Last updated: May 2026

1 – Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data within this meaning is any data by which you can be personally identified.

1.2 The Controller responsible for the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is subtel GmbH, Mainzer Str. 3, 10247 Berlin, Germany, tel.: +49 (0)30 8020899-50, fax: +49 (0)30 8020899-69, email: info@subtel.de. The Controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 The Controller has appointed a Data Protection Officer, who can be contacted as follows: "Jan Eichelmann, Mainzer Str. 3, 10247 Berlin".

2 – Data Collected When Visiting our Website

2.1 When you use our website purely for informational purposes – that is, when you do not register or otherwise transmit information to us – we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

• the website you visit on our site
• date and time of access
• amount of data sent (in bytes)
• the source/referrer from which you arrived at the page
• the browser used
• the operating system used
• the IP address used (where applicable, in anonymised form)

The processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or otherwise used. We do, however, reserve the right to subsequently review the server log files should there be concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the Controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string "https://" and the padlock symbol in your browser bar.

3 – Hosting & Content Delivery Network

Bunny.net

We use a content delivery network from the following provider: BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia.

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

The provider is based in the European Union (Slovenia), so that personal data is in principle not transferred to third countries. Insofar as the provider processes data via edge servers outside the EEA, this is done on the basis of the European Commission's Standard Contractual Clauses.

4 – Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted again after the browser is closed (so-called "session cookies"); others remain on your device for longer and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings overview of your web browser.

Insofar as personal data is also processed by individual cookies used by us, the processing is carried out pursuant to Art. 6(1)(b) GDPR for the performance of the contract, pursuant to Art. 6(1)(a) GDPR in the case of consent given, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

Insofar as cookies that are not strictly necessary for the provision of the service are stored on your device or information is accessed in your device, this is done on the basis of your consent pursuant to § 25(1) of the German Telecommunications-Digital-Services Data Protection Act (TDDDG) in conjunction with Art. 6(1)(a) GDPR. Technically necessary cookies are set on the basis of § 25(2) no. 2 TDDDG in conjunction with Art. 6(1)(f) GDPR.

You can set your browser to inform you about the setting of cookies and to decide individually about their acceptance, or to exclude the acceptance of cookies in certain cases or generally. You can withdraw or adjust your consent at any time via the cookie consent tool provided on the website.

Please note that the functionality of our website may be restricted if cookies are not accepted.

5 – Contact

5.1 Review invitations

After the completion of your order we send you a review invitation to the email address provided during checkout. This message serves solely to give you the opportunity to share your experience with the purchased product and the order processing.

The legal basis for this processing is Art. 6(1)(f) GDPR in conjunction with § 7(3) of the German Act against Unfair Competition (UWG). Our legitimate interest lies in ensuring product quality and continuously improving our offering on the basis of customer feedback.

No data is transferred to third parties. Review invitations are sent exclusively by us via our own infrastructure, and the submitted reviews are stored exclusively in our shop system.

You can object to the use of your email address for review invitations at any time, free of charge beyond the basic transmission costs. A simple message to info@subtel.de is sufficient.

5.2 Contact Enquiries

When you contact us (e.g. via the contact form or by email), personal data is processed – exclusively for the purpose of processing and answering your enquiry, and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your enquiry pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been definitively resolved and provided that no statutory retention obligations conflict with this.

5.3 Processing of contact enquiries via Intercom

For the handling and answering of contact enquiries submitted to us via our contact form, we use the services of Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland ("Intercom"). The data you provide in the contact form (in particular name, email address and message) is transmitted to Intercom and stored there.

The legal basis for this processing is Art. 6(1)(f) GDPR, our legitimate interest in handling your enquiry efficiently and in a traceable manner. If your contact is aimed at concluding a contract, an additional legal basis is Art. 6(1)(b) GDPR.

We have concluded a data processing agreement with Intercom. Intercom's servers are located in the European Union (endpoint api.eu.intercom.io); insofar as processing takes place outside the EEA, it is based on the European Commission's Standard Contractual Clauses. Further information can be found in Intercom's privacy policy: https://www.intercom.com/legal/privacy.

6 – Data Processing when Opening a Customer Account

Pursuant to Art. 6(1)(b) GDPR, personal data continues to be collected and processed to the extent required if you provide it to us when opening a customer account. You can find the data required to open an account on the input mask of the relevant form on our website.

Your customer account can be deleted at any time by sending a message to the above address of the Controller. After your customer account has been deleted, your data will be deleted, provided that all contracts concluded via the account have been fully processed, no statutory retention periods apply, and we no longer have a legitimate interest in further storage.

7 – Data Processing for Order Fulfilment

7.1 Insofar as it is necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution pursuant to Art. 6(1)(b) GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a relevant contract, we process the contact data (name, address, email address) transmitted by you when ordering in order to personally inform you in good time about pending updates, by suitable means of communication (e.g. by post or by email), within the framework of our statutory information obligations pursuant to Art. 6(1)(c) GDPR. Your contact data will only be used in a strictly purpose-bound manner for notifications about updates owed by us and will be processed by us for this purpose only to the extent necessary for the respective information.

To process your order, we also cooperate with the following service provider(s), who support us in whole or in part in the performance of contracts concluded. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Disclosure of personal data to shipping service providers

Deutsche Post AG

As a transport service provider, we use the following provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Deutschland

We pass on your email address and/or telephone number to the provider pursuant to Art. 6(1)(a) GDPR before delivery of the goods for the purpose of arranging a delivery date or delivery notification, provided that you have given your express consent during the ordering process. Otherwise, we only pass on the recipient's name and the delivery address to the provider for the purpose of delivery pursuant to Art. 6(1)(b) GDPR. Such disclosure only occurs to the extent necessary for the delivery of the goods. In this case, prior arrangement of the delivery date with the provider or delivery notification is not possible.

The consent can be withdrawn at any time with effect for the future, either against the Controller named above or against the provider.

DHL Paket GmbH

As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Deutschland

We pass on your email address and/or telephone number to the provider pursuant to Art. 6(1)(a) GDPR before delivery of the goods for the purpose of arranging a delivery date or delivery notification, provided that you have given your express consent during the ordering process. Otherwise, we only pass on the recipient's name and the delivery address to the provider for the purpose of delivery pursuant to Art. 6(1)(b) GDPR. Such disclosure only occurs to the extent necessary for the delivery of the goods. In this case, prior arrangement of the delivery date with the provider or delivery notification is not possible.

The consent can be withdrawn at any time with effect for the future, either against the Controller named above or against the provider.

DPD Deutschland GmbH

As a transport service provider, we use the following provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Deutschland

We pass on your email address and/or telephone number to the provider pursuant to Art. 6(1)(a) GDPR before delivery of the goods for the purpose of arranging a delivery date or delivery notification, provided that you have given your express consent during the ordering process. Otherwise, we only pass on the recipient's name and the delivery address to the provider for the purpose of delivery pursuant to Art. 6(1)(b) GDPR. Such disclosure only occurs to the extent necessary for the delivery of the goods. In this case, prior arrangement of the delivery date with the provider or delivery notification is not possible.

The consent can be withdrawn at any time with effect for the future, either against the Controller named above or against the provider.

7.3 Use of payment service providers

Adyen

One or more online payment methods of the following provider are available on this website: Adyen, Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, Netherlands.

If you choose a payment method offered by the provider where you make payment in advance (e.g. credit card payment), your payment data provided as part of the ordering process (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order will be passed on to the provider pursuant to Art. 6(1)(b) GDPR. In this case, your data will be disclosed exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

8 – Web Analytics Services

Google Tag Manager

To manage and uniformly deliver the tracking, analytics and marketing services described below (in particular Google Analytics 4, Google Ads, Microsoft Advertising and the Meta Pixel), we use Google Tag Manager from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Tag Manager is a cookie-free domain that does not itself collect personal data; it serves solely to manage other tags centrally and to fire them only in accordance with the consent you have given in the Cookie Consent Tool.

When Tag Manager is loaded, your IP address is technically transmitted to Google servers; transmissions to Google LLC, based in the USA, are also possible. For these transfers, the provider has joined the EU-US Data Privacy Framework; in addition, the Standard Contractual Clauses of the European Commission apply.

The legal basis for the use of Tag Manager is Art. 6(1)(f) GDPR; our legitimate interest lies in the efficient and consistent management of the tools we use. Further information can be found at https://marketingplatform.google.com/about/tag-manager/use-policy/.

Google Analytics 4

This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.

By default, when you visit the website, Google Analytics 4 sets cookies which are stored as small text fragments on your device and collect certain information. The scope of this information also includes your IP address, which is, however, truncated by Google by the last digits in order to exclude direct identifiability of the person.

The information is transmitted to Google servers and further processed there. This may also involve transmissions to Google LLC, based in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services connected with website use and internet use. The IP address transmitted by your browser as part of Google Analytics and truncated will not be combined with other data held by Google. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, only takes place if you have given us your express consent pursuant to § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the site. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with Google which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/privacy/, https://policies.google.com/privacy?hl=en and at https://policies.google.com/technologies/partner-sites.

Demographic features

Google Analytics 4 uses the special "demographic features" function and can use it to create statistics that make statements about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the data collected cannot be assigned to any specific person and will be deleted after a storage period of two months.

Google Signals

As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have activated personalised advertising and have linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR, analyse your usage behaviour across devices and create database models for, among other things, cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop the cross-device analysis, you can deactivate the "Personalised Advertising" function in your Google account settings. To do so, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en. Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=en.

UserIDs

As an extension to Google Analytics 4, the "UserIDs" function may be used on this website. If you have consented to the use of Google Analytics 4 pursuant to § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR, have set up an account on this website, and log in to this account on different devices, your activities – including conversions – may be analysed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission. In addition, Standard Contractual Clauses of the European Commission provide a further safeguard.

9 – Retargeting / Remarketing and Conversion Tracking

9.1 Google Ads Conversion Tracking

This website uses the online advertising programme "Google Ads" and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

We use the offering of Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Adwords). In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We thus pursue the aim of showing you advertising that is of interest to you, making our website more interesting for you, and achieving a fair calculation of the advertising costs incurred.

The cookie for conversion tracking is set when a user clicks on an Ads ad placed by Google. Cookies are small text files that are stored on your device. These cookies usually lose their validity after 30 days and do not serve to identify you personally. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies therefore cannot be tracked across the websites of Google Ads customers. The information collected with the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. The customers are informed of the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.

As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC in the USA.

Details on the processing triggered by Google Ads conversion tracking and on Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites.

All processing described above, in particular the setting of cookies for reading information on the device used, will only be carried out if you have given us your express consent pursuant to § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

You can also permanently object to the setting of cookies by Google Ads conversion tracking by downloading and installing the browser plug-in from Google available at the following link: https://www.google.com/settings/ads/plugin?hl=en.

In order to address users whose data we have received in the context of business or quasi-business relationships in a more targeted manner, we use a customer match function within Google Ads. For this purpose, we transmit one or more files containing aggregated customer data (primarily email addresses and telephone numbers) electronically to Google. In doing so, Google does not gain access to plain text data, but encrypts the information in the customer files automatically during the transmission process by means of a special algorithm. The encrypted information can then only be used by Google to match it with existing Google accounts that the data subjects have set up. This enables personalised advertising to be displayed across all Google services linked to the respective Google account.

The transmission of customer data to Google takes place exclusively if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw this consent at any time with effect for the future. Further information on Google's data protection measures with regard to the customer match function can be found here: https://support.google.com/google-ads/answer/6334160?hl=en&ref_topic=10550182.

Google's privacy policy can be found here: https://business.safety.google/privacy/ and https://www.google.com/policies/privacy/.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission. In addition, Standard Contractual Clauses of the European Commission provide a further safeguard.

9.2 Microsoft Advertising (Bing Ads) Conversion Tracking

This website uses the conversion tracking of Microsoft Advertising (formerly Bing Ads) from the following provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Microsoft Advertising sets a cookie on your device when you have reached our website via a Microsoft Bing advertisement. Microsoft and we can use this to recognise that someone has clicked on an ad, been redirected to our website, and reached a previously defined target page (so-called "conversion page"). In doing so, we only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user's identity is shared. Transmissions to the servers of Microsoft Corporation in the USA may also take place.

All processing described above, in particular the setting of cookies on the device used, will only be carried out if you have given us your express consent pursuant to § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission. In addition, Standard Contractual Clauses of the European Commission provide a further safeguard.

For more information on data protection at Microsoft, please visit: https://privacy.microsoft.com/en-us/privacystatement.

9.3 Meta Pixel (Facebook Pixel)

We use the so-called "Meta Pixel" (formerly "Facebook Pixel") of the following provider on our website: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").

With the help of the Meta Pixel, it is possible for Meta, on the one hand, to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Meta Ads"). Accordingly, we use the Meta Pixel to display the Meta Ads placed by us only to those users on Meta and within the services of partners cooperating with Meta (so-called "Audience Network") who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products, which are determined on the basis of the websites visited) that we transmit to Meta (so-called "Custom Audiences"). With the help of the Meta Pixel, we also want to ensure that our Meta Ads correspond to the potential interest of users and do not have a harassing effect. Furthermore, we can use the Meta Pixel to track the effectiveness of Meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta ad (so-called "conversion tracking").

When using the Meta Pixel, data (including IP address, browser information, location information, device ID, and date and time of the page view) is transmitted to Meta's servers. Transmissions to Meta Platforms Inc., based in the USA, are also possible.

All processing described above, in particular the setting of cookies on the device used, will only be carried out if you have given us your express consent pursuant to § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

Insofar as personal data is collected on our website with the help of the procedure described here and forwarded to Meta, we and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transmission to Meta. The processing carried out by Meta after the transmission is not part of the joint responsibility. The obligations incumbent on us jointly have been laid down in a joint controllership agreement. The agreement is available at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Meta tool and for the implementation of the tool on our website in a manner that is secure under data protection law. Meta is responsible for the data security of the Meta products. Data subject rights (e.g. requests for information) regarding the data processed by Meta can be asserted directly with Meta. If you assert the data subject rights with us, we are obliged to forward them to Meta.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission. In addition, Standard Contractual Clauses of the European Commission provide a further safeguard.

For more information on data protection at Meta, please visit: https://www.facebook.com/privacy/policy/.

10 – Site Functionalities

10.1 Google reCAPTCHA

We use the Google reCAPTCHA service of the following provider on our website: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In addition to the transmission of data to the above provider location, data may also be transmitted to: Google LLC, USA.

This service enables us to check whether an entry on our website (e.g. in a contact form, during a registration or a login) was made by a human or improperly by automated, machine processing. To do this, Google reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the page protected by reCAPTCHA. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor spends on the website, mouse movements). The data collected during the analysis is forwarded to Google.

All processing described above, in particular the reading and storing of information on the user's device, only takes place if you have given us your express consent pursuant to § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service via the "Cookie Consent Tool" provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission. In addition, Standard Contractual Clauses of the European Commission provide a further safeguard.

Further information on Google reCAPTCHA and Google's privacy policy can be found at: https://policies.google.com/privacy?hl=en.

10.2 Google Sign-In

We offer a single sign-on function of the following provider on our website: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In addition to the transmission of data to the above provider location, data may also be transmitted to: Google LLC, USA.

If you have an account with the provider, you can use this account data to create a user account or to register on our website.

When visiting this page, this login function can establish a direct connection between your browser and the provider's servers, even if you do not have an account with the provider or are not logged into one. The provider thus receives the information that you have visited our site. The information collected in this respect (possibly including your IP address) is transmitted from your browser directly to a server of the provider and stored there. However, the information is not used to identify you personally and is not passed on to third parties.

These data processing operations are carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in a user-friendly and interactive design of our online presence.

If you click the login button to register on our website using the data of your account with the provider, the provider will transmit the general and publicly available information stored in your account (user ID, name, address, email address, age and gender) to us solely on the basis of your express consent pursuant to Art. 6(1)(a) GDPR.

We store and use the data transmitted by the provider to set up a user account with the necessary data (salutation, first name, surname, address details, country, email address, date of birth), provided that you have released it to the provider. Conversely, on the basis of your consent, data (e.g. information about your browsing or purchasing behaviour) can be transferred by us to your account with the provider.

The consent given can be withdrawn at any time with effect for the future against us.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission. In addition, Standard Contractual Clauses of the European Commission provide a further safeguard.

Further information on Google's data protection can be found here: https://business.safety.google/privacy/.

10.3 Sign in with Apple

We offer a login function from the following provider on our website: Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland ("Apple"). If you have an Apple ID, you can use these login credentials to create a user account or to register on our website.

When you sign in with Apple, Apple transmits to us — solely on the basis of your express consent pursuant to Art. 6(1)(a) GDPR — the information required for identification (an Apple-managed anonymised email forwarding address or, if you have released it, your Apple ID email address, together with your name). Apple gives you the option to hide your actual email address before transmission ("Hide My Email").

You can withdraw the consent given at any time with effect for the future. For further information on data protection at Apple, please visit: https://www.apple.com/legal/privacy/en-ww/.

11 – Rights of the Data Subject

11.1 The applicable data protection law grants you the following data subject rights vis-à-vis the Controller regarding the processing of your personal data (rights of access and intervention), with reference made to the cited legal basis for the respective conditions of exercise:

• Right of access pursuant to Art. 15 GDPR;
• Right to rectification pursuant to Art. 16 GDPR;
• Right to erasure pursuant to Art. 17 GDPR;
• Right to restriction of processing pursuant to Art. 18 GDPR;
• Right to notification pursuant to Art. 19 GDPR;
• Right to data portability pursuant to Art. 20 GDPR;
• Right to withdraw consent given pursuant to Art. 7(3) GDPR;
• Right to lodge a complaint pursuant to Art. 77 GDPR.

11.2 The competent supervisory authority for data protection complaints is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Deutschland
Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de

You also have the right to lodge a complaint with any other data protection supervisory authority in the European Union — in particular with the supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77 GDPR).

11.3 Right to object

If, as part of a balancing of interests, we process your personal data on the basis of our overriding legitimate interest, you have the right at any time, on grounds arising from your particular situation, to object to this processing with effect for the future.

If you exercise your right to object, we will end the processing of the data concerned. Further processing is, however, reserved if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

12 – Automated Decision-Making

Automated decision-making, including profiling pursuant to Art. 22(1) and (4) GDPR, does not take place. Insofar as we use profiling for advertising purposes within the framework of the services described above (e.g. Google Analytics 4 with demographic features, Google Ads Customer Match), this serves exclusively to deliver advertising in a manner targeted at specific audiences. No decisions are taken which produce legal effects concerning you or which similarly significantly affect you.

13 – Duration of Storage of Personal Data

The duration of storage of personal data is measured against the respective legal basis, the purpose of processing, and – where relevant – additionally against the respective statutory retention period (e.g. commercial and tax law retention periods).

When processing personal data on the basis of express consent pursuant to Art. 6(1)(a) GDPR, the data concerned is stored until you withdraw your consent.

If statutory retention periods exist for data that is processed in the context of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data is routinely deleted after the retention periods have expired, provided it is no longer required for the performance or initiation of the contract and/or we no longer have a legitimate interest in further storage.

When processing personal data on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in the other information in this policy on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.