Social Media | Legal Notice & Privacy Policy

Legal Notice - OACE

Information according to § 5 TMG:

Oace Exclusive GmbH
Köhlstraße 10b
50827 Cologne-Ossendorf

Management:

Alexander Glörfeld

Contact:

Email: care@oace.de
Customer contact form: https://oace.de/pages/kontaktinformationen

Register entry:

Entry in the commercial register.
Commercial Register: Cologne
Registration number: HRB 119405

VAT ID:

VAT identification number according to §27a of the German VAT Act:
DE323002853

Responsible:

Alexander Glörfeld (Managing Director)
Köhlstraße 10b
50827 Cologne-Ossendorf

Shipping of returns:

Oace Exclusive GmbH
c/o Fiege Logistik Stiftung Co. KG
Am Berkhopsfeld 700
30938 Burgwedel Germany

copyright

The content and works created by the website operators on these pages are subject to German copyright law. Reproduction, processing, distribution, and any form of exploitation beyond the limits of copyright law require the written consent of the respective author or creator. Downloads and copies of this page are permitted only for private, non-commercial use. Insofar as the content on this page was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is identified as such. Should you nevertheless become aware of a copyright infringement, please inform us accordingly. Upon notification of legal violations, we will remove such content immediately.

Privacy Policy

We take data protection seriously

Protecting your privacy when processing personal data is very important to us. When you visit our website, our web servers automatically store the IP address of your internet service provider, the website from which you visited us, the pages you visit on our site, and the date and duration of your visit. This information is essential for the technical transmission of the website and the secure operation of the server. This data is not used for personalized analysis.

If you send us data via our contact form, this data will be stored on our servers as part of our data backup procedures. We will use your data solely for processing your request. Your data will be treated with strict confidentiality and will not be shared with third parties.

1. Who is responsible for data processing and who can you contact?

2. Personal data

3. Visit the website

3.1. General Use

3.2. Automatically saved data

3.3. Making contact

3.4. Cookies

3.5. Consent Management

4. Service optimization

4.1. Platform

4.2. Newsletter

5. Tools and services for analysis, statistics and marketing

5.1. Analysis and Statistics

5.2. Advertising and Marketing

5.3. Social Media and Communication

6. Customer account

6.1. Shop and E-Commerce

6.2. Economic analyses and market research

6.3. Payment service providers

6.4. Transport service providers

7. Online presence on social media

8. Safety

9. What data is processed and from which sources does this data originate?

10. What data protection rights do I have?

11. Changes to this Privacy Policy

1. Who is responsible for data processing and who can you contact?

Responsible party:

Oace Exclusive GmbH

Köhlstraße 10b

50827 Cologne

E-mail: support@oace.de

The company's data protection officer is

Mr. Nico Becker

Project 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

Email: anfragen@projekt29.de

Tel.: 0941-2986930

2. Personal data

Personal data is information about you. This includes your name, address, and email address. You do not need to provide any personal data to visit our website. In some cases, we need your name and address, as well as other information, to provide you with the requested service.

The same applies if we send you informational material upon request or if we answer your inquiries. In these cases, we will always inform you accordingly. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data necessary to provide you with that service. We may ask you for additional information, but providing this is entirely voluntary. Whenever we process personal data, we do so to provide you with our service or to pursue our business objectives.

3. Visit the website

3.1. General Use

When you visit our website, our web servers automatically store the IP address of your internet service provider, the website from which you visited us, the pages you visit on our site, and the date and duration of your visit. Processing this information is essential for the technical transmission of the website, the convenient use of our services, and the secure operation of our servers . Our legitimate interest is based on Article 6(1)(f) of the GDPR.

It is not possible to directly identify you from this information, and we will not attempt to do so. The information will be stored and automatically deleted once the aforementioned purposes have been fulfilled. The standard deletion periods are determined by the criterion of necessity.

3.2. Automatically saved data

Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status (file transferred, file not found, etc.)
web browser and operating system used
Full IP address of the requesting computer
amount of data transferred

This data will not be combined with other data sources. Processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For technical security reasons, particularly to defend against attacks on our web server, we temporarily store this data. It is not possible for us to identify individual users based on this data. After a maximum of seven days, the data is anonymized by shortening the IP address to the domain level, making it impossible to link it to a specific user. In anonymized form, the data is also processed for statistical purposes; it is not compared with other data sets or shared with third parties, even in part.

3.3. Making contact

When you contact us (e.g. via contact form, email, telephone or social media), the information provided by the requesting persons will be processed to the extent necessary to answer the contact requests and any requested measures.

Responding to contact requests within the framework of contractual or pre-contractual relationships is done to fulfill our contractual obligations or to answer (pre-)contractual inquiries, and otherwise on the basis of our legitimate interests in answering the inquiries.

Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms).
Affected persons: Communication partners.
Purposes of processing: Contact requests and communication.
Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 lit. f. GDPR).

3.4. Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that allows websites and servers to recognize the specific web browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other web browsers that contain different cookies. A specific web browser can be recognized and identified via the unique cookie ID.

By using session cookies, the data controller can provide users of this website with a user-friendly service that would not be possible without setting cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

We only use personalized cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily consent to tracking and analysis via the displayed cookie banner. Your data may be shared with partners or third-party providers. These cookies will only be stored if you explicitly consent; the legal basis for this is your consent in accordance with Article 6(1)(a) GDPR.

You can change your cookie settings here at any time: https://oace.de/?utm_source=google&utm_medium=cpc&utm_campaign=googleads_search_brand&gclid=CjwKCAjw69moBhBgEiwAUFCx2FkHigD80qLFRHvTm_iBOEwTbcuRntAxdyaWCI118Ih3Os3tXk8VUhoCKA0QAvD_BwE

Usercentrics

This website uses Usercentrics' consent technology to obtain your consent to the storage of certain cookies on your device or the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Website:

https://usercentrics.com/de/ (hereinafter referred to as “Usercentrics”).

When you visit our website, the following personal data will be transferred to Usercentrics:

Your consent(s) or the withdrawal of your consent(s)
Your IP address
Information about your browser
Information about your device
Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser to associate your given consents or their revocation with you. The data collected in this way is stored until you request its deletion, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Article 6(1)(c) GDPR.

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

4. Service optimization

4.1. Platform

Shopify

We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as “Shopify”).

Shopify is a tool for building and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and generates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data related to the purchase (e.g., phone number, sales volume, etc.). Shopify stores cookies in your browser for these analyses.

For details, please refer to Shopify's privacy policy:

https://www.shopify.de/legal/datenschutz .

The use of Shopify is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

WhatsApp chat with Hello Charles

For WhatsApp chat, we use Hello Charles, a software solution from Charles GmbH, Gartenstr. 86-87, 10115 Berlin, under a data processing agreement. This service uses the WhatsApp Business API, meaning WhatsApp has no access to personal data within our area of responsibility. Messages exchanged with us are encrypted when using the Business API, so third parties cannot access the content.

Hello Charles will delete or anonymize your data as soon as it is no longer needed for the purposes of processing, you request its deletion, or you withdraw your consent to its storage.

You can find Hello Charles' privacy policy at: https://www.hello-charles.com/privacy-policy

The use of WhatsApp by each user is governed exclusively by the agreements they have made with WhatsApp. WhatsApp's privacy policy can be found at: https://whatsapp.com/legal/business-policy/ .

Our comment function stores the IP addresses of users who post comments. Since we do not review comments on this website before publication, we need this data to take action against the author in the event of legal violations such as insults or propaganda.

Since corresponding consent was requested in accordance with Art. 6 para. 1 lit. a GDPR, data processing is carried out exclusively on the basis of this consent; this can be revoked at any time with effect for the future by replying to the last message with "STOP".

Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed Content Delivery Network (CDN) with DNS. Technically, the transfer of information between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website in the most error-free and secure way possible (Art. 6 para. 1 lit. f GDPR).

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:

https://www.cloudflare.com/privacypolicy/.

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

Jotform

We have integrated Jotform into this website. The provider is Jotform Inc., 111 Pine St. Suite, 1815 San Francisco, California 94111, USA (hereinafter referred to as Jotform).

Jotform allows us to create online forms to collect messages, inquiries, and other input from our website visitors. All information you enter is processed on Jotform's servers.

The use of Jotform is based on our legitimate interest in the greatest possible safety.

user-friendly investigation of your request (Art. 6 para. 1 lit. f GDPR).

The data you entered in the form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, retention periods – remain unaffected.

Data transfers to the USA are secured by EU Standard Contractual Clauses, which we have concluded with Jotform. Details can be found here: https://www.jotform.com/gdpr-compliance/dpa/ .

unpkg

We use the unpkg service as a Content Delivery Network (CDN). The files integrated via unpkg are open source and can therefore be viewed and reviewed at any time. This integration is based on Article 6 Paragraph 1 Letter f of the GDPR, stemming from our legitimate interest in enhancing our website and providing a technically secure, maintenance-free, and efficient way to integrate external libraries and frameworks. Since unpkg uses the hosting provider Cloudflare to deliver the data, requests sent to these servers may be stored for statistical or other purposes. According to Cloudflare, the collected raw data is deleted within 4 hours, but no later than 3 days. Further information about unpkg and Cloudflare's privacy policy can be found at unpkg.com and cloudflare.com/de-de/privacypolicy/ .

Using Bugsnag

We use "Bugsnag" for our application, a service provided by Bugsnag Inc., 939 Harrison St, San Francisco, CA 94107, USA (hereinafter referred to as "Bugsnag"). Bugsnag enables us to identify errors in our application that have led to a malfunction or crash. Bugsnag uses cookies for this purpose; these are small text files that are stored on your device. When an error occurs, the cookie transmits anonymized technical data, such as browser data, details of the page accessed on our website, and the requesting IP address, to a Bugsnag server in the USA, where it is stored. On our behalf, Bugsnag will use this information to analyze your use of the website, identify the source of the error, and thus enable us to fix the error and optimize our application.

We use Bugsnag for efficient error correction and thus for optimizing our website. This also constitutes our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is Article 6(1)(f) GDPR.

https://docs.bugsnag.com/legal/privacy-policy/

Trustpilot reviews

We participate in the review process of the provider Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark.

Trustpilot offers users the opportunity to rate our services. Users who have used our services are asked for their consent to receive a review request. If users have given their consent (for example, by clicking a checkbox or a link), they will receive a review request with a link to a review page. To ensure that users have actually used our services, we transmit the necessary data to Trustpilot regarding the user and the service used (this includes name, email address, and a reference number). This data is used solely for verifying the user's authenticity and addressing them directly.

The legal basis for processing the user's data within the framework of the evaluation procedure is consent pursuant to Art. 6 para. 1 lit. a. GDPR.

To submit a review, you need to create a Trustpilot account. In this case, Trustpilot's terms and conditions and privacy policy apply. To ensure the neutrality and objectivity of the reviews, we have no direct influence on them and cannot delete them ourselves. For this, we ask users to contact Trustpilot.

Furthermore, we may integrate the Trustpilot widget into our website. A widget is a functional and content element embedded within our online service that displays dynamic information. While the content is displayed within our online service, it is retrieved from Trustpilot's servers at that moment. This ensures that the content, especially the current rating, is always up-to-date. For this to work, a data connection must be established between the page accessed within our online service and Trustpilot, and Trustpilot receives certain technical data (access data, including the IP address) necessary for delivering the content. Trustpilot also receives information that users have visited our online service. This information can be stored in a cookie and used by Trustpilot to identify which online services participating in the Trustpilot rating system have been visited by the user. The information can be stored in a user profile and used for advertising or market research purposes.

Since we ask users for their consent to the processing of their data through the use of cookies, the legal basis for the processing is Art. 6 para. 1 lit. a. GDPR.

Users can find further information about the processing of their data by Trustpilot, as well as their rights to object and other data subject rights, in Trustpilot's privacy policy: https://de.legal.trustpilot.com/end-user-privacy-terms .

Klaviyo

This website uses Klaviyo's services for sending newsletters. The provider is Klaviyo, 225 Franklin St, Boston, MA 02110, USA.

Klaviyo is a service that can be used, among other things, to organize and analyze the sending of newsletters. If you enter data for the purpose of subscribing to the newsletter (e.g., email address), this data will be stored on Klaviyo's servers in the USA.

Klaviyo helps us analyze our newsletter campaigns. If you have a campaign with

When you open an email sent by Klaviyo, a file embedded in the email (a so-called web beacon) connects to Klaviyo's servers in the USA. This allows Klaviyo to determine whether a newsletter message has been opened and which links, if any, have been clicked. Technical information is also collected (e.g., time of access, IP address, browser type, and operating system). This information cannot be linked to individual newsletter recipients. It is used solely for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

If you do not want your data analyzed by Klaviyo, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter email. Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.

The data you provided for the purpose of subscribing to our newsletter will be stored by us or our newsletter service provider until you unsubscribe. After you unsubscribe, your data will be deleted from the newsletter distribution list. Data stored for other purposes will remain unaffected.

Data transfers to the USA are based on the EU Commission's standard contractual clauses.

Details can be found here: https://www.klaviyo.com/legal/dpa

After you unsubscribe from the newsletter mailing list, your email address will be deleted by us or the

Newsletter service providers may be stored on a blacklist if this is necessary to prevent future subscriptions.

Mailings are required. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage on the blacklist is not time-limited. You can object to this storage if your interests outweigh our legitimate interest.

For more information, please see Klaviyo's privacy policy at:

https://www.klaviyo.com/legal/privacy-notice

5. Tools and services for analysis, statistics and marketing

5.1. Analysis and Statistics

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other data.

technologies can be integrated on our website. The Google Tag Manager itself does not create any

It does not store user profiles, cookies, or perform independent analyses. It serves solely to manage and deploy the tools integrated through it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR.

Website operators have a legitimate interest in the quick and easy integration and management of various tools on their website. This is subject to the necessary consent. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Google Analytics (4)

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows website operators to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user's origin. This data is aggregated into a user ID and assigned to the respective device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse movements, scrolling, and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data and employs machine learning technologies for data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the USA. The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG. You may withdraw your consent at any time.

Google is certified under the Data Privacy Framework program. Together with the EU Commission's adequacy decision regarding the USA, this justifies data transfers to the USA.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de . More information about how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Google Analytics E-Commerce Measurement

This website uses the "E-Commerce Measurement" feature of Google Analytics. E-Commerce Measurement allows the website operator to analyze the purchasing behavior of website visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product are collected. This data can be aggregated by Google under a transaction ID that is assigned to the respective user or their device.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website: https://www.hotjar.com ).

Hotjar is a tool for analyzing your user behavior on this website. With Hotjar, we can record your mouse movements, scrolling, and clicks, among other things. Hotjar can also determine how long you hover your mouse over a specific area. From this information, Hotjar creates heatmaps that show which areas of the website are most frequently viewed by visitors.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

Furthermore, Hotjar allows you to collect direct feedback from website visitors.

This function serves to improve the website operator's web offerings.

Hotjar uses technologies that recognize the user for the purpose of analyzing...

enable user behavior (e.g., cookies or the use of device fingerprinting).

The use of this analytics tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

If you wish to disable data collection by Hotjar, click on the following link and follow the instructions there:

https://www.hotjar.com/policies/do-not-track/

Please note that Hotjar must be deactivated separately for each browser and device. For more information about Hotjar and the data it collects, please see Hotjar's privacy policy at the following link:

https://www.hotjar.com/privacy

5.2. Advertising and Marketing

Google Doubleclick

This website uses features of Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “DoubleClick”).

DoubleClick is used to show you interest-based ads across Google.

To display advertising within the advertising network. The advertisements can be targeted to the interests of the individual viewer using DoubleClick. For example, our advertising may appear in Google search results or in banner ads connected to DoubleClick.

In order to display interest-based advertising to users, DoubleClick must analyze the respective user profile.

DoubleClick uses cookies or similar technologies to recognize users and associate their visited websites, clicks, and other information about their user behavior.

The system uses recognition technologies (e.g., device fingerprinting). The collected information is compiled into a pseudonymous user profile in order to display interest-based advertising to the user in question.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. This consent can be revoked at any time.

Further information on how to object to the ads displayed by Google

For advertisements, please see the following links:

https://policies.google.com/technologies/ads and

https://adssettings.google.com/authenticated .

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google.

Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites.

to display ads when the user enters specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be based on user data already available at Google (e.g.,

Location data and interests are used to display relevant information (target group targeting). We, as website operators,

We can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. You may withdraw your consent at any time. Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:

https://policies.google.com/privacy/frameworks and

https://privacy.google.com/businesses/controllerterms/mccs/ .

Facebook Pixel

This website uses Facebook's visitor action pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have clicked on a

Facebook ad redirects to the provider's website. This allows the

The effectiveness of Facebook ads was evaluated for statistical and market research purposes.

and future advertising measures will be optimized.

The data collected is anonymous for us as the operators of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy. This allows Facebook to display advertisements on Facebook pages as well as on websites outside of Facebook. We, as the website operators, have no influence over this use of data.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. This consent can be revoked at any time.

Data transfers to the USA are based on the USA's adequacy decision and Facebook's certification under the Data Privacy Framework program.

To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The subsequent processing by Facebook is not part of this joint responsibility. Our joint obligations are set out in a joint controllership agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum .

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for ensuring its data protection-compliant implementation on our website. Facebook is responsible for the data security of its products. You can assert your data subject rights (e.g., requests for access) regarding data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.

You can find further information on protecting your privacy in Facebook's data policy: https://de-de.facebook.com/about/privacy/ .

You can also use the "Custom Audiences" remarketing feature in the settings section for

To disable ads, go to https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen .

You must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate Facebook's interest-based advertising on the European Interactive Digital Advertising Alliance website:

http://www.youronlinechoices.com/de/praferenzmanagement/ .

TikTok Pixel

We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok advertising tool provided by both TikTok and TikTok.

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and
TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both hereinafter referred to collectively as “TikTok”).

The TikTok Pixel is a snippet of JavaScript code that allows us to understand and track visitor activity on our website. The TikTok Pixel collects and processes information about visitors to our website or the devices they use (so-called event data).

The event data collected via the TikTok pixel is used for targeting our advertisements, improving ad delivery, and for personalized advertising. For this purpose, the event data collected on our website using the TikTok pixel is transmitted to Facebook TikTok.

Some of this event data is information stored on your device. Additionally, the TikTok Pixel uses cookies to store information on your device. Such storage of information by the TikTok Pixel, or access to information already stored on your device, only occurs with your consent. The legal basis for our collection and transfer of personal data to TikTok is therefore Article 6(1)(a) of the GDPR. You can withdraw your consent at any time via our consent management tool.

This collection and transmission of event data is carried out by us and TikTok as joint controllers. We have entered into a joint controllership agreement with TikTok, which defines the distribution of data protection responsibilities between us and TikTok. In this agreement, we and TikTok have agreed, among other things, to...

that we are responsible for providing you with all information pursuant to Articles 13 and 14 of the GDPR regarding the joint processing of personal data;
that TikTok is responsible for enabling the rights of data subjects pursuant to Articles 15 to 20 GDPR with regard to the personal data stored by Facebook Ireland after joint processing.

You can access the agreement concluded between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871 .

TikTok is solely responsible for the subsequent processing of the transmitted event data. Further information on how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights with respect to TikTok, can be found in TikTok's Data Policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE .

5.3. Social Media and Communication

Pinterest tag

We have integrated the Pinterest tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest tag is used to track certain actions you perform on our website. This data can then be used to display interest-based advertising to you on our website or on other sites within the Pinterest tag advertising network.

For this purpose, the Pinterest tag collects, among other things, a tag ID, your location, and the referrer URL. Furthermore, action-specific data such as order value, order quantity, order number, category of purchased items, and video views can be collected.

The Pinterest tag uses technologies that enable cross-site user recognition for the analysis of user behavior (e.g., cookies or device fingerprinting).

The use of the Pinterest tag is based on Article 6(1)(f) GDPR.

The website operator has a legitimate interest in the most effective marketing measures possible. If the necessary consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

You can find more information about the Pinterest tag here:

https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag .

Instagram plugin via Elfsight Instagram Feed CC

Our website integrates features of the Instagram service. These features are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

The Elfsight Instagram Feed CC plugin loads images directly from Instagram. All other data is collected and cached server-side. When you, as a visitor to our website, load the content, it is retrieved from Elfsight's cache for the Instagram feed. No personal data is collected for this data request.

Further information on Elfsight's data protection policy can be found at:

https://elfsight.com/privacy-policy/

Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/

Online presence on Facebook, TikTok, Twitter, Instagram, LinkedIn, Xing, Pinterest

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored when you visit our online presence on the aforementioned social media platforms for market research and advertising purposes. Pseudonymous user profiles will be created from this data. These profiles can be used, for example, to display advertisements both on and off the platforms that are likely to correspond to your interests. Cookies are generally used for this purpose. Detailed information on the processing and use of data by the respective social media operator, as well as contact options and your related rights and settings for protecting your privacy, can be found in the providers' privacy policies linked below. Should you require further assistance, please feel free to contact us.

Social Plugins Facebook, Instagram, TikTok and Pinterest

Our website uses social media buttons from social networks. These are simply embedded as HTML links, so no connection is established with the servers of the respective provider when you visit our website. Clicking on one of the buttons opens the website of the respective social network in a new browser window. There you can, for example, click the Like or Share button.

6. Customer account

Contractual partners can create an account within our online service (e.g., customer or user account, hereinafter referred to as "customer account"). If registration of a customer account is required, contractual partners will be informed of this, as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, as well as during subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to verify the registration and prevent any misuse of the customer account.

When customers terminate their customer account, the data relating to the customer account will be deleted, unless its retention is required for legal reasons. It is the customer's responsibility to back up their data after terminating their customer account. The legal basis for data processing is therefore Article 6(1)(b) GDPR.

6.1. Shop and E-Commerce

We process our customers' data to enable them to select, purchase, or order their chosen products, goods, and related services, as well as to facilitate payment, delivery, and fulfillment. If necessary for order fulfillment, we use service providers, particularly postal, freight forwarding, and shipping companies, to carry out delivery or fulfillment for our customers. We utilize the services of banks and payment service providers for processing payments. The required information is marked as such during the ordering or similar purchase process and includes the data necessary for delivery, provision, and invoicing, as well as contact information to allow for any necessary follow-up.

Types of data processed : Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. email, telephone numbers), contract data (e.g. subject matter of the contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Affected persons : prospective customers, business and contractual partners, customers.
Purposes of processing : Provision of contractual services and customer service, contact requests and communication, office and organizational procedures, administration and answering of inquiries, security measures, conversion measurement (measuring the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creating user profiles).
Legal basis : Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

6.2. Economic analyses and market research

For business reasons and in order to recognize market trends, the wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc., whereby the group of persons affected may include contractual partners, prospective customers, customers, visitors and users of our online service.

The analyses are conducted for the purposes of business evaluations, marketing, and market research (e.g., to identify customer groups with different characteristics). Where available, we may consider the profiles of registered users, including their information such as details of services used. These analyses are solely for our internal use and will not be disclosed externally, unless they are anonymous analyses with aggregated, i.e., anonymized, data. Furthermore, we respect user privacy and process data for analytical purposes using pseudonyms wherever possible and, where feasible, anonymously (e.g., as aggregated data).

6.3. Payment service providers

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use additional payment service providers besides banks and credit institutions (collectively "payment service providers") for this purpose.

The data processed by payment service providers includes master data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. This information is required to process the transactions. However, the entered data is processed and stored only by the payment service providers. This means we do not receive any account or credit card information, but only confirmation or rejection of the payment. The payment service providers may transmit the data to credit reference agencies for identity and creditworthiness verification. Please refer to the terms and conditions and privacy policies of the payment service providers for further information.

The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions and can be accessed on their respective websites or transaction applications. We also refer you to these for further information and to exercise your rights of withdrawal, access, and other data subject rights.

The following payment service providers are used:

PayPal
Apple Pay
Google Pay
Klarna
Credit card (Visa, Mastercard)

6.4. Transport service providers

For the purpose of delivering ordered goods, we work with logistics service providers/transport companies and/or shipping partners to whom the following data is transmitted for the purpose of delivering the ordered goods or for the purpose of shipment notification: first name, last name, postal address, and, if applicable, email address and telephone number. The legal basis for this processing is Article 6(1)(b) GDPR.

7. Online presence on social media

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored when you visit our online presence on our social media channels for market research and advertising purposes. Pseudonymous user profiles will be created from this data. These profiles can be used, for example, to display advertisements both on and off the platforms that are likely to correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as contact options and your related rights and settings for protecting your privacy, please refer to the linked privacy policies of the providers on their websites. Should you require further assistance, please feel free to contact us.

8. Safety

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees and service providers are bound by applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before transmission. This means that your data cannot be misused by third parties. Our security measures are subject to continuous improvement, and our privacy policy is constantly being revised. Please ensure you have the most up-to-date version.

9. What data is processed and from which sources does this data originate?

We process the data that we have received from you in the context of contract initiation or execution, based on consents, or in the context of your application to us or your employment with us.

Personal data includes:

For customers : First and last name, address, contact details (email address, telephone number, fax), bank details.

For applicants and employees : first and last name, address, contact details (email address, telephone number, fax), date of birth, data from CV and work references, bank details, religious affiliation, photographs.

For business partners : Name of their legal representatives, company name, commercial register number, VAT ID number, business number, address, contact person details (email address, telephone number, fax), bank details.

For competition participants, this includes first and last name, email address or social media account.

In addition, we also process the following other personal data:

Information about the type and content of contract data, order data, sales and invoice data, customer and supplier history, and consulting documents,
Advertising and sales data,
Data that we generate ourselves from master/contact data as well as other data, such as through customer needs and customer potential analyses,

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended from time to time:

for the fulfillment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

Your data is processed for online contract management and for managing your employment contract with our company. The data is processed particularly during the initiation of business and the execution of contracts with you.

to fulfill legal obligations (Art. 6 para. 1 lit.c GDPR):

The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g., under the German Commercial Code or the German Fiscal Code.

for the purposes of legitimate interests (Art. 6 para. 1 lit. f GDPR):

Based on a balancing of interests, data processing beyond the actual fulfillment of the contract may occur to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests occurs, for example, in the following cases:

- Advertising or marketing

- Measures for business management and further development of services and products;

- in the context of legal proceedings

within the scope of your consent (Art. 6 para. 1 lit. a GDPR):

If you have given us your consent to process your data, e.g. to send you our newsletter

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either in general or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Under the legal provisions of Section 7 Paragraph 3 of the German Unfair Competition Act (UWG), we are entitled to use the email address you provided when concluding the contract for direct marketing of our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to our newsletter.

If you do not wish to receive such recommendations from us via email, you can object to the use of your email address for this purpose at any time, without incurring any costs other than the standard transmission fees. A written notification is sufficient. Of course, every email also contains an unsubscribe link.

Who receives my data?

When we use a service provider for data processing, we remain responsible for the protection of your data. All data processors are contractually obligated to treat your data confidentially and to process it only within the scope of providing their services. The data processors we engage receive your data only if they require it to fulfill their respective services. These include, for example, IT service providers that we need for the operation and security of our IT system, as well as advertising and address publishers for our own advertising campaigns.

In the event of a legal obligation or in the context of legal proceedings, authorities and courts as well as external auditors may be recipients of your data.

Furthermore, for the purpose of initiating and fulfilling contracts, insurance companies, banks, credit agencies and service providers may be recipients of your data.

How long will my data be stored?

We process your data until the business relationship ends or until the applicable statutory retention periods expire (e.g., under the Commercial Code, the Tax Code, or the Working Time Act); furthermore, until the conclusion of any legal disputes in which the data is required as evidence.

10. What data protection rights do I have?

You have the right to information, rectification, erasure or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:

You can request information from us about whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:

You can request that we delete your data if we process it unlawfully or if the processing disproportionately infringes upon your legitimate interests. Please note that there may be reasons that prevent immediate deletion, for example, in the case of legally mandated retention periods.

Regardless of whether you exercise your right to erasure, we will delete your data immediately and completely, unless there is a contractual or legal obligation to retain it.

Right to restriction of processing:

You can request that we restrict the processing of your data if

- You dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data.

- the processing of the data is unlawful, but you refuse deletion and instead request a restriction of data use,

- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or

- You have objected to the processing of your data.

Right to data portability:

You can request that we provide you with your data that you have provided to us in a structured, commonly used and machine-readable format, and that you can transmit this data to another controller without hindrance from us, provided that

- we process this data based on your consent, which you can revoke, or to fulfill a contract between us, and

- this processing is carried out using automated procedures.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:

If we process your data based on legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims. You can object to the processing of your data for direct marketing purposes at any time without giving reasons.

Right to appeal:

If you believe that we have violated German or European data protection law in processing your data, please contact us so that we can clarify any questions. You also have the right, of course, to contact the supervisory authority responsible for your region, the respective state data protection authority.

If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Am I obligated to provide data?

The processing of your data is necessary for the conclusion and/or fulfillment of your contract with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obligated to give your consent to data processing for data that is not relevant to the fulfillment of the contract or not required by law.

11. Changes to this Privacy Policy

We reserve the right to amend our privacy policy if necessary due to new technologies. Please ensure you have the most up-to-date version. If fundamental changes are made to this privacy policy, we will announce them on our website.

Social Media | Legal Notice & Privacy Policy

Legal Notice - OACE

Privacy Policy

We take data protection seriously

TABLE OF CONTENTS

1. Who is responsible for data processing and who can you contact?

2. Personal data

3. Visit the website

3.1. General Use

3.2. Automatically saved data

3.3. Making contact

3.4. Cookies

3.5. Consent Management

4. Service optimization

4.1. Platform

4.2. Newsletter

5. Tools and services for analysis, statistics and marketing

5.1. Analysis and Statistics

5.2. Advertising and Marketing

5.3. Social Media and Communication

6. Customer account

6.2. Economic analyses and market research

6.3. Payment service providers

6.4. Transport service providers

7. Online presence on social media

8. Safety

9. What data is processed and from which sources does this data originate?

10. What data protection rights do I have?

11. Changes to this Privacy Policy