data protection

This privacy policy provides you with information about the collection, processing and use of your personal data that you provide to Stimio GmbH , Mollenbachstraße 13, 71229 Leonberg, Germany (hereinafter: “Stimio” or “we”) as part of your visit to this website.

The person responsible for data processing according to the General Data Protection Regulation (GDPR) is:

Stimio GmbH
Mollenbachstrasse 13
71229 Leonberg
Phone: +49 7152 3515758
Email: support@stimio.com
Website: www.stimio.com

II. Type, purpose and legal basis for the processing of personal data

In principle, you can use our website without providing any personal data.

However, we would like to point out that when you visit our website, access data is collected and stored in the server log files. This includes, in particular, the following data:

• Browser type / your browser version
• operating system used
• the website from which you visit us / referrer URL
• Date and time of your visit
• Your IP address in anonymized form
• Hostname of the accessing computer
• Amount of data sent in bytes
• if applicable, consent and revocation regarding cookies

The information is collected and forwarded to us by our hosting provider, Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. This information is evaluated exclusively in anonymized form to prevent and detect attacks and to optimize our offering (processing of personal data within the framework of a balancing of interests in accordance with Art. 6 (1) (f) GDPR) and is then deleted after six months at the latest.

We do not combine this data with other data sources. We reserve the right to subsequently evaluate the data if there is concrete evidence of illegal use.

2. Contact – Telephone/Email/Fax

If you contact us by email or telephone, we will process the personal data you provide. This processing is based on Art. 6 (1) (b) GDPR. We will delete your personal data after processing your request if it is no longer necessary for the purposes for which it was collected and we are not subject to any contractual or legal retention obligations. Please also read "IX. Rights of the Data Subject, 3. Right to Erasure."

3. Consent

In order to process your personal data lawfully, we will obtain your consent to process your personal data in individual cases. We will expressly inform you of the purpose of the intended data processing. In this respect, the processing is based on Art. 6 (1) (a) GDPR.

Your data will then only be processed if you give us your consent. It is possible that processing your request will not be possible without your consent and must therefore be subject to it. The data will be processed exclusively for the expressly stated purpose(s).

You can revoke your consent at any time with future effect. The revocation does not affect the legality of the processing up to the time of revocation. For more information, see "V. Data Subject Rights "6. Revocation of Consent."

4. Use of our contact form

We use a contact form on our website. We provide this service so that you can contact us electronically. If you choose to contact us via this form, we will process the information and data you provide.
To use this form, you must provide mandatory information. This information is marked as such. The mandatory information includes the following data:

• Title, your first name and last name
• Your email address
• Your phone number
• a message to be written including subject

By providing your details and submitting your request, you consent to the processing of your personal data. We therefore base the legal basis for data processing on Art. 6 (1) (a) GDPR. (Please also read "III. Type, Purpose, and Legal Basis for the Processing of Personal Data 3. Consent" and "V. Rights of Data Subjects 6. Revocation of Consent")

For more information on the storage period, see “III. Storage period”.

5. Contract processing / orders in the online shop

Your personal data will be processed when you send us an inquiry, as part of a pre-contractual legal relationship or to carry out a contractual relationship after ordering in our shop on the basis of our General Terms and Conditions.

To the extent necessary for the performance of the contract, we will also process personal data in individual cases that has been lawfully obtained from publicly accessible sources (e.g. commercial registers, debtor lists, Internet) or that has been lawfully transmitted to us by third parties (e.g. credit agencies).

The data collected may include:

• personal data (title, name, date of birth)
• Contact details (delivery address, billing address, email address, telephone number)
• Financial data (name of account holder, IBAN, BIC)
• Contract data (purchased services, purchase price, payment terms)

The basis for data processing is Art. 6 (1) (b) GDPR.

Your delivery address will be passed on to a contracted logistics company for the purpose of shipping your order. The basis for data processing is Art. 6 (1) (b) GDPR.

Certain information is mandatory. This information is marked as such. Providing this information is voluntary. Please note, however, that without the mandatory personal data, we cannot conclude a contract.

6. Creating a customer account

Your personal data will also be processed if you create and maintain a customer account with us as part of your orders.

The purpose of this processing is to make future orders easier and faster to process and to track past orders. The basis for this data processing is Art. 6 (1) (b) GDPR.

The data collected and stored corresponds to the data mentioned in Section 5. The data will be stored for the duration of the customer account. After the customer account is closed, the general storage guidelines apply (see Section III).

7. Processing after balancing of interests (Art. 6 (1) (f) GDPR)

If your interests in data processing conflict with our interests, we will conduct a balancing of interests. In doing so, we will weigh your interests against ours. If the balancing of interests shows that our interests outweigh yours, we will process your personal data on the legal basis of Art. 6 (1) (f) GDPR.

Our interests and purposes include:

• Ensuring the IT security and integrity of our systems
• Prevention or investigation of crimes
• Assertion or defense of legal claims

III. Storage period

We store your personal data only for as long as necessary and as long as your data is not subject to statutory retention periods under the German Fiscal Code (AO) or the German Commercial Code (HGB). We delete your data after the purpose has been achieved and, if legally required, after the expiration of the statutory retention period.

IV. Joint processing

We process some of the data we collect from you jointly with other responsible parties. Currently, this applies to the respective partner through whose online shop you place an order. You can find the data of the respective partner in the respective shop's imprint. We have agreements with all of our partners regarding joint processing within the meaning of Art. 26 GDPR.

• Both responsible parties remain authorized to process data insofar as this concerns the support and processing of your order inquiries and completed orders (Art. 6 Para. 1 S. 1 lit. b) GDPR).
• We comply with the information obligations towards you according to Art. 13, 14 GDPR.
• We are responsible for fulfilling your data subject rights and accepting such requests. Without prejudice to this, you may also contact the relevant partner directly.
• We are responsible for examining and processing any data breaches within the meaning of Art. 33, 34 GDPR.
  
  

V. Transfer of data

We generally do not share your personal data. If we have outsourced a task to external service providers, we will only share your data if we oblige the external third parties, where necessary, to comply with data protection laws based on a data processing agreement. Furthermore, data will only be shared if permitted and necessary.

For example, service providers can be entrusted with tasks in the following areas:

• Website hosting
• Email hosting
• Technical IT support for website and infrastructure
• accounting
• Shipping service providers and logistics companies
• Cookies

Data will be shared within the framework of statutory disclosure obligations, such as the obligation to provide information to law enforcement authorities. Data will not be shared with third countries.

VI. Special processing

1. Payment service provider VR Payment

We use the services of the payment service provider VR-Payment. VR Payment is a service provided by VR Payment GmbH, Saonestraße 3a, 60528 Frankfurt am Main. The use of VR Payment serves to offer you credit card payment as a method for your order and to facilitate order processing for us. The legal basis for processing is Art. 6 (1) (b) GDPR (performance of a contract).

The information you provide during the ordering process, along with information about your order (name, address, email address, account number, bank sort code, credit card number if applicable, invoice amount, currency, and transaction purpose), will be passed on to VR Payment on the basis of a data processing agreement. Your data will be passed on exclusively for the purpose of payment processing and only to the extent necessary for this purpose. Further information on VR Payment's data protection policy can also be found here: https://www.vr-payment.de/datenschutz-haftung/.

2. Payment service provider PayPal

We use the services of the payment service provider PayPal. PayPal is a service provided by PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. The use of PayPal serves to offer you the option of paying for your order via this service and to facilitate order processing for us. The legal basis for processing is Art. 6 (1) (b) GDPR (performance of a contract).
The information you provide during the ordering process, along with information about your order (name, address, email address, account number, bank sort code, credit card number (if applicable), invoice amount, currency, and transaction purpose), will be transferred to PayPal on the basis of a data processing agreement. Your data will be transferred solely for the purpose of payment processing and only to the extent necessary for this purpose. Further information on PayPal's privacy policy can also be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE/ .

3. Payment service provider Klarna

We use the services of the payment service provider Klarna. Klarna is a service provided by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. The use of Klarna serves to offer you payment by invoice as a method for your order and to facilitate our order processing. The legal basis for processing is Art. 6 (1) (b) GDPR (performance of a contract).
The information you provide during the ordering process, along with information about your order (name, address, email address, account number, bank sort code, credit card number (if applicable), invoice amount, currency, and transaction purpose), will be passed on to Klarna on the basis of a data processing agreement. Your data will be passed on exclusively for the purpose of payment processing and only to the extent necessary for this purpose. Further information on Klarna's data protection policy can also be found here: https://www.klarna.com/de/datenschutz/ .

4. Payment service provider Payolution

We use the services of the payment service provider Payolution. Payolution is a service provided by payolution GmbH, Columbuscenter, Columbusplatz 7-8, 1100 Vienna, Austria. The use of Payolution serves to offer you payment by invoice, installment payment, or direct SEPA direct debit for your order and to facilitate the processing of your order. The legal basis for processing is Art. 6 (1) (b) GDPR (performance of a contract).

By selecting a purchase on account, by installment payment, or direct SEPA direct debit, you agree to payolution GmbH's privacy policy and the further processing of your personal data. These policies are available at the following link for information purposes only : https://payment.payolution.com/payolution-payment/infoport/dataprivacydeclaration?&mId=QmVzdEVmZmVjdCBHbWJI

5. Facebook Pixel

Within our online offering we use the so-called “Facebook Pixel”, a service operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: “Facebook”).

With the help of the Facebook pixel, we are able to track for statistical purposes whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion"). Its use also enables us to define visitors to our online offering as a target group for the display of advertisements (so-called "Facebook Ads") and thus only display them to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Facebook (so-called "custom audiences").

Facebook processes the data in accordance with Facebook's data policy. For specific information and details about the Facebook pixel and how it works, please refer to Facebook's privacy policy: https://www.facebook.com/privacy/explanation

Facebook acts as a data processor, as far as this section concerns. We have therefore concluded a data processing agreement with Facebook, in which we obligate Facebook to protect our customers' data and not to share it with third parties. Furthermore, we have no control over how Facebook uses the data. In particular, we cannot rule out the possibility that Facebook may share the data with third countries.

The use of the Facebook Pixel and the storage of "conversion cookies" is based on your consent within the meaning of Art. 6 (1) (a) GDPR. You can object to the collection by the Facebook Pixel and the use of your data to display Facebook ads. We refer to the further information under Section II. 3. You can also configure the types of advertisements displayed to you within Facebook by logging into Facebook.

6. Matomo Tracking

This website uses Matomo, an open-source web analytics tool. We use it to further improve the website and adapt it even more to user needs.

Matomo uses cookies. These are text files stored on your computer that enable us to analyze the use of our website. The information about your use generated by the cookie is transferred to our servers and stored there so that user behavior can be evaluated. Your IP address is immediately anonymized; this means you remain anonymous as a user. The information generated by the cookie about your use of this website will not be passed on to third parties. In particular, Matomo does not transmit any data to servers outside of our control.

Matomo is deactivated when you visit our website. Your usage behavior will only be recorded anonymously if you actively consent. When using these cookies, we rely on your express consent to data collection in accordance with Art. 6 (1) (a) GDPR. For further information on consent, please refer to Section II.3.

Further information regarding Matomo's data protection can be found in their privacy policy at: https://matomo.org/privacy-policy/.

7. Google Fonts

We use so-called fonts from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google") on this website. These fonts are used to ensure consistent display of text and fonts. When you visit our site, your browser loads the necessary web fonts into your browser cache so that the text and fonts we use can be displayed correctly.

To ensure the website is displayed correctly, your browser connects to Google's servers and stores the information that you have visited our website via your IP address. If your browser does not support web fonts, a standard font from your computer will be automatically used.

The legal basis for this data processing is Art. 6 (1) (a) GDPR (consent). You can withdraw your consent at any time. To do so, simply change the privacy settings in your browser. For further information, please refer to Section II. 3. We also refer again to the information on the transfer of data to third countries pursuant to Art. 49 GDPR in Section V. 3. Further information regarding data protection can be found in Google's privacy policy at: https://www.google.com/policies/privacy/ .

8. Newsletter

If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the person responsible for processing. Registration for our newsletter is carried out using a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else's email address. When you register for the newsletter, the user's IP address and the date and time of registration are saved. This serves to prevent misuse of the services or the email address of the data subject. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data will be used exclusively for sending the newsletter. The subscription to the newsletter can be canceled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, there is a corresponding link in every newsletter. The legal basis for processing data after the user has registered for the newsletter, provided the user has given their consent, is Art. 6 (1) (a) GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) of the German Unfair Competition Act (UWG).

Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Rapidmail is used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail's servers in Germany. If you do not want rapidmail to analyze your data, you must unsubscribe from the newsletter. We provide a link for this in every newsletter message. You can also unsubscribe from the newsletter directly on the website. For analysis purposes, emails sent with rapidmail contain a so-called tracking pixel, which connects to rapidmail's servers when the email is opened. This makes it possible to determine whether a newsletter message has been opened. Furthermore, rapidmail can help us determine whether and which links in the newsletter message are clicked. All links in the email are so-called tracking links, which can be used to count your clicks. Depending on the font used in the respective newsletter, a connection to external servers such as Google Fonts is established.

Legal basis: The legal basis for data processing is Art. 6 (1) (a) GDPR.

Recipient: The recipient of the data is rapidmail GmbH.

Transfer to third countries: The data will not be transferred to third countries.

Duration: The data you store with us as part of your consent for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter. After you unsubscribe from the newsletter, it will be deleted from both our servers and the rapidmail servers. Data stored with us for other purposes (e.g., email addresses for the members' area) remains unaffected.

Right of revocation: You have the option to revoke your consent to data processing at any time with future effect. The legality of data processing operations already carried out remains unaffected by the revocation.

Further data protection information: For more information, please refer to rapidmail's data security information at: https://www.rapidmail.de/datensicherheit. For more information about rapidmail's analysis functions, please visit the following link: https://www.rapidmail.de/wissen-und-hilfe

VII. Your rights

You can assert your rights as a data subject regarding the processing of your personal data at any time using the contact details provided above under A. As a data subject, you have the right to:

- to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information on its details;

- to request the immediate correction of incorrect or the completion of your data stored by us in accordance with Art. 16 GDPR;

- to request the deletion of your data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

- to request the restriction of the processing of your data in accordance with Art. 18 GDPR if you contest the accuracy of the data or if the processing is unlawful;

- in accordance with Art. 20 GDPR, to receive the data you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller ("data portability");

- to object to processing in accordance with Art. 21 GDPR, provided that the processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR. This is particularly the case if the processing is not necessary to fulfill a contract with you. Unless it is an objection to direct advertising, we ask you to explain the reasons why we should not process your data as we do when exercising such an objection. If your objection is justified, we will examine the situation and will either stop or adapt the data processing or show you our compelling legitimate reasons on the basis of which we continue the processing;

- in accordance with Art. 7 (3) GDPR, you have the right to revoke your consent at any time – that is, your voluntary, informed, and unambiguous consent, made clear by a statement or other unambiguous affirmative action, that you agree to the processing of the personal data concerned for one or more specific purposes – if you have given such consent. This means that we may no longer continue the data processing based on this consent in the future, and

- in accordance with Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us: Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach.

VIII. Changes to the privacy policy

In the context of the ongoing development of data protection law as well as technological or organizational changes, our data protection information is regularly reviewed for any need for adjustment or addition. You will be notified of any changes, particularly on our German website at https://stimio.com/Information/Data Protection/ taught.