Privacy and Data Protection

Table of Contents

Access Data and Hosting

Hosting

Data Processing for Contract Handling and Contact

2.1 Data Processing for Contract Handling

2.2 Customer Account

Contact

Data Processing for the Purpose of Shipping Handling

Disclosure of Data to Shipping Service Providers for the Purpose of Shipping Notification

Data Processing for Payment Handling

4.1 Data Processing for Transaction Handling

4.2 Data Processing for the Purpose of Fraud Prevention and the Optimization of Our Payment Processes

4.3 Use of Debt Collection Service Providers

Advertising by E-mail, Post

5.1 E-mail Newsletter with Registration and Newsletter Tracking

E-mail Newsletter without Registration and Your Right to Object

5.2 Newsletter Dispatch

5.3 Sending Review Requests by E-mail

5.4 Postal Advertising and Your Right to Object

Cookies and Other Technologies

6.1 General Information

6.2 Cookiebot Consent Management Platform

6.3 Information on Third-Country Transfers (Data Transfer to Third Countries)

Use of Cookies and Other Technologies

7.1 Use of Google Services

7.2 Other Providers of Web Analytics and Online Marketing Services

Integration of the Trusted Shops Trustbadge / Other Widgets

Data Processing when Integrating the Trustbadge / Other Widgets

Data Processing after Order Completion

Social Media

Social Buttons by Facebook (by Meta), Instagram (by Meta), Pinterest, WhatsApp

Our Online Presence on Facebook (by Meta), X (formerly Twitter), Instagram (by Meta), YouTube, Pinterest

Contact Options and Your Rights

10.1 Your Rights

10.2 Contact Options

The controller responsible for data processing is:

Karl Dahm & Partner GmbH

Ludwigstr. 5

83358 Seebruck

Email: datenschutz.karldahm@dahm-werkzeuge.de

We appreciate your interest in our website. Protecting your privacy is very important to us. Below we inform you in detail about how we handle your data.

1. Access Data and Hosting

You can visit our websites without providing any personal information. Each time a webpage is accessed, the web server merely automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access. These access data are evaluated exclusively for the purpose of ensuring smooth operation of the site and improving our offer. This serves to safeguard our overriding legitimate interests in the correct presentation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

All access data are deleted no later than one month after the end of your visit to the site.

All access data are processed only as long as this is necessary to achieve the above-mentioned processing purposes.

Hosting

The services for hosting and displaying the website are partly provided by our service providers within the framework of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in the forms provided on this website are processed on their servers. If you have questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

2. Data Processing for Contract Handling and Contact

2.1 Data Processing for Contract Handling

For the purpose of contract handling (including inquiries regarding and processing of any existing warranty claims, service disruption claims, withdrawal rights, and any statutory update obligations) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such because in these cases we necessarily require the data to process the contract and cannot dispatch the order without this information. Which data are collected can be seen from the respective input forms.

Further information on the processing of your data, especially regarding the transfer to our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy. After complete contract processing, your data will be restricted for further processing and deleted after expiration of the retention periods required by tax and commercial law in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this as permitted by law and about which we inform you in this statement.

2.2 Customer Account

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we use your data for the purpose of opening the customer account and storing your data for future orders on our website. Deletion of your customer account is possible at any time and can either be done by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this as permitted by law and about which we inform you in this statement.

Contact

As part of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR if you voluntarily provide them to us when contacting us (e.g. via contact form, live chat tool, or e-mail). Mandatory fields are marked as such because in these cases we necessarily require the data to process your contact request. Which data are collected can be seen from the respective input forms. After your inquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this as permitted by law and about which we inform you in this statement.

3. Data Processing for the Purpose of Shipping Handling

For contract fulfillment in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass your data on to the shipping service provider commissioned with delivery, insofar as this is necessary for delivering ordered goods. If you have questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

Disclosure of Data to Shipping Service Providers for the Purpose of Shipping Notification

If you have expressly given us your consent to do so during or after your order, we will pass on your telephone number to the selected shipping service provider on the basis of this consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, so that they can contact you prior to delivery for the purpose of delivery notification or coordination. This consent may be withdrawn at any time by sending a message to the contact option described in this privacy policy. After withdrawal, we will delete the data you provided for this purpose unless you have expressly consented to further use of your data or we reserve the right to use data beyond this as permitted by law and about which we inform you in this statement. If you have questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

4. Data Processing for Payment Handling

When processing payments in our online shop, we work together with these partners: technical service providers, credit institutions, payment service providers.

4.1 Data Processing for Transaction Handling

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves the fulfillment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment service providers themselves collect the data necessary for processing the payment, e.g. on their own website or via technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

Depending on the selected payment method, data may be transferred to third countries outside the EU/EEA for which the European Commission has determined an adequate level of data protection by decision. Insofar as data transfers to third countries outside the EU/EEA take place for which the European Commission has not issued a decision on an adequate level of data protection, the cooperation is based on the European Commission’s standard data protection clauses.

If you have questions about our partners for payment processing or about the basis of our cooperation with them, please contact us using the contact option specified in this privacy policy.

4.2 Data Processing for the Purpose of Fraud Prevention and the Optimization of Our Payment Processes

If necessary, we provide the above-mentioned service providers with additional data, which they use together with the data necessary for payment processing for the purpose of fraud prevention and the optimization of our payment processes (e.g. invoicing, handling disputed payments, accounting support). In accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, this serves to safeguard our overriding legitimate interests in protecting ourselves against fraud and in efficient payment management as part of a balancing of interests.

4.3 Use of Debt Collection Service Providers

We pass your data on to the commissioned debt collection service provider Creditreform e. V., Hellersbergstraße 12, D-41460 Neuss, Germany, insofar as our payment claim has not been settled despite prior reminder. In this case, the claim will be collected directly by the debt collection service provider. This serves the fulfillment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR as well as the safeguarding of our overriding legitimate interests in the effective assertion or enforcement of our payment claim in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

5. Advertising by E-mail, Post

5.1 E-mail Newsletter with Registration and Newsletter Tracking

If you subscribe to our newsletter, we use the data required for this purpose or separately provided by you in order to send you our e-mail newsletter on a regular basis on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

You can unsubscribe from the newsletter at any time either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter.

After unsubscribing, we delete your e-mail address from the recipient list unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this as permitted by law and about which we inform you in this statement.

Please note that when sending the newsletter, we evaluate your user behavior. For this purpose, we also analyze how you handle our newsletter by measuring, storing, and evaluating open rates and click rates for the purpose of designing future newsletter campaigns (“newsletter tracking”).

For this analysis, the sent e-mails contain one-pixel technologies (e.g. web beacons, tracking pixels) which are stored on our website. For the evaluations, we particularly link the following “newsletter data”: the page from which the page was requested (so-called referrer URL), the date and time of access, the description of the type of web browser used, the IP address of the requesting computer, the e-mail address, the date and time of registration and confirmation, and the one-pixel technologies with your e-mail address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.

If you do not want newsletter tracking, you can unsubscribe from the newsletter at any time as described above.

The information will be stored as long as you are subscribed to the newsletter.

E-mail Newsletter without Registration and Your Right to Object

If we receive your e-mail address in connection with the sale of goods or services, we reserve the right to regularly send you offers by e-mail for similar products from our range to those you have already purchased. We will not send you such offers if you have already objected to this use of your e-mail address or if you are entered in a legally required Robinson list. You may object to this use of your e-mail address at any time by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates. After unsubscribing, we delete your e-mail address from the recipient list unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this as permitted by law and about which we inform you in this statement.

5.2 Newsletter Dispatch

The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing on our behalf. If you have questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

5.3 Sending Review Requests by E-mail

If you have expressly given us your consent during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use your e-mail address to request that you submit a review of your order via the review system we use. This consent can be withdrawn at any time by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the review request. After withdrawal of your consent, we delete your e-mail address from the recipient list unless you have expressly consented to further use of your data or we reserve the right to use data beyond this as permitted by law and about which we inform you in this statement.

The review requests may also be sent by our service provider Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”). In the context of sending review requests, we receive information from Trusted Shops regarding the respective status (e.g. whether the review request was sent and whether it was delivered). This is done in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the fulfillment of our legitimate interest in obtaining information about the review invitations in order to make optimizations based on this where appropriate, as well as for the fulfillment of Trusted Shops’ legitimate interest in being able to offer this service.

For the sending of review requests and the collection and display of review and status information, we and Trusted Shops are jointly responsible. Within the framework of the joint controllership existing between us and Trusted Shops, please preferably contact Trusted Shops for data protection issues and to exercise your rights, using the contact options you can find there. Further information on data protection can be found via the following link there. Regardless of this, you can always contact us using the contact option described in this privacy policy. Your inquiry will then, if necessary, be forwarded to the other controller for response.

5.4 Postal Advertising and Your Right to Object

In addition, we reserve the right to use your first name, last name, and postal address for our own advertising purposes, e.g. to send you interesting offers and information about our products by postal mail. This serves to safeguard our overriding legitimate interests in advertising to our customers in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR as part of a balancing of interests. You may object to the storage and use of your data for these purposes at any time by sending a message to the contact option described in this privacy policy. After withdrawal of your consent, we delete your address from the recipient list unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this as permitted by law and about which we inform you in this statement.

The advertising mailings are carried out by a service provider on our behalf, to whom we pass on your data for this purpose. If you have questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

6. Cookies and Other Technologies

6.1 General Information

To make visiting our website attractive and to enable the use of certain functions, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (persistent cookies). You can find the duration of storage in the overview of the cookie settings of your web browser.

Protection of privacy on end devices: When using our online services, we use strictly necessary technologies in order to provide the expressly requested digital service. The storage of information on your end device or access to information already stored on your end device does not require consent in this respect.

For functions that are not absolutely necessary, the storage of information on your end device or access to information already stored on your end device requires your consent. Please note that if consent is not granted, parts of the website may not be fully usable. Any consent you have given remains in effect until you adjust or reset the respective settings on your end device.

Subsequent data processing by cookies and other technologies: We use such technologies that are absolutely necessary for the use of certain functions of our website. Through these technologies, IP address, time of visit, device and browser information, and information about your use of our website are collected and processed. Within the framework of a balancing of interests, this serves overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

We also use technologies to fulfill the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analytics and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

Cookie settings for your browser can be found at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of technologies in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can withdraw your consent at any time by sending a message to the contact option described in this privacy policy.

Alternatively, you can click on the privacy button. If cookies are not accepted, the functionality of our website may be limited.

6.2 Cookiebot Consent Management Platform

We use Cookiebot on our website in order to inform you about the cookies and other technologies that we use on our website and to obtain, manage, and document any consent required for the processing of your personal data through these technologies. This is necessary in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR to fulfill our legal obligation under Art. 7 para. 1 GDPR to be able to prove your consent to the processing of your personal data. Cookiebot is a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, which processes your data on our behalf.

After submitting your cookie declaration on our website, Cookiebot’s web server stores your anonymized IP address, the date and time of your declaration, browser information, the URL from which the declaration was sent, information about your consent behavior, and an anonymous random key. In addition, a cookie is used which contains the information on your consent behavior and the key. Your data will be deleted after twelve months unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this as permitted by law and about which we inform you in this statement.

Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have established an adequate level of data protection by decision: USA. The adequacy decision for the USA applies as the basis for third-country transfer, insofar as the respective service provider is certified. Until our service providers are certified, data transfer will continue to be based on: Standard Contractual Clauses of the European Commission.

6.3 Information on Third-Country Transfers (Data Transfer to Third Countries)

We use technologies from service providers on our website whose registered offices and/or server locations may be in third countries outside the EU or the EEA. If there is no adequacy decision by the EU Commission for this country, an adequate level of data protection must be ensured by other suitable safeguards.

Suitable safeguards in the form of contractually agreed standard contractual clauses of the EU Commission or binding corporate rules are generally possible, but require prior review by the contracting parties as to whether an adequate level of protection can be ensured. According to the case law of the ECJ, it may be necessary to take additional protective measures for this purpose.

As a matter of principle, we have agreed on the standard data protection clauses issued by the EU Commission with the technology providers we use who process personal data in a third country. Where possible, we also agree on additional guarantees intended to ensure sufficient data protection in third countries without an adequacy decision.

Regardless of this, it may happen that despite all contractual and technical measures, the level of data protection in the third country does not correspond to that of the EU. In such cases, if necessary, we ask for your consent in accordance with Art. 49 para. 1 lit. a GDPR as part of the cookie consent for the transfer of your personal data to a third country. In particular, there is a risk that local authorities in the third country may obtain access rights to your personal data that are not sufficiently restricted from a European data protection perspective, that we as the data exporter or you as the data subject may not become aware of this, and/or that you may not have sufficient legal remedies available to prevent this and/or take action against such access.

The following countries in particular currently count as third countries without an adequacy decision of the EU Commission (examples):

China

Russia

Taiwan

You can find out to which third countries we transfer data in the data protection notices for the respective tool used and/or the consent management service / Consent Manager Platform (CMP) we use.

7. Use of Cookies and Other Technologies

We use the following cookies and other technologies from third-party providers on our website. Unless otherwise stated for the individual technologies, this is done on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Once the purpose ceases to apply and the respective technology is no longer used by us, the data collected in this context will be deleted. You may withdraw your consent at any time with effect for the future. Further information on your withdrawal options can be found in the section “Cookies and Other Technologies.” Further information, including the basis of our cooperation with the individual providers, can be found with the individual technologies. If you have questions about the providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

7.1 Use of Google Services

We use the technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) described below. The information automatically collected by Google technologies about your use of our website is generally transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Unless otherwise stated for the individual technologies, data processing is carried out on the basis of an agreement concluded for the respective technology between joint controllers in accordance with Art. 26 GDPR. Further information on data processing by Google can be found in Google’s privacy notices.

Our service providers are located and/or use servers in countries outside Switzerland, the EU, and the EEA for which the European Commission and the Swiss Federal Council have established an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside Switzerland, the EU, and the EEA. For these countries, there is no adequacy decision by the European Commission and the Swiss Federal Council. Our cooperation with them is based on the Standard Contractual Clauses of the European Commission.

Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address is stored on a server located in the EU for the purpose of deriving location data and is then immediately deleted before the traffic is forwarded to other Google servers for processing. Data processing is carried out on the basis of a data processing agreement with Google.

For web analytics, Google Analytics’ extension function Google Signals enables so-called “cross-device tracking.” If your internet-enabled devices are linked to your Google account and you have activated the “personalized advertising” setting in your Google account, Google may generate reports on your usage behavior (in particular cross-device user numbers), even if you change your device. We do not process personal data ourselves in this respect; we only receive statistics created on the basis of Google Signals.

Google Ads

For advertising purposes in Google search results and on third-party websites, when you visit our website, the so-called Google Remarketing Cookie is set, which automatically enables interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information, and information about your use of our website) and by means of a pseudonymous cookie ID and on the basis of the pages you visit. Any further data processing only takes place if you have activated the “personalized advertising” setting in your Google account. In this case, if you are logged into Google during your visit to our website, Google will use your data together with Google Analytics data to create and define audience lists for cross-device remarketing.

For website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent user behavior if you have reached our website via a Google Ads advertisement. Cookies may be used for this purpose and data (IP address, time of visit, device and browser information, and information about your use of our website on the basis of events specified by us such as visiting a website or signing up for a newsletter) may be collected, from which user profiles are created using pseudonyms.

If you do not give us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR for the use of Google Ads, no cookies will be stored on or read from your device. The data processing described in the previous paragraphs will not take place. In order to close gaps in web analytics through behavioral and conversion modeling, pings containing data (user agent, information about your consent behavior, screen resolution, IP address, page URL, information about ad clicks in URL parameters) are sent to Google. Your IP address is used to derive the IP country.

Google Maps

For the visual display of geographic information, Google Maps collects data about your use of the Maps functions, in particular the IP address and location data, transmits them to Google, and then Google processes them. We have no influence on this subsequent data processing.

Google reCAPTCHA

For the purpose of protection against misuse of our web forms and against spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information, and information about your use of our website) and performs an analysis of your use of our website by means of JavaScript and cookies. In addition, other cookies stored in your browser by Google services are evaluated. Data processing is carried out on the basis of a data processing agreement with Google. Users of a customer who access websites protected by reCAPTCHA are no longer subject to Google’s privacy policy and terms of use.

Google Tag Manager

Using Google Tag Manager, we can manage various codes and services on our website. When implementing the individual tags, Google may also process personal data (e.g. IP address, online identifiers including cookies). Data processing is carried out on the basis of a data processing agreement with Google.

The use of Google Tag Manager enables the integration of various services/technologies. If you do not wish to use individual tracking services and have therefore deactivated them, the deactivation remains in place for all affected tracking tags integrated via Google Tag Manager.

YouTube Video Plugin

To embed third-party content, the YouTube Video Plugin used by us in enhanced privacy mode collects data (IP address, time of visit, device and browser information), transmits them to Google, and then Google processes them, only when you play a video.

7.2 Other Providers of Web Analytics and Online Marketing Services

Use of Pinterest Tag for Web Analytics and Advertising Purposes

For web analytics and advertising purposes on Pinterest and on third-party websites, when you visit our website, technologies of Pinterest Europe Ltd., Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland (“Pinterest”) automatically enable interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us such as visiting a website or signing up for a newsletter), by means of a pseudonymous cookie ID and on the basis of the pages you visit. User profiles are created from the collected data using pseudonyms. Pinterest will combine this information with other data from your Pinterest account and use it to compile reports on website activity and to provide further services associated with website use. We have no influence on data processing by Pinterest and only receive statistics created on the basis of Pinterest Tag.

This allows us to measure your subsequent user behavior for website analysis and event tracking if you have reached our website via a Pinterest advertisement. The information automatically collected by Pinterest is generally transmitted to and stored on a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA. Data processing is carried out on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR.

Use of Vimeo Video Plugin for the Integration of Third-Party Content

For embedding third-party content, the video plugin of Vimeo Inc., 330 West 34th Street, 5th Floor, New York, NY 10011, USA (“Vimeo”) collects data (IP address, time of visit, device and browser information), transmits them to Vimeo, and then Vimeo processes them. Data processing is carried out on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR.

Google Analytics is automatically integrated into the Vimeo video plugin. For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Google Analytics is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google about your use of our website is generally transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you visit our website from the EU, your IP address is stored on a server located in the EU for the purpose of deriving location data and is then immediately deleted before the traffic is forwarded to other Google servers for processing. We have no influence over and no access to data processing by Vimeo, including the settings and results of Google Analytics.

8. Integration of the Trusted Shops Trustbadge / Other Widgets

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. quality seal, collected reviews) and to offer Trusted Shops products to buyers after an order.

The Trustbadge and the services advertised with it are provided by Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”), with whom we are jointly responsible under data protection law pursuant to Art. 26 GDPR. In the context of these privacy notices, we inform you below about the essential contractual contents pursuant to Art. 26 para. 2 GDPR.

Within the framework of the joint controllership existing between us and Trusted Shops SE, please preferably contact Trusted Shops for data protection issues and to exercise your rights, using the contact options specified in the privacy information. Regardless of this, however, you may always contact the controller of your choice. Your request will then, if necessary, be forwarded to the other controller for response.

Data Processing when Integrating the Trustbadge / Other Widgets

The Trustbadge is provided by a US-based CDN provider (Content Delivery Network). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed for the USA there. Service providers used from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found there. If service providers used are not certified under the DPF, Standard Contractual Clauses have been concluded as a suitable safeguard.

When the Trustbadge is accessed, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, amount of data transferred, and the requesting provider (access data), and documents the access. The IP address is anonymized immediately after collection, so that the stored data cannot be assigned to your person. The anonymized data are used in particular for statistical purposes and error analysis.

Data Processing after Order Completion

If you have given your consent, after the order has been completed, the Trustbadge accesses order information stored on your end device (order total, order number, possibly purchased product) as well as your e-mail address, and your e-mail address is hashed by means of a cryptological one-way function. The hash value is then transmitted together with the order information to Trusted Shops in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. This serves to verify whether you are already registered for Trusted Shops services. If this is the case, further processing takes place in accordance with the contractual agreement concluded between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will then have the opportunity to register manually for the use of the services or to conclude the protection within the framework of your possibly already existing user contract.

For this purpose, after completion of your order, the Trustbadge accesses the following information stored on the end device you use: order total, order number, and e-mail address. This is necessary so that we can offer you buyer protection. The data are only transmitted to Trusted Shops if you actively decide to conclude buyer protection by clicking the correspondingly labeled button in the so-called Trustcard. If you decide to use the services, further processing is governed by the contractual agreement with Trusted Shops in accordance with Art. 6 para. 1 lit. b GDPR in order to complete your registration for buyer protection and secure the order and, if applicable, to send you review invitations by e-mail afterwards.

Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA, United Kingdom, and Israel). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed for the USA there, for the United Kingdom there, and for Israel there. Service providers used from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found there. If service providers used are not certified under the DPF, Standard Contractual Clauses have been concluded as a suitable safeguard.

9. Social Media

Social Buttons by Facebook (by Meta), Instagram (by Meta), Pinterest, WhatsApp

Social buttons from social networks are used on our website. These are only integrated into the page as HTML links, so that no connection to the servers of the respective provider is established when our website is accessed. If you click one of the buttons, the website of the respective social network opens in a new browser window. There you can, for example, press the Like or Share button.

Our Online Presence on Facebook (by Meta), X (formerly Twitter), Instagram (by Meta), YouTube, Pinterest

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, when visiting our online presences on the above-mentioned social media platforms, your data are automatically collected and stored for market research and advertising purposes, from which user profiles are created using pseudonyms. These may be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of the data by the respective social media operator as well as a contact option and your rights and settings options for protecting your privacy, please refer to the providers’ privacy notices linked below. If you still need assistance in this regard, you can contact us.

Facebook (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is generally transmitted to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in the context of visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found there.

Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have established an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. The adequacy decision for the USA applies as the basis for third-country transfer insofar as the respective service provider is certified. Certification exists.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico. For these countries, there is no adequacy decision by the European Commission and the Swiss Federal Council. Our cooperation with them is based on these safeguards: Standard Contractual Clauses of the European Commission.

Our service providers are located and/or use servers in these countries for which the European Commission has established an adequate level of data protection by decision: Brazil. For these countries, there is no adequacy decision by the Swiss Federal Council. Our cooperation with them is based on these safeguards: Standard Contractual Clauses of the European Commission.

X is a service of X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X”). The information automatically collected by X about your use of our online presence on X is generally transmitted to and stored on a server of X Corp., FM 1209, Building 2, Bastrop, TX 78602, USA.

Our service providers are located and/or use servers in countries outside Switzerland, the EU, and the EEA. For these countries, there is no adequacy decision by the European Commission and the Swiss Federal Council. Our cooperation with them is based on Standard Contractual Clauses of the European Commission.

Instagram (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is generally transmitted to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. Data processing in the context of visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found there.

Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have established an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. The adequacy decision for the USA applies as the basis for third-country transfer insofar as the respective service provider is certified. Certification exists.

YouTube is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google about your use of our online presence on YouTube is generally transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Our service providers are located and/or use servers in countries outside Switzerland, the EU, and the EEA. For these countries, there is no adequacy decision by the European Commission and the Swiss Federal Council. Our cooperation with them is based on Standard Contractual Clauses of the European Commission.

Pinterest is a service of Pinterest Europe Ltd., Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland (“Pinterest”). The information automatically collected by Pinterest about your use of our online presence on Pinterest is generally transmitted to and stored on a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA.

Our service providers are located and/or use servers in countries outside Switzerland, the EU, and the EEA. For these countries, there is no adequacy decision by the European Commission and the Swiss Federal Council. Our cooperation with them is based on Standard Contractual Clauses of the European Commission.

10. Contact Options and Your Rights

10.1 Your Rights

As a data subject, you have the following rights:

pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;

pursuant to Art. 16 GDPR, the right to request without undue delay the correction of incorrect or completion of your personal data stored by us;

pursuant to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is required

for exercising the right of freedom of expression and information;

for compliance with a legal obligation;

for reasons of public interest; or

for the establishment, exercise, or defense of legal claims;

pursuant to Art. 18 GDPR, the right to request restriction of processing of your personal data insofar as

the accuracy of the data is contested by you;

the processing is unlawful, but you oppose its erasure;

we no longer need the data, but you require them for the establishment, exercise, or defense of legal claims; or

you have objected to processing pursuant to Art. 21 GDPR;

pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller;

pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority of your usual place of residence or workplace or of our company headquarters for this purpose.

Right to Object

Insofar as we process personal data as explained above in order to safeguard our overriding legitimate interests within the framework of a balancing of interests, you may object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you may exercise this right at any time as described above. If the processing is carried out for other purposes, you only have a right to object if there are grounds relating to your particular situation.

After you exercise your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

This does not apply if the processing is carried out for direct marketing purposes. In that case, we will no longer process your personal data for that purpose.

10.2 Contact Options

Data Protection Officer:

Karl Dahm & Partnern GmbH

Ludwigstr. 5

83358 Seebruck

Germany

datenschutz.karldahm@dahm-werkzeuge.de

If you have any questions regarding the collection, processing, or use of your personal data, for information, correction, restriction, or deletion of data, as well as withdrawal of any consent given or objection to a specific use of data, please contact:

Karl Dahm & Partner GmbH

Ludwigstr. 5

83358 Seebruck

Germany

datenschutz.karldahm@dahm-werkzeuge.de