Free delivery on orders over €50!
 

Privacy Policy

1. Introduction

This website is operated by CCM CLIMOTI.

We take the privacy of our website visitors seriously and do everything we can to protect it. To that end, we make every effort to comply with the requirements of the GDPR.

Below, we explain how we process your data on this website. We aim to use clear, plain language so you genuinely understand what happens to your data.

2. General Information

2.1 Processing of Personal Data and Key Terms

Data protection law applies to the processing of personal data. Personal data means any information that can be used to identify you directly — for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed whenever "something happens" with it. For instance, your IP address is transmitted by your browser to our hosting provider and automatically stored there. This constitutes processing (pursuant to Art. 4(2) GDPR) of personal data (pursuant to Art. 4(1) GDPR).

These and further statutory definitions can be found in Art. 4 GDPR.

2.2 Applicable Law — GDPR, BDSG and TDDDG

The scope of data protection is governed by law — in this case, the GDPR (General Data Protection Regulation) as a European regulation, and the BDSG (Bundesdatenschutzgesetz — German Federal Data Protection Act) as national legislation.

The TDDDG supplements the GDPR provisions where the use of cookies is concerned.

2.3 The Controller

The party responsible for data processing on this website is the controller within the meaning of the GDPR — that is, the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

You can reach the controller at:

Christopher C. Mickelthwate
CCM CLIMOTI
Robert-Bosch-Straße 11A
D-63128 Dietzenbach
Germany

Tel.: +49 (0) 172 6862994
E-Mail: hello@climoti.de
Website: www.climoti.de

2.4 How Data Is Generally Processed on This Website

As noted above, certain data (such as IP addresses) is collected automatically. This data is primarily required for the technical provision of the website. Where we use personal data beyond this, or collect additional data, we will inform you accordingly or request your consent.

Other personal data is shared with us consciously by you.

Further details are provided below.

2.5 Your Rights

The GDPR grants you comprehensive rights — including the right to obtain free information about the origin, recipients and purpose of your stored personal data. You may also request the rectification, restriction or deletion of that data, or lodge a complaint with the competent data protection supervisory authority. Any consent you have given may be withdrawn at any time.

Full details of these rights and how to exercise them can be found in the final section of this Privacy Policy.

2.6 Data Protection — Our Approach

For us, data protection is more than a legal obligation. Personal data has real value, and handling it with care should be a matter of course in our digital world. As a visitor to this website, you should be able to decide for yourself what happens to your data, when, and by whom. We therefore commit to complying with all applicable legal requirements, collecting only the data we genuinely need, and treating it as confidential.

2.7 Sharing and Deletion

The sharing and deletion of data are equally important topics. Here is a brief overview of our general approach.

Data is only shared where there is a legal basis for doing so and where it is strictly necessary — in particular where a processor is involved and a data processing agreement has been concluded pursuant to Art. 28 GDPR.

We delete your data once the purpose and legal basis for processing no longer apply and no other statutory retention obligations stand in the way. Art. 17 GDPR provides a useful overview of the relevant grounds.

For further information, please refer to this Privacy Policy and direct any specific questions to the controller.

2.8 Hosting

Hetzner

This website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner provides the technical infrastructure for storing, delivering and managing all content published on the website, including web hosting, domains, databases, backups and email functionality. In connection with this service, data processed includes customer master data, all website data stored on the servers, usage and access logs (e.g. IP addresses and access data) and backup data. Processing serves the purpose of providing a functional, secure and high-performance website infrastructure, and of fulfilling statutory retention and documentation obligations. The legal basis is Art. 6(1)(f) GDPR, based on our legitimate interest in the secure and efficient provision of our online services, and Art. 6(1)(b) GDPR where processing is necessary for the performance of a contract or pre-contractual measures. Hetzner does not set its own cookies as part of its hosting services. No transfer of personal data to third countries takes place, as all data is processed exclusively in data centres within the EU. Data is deleted once it is no longer required for the purpose for which it was collected — in particular upon termination of the hosting agreement, withdrawal of consent, or expiry of statutory retention periods. Further information is available at: https://www.hetzner.com/legal/privacy-policy/

2.9 Legal Bases

Processing of personal data always requires a legal basis. Art. 6(1) GDPR provides the following options:

(a) The data subject has given consent to the processing of their personal data for one or more specific purposes.

(b) Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.

(c) Processing is necessary for compliance with a legal obligation to which the controller is subject.

(d) Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The specific legal basis applicable to each processing activity is identified in the relevant sections below.

3. What Happens on This Website

When you visit our website, we process personal data about you.

To protect that data as effectively as possible against unauthorised access by third parties, we use SSL and TLS encryption. You can identify an encrypted connection by the presence of "https://" or a padlock symbol in your browser's address bar.

The following sections explain what data is collected when you visit our website, for what purpose, and on what legal basis.

3.1 Data Collection When You Access the Website

When you access the website, information is automatically stored in so-called server log files. This includes:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname of the accessing device
  • Time of the server request
  • IP address

This data is temporarily required to enable the stable and uninterrupted display of our website. It serves the following purposes in particular:

  • Website system security
  • Website system stability
  • Error resolution
  • Establishing the connection to the website
  • Displaying the website

Processing is carried out pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in processing this data — in particular our interest in the functionality and security of the website.

Where possible, this data is stored in pseudonymised form and deleted once the relevant purpose has been fulfilled.

Where server log files enable identification of the data subject, data is stored for a maximum of 14 days. An exception applies in the event of a security-relevant incident, in which case log files are retained until the incident has been resolved and fully investigated.

No merging of this data with other data takes place.

3.2 Cookies

3.2.1 General

This website uses cookies — small pieces of data stored in your browser that are associated with our website. Cookies are used in particular to make navigation of the website easier for visitors.

3.2.2 Declining Cookies

You can prevent cookies from being set by adjusting your browser settings. Links for the most commonly used browsers are provided below:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

Google Chrome: https://support.google.com/chrome/answer/95647

Microsoft Edge: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

If you use a different browser, we recommend searching for your browser name along with "manage and delete cookies" and following the official link for your browser.

You can also manage your cookie preferences at www.aboutads.info/choices/ or www.youronlinechoices.com.

Please note that blocking or deleting cookies comprehensively may impair the functionality of this website.

3.2.3 Technically Necessary Cookies

We use technically necessary cookies on this website to ensure it functions correctly and in accordance with applicable law. These cookies help make the website user-friendly. Some features of our website cannot be provided without them.

The legal basis in each case is Art. 6(1)(b), (c) and/or (f) GDPR.

3.3 Data Processing Through User Input

3.3.1 Data We Collect Directly

We offer the following service on our website: the creation of personalised and customised print products.

For this purpose, we collect the following data:

  • Name
  • Email address
  • Address
  • Telephone number
  • Date of birth
  • First name, surname, address

The legal basis for this processing is Art. 6(1)(b) GDPR.

Data is deleted once the relevant purpose no longer applies and deletion is permissible under applicable law.

3.3.2 Contact

a) Email

If you contact us by email, we process your email address and any other data contained in the message. This data is stored on the mail server and, in part, on the relevant end devices. Depending on the nature of your enquiry, the legal basis is Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR. Data is deleted once the relevant purpose no longer applies and deletion is permissible under applicable law.

b) Telephone

If you contact us by telephone, call data may be stored in pseudonymised form on the relevant end device and by the telecommunications provider. Personal data collected during the call is used solely for the purpose of handling your enquiry. Depending on the nature of your enquiry, the legal basis is Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR. Data is deleted once the relevant purpose no longer applies and deletion is permissible under applicable law.

3.4 Analytics and Tracking Tools

Plausible.io

This website uses Plausible.io, a privacy-friendly analytics service provided by Plausible Insights OÜ, Väike-Amerika 8, 10129 Tallinn, Estonia. Plausible.io enables anonymised measurement and analysis of visitor flows, page views, interactions, traffic sources, and conversion and campaign tracking, without collecting personal data within the meaning of the GDPR — no IP addresses or user IDs are processed. Aggregated data collected includes page view counts, session duration, traffic sources (e.g. referrer URLs and UTM parameters), popular pages, entry and exit pages, geographic origin at country/city level (IP is anonymised), and device, browser and operating system information. This data is collected to analyse user behaviour for the purpose of improving the website and statistically evaluating marketing activity. The legal basis is Art. 6(1)(f) GDPR, based on our legitimate interest in anonymised analysis and improvement of our online services. Plausible.io does not set cookies and does not use any other tracking technologies requiring consent. No personal data is transferred to third countries — all processing takes place within the EU and EEA. Plausible.io does not store personal data, as all analyses are conducted on an aggregated, non-traceable basis; individual accesses cannot be reconstructed and no statutory retention obligations apply. Further information on data processing by Plausible.io is available at: https://plausible.io/data-policy

3.5 Social Media Profiles

In addition to this website, we maintain a presence on social networks to present our company and provide a means of getting in touch with us. We also use social media to place advertisements and job postings.

Below we explain what data we and the respective social network process when you visit and interact with our profile.

Instagram

We operate an Instagram profile. This platform is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Interaction with our company profile

When you visit our Instagram profile and interact with us through it, we process personal data — including publicly available profile information and any personal data contained in posts, comments or direct messages sent to us. Through interactions such as likes or shares, we may be able to view your profile and its public information. The legal basis for this processing is Art. 6(1)(f) GDPR. It is our legitimate interest to provide relevant and engaging content and to enable use of our Instagram profile. Where an enquiry relates to the performance or preparation of a contract, processing is based on Art. 6(1)(b) GDPR.

Insights

As explained in Meta's privacy policy under "How do we use your information?" (https://privacycenter.instagram.com/policy/), Meta also collects and uses information to provide analytics services known as Insights to page operators. This applies to our Instagram profile. Insights are aggregated statistics generated from certain interactions of visitors with pages and their associated content, as logged by Meta's servers. These include information such as: how many people see and interact with our products, services or content (including posts, videos, Instagram pages, listings, shops and advertisements when shown on Meta products); how people interact with our content, websites, apps and services; and which groups of people interact with our content or use our services. Meta provides us with aggregated reports and insights showing how our content, features, products and services perform. We do not receive access to personal data — only to aggregated reports. We can apply settings and filters when evaluating reach, such as selecting a time period, viewing a specific post, or applying demographic groupings. This data is anonymised; we are unable to draw conclusions about specific individuals. The purpose of processing this data is to analyse our reach and to align our content and advertising with user interests, so that visitors derive the greatest possible benefit. These evaluations help us understand how our content, profile and advertising are consumed, enabling us to create targeted content and place advertising that better promotes our business and services. Processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Where personal data is processed in connection with Insights, this takes place under joint controllership with Meta pursuant to Art. 26(1) GDPR. We have concluded a corresponding agreement with Meta, which can be viewed at https://www.facebook.com/legal/terms/page_controller_addendum. Meta's contact details are: Online: https://www.facebook.com/help/contact/1650115808681298 — Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland. Instagram's Data Protection Officer can be contacted at: https://www.facebook.com/help/contact/540977946302970. Further information about Insights: https://en-gb.facebook.com/help/pages/insights. Instagram's full privacy policy: https://privacycenter.instagram.com/policy/

Processing of personal data and cookies by Meta

When an Instagram page is accessed, the IP address assigned to the end device is transmitted to Meta. According to Meta, this IP address is anonymised for German IP addresses. Meta also stores information about users' devices (e.g. via the login notification function), which may allow Meta to associate IP addresses with individual users. If you are currently logged into Instagram, a cookie containing your Instagram identifier is stored on your device, enabling Meta to identify who has visited and used the page. Via Meta buttons embedded in third-party websites, Meta can record your visits to those websites and associate them with your Instagram profile. This data may be used to offer you personalised content or advertising. Further information: https://privacycenter.instagram.com/policy/

3.6 Third-Party Content

OpenStreetMap

This website uses the OpenStreetMap mapping service to display interactive map content. OpenStreetMap is operated by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The service provides map data and enables the visualisation and navigation of geographic locations directly within the website. Data typically processed includes IP address, browser information (user agent), interaction data such as search queries and API requests, and aggregated usage logs. Processing serves the purpose of technically providing map data, displaying locations, and improving the stability and security of the service. The legal basis is Art. 6(1)(f) GDPR, based on our legitimate interest in presenting map content in an engaging and functional manner. Where optional analytical evaluation takes place via cookies, this is based on consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. OpenStreetMap may set cookies via embedded analytics tools (such as Matomo) to evaluate usage behaviour; these cookies are only set with your consent. Where personal data is transferred to the United Kingdom, this is done on the basis of the European Commission's adequacy decision pursuant to Art. 45 GDPR, as the UK is recognised as a safe third country. Personal data is generally deleted once the purpose of processing no longer applies or consent is withdrawn, provided no statutory retention obligations exist. Further information is available in OpenStreetMap's privacy policy at: https://osmfoundation.org/wiki/Privacy_Policy

3.7 Payment Services

Stripe

This website integrates the Stripe payment service to enable secure and efficient processing of online payments and subscriptions. The responsible entity in Europe is Stripe Payments Europe, Limited, 3 Dublin Landings, North Wall Quay, Dublin 1, D01 C4E0, Ireland. Stripe provides various payment functions, including payment by credit card, direct debit, instant transfer or digital wallet, as well as automated invoicing and fraud prevention. In connection with its use, Stripe processes personal data including name, email address, telephone number, billing and delivery address, credit card and bank account details, IP address, device and browser information, usage and transaction data, and identity verification documents where applicable. Processing serves the purposes of payment processing, contract performance, fraud prevention and compliance with legal requirements. The legal basis is Art. 6(1)(b) GDPR for contractual or pre-contractual measures, Art. 6(1)(f) GDPR where applicable based on legitimate interests in secure payment processing, and § 25(2)(2) TDDDG for technically necessary cookies and technologies. Stripe uses technically necessary cookies as part of the payment process, including authentication and security cookies and session IDs for fraud prevention and payment processing. These cookies are strictly required for operation and are processed without consent (§ 25(2)(2) TDDDG). Analytical or marketing cookies are only used with consent pursuant to § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. Personal data may be transferred to third countries (in particular the USA) in connection with payment processing. Stripe uses standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR as appropriate safeguards. Personal data is generally deleted once it is no longer required for the purposes for which it was collected and no statutory retention obligations apply. Where consent is withdrawn or statutory retention periods expire, data is deleted provided no other retention obligations apply. Further information on data processing by Stripe is available at: https://stripe.com/privacy

PayPal

This website integrates the PayPal payment service for the processing of online payments. PayPal is operated by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal enables payments to be made directly via a PayPal account or by credit card and other available payment methods, and handles payment processing during checkout. Data processed includes in particular transaction data (e.g. transaction ID, status, amount, fees, refunds), payment and checkout information, details of the chosen payment method, usage and activity data, and technical system data such as IP address and log information. Processing serves the purposes of payment processing, fraud prevention, handling of refunds and compliance with legal obligations. The legal bases are Art. 6(1)(b) GDPR for carrying out the payment transaction, Art. 6(1)(f) GDPR for protection against misuse and fraud, and Art. 6(1)(c) GDPR for compliance with legal obligations. PayPal may use technically necessary cookies and similar technologies in connection with certain payment methods, including for the functioning and security of payment processing; analytical or marketing cookies are not set by PayPal in the context of payment processing on our website. Where personal data is transferred to third countries outside the European Economic Area, this is done on the basis of EU standard contractual clauses and intra-group arrangements (Binding Corporate Rules). Data is retained for as long as required for the purposes stated above or as required by statutory retention obligations; data is deleted upon withdrawal of consent, when the purpose no longer applies, or upon expiry of statutory retention periods. Further information on PayPal's data protection practices is available at: https://www.paypal.com/en/legalhub/paypal/privacy-full

3.8 Order Processing Services

PayPal

This website also uses PayPal for order processing. PayPal is operated by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal enables straightforward and secure online payment during the ordering process and offers a range of payment methods. In connection with order processing, PayPal processes personal data including name, email address, telephone number, billing and delivery address, payment information, transaction data, device information, usage data, cookies, location data and, where applicable, official identity documents for verification purposes. Processing serves the purposes of payment processing, fraud prevention, compliance with legal obligations, and handling of returns and complaints. The legal bases are Art. 6(1)(b) GDPR for the performance of contracts and Art. 6(1)(f) GDPR based on legitimate interests in secure and efficient payment processing. Where cookies are set for technical or analytical purposes by PayPal on our website, this is done on the basis of Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG where consent has been obtained; technically necessary cookies are set on the basis of § 25(2) TDDDG. Personal data may be transferred to third countries, in particular to group companies or technical service providers outside the EU (e.g. the USA). In such cases, EU standard contractual clauses are used as appropriate safeguards to ensure an adequate level of data protection. Data is generally deleted once it is no longer required for the original processing purposes and no statutory retention obligations apply; where consent is withdrawn or the purpose no longer applies, data is deleted promptly provided no statutory retention obligations stand in the way. Further information is available in PayPal's privacy policy at: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

DHL

This website uses the shipping and logistics services of DHL, operated by Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany. DHL enables automatic calculation of shipping rates, generation of shipping labels, address validation, shipment tracking and management of logistical processes directly within the ordering workflow. Data processed includes in particular recipient addresses, order details, shipping information (such as shipping method and weight), tracking data and contact details for shipping notifications. Processing serves the purposes of order fulfilment, dispatch processing, error prevention through address validation, provision of shipment information and shipping communications. The legal basis is Art. 6(1)(b) GDPR for the performance of contractual or pre-contractual obligations, supplemented by Art. 6(1)(f) GDPR based on our legitimate interest in optimised shipping and efficient logistics. Based on current information, DHL does not set cookies on our website in connection with order processing; should this occur in individual cases, it will only take place on the basis of prior consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. No personal data is transferred to third countries; all processing takes place within the European Union. Data is retained for the duration of order processing and in accordance with statutory retention periods; upon fulfilment of the purpose or withdrawal of consent, data is deleted provided no statutory obligations stand in the way. Further information is available at: https://group.dhl.com/en/data-protection.html

Deutsche Post AG

This website uses the order processing services of Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany. The service enables the creation of shipping labels, shipment tracking, calculation of shipping costs, optimisation of order processing and validation of address data. As part of the ordering process, digital documents may also be processed and identity checks carried out via POSTIDENT. Data processed includes in particular shipping and order data (such as recipient and sender information, tracking codes and order numbers), address data for validation, status notifications, identity verification data in connection with POSTIDENT, and technical information. Processing serves the purposes of efficient and secure order fulfilment, postal delivery, documentation and dispatch of confirmations, and compliance with legal identity verification requirements. The legal basis is Art. 6(1)(b) GDPR for the performance of contractual measures, and Art. 6(1)(f) GDPR to ensure smooth shipping and identity verification processes; identity checks carried out via POSTIDENT are additionally based on legal obligations pursuant to Art. 6(1)(c) GDPR. Technically necessary and functional cookies may be stored to support certain functions and to analyse page usage. Functional cookies are only set with consent, which may be withdrawn at any time. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. No transfer of personal data to countries outside the European Economic Area takes place. Data is deleted once it is no longer required for the purposes stated, consent has been withdrawn, or statutory retention periods have expired. Further information on data protection at Deutsche Post AG is available at: https://www.deutschepost.de/en/f/footer/data-protection-and-cookies.html

3.9 Shipping Service Providers

To dispatch goods ordered via our website, we work with various shipping service providers (e.g. DHL, DPD, UPS, Hermes). For the purpose of delivering your order, we pass your data (name, delivery address and any other information required for shipping) to the relevant provider.

This data transfer is based on Art. 6(1)(b) GDPR for the performance of our contract with you. We will only pass on your email address or telephone number to a shipping provider if you have expressly consented to this during the ordering process — for example, to enable parcel notifications. This consent may be withdrawn at any time with effect for the future.

Further information on the data protection practices of our shipping providers can be found in their respective privacy policies, available on their websites.

3.10 Further Services

Payload https://payloadcms.com/ Further details on this service will be added shortly.

4. Further Important Information

To close, we want to give you a full and detailed overview of your rights and explain how you will be informed of any changes to data protection requirements.

4.1 Your Rights in Detail

4.1.1 Right of Access — Art. 15 GDPR

You may request confirmation of whether personal data relating to you is being processed. If so, you may request further information about the nature of that processing. A detailed list of what this covers can be found in Art. 15(1)(a) to (h) GDPR.

4.1.2 Right to Rectification — Art. 16 GDPR

This right covers the correction of inaccurate data and the completion of incomplete personal data.

4.1.3 Right to Erasure — Art. 17 GDPR

The so-called "right to be forgotten" entitles you, under certain conditions, to request that the controller erase your personal data. This applies in particular where the purpose of processing no longer exists, where consent has been withdrawn, or where the original processing took place without a legal basis. A detailed list of grounds can be found in Art. 17(1)(a) to (f) GDPR. This right also corresponds to the controller's obligation under Art. 17(2) GDPR to take reasonable steps to bring about the general erasure of the data.

4.1.4 Right to Restriction of Processing — Art. 18 GDPR

This right is subject to the conditions set out in Art. 18(1)(a) to (d) GDPR.

4.1.5 Right to Data Portability — Art. 20 GDPR

This right covers the receipt of your own data in a commonly used format and its transmission to another controller. It applies only to data processed on the basis of consent or contract pursuant to Art. 20(1)(a) and (b) GDPR, and only to the extent technically feasible.

4.1.6 Right to Object — Art. 21 GDPR

You may object to the processing of your personal data. This applies in particular where your interest in objecting outweighs the controller's legitimate interest in processing, and where processing relates to direct marketing and/or profiling.

4.1.7 Right Not to Be Subject to Automated Decision-Making — Art. 22 GDPR

You have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you. This right is subject to the exceptions and supplementary provisions in Art. 22(2) and (4) GDPR.

4.1.8 Further Rights

The GDPR includes comprehensive rights to have third parties informed of whether and how you have exercised rights under Art. 16, 17 and 18 GDPR — to the extent this is possible and does not involve disproportionate effort.

We also remind you of your right to withdraw consent at any time pursuant to Art. 7(3) GDPR. Withdrawal does not affect the lawfulness of processing carried out prior to that point.

Additionally, please note your rights under §§ 32 et seq. BDSG, the content of which largely mirrors the rights described above.

4.1.9 Right to Lodge a Complaint — Art. 77 GDPR

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data relating to you infringes the GDPR.

5. What If the GDPR Changes or Is Repealed?

This Privacy Policy was last updated on 10 March 2026. It may be necessary to update its content from time to time in response to factual or legal developments. We therefore reserve the right to amend this Privacy Policy at any time. The updated version will be published in the same location. We recommend that you review this Privacy Policy regularly.