1. An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website is processed by the website operator. The operator’s contact details can be found under the website’s company information.
How do we collect your data?
Some data is collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data is collected automatically by our IT systems when you visit the website. This data is primarily technical data (e.g. the browser, operating system you are using or the time at which you accessed the page). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyse how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information – at no charge -about your stored data, its origin, its recipients, and the purpose of its collection. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the company information if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Tobias Grau GmbH
Telefon: +49 4101 370-0
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link:
Data Protection Officers
Right to data portability
You have the right to have data which we process based on your consent or in fulfilment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract that requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our imprint if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of imprint regulations with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data Protection Officer
Statutory data protection officer
We have appointed a data protection officer for our company
Tobias Grau GmbH
Data Protection Officer
Telefon: +49 4101 370-0
4. Data collection on our website
Most of the cookies we use are so-called “session-cookies”. They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”.
· Browsertype and browserversion
· Operating system used
· Referrer URL
· Hostname of the accessing computer
· Time of the server request
· IP address
This data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this Website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Registration with Facebook Connect
Instead of registering directly on our website, you may also register using Facebook Connect. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you decide to register with Facebook Connect and click on the “Login with Facebook” or “Connect with Facebook” buttons, you will be automatically redirected to the Facebook platform. There you can log in with your Facebook username and password. This will link your Facebook profile to our website or services. This link gives us access to your data stored on Facebook.
Including especially your:
· Facebook name
· Facebook profile picture
· Facebook cover picture
· E-mail address provided to Facebook
· Facebook ID
· Facebook friends
· Facebook likes
This data will be used to set up, provide, and personalize your account.
Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
5. Social media
Facebook plugins (Like & Share buttons)
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site.
For an overview of Facebook plugins, see:
When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook “Like-Button” while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
Our web pages incorporate the functions provided by the service Instagram, as operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
If you are logged into your Instagram account, by clicking the Instagram button you can link content from our pages with your Instagram profile. This enables Instagram to attribute your visit to our web page to your user account. Please note that we as the content provider of these pages do not have knowledge of the information contained in the data transferred or of its usage on the part of Instagram.
Additional information on this subject is available in Instagram’s data privacy notice at:
Our website uses social media plug-ins from the social media network Pinterest, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”).
When you call up a page that contains such a plug-in, a direct link to Pinterest’s servers is created by your browser. The plug-in then transmits protocol data to the Pinterest servers in the USA. This protocol data may include your IP address, the address of the websites you visited that also have Pinterest functionality, the type and settings of your browser, the date and time of your request, your usage of Pinterest and cookies.
For further information on the purpose, scope and further processing and usage of the data by Pinterest as well as your rights and possibilities for protecting your privacy, please consult Pinterest’s data privacy notice at:
6. Analytics and Advertising
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “Cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link:
Google Browser Plugin
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site:
Disable Google Analytics
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics
Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.
We use a so-called “Pinterest Tag” on our website (a service of Pinterest Europe Ltd., 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland (“Pinterest Ltd.”). This tag enables us to use our Pinterest campaigns in a needs-based manner, to further optimise them and to measure their conversion. This enables us to ensure that our Pinterest ads are displayed to Pinterest users according to their interests and that we can track subsequent actions by Pinterest users. For this purpose, the following information in particular is processed and transmitted to us: shortened and anonymised IP address, device information (e.g. type, brand), the browser system used, the time at which our offer was called up and the reaction to the respective campaign. The data processed in this way is anonymous for us, so it is not possible for us to draw any conclusions about your identity.
Please note that your data may be shared with third parties by Pinterest for the purpose of behavioural advertising on the web and that you can opt out of behavioural advertising on the web on Pinterest in your personalisation settings, on the AdChoices website optout.aboutads.info or disable it in your mobile ad identifier settings.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through then “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
This website uses Newsletter2Go to send newsletters. The provider of this service is Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin, Germany.
Newsletter2Go is a service which organizes and analyses the distribution of newsletters. The data you provide to subscribe to our newsletter will be stored on Newsletter2Go servers in Germany.
If you do not want your usage of the newsletter to be analysed by Newsletter2Go, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.
Data analysis by Newsletter2Go
We use Newsletter2Go to analyse our newsletter campaigns. This allows us to determine if a newsletter message has been opened and which links you click on. We can thus find out how often various links are clicked.
In addition, we can see if certain actions take place after clicking on said links (conversion rate). We can thus determine whether the clicking of a link in a newsletter has led to a purchase, for example.
Newsletter2Go also allows us to classify newsletter recipients into different categories (clustering). For example, newsletter recipients can be subdivided according to gender, personal preference (e.g. vegetarian or non-vegetarian), or customer relationship (e.g. existing or potential customer). This allows us to adapt the newsletters to the respective target groups.
For detailed information on the functions of Newsletter2Go, see the following link:
Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of Newsletter2Go. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected.
8. Payment Service Providers
Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg (hereafter referred to as “PayPal”).
If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art.6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.