Data privacy policy

Data privacy policy

We take the protection of your personal data very seriously and apply the utmost care and highest security standards to protect your personal data from unauthorized access. We process your personal data exclusively in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (DS-GVO) and the Federal Data Protection Act (BDSG), as well as on the basis of this privacy policy.

This privacy policy informs you in accordance with Art. 12 et seq. DSGVO about the handling of your personal data when using our website. In particular, it explains which data we collect and what we use it for. Through this, we would like to provide you with all the information you need to review and exercise your rights regarding data protection.

1. Responsible

Responsible for the processing of your personal data on this website is:

PUSTEFIX GmbH

Bahnhofstraße 29

72072 Tuebingen
Germany

Phone: 0049-7071-79 10 06

E-Mail: bubbles@pustefix.de

2. Data protection officer

You can reach our data protection officer at:

PUSTEFIX GmbH

– Data protection officer –

Bahnhofstraße 29

72072 Tuebingen

Germany
E-Mail: bubbles@pustefix.de

3. Data processing when visiting our website

For the purpose of the technical provision of the website, it is necessary that we process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time our website is called up and automatically stored in so-called server log files:

– IP address of the requesting computer

– Host name of the accessing computer

– Identification data of the browser and operating system used

– Date and time of access

– Website from which the access is made (referrer URL)

This data is processed for the purpose of enabling the use of the website (connection establishment), system security, technical administration and network infrastructure. In addition to the aforementioned purposes, we use server log files solely for the purpose of designing and optimizing our website in line with demand, purely statistically and without any inference to your person.

The access data collected in the course of using our website is only stored for the period of time for which this data is required to achieve the aforementioned purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.

Insofar as you visit our website in order to obtain information about our range of products and services or to use them, the legal basis for the temporary storage and processing of access data is Art. 6 para. 1 p. 1 lit. b DSGVO, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 (1) sentence 1 lit. f DSGVO serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.

4. Newsletter mailing

If you subscribe to our e-mail newsletter, we will send you information about our offers on a regular basis. Mandatory information for sending the newsletter is only your e-mail address. The provision of any other data is voluntary and will be used to address you personally. For sending the newsletter we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you consent to the sending of newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on an appropriate link.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 (1) lit. a DSGVO.

When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later date. We also store your registration in order to be able to prove that you have registered and agreed.

For the processing for the purpose of proving consent, the legal basis is Art. 6 (1) lit. f DSGVO, whereby our legitimate interest is to defend ourselves against possible legal claims.

The data collected by us when you register for the newsletter will be used exclusively for promotional purposes by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data in a manner that goes beyond this, which is permitted by law and about which we inform you in this declaration.

For the purpose of sending the newsletter, we will store your data until you revoke your consent or until we finally discontinue sending the newsletter. For the purpose of proving consent until March 31 of the fourth calendar year following the last promotional e-mail dispatch.

For the purpose of statistical analysis of the newsletters, we use so-called web beacons or tracking pixels in the newsletters, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on.

The legal basis for the data processing is your consent pursuant to Art. 6 (1) lit. a DSGVO.

With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system).

The data is collected exclusively in pseudonymous form and is not linked to your other personal data; direct personal reference is thus excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

You can revoke your consent to data analysis for statistical evaluation purposes at any time by unsubscribing from the newsletter.

5. Contact

On our website you will find inquiry or contact forms as well as postal addresses, telephone numbers and e-mail addresses that you can use to contact our company. The personal data you provide for this purpose (such as your name, e-mail address, telephone number or address) will be processed solely for the purpose of handling your inquiry and communicating with you.

We base the processing on our legitimate interest in contacting and communicating with you (Art. 6 para. 1 p. 1 lit. f DSGVO). If you are interested in our offers, we base the processing on the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b DSGVO).

We process the data you provide in the course of contacting and communicating with us until the purpose for the processing no longer applies (e.g. after processing of your inquiry has been completed) and no mandatory legal provisions (e.g. retention periods) prevent deletion.

6. Processing when shopping in our webshop / customer account

In case of an order in our webshop you have the choice to order as a guest or to create a customer account. Registration is not required for an order.

If you purchase products from us in our webshop at www.pustefix.de, we process your personal data (such as your name, e-mail address, or address) to fulfill our contractual obligations.

The legal basis for the data processing is Art. 6 para. 1 lit. b DSGVO.

We store your data as long as this is necessary for the execution of the purchase contract, including invoicing. In order to comply with statutory retention obligations, we store your data in the case of business and commercial letters and other tax-relevant documents until March 31 of the seventh calendar year after they arise, and in the case of accounting documents of the eleventh calendar year after they arise. There is no legal or contractual obligation to provide the personal data. However, the provision is necessary for the conclusion of the contract. Failure to provide the data will mean that no contract can be concluded.

As far as permissible, further processing of your personal data for marketing purposes is based on our legitimate interest in direct marketing (Art. 6 para. 1 lit. f DSGVO). In this case, the data may also be passed on to service providers. You have the right to object to the use of your personal data for the purpose of direct marketing at any time. In the event of an objection, your personal data will no longer be processed for marketing purposes.

You can create a password-protected customer account on our website. For this purpose, your data required for the use of the webshop will be processed. This is your inventory data (name, address, e-mail, telephone number, etc.), your access data (e-mail address, password) and data about your completed, open and recently shipped orders. You can update this data at any time and also close the customer account.

Within the scope of registration and subsequent logins and uses of the customer account, we store the IP addresses of the customers along with the access times in order to prove the registration and to be able to prevent any misuse of the customer account.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b, f DSGVO.

We store your data until you delete your user account or until legal retention obligations prevent the deletion of your data. Shopping carts of non-registered users are deleted after 2 hours. Contractual data is processed until the statute of limitations of possible post-contractual obligations.

7. Lotteries

If you participate in sweepstakes conducted by us, you declare your consent to the processing of the data entered by you by the person responsible under data protection law for the purpose of conducting the sweepstakes on the basis of the sweepstakes contract concluded with it (Art. 6 (1) lit. b DSGVO) until the completion of the sweepstakes.

There is no legal or contractual obligation to provide the personal data. However, the provision is necessary for participation in the sweepstakes. Failure to provide the data will only result in you not being able to participate in the competition.

There will be further processing of the data, which is compatible with the original processing purpose, on the basis of our legitimate interest in direct marketing (Art. 6 para. 1 lit. f DSGVO), such as the addressed postal dispatch of advertising, until objection is made. In this case, the data will be forwarded to the shipping service provider. You have the right to object to the use of your personal data for the purpose of direct advertising at any time by written notification. In the event of objection, your personal data will no longer be processed for the purpose of direct advertising.

8. Cookies

If you agree, this website uses cookies. Cookies do not harm your computer and do not contain viruses. Cookies make websites more user-friendly and efficient for the user. A cookie is a small text file that is used to store information. When a website is visited, the website may place a cookie on the website visitor’s computer. If the user visits the website again later, the website can read the data from the previously stored cookie and thus determine, for example, whether the user has visited the website before and which areas of the website the user was particularly interested in.

9. Change cookie settings

How the web browser handles cookies, which cookies are allowed or rejected, can be defined by the user in the web browser settings. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser. If the use of cookies is restricted, not all functions of this website may be fully usable.

10. Cookies on our website

Most of the cookies we use are so-called “session cookies”. They are automatically deleted after the end of your visit or your browser session (so-called transient cookies). Other cookies remain stored on your terminal device for a specified period of time or until you delete them (so-called persistent cookies). These cookies allow us to recognize your browser on your next visit.

Some of the cookies we use on our website come from third parties that help us analyze the impact of our website content and visitors’ interests, measure the power and performance of our website, or serve customized advertising and other content to our or other websites.

The cookie-based data processing is carried out on the basis of your consent pursuant to Art. 6 (1) sentence 1 lit. a DSGVO or to protect our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO. Our legitimate interests here lie in particular in being able to provide you with a technically optimized website that is user-friendly and tailored to your needs, as well as to ensure the security of our systems.

You can revoke any consent you have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. By making the appropriate settings, you can also object to processing based on legitimate interests.

Our website processes cookies described below (see cookie settings).

11. Google Analytics

If you agree, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The cookies are stored by Google on your computer for a period of up to two years. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We have extended Google Analytics on this website with the code “gat._anonymizeIp();” to ensure that your IP address is not recorded in full length, but only in shortened form (so-called IP masking). Although this makes it more difficult to identify you, it cannot be ruled out that Google may link your IP address with other identifiers and assign them to you.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO. By consenting to the processing, you consent at the same time pursuant to Art. 49 para. 1 sentence 1 lit. a DSGVO that your data is processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. Therefore, it cannot be ruled out that US security authorities may issue orders to our service provider to gain access to data. In addition, legal protection options are currently only available to a limited extent.

Information about how Google processes your data can be found in Google’s privacy policy: https://policies.google.com/technologies/partner-sites?hl=de and https://policies.google.com/privacy

12. Google Tag Manager

On our website, if you agree, we use the “Google Tag Manager” of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Through this service, website tags can be managed via an interface. Tags are small pieces of code on a website that are used to measure visitor traffic and behavior on our website, track the impact of online advertising and social channels, and test and optimize the website. Google Tag Manager implements tags and uses a set of triggering rules that determine when these tags should be used on a website. When you visit our website, the specified tags are triggered and the corresponding cookies are loaded into your browser. However, Google Tag Manager does not access this data. By using Google Tag Manager, your use of our website will be more efficient and faster, as managing the correct tags will speed up our website. If a deactivation of Google Tag Manager has been made at the domain or cookie level, it will remain in place for all tracking tags insofar as they are implemented with Google Tag Manager.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO. By consenting to the processing, you consent at the same time pursuant to Art. 49 para. 1 sentence 1 lit. a DSGVO that your data is processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. Therefore, it cannot be ruled out that US security authorities may issue orders to our service provider to gain access to data. In addition, legal protection options are currently only available to a limited extent.

Information on how Google processes your data can be found in Google’s privacy policy: https://policies.google.com/technologies/partner-sites?hl=de and https://policies.google.com/privacy

13. Google AdSense

If you agree, this website uses Google AdSense, a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to embed advertisements.

Google AdSense uses cookies, which are stored on your computer for a period of 365 days and which allow an analysis of the use of the website. Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as visitor traffic to these pages can be analyzed.

The information generated by cookies and web beacons about the use of this website (including your IP address) and delivery of advertising formats will be transmitted to and stored by Google on servers in the United States. This information may be passed on by Google to contractual partners of Google.

You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO. By consenting to the processing, you consent at the same time pursuant to Art. 49 para. 1 sentence 1 lit. a DSGVO that your data will be processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. Therefore, it cannot be ruled out that US security authorities may issue orders to our service provider to gain access to data. In addition, legal protection options are currently only available to a limited extent.

14. Hotjar

If you agree, this website uses Hotjar, a web analytics service provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta, Europe (hereinafter “Hotjar”) to analyze the usage behavior of our website.

Hotjar enables us to log and evaluate your usage behavior on our website, such as your mouse movements or mouse clicks. However, your visit to our website is anonymized. In addition, Hotjar analyzes information about your operating system, your Internet browser, incoming or outgoing links, the geographical origin as well as the type and trigger of the terminal device you are using and processes this information for statistical purposes. Likewise, Hotjar may obtain direct feedback from you.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.

For more information about privacy at Hotjar, please visit: https://www.hotjar.com/privacy and https://help.hotjar.com/hc/en-us/sections/360007812474-Compliance.

15. YouTube

If you agree, this website uses the YouTube button of the social network YouTube, which is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”); parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you call up the embedded video, a connection is established to the servers of the provider YouTube in the USA and certain information (e.g. your IP address) is sent to the provider, even if you are not logged in to the provider. We do not obtain knowledge of the type and scope of the data collected by YouTube and have no influence on its use. The purpose and scope of the data collection and the further processing and use of the data by YouTube, as well as your rights in this regard and setting options for protecting your privacy, can be found in the privacy notices of Google: https://policies.google.com/privacy.

The cookies used when using YouTube are stored for a period of up to one year.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO. By consenting to the processing, you consent at the same time pursuant to Art. 49 (1) sentence 1 lit. a DSGVO that your data is processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. Therefore, it cannot be ruled out that US security authorities may issue orders to our service provider to gain access to data. In addition, legal protection options are currently only available to a limited extent.

Information on how Google processes your data can be found in Google’s privacy policy: https://policies.google.com/technologies/partner-sites?hl=de

16. Google Maps /Google Earth

If you agree, our website uses Google Maps/ Google Earth of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

When using Google Maps, Google also collects, processes and uses data about the use of the Maps functions by visitors to the websites. The terms of use for Google Maps can be found at https://www.google.com/intl/de_DE/help/terms_maps/, Google’s privacy policy at https://policies.google.com/technologies/partner-sites?hl=de

The storage period of the cookies set for Google Maps is up to six months. The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO. By consenting to the processing, you consent at the same time pursuant to Art. 49 para. 1 sentence 1 lit. a DSGVO that your data is processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. Therefore, it cannot be ruled out that US security authorities may issue orders to our service provider to gain access to data. In addition, legal protection options are currently only available to a limited extent.

17. Microsoft Advertising Conversion-Tracking

If you agree, this website uses Microsoft Advertising Converison tracking, an analysis service of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft Advertising”). Microsoft Advertising sets a cookie on your computer (“conversion cookie”) if you have accessed our website via a Microsoft Advertising ad. These cookies lose their validity after 30 days and are not used for personal identification.

When you visit our website, we and Microsoft Advertising can recognize which ad directed you to our site. The information collected using the conversion cookie is used to compile statistics. We can thus evaluate the total number of users who clicked on our ad. However, we do not receive any information with which users can be personally identified.

Further information and the privacy policy of Microsoft Advertising can be found at: https://privacy.microsoft.com/de-de/privacystatement.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO. By consenting to the processing, you consent at the same time pursuant to Art. 49 para. 1 sentence 1 lit. a DSGVO that your data will be processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. Therefore, it cannot be ruled out that US security authorities may issue orders to our service provider to gain access to data. In addition, legal protection options are currently only available to a limited extent.

18. Facebook Pixel

If you agree, this website uses the so-called “Facebook pixel” of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 (parent company: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA) (“Facebook”). In the process, a cookie is set on your computer (“conversion cookie”) if you have reached our website via a Microsoft Advertising ad.

In particular, the Facebook pixel allows us to track users’ actions after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising efforts.

With the help of the Facebook pixel, it is also possible for Facebook to determine the users of our website as a target group for the display of ads (“Facebook Ads”).

We also use the Facebook pixel in this respect in order to display the advertising placed by us only to those users on Facebook and the partners cooperating with Facebook who also have an interest in our online offering or who have certain characteristics transmitted by us.

We cannot draw any conclusions about the identity of the users based on the data collected. However, the data is processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/).

For more information and details about the Facebook Pixel and how it works, please visit https://www.facebook.com/business/help/742478679120153?id=1205376682832142.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO. By consenting to the processing, you consent at the same time pursuant to Art. 49 para. 1 sentence 1 lit. a DSGVO that your data will be processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. Therefore, it cannot be ruled out that US security authorities may issue orders to our service provider to gain access to data. In addition, legal protection options are currently only available to a limited extent.

19. More recipients

In order for us to process your data in accordance with the purposes described above, it may also be necessary to transfer your data to other recipients for processing.

We may transfer personal data to other companies within our group of companies or grant them access to this data. Where this transfer is for administrative purposes, the transfer of data is based on our legitimate business and business interests or is made where it is necessary for the performance of our contract-related obligations or where there is consent from the data subjects or legal permission.

We process your personal data with the support of order processors who assist us in providing the services (e.g. web hosters, e-mail newsletter dispatch service, merchandise management system, content management system, store system, payment service providers, web agencies). These processors are obliged to strictly protect your personal data and are not allowed to process your personal data for any other purpose than the provision of our services.

Insofar as we use external service providers to process your data, these have been carefully selected and commissioned by us and are regularly monitored.

We ensure that personal data is used in accordance with instructions by concluding appropriate processing contracts with commissioned service providers.

Your personal data is only passed on to service providers typical for the economy, such as banks (in the case of bank transfers to you), tax advisors (if you are included in our accounting), shipping service providers (in the case of shipping to you) and comparable service providers.

We limit the transfer of your personal data to what is necessary, taking into account the requirements of data protection law.

19.1 Forwarding for the purpose of payment processing

When ordering in our webshop, it may be necessary, depending on the payment option you have chosen, that we transmit your data to the commissioned credit institution or the respective payment service provider for the purpose of payment processing.

Legal bases for these transfers are Art. 6 para. 1 lit. b and f DSGVO.

19.2 Forwarding for the purpose of sending newsletters via Sendinblue

Our email newsletter is sent via the technical service provider Sendinblue GmbH, Köpernicker Str. 126, 10179 Berlin (“Sendinblue”), to whom we pass on the data you provided when registering for the newsletter.

This transfer is based on Art. 6 (1) lit. f DSGVO and serves our legitimate interest in using an effective advertising, secure and user-friendly newsletter system.

We have concluded an order processing agreement with Sendinblue to ensure that your personal data is used strictly in accordance with instructions.

For more information on Sendinblue’s data protection, please refer to Sendinblue’s privacy policy at https://de.sendinblue.com/legal/privacypolicy/.

20. Data transfer to a country outside the European Economic Area

In the case of data transfers to a country outside the EU or the EEA, contractual provisions generally guarantee that a level of data protection equivalent to that of the European Union is maintained.

We would like to point out that there is no adequate level of data protection in the USA comparable to that in the EU. Therefore, there is a risk for you of governmental access to this data. In addition, there are currently only limited possibilities for legal protection. This risk may also exist with regard to other third countries. The permissibility of these data transfers to the USA and other affected third countries follows from Art. 49 (1) sentence 1 lit. a DSGVO.

21. Duration of storage

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract).

On this basis, personal data is regularly deleted in the context of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

–          Fulfillment of statutory retention obligations, which arise, for example, from the German Commercial Code (sections 238, 257 (4) HGB) and the German Fiscal Code (section 147 (3), (4) AO). The retention and documentation periods specified there are up to ten years.

–          Preservation of evidence, taking into account the statute of limitations. According to Sections 194 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.

22. Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

We use the so-called SSL security system (Secure Socket Layer) for any data transfer in connection with our online store and thus also in connection with the input of personal data. This technology offers a high level of security and is therefore also used, for example, by banks for data protection in online banking. Nevertheless, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is therefore not possible.

23. Your rights

23.1 General information

Within the scope of the data protection law applicable to you and as far as provided therein (such as in the case of the GDPR), you are entitled to the following statutory data subject rights, provided that their requirements are met:

– Right to information about your data stored by us (Art. 15 DSGVO).

– Right to correction of inaccurate data (Art. 16 DSGVO)

– Right to delete the data stored by us (Art. 17 DSGVO)

– Right to restrict the processing of data stored by us (Art. 18 DSGVO)

– Right to data portability (Art. 20 DSGVO)

– Right to revoke any consent given to us at any time with effect for the future,

– Right to lodge a complaint with a competent supervisory authority if you believe that the processing of personal data concerning you violates provisions of the DSGVO.

23.2 Right of objection (Art. 21 DSGVO)

You have the right to object at any time to the processing of your data that is carried out on the basis of Art. 6 (1) sentence 1 lit. f DSGVO (data processing on the basis of a balance of interests) or Art. 6 (1) sentence 1 lit. e DSGVO (data processing in the public interest), if there are grounds for doing so that arise from your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made form-free and should preferably be addressed to:

PUSTEFIX GmbH

Bahnhofstraße 29

72072 Tuebingen

Germany

E-Mail: bubbles@pustefix.de

23.3 Advertising objection

Insofar as a contractual relationship has been established between you and us, as an existing customer you will receive information from us about similar products or invitations to satisfaction surveys via the e-mail address you have provided, based on our legitimate interest in direct advertising. You can object to this use of your e-mail address at any time, either in total or for individual processing, without incurring any costs other than the transmission costs according to the basic rates. The data processing is carried out on the legal basis of Art. 6 para. 1 lit. f DSGVO in conjunction with. § Section 7 (3) UWG.

The objection can be made form-free and should preferably be addressed to:

PUSTEFIX GmbH

Bahnhofstraße 29

72072 Tuebingen

Germany

E-Mail: bubbles@pustefix.de

24. Obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with unrestricted access to our website or answer your inquiries to us. Personal data that we do not absolutely require for the above-mentioned processing purposes are marked accordingly as voluntary information.

25. Modification and update of the privacy policy

This privacy policy is currently valid and has the status May 2022.

Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy.