Data protection
|
Privacy Policy | Club Monee As of April 9, 2025 Who we are The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is: Club Monee, a brand of CAPOLAVORO GmbH, Neubruch 1 82266 Inning am Ammersee Germany contact@clubmonee.com www.clubmonee.com
Contacting the data protection officer The data protection officer of the controller is: DataCo GmbH Sandstr. 33 80335 Munich Germany +49 89 7400 45840
General information on data processing On this page, we inform you about the processing of your personal data on the website. How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use, or share your personal data if we have a legitimate purpose and a legal basis for doing so. What do we mean by legal basis? Consent (Art. 6 (1) sentence 1 lit. a GDPR) - You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to withdraw your consent at any time. To do so, please contact the data protection officer using the contact details provided below. Contract (Art. 6 (1) sentence 1 lit. b GDPR) - We must use your data to fulfill a contract you have with us. Alternatively, it is necessary to use your data because we have requested it or you yourself have taken certain steps before entering into this contract. Legal Obligation (Art. 6 (1) sentence 1 lit. c GDPR) - We must use your data to comply with the law. Vital Interests (Art. 6 (1) sentence 1 lit. d GDPR) - The processing of your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm. Public Task (Art. 6 (1) sentence 1 lit. e GDPR) - The processing of your data is necessary for the performance of a task carried out in the public interest, or because it is covered by a legally established task, e.g., for a legal function. Legitimate Interests (Art. 6 (1) sentence 1 lit. f GDPR) - The processing of your data is necessary to support a legitimate interest we or another party has, only if your own interests do not override them. Please note that we may not be able to provide you with our webshop if your data is processed for the fulfillment of a contract or a legal obligation and you do not provide the requested data. Your Rights If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller: 1. The right to information (Art. 15 GDPR) You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have a right to information about this data and to the following information: · Processing purposes · Categories of personal data · Recipients or categories of recipients · Planned storage period or the criteria for determining this period · The existence of rights to rectification, erasure or restriction or objection · Right to complain to the competent supervisory authority · If applicable, origin of the data (if collected from a third party) · If applicable, the existence of automated decision-making, including profiling, with meaningful information about the logic involved, the scope and the expected effects · If applicable, transfer of personal data to a third country or international organization
2. Right to rectification (Art. 16 GDPR) Should your personal data be inaccurate or incomplete, you have the right to request an immediate correction or completion of the personal data. 3. Right to restriction of processing (Art. 18 GDPR) If one of the following conditions is met, you have the right to request the restriction of the processing of your personal data:
4. Right to erasure ("right to be forgotten") (Art. 17 GDPR) If one of the following reasons applies, you have the right to request the immediate erasure of your personal data:
Please note that the aforementioned reasons do not apply insofar as processing is necessary:
5. Right to data portability (Art. 20 GDPR) You have the right to receive your personal data in a structured, common and machine-readable format or to request its transfer to another controller. 6. Right to object to certain data processing (Art. 21 GDPR) You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1) sentence 1 GDPR. This also applies to profiling based on these provisions. Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. 7. Right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR. A list of the locally competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html Sharing of Data and International Transfers As explained in this Privacy Policy, we engage various service providers to help us provide our services and ensure the security of your data. When we use these service providers, it is necessary for us to share your personal data with them. We have entered into agreements with all service providers with whom we share your data, obliging them to protect your data. If your personal data is transferred outside the EU, we ensure that your personal data receives an equivalent level of protection, either because the country to which your data is transferred has an "adequate" data protection standard according to the European Commission, or by applying another safeguard, such as an extended contractual agreement, i.e., the Standard Contractual Clauses (SCCs) adopted by the European Commission. For example, when we use US service providers, we rely on either the SCC or the EU-US Data Protection Framework, depending on the provider. You can request a copy of the SCCs we have concluded with our service providers by sending an email to the email address provided in this Privacy Policy. Provision of the Website and Creation of Log Files 1. Description and Scope of Data Processing Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected: · Information about the browser type and the version used · The user's operating system · The user's Internet service provider · Date and time of access · Websites from which the user's system accesses our website · Websites accessed by the user's system via our website This data is stored in our system's log files. This does not affect the user's IP addresses or other data that allow the data to be assigned to a user. This data is not stored together with other personal data of the user. This data is not stored together with other personal data of the user. 2. Purpose of Data Processing The storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. 3. Legal Basis for Data Processing The legal basis for the temporary storage of data and log files is Art. 6 (1) sentence 1 lit. f GDPR. 4. Storage Duration The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that an assignment of the calling client is no longer possible. 5. Possibility of Objection The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. The user can object to this. Whether the objection is successful must be determined by balancing interests. Use of Cookies 1. Description and Scope of Data Processing When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your device. When you access our website and at any time thereafter, you have the choice of whether to generally allow cookies or which individual additional functions you wish to select. You can make changes in your browser settings or via our Consent Manager. Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using, so that certain information can flow to the entity that sets the cookie. Below, we describe the type of cookies we use: We use technically necessary cookies that are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or support functions are not possible. The following data is stored and transmitted by the technically necessary cookies: · Language settings ·Items in the shopping cart ·Login information ·Frequency of page views ·Use of website functions We use cookies on our website that are not technically necessary. Non-technically necessary cookies are considered text files that do not solely serve the functionality of the website but also collect other data. By setting non-technically necessary cookies, the following data is processed: ·Date and time of website access ·Tracking of surfing behavior ·Linking of website visits with other social media platforms
2. Purpose of Data Processing The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again after a page change. We require technically necessary cookies for the following applications: ·Shopping cart ·Adoption of language settings ·Functionality of the website The use of non-technically necessary cookies serves the purpose of improving the quality of our website, its content, and thus our reach and economic efficiency. By setting these cookies, we learn how the website is used and can thus continuously optimize our offer. In particular, these cookies serve the following purposes: Tracking, marketing 3. Legal Basis for Data Processing For storing information in the end-user's terminal equipment and/or accessing information already stored in the end-user's terminal equipment, the provisions of the Telecommunications-Digital Services Data Protection Act (TDDDG) are applicable. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is based on Section 25 (2) No. 2 TDDDG. This storage and access to the information on your terminal equipment serves to facilitate your use of our website and to offer you our services as you wish. Some functions of our website do not work without the use of these cookies and therefore could not be offered. Cookies are generally deleted after the end of the session (e.g., logging out or closing the browser) or after a predefined period. Information about differing storage periods for cookies can be found in the following sections of this privacy policy. Insofar as cookies that are not technically necessary are used, this is based on your explicit consent, which you can give via the cookie banner. The basis for the storage and access to information in this case is Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a), Art. 7 GDPR. You can withdraw your consent at any time with future effect or re-grant it later by configuring your cookie settings accordingly. Alternatively, you can prevent the storage of cookies by making appropriate settings in your browser software. Please note that the browser settings made only apply to the browser used in each case. If personal data is processed after the storage of and access to the information on your terminal equipment, the provisions of the GDPR are applicable. Information on this can be found in the following sections of this privacy policy. 4. Objection and Deletion You can revoke your consent to the use of cookies at any time and manage your consent preferences using the following link: https://www.capolavoro.de/pages/datenschutz Registration 1. Description and Scope of Data Processing On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask, transmitted to us, and stored. The data is not passed on to third parties. The following data is collected during the registration process: · Email address · Last name · First name · Address · Phone/mobile number · Date and time of registration During the registration process, the user's consent for the processing of this data is obtained. 2. Purpose of Data Processing User registration is necessary for the performance of a contract with the user or for carrying out pre-contractual measures. 3. Legal Basis for Data Processing The legal basis for data processing, where the user has given consent, is Art. 6 (1) sentence 1 lit. a GDPR. If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for data processing is Art. 6 (1) sentence 1 lit. b GDPR. 4. Duration of Storage The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For data collected during the registration process for the performance of a contract or for the implementation of pre-contractual measures, this is the case when the data is no longer necessary for the execution of the contract. Even after the contract has been concluded, it may be necessary to store the personal data of the contractual partner in order to comply with contractual or legal obligations. 5. Possibility of Withdrawal in Case of Consent As a user, you have the option to cancel your registration at any time. You can modify the data stored about you at any time. In particular, you can request deletion in the following ways: If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible if contractual or legal obligations do not prevent deletion. Webshop We offer a webshop on our website. For this purpose, we use the Software as a Service (SaaS) rental shop system of a service provider commissioned by us. The name of our rental shop system and the name and address of the service provider are: Shopify by the provider Shopify International Limited, 1-2 Haddington Road, D04 XN32, Dublin, Ireland (hereinafter referred to as Shopify). Further information can be found in the provider's privacy policy: https://www.shopify.de/legal/datenschutz of the provider. Further information can be found in the provider's privacy policy: The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information includes: · Information about the browser type and version used · The user's operating system · The user's Internet service provider · Date and time of access · Websites from which the user's system accesses our website · Websites accessed by the user's system via our website This data is not combined with other data sources. The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimization of its website - for this purpose, the server log files must be recorded. We have concluded a data processing agreement with the relevant service provider, in which we obligate the service provider to protect user data and not to disclose it to third parties. The geographical location of the website's server is in the European Union (EU) or the European Economic Area (EEA). Payment Options 1. Description and Scope of Data Processing We offer our customers various payment options to process their orders. Depending on the payment method, we redirect customers to the platform of the corresponding payment service provider. After the payment process is completed, we receive the customer's payment data from the payment service providers or our house bank and process it in our systems for invoicing and accounting purposes. Payment via Amazon Pay It is possible to process the payment with the payment service provider Amazon Pay. Amazon Pay allows online payments to third parties by accessing the payment and shipping information stored in your Amazon account. The European operating company of Amazon Pay is Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg. If you already have an Amazon.de customer account, you can pay immediately using the payment method stored there - either by direct debit or credit card. This requires logging into your Amazon account. Further information and your order overview for payment via Amazon Pay can be found at https://pays.amazon.de. When paying via Amazon Pay, all personal data communicated to or collected by Amazon Pay will be processed primarily by Amazon Payments Europe s.c.a. and secondarily by Amazon EU SARL, Amazon Services Europe SARL, and Amazon Media EU SARL, all three located at 5, Rue Plaetis L-2338, Luxembourg. For more information on Amazon's processing of your data within the scope of Amazon Pay, please refer to Amazon Pay's privacy policy at: https://pay.amazon.com/de/help/201751600 Payment via Klarna It is possible to process the payment with the payment service provider Klarna. Klarna is a payment service provider that enables purchase on account or installment payments. The European operating company of Klarna is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. If you select "purchase on account" or "installment purchase" as a payment option via Klarna within the transaction, your personal data will be automatically transmitted to Klarna. The personal data transmitted to Klarna includes, in particular: · First name · Surname · Address · Date of birth · Gender · Email address · IP address · Phone/mobile number · Bank details · Credit card number including expiry date and CVC code · Number of items · Item number · Data on goods and/or services · Transaction amount and tax charges The purpose of transmitting the data is, in particular, identity verification, payment administration, and fraud prevention. The personal data exchanged between Klarna and us may be transmitted by Klarna to credit agencies. This transmission is for the purpose of identity and credit checks. Klarna may also pass on personal data to affiliated companies (Klarna Group) and service providers or subcontractors if this is necessary for the fulfilment of contractual obligations or if the data is to be processed on their behalf.
https://www.klarna.com/de/datenschutz/ Payment by credit card It is possible to complete the payment process by credit card. If you have chosen payment by credit card, payment data will be passed on to payment service providers for payment processing. All payment service providers comply with the requirements of the "Payment Card Industry (PCI) Data Security Standards" and have been certified by an independent PCI Qualified Security Assessor. The following data is regularly transmitted when paying by credit card: · Purchase amount · Date and time of purchase · First name and surname · Address · Email address · Credit card number · Credit card expiry date · Security code (CVC) · IP address · Telephone number / mobile phone number
Payment data is transmitted to the following payment service providers:
Payment via PayPal It is possible to process the payment with the payment service provider PayPal. In addition to a direct payment method, PayPal also offers purchase on account, by direct debit, by credit card and instalment payments. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, the data required for the payment process will be automatically transmitted to PayPal. This primarily includes the following data: · Name · Address · Email address · Telephone / mobile number · IP address · Bank details · Card number · Expiration date and CVC code · Number of items · Item number · Goods and services data · Transaction amount and taxes · Information about previous purchasing behavior The data transmitted to PayPal may be transmitted by PayPal to credit bureaus under certain circumstances. This transmission is for the purpose of identity and credit checks. PayPal may also disclose your data to third parties if this is necessary to fulfill contractual obligations or if the data is to be processed on its behalf. When your personal data is transmitted within companies affiliated with PayPal, the Binding Corporate Rules, which have been approved by the relevant supervisory authorities, apply. You can find these here: https://www.paypal.com/de/webapps/mpp/ua/bcr Other data transfers may be based on contractual protection provisions. For more information, please contact PayPal. All PayPal transactions are subject to PayPal's Privacy Policy. You can find this at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/. Payment via Apple Pay It is possible to pay with Apple Pay from Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. When paying with Apple Pay, the following personal data is transmitted to Apple: · Postcode or equivalent information for calculating taxes and postage. · Merchant-specific account number. · Postal address or email address · Device-specific information, Apple ID and location (if location services are enabled for Wallet) for on-device fraud prevention assessment. · Output of on-device fraud prevention assessments (not the underlying data). · Postal address identifier to confirm address consistency in transactions. · IP address (if available) for fraud prevention. · Information about participating merchants in connection with merchant-specific account numbers. Further information on data processing when paying via Apple Pay can be found here: https://www.apple.com/au/legal/privacy/data/en/apple-pay/ Payment via Google Pay It is possible to make payments via Google Pay. The European operating company of Google is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you use Google Payments to make a transaction, Google collects information about the transaction, including the date, time, and amount of the transaction, the location and description of the merchant, a description of the goods or services purchased provided by the seller, a photo you choose to associate with the transaction, the names and email addresses of the seller and buyer (or sender and recipient), the type of payment method used, your description of the reason for the transaction, and the offer associated with the transaction, if any. Further information on data processing by Google when paying via Google Pay can be found here: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en Payment by Sofortüberweisung (instant transfer) It is possible to pay by Sofortüberweisung. In this case, the data is collected by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany. The controller itself does not collect or store the data. By initiating a Sofortüberweisung, you authorize Sofort GmbH to automatically check whether your account covers the amount to be transferred (account coverage check), and whether any Sofortüberweisungen from the last 30 days have been successfully processed from your account, and after a positive check, to transmit the transfer order you have approved in electronic form to your bank, and to inform us, as the payment recipient you have selected (online provider), about the successful initiation of the transfer. For this purpose, Sofort GmbH requires the IBAN as well as the PIN and TAN of your online banking account. During the ordering process, you will be automatically redirected to the secure payment form of Sofort GmbH. Immediately afterwards, you will receive confirmation of the transaction. We will then receive the credit for the transfer directly. Sofortüberweisung can be used as a payment method by anyone who has an activated online banking account with a PIN/TAN procedure. Please note that a few banks do not yet support payment by Sofortüberweisung.
Payment in advance If you have chosen payment in advance, no data other than the data transmitted by your bank will be processed by us. This data will only be used to verify receipt of payment. Other payment options We also offer the following payment options: Shopify Payments
2. Purpose of data processing The transmission of payment data to payment service providers serves to process the payment, e.g., when you purchase a product and/or use a service. 3. Legal basis for data processing The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as the processing of the data is necessary for the performance of the concluded purchase agreement. 4. Duration of storage All payment data and data on any chargebacks will only be stored for as long as they are required for payment processing and any potential processing of direct debit returns and debt collection, as well as for combating misuse. Furthermore, payment data may be stored beyond this period if and as long as this is necessary to comply with statutory retention periods or to pursue a specific case of misuse. Your personal data will be deleted after the statutory retention obligations expire, i.e., after a maximum of 10 years. 5. Exercising your rights If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible to the extent that no contractual or legal obligations prevent deletion. Shipping service providers 1. Description and scope of data processing If you order products or services on our website for which a shipping service provider is used for delivery, you will receive your order and shipping confirmation via your email address, as well as, depending on the respective shipping service provider, notification that your shipment has arrived and/or notification of package announcement and possible delivery options. The data is transmitted to the following service providers: · FedEx Express – European Office, Taurusavenue 111, 2132 LS Hoofddorp, Netherlands · UPS Europe SA, Ave Ariane 5, Brussels, B-1200, Belgium · NTEX Paketdienst GmbH, In der Held 2, 66620 Nonnweiler-Otzenhausen The transmitted data regularly includes: · Name · Address · Email address
2. Purpose of data processing The purpose of processing personal data is to enable shipping service providers to inform recipients about the shipping status via email, thereby increasing the likelihood of successful delivery. 3. Legal basis for data processing The legal basis for transmitting the email address to the respective shipping service provider and its use is your consent pursuant to Art. 6 para. 1 lit. a GDPR. The legal basis for transmitting your address data (first name, last name, address) to the respective shipping service provider is Art. 6 para. 1 sentence 1 lit. b GDPR, as the processing of data is necessary for the performance of the concluded purchase contract. 4. Storage duration The transmitted data will be deleted by the respective shipping service provider once the parcel has been delivered. 5. Possibility of objection The notification service provided by the shipping service provider can be unsubscribed by the user concerned at any time. For this purpose, each email contains a corresponding opt-out link. Newsletter 1. Description and scope of data processing On our website, it is possible to subscribe to a free newsletter. When signing up for the newsletter, the data from the input mask is transmitted to us. To provide this service, we collect the following data from you: · Email address For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy. The data is used exclusively for sending the newsletter. 2. Purpose of data processing The collection of the user's email address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used. 3. Legal basis for data processing The legal basis for the processing of data after the user subscribes to the newsletter, if the user has given consent, is Art. 6 para. 1 sentence 1 lit. a GDPR. 4. Storage duration The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user's email address will therefore be stored for as long as the newsletter subscription is active. Other personal data collected during the registration process is usually deleted after a period of seven days. 5. Possibility of revocation The newsletter subscription can be cancelled by the user concerned at any time. For this purpose, each newsletter contains a corresponding link. This also enables the revocation of consent to the storage of personal data collected during the registration process. Email contact 1. Description and scope of data processing On our website, it is possible to contact us via the provided email address. In this case, the user's personal data transmitted with the email will be stored. The data will be used exclusively for processing the conversation. 2. Purpose of data processing In the case of contact via email, there is also a legitimate interest in processing the data. 3. Legal basis for data processing The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in optimally responding to your inquiry sent by email. If the email contact aims at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. 4. Storage duration The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter concerned has been conclusively clarified. Other personal data collected during the sending process will be deleted after a period of seven days at the latest. 5. Possibility of objection If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored during the contact will be deleted in this case. Contact form 1. Description and scope of data processing Our website provides a contact form that can be used for electronic contact. If a user utilizes this option, the data entered into the input mask will be transmitted to us and stored. At the time the message is sent, the following data is stored: · Email address · Last name · First name · Date and time
2. Purpose of data processing The processing of personal data from the contact form's input mask or via the provided email address serves solely to handle the contact request. Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. 3. Legal basis for data processing The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in optimally responding to your inquiry, which you send to us via the contact form. If the email contact aims at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR. 4. Storage duration The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For personal data from the contact form's input mask and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter concerned has been conclusively clarified. Other personal data collected during the sending process will be deleted after a period of seven days at the latest. 5. Possibility of objection If the user contacts us via the input mask in the contact form, they can object to the storage of their personal data at any time. In particular, you can object in the following ways: Contact us and we will delete your data. All personal data stored during the contact will be deleted in this case. Company appearances Instagram: Instagram, Part of Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland On our company page, we provide information and offer Instagram users the possibility of communication. If you perform an action on our Instagram company profile (e.g., comments, posts, likes, etc.), you may thereby make personal data (e.g., your full name or profile picture) public. However, since we generally or largely have no influence on the processing of your personal data by Instagram, we cannot make binding statements about the purpose and scope of the processing of your data. We use our company presence on social networks for communication and information exchange with (potential) customers. In particular, we use the company presence for: Company presentation Publications via the company presence may contain the following content: · Information about products · Information about services · Customer contact Each user is free to publish personal data through activities. Insofar as we process your personal data to evaluate your online behavior, offer you competitions or conduct lead campaigns, this is done on the basis of your explicit declaration of consent, Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR. The legal basis for the processing of personal data for the purpose of communication with customers and interested parties is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in optimally responding to your inquiry or providing the requested information. If the contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. The data generated by the company's online presence are not stored in our own systems. You can object to the processing of your personal data that we collect within the scope of your use of our company presence at any time and assert your rights as a data subject, as set out in the "Your Rights" section of this privacy policy. To do this, send us an informal email to kontakt@capolavoro.de. Further information on the processing of your personal data by Instagram and the corresponding objection options can be found here: Instagram: https://help.instagram.com/519522125107875 YouTube: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States On our company page, we provide information and offer YouTube users the opportunity to communicate. If you perform an action on our YouTube company presence (e.g., comments, posts, likes, etc.), you may thereby make personal data public (e.g., your full name or a photo from your user profile). However, since we generally or largely have no influence on the processing of your personal data by YouTube, we cannot make binding statements about the purpose and scope of the processing of your data. We use our company presence on social networks for communication and information exchange with (potential) customers. In particular, we use the company presence for: The publications via the company's online presence may contain the following content:
Each user is free to publish personal data through activities. Insofar as we process your personal data to evaluate your online behavior, offer you competitions or conduct lead campaigns, this is done on the basis of your explicit declaration of consent, Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR. The legal basis for the processing of personal data for the purpose of communication with customers and interested parties is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in optimally responding to your inquiry or providing the requested information. If the contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. The data generated by the company's online presence are not stored in our own systems. You can object to the processing of your personal data that we collect within the scope of your use of our company presence at any time and assert your rights as a data subject, as set out in the "Your Rights" section of this privacy policy. To do this, send us an informal email to kontakt@capolavoro.de. Further information on the processing of your personal data by YouTube and the corresponding objection options can be found here: YouTube: https://policies.google.com/privacy?gl=DE&hl=en Use of company presences in professional networks 1. Scope of data processing On our site, we provide information and offer users the opportunity to communicate. The company presence is used for applications, information/PR and active sourcing. We have no information about the processing of your personal data by the companies jointly responsible for the company presence. Further information can be found in the privacy policy of: On our site, we provide information and offer users the opportunity to communicate. The company presence is used for applications, information/PR and active sourcing. We have no information about the processing of your personal data by the companies jointly responsible for the company presence. Further information can be found in the privacy policy of: XING: If you perform an action on our company presence (e.g., comments, posts, likes, etc.), you may thereby make personal data public (e.g., your full name or a photo from your user profile). 2. Legal basis for data processing The legal basis for the processing of personal data for the purpose of communication with customers and interested parties is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in optimally responding to your inquiry or providing the requested information. If the contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. 3. Purpose of data processing Our company presence serves to inform users about our services. Each user is free to publish personal data through activities. 4. Duration of storage The data generated by the company's online presence are not stored in our own systems. 5. Exercise of your rights You can object to the processing of your personal data that we collect within the scope of your use of our company presence at any time and assert your rights as a data subject, as set out in the "Your Rights" section of this privacy policy. To do this, send us an informal email to the email address provided in this privacy policy. Further information on the exercise of your rights can be found here: LinkedIn: https://www.linkedin.com/legal/privacy-policy XING: Content delivery networks Shopify 1. Description and scope of data processing We use functions of the Content Delivery Network Shopify from the provider on our website. A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet, which are used to deliver content – especially large media files such as videos. Shopify offers web optimization and security services that we use to improve our website's loading times and to protect it from misuse. When you visit our website, a connection to Shopify's servers is established to retrieve content, for example. Personal data can thus be stored and evaluated in server log files, especially the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and the operating system). 2. Purpose of data processing The use of Shopify's functions serves to deliver and accelerate online applications and content. 3. Legal basis for data processing The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically flawless display and optimization of his website – for this purpose, the server log files must be recorded. 4. Duration of storage Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law. 5. Possibility of objection Information on exercising your rights vis-à-vis Shopify can be found at: https://www.shopify.com/de/legal/datenschutz Integrated third-party services We use various service providers to provide the services we offer via the website. If such services are required for additional services, extended functions or additional purposes, your personal data will only be transferred to service providers if you give your consent. Here you can revoke your consent to the use of integrated third-party services at any time and manage your consent settings: https://www.capolavoro.de/pages/datenschutz Use of CleverReach 2. Purpose of data processing 3. Legal basis for the processing of personal data 4. Duration of storage 5. Right of revocation and erasure Use of Google AdWords 2. Purpose of data processing 3. Legal basis for the processing of personal data 4. Storage period 5. Right to withdraw consent and right to erasure Use of Google Analytics 4 (GA 4) 1. Scope of personal data processing We use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: Google). Google Analytics analyzes, among other things, how website visitors use our site. Google places cookies on your device. During the visit, user behavior is recorded in the form of "events". Personal data may be stored and evaluated, including: · First visit to the website · Interaction with the website, usage path · Clicks on external links · Video usage · File downloads · Ad impressions and clicks · Scrolling behavior (if to end of page) · Searches on the website · Language selection · Page visits · Location (region) · Your IP address (in truncated form) · Technical information about your browser and the devices you use (e.g., language setting, screen resolution) · Your internet provider · Referrer URL We use Google Signals. This allows additional information to be collected in Google Analytics about users who have enabled personalized ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns. By default, IP address anonymization is enabled in GA 4. This means that your IP address will be truncated by Google within Member States of the European Union or other contracting states to the Agreement on the European Economic Area. Only in rare cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google states that the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Further information on data processing by Google can be found here: https://policies.google.com/privacy 2. Purpose of data processing The use of GA 4 serves to evaluate the use of our online presence and to generate reports on activities on our website. The reports serve to analyze the performance of our website and to specifically target advertising to individuals who have already shown initial interest through their visit to our site. 3. Legal basis for the processing of personal data The legal basis for the processing of users' personal data is generally the user's consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. 4. Storage period Your personal data will be deleted after 2 months. This deletion takes place automatically once a month. 5. Right to withdraw, object, and erase You have the right to withdraw your data protection declaration of consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent until its withdrawal. You can withdraw your consent via our Cookie Consent Tool. You can prevent Google from collecting and processing your personal data by disabling the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser. Further information on objection and removal options against Google can be found at: https://policies.google.com/technologies/partner-sites You can also prevent Google from collecting and processing the data generated by the cookie and related to your use of the online presence (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout? hl=de You can deactivate Google's use of your personal data via the following link: https://adssettings.google.de Use of Google Ads Remarketing 2. Purpose of data processing 3. Legal basis for the processing of personal data 4. Storage Duration 5. Right to Withdraw and Delete Use of Instagram Plugin 2. Purpose of data processing 3. Legal basis for the processing of personal data 4. Storage Duration 5. Right to Withdraw and Delete Use of Formspark Use of Trusted Shop - Seal of Approval with Reviews 2. Purpose of data processing 3. Legal basis for the processing of personal data 4. Storage Duration 5. Right to Withdraw and Delete Use of Google Tag Manager 2. Purpose of data processing 3. Legal basis for the processing of personal data 4. Storage Duration 5. Right to Withdraw and Delete Use of Facebook Retargeting 2. Purpose of data processing 3. Legal basis for the processing of personal data 4. Storage Duration 5. Right to Withdraw and Delete Use of Calendly 1. Description and Scope of Data Processing We use the services of Calendly LLC 271 17th Street NW 10th Floor, Atlanta, Georgia, 30363, USA (Calendly) for online appointment scheduling. When you use the tool, you will be asked to provide personal information such as your name, email address, and phone number. You also have the option to state your concern and provide us with further information. The provider's server is geographically located in the USA. Your data will be transferred to Calendly servers in the USA. Calendly is a member of the Trans-Atlantic Data Privacy Framework (TDPF; data protection agreement between the EU and the USA) to ensure an adequate level of data protection during data processing. 2. Purpose of Data Processing The use of the functions of these services serves the purpose of easy and quick appointment scheduling. 3. Legal Basis for Data Processing This data is collected based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. 4. Duration of storage Your personal data will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law. 5. Exercising your rights Information on how you can exercise your rights vis-à-vis Calendly can be found at: https://calendly.com/pages/privacy This privacy policy was created with the support of DataGuard. Status: 09/04/2025 |
