As the data controller, we have prepared this data protection declaration to inform you about the type, scope and purpose of the processing of personal data in connection with our website, in accordance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).
- “Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means or not, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, use, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying;
- “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and methods of the processing of personal data; where the purposes and methods of such processing are determined by Union or Member State law, the controller or where the specific criteria for its nomination may be provided for by Union or Member State law;
- “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data as part of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; these public authorities shall process this data in accordance with the applicable data protection rules according to the purposes of the processing;
Tel. (+49) 711 - 21724068-0
Fax (+49) 711 - 21724068-0
Contact details of the company data protection officer
Telephone: (+49) 711 - 4605025-40
Fax: (+49) 711 - 4605025-49
We process personal data on the basis of at least one of the following legal bases:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 para. 1 sentence 1 lit. a GDPR);
- Performance of a contract with the data subject or for the implementation of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 sentence 1 lit. b GDPR);
- Compliance with a legal obligation to which we are subject (Art. 6 para. 1 S. 1 lit. c GDPR);
- Protection of our legitimate interests or those of a third party (Art. 6 para. 1 sentence 1 lit. f GDPR)
The following information refers to the legal basis of the individual processing steps contained in this data protection declaration.
Forwarding of data to recipients
We forward personal data to recipients (contractors or other third parties) only to the required extent and only under one of the following conditions:
- The data subject has consented to the transfer;
- The transfer is for the fulfilment of contractual obligations or pre-contractual measures on the initiative of the data subject;
- We are legally obliged to make the transfer;
- The transfer is made on the basis of our legitimate interests or those of a third party.
The transfer of personal data to a country or an international organization outside the European Union (EU) or the European Economic Area (EEA) is subject to legal or contractual permissions only in accordance with the conditions of Art. 44 ff. GDPR. This means, that for the country concerned, there is an adequacy resolution of the EU Commission according to Art. 45 GDPR, there are suitable guarantees for data protection according to Art. 46 GDPR or there are binding internal data protection regulations according to Art. 47 GDPR.
Rights of data subjects
As a data subject, you have the following rights:
- According to Art. 15 GDPR, you can request information about your personal data processed by us. Furthermore, you can request information about the purposes of the processing, the categories of processed personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned period for which the personal data will be stored or the criteria for determining that period, the origin of your data, if this data was not collected from you, the existence of automated decision-making including profiling and, where appropriate, meaningful information on its details such as logic, scope and effects, the existence of a right to rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organization and, if so, the appropriate safeguards relating to the transfer;
- According to Art. 16 GDPR, you can demand the immediate rectification of incorrect personal data or the completion of your personal data stored with us;
- According to Art. 17 GDPR, you can request the deletion of your personal data stored with us, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- According to Art. 18 GDPR, you can demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of it and we no longer need the data, you need the data which is no longer needed by us for the establishment, exercise or defense of legal claims, or you have objected to the processing in accordance with Art. 21 GDPR, pending the verification of whether our legitimate grounds for data processing outweigh your interest;
- According to Art. 20 GDPR, you may request the transfer of your personal data that you have provided to us in a structured, commonly used and machine-readable format or transfer it to another data controller;
- According to Art. 21 GDPR, you may object to the processing of your personal data if there are grounds for doing so which relate to your particular situation or if you object to processing for direct marketing purposes and the legal basis for processing the personal data are legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR;
- According to art. 7 para. 3 GDPR, you can withdraw your consent to us at any time. As a result, we will no longer be permitted to continue processing the data that was based on this consent in the future;
- According to Art. 77 GDPR, you can lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of the place of your habitual residence, place of work or our registered office.
If you wish to assert the above-mentioned data subject rights, you can contact us or our data protection officer at any time using the contact details above.
Erasure and restriction of personal data
Unless otherwise provided for in this data protection declaration for individual cases, personal data will be erased if this data is no longer necessary for the purposes for which it was collected or was in any other way processed and if there are no legal obligations that require us to keep it. We will also erase your personal data processed by us upon request, in accordance with Art. 17 GDPR if the conditions described therein are met. If personal data is required for other legally permissible purposes, the data will not be erased, but its processing will be restricted in accordance with Art. 18 GDPR. In the event of a restriction, the data will not be processed for other purposes. This applies, for example, to personal data that we must keep for commercial or tax reasons. The types of documents specified under Section 257 para. 1 no. 2 and 3 of the German Commercial Code (HGB) and under Section 147 para. 1 no. 2, 3 and 5 of the German Tax Code (AO) are kept for six years. The types of documents specified under Section 257 para. 1 no. 1 and 4 HGB and under Section 147 para. 1 no. 1, 4 and 4a AO are kept for 10 years.
We use session cookies to recognize that you have already visited individual pages of our website. These cookies also provide certain functionalities. Session cookies are deleted after you leave our website.
In addition, we also use temporary cookies, which are stored on your device for a specified period of time, to optimize user-friendliness and the statistical evaluation of the use of our website. If you visit our website again to use our services, these cookies will automatically recognize that you have already visited us before and what entries and settings you have made, so you do not have to enter them again.
The data processed by cookies is required for the above-mentioned purposes in order to protect our legitimate interests which result from processing the data and the legitimate interests of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
Individual processing operations
In order to make our website available to you, we use the services of hosting companies, such as the provision of web servers, storage space, database services, security services and maintenance services.
While doing so, we or our hosting providers process our website users’ personal data on the basis of our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 para. 1 lit. f GDPR.
Access data and log files
When you visit our website or its individual pages, your device’s browser automatically sends information to our website server. This information is stored in so-called log files by us or by our hosting provider and is deleted within six months at the latest.
The following information is stored:
- The IP address of the requesting computer,
- The date and time of access,
- The name and URL of the requested file,
- The website from which our site was accessed (referrer URL),
- The browser being used and, if applicable, the type of operating system your computer uses and the name of your access provider.
This data is processed for the following purposes:
- The provision of our website, including all of its features and contents
- To ensure a smooth connection to our website
- To ensure the comfortable use of our website
- To ensure system security and stability
- For anonymized statistical evaluation of user access
- To optimize our website
- For forwarding to law enforcement authorities in the event of unlawful interference or an attack on our systems
- For additional administrative purposes.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is based on the above-described purposes for data collection. Under no circumstances do we use the data we collect for the purpose of drawing conclusions about a person.
If you use the contact form, you will be asked to provide your name and email address so we can contact you personally. Additional information can be provided voluntarily. In accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, data processing for the purpose of contacting us and responding to your request is based on your voluntary consent. All personal data collected in connection with the contact form will be deleted after responding to your request, unless it is necessary to store this data for the documentation of other processes (for example, for the subsequent conclusion of a contract).
If you would like to receive our newsletter, we need to have your name and email address. In accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, data processing for the purpose of sending the newsletter is based on your voluntary consent which is granted via the so-called double opt-in procedure. Your email address will be used and stored for this purpose until you withdraw your consent or unsubscribe from the newsletter. You can unsubscribe at any time, for example, by using the link at the end of each newsletter. You can also send your withdrawal/unsubscribe request at any time to the email address indicated under Clause I.
We send our newsletters with a so-called web beacon. A web beacon is a miniature graphic embedded in the newsletter’s HTML format which enables us to analyze reader behavior. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to create statistical evaluations of the success or failure of a marketing campaign in order to optimize newsletter distribution and to better match the content of future newsletters to your interests. The collected data will not be transferred to third parties and will be deleted after the statistical evaluation.
If you apply to us electronically, i.e. via e-mail or using our online form, we will collect and process your personal data for the purpose of executing the application process and preparing contracts.
In accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, data processing for the purpose of deciding whether to establish an employment relationship is based on your voluntary consent. By submitting an application via our recruitment website, you express your interest in taking up work with us. In this context, you transmit personal data, which we will use and store exclusively for the purpose of your job search / application process.
In particular, the following data is collected during this process:
name (first and last names), e-mail address, phone number, LinkedIn profile (optional), channel through which you found us
Furthermore, you can choose to upload expressive documents such as a cover letter, your CV and reference letters. These may contain additional personal data such as date of birth, address etc.
Only authorized HR staff and/or staff involved in the application process have access to your data.
The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
Your data will be stored for a period of 180 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.
Comments and contributions
If you leave comments or other contributions on our website, your email and IP address will be stored on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR. You can provide further information voluntarily. The purpose of storing your email address is to contact you regarding your comment or contribution, to forward any complaints you may have and, if necessary, to ask you to comment. You will not be able to use the comments function without entering your email address. The email address you provide will be saved but will not be published along with your comment.
Our legitimate interest in retrieving and storing your email address is for security reasons, for example, in the event that someone leaves illegal content (for example, insults) in comments and contributions. In this case, we ourselves could be prosecuted for the comment or contribution and therefore, we have a legitimate interest in storing your IP address. This collected personal data will only be passed on to the prosecution authorities in cases of criminal investigations. Personal information will not be transferred to any other third parties.
The iFixit Community and Registration
iFixit USA and iFixit EUROPE use a shared system for the administration of community accounts in order to make it easier for users to access the shared website of the iFixit Community. The provider is www.ifixit.com; San Luis Obispo, CA 93401, United States. It is not possible to register with the iFixit Community without your data being transferred to the USA. However, you can order goods in the EU store as a guest without registering with the community. When you register with the iFixit Community, you will be redirected to the iFixit USA website. In this context, your name, email address, username, and password are stored and processed on iFixit servers in the US. iFixit USA has entered the EU/U.S. Privacy Shield and therefore complies with the requirements of the European Union to legitimize the transfer of personal data to the United States. For more information about iFixit’s commitment with regards to the EU/U.S. Privacy Shield, please visit: https://www.privacyshield.gov/participant?id=a2zt00000008VUDAA2&status=Active. For more information on how iFixit USA handles your personal data, please see our data protection declaration: https://www.ifixit.com/Info/Privacy. iFixit EUROPE and iFixit USA are jointly responsible for processing personal data. iFixit EUROPE complies with all obligations regarding the exercise of the rights of data subjects. In accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, data is processed on the basis of our legitimate interest in the provision of the services on our website.
You can register on our website by entering your name, address, telephone number and email address. In accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, registration is voluntary and is based on your voluntary consent. The transmission of any other personal data is determined by the respective input mask used for the registration. The collected personal data is used for the purposes of offering our services as well as to contact you in order to provide you with information regarding our services and your registration. You can view your personal data and make changes to this data via your personal user access. Your data will be stored until you delete your user account or instruct us to delete your data. If we are obliged to store your personal data due to legal, commercial and tax-related retention periods, the processing of your personal data will be restricted accordingly until the expiry of the retention periods and this data will then be deleted.
When you register on our website or use your user account, we store your IP address and the time of your use of our website. In accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, data is processed on the basis of our legitimate interest in the provision of the services on our website. Storage of your data is also in your interest in order to protect you from misuse and other unauthorized use. Your data will not be transferred to third parties, unless it is necessary to fulfil contractual obligations in accordance with Art. 6 para. 1 lit. b GDPR or for the pursuit of any claims to which we are entitled or if there is a legal obligation according to art. 6 para. 1 lit. c GDPR. IP addresses are anonymized or deleted within seven days, at the latest.
In connection with and for the purpose of implementing pre-contractual measures and fulfilling contractual obligations via our website taken at the request of the data subject, we process the data subject’s personal data in order to perform the contract. This data includes:
- The contractual partner’s data, such as, name, address and contact data, any alternate delivery addresses or invoice addresses or alternate recipients and, if necessary, the contractual partner’s date of birth;
- Contract data, such as the subject matter and duration of the contract, customer category;
- Payment data, such as bank details, credit card data, payment history.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
The data will only be transferred to third parties to the extent that this is necessary in order to implement pre-contractual measures and to fulfil contractual obligations, such as to banks, payment service providers, credit card companies for processing payment and to shipping providers for the shipping of goods.
Trusted Shops Buyer Protection
Our website uses the Trusted Shops Trustbadge. The provider is Trusted Shops GmbH, Subbelrather Strasse 15C, 50823 Cologne (hereinafter, “Trusted Shops”). We display the Trustbadge, the Trusted Shops seal of approval and reviews on our website. When the Trustbadge is accessed, personal data, such as the IP address, the date and time of access, the transferred data volume and the requesting provider is processed and documented. This access data is not analyzed and is automatically overwritten within seven days at the latest after you leave our website. The legal basis for our use of the Trusted Shops Trustbadge is our legitimate interest in optimally marketing our services according to art. 6 par. 1 lit. f GDPR.
Additional personal data will only be transmitted to Trusted Shops (for example, for requests to provide feedback) if you have consented to this transfer, have decided to use Trusted Shops products after completing an order or have already registered to use Trusted Shops. In this case, the contractual agreement between you and Trusted Shops shall apply.
Additional information on how Trusted Shops handles your personal data can be found in the Trusted Shops data protection declaration at: https://www.trustedshops.de/impressum/
Creditworthiness and Scoring
Automated decision-making (credit reform)
Based on Art. 6 para. 1 lit. b and lit. f GDPR, we perform a credit assessment of customers prior to the conclusion of the contract for the purpose and on the basis of our legitimate interest in checking creditworthiness and minimizing payment defaults. This is only done if invoice or direct debit is selected as the payment method. For this purpose, the customer’s date of birth and address data will be transmitted to: Verband der Vereine Creditreform e.V., Hellersbergstrasse 12, 41460 Neuss, Germany. The credit assessment involves the use of probability values (so-called score values), whose calculation includes address data. The calculation of these scoring values is based on a scientifically recognized mathematical-statistical procedure. Additional information on how Creditreform handles your personal data can be found at: https://www.creditreform.de/navigations/content-footer/datenschutzerklaerung.html (data protection declaration). In case of insufficient creditworthiness, direct debit or invoices will not be accepted as a payment method. If you do not agree to the data transfer, please use another method of payment.
Payment service provider
PayPal acts as an online payment service provider and trustee and offers buyer and seller protection services. When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - purchase on account via PayPal, your name, email address, purchased products, invoice amount, as well as your invoice and delivery address will be transferred to PayPal as part of payment processing. When using the following payment methods: credit card via PayPal, direct debit via PayPal or - if offered - purchase on account via PayPal, PayPal may conduct a credit check in order to check your creditworthiness and to minimize payment defaults before deciding to approve the payment process. The credit assessment involves the use of probability values (so-called score values), whose calculation includes address data. The calculation of these scoring values is based on a scientifically recognized mathematical-statistical procedure. In case of insufficient creditworthiness PayPal can refuse the chosen payment method. The legal basis for processing is Art. 6 para. 1 lit. b GDPR.
If you do not agree with the data transmission, or if you believe that your creditworthiness is not suitable for the chosen method of payment, please use another method of payment. Additional information on how PayPal handles your personal information can be found in PayPal’s data protection declaration at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
Statistics and Analysis
We use the so-called “Facebook pixel” on our website. The provider is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for processing the personal data of persons in the EU.
Facebook has joined the EU/US Privacy Shield Agreement, thereby committing itself to complying with European data protection standards and thus has fulfilled the EU requirements for legitimizing the transfer of personal data to the USA. Information on Facebook’s commitment can be found at
The use of this technology enables Facebook to assign visitors to our website to specific groups (for example, visitors to our website according to the areas of interest we have sent to Facebook - the so-called “custom audiences”) for the display of specific advertisements and to thus be able to recognize these groups. This ensures that these users are only shown advertisements that match their interests and that inconveniences caused by inappropriate advertising are avoided. By using the Facebook pixel, we can also monitor the effectiveness of our Facebook advertisements for statistical purposes and track whether and how a user has used our services after clicking on an advertisement. Additional information about the Facebook pixel and how it works can be found at: https://www.facebook.com/business/help/651294705016616. Detailed information on how Facebook processes the data it collects and general information about Facebook advertisements can be found in Facebook’s data protection declaration, which can be accessed at: https://www.facebook.com/about/privacy/update. In your Facebook, account under the heading “Settings,” you can object to the collection of your data via the Facebook pixel and its use for displaying specific advertisements. Information on these settings can be found at: https://www.facebook.com/settings?tab=ads(Login necessary).
The use of the Facebook pixel helps us to appropriately advertise our products and services without inconveniencing the recipients of this advertising with inappropriate advertising. The legal basis for the use of the Facebook pixel is our legitimate interests and the legitimate interests of third parties in these purposes, in accordance with Art. 6 para. 1 lit. f GDPR.
Provider of the following Google services is Google Ireland Limited (register number: 368047), Gordon House, Barrow Street, Dublin 4, Irland (hereinafter, “Google”).
The legal basis for the use of the following Google services is our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR.
Google has joined the EU/US Privacy Shield Agreement, thereby committing itself to complying with European data protection standards and thus has fulfilled the EU requirements for legitimizing the transfer of personal data to the USA. Information on Google’s commitment can be found at
Additional information on how Google handles your personal data can be found in Google’s data protection declaration at: https://www.google.com/intl/de/policies/privacy/ . Information on how Google uses data for advertising purposes, information about setting options and how to object to the use of your data for advertising purposes can be found on these websites: https://www.google.de/policies/privacy/partners/, https://www.google.de/policies/technologies/ads/, http://www.google.de/settings/ads, http://www.google.com/ads/preferences/
Google Analytics demographic features
This website uses the “demographic features” function as part of Google Analytics. This function allows us to generate reports that contain information about the age, gender and interests of our site visitors. This data comes from Google’s interest-based advertising and from visitor data from third-party providers. This data cannot be assigned to a specific person. The legal basis for the use of the following Google services is our legitimate interest in optimizing and optimally marketing our website in accordance with Art. 6 para. 1 lit. f GDPR.
You can disable this feature at any time by using your Google account’s ad preferences or opt-out of having Google Analytics collect your information, as described in the “object to data collection” section.
Google Analytics Remarketing
Google AdWords with conversion tracking
Google Web Fonts
This website uses external fonts from Google, so-called web fonts, to display fonts. In order to do this, your browser loads the required web font into the browser cache when you access the web page. If your browser does not support this function, your computer will use a standard font to display the website. This service collects your IP address, which of our web pages you have visited and, if applicable, other data Google needs for the provision of the web fonts. The information collected about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf or on the behalf of Google.