Privacy Policy

1) Introduction and Contact Details of the Responsible Party

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data includes all data that can personally identify you.

1.2 The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Ruff Golf UG (limited liability), Brookdamm 6, 21217 Seevetal, Germany, Tel.: upon request, Email: service@ruff.golf. The data controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website purely for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/Referrer from which you arrived at the site
Used browser
Used operating system
Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used otherwise. However, we reserve the right to subsequently check the server log files should there be concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the padlock symbol in your browser's address bar.

3) Hosting & Content Delivery Network

3.1 Shopify

We use the system of the following provider for hosting our website and displaying the page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a Content Delivery Network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service allows us to deliver large media files such as graphics, page content, or scripts faster through a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

The provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision of the European Commission, ensures compliance with the European level of data protection for data transfers to the USA.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called "session cookies"), while others remain on your device longer and allow the saving of site settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your browser's cookie settings.

If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract, according to Art. 6 para. 1 lit. a GDPR in the case of given consent, or according to Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the optimal functionality of the website as well as a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for specific cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

When contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when it can be determined from the circumstances that the matter at hand has been conclusively clarified and provided there are no statutory retention obligations.

6) Use of Customer Data for Direct Marketing

Klaviyo

Our email newsletters are sent via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provide when subscribing to the newsletter to this provider in accordance with Art. 6 para. 1 lit. f GDPR so that they can manage the newsletter sending on our behalf.

Subject to your explicit consent under Art. 6 para. 1 lit. a GDPR, the provider also conducts a statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the newsletter content. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and analyzed but not combined with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects our website visitors' data and prohibits disclosure to third parties.

7) Data Processing for Order Handling

7.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transportation company and the commissioned financial institution in accordance with Art. 6 para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data (name, address, email address) you provided during the order to inform you personally about upcoming updates within our legal information obligations in accordance with Art. 6 para. 1 lit. c GDPR via an appropriate communication method (e.g., postal mail or email). Your contact data is used strictly for the purpose of communicating about the updates we owe and is processed by us only to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s) who support us wholly or partly in carrying out concluded contracts. Certain personal data is transmitted to these service providers based on the following information.

7.2 Disclosure of Personal Data to Shipping Service Providers

- DHL

As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We pass on your email address and/or phone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before delivering the goods for the purpose of scheduling a delivery date or announcing the delivery, provided you have given your explicit consent during the order process. Otherwise, for the purpose of delivery, we only pass on the recipient's name and delivery address to the provider in accordance with Art. 6 para. 1 lit. b GDPR. The disclosure only occurs to the extent necessary for the delivery of goods. In this case, a prior agreement on the delivery date with the provider or the delivery announcement is not possible.

You can revoke your consent at any time with effect for the future with respect to the responsible party mentioned above or the provider.

7.3 Use of Payment Service Providers

- Apple Pay

If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your iOS, watchOS, or macOS-operated device by charging a payment card stored with "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you must enter a code you previously set and verify using the "Face ID" or "Touch ID" function of your device.

For the purpose of payment processing, the information you provide during the ordering process, along with information about your order, is transmitted in encrypted form to Apple. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider of the payment card stored with Apple Pay to carry out the payment. The encryption ensures that only the website where the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the payment's success.

If personal data is processed during these transmissions, the processing is carried out solely for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes personal identification. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on your Mac, the Mac and the authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings by going to "Wallet & Apple Pay" and disabling "Allow Payments on Mac."

Further information on data protection with Apple Pay can be found at the following website: https://support.apple.com/en-us/HT203027
- Google Pay

If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application on your mobile device with at least Android 4.4 ("KitKat") and NFC functionality by charging a payment card stored with Google Pay or a verified payment system there (e.g., PayPal). To authorize a payment over 25 EUR via Google Pay, you must first unlock your mobile device using the verification method you have set up (e.g., facial recognition, password, fingerprint, or pattern).

For the purpose of payment processing, the information you provide during the ordering process, along with information about your order, is passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which verifies the completed payment. This transaction number does not contain any information about the actual payment data of your payment methods stored in Google Pay but is created and transmitted as a one-time valid numerical token. In all transactions via Google Pay, Google acts solely as an intermediary for processing the payment. The transaction is carried out exclusively between the user and the originating website by charging the payment method stored in Google Pay.

If personal data is processed during these transmissions, the processing is carried out solely for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Google reserves the right to collect, store, and analyze certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the transaction reason, and any offers associated with the transaction.

According to Google, this processing is carried out solely in accordance with Art. 6 para. 1 lit. f GDPR based on the legitimate interest in proper accounting, verification of transaction data, and the optimization and maintenance of the Google Pay service.

Google also reserves the right to combine the processed transaction data with other information collected and stored by Google when using other Google services.

The terms of service for Google Pay can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found at the following website:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you choose a payment method from the provider where you advance payment (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order are passed on to the provider in accordance with Art. 6 para. 1 lit. b GDPR. Your data is passed on solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you choose a payment method where the provider advances payment (e.g., invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, possibly data for an alternative payment method) during the ordering process.

To protect our legitimate interest in assessing the creditworthiness of our customers, we forward this data to the provider for a credit check in accordance with Art. 6 para. 1 lit. f GDPR. Based on the personal data you provide as well as additional data (such as shopping cart, order amount, order history, payment experiences), the provider assesses whether the selected payment method can be granted in terms of payment and/or default risk.

For decision-making in the application review, in addition to internal criteria of the provider in accordance with Art. 6 para. 1 lit. f GDPR, identity and credit information from the following credit agencies may also be included:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). If score values are included in the credit report results, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, address data.

You can object to this data processing at any time by sending us a message or contacting the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractually compliant payment processing.

If you exercise your right to object, we will cease processing the affected data for direct marketing purposes.

- PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you choose a payment method from the provider where you advance payment, your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order are passed on to the provider in accordance with Art. 6 para. 1 lit. b GDPR. Your data is passed on solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you choose a payment method where we advance payment, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, possibly data for an alternative payment method) during the ordering process.

To protect our legitimate interest in assessing your creditworthiness, we forward this data to the provider for a credit check in accordance with Art. 6 para. 1 lit. f GDPR. Based on the personal data you provide as well as additional data (such as shopping cart, order amount, order history, payment experiences), the provider assesses whether the selected payment method can be granted in terms of payment and/or default risk.

- Shopify Payments

One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

8) Web Analytics Services

8.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.

By default, Google Analytics 4 sets cookies when you visit the website, which are stored as small text snippets on your device and collect certain information. This information includes your IP address, which Google truncates to the last digits to exclude direct personal identification.

The information is transmitted to Google's servers and processed there. This may also include transfers to Google LLC based in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activities for us, and provide other services related to website and internet usage. The truncated IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. The data collected through the use of Google Analytics 4 is stored for two months and then deleted.

All the processing described above, especially the setting of cookies on the used device, only occurs if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, the use of Google Analytics 4 is omitted during your site visit. You can revoke your given consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with Google, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information about Google Analytics 4 can be found at https://business.safety.google/intl/en/privacy/, https://policies.google.com/privacy?hl=en&gl=en, and https://policies.google.com/technologies/partner-sites

Demographic Features
Google Analytics 4 uses the special feature "Demographic Features" and can create statistics that provide information about the age, gender, and interests of site visitors. This is done by analyzing advertising and information from third parties. As a result, target audiences for marketing activities can be identified. However, the collected data cannot be assigned to a specific person and is deleted after being stored for two months.

Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have personalized ads enabled and have linked your devices with your Google account, Google can, subject to your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can disable the "Personalized Ads" feature in your Google account settings. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=en

UserIDs
As an extension to Google Analytics 4, the "UserIDs" feature can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, created an account on this website, and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision of the European Commission, ensures compliance with the European level of data protection.

8.2 Google Tag Manager

This website uses "Google Tag Manager," a service from the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").

Google Tag Manager provides a technical foundation for bundling various web applications, including tracking and analytics services, and allows them to be calibrated, controlled, and triggered based on conditions through a unified user interface. Google Tag Manager itself does not store information on user devices or read them. The service also does not perform independent data analyses. However, Google Tag Manager transmits your IP address to Google when a page is loaded and may store it there. A transmission to servers of Google LLC in the USA is also possible.

This processing only takes place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, the use of Google Tag Manager is omitted during your site visit. You can revoke your given consent at any time with effect for the future. To exercise your revocation right, please deactivate this service via the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with Google, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information about Google Tag Manager can be found at https://business.safety.google/intl/en/privacy/ and https://policies.google.com/privacy?hl=en&gl=en

9) Retargeting/Remarketing and Conversion Tracking

9.1 Meta Pixel

Within our online offerings, we use the service "Meta Pixel" from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quay, Dublin 2, Ireland ("Meta")

If a user clicks on an advertisement we have placed on Facebook and/or Instagram, the URL of our linked page is extended with a parameter using "Meta Pixel." This URL parameter is then inserted into the user's browser via a cookie set by our linked page after redirection.

This allows Meta to identify visitors to our online offerings as a target group for displaying advertisements (so-called "Ads"). Accordingly, we use the service to show the Facebook and/or Instagram ads we have placed only to users who have shown an interest in our online offerings or who have certain characteristics (e.g., interests in specific topics or products determined based on visited websites) that we transmit to Meta (so-called "Custom Audiences").

On the other hand, "Meta Pixel" can track whether users were redirected to our website after clicking on an advertisement and what actions they perform there (so-called "Conversion Tracking").

The collected data is anonymous to us, meaning it does not provide us with any clues about the users' identities. However, Meta stores and processes the data, allowing a connection to the respective user profile and enabling Meta to use the data for its own advertising purposes.

All the processing described above, especially the setting of cookies to read information on the used device, only occurs if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with Meta, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

The information generated by Meta is usually transmitted to a Meta server and stored there; in this context, transmission to servers of Meta Platforms Inc. in the USA may also occur.

9.2 Microsoft Advertising Universal Event Tracking

This website uses conversion tracking technology from the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

For the use of Universal Event Tracking, a tag is embedded on each page of our website that interacts with the conversion cookie set by Microsoft. This interaction makes user behavior on our website traceable and sends the collected information to Microsoft. The purpose is to statistically record and evaluate certain predefined goals, such as purchases or leads, to make our offerings more interest-oriented in terms of targeting and content. The tags never serve to personally identify users.

All the processing described above, especially the setting of cookies to read information on the used device, only occurs if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, the use of retargeting technology is omitted during your site visit.

You can revoke your given consent at any time with effect for the future. To exercise your revocation right, please deactivate this service in the "Cookie Consent Tool" provided on the website.

10) Site Functionalities

10.1 X-Plugins

Our website uses plugins from the social network provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland

These plugins enable direct interactions with content on the social network.

To enhance data protection when visiting our website, the plugins are initially disabled using so-called "2-click" or "Shariff" solutions integrated into the page.

This integration ensures that when a page of our website containing such plugins is accessed, no connection with the provider's servers is established yet.

The plugins are only activated and thus your browser establishes a direct connection to the provider's servers if you enable them and thereby give your consent to data transmission in accordance with Art. 6 para. 1 lit. a GDPR. This occurs regardless of whether you are logged into an existing user profile. Certain information about your device (including your IP address), your browser, and your browsing history is transmitted to the provider and possibly further processed there.

If you are logged into an existing user profile on the provider's social network, information about interactions with the plugins is also published there and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin by clicking it again. However, revoking does not affect the data already transmitted to the provider.

Data can also be transmitted to: X Corp., USA

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider relies on Standard Contractual Clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

10.2 Google Web Fonts

This site uses "Web Fonts" from the following provider to ensure uniform display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

When you access a page, your browser loads the necessary Web Fonts into its browser cache to display texts and fonts correctly and establishes a direct connection to the provider's servers. Certain browser information, including your IP address, is transmitted to the provider.

Data can also be transmitted to: Google LLC, USA

The processing of personal data in connection with establishing a connection with the font provider is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service via the "Cookie Consent Tool" provided on the website. If your browser does not support Web Fonts, a standard font from your computer is used.

The provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision of the European Commission, ensures compliance with the European level of data protection.

Further information on Google's data protection policies can be found here: https://business.safety.google/intl/en/privacy/

11) Tools and Other

Cookie Consent Tool

This website uses a so-called "Cookie Consent Tool" to obtain effective user consents for consent-required cookies and cookie-based applications. The "Cookie Consent Tool" is displayed to users upon page access in the form of an interactive user interface, where consents for certain cookies and/or cookie-based applications can be granted by checking boxes. The tool ensures that all consent-required cookies/services are only loaded if the respective user has given the appropriate consents by checking boxes. This ensures that such cookies are only set on the user's device if consent is given.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, the processing of personal data (such as the IP address) occurs for the purpose of storing, assigning, or logging cookie settings, this processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a compliant, user-specific, and user-friendly consent management for cookies and thus in a compliant design of our online presence.

Another legal basis for processing is Art. 6 para. 1 lit. c GDPR. As controllers, we are legally obligated to make the use of technically unnecessary cookies dependent on the respective user consent.

Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the configuration options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.

12) Rights of the Data Subject

12.1 The applicable data protection law grants you the following data subject rights (access and intervention rights) regarding the processing of your personal data, with the respective legal basis for exercising each right referenced:

Right of access in accordance with Art. 15 GDPR;
Right to rectification in accordance with Art. 16 GDPR;
Right to erasure in accordance with Art. 17 GDPR;
Right to restriction of processing in accordance with Art. 18 GDPR;
Right to notification in accordance with Art. 19 GDPR;
Right to data portability in accordance with Art. 20 GDPR;
Right to withdraw given consents in accordance with Art. 7 para. 3 GDPR;
Right to lodge a complaint in accordance with Art. 77 GDPR.

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A LEGITIMATE INTEREST BALANCE, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE, FOR REASONS ARISING FROM YOUR SPECIAL SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPULSORY PROTECTIVE GROUNDS FOR THE PROCESSING THAT OVERWEIGH YOUR INTERESTS, BASIC RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA TO CONDUCT DIRECT MARKETING, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

13) Duration of Storage of Personal Data

The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing, and – if applicable – the respective statutory retention period (e.g., commercial and tax legal retention periods).

When processing personal data based on explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the affected data is stored until you revoke your consent.

If there are statutory retention periods for data processed in the context of legal or quasi-legal obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods expire, provided it is no longer necessary for contract fulfillment or contract initiation and/or no legitimate interest in continued storage exists on our part.

When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object under Art. 21 para. 2 GDPR.

Unless otherwise specified in this declaration regarding specific processing situations, stored personal data will generally be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.