protection laws on the basis of an order processing agreement. Furthermore, data will only be passed on to the extent that this is permitted and necessary.

For example, service providers can be entrusted with tasks in the following areas:

• Website hosting
• Email hosting
• Technical IT support for website and infrastructure
• accounting
• Shipping service providers and logisticians
• Cookies

Data is passed on within the framework of statutory information obligations, such as the obligation to provide information to law enforcement authorities. Data will not be passed on to third countries.

VI. Special processing

1. Payment service provider VR Payment

We use the services of the payment service provider VR-Payment. VR Payment is a service provided by VR Payment GmbH, Saonestraße 3a, 60528 Frankfurt am Main. The purpose of using VR Payment is to be able to offer you payment by credit card as a modality for your order and to make it easier for us to process the order. The legal basis for processing is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR (fulfillment of a contract).

The information you provide during the ordering process, along with the information about your order (name, address, email address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction purpose) will be passed on to VR Payment on the basis of an order processing agreement. Your data will be passed on exclusively for the purpose of payment processing and only to the extent that it is necessary for this purpose. You can also find more information about VR Payment’s data protection here: https://www.vr-payment.de/datenschutz-haftung/.

2. Payment service provider PayPal

We use the services of the payment service provider PayPal. PayPal is a service provided by PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. The purpose of using PayPal is to be able to offer you payment via this service for your order and to make it easier for us to process the order. The legal basis for processing is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR (fulfillment of a contract).
The information you provide during the ordering process, along with the information about your order (name, address, email address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction purpose) will be passed on to PayPal on the basis of an order processing agreement. Your data will be passed on exclusively for the purpose of payment processing and only to the extent that it is necessary for this purpose. You can also find more information about PayPal’s data protection here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE/ .

3. Payment service provider Klarna

We use the services of the payment service provider Klarna. Klarna is a service of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. The purpose of using Klarna is to be able to offer you payment by invoice as a method for your order and to make it easier for us to process the order. The legal basis for processing is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR (fulfillment of a contract).
The information you provide during the ordering process, along with the information about your order (name, address, email address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction purpose) will be passed on to Klarna on the basis of an order processing agreement. Your data will be passed on exclusively for the purpose of payment processing and only to the extent that it is necessary for this purpose. You can also find further information about Klarna’s data protection here: https://www.klarna.com/de/datenschutz/ .

4. Payment service provider Payolution

We use the services of the payment service provider Payolution. Payolution is a service of payolution GmbH, Columbuscenter, Columbusplatz 7-8, 1100 Vienna, Austria. The purpose of using Payolution is to be able to offer you payment by invoice, installment payment or direct SEPA direct debit for your order and to make it easier for us to process the order. The legal basis for processing is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR (fulfillment of a contract).

By selecting a purchase on account, by installment payment or direct SEPA direct debit, you agree to the data protection regulations of payolution GmbH and the further processing of your personal data. These provisions are listed at the link below for informational purposes only : https://payment.payolution.com/payolution-payment/infoport/dataprivacydeclaration?&mId=QmVzdEVmZmVjdCBHbWJI

5. Facebook Pixels

Within our online offering we use the so-called “Facebook Pixel”, a service operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: “Facebook”).

With the help of the Facebook pixel, we are able to track for statistical purposes whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”). The use also enables us to determine visitors to our online offering as a target group for the display of advertisements (so-called "Facebook Ads") and thus only show them to those Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, which are determined based on the websites visited) that we transmit to Facebook (so-called “Custom Audiences”).

The processing of data by Facebook takes place within the framework of Facebook's data policy. For specific information and details about the Facebook Pixel and how it works, we refer to Facebook’s data protection information: https://www.facebook.com/privacy/explanation

As far as this section concerns, Facebook acts as a processor. We have therefore concluded a data processing agreement with Facebook, in which we oblige Facebook to protect our customers' data and not to pass it on to third parties. Furthermore, we have no control over how Facebook uses the data. In particular, we cannot rule out that Facebook passes on the data to third countries.

The use of the Facebook pixel and the storage of “conversion cookies” are based on your consent within the meaning of Art. 6 Para. 1 lit. a GDPR. You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. We refer to the further information under Section II. 3. You can also make settings regarding which types of advertisements are shown to you within Facebook when you log in to Facebook.

6. Matomo Tracking

This website uses Matomo. This is an open source web analysis tool. We would like to further improve the website and adapt it even more to the needs of users.

Matomo uses so-called cookies. These are text files that are stored on your computer and enable us to analyze the use of our website. For this purpose, the information about usage obtained through the cookie is transferred to our servers and stored so that usage behavior can be evaluated. Your IP address will be immediately anonymized; This means that you as a user remain anonymous. The information generated by the cookie about your use of this website will not be passed on to third parties. In particular, with Matomo no data is transmitted to servers that are beyond our control.

Matomo is deactivated when you visit our website. Only if you actively consent will your usage behavior be recorded anonymously. When using these cookies, we rely on your express consent to data collection in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. For further information on consent, we refer to Section II. 3.

Further information regarding Matomo's data protection can be found in their data protection declaration at: https://matomo.org/privacy-policy/ .

7. Google Fonts

On this website we use so-called fonts from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). The fonts are used to display texts and fonts uniformly. When you access our site, your browser loads the necessary web fonts into your browser cache so that the texts and the fonts we use can be displayed error-free.

In order for the website to be displayed correctly, the browser you use connects to Google's servers with the information that you have visited our website via your IP address. If your browser does not support web fonts, your computer will automatically use a standard font.

The legal basis for this data processing is Article 6 Paragraph 1 Letter a GDPR (consent). You can revoke your consent at any time. All you need to do is change the privacy settings in your browser. For further information, we also refer to Section II. 3. We would also like to point out again the information on the transfer of data to third countries in accordance with Art. 49 GDPR in Section V. 3. Further information regarding data protection can be found in the data protection declaration of Google at: https://www.google.com/policies/privacy/.

8. Newsletters

If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the person responsible for processing. Registration for our newsletter takes place in a so-called double opt-in process. This means that after you register you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with someone else's email address. When registering for the newsletter, the user's IP address as well as the date and time of registration are saved. This is to prevent misuse of the services or the data subject's email address. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass it on. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be canceled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, there is a corresponding link in every newsletter. The legal basis for the processing of data after the user has registered for the newsletter, provided the user has given his consent, is Article 6 Paragraph 1 Letter a) GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 Paragraph 3 UWG.

Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany. Rapidmail is used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter will be stored on rapidmail's servers in Germany. If you do not want analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter directly on the website. For the purpose of analysis, emails sent with rapidmail contain a so-called tracking pixel, which connects to rapidmail's servers when the email is opened. This makes it possible to determine whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message are clicked. All links in the email are so-called tracking links with which your clicks can be counted. Depending on which font the respective newsletter is designed with, a connection to external servers such as Google Fonts takes place.

Legal basis: The legal basis for data processing is Article 6 Paragraph 1 Letter a) GDPR.

Recipient: The recipient of the data is rapidmail GmbH.

Transfer to third countries: Data will not be transferred to third countries.

Duration: The data you have stored with us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and rapidmail's servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remains unaffected.

Option to revoke: You have the option to revoke your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Further data protection information: For more information, please see rapidmail's data security information at: https://www.rapidmail.de/datensicherheit. For more information about rapidmail's analysis functions, please visit the following link: https://www.rapidmail.de/wissen-und-hilfe

VII. Your rights

You can assert your rights as a data subject regarding your processed personal data at any time using the contact details provided under A. at the beginning. As a data subject, you have the right:

- in accordance with Art. 15 GDPR, to request information about your data processed by us. In particular, you can obtain information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, and the existence of a right to lodge a complaint , request the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details;

- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of your data stored by us;

- in accordance with Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;

- in accordance with Art. 18 GDPR, to request the restriction of the processing of your data if you dispute the accuracy of the data or the processing is unlawful;

- in accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request its transmission to another person responsible (“data portability”);

- to object to the processing in accordance with Art. 21 GDPR, provided that the processing takes place on the basis of Art. 6 Para. 1 Sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary to fulfill a contract with you. Unless it is an objection to direct advertising, when exercising such an objection we ask you to explain the reasons why we should not process your data as we do. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling legitimate reasons on the basis of which we continue the processing;

- in accordance with Art. 7 Para. 3 GDPR, your consent once given - i.e. your voluntary, informed and unambiguous wish, made clear by a statement or other clear confirmatory action, that you consent to the processing of the relevant personal data for one or more specific purposes purposes - you can revoke this at any time if you have given us such consent. This means that we are no longer allowed to continue the data processing based on this consent in the future

- in accordance with Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us: Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach.

VIII. Changes to the data protection information

As data protection law develops and technological or organizational changes occur, our data protection information is regularly checked for any need for adjustments or additions. You will be informed about changes in particular on our German website https://stimio.com/Information/Data Protection/ informed.