Privacy policy

General

As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you in what way, for what purpose and on what legal basis we process your data.

Responsible for data processing on this website and in our company is:

Germandrop GmbH

Bültenweg 93

38106 Brunswick

Phone: 0531 61520182

E-mail: service@germandrop.de

General notes

SSL or TLS encryption

When you enter your data on websites, place online orders or send e-mails over the Internet, you must always be prepared for unauthorized third parties to access your data. There is no complete protection against such access. However, we do our utmost to protect your data as best as possible and to close the security gaps as far as we are able.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the entered internet address in your browser and by the fact that our internet address starts with https:// and not with http://.

How long do we store your data?

In some places in this privacy statement, we inform you about how long we or the companies that process your data on our behalf will store your data. In the absence of such information, we will store your data until the purpose of the data processing no longer applies, you object to the data processing or you revoke your consent to the data processing.

However, in the event of an objection or revocation, we may continue to process your data if at least one of the following conditions is met:

  • We have compelling legitimate grounds for continuing data processing that override your interests, rights and freedoms (only in the case of objection to data processing; if the objection is to direct marketing, we cannot provide legitimate grounds).
  • The data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct marketing).
  • We are required by law to retain your data.

In this case, we will delete your data as soon as the requirement(s) cease to apply.

Data transfer to the USA

We also use tools from companies on our website that transmit your data to the USA and store and possibly process it there. This is particularly important for you because your data does not enjoy the same protection in the USA as it does within the EU, where the General Data Protection Regulation (GDPR) applies. For example, U.S. companies are required to hand over personal data to security authorities without you, as the data subject, being able to take legal action against this. It is therefore possible that U.S. authorities (e.g. intelligence agencies) process, evaluate and permanently store your data on U.S. servers for monitoring purposes. We have no influence on these processing activities.

Your rights

Objection to data processing

IF YOU READ IN THIS PRIVACY STATEMENT THAT WE HAVE LEGITIMATE INTERESTS FOR PROCESSING YOUR DATA AND THEREFORE RELY ON ART. 6 ABS. 1 SET 1 LIT. F) DSGVO, YOU HAVE THE RIGHT TO OBJECT TO IT PURSUANT TO ART. 21 DSGVO, YOU HAVE THE RIGHT TO OBJECT TO IT. THIS ALSO APPLIES TO PROFILING THAT TAKES PLACE ON THE BASIS OF THE AFOREMENTIONED PROVISION. IT IS A PREREQUISITE THAT YOU CITE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO JUSTIFICATION IS REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING.

THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS DOES NOT APPLY ONLY IF ONE OF THE FOLLOWING CONDITIONS IS MET:

  • WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS.
  • THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST DIRECT ADVERTISING OR AGAINST PROFILING THAT IS CONNECTED WITH IT.

Other rights

Revocation of your consent to data processing

Many data processing operations are based on your consent. You do this, for example, by checking the appropriate box on online forms before submitting the form, or by allowing certain cookies when you visit our website. You can revoke your consent at any time without giving reasons (Art. 7 (3) DSGVO). From the time of revocation, we may then no longer process your data. The only exception is that we are required by law to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.

Right to complain to the competent supervisory authority

If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority in accordance with Art. 77 GDPR. You may contact a supervisory authority in the Member State of your residence, place of work or the place where the alleged infringement took place. The right of appeal exists alongside administrative or judicial remedies.

Right to data portability

Data that we process automatically on the basis of your consent or in fulfillment of a contract must be handed over to you or a third party in a common machine-readable format if you request this. We can only transfer the data to another controller if this is technically possible.

Right to information, deletion and correction of data

According to Art. 15 DSGVO, you have the right to receive information free of charge about which of your personal data we have stored, where the data comes from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have a right to rectification (Art. 16 DSGVO), under the conditions of Art. 17 DSGVO you may request that we delete the data.

Right to restriction of processing

In certain situations, you may request us to restrict the processing of your data in accordance with Art. 18 DSGVO. The data may then – apart from storage – only be processed as follows:

  • with your consent
  • for the assertion, exercise or defense of legal claims
  • to protect the rights of another natural or legal person
  • for reasons of important public interest of the European Union or a Member State

The right to restrict processing exists in the following situations:

  • You have disputed the accuracy of your personal data stored by us and we need time to verify this. Here the right exists for the duration of the test.
  • The processing of your personal data is unlawful or was unlawful in the past. Here the right exists alternatively to the deletion of the data.
  • We no longer need your personal data, but you need it to exercise, defend or assert legal claims. Here the right exists alternatively to the deletion of the data.
  • You have objection according to Art. 21 para. 1 GDPR and now your and our interests must be weighed against each other. Here the right exists as long as the result of the consideration has not yet been determined.

Hosting and Content Delivery Networks (CDN)

External hosting

Our website is located on a server of the following Internet service provider (hoster):

Host Europe GmbH
Hansestrasse 111
51149 Cologne

Has a contract on commissioned processing been concluded with the hoster or are standard contractual clauses (SCC) used?

Yes

How do we process your data?

The hoster stores all the data of our website. This also includes all personal data that is collected automatically or through your input. This can be in particular: Your IP address, pages viewed, names, contact details and requests, as well as meta and communication data. When processing data, our hoster complies with our instructions and always processes the data only to the extent that this is necessary to fulfill the service obligation towards us.

On what legal basis do we process your data?

Since we address potential customers via our website and maintain contacts with existing customers, the data processing by our hoster serves to initiate and fulfill contracts and is therefore based on Art. 6 para. 1 lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 para. 1 lit. f) GDPR.

Data collection on this website

Cookies use

Our website places cookies on your device. These are small text files that are used for different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are needed to perform certain actions or functions on the site (functional cookies). For example, without cookies, it would not be possible to take advantage of a shopping cart in an online store. Still other cookies are used to analyze user behavior or to optimize advertising measures. If we use third-party services on our website, e.g. to process payment transactions, these companies may also leave cookies on your device when you access the website (so-called third-party cookies).

How do we process your data?

Session cookies are stored on your device only for the duration of a session. So, as soon as you close the browser, they disappear by themselves. Permanent cookies, on the other hand, remain on your device unless you delete them yourself. This may, for example, result in your user behavior being permanently analyzed. You can use the settings in your browser to influence how it handles cookies:

  • Do you want to be informed when cookies are set?
  • Do you want to exclude cookies in general or for certain cases?
  • Do you want cookies to be automatically deleted when you close the browser?

If you disable or do not allow cookies, the functionality of the website may be limited.

If we use cookies from other companies or for analysis purposes, we will inform you about this as part of this privacy policy. We also request your consent in this regard when you access our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online offerings can be used by visitors without technical problems and that all desired functions are available to them. The storage of necessary and functional cookies on your device is therefore based on Art. 6 para. 1 lit. f) GDPR. We set all other cookies on the basis of Art. 6 para. 1 lit. a) DSGVO, provided that you give us the corresponding consent. You can revoke this at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when requesting consent, these cookies are also stored exclusively on the basis of your consent.

Cookie consent with Borlabs cookie

What is Borlabs Cookie?

Cookie plugin for compliance with DSGVO and ePrivacy

Who processes your data?

Only us, not the provider of Borlabs cookie

Where can you find more information about privacy at Borlabs Cookie?

https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

How do we process your data?

We use Borlabs cookie to obtain your consent to store cookies on your device. When you visit our website and close the Borlabs cookie window requesting consent, a Borlabs cookie with the following content is stored in your browser:

  • Cookie Runtime
  • Cookie version
  • Domain and path of the website
  • Consents
  • a randomly generated ID

This data is not transmitted to the provider of Borlabs Cookie.

We store the data until the purpose of the data storage no longer applies, you delete the Borlabs cookie or request us to delete the data. This does not apply only if we are legally obligated to retain the data.

On what legal basis do we process your data?

We are legally obliged to obtain the consent of our website visitors for the use of certain cookies. To fulfill this obligation, we use Borlabs cookie. The legal basis for data processing is therefore Art. 6 para. 1 lit. c) GDPR.

Server log files

Server log files log all requests and accesses to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymized by the provider after a short time, so that we cannot assign the data to your person. The data is automatically transmitted by your browser to our provider.

How do we process your data?

Our provider stores the server log files in order to be able to track the activities on our website and to locate errors. The files contain the following data:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address (anonymized if necessary)

We do not combine this data with other data, but use it only for statistical analysis and to improve our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs without errors. It is also our legitimate interest to obtain an anonymized overview of the accesses to our website. The data processing is therefore permitted pursuant to Art. 6 para. 1 lit. f) GDPR lawful.

Contact form

You can send us a message via the contact form on this website.

How do we process your data?

We store your message and the information from the form to be able to process your request including follow-up questions. This also applies to the contact details provided. We will not share the data with anyone else without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • Your request has been finalized.
  • You request us to delete the data.
  • You revoke your consent to storage.

This does not apply only if we are required by law to retain the data.

On what legal basis do we process your data?

If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process requests addressed to us. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) DSGVO the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Request by e-mail, phone or fax

You can send us a message by e-mail or fax or call us.

How do we process your data?

We store your message as well as your self-made contact details or the transmitted phone number to be able to process your request including follow-up questions. We will not share the data with anyone else without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • Your request has been finalized.
  • You request us to delete the data.
  • You revoke your consent to storage.

This does not apply only if we are required by law to retain the data.

On what legal basis do we process your data?

If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process requests addressed to us. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) DSGVO the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Communication via WhatsApp

What is WhatsApp?

Instant messaging service

Who processes your data?

WhatsApp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Where can you find more information about privacy on WhatsApp?

https://www.whatsapp.com/legal/#privacy-policy

On what basis do we transfer your data to the USA?

WhatsApp complies with the standard contractual clauses of the European Commission (cf. https://www. whatsapp.com/legal/business-data-processing-terms-20210927).

How do we process your data?

For communication with our customers and others outside our company, we use the instant messaging service WhatsApp in the “WhatsApp Business” variant.

Communication takes place via end-to-end encryption (peer-to-peer). This prevents WhatsApp or other third parties from gaining access to the communication content. We have also set our accounts so that there is no automatic synchronization with the address book on the smartphones we use. However, WhatsApp gets access to the metadata of the communication process (e.g., sender, recipient, and time of communication) and shares this data with Meta, its U.S.-based parent company, according to its own statement.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • The purpose of the data processing has ceased to exist.
  • You request us to delete the data.
  • You revoke your consent to storage.

The only time this does not apply is when we are required by law to retain the data.

On what legal basis do we process your data?

If our exchange via WhatsApp is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process inquiries directed to us and to maintain a business contact with other persons. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) DSGVO the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Analysis tools and advertising

We use the following tools to analyze the behavior of our website visitors and show you advertisements.

Matomo Analytics (locally installed)

How do we process your data?

We are always interested in optimizing our web offering for users and placing advertising in the best possible way. We are helped in this by Matomo Analytics, an open-source tool that analyzes user behavior and thus provides us with the necessary database for adjustments. Matomo uses cookies, device fingerprinting, and other technologies that enable cross-page user recognition to analyze user behavior. Matomo records the page views, from which region they come, the IP address, referrers, browsers used and operating systems. In addition, the tool can measure whether our website visitors take certain actions (e.g., click on links or make purchases). After anonymization of your IP address, the collected data is stored exclusively on our server.

On what legal basis do we process your data?

As a website operator, we have a legitimate interest in the anonymized analysis of user behavior for the purpose of optimizing our website and the advertising placed there. The data processing is therefore permitted pursuant to Art. 6 para. 1 lit. f) GDPR lawful. In the event that you have, for example, consented to the storage of cookies or otherwise consented to data processing, only Art. 6 para. 1 lit. a) DSGVO the legal basis. You can revoke your consent at any time with effect for the future.

Newsletter

Sendinblue

What is Sendinblue?

Service for sending newsletters and analyzing recipient behavior.

Who processes your data?

Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany

Has an order processing contract been concluded with Sendinblue?

Yes

Where can I find more information about privacy at Sendinblue?

https://de.sendinblue.com/legal/privacypolicy/ and https://de.sendinblue.com/legal/antispampolicy/

How do we process your data?

We use Sendinblue for our newsletter distribution. The service manages newsletter subscriber data for us, sends our newsletter and analyzes our newsletter campaigns.

If you would like to receive our newsletter, we need your e-mail address. We will also use a confirmation email (double opt-in procedure) to check whether you are really the owner of this email address. We do not collect any other data or only on a voluntary basis. We use your data exclusively for the newsletter dispatch.

If we send a newsletter via Sendinblue and you open it, a file contained in the newsletter automatically connects to Sendinblue’s servers. Thus, the service learns that the newsletter has been opened and registers all clicks on the links it contains. In addition, Sendinblue collects technical information, such as the time of the retrieval, the IP address, browser type and operating system.

You can unsubscribe from the newsletter at any time.

How long do we store your data?

After you have unsubscribed, the data will be deleted from the newsletter distribution list. Under certain circumstances, we may also blacklist your e-mail address; this is necessary, for example, if we receive an objection to advertising from you. The storage then takes place on the basis of Art. 6 para. 1 lit. f) GDPR.

Furthermore, we reserve the right to delete the data at any time after the purpose for which it was collected has ceased to exist or at our own discretion.

On what legal basis do we process your data?

By entering the subscriber list, you consent to the processing of data by Sendinblue. This is done lawfully on the basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent by unsubscribing from the newsletter or by sending us an informal message. For us, this means that we are no longer allowed to send you newsletters from this point on.

Plugins and tools

Wordfence

What is Wordfence?

Firewall and security scanner for WordPress websites

Who processes your data?

Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA

Where can you find more information about privacy at Wordfence?

https://www.wordfence.com/privacy-policy/

On what basis do we transfer your data to the USA?

Based on standard contractual clauses of the European Commission (cf. https://www. wordfence.com/help/general-data-protection-regulation/).

How do we process your data?

To protect our website from malicious traffic, we use the Wordfence plugin. It identifies and blocks data that has malicious code or content and checks core files, themes and plugins for malware, broken URLs, backdoors, SEO spam, malicious redirects and code injections. In order for these measures to be carried out, our website is permanently connected to the servers of Defiant Inc. in the USA. On these, the accesses to our website are compared with the data that Wordfence has stored in its database and, if necessary, blocked.

On what legal basis do we process your data?

As a website operator, we have a legitimate interest in protecting ourselves from malicious traffic. The data processing is therefore permitted pursuant to Art. 6 para. 1 lit. f) GDPR lawful.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time. From the time of revocation, we may no longer process your data.

Data processing on social media

What is social media?

By social media, we mean the social networks on which we have created publicly accessible profiles. You can read more about which social networks these are below.

Who processes your data?

The respective operating companies of the social networks. You can find the individual operators below under the respective networks.

How is your data processed?

The operators of social networks are generally able to collect and analyze comprehensive data on the behavior of visitors and users of the network. It is not possible for us to track all processing operations in the social networks we use, which is why further processing operations not listed here may be carried out by the operators of the social networks. You can find more information on this in the terms of use and privacy statements of the respective social networks.

The processing of your data can be triggered by visiting the social network’s website or our profile page there. Even if you call up a website that uses certain network content, e.g. like or share buttons, data may already be transmitted to the operators of the social network. If you are a user of the social network and logged into your user account, your visit to our profile page can be assigned to your account by the operator of the social network. Even if you have not registered a user account yourself or are not logged in, the operator of the network may still collect your personal data, e.g. by recording your IP address or setting cookies. With this data, the operators can create user profiles adapted to your behavior and interests and show you interest-based advertising inside and outside the network. If you are a registered user of the network, the interest-based advertising may also be displayed on all devices on which you are or were logged in.

On what legal basis is your data processed?

Our profiles in the social networks are intended to ensure the broadest possible presence of our company on the Internet. As a company, we have a legitimate interest in this. The data processing is therefore permitted pursuant to Art. 6 para. 1 lit. f DSGVO lawful.

The data processing operations and analyses carried out by the operators of the social networks themselves may be based on other legal bases. These must be specified by the operators of the social networks.

Who is responsible for processing your data and how can you exercise your rights?

If you visit one of our profiles on the social networks, we are jointly responsible with the operator of the respective network for the data processing operations triggered during this visit. In principle, you can assert your rights both against us and against the operator of the respective network.

Despite the joint responsibility with the operators of the social networks, however, our influence on the data processing operations of the respective operator is limited and is primarily based on the operator’s specifications.

How long will your data be stored?

If we collect data via our profiles in the social networks, these are deleted from our systems as soon as the purpose for storing them no longer applies, you request us to delete them or you revoke your consent to storage. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – esp. retention periods – remain unaffected.

We have no influence on how long the operators of the social networks store your data, which the operators collect for their own purposes. You can obtain information on this directly from the operator of the respective social network, e.g. in the respective privacy policy.

What social media do we use?

Facebook

What is Facebook?
A social network

Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Will your data be transferred to third countries?
Yes, to the USA and also to other third countries

Where can you find more information about Facebook privacy?
https://www.facebook.com/about/privacy/

As a Facebook user, where can you adjust your advertising settings?
As a registered Facebook user, you can customize your advertising settings in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads.

Twitter

What is Twitter?
A social network in the form of a micro-blogging platform

Who processes your data?
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Will your data be transferred to third countries?
Yes, to the USA

Where can you find more information about Twitter privacy?
https://twitter.com/de/privacy

As a Twitter user, where can you adjust your advertising settings?
As a registered Twitter user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in:
https://twitter.com/personalization.

Instagram

What is Instagram?
A social network specialized in photos and videos

Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Will your data be transferred to third countries?
Yes

Where can you find more information about privacy on Instagram?
https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram Help Area&bc[1]%20und%

As a user, where can you adjust your privacy settings?
As a registered Instagram user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in:
https://www.instagram.com/accounts/privacy_and_security/

LinkedIn

What is LinkedIn?

A social network for business contacts

Who processes your data?

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Will your data be transferred to third countries?

Yes

Where can you find more information about privacy on LinkedIn?

https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

As a user, where can you adjust your privacy settings?

As a registered LinkedIn user, you can customize your privacy settings in your user account. To do so, click on the following link and log in:
https://www.linkedin.com/psettings/

YouTube

What is YouTube?
A social network in the form of an online video portal

Who processes your data?
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Will your data be transferred to third countries?
Yes

Where can you find more information about YouTube privacy?
https://policies.google.com/privacy?hl=de

As a user, where can you adjust your privacy settings?
https://policies.google.com/privacy?hl=de#infochoices