Privacy policy

As the operator of the www.hitschies.de website and of the online shop associated therewith as the body responsible, we take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data-protection provisions as well as this Data Protection Declaration.

I.    Name and address of the controller
The controller in the sense of the General Data Protection Regulation (GDPR) and other national data protection legislation of the member states as well as other data protection-law provisions is:
hitschler International GmbH & Co. KG
An der Hasenkaule 10
50354 Hürth
Germany
Tel.: +49 (0) 22 1 – 460 16 0
Fax: +49 (0) 22 1 – 460 16 55
Email: info@hitschler.de
Website: www.hitschies.de

If you have any queries regarding the subject of data protection, you are welcome to contact our data protection officer, quoting the keywords “data protection website”. Please direct your query to info@hitschler.de.
II.    General information regarding data processing
1.    Scope of the processing of personal data
As a matter of principle, we only process our users’ personal data insofar as this is necessary to provide a functional website as well as the content and services. Personal data is usually processed only after consent has been granted by the respective user. An exception applies in cases where for factual reasons it is not possible to obtain prior consent and the processing of the data is permitted by statutory provisions.

2.    Legal basis for the processing of personal data
Insofar as we obtain consent from the data subject for the processing of personal data, Article 6 paragraph 1 a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data which is necessary in order to perform a contract to which the data subject is a contract party, Article 6 paragraph 1 b of the GDPR serves as the legal basis. This also apples for processing which is necessary for the implementation of pre-contractual measures.
Insofar as processing personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Article 6 paragraph 1 c of the GDPR serves as the legal basis.
In the event that crucial interests of the data subject or of another natural person make it necessary to process personal data, Article 6 paragraph 1 d of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a justified interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the party affected do not outweigh that justified interest, then Article 6 paragraph 1 f of the GDPR serves as the legal basis for the processing.

3.    Data deletion and storage duration
The data subject’s personal data is deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can go beyond this if this is provided for by the European or national legislator in Union-law ordinances, laws or other provisions to which the controller is subject. Blocking or deleting the data is also done if a storage period prescribed by the norms named expires, unless there is a necessity for further storage of the data for entry into or performance of a contract.

III.    Making the website available and generating log files
1.    Description and scope of the data processing
Whenever our website is accessed, automated data and information from the computer accessing it is collected. The following data is collected in this context:
(1)    information about the browser type and the version used
(2)    the user’s operating system
(3)    the user’s Internet service provider
(4)    the user’s IP address
(5)    date and time of the access
(6)    websites from which the user’s system arrives at our website
(7)    websites which are accessed by the user’s system via our website
(8)    HTTP status code.
The data is also saved in our system's log files. This data is not stored together with other personal data of the user’s.

2.    Legal basis for the data processing
The legal basis for the provisional storage of the data and the log files is Article 6 paragraph 1 f of the GDPR.

3.    Purpose of the data processing
The provisional storage of the IP address by the system is necessary in order to make it possible to deliver the website to the user's computer. For this purpose, the user’s IP address must be saved for the duration of the session.
Saving is done in log files in order to ensure the functionality of the website. Moreover, we use the data in order to optimise the website and to guarantee the security of our information-technology systems. No evaluation of the data for marketing purposes takes place in this context.
These purposes also include our justified interest in the data processing pursuant to Article 6 paragraph 1 f of the GDPR.

4.    Duration of the storage
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. In the case of the collection of the data in order to make the website available, this is the situation when the respective session has come to an end.
In the case of storage of the data in log files, this is the situation after a maximum of seven days. Storage going beyond this is possible. In such case, the users’ IP addresses are deleted or transformed so that it is no longer possible to allocate them to the accessing clients.

5.    Objection and removal option
Collecting the data in order to make the website available and storing the data in log files are absolutely essential for the operation of the website. As a consequence, it is not possible for the user to object thereto.

IV.    Using cookies
1.     Description and scope of the data processing
Our website uses cookies. Cookies are text files which are stored in the Internet browser or by the Internet browser on your computer system. If a user accesses a website, then a cookie can be stored in the user's operating system. This cookie contains a characteristic string of characters which enables an unambiguous identification of the browser if the website is accessed again.
We use cookies in order to make our website more user-friendly. Some of our website’s elements require it to be possible to identify the accessing browser even after a change of page.
In this context, information is saved in the cookies about whether the user is using JavaScript or not.
Moreover, on our website we use cookies which enable an analysis of the user’s surfing behaviour. The user data collected in this way is pseudonymised by means of technical precautions. Accordingly, it is no longer possible to allocate the data to the accessing user. The data is not stored together with other personal data of the user’s.

2.    Legal basis for the data processing
The legal basis for the processing of personal data using technically-necessary cookies is Article 6 paragraph 1 f of the GDPR. 
Insofar as cookies are placed for the analysis of user behaviour, this is done on the basis of consent pursuant to Article 6 paragraph 1 a of the GDPR.

3.    Purpose of the data processing
The reason for using technically-necessary cookies is to simplify usage of websites for users. Some of our website’s functions cannot be offered without the use of cookies. For these it is necessary for the browser to be recognised even after a change of page. As website operator, we have a justified interest in the storage of cookies for technically flawless and optimised provision of our services.
The user data collected by means of technically-necessary cookies is not used to generate user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we ascertain how the website is used and can thus continuously optimise our offer.

4.    Duration of the storage, objection and removal option

Cookies are stored on the user’s computer and information is transmitted from this to our website. Thus, as the user you also have full control over the use of cookies. By making a change to the configuration settings in your Internet browser, you can deactivate or limit the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all of the website’s functions can be used any longer.

5.    Consent to cookies with the GDPR Legal Cookie
Our website uses the cookie-consent technology “GDPR Legal Cookie” of beeclever GmbH, Universitätsstraße 3, 56070 Koblenz a. Rh., in order to obtain your consent to the storage of certain cookies in your browser and to document these in a data protection-compliant manner.
When you enter our website, you will be shown a banner through the embedding of a JavaScript code, in which you actively select various cookies and can thus grant consent to usage. In order that the cookie-consent tool can allocate your access to you as the user and the consent settings made by you can be individually recorded, documented and saved for a session duration, when accessing our website, certain user information is collected by the cookie-consent tool (including the IP address), transmitted to the beeclever server and saved there.
The data collected is stored until you make a deletion request to us or the purpose for the data storage ceases to exist. Mandatory statutory storage periods remain unaffected. You will find details regarding beeclever’s data processing at https://gdpr-legal-cookie.com/pages/datenschutzerklarung.
beeclever’s cookie-consent technology is used in order to obtain the legally-prescribed consents to the use of cookies which are not technically necessary. The legal basis for this is Article 6 paragraph 1, sentence 1 c of the GDPR.

V.    Contact form and email contact
1.    Description and scope of the data processing
Our website has a contact form which can be used for making contact electronically. If a user makes use of this option, then the data entered into the form will be transmitted to us and stored. This data is:
    user’s first and last names
    your email address
    your address
    your telephone number
    any additional personal data supplied by you in the framework of your message.
Moreover, the following data is saved at the point in time when the message is sent:
    user’s IP address
    date and time of the registration.
For the processing of the data in the framework of the dispatch process, your consent is obtained and reference is made to this Data Protection Declaration.
Alternatively, it is possible to make contact via the email address provided. In such case, the user’s personal data transmitted with the email is stored.
The data is not passed on to third parties in this context. The data is exclusively used in order to process the conversation.

2.    Legal basis for the data processing
If consent has been granted by the user, the legal basis for the processing of the data is Article 6 paragraph 1 a of the GDPR.
The legal basis for the processing of the data which is transmitted in the course of sending an email is Article 6 paragraph 1 f of the GDPR. If the aim of the email contact is to enter into a contract, then an additional legal basis for the processing is Article 6 paragraph 1 b of the GDPR.

3.    Purpose of the data processing
The processing of the personal data from the form serves only for us to process the contact by you. In the case of contact by email, the requisite justified interest in processing the data is also present therein.
The other personal data processed during the dispatch process serves to prevent the contact form from being misused and to guarantee the security of our information-technology systems.

4.    Duration of the storage
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. For the personal data in the contact form and the data which is sent by email, this is the case if the respective conversation with the user has come to an end. The conversation is at an end if it can be inferred from the circumstances that the pertinent set of facts has been finally clarified.
The personal data additionally collected during the dispatch process is deleted at the latest after a period of seven days.

5.    Objection and removal option
The user has the option at all times to revoke their consent to the processing of the personal data. If the user contacts us by email, then they can object at any time to the storage of their personal data. In such a case, the conversation cannot be continued.
The user can object to the processing of their data by email or by mail. All personal data which is saved in the course of making contact is deleted in such case.

VI.    Newsletter
1.    Type and purpose of the processing:

We send newsletters with current information about our products and offers. Personal data is processed in the process. For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. The collection of the e-mail address is used to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used. The transfer of data to other third parties is excluded. The data is used exclusively to send the newsletter.
2.    Legal basis:
If consent has been granted by the user, after the user has registered for the newsletter the legal basis for the processing of the data is Article 6 paragraph 1 a of the GDPR.
3.    Storage period:
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. The user’s email address will thus be stored as long as the newsletter subscription is active. The other personal data collected in the framework of the registration process will usually be deleted after a period of seven days.
4.    Objection and removal option
You can terminate the newsletter subscription at any time. There is a corresponding deregistration link for this purpose in each newsletter. Revocation of the consent to storage of the personal data collected during the registration process is also enabled thereby.
5.    Usage of Klaviyo:

This website uses Klaviyo to send newsletters. The provider is Klaviyo Inc, 60 South Street, Suite 910, Boston, Massachusetts 02111, USA. Klaviyo is a service with which the newsletter dispatch can be organised and analysed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on Klaviyo servers in the USA or Ireland.

Our newsletters sent with Klaviyo enable us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. For more information on data analysis by Klaviyo newsletters, please visit: https://www.Klaviyo.com/legal/dpa.

Klaviyo uses this information to send the newsletter on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties. To protect your data in the USA, we have concluded a data processing agreement with Klaviyo in which Klaviyo undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. If you do not want Klaviyo to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message (see also section 4.). The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed, your e-mail address may be stored by us in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

For more details, please refer to the Klaviyo data protection provisions at: https://www.klaviyo.com/legal/privacy-policy/

VII.    Passing data on to the USA
Inter alia, tools from companies with their headquarters in the USA are integrated into our website. When these tools are active, your personal data can be passed on to the respective companies’ servers in the USA. We hereby draw your attention to the fact that the USA is not a safe non-EU country in the sense of EU data protection law. US-American companies are obliged to deliver personal data to security authorities without you as the data subject being able to take action against this in court. Accordingly, it cannot be excluded that US-American authorities (e.g. intelligence agencies) process, evaluate and permanently store your data located on US-American servers for surveillance purposes. We have no influence on those processing activities.

VIII.    Google Analytics
Insofar as you have granted your consent, Google Analytics, a web analysis service of Google LLC. (“Google”), is used on this website. Google Analytics uses so-called “Cookies”, text files which are stored on your computer and which enable an analysis of your usage of the website. The information generated by the cookie about your usage of this website is usually transferred to a Google server in the USA and stored there.

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result thereof, IP addresses are processed further in abbreviated form, which precludes people from being identified. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is therefore deleted without delay.

On our behalf, Google will use this information in order to compile reports about the website activities and in order to render further services associated with the website usage and Internet usage to us as the website operator. We use Google Analytics in order to be able to analyse and regularly improve the usage of our website. Via the statistics acquired, we are able to improve our offer and configure it in a more interesting way for you as a user. The IP address transmitted by your browser in the framework of Google Analytics is not conflated with other data by Google.

Google Analytics cookies are stored on the basis of Article 6 paragraph 1 a of the GDPR. Consent is obtained in the framework of asking for your consent to the placement of cookies.

You have several ways of objecting to the collection of your data by Google Analytics and/or the prevention thereof: opt-out cookie: place an opt-out cookie, which prevents collection of your data when visiting this website in future. Use the following link for this: deactivate Google Analytics. You will find more information about the treatment of user data by Google Analytics in Google's data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.

You can also prevent your data from being collected by not granting any consent to cookies for marketing purposes in the framework of our cookie-consent process. If you have granted consent, you can revoke this at any time. See section IX below in this respect. Moreover, you can prevent the collection of the data generated by the cookie and related to your usage of the website (including your IP address) to Google, as well as the processing of that data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

We have entered into a contract with Google regarding order data processing and fully implement the strict stipulations issued by the German data-protection authorities in connection with Google Analytics usage.

External-provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.

IX.    Google reCAPTCHA
We use Google reCAPTCHA (hereinafter referred to as “reCAPTCHA”) on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Using reCAPTCHA is intended to check whether data is being entered onto our website (for example, in a contact form) by a human or by automated software. For this purpose, reCAPTCHA analyses the website visitor’s behaviour on the basis of various characteristics. This analysis begins automatically as soon as the website visitor accesses the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, how long the website visitor spends on the website, or mouse movements made by the user). The data collected in connection with the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data processing takes place on the basis of Article 6 paragraph 1 f of the GDPR. As the website operator, we have a justified interest in the determination of individual responsibility on the Internet and the prevention of misuse and spam.

You can access further information regarding Google reCAPTCHA as well as Google’s data protection declaration at the following links: www.google.com/intl/de/policies/privacy/ and www.google.com/recaptcha/intro/android.html.

X.    Google Maps
We embed the maps of the service “Google Maps” provided by Google. The data processed can particularly include your IP address and location data, but this is not collected without your consent. Google Maps cookies are stored on the basis of Article 6 paragraph 1 a of the GDPR. Consent is obtained in the framework of asking for your consent to the placement of cookies. This data can also be transmitted to the USA. Section VIII hereof applies in this respect.

The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland or parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google’s data protection information applies for the use of Google Maps: https://policies.google.com/privacy. Moreover, Google’s terms and conditions apply; see https://www.google.com/intl/de/help/terms_maps/.

XI.    Facebook fanpage
Pursuant to the case law of the European Court of Justice, we are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook) in the sense of data protection law for the processing of personal data which is collected when visiting our Facebook page (https://de-de.facebook.com/hitschler.DE/).
 
When you visit our profile page, Facebook automatically collects personal data from you as a visitor to the page, without us being able to influence this. You will find further information regarding the collection of data by Facebook in Facebook’s data protection declaration at https://www.facebook.com/privacy/explanation.

Facebook places cookies for the collection, storage and further processing of the data. If you as the user have a Facebook profile and are logged into Facebook, the storage and analysis are also done on a cross-device basis. You will find further information regarding the use of cookies by Facebook in Facebook’s cookie policy at https://www.facebook.com/policies/cookies/.

You can object on the following websites to the use of cookies by Facebook:

-    https://www.facebook.com/settings?tab=ads (log-in necessary)
-    http://www.youronlinechoices.com.

Facebook provides us with various anonymised statistics about the visitors to our profile page, in the framework of the so-called Page Insights. We have no influence on the generation of that information. In particular we are unable to stop the collection and processing by Facebook. We are provided with the following anonymised data by Facebook with regard to our profile page for a selectable period as well as for each of the categories of fans, subscribers, people reached and interacting people:

total number of page accesses, “like me” details, page activities, post interactions, scope, video views, post scope, comments, shared content, replies, proportion of men and women, origin related to country and city, language, accesses and clicks in the shop, clicks on route planner, clicks on telephone numbers. You can obtain more information about Page Insights on Facebook’s corresponding website at: https://www.facebook.com/business/a/page/page-insights.

We use that information in order to make our profile page and the content therein more attractive to visitors to our profile page. This also constitutes our justified interest in the sense of our legal basis for this processing pursuant to Article 6 paragraph 1, sentence 1 f) of the GDPR.

The reciprocal obligations with regard to joint responsibility are set out in the Page Insights addendum with regard to the controller at https://www.facebook.com/legal/terms/page_controller_addendum. Therein, Facebook assumes primary responsibility in the sense of the GDPR for the processing of Insights data and declares fulfilment of all of the obligations arising out of the GDPR with regard to the processing of Insights data (inter alia Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR, and Articles 32 to 34 of the GDPR). Only Facebook can make and implement decisions with regard to the processing of Insights data. Because Facebook makes decisions solely in its discretion as to how its obligations arising out of this agreement are fulfilled, we have no influence on the fulfilment of the data protection-law obligations by Facebook. If we receive queries in connection with the Insights data, we are obliged to forward all relevant information to Facebook.

XII.    Instagram fanpage
Pursuant to the case law of the European Court of Justice, we are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook) in the sense of data protection law for the processing of personal data which is collected by Facebook when our Instagram fanpage is visited.
When you visit our Instagram fanpage, Facebook automatically collects personal data from you as a visitor to the respective fanpage, without us being able to influence this. You will find further information regarding the collection of data by Facebook in Instagram’s data protection declaration.
Facebook places cookies for the collection, storage and further processing of the data. If the user has an Instagram and/or Facebook profile and is logged on, the storage and analysis is also done on a cross-device basis. You will find further information regarding the use of cookies by Facebook in Facebook’s cookie policy.
You can object on the following websites to the use of cookies by Facebook:
•    https://www.facebook.com/settings?tab=ads (log-in necessary)
•    http://www.youronlinechoices.com.
Facebook provides us with various anonymised statistics about the visitors to our Instagram fanpage, in the framework of the so-called Page Insights. We have no influence on the generation of that information. In particular we are unable to stop the collection and processing by Facebook. We are provided with the following information by Facebook in the form of anonymised data with regard to the respective fanpage for a selectable period:
•    Activity: In this area, insights are provided regarding our profiles, including interactions (such as profile visits and website clicks) as well as regarding the subject of discovery (how many people have seen our content and where did they find this).
•    Content: We are given insights into posts, stories and promotions.
•    Public: Here we find out more about our subscribers and our public.
You can find more information at https://help.instagram.com/788388387972460?helpref=faq_content.
We use that information in order to make our fanpages and the content therein more attractive to visitors to our fanpages. This also constitutes our justified interest in the sense of our legal basis for this processing pursuant to Article 6 paragraph 1, sentence 1 f) of the GDPR.
We are endeavouring to enter into an agreement with Facebook also concerning the Instagram service with regard to joint responsibility. So far, Facebook has not yet responded with regard to the Instagram service. It remains the case, however, that only Facebook can make and implement decisions with regard to the processing of Insights data. We have no influence on this whatsoever. If we receive queries in connection with the Insights data, we will forward them directly to Facebook.

XIII.    Facebook and Instagram social-media plug-ins
So-called social plug-ins for Facebook and Instagram social media are used on our website, which enable content to be shared and liked. You can usually recognise these plug-ins on the basis of the respective social-media logos.
We use the Shariff solution on our website in order to protect your privacy. With Shariff, the connection between you and the social network’s server is only generated if you actually click the respective button of the social network. Then your browser establishes a direct connection to the respective social network, and the social network receives at least the information that you have accessed the corresponding page of our online offer, and when, plus your IP address, and details about the browser used, the operating system and the language settings. Activating the plug-in constitutes consent in the sense of Article 6 paragraph 1 a of the GDPR. You can revoke this declaration of consent at any time, with effect for the future.
If you do not want the social network to collect data about you through this online offer, you must not click the button. If you are logged into the social network, the social network can also allocate the information after the activation of the button directly to your account with the social network.
You will find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/?locale=de_DE. You will find more details about Facebook's data processing and about configuration options to protect your privacy at http://www.facebook.com/about/privacy/. For Instagram, you will find this information at https://instagram.com/about/legal/privacy/.

XIV.     Usage of YouTube plug-ins
1.    About the plug-in:
We use YouTube to embed videos. YouTube is operated by YouTube LLC with its headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., with its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The YouTube plug-in used on our website in this context is only activated if you click on the “activate YouTube now” button and thus consent to the use of YouTube. Upon your consent being granted, a connection to the YouTube servers is created and the plug-in shown. By doing so, information about which of our website pages you have visited is transmitted to the YouTube servers. If you are logged in as a member of YouTube, YouTube allocates that information to your personal user account. When using the plug-in, e.g. by clicking on the “start” button of a video, this information is also allocated to your user account. You can prevent this allocation by logging out of your YouTube user account and out of other user accounts associated with YouTube LLC and Google Inc. and deleting the corresponding companies’ cookies before you use our website.
Please see YouTube’s data protection information at www.google.de/intl/de/policies/privacy/ for the purpose and scope of the data collection and the further processing and usage of the data by YouTube as well as your rights and configuration options in this respect with regard to the protection of your privacy.
2.     Permission cookie:
Our website uses cookies in connection with the YouTube plug-in. Cookies are text files which are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user activates the YouTube plug-in on our website, then a cookie can be stored in the user’s operating system. This cookie contains a characteristic string of characters which enables an unambiguous identification of the browser if the website is accessed again.
Before activating the YouTube plug-in on our website, the user is informed about the use of cookies for the abovementioned purpose, and the user’s consent to the processing of the personal data used in this context is obtained. Reference to this Data Protection Declaration is also made in this context.
The legal basis for the processing of personal data using cookies is Article 6 paragraph 1 a of the GDPR.
Analysis cookies are used for the purpose of improving the quality of our website and its contents, as well as to increase user-friendliness.
Cookies are stored on the user’s computer and information is transmitted from this to our website. Thus, as the user you also have full control over the use of cookies. By making a change to the configuration settings in your Internet browser, you can deactivate or limit the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all of the website’s functions can be used any longer

XV.      Orders in the online shop
You can purchase goods from our online shop via our website. Personal data is collected also in the framework of that order process. Thus, it is necessary for entry into the contract that you enter personal data which is required for the execution of the order and without which no purchase from the online shop can be made. This also constitutes the purpose of the processing. The following data is involved in this context:
    title
    first and last names
    address/delivery address
    email address.
In addition, we collect the payment method selected by you in the course of placing the order, and – where applicable – payment data such as the credit card number. It is possible in this context that this information is forwarded to the service provider’s website for the payment process. The respective service provider’s data protection provisions apply in this respect.
You can voluntarily set up a customer account, where we store your data for subsequent purchases. You can revoke at any time the storage effected in the customer account in this context. Access is protected by a password chosen by you.
With the data disclosed by you, we identify you as the customer, process the order, and send you an invoice. However, we also reserve the right to use the data saved in order to assert any claims against you.
The legal basis for the processing is Article 6 paragraph 1 b of the GDPR. We are obliged on the basis of commercial-law and tax-law stipulations to store your address, payment and order data for up to ten years.
Forwarding to third parties takes place only if this is necessary to perform the contract. Passing your personal data on to third parties is limited to the requisite minimum scope in this respect. This includes, for example, forwarding the payment data to payment service providers and/or credit institutions in order to execute a payment process. It can be necessary for this purpose for us to forward the personal data collected in the payment process to the payment service provider. Usually, however, the payment service providers collect this data themselves. The data passed on may only be used by the third party for the purposes named. In the framework of the performance of the contract pursuant to Article 6 paragraph 1, sentence 1 b) of the GDPR, we make use of the payment service providers listed in the following for the payment processing: 

    PayPal: you can pay in the online shop for goods purchased via PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L- 2449 Luxembourg (hereinafter referred to “PayPal”). For this purpose, if you select this option, you will be forwarded to PayPal’s website. There you can log in using your account details and instruct the payment. We have no access to the personal data collected by PayPal. PayPal is responsible for the processing of that data. You will find further information about data protection in connection with PayPal at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

    KLARNA: Moreover, you can instruct payments to be made via the service provider KLARNA. The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as “Klarna”). If you decide to make the payment using Klarna (Klarna checkout solution), Klarna will collect various personal details from you. You can look up the details in Klarna’s data protection declaration at the following link: https://www.klarna.com/de/datenschutz/.

    Mobile wallets: Payment can also be made via the apps Apple Pay and Google Pay via your mobile telephone. In this respect, we would kindly ask you to note the following:
If you select Apple Pay offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork (Ireland), the payment will be processed via the Apple Pay function of your end device operated with iOS, watchOS or macOS by debiting a payment card put on file with Apple Pay. Apple Pay uses security functions which are integrated into your device’s hardware and software in order to protect your transactions. Moreover, in order to use Apple Pay, you must set up a code for your device and – optionally – also face ID or touch ID. In order to process the payment, the information which you provide in the framework of placing the order, together with the information about your order, will be forwarded to Apple in encrypted form. Apple then encrypts that data again using a developer-specific key before the data is transmitted for the execution of the payment to the payment service provider for the payment card recorded on file in Apple Pay. The encryption ensures that only the website which is used for the purchase is able to access the payment data. After payment has been made, Apple sends your device account number as well as a transaction-specific, dynamic security code to us to confirm that payment has been made successfully. Insofar as personal data is processed in connection with the described transmissions, the processing is done exclusively for the purpose of processing the payment pursuant to Article 6 paragraph 1 b of the GDPR. You will find further information about data protection in connection with Apple Pay at https://support.apple.com/de-de/HT203027.
The following applies in connection with using Google Pay (payment method offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland): You require the Google Pay app on the Android-operated mobile end device. Moreover, a payment card must be put on file at Google. This is debited with the payment in the online shop. In order to process the payment, the information which you provide in the framework of placing the order, together with the information about your order, will be forwarded to Google. Google then transmits your payment information recorded on file in Google Pay in the form of a unique transaction number to the original website, with which a payment which has been made is verified. This transaction number contains no information whatsoever regarding the actual payment data of your payment method on file at Google Pay, but rather is generated and transmitted as a numerical token which is only valid once. Google only acts as the intermediary to execute the payment process for all transactions via Google Pay. The execution of the transaction takes place exclusively in the relationship between you as the user and us as the original website through debiting of the payment method on file at Google Pay. Insofar as personal data is processed in connection with the described transmissions, the processing is done exclusively for the purpose of processing the payment pursuant to Article 6 paragraph 1 b of the GDPR. We hereby draw attention to the fact that Google reserves the right to collect, save and analyse certain process-specific information (e.g. the date, time and amount of the transaction). In this respect, Google invokes a justified interest pursuant to Article 6 paragraph 1 f of the GDPR in due accounting, the verification of process data and the optimisation of the payment service. You will find more information about data protection in connection with Google Pay at https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de.

XVI.    Tracking pixels
Furthermore, so-called tracking pixels are used on our website. These are small graphics with which a log-file recording and a log-file analysis take place and which are used for statistic evaluations. The tracking pixels write information in the cookie file in your browser when visiting the website.
1.    Facebook
Our website uses Facebook’s visitor-behaviour pixels for conversion measurements. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The data recorded is transmitted also to the USA and to other non-EU countries, according to Facebook. In this respect, we hereby refer to the statements made in section VIII hereof.
Therefore, the website-user’s behaviour can be tracked after they are forwarded to the provider’s website by clicking on a Facebook advertisement. The efficacy of the Facebook advertisements can be evaluated for statistical and market-research purposes, and future advertising measures optimised.
The data collected is anonymous for us as the operator of this website; we cannot make any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible and Facebook is able to use the data for its own advertising purposes, in accordance with the Facebook data-usage policy. Thereby Facebook can enable the placement of advertisements on Facebook’s pages as well as outside Facebook. The usage of the data cannot be influenced by us as the website operator.
Facebook pixels are used on the basis of the consent granted by you in the sense of Article 6 para. 1 lit. a GDPR. Consent is obtained in the framework of asking for your consent to the placement of cookies. This consent can be revoked at any time.
You will find further information about the protection of your privacy in Facebook’s data protection information at https://de-de.facebook.com/about/privacy.
You can also deactivate the remarketing function “Custom Audiences” in the settings for advertisings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. For this purpose, you must be logged into Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/de/praferenzmanagement/.

2.    Shopify Trekkie
Our website uses a “Shopify Trekkie” from the provider Shopify International Ltd., c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”). With the assistance of this pixel, in the event that you grant your consent, a connection with the Shopify services is generated when visiting our website, in order to track your behaviour on our website.
In principle, the subjects of the information collected and processed in this context are the device ID, the device type, the timestamp, the operating system used, the browser used, the network connection, details about how you navigate Shopify’s website, and the IP address.
The Shopify Trekkie is used on the basis of Article 6 paragraph 1 a of the GDPR, and only if you have granted your express consent thereto. The consent can be revoked at any time, with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.
Shopify transmits information collected inter alia outside the European Economic Area and relies in this context on standards comparable to the European Commission’s standard data-protection clause, which is intended to guarantee compliance with the European data-protection level. You will find Shopify’s data protection provision here: https://www.shopify.de/legal/datenschutz#werte.

3.    TikTok
Our website uses a “TikTok pixel” of provider TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”). With the assistance of this pixel, in the event that you grant your consent, a connection with the TikTok services is generated when visiting our website, in order to track your behaviour on our website.
In principle, the subjects of the information collected and processed in this context are the device ID, the device type, the timestamp, the operating system used, and the IP address. The information can be allocated to the identity of the user with the assistance of further information which TikTok has saved about the user, e.g. on the basis of the ownership of an account on the social network “TikTok”. TikTok can also combine the information collected via the pixel with further information which TikTok has collected via other websites and/or in connection with usage of the social network “TikTok”, and thus generate pseudonymised usage profiles. In no case can the information collected be used by us in order to identify visitors to this website personally.
The TikTok pixel also enables us to track the efficacy of advertising on TikTok. If the user is forwarded by an advertisement on TikTok to pages of this website and if the cookies have not yet expired, the pixel records certain user actions predefined by us and can track these (e.g. transactions effected, search queries on the website, product pages accessed). When executing such an action, your browser sends a http query to TikTok’s server via the TikTok pixel from the cookie, with which certain information is transmitted regarding the action. As a result of that transmission, TikTok can generate statistics concerning the usage behaviour on our website after forwarding from a TikTok advertisement, which we use to optimise our offer.
The deployment of the TikTok pixel as well as the storage of “conversion cookies” take place on the basis of Article 6 paragraph 1 a of the GDPR, and only if you have granted your express consent thereto. 
The consent can be revoked at any time, with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.
In principle, TikTok transmits information collected outside the European Economic Area and relies in this context on the so-called European Commission’s standard data-protection clauses, which are intended to guarantee compliance with the European data-protection level. You will find the data protection provision and the copy of the standard-contract clause of TikTok here: https://www.tiktok.com/legal/new-privacy-policy?lang=de-DE.

4.    Pinterest
Our website uses a “conversion-tracking pixel” of provider Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). With the assistance of this pixel, in the event that you grant your consent, a connection with the Pinterest services is generated when visiting our website, in order to track your behaviour on our website.
In principle, the subjects of the information collected and processed in this context are the device ID, the device type, timestamp, the operating system used, and the IP address. The information can be allocated to the identity of the user with the assistance of further information which Pinterest has saved about the user, e.g. on the basis of the ownership of an account on the social network “Pinterest”. On the basis of the information collected via the pixel, interest-related advertising can be shown to you in your Pinterest account. Pinterest can also use the information collected for its own advertising purposes as well as for third-party advertising purposes. Pinterest can also combine the information collected via the pixel with further information which Pinterest has collected via other websites and/or in connection with usage of the social network “Pinterest”, and thus generate pseudonymised usage profiles. In no case can the information collected be used by us in order to identify visitors to this website personally.
The Pinterest pixel is used on the basis of Article 6 paragraph 1 a of the GDPR, and only if you have granted your express consent thereto.
Data collected via the pixel might be transferred to Pinterest Inc.’s servers in the USA. You can find further information about data protection in connection with Pinterest at: https://policy.pinterest.com/de/privacy-policy. You can deactivate the collection of the data relating to the display of interest-related advertising on Pinterest at any time in your Pinterest account settings at https://www.pinterest.de/settings  or at https://help.pinterest.com/de/article/personalization-and-data#info-ad.
The consent to data collection and processing can be revoked at any time, with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.

XVII.    Personio
If you lodge a job application with us electronically, i.e. by email or via our website form, then we collect and process your personal data for the purpose of executing the application process and for the implementation of pre-contractual measures. We use a specialised software provider for the execution of the application process. The job applicant portal is run by Personio GmbH, Rundfunkplatz 4, 80335 Munich, with which we have entered into a contract regarding order data processing.

By sending a job application to our recruiting website, you announce your interest in wanting to be employed by us. In that context, you transmit personal data to us which we exclusively use and store for the purpose of your job search/job application. The following data in particular is collected in this context: first and last names, email address, telephone number, LinkedIn profile.

In addition, you have the option of uploading documents such as a cover letter, your curriculum vitae and references. These may contain further personal information, such as date of birth, address, etc.

Only authorised employees from the personnel department and/or employees involved in the application process have access to your data.

The personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.

Your data is stored for a period of 6 months after the end of the application process. This is usually done to fulfil legal obligations and/or to defend against any claims arising out of statutory provisions. Subsequently we are obliged to delete or anonymise your data. In such case, the data is only then available to us as so-called metadata, without direct personal reference, for statistical evaluations.

XVIII.    Links to other websites
Our website can contain links to third-party websites. If you follow a link to one of these websites, please note that we cannot assume any liability or give any guarantee regarding third-party content or data protection conditions. Please inform yourself about the respectively-applicable data protection conditions before you transmit personal data to these websites.

XIX.     Data security
Unfortunately, transferring information via the Internet is not completely secure, which is why we cannot guarantee the security of the data transmitted via the Internet to and via our website. However, we secure our website and other systems in the best possible manner through technical and organisational measures against loss, destruction, access, modification or dissemination of your data by unauthorised parties.
We take precautionary measures in order to guarantee the security of your personal data. Your data is conscientiously protected against loss, destruction, falsification, manipulation and unauthorised access or unauthorised disclosure.

XX.    Data subject's rights
If personal data of yours is processed, you are a data subject in the sense of the GDPR, and you are entitled to the following rights in relation to the controller:
1.    Information right
You can request a confirmation from the controller as to whether personal data pertaining to you is being processed by us. If such processing is taking place, you can request details from the controller about the following information:
(1)    the purposes for which the personal data is being processed;
(2)    the categories of personal data which are processed;
(3)    the recipients and/or the categories of recipients to whom the personal data pertaining to you has been disclosed or will be disclosed;
(4)    the planned duration of the storage of the personal data pertaining to you or, if no specific details are possible in this respect, criteria for the determination of the storage period;
(5)    the existence of a right to correction or deletion of the personal data pertaining to you, a right to limit the processing by the controller or a right to object to this processing;
(6)    the existence of a right to complain to a supervisory authority;
(7)    all available information concerning the origin of the data, if the personal data is not collected from the data subject.
You are entitled to the right to request information about whether the personal data pertaining to you will be transmitted to a non-EU state or to an international organisation. In this context, you can request to be informed about the suitable guarantees pursuant to Article 46 of the GDPR in connection with the transmission.
2.    Right to correction
You have a right to correction and/or completion against the controller insofar as the processed personal data pertaining to you is incorrect or incomplete. The controller is obliged to make the correction without undue delay.
3.    Right to restrict processing
Subject to the following prerequisites, you can request restriction of the processing of the personal data pertaining to you:
(1)    if you dispute the correctness of the personal data pertaining to you for a period which enables the controller to check the correctness of the personal data;
(2)    if the processing is unlawful and you refuse deletion of the personal data and instead request restriction of the usage of the personal data;
(3)    the controller no longer requires the personal data for the purposes of the processing but you require it for the assertion, exercise or defence of legal claims; or
(4)    if you have filed an objection to the processing pursuant to Article 21 paragraph 1 of the GDPR and it is not yet certain whether the controller’s justified reasons outweigh your reasons.
If the processing of the personal data pertaining to you is restricted, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the right of another natural person or legal entity or for reasons of an important public interest of the Union or a member state.
If the restriction of the processing has been restricted pursuant to the abovementioned prerequisites, you will be informed by the controller before the restriction is lifted.
4.    Right to deletion
a)    Deletion obligation
You can ask us to delete the personal data pertaining to you without undue delay, and we are obliged to delete that data without undue delay, if one of the following reasons applies:
(1)    The personal data pertaining to you is no longer necessary for the purposes for which it was collected or processed in another way.
(2)    You revoke your consent on which the processing pursuant to Article 6 paragraph 1 a or Article 9 paragraph 2 a of the GDPR was based and there is a lack of another legal basis for the processing. 
(3)    You file an objection to the processing pursuant to Article 21 paragraph 1 of the GDPR and there are no overriding justified reasons for the processing, or you file an objection to the processing pursuant to Article 21 paragraph 2 of the GDPR. 
(4)    The personal data pertaining to you has been processed unlawfully.
(5)    The deletion of the personal data pertaining to you is necessary in order to fulfil a legal obligation pursuant to the law of the Union or the member state(s) to which the controller is subject.
(6)    The personal data pertaining to you was collected in connection with services offered by the information company pursuant to Article 8 paragraph 1 of the GDPR.
b)    Information to third parties
If we have made public the personal data pertaining to you and if we are obliged pursuant to Article 17 paragraph 1 of the GDPR to delete that data, then taking consideration of the available technology and the implementation costs we take appropriate measures, including of a technical nature, to inform parties responsible for the data processing who process the personal data that you as the data subject have requested from them the deletion of all links to that personal data or of copies or reproductions of that personal data. 
c)    Exceptions
The right to deletion does not exist insofar as the processing is necessary
(1)    to exercise the right to free expression of opinion and information;
(2)    to fulfil a legal obligation which requires processing pursuant to the law of the Union or the member states to which the controller is subject, or to perform a task which is in the public interest or in exercise of public authority which has been transferred to the controller;
(3)    for reasons of the public interest in the area of public health pursuant to Article 9 paragraph 2 h and i as well as Article 9 paragraph 3 of the GDPR;
(4)    for archive purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89 paragraph 1 of the GDPR, insofar as the right named in a) probably makes realisation of the aims of this processing impossible or seriously detrimentally impacts thereon; or
(5)    for the assertion, exercise or defence of legal claims.
5.    Right to information
If you have asserted the right to correction, deletion or limitation of the processing, we are obliged to notify all of the recipients to whom the personal data pertaining to you has been disclosed about that correction or deletion of the data or limitation of the processing, unless this transpires to be impossible or is associated with disproportionate expenditure.
You are entitled to the right against the controller to be informed about those recipients.
6.    Right to data transferability
You have the right to receive in a structured, common and machine-readable format the personal data pertaining to you which you have provided to us. In addition, you have the right to transmit this data to another controller without impediment by the controller to whom the personal data has been provided, insofar as
(1)    the processing is based on a consent pursuant to Article 6 paragraph 1 a of the GDPR or Article 9 paragraph 2 a of the GDPR or on a contract pursuant to Article 6 paragraph 1 b of the GDPR, and
(2)    the processing is done with the assistance of automated processes.
In exercise of this right, you also have the right to procure that the personal data pertaining to you is transmitted directly by one controller to another controller insofar as this is technically feasible. No freedoms or rights of other parties may be detrimentally affected thereby.
The right to data transferability does not apply for processing of personal data which is necessary in order to carry out a task which is in the public interest or in exercise of official authority which has been transferred to the controller.
7.    Objection right
You have the right for reasons which arise from your special situation to file an objection at any time to the processing of the personal data pertaining to you which is done on the basis of Article 6 paragraph 1 e or f of the GDPR. 
We no longer process the personal data pertaining to you, unless we can prove mandatory protection-worthy reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves in the assertion, exercise or defence of legal claims.
If the personal data pertaining to you is processed in order to execute direct advertising, then you have the right to file an objection at any time to the processing of the personal data pertaining to you for the purposes of such advertising.
If you object to the processing for the purposes of direct advertising, then the personal data pertaining to you will no longer be processed for those purposes.
You have the option of exercising your objection right in connection with the usage of services by the information company – irrespective of Directive 2002/58/EC – by means of automated processes where technical specifications are used.
8.    Right to revocation of the data protection-law consent declaration
You have the right to revoke your data protection-law consent declaration at any time. The revocation does not affect the lawfulness of the processing which took place on the basis of the consent until the revocation. To revoke a consent or to make an objection, a simple message is sufficient by email to us at: info@hitschler.de.  
9.    Right to complain to a supervisory authority
Irrespective of contrary administrative-law or judicial legal remedies, you are entitled to the right to complain to a supervisory authority, particularly in the member state of your place of residence, your workplace or the location of the alleged breach, if you are of the view that the processing of the personal data pertaining to you breaches the GDPR.
The supervisory authority to which the complaint is submitted will inform the complainant about the status and the outcome of the complaint, including the possibility of a judicial legal remedy pursuant to Article 78 of the GDPR.

XXI.     Changes to the data protection provisions
We hereby reserve the right to adjust this Data Protection Declaration at any time with effect for the future, in order that it always conforms to the current legal requirements or in order to incorporate changes to our services in the Data Protection Declaration, e.g. if we introduce new services. For this reason, please look again at the Data Protection Declaration during your next visit.