Cookie settings

The cookie settings can be customised here.

We take data protection seriously

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. This information is essential for the technical transmission of the web pages and secure server operation. There is no personalised analysis of this data.

Responsible person:

MARAWE GmbH & Co. KG 
Donaustaufer Straße 378, Building 64
93055 Regensburg

Phone: +49 941 29020439
Fax: +49 941 29020593
E-mail:  info@marawe.de

1. General

1.1 Personal data

Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as other information in order to be able to offer you the desired service.

The same applies if we supply you with information material on request or if we answer your enquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to be able to offer you our service or to pursue our commercial objectives.

1.2 Contact us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data of the enquiring persons will be processed insofar as this is necessary to answer the contact enquiries and any requested measures.
The response to contact enquiries in the context of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to respond to (pre)contractual enquiries and otherwise on the basis of the legitimate interests in responding to the enquiries.

  • Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).
  • Affected persons: Communication partner.
  • Purposes of processing: contact enquiries and communication.
  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 lit. f. GDPR).

1.3 Automatically saved data

Server log files 

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Amount of data transferred

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. It is not possible for us to identify individual persons from this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts. Only in the context of our server statistics, which we publish every two years in our activity report, does a presentation of the number of page views take place.

1.4 Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

By using session cookies, the controller can provide users of this website with a user-friendly service that would not be possible without the use of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

We only use personalised cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily consent to tracking or analysis via the cookie banner that appears. Your data may be passed on to partners or third-party providers. Only if you explicitly consent to this will these cookies be stored; the legal basis is then your consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can change your settings for the use of cookies at any time by clicking on the following link:
https://www.tifoo.de/en/cookie/offcanvas

1.5 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool with the help of which we can use tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

1.6 Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to place adverts in the Google search engine or on third-party websites.
when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). We as the website operator can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.

1.7 Google AdSense (not personalised)

This website uses Google AdSense, a service for integrating adverts. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google AdSense in "non-personalised" mode. In contrast to personalised mode, the advertisements are therefore not based on your previous user behaviour and no user profile is created for you. Instead, so-called "contextual information" is used to select the adverts. The selected adverts are then based, for example, on your location, the content of the website you are on or your current search terms. You can find out more about the differences between personalised and non-personalised targeting with Google AdSense here:
https://support.google.com/adsense/answer/9007336.

Please note that cookies or comparable recognition technologies (e.g. device fingerprinting) may also be used when using Google Adsense in non-personalised mode. According to Google, these are used to combat fraud and abuse. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/
You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in:
https://adssettings.google.com/authenticated.
Further information on Google's advertising technologies can be found here:
https://policies.google.com/technologies/ads and
https://www.google.de/intl/de/policies/privacy/

1.8 Google Analytics (4)

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.
We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://privacy.google.com/businesses/controllerterms/mccs/

1.9 Google Analytics e-commerce measurement 

This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product are recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.

1.10 YouTube

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection is established to the servers of YouTube is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.
If necessary, further data processing operations may be carried out after the start of a YouTube video over which we have no influence. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further information about data protection at YouTube can be found in their privacy policy at:
https://policies.google.com/privacy?hl=de.

1.11 Facebook Pixel

This website uses Facebook's visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
In this way, the behaviour of site visitors can be tracked after they have clicked on a Facebook ad were redirected to the provider's website. This allows the Effectiveness of Facebook adverts evaluated for statistical and market research purposes and future advertising measures can be optimised.
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy. This enables Facebook to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is supported by the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and
https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at: 
https://www.facebook.com/legal/controller_addendum
According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
You can find further information on protecting your privacy in Facebook's data protection information:
https://de-de.facebook.com/about/privacy/

You can also activate the remarketing function "Custom Audiences" in the Settings for Deactivate adverts under:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
In addition you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance:
http://www.youronlinechoices.com/de/praferenzmanagement/ 

1.12 Facebook Custom Audiences (for websites) / Conversion - Facebook Pixel


This website uses the so-called "Facebook Pixel" and the Conversions API of the social network "Facebook" from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the following purposes:

  • Facebook (website) Custom Audiences
    We use the Facebook Pixel and the Conversions API for remarketing purposes in order to be able to address you again within 180 days. This allows users of the website to be shown interest-based adverts ("Facebook Ads") when they visit the social network "Facebook" or other websites that also use the process. We are interested in showing you adverts that are of interest to you in order to make our website and offers more interesting for you.
  • Facebook Conversion
    We also want to use the Facebook pixel and the Conversions API to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Due to the marketing tools used (Facebook Pixel and Conversions API), your browser automatically establishes a direct connection with the Facebook server as soon as you have consented to the use of cookies requiring consent. By integrating the Facebook pixel and using the Conversions API, Facebook receives the information that you have called up the corresponding website of our Internet presence or clicked on an advert from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.
Facebook processes the data in accordance with Facebook's data usage policy. Specific information and details about the Facebook pixel and the Conversions API and how it works can also be found in Facebook's help section.

Recipients: 
Shared responsibility:

We are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transmission of data as part of this process. This applies for the following purposes:

  • The creation of individualised or suitable advertisements and their optimisation.
  • Delivery of commercial and transaction-related messages (e.g. via Messenger).

The following processing operations are therefore not covered by joint processing:

  • The processing that takes place after collection and transmission is the sole responsibility of Meta.
  • The creation of reports and analyses in aggregated and anonymised form is carried out as part of commissioned processing and is therefore our responsibility.

We have concluded a corresponding agreement with Facebook for joint responsibility, which is available here:
https://www.facebook.com/legal/controller_addendum
This defines the respective responsibilities for the fulfilment of the obligation under the GDPR with regard to joint responsibility.
The contact details of the responsible company and Facebook's data protection officer can be found here:
https://www.facebook.com/about/privacy
We have agreed with Meta that Meta can be used as a point of contact for exercising the rights of data subjects. Irrespective of this, the responsibility for the rights of data subjects is not restricted.
Further information on how Meta processes personal data, including its legal basis and furtherinformation on the rights of data subjects can be found here:
https://www.facebook.com/about/privacy.
We transmit the data within the scope of joint responsibility on the basis of consent pursuant to Art. 6 (1) a GDPR.
Information on the data security conditions can be found here:
https://www.facebook.com/legal/terms/data_security_terms
and on processing on the basis of standard contractual clauses can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum.

Deletion/revocation: 
You can deactivate the tool via the cookie settings and for logged-in users at
https://www.facebook.com/settings/?tab=ads.
Lifetime of cookies: up to 180 days after the last interaction (this only applies to cookies set via this website).

Legal basis: 
Art. 6 (1) a GDPR (consent)

Facebook processes this data as our processor. Details can be found in the Facebook user agreement:
https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
https://www.facebook.com/legal/terms/customaudience and
https://www.facebook.com/legal/terms/dataprocessing

1.13 Facebook Custom Audiences

We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit or use our websites and apps, take advantage of our free or paid offers, transmit data to us or interact with the Facebook content of our company, we collect your personal data. If you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can use to display suitable advertising to you. Your data can also be used to define target groups (lookalike audiences).
Facebook processes this data as our processor. Details can be found in the Facebook user agreement:
https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
https://www.facebook.com/legal/terms/customaudience and
https://www.facebook.com/legal/terms/dataprocessing.

1.14 Processing of data (customer and contract data)

We collect, process and use personal data only insofar as it is necessary for the establishment, processing and use of our business relationship, are necessary for the content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user. The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

D1.15 ata transmission upon conclusion of contract and dispatch of goods

If you order goods from us, we will pass on your personal data to the transport company entrusted with the delivery and to the payment service provider commissioned to process the payment. Only the data required by the respective service provider to fulfil its task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will pass on your e-mail address to the transport company entrusted with the delivery so that it can inform you by e-mail about the shipping status of your order; you can revoke your consent at any time.

1.16 Credit checks

In the case of a purchase on account or another payment method where we make advance payments, we may carry out a credit check (scoring). For this purpose, we transmit the data you enter (e.g. name, address, age or bank details) to a credit agency. The probability of a payment default is determined on the basis of this data. If the risk of non-payment is too high, we may refuse the type of payment in question.
The credit check is carried out on the basis of contract fulfilment (Art. 6 para. 1 lit. b GDPR) and for the purpose of Avoidance of payment defaults (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 para. 1 lit. GDPR); consent can be revoked at any time.

1.17 Payment services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time for the future.
We use the following payment services / payment service providers on this website:

1.17.1 PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Details can be found in PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

1.17.2 Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard").
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules.

Details can be found here:
https://www.mastercard.de/de-de/datenschutz.html and
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

1.17.3 VISA

The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as "VISA").
The UK is considered a safe third country under data protection law. This means that the UK has a level of data protection that corresponds to the level of data protection in the European Union.
VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in VISA's privacy policy:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

1.18 Registration on the website

The data subject has the option of registering on the controller's website by providing personal data. The following personal data is collected: Name, address, telephone number, e-mail address, bank details.
By registering on the controller's website, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of registration are also stored. This data is stored against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable criminal offences to be investigated. In this respect, the storage of this data is necessary to safeguard the controller. This data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.
The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database.
You undertake to treat your personal access data confidentially and not to make it accessible to unauthorised third parties. We cannot accept any liability for misused passwords unless we are responsible for the misuse.
With the "stay logged in" function, we would like to make your visit to our website as pleasant as possible. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, your personal details need to be changed or you wish to place an order. We recommend that you do not use this function if the computer is used by several users. Please note that the "stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.

1.19 Newsletter

1.19.1 Newsletter ordering processes

If you have ordered our newsletter yourself via our homepage, we use the so-called double opt-in procedure for sending the newsletter, i.e. we will only send you a newsletter by e-mail if you have expressly confirmed to us beforehand that we should activate the newsletter service. We will then send you a notification e-mail and ask you to confirm that you wish to receive our newsletter by clicking on a link contained in this e-mail. When you register for our newsletter, we store your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses your e-mail address to register you to receive the newsletter without your knowledge or authorisation. We also send newsletters to existing customers about similar articles on the basis of a legitimate interest within the meaning of Section 7 (3) UWG. In both cases, if you no longer wish to receive newsletters from us, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, please use the unsubscribe link in the newsletters or contact us.

1.19.2 Newsletter Sendinblue (Brevo)

This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is a service that can be used to organise and analyse the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter is stored on Sendinblue's servers in Germany.

With the help of Sendinblue, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often.
We can also recognise whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can recognise whether you have made a purchase after clicking on the newsletter.

Sendinblue also allows us to subdivide (‘cluster’) newsletter recipients according to various categories. Newsletter recipients can be categorised by age, gender or place of residence, for example. In this way, the newsletters can be better customised to the respective target groups. If you do not wish to be analysed by Sendinblue, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. Detailed information on the functions of Sendinblue can be found at the following link:
https://de.sendinblue.com/newsletter-software/.

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more information, please refer to Sendinblue's privacy policy at
https://de.sendinblue.com/datenschutz-uebersicht/.

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

1.20 Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before it is transferred. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly being revised. Please ensure that you have the latest version.

1.21 Rights of data subjects

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

1.21.1 Right to information:

You can request information from us as to whether and to what extent we process your data.

1.21.2 Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

1.21.3 Right to cancellation:

You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

1.21.4 Right to restriction of processing:

You can request that we restrict the processing of your data if

  • you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
  • The processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,
  • we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
  • you have objected to the processing of the data.
1.21.5 Right to data portability:

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

  • we process this data on the basis of a consent given and revocable by you or for the fulfilment of a contract between us, and
  • this processing is carried out using automated procedures.

If technically feasible, you can request that we transfer your data directly to another controller.

1.21.6 Right of objection:

If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

1.21.7 Right of appeal:

If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

1.21 Changes to this privacy policy

We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.
All interested parties and visitors to our website can contact us regarding data protection issues at:

Mr Wojtek Dragon
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
Phone: 0941 2986930
Fax: 0941 29869316
E-mail: anfragen@projekt29.de
Internet: www.projekt29.de

2. Social Media

2.1 General information

We maintain publicly accessible profiles on various social networks. Your visit to these profiles triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data we collect, use and store when you visit our profiles. Personal data is data that can be assigned to you as a specific person (e.g. name, age, address, photos, e-mail addresses, including IP addresses). We also inform you about your rights with regard to the processing of your personal data. You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles in social networks. These functionalities will not be available to you, or only to a limited extent, if you do not provide us with your personal data.

When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us.

2.2 Responsible body

The joint controller for the operation of a social media page is the respective operator named below and the company:

MARAWE GmbH & Co. KG
Donaustaufer Straße 378, Building 64
93055 Regensburg

Tel.: +49 941 29020439
Fax: +49 941 29020593
E-Mail: info@marawe.de

You can reach our data protection officer at

Wojtek Dragon
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: w.dragon@projekt29.de
Tel.: 0941-2986930

Further information about us and our handling of personal data can be found in the privacy policy of our website at https://www.tifoo.de/informationen/datenschutz/. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the data protection declarations of the respective operator:

  • Facebook: the joint controller is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can view the data protection provisions for Facebook at this link.
  • Instagram: the joint controller is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can view the privacy policy for Instagram at this link.
  • YouTube: the joint controller is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can view the privacy policy for YouTube at this link.
2.3 Information on the collection of personal data
2.3.1 Facebook page

We operate this page as a communication and information channel to provide information about our offers. Personal data is processed in accordance with Article 6(1)(f) of the General Data Protection Regulation on the basis of our legitimate interest in using this contemporary information and interaction opportunity with users and visitors to the page. We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

2.3.1.1 Processing of personal data by Facebook

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this under the following link: http://de-de.facebook.com/help/pages/insights.

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. What information Facebook receives and how it is used is described by Facebook in general terms in its data usage guidelines. There you will also find information on how to contact Facebook and the settings options for adverts. The data usage guidelines and the information required under Article 13(1)(a) and (b) GDPR are available at the following link: http://de-de.facebook.com/about/privacy.

Facebook does not conclusively and clearly state how it uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, and we are not aware of this.

When you access a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for ‘German’ IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the ‘login notification’ function); Facebook may thus be able to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your end device. This enables Facebook to recognise that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons integrated into websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer you customised content or advertising. If you want to avoid this, you should log out of Facebook or deactivate the ‘stay logged in’ function, delete the cookies on your device and close and restart your browser. In this way, Facebook information that can be used to directly identify you will be deleted. This allows you to use our Facebook page without revealing your Facebook ID. When you access interactive functions on the page (like, comment, share, message, etc.), a Facebook login screen will appear. After logging in, you will once again be recognisable to Facebook as a specific user.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA. Further information from the third-party provider on data protection, including the legal basis on which Facebook Ireland relies and information on how you can manage or delete existing information about you, can be found on the following Facebook website: https://de-de.facebook.com/about/privacy.

2.3.1.2 Processing of data by us

We can access statistical data of different categories via the so-called ‘Insights’ of the Facebook page. These statistics are generated and provided by Facebook. As the operator of the page, we have no influence on the generation and presentation of this data. We cannot switch off this function or prevent the generation and processing of the data. Facebook provides us with the following data relating to our Facebook page for a selectable period of time and for the categories fans, subscribers, people reached and people interacting:

  • Total number of page views and activities, post interactions (‘likes’, comments, shared content, clicks on links, etc.), (post) reach, video views, replies
  • Proportion of men and women
  • Origin in relation to country and city
  • Language
  • Views and clicks in the shop
  • Clicks on route planners
  • Clicks on telephone numbers

Data on the Facebook groups linked to our Facebook page is also provided in this way. Due to the constant development of Facebook, the availability and processing of the data changes, so we refer you to the Facebook privacy policy mentioned above for further details. We use this data, which is available in aggregated form, to make our posts and activities on our Facebook page more attractive to users. For example, we use the distribution by age and gender for a customised approach and the preferred visiting times of the users for a time-optimised planning of our posts. Information about the type of end devices used by visitors helps us to adapt the visual design of our posts accordingly. In accordance with the Facebook terms of use, which every user has agreed to when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other information shared by them.

2.3.1.3 Rights of the users

Facebook Ireland assumes primary responsibility under the GDPR for the processing of Insights data as part of the joint responsibility agreement concluded between us and Facebook and fulfils all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). In addition, Facebook Ireland will make the essence of this Page Insights Addendum available to data subjects. You are welcome to contact both us and Facebook if you have any questions. As part of the agreement that exists between us and Facebook, we will forward your enquiry to Facebook without delay, insofar as Facebook alone has to comply with your data subject rights. Facebook Ireland will respond to requests in accordance with our obligations under this Page Insights Addendum.

2.3.2 Instagram page

We operate this page as a communication and information channel to provide information about our offers. Personal data is processed in accordance with Article 6(1)(f) of the General Data Protection Regulation on the basis of our legitimate interest in using this contemporary information and interaction opportunity with users and visitors to the site. We would like to point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting or rating).

When you visit our Instagram page, Facebook collects, among other things, your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the Instagram page, with statistical information about the use of the Instagram page. The data collected about you in this context is processed by Facebook and may be transferred to countries outside the European Union. What information Facebook receives and how it is used is described in general terms in Facebook's privacy policy. There you will also find information on how to contact Facebook and the settings options for adverts. The privacy policy is available at the following link: https://help.instagram.com/519522125107875.

Facebook does not conclusively and clearly state how it uses the data from visits to Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Instagram page is passed on to third parties, and we are not aware of this.

When you access an Instagram page, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for ‘German’ IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the ‘login notification’ function); Facebook may thus be able to assign IP addresses to individual users.

If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your end device. This enables Facebook to recognise that you have visited this page and how you have used it. This also applies to all other Instagram pages. Instagram buttons integrated into websites enable Facebook to record your visits to these websites and assign them to your Instagram profile. This data can be used to offer you customised content or advertising. If you want to avoid this, you should log out of Instagram or deactivate the ‘stay logged in’ function, delete the cookies on your device and close and restart your browser. In this way, Facebook information that can be used to directly identify you will be deleted. This allows you to use our Instagram page without revealing your Instagram ID. When you access interactive functions on the page (like, comment, share, message, etc.), an Instagram login screen will appear. After logging in, you will once again be recognisable to Instagram as a specific user.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA. Further information from the third-party provider on data protection, including the legal basis on which Facebook Ireland relies and information on how you can manage or delete existing information about you, can be found in Instagram's help section at the following link: https://help.instagram.com/196883487377501.

2.3.3 YouTube page

We operate this site as a communication and information channel to provide information about our offers. Personal data is processed in accordance with Article 6(1)(f) of the General Data Protection Regulation on the basis of our legitimate interest in using this contemporary information and interaction opportunity with users and visitors to the site. We would like to point out that you use the YouTube channel offered here and its functions on your own responsibility. This applies in particular to the use of the ‘Discussion’ function. Information on what data is processed by Google and for what purposes can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de&gl=de#infocollect.

We have no influence on the nature and extent of the data processed by Google, the nature of the processing and use, or the disclosure of this data to third parties. We also have no effective means of control in this respect. By using Google, your personal data is collected, transmitted, stored, disclosed and used by Google. Furthermore, your data is transferred to the United States, Ireland and any other country in which Google does business, regardless of your place of residence, and stored and used there. Data is transferred to Google-affiliated companies as well as to other trusted companies or individuals who process it on behalf of Google. Google processes both the data you voluntarily provide, such as your name and email address, and the content you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create, and comments that you write on YouTube videos. Google also analyses the content you share to determine the topics you are interested in, stores and processes confidential messages that you send directly to other users, and may determine your location based on GPS data, information about wireless networks or your IP address to provide you with advertising or other content.

For analysis, Google may use analysis tools such as Google Analytics. We have no control over the use of such tools by Google and have not been informed of such potential use. If Google uses tools of this kind for our YouTube channel, we have neither commissioned nor supported this in any way. Nor are the data obtained during the analysis made available to us. We only have access to the profiles of our subscribers. Furthermore, we have no way of preventing or disabling the use of such tools on our YouTube channel.

Finally, Google also receives information if you view content, for example, even if you have not created an account. These so-called ‘log data’ may include the IP address, browser type, operating system, information about the previously viewed website and the pages you have viewed, your location, your mobile provider, the end device you are using (including device ID and application ID), the search terms you have used and cookie information.

You can restrict the processing of your data in the general settings of your Google Account. In addition to these tools, Google also offers specific privacy settings for YouTube. More information on this can be found in Google's privacy guide for Google products at https://policies.google.com/technologies/product-privacy?hl=de&gl=de.

Further information on these points can be found in Google's privacy policy under the heading ‘Privacy settings’: https://policies.google.com/privacy?hl=de&gl=de#infochoices.

We also process your data when you communicate with us via YouTube. Although we do not collect data about your YouTube account, the data you enter on YouTube, in particular your username and the content published under your account, will be processed by us insofar as we reply to your comments or posts in discussions. The data you freely publish and disseminate on YouTube will thus be included by us in our offering and made available to our followers.

2.4 Making contact via a social media channel

If you use our profiles on social networks to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us exclusively for the purpose of contacting you. The legal basis for data collection is therefore Art. 6 para. 1 lit. a) and b) GDPR. We delete stored data as soon as its storage is no longer required or you request us to delete it; in the case of statutory retention obligations, we restrict the processing of the stored data accordingly.

2.5 Your rights as a data subject affected by data processing

As a data subject affected by data processing, you have the following rights:

  • You have the right to obtain information from us about the processing of your personal data within the scope of Art. 15 GDPR.
  • You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data in accordance with Art. 16 GDPR.
  • You have the right, within the scope of Art. 17 GDPR, to demand the immediate deletion of personal data concerning you.
  • You have the right, within the scope of Art. 18 GDPR, to demand the restriction of data processing concerning you.
  • You have the right to receive the personal data concerning you, which you have provided to us, in a structured, machine-readable format and have the right to transmit those data to another controller in accordance with Art. 20 GDPR.
  • You have the right, within the scope of Art. 21 GDPR, to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that the processing is based on an overriding interest or your data is used for the purpose of direct marketing.
  • You have the right to withdraw your consent to data processing at any time without affecting the lawfulness of data processing based on consent before its withdrawal.
  • You have the right to complain to a supervisory authority about our processing of your data.