If you visit our website via an iFrame, only the following cookies are used without processing personal data:

In release 1.0:

Name: PHPSESSID
Company: e-mobilio GmbH
Validity period: End of session
Description: Anonymous session ID of the application. Is only set when a session is started (e.g. when sending a share code).

Name: EmoActiveAdviceEWL and EmoBuyingAdviceStoreEWL
Company: e-mobilio GmbH
Validity period: End of session
Description: Saves the last active anonymous purchase advice number.

Name: EmoWhiteNavigation
Company: e-mobilio GmbH
Validity period: End of session
Description: Saves the last active page of the anonymous purchase advice to ensure navigation.

In release 2.0:

Name: PHPSESSID
Company: e-mobilio GmbH
Validity period: End of session
Description: Anonymous session ID of the application. Is only set when a session is started (e.g. when sending a share code).

Name: Wl2ActiveAdvice
Company: e-mobilio GmbH
Validity period: End of session
Description: Saves the anonymous shopping cart ID for displaying the contents of the shopping cart.

Name: Wl2AdviceStore
Company: e-mobilio GmbH
Validity period: End of session
Description: Saves up to 5 shopping cart IDs for displaying the shopping cart content (if multiple instances are used for browsing).

Please note that all these cookies mentioned above are so-called "technically necessary session cookies", which are covered by the exception of § 25 (1) No. 2 TTDSG.

Cookies when using ADAC e-Charge Home

Name: Piwik Pro
Company: Piwik PRO GmbH
Period of validity:
ppms_webstorage (Persistent)
stg_last_interaction (365 days)
stg_returning_visitor (365 days)
stg_traffic_source_priority (30 minutes)
_pk_id.* (393 days)
_pk_ses.* (30 minutes, 14 seconds)
stl_debug (session)
stg_externalReferrer (Session)
stg_utm_campaign (Session)

Description: ADAC uses Piwik Pro to analyze data about visits to www.adac.de using a pseudonym and to incorporate these findings into the further development of www.adac.de.

Legal basis: Piwik Pro is only used if you give your consent to this by clicking on "Agree" or by selecting the checkbox and clicking on "Confirm my selection".

2. contacting us

Personal data is collected when you contact us (e.g. via contact form or email). Which data is collected when using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

3. opening a customer account and contract processing

In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the controller. We store and use the data provided by you to process the contract.

After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to retention periods under tax and commercial law and deleted after expiry of these periods, unless you have expressly consented to further use of your data or we have reserved the right to further use of your data as permitted by law.

a) Establishing dealer contact

The dealer contact creation service offered by us supports you in your search for vehicle dealers, vehicle manufacturers and leasing providers. Your personal data is collected and processed using a form on the e-mobilio.de website or via an e-mobilio.de iFrame on the website of a cooperation partner.

This non-binding and free dealer contact establishment consists of the transmission of your request to up to three vehicle dealers, vehicle manufacturers or leasing providers.

If you visit our website via an iFrame, dealer contact is established by sending your request to the cooperation partner on whose website you visit our iFrame.

The data processing by us in the context of establishing dealer contact is carried out in particular as follows:

• Your personal data is collected and stored using an SSL-secured form.
• Your data is sent to up to three vehicle dealers, vehicle manufacturers, leasing providers or the cooperation partner via an SSL-encrypted e-mail server.

The legal basis for the processing of your personal data is Art. 6 Para. 1 lit. b GDPR (fulfillment of the contractual service to establish contact or the implementation of pre-contractual measures to fulfill the service to establish contact) and for the transmission of the information listed below as "optional" (i.e. your configured product package or your needs analysis) to the vehicle dealers, vehicle manufacturers or leasing providers, Art. 6 Para. 1 lit. a GDPR (consent to the processing of personal data).

The processing of data for the purpose of accepting orders and responding to your inquiry by the vehicle dealer, vehicle manufacturer or leasing provider is carried out by the respective vehicle dealer, vehicle manufacturer or leasing provider as the controller and is not covered by this privacy policy. In the context of the processing of personal data via the website, we and the respective vehicle dealer, vehicle manufacturer, leasing provider or cooperation partner act as joint controllers in accordance with Art. 26 of the GDPR.

Specific data concerned:

Which of the above-mentioned data categories are collected specifically in the case of establishing dealer contact can be seen from the respective request on e-mobilio.

b) e-mobilio installation check

The e-mobilio installation check offered by us via the webshop - as a video installation check or on-site installation check - supports you in assessing whether your home is suitable for the installation of a charging station (wallbox). Your personal data is collected and processed using a form in the e-mobilio.de webshop or via an iFrame from e-mobilio.de on the website of a cooperation partner.

Processing of personal data by e-mobilio:

We process your personal data for the purposes of providing the e-mobilio installation check and for evaluating the e-mobilio installation check and e-mobilio installation services.

In particular, we process data as part of the e-mobilio installation check as follows:

• Your personal data is collected and stored using an SSL-secured form.
• Your data will be processed to fulfill our contractual obligations.
• To carry out the on-site installation check, your data is sent to our installation partners via an SSL-encrypted email server (as part of order data processing).
• The results of the e-mobilio installation check, together with your personal data, are collected and stored using an SSL-encrypted email server or video telephony.

The legal basis for the processing of your personal data is Art. 6 Para. 1 lit. b GDPR (fulfillment of the contractual services of the e-mobilio installation check or the implementation of pre-contractual measures to fulfill the e-mobilio installation check); for the evaluation of the e-mobilio installation check, Art. 6 Para. 1 lit. f GDPR (legitimate interest in the evaluation of the results from the e-mobilio installation check is quality control and the evaluation of the success rate of the e-mobilio installation check to improve service quality) and for the transmission of the information provided to us in connection with the product package configured by you or your needs analysis to the cooperation partner contacted for you, Art. 6 para. 1 lit. a GDPR (consent to the processing of personal data).

Which of the above-mentioned data categories are collected specifically in the case of the e-mobilio installation check can be seen from the respective request in the web store.

c) Arranging the installation of charging stations

As part of the mediation of your request regarding the installation of a charging station to an installation partner offered via the website / webshop, your personal data will be collected and processed by means of a form on the website / in the webshop of e-mobilio.de or via an iFrame of e-mobilio.de on the website of a cooperation partner.

Processing of personal data by e-mobilio:

• We process your personal data for the purposes of communicating your request to our installation partner and for evaluating the e-mobilio installation service.
• In particular, we process data as follows:
• Your personal data is collected and stored using an SSL-secured form.
• Your data is sent to our installation partners via an SSL-encrypted e-mail server.
• The results of the installation service, together with your personal data, are sent to us by the installation partner so that we can collect and store them using an SSL-encrypted email server.
• The results from the installation service, together with your personal data, may be sent via an SSL-encrypted e-mail server to the respective vehicle dealers with whom you have a contractual relationship.

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR (fulfillment of contractual services to establish contact with the installation partners or the implementation of pre-contractual measures to fulfill the services to establish contact), for the evaluation of the e-mobilio installation service, Art. 6 para. 1 lit. f GDPR (legitimate interest in the evaluation of the results from contacting the installation partner is quality control and the evaluation of the success rate of the e-mobilio installation service to improve service quality) as well as for the transmission of the information provided to us in connection with the product package configured by you or your needs analysis to the cooperation partner contacted for you, Art. 6 para. 1 lit. a GDPR (consent to the processing of personal data).

The processing of data for the purpose of establishing contact and carrying out the commissioned installation by our installation partners is carried out by the respective installation partner as the controller and is not covered by this privacy policy.

Which of the above-mentioned data categories are collected specifically in the case of the e-mobilio installation service can be seen from the respective request on the website / in the web store.

d) Promotion service contact creation

As part of the funding service contact establishment offered by e-mobilio, we will forward your request to febis Service GmbH, which will check the funding programs that are suitable for you and, if necessary, support you in applying for funding programs.

Your personal data is collected and processed using a form on the e-mobilio.de website or via an iFrame from e-mobilio.de on the website of a cooperation partner.

Processing of personal data by e-mobilio:

We process your personal data for the purpose of establishing contact with febis Service GmbH. This non-binding and free support service contact establishment consists of the transmission of your request to febis Service GmbH as well as the support and evaluation of the support process.

Data processing by us as part of the support service contact is carried out as follows:

• Your personal data is collected and stored using an SSL-secured form.
• Your data is sent to febis Service GmbH via an SSL-encrypted e-mail server.
• The results from the support service, together with your personal data, are sent to us by febis Service GmbH so that we can collect and store them using an SSL-encrypted email server.
• The results from the support service, together with your personal data, may be sent via an SSL-encrypted e-mail server to the respective vehicle dealers with whom you have a contractual relationship.

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR (fulfillment of the contractual service to establish contact or the implementation of pre-contractual measures to fulfill the service to establish contact), Art. 6 para. 1 lit. f GDPR (legitimate interest in the evaluation of the results from the support service is the quality control from the support service as well as the evaluation of the success rate of the support service to improve the service quality) and Art. 6 para. 1 lit. a GDPR (consent to the processing of personal data) for the transmission of the information provided to us in connection with the product package configured by you or your needs analysis to the cooperation or installation partners contacted for you.

The processing of data for the purpose of order acceptance and implementation of the support service is carried out by febis Service GmbH as the controller and is not covered by this privacy policy.

Specifically affected data:

Which data is collected in the case of contact creation for the support service can be seen from the respective request on e-mobilio.

e) SWM contact creation

As part of the SWM contact creation offered by e-mobilio, we will forward your request to Stadtwerke München GmbH, which will provide you with an offer for a rental charging solution. Your personal data is collected and processed using a form on the website of e-mobilio.de or via an iFrame of e-mobilio.de on the website of a cooperation partner.

Processing of personal data by e-mobilio:

We process your personal data for the purpose of providing the SWM contact establishment service. This non-binding and free SWM contact establishment consists of the transmission of your request to Stadtwerke München GmbH.

The data processing by us in the context of the SWM contact establishment takes place in particular as follows:

• Your personal data is collected and stored using an SSL-secured form.
• Your data is sent to Stadtwerke München GmbH via an SSL-encrypted e-mail server.

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR (fulfillment of the contractual service to establish contact or the implementation of pre-contractual measures to fulfill the service to establish contact) as well as Art. 6 para. 1 lit. a GDPR (consent to the processing of personal data) for the transmission of the information provided to us in connection with the product package configured by you or your needs analysis to the cooperation and installation partners contacted for you.

The processing of data for the purpose of accepting an order and preparing an offer for a rental charging solution is carried out by SWM as the controller and is not covered by this privacy policy.

Which data is collected in the case of SWM contact creation can be seen from the respective request on e-mobilio.

f) Charging station contact creation

As part of the charging station contact creation offered by e-mobilio, we will forward your request to a cooperation partner who will prepare an offer for the requested charging station for you.

Your personal data is collected and processed using a form via an iFrame from e-mobilio.de on the website of a cooperation partner.

Processing of personal data by e-mobilio:

We process your personal data for the purpose of providing the charging station contact service. This non-binding and free charging station contact establishment consists of the transmission of your request to the cooperation partner.

The data processing by us in the context of the charging station contact establishment takes place in particular as follows:

• Your personal data is collected and stored using an SSL-secured form.
• Your data is sent to the cooperation partner via an SSL-encrypted e-mail server.

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR (fulfillment of the contractual service to establish contact or the implementation of pre-contractual measures to fulfill the service to establish contact) and for the transmission of the information listed below as "optional" (i.e. your configured product package or your needs analysis) to the cooperation partner, Art. 6 para. 1 lit. a GDPR (consent to the processing of personal data).

The processing of data for the purpose of accepting orders and responding to your inquiry by the cooperation partner is carried out by the respective cooperation partner as the controller and is not covered by this privacy policy.

Which data is collected in the case of charging station contact creation can be seen from the respective request on e-mobilio.

g)Data processing when booking a product or service from ADAC e-Charge Home

In addition to the partner reference, we transmit your name and postal address to ADAC SE, Hansastr. 19, 80686 Munich, Germany. ADAC SE also uses this data to send you interest-based advertising. The legal basis for this is Art. 6 para. 1 f) GDPR.

For ADAC customers who wish to purchase products or services at the URL: https://www.adac.wallbox-kaufen.shop, a separate data protection information applies in addition to the general data protection information for customers, which can be viewedhere. The general data protection information for customers can be found at the bottom of the website.

4. transmission of data to car dealers with source links

If you complete an order via a source link of a car dealer in the e-mobilio store or use a voucher code assigned to the dealer, we transmit your street (without house number), zip code and city to the car dealer for the purpose of seller comparison.

The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the fact that we have a brokerage agreement with the respective car dealers, which also provides for commission payments in the event of successful brokerage. If the customer referral came via your car dealer, we owe the corresponding commission amount. The respective car dealer can carry out a seller comparison using the street, zip code and city in order to be able to correctly allocate the commission claim to the individual seller.

If you do not agree with the transferyour streetß(without house number), zip code and townIf you do not agree with this, please send a message to info@e-mobilio.de (opt-out).

5.data processing due to the integration of the route planner

On our website, we offer the function of a route planner to your nearest charging station. This function requires the integration of content from and transfer of data to the following services: googleapis.com (controller: Google LLC, Mountain View, California, USA), mapbox.com (controller: Mapbox Inc., 740 15th Street NW, 6th Floor, Washington DC 20005, USA) and chargetrip.io. (controller: Chargetrip B.V., Lijnbaansgracht 57, 1015 GS Amsterdam, Netherlands). If you confirm the activation of the route planner, the following (personal or personally identifiable) data will be shared with the respective services:

Google API (for geolocation + autocomplete search):

o IP address

o Search data locations

o Optional: Location service (if you want to determine the location via browser)

Mapbox (for map data):

o IP address

o Geolocation

Chargetrip (for calculating the route/range):

o IP address

o Vehicle model

o Start and destination address

Please note that the respective third-party providers act as data processors in accordance with Art. 28 GDPR. Your confirmation of the activation of the route planner and the corresponding data processing will be stored on your device until you delete it. You will then be asked to confirm the activation again.

The legal basis for the processing is Art. 6 (1) lit. b) GDPR (you agree to use the service offered by us, in order to be able to provide this service requested by you, we must carry out the data processing specified above).

6. use of customer data for direct advertising / e-mail newsletter

a) New registration / double opt-in

If you register for our e-mail newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you consent to receiving the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in future by clicking on a corresponding link.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter will be used exclusively for the purpose of advertising via the newsletter.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named at the beginning. Once you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

b) Advertising to existing customers

If you have provided us with your e-mail address when purchasing goods or services (e.g. as part of the THG quota contract), we reserve the right to regularly send you offers for similar goods or services to those already purchased from our range by e-mail. In accordance with Section 7 (3) UWG in Germany and Section 174 (4) TKG 2021 in Austria, we do not need to obtain separate consent from you for this, provided that we comply with the conditions stated therein. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f GDPR. If you have objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the controller named at the beginning. You will only incur transmission costs for this in accordance with the basic rates. Upon receipt of your objection, the use of your e-mail address for advertising purposes will be discontinued immediately.

III Categories of recipients: General

The following categories of recipients, including processors, may have access to your personal data:

• Federal Environment Agency, purchasers of the GHG quota as well as service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 lit. b or lit. f GDPR (see also section 5), insofar as these are not processors;
• Government bodies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 lit. c GDPR;
• Persons employed to carry out our business operations (in particular auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures, IT service providers, auditors, logistics companies, credit institutions). The legal basis for the disclosure is then Art. 6 para. 1 lit. b or lit. f GDPR.

In addition, we only pass on your personal data to third parties if you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR.

IV. Categories of recipients: Payment service providers

Due to the particular sensitivity of payment data, in addition to the information on the categories of data recipients under point III, we would like to inform you in detail below about the payment service providers we use.

1. apple pay

If you opt for the "Apple Pay" payment method offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment will be processed via the "Apple Pay" function of your iOS, watchOS or macOS device by debiting a payment card stored with "Apple Pay". Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must therefore enter a code that you have previously defined and verify it using the Face ID or Touch ID function on your device.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be forwarded to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the success of the payment.

If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time and whether the transaction was successfully completed. This anonymization completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase that you have made via Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and deactivate "Allow payments on Mac".

You can find further information on data protection with Apple Pay at the following Internet address: https://support.apple.com/de-de/HT203027

2 Google Pay

If you opt for the "Google Pay" payment method offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment will be processed via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with an NFC function by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To approve a payment via Google Pay of more than €25, your mobile device must first be unlocked using the verification measure set up in each case (such as facial recognition, password, fingerprint or pattern).

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay to the source website in the form of a unique transaction number, which is used to verify that a payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a uniquely valid numerical token. For all transactions via Google Pay, Google only acts as an intermediary for processing the payment process. The transaction is carried out exclusively between you and the source website by debiting the means of payment stored with Google Pay.

If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos that you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and functional maintenance of the Google Pay service.

Google also reserves the right to merge the processed transaction data with other information collected and stored by Google when using other Google services.

The Google Pay terms of use can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection at Google Pay can be found at the following Internet address:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=pri vacynotice&ldl=en

3. Amazon Pay

If you select an amazon Pay payment service, payment will be processed via Amazon Payments Europe s.c.a, 38 Av. John F. Kennedy, 1855 Luxembourg, Luxembourg (hereinafter "Amazon Payments"). In order to enable payment processing, your personal data (first and last name, street, house number, zip code, city, gender, email address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, item, delivery method) will be forwarded to Amazon Payments for the purpose of identity and credit checks. Amazon Payments reserves the right to carry out a credit check to ensure your willingness and ability to pay. This corresponds to the legitimate interest of Amazon Payments (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). Your data will be passed on to credit agencies and online retailers for this purpose. In addition, your data may be used for interest-based advertising and marketing purposes by amazon Pay if you have consented to this in your account settings https://www.amazon.de/adprefs. We have no influence on this process and only receive the result of whether the payment has been made or rejected.

Payment is processed via your amazon customer account and a payment card stored in your amazon customer account or a payment system verified there.

For all transactions via amazon Pay, amazon Payments only acts as an intermediary for processing the payment transaction. The transaction is carried out exclusively between you and the source website by debiting the means of payment stored with amazon Pay.

If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

The Google Pay terms of use can be found here:

https://pay.amazon.de/help/201751590.

Further information on data protection at Google Pay can be found at the following Internet address:

https://pay.amazon.de/help/82974

4 Klarna

If you select an offered Klarna payment service, the payment will be processed by Klarna Bank AB (publ) (https://www.klarna.com/de), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable payment processing, your personal data (first and last name, street, house number, zip code, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery type) will be passed on to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this in accordance with Art. 6 para. 1 lit. a GDPR during the ordering process. You can see which credit agencies your data may be forwarded to here:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information obtained on the statistical probability of a payment default to make a balanced decision on the establishment, execution or termination of the contractual relationship.

You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.

Your personal data will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy

respectively.

5. paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Further data protection information, including information on the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

6 Shopify Payments

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, payment processing is carried out via the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. You can find more information on Shopify Payments' data protection at the following Internet address: https://www.shopify.com/legal/privacy.

Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

7. EPS

If you select an Electronic Payment Standard (EPS) payment service, we will pass on your payment data to PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria (hereinafter "PSA") as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for payment processing.

The terms of use of PSA can be found here:

https://eservice.psa.at/de/kundenservice/eps-online-ueberweisung.html

Further information on data protection at PSA can be found at the following Internet address:

https://eservice.psa.at/de/datenschutzerklaerung.html

8. bancontact

If you select a bancontact payment service, we will forward your payment data to Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Bruxelles, Belgium (hereinafter "Bancontact") as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for payment processing.

The terms of use of Bancontact can be found here:

https://www.bancontact.com/en .

Further information on data protection at Bancontact can be found at the following Internet address:

https://www.bancontact.com/files/privacy.pdf

V. International data transfer

As part of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively to fulfill contractual and business obligations and to maintain your business relationship with us.

Such third-party companies are in particular our processors in the area of data management and IT services (in particular providers of data management systems, cloud storage providers, communication tool providers, etc.).

The European Commission certifies that some third countries have data protection standards comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact us if you would like more information on this.

VI Rights of the data subject

The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

Right to information pursuant to Art. 15 GDPR: In particular, youhave a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries;

Right to rectification pursuant to Art. 16 GDPR: Youhave the right to obtain without undue delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us;

Right to erasure in accordance with Art. 17 GDPR: Youhave the right to request the erasure of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

Right to restriction of processing pursuant to Art. 18 GDPR: Youhave the right to demand the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse to delete your data due to unauthorized data processing and instead demand the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;

Right to information in accordance with Art. 19 GDPR: Ifyou have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability in accordance with Art. 20 GDPR: Youhave the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;

Right to withdraw consent given in accordance with Art. 7 para. 3 GDPR: Youhave the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

Right to lodge a complaint pursuant to Art. 77 GDPR: Ifyou consider that the processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

VII. duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if applicable - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law). In addition, we store your personal data for the duration of the regular limitation period of three (3) years.

When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject withdraws their consent.

If there are statutory retention periods for data that is processed in the context of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.