1 Foreword
The overall system "sags.digital" is operated under the domain "sags.digital".
1.1 Layers of protection
The overall system "sags.digital" is divided into two areas, which are collectively referred to as "website" in the following data protection declaration. In our data protection concept, we provide for different security requirements for the areas. The two areas include:
· The marketing website (recognizable by the domain "sags.digital"), on which registration is not possible and on which no personal data is requested in the form of online forms
· The platform system (recognizable by the domain "app.sags.digital"), which offers the user login and all program functions, including administration and payment.
In the above order, our concept provides for increasing security requirements for data protection.
Protection level 1 (marketing website):
For the economic operation of our platform, the integration of Google Ads, Facebook Pixel and LinkedIn Insight Tag is mandatory on the website so that we can advertise our platform. However, we have restricted the integration of Google Ads, Facebook Pixel and LinkedIn Insight Tag in our website as far as possible. For example, the required scripts are only loaded if a visitor actually comes to our website via an advertisement on Google, Facebook or LinkedIn. We recognize this via the URL and assume that the visitor knows the respective data protection conditions of the service the customer came from. Direct website visitors, on the other hand, do not receive such a script. In order to protect our users, we accept the resulting disadvantages for us in advertising and possibly even in visibility on the Internet in general.
Protection level 2 (payment system):
With the exception of credit institutes and PayPal, no other external payment providers are involved in the "payment.invokable.gmbh" payment system. Since personal data and payment data is processed, this level is subject to increased security requirements in terms of data protection and IT security.
Protection level 3 (platform system):
The platform system itself has not integrated any external services or user tracking mechanisms and is additionally protected by special firewall techniques. The servers used for the platform system are configured to collect only a minimum set of data and are completely independent systems, used only for the platform system.
We have examined all matters relevant to data protection very critically and we have been extremely cautious with the integration of external services. We only use " Matomo" as analysis software (at the website & platform levels), which we can keep under our own control on our own servers, and we do not use any external services in the platform system at all.
Request: We are constantly working to improve our customer and data security. However, we are only human and may make mistakes. If you notice something that we missed or where we can improve, please send us a short email to support@sags.digital. Thank you in advance!
1.2 Contracts for data processing (DPA)
After registering via our online interface, you can conclude a data processing agreement (DPA) with us under the menu item "Contracts -> DP-Contract". Simply enter the information you require.
We prepared a demo DP contract for you, so that you are able to preview the contract before signing up for an account.
Click here to open the demo DP contract...
Our DP contract is not enough for you? You have special requirements to the contract? Please understand that the legal review of individual contracts is very time-consuming. Since data protection is important to us, we would have to check every contract for organizational feasibility and legal completeness. With thousands of customers, we have to make sure that we don't have a "patchwork" of individual regulations. For this reason, we do not offer individual regulations for data processing for small customers, but only for a monthly purchase volume of around 10,000 connections and above.
Exception: Church institutions may be obliged to sign an additional agreement (e.g. in accordance with DSG-EKD or KDG). Since we already work with institutions from all major churches in Germany, this is not a problem. Simply send us a corresponding request.
2 Data protection at a glance
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
However, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps despite all security measures. A complete protection of the data against access by third parties is not possible.
If you use this website, various personal data will be collected. The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. See below for detailed information. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
Who is responsible for data collection on this website? The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.
How do we collect your data?On the one hand, your data is collected when you communicate it to us. This can be z. B. be data that you enter in a contact form.
Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of the page view). This data is collected automatically as soon as you enter this website.
When you visit this website, your surfing behavior can be statistically evaluated. This is mainly done with cookies and so-called analysis programs.
What do we use your data for?
Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request that the processing of your personal data be restricted. You also have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time at the address given in the imprint or read more about this in detail below if you have any further questions on the subject of data protection.
3 Hosting and Content DeliveryNetworks (CDN)
This website is hosted by an external service provider within Europe (hoster). The personal data collected on this website is stored on the host's servers. This can primarily be IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit.b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para . 1 lit.f GDPR).
Our hoster will only process your data to the extent that this is necessary to fulfill its performance obligations and will follow our instructions in relation to this data.
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.
4 Mandatory information
4.1 Responsible body
The responsible body for data processing on this website is:
invokable GmbH Möllersbaum 1 42477 Radevormwald Telephone: +49 2195 588 25 0 Email: info (at) invokable.gmbh
The responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
4.2 Data Protection Officer
As required by law, we have appointed a data protection officer for our company.
KHBL Service- und Wirtschaftsgesellschaft mbH
Altenberger-Dom-Strasse 200
51467 Bergisch Gladbach
Telephone: +49 2195 588 25 0
Email: datenschutz (at) invokable.gmbh
4.3 Your rights
4.3.1 Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. An informal message by e-mail to us is sufficient. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.
4.3.2 Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
If data processing is based on Art. 6 Para. 1 lit.e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons that arise from your particular situation; this also applies to profilingbased on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).
If your personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profilinginsofar as it is associated with such direct advertising. If you object, your personal data will then no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).
4.3.3 Right of appeal to the competent supervisory authority
In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
4.3.4 Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done to the extent that it is technically feasible.
4.3.5 Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction or deletion of this data at any time. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of personal data.
4.3.6 Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the examination, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to demand that the processing of your personal data be restricted instead of being deleted.
If you have lodged an objection in accordance with Art. 21 (1) GDPR, your interests and ours must be weighed up. As long as it has not yet been determined whose interests prevail, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State are processed.
4.4 Encrypted payment transactions on this website
If, after the conclusion of a fee-based contract, there is an obligation to send us your payment data (e.g. account number for direct debit authorization), this data is required for payment processing.
Payment transactions using the usual means of payment (Visa/MasterCard, direct debit, Paypal) are carried out exclusively via an encrypted SSL or TLS connection.
4.5 SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
5 Data collection on this website
For general data collection for general contact with our company, please refer to our stratified data protection information:
https://legal.invokable.gmbh/company/data_protection_quick_info/quick_info_DE.pdf
5.1 Using the platform features
The following additional data is recorded and processed on app.sags.digital to use the platform features: (Please note that people might be affected by multiple of the below-mentioned groups, e.g. a registered user taking part in a discussion)
Affected person / group | Which dates? | Storing | Deletion |
---|---|---|---|
Registered user on app.sags.digital | Name, email address, password | Permanent | If the account is deleted at the request of the user or an administrator |
Contract owner (Registered user that books subscriptions or manages payments) | Name, e-mail address, password, contract master data of the customer account (e.g. name, address, etc.), as well as payment/account data depending on the selected payment method | Permanent | If the customer account is deleted at the request of the user |
External person that is invited (via secret link) to participate in a discussion (NO REGISTRATION is needed to participate) | Name (may be entered anonymized by the inviting person) | Permanent | When all created messages and the secret link are deleted, or when the whole discussion is deleted by the creator of the discussion |
Additional data for registered or external persons taking part in a discussion | Webcam video data (if used), screenshare video data (if used), audio data (if used), text messages (if used), uploaded files (if used) | Permanent | When deleting the message or when the whole discussion is deleted by the creator of the discussion |
5.2 Further data processing - functions and tools
5.2.1 Cookies
Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored on your end device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies can also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you want (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring the web audience). on the basis of Art. 6 Para. 1 lit.f GDPR, unless another legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies was requested, the relevant cookies are stored exclusively on the basis of this consent (Article 6 (1) (a) GDPR); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
If cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in this data protection declaration and, if necessary, ask for your consent.
5.2.2 Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
· Browser type and browser version
· operating system used
· ReferrerURL
· Host name of the accessing computer
· Time of server request
· IP address
This also results in log files that can be used for error analysis. These log files are either (if possible) completely anonymized (e.g. zeroing of the last two digits of the IP address) or automatically deleted after a maximum of 48 hours.
This data is not merged with other data sources.
This data is collected on the basis of Art. 6 Para. 1 lit.f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website; the server log files must be recorded for this purpose.
5.2.3 Contact form
Applicable: at protection level "Platform"
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.
This data is processed on the basis of Art. 6 Para. 1 lit.b GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit.f GDPR) or on your consent (Art. 6 Para. 1 lit.a GDPR) if this was queried.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
5.2.4 Communication, inquiries by e-mail, telephone
If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
For general contract processing and communication, we also refer to our general information on the processing of personal data: Link
This data is processed on the basis of Art. 6 Para. 1 lit.b GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit.f GDPR) or on your consent (Art. 6 Para. 1 lit.a GDPR) if this was queried.
The data you sent to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.
5.2.5 Registration on this site
Applicable: at protection level "Platform"
You can register on this website to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will refuse the registration.
For important changes, such as the scope of the offer or technically necessary changes, we use the e-mail address provided during registration to inform you in this way.
The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, initiating further contracts (Article 6 (1) (b) GDPR).
The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
5.2.6 Analytics Tools and Advertising
5.2.6.1 Matomo(formerly Piwik)
This is how we limit tracking as best we can:
Affected protection level(s): | marketing website only |
Affected website visitors: | All |
Scope of tracking: | All pages; Data anonymized as much as possible; Data stored completely with us; No data transfer |
This website uses the open source web analysis service Matomo. Matomouses so-called "cookies". These are text files that are stored on your computer and that enable an analysis of your use of the website. For this purpose, the information generated by the cookieabout the use of this website is stored on our server. The IP address is anonymized before it is saved.
Matomocookies remain on your device until you delete them.
The storage of Matomocookies and the use of this analysis tool are based on Art. 6 Para. 1 lit.f GDPR. The website operator has a legitimate interest in the anonymous analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 Para. 1 lit.a GDPR; the consent can be revoked at any time.
The information generated by the cookieabout the use of this website will not be passed on to third parties. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full.
If you do not agree to the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from savingusage data. If you delete your cookies, this means that the Matomoopt-out cookie will also be deleted. The opt-out must be reactivated when you visit this website again.
5.2.6.2 Google conversiontracking
This is how we limit tracking as best we can:
Affected protection level(s): | marketing website only |
Affected website visitors: | Only visitors who came to our site directly via a Google advertisement AND have consented to tracking in the cookie notice. |
Scope of tracking: | First entry page and page for completing a registration. No tracking of other sites. |
This website uses Google Ads. Google Ads is an online advertising program from Google IrelandLimited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
As part of Google Ads, we use so-called conversiontracking. If you click on an ad placed by Google, a cookie will be set for conversiontracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page.
Each Google Ads customer receives a different cookie. The cookies cannot be tracked through the websites of Google Ads customers. The information obtained using the conversioncookie is used to create conversionstatistics for Google Ads customers who have opted for conversiontracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversiontracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversiontracking cookie in your Internet browser under user settings. You will then not be included in the conversiontracking statistics.
The storage of " conversioncookies" and the use of this tracking tool are based on Art. 6 Para. 1 lit.f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 Para. 1 lit.a GDPR; the consent can be revoked at any time.
You can find more information about Google Ads and Google ConversionTracking in Google's data protection regulations: https://policies.google.com/privacy?hl=de.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
5.2.6.3 Facebook pixels
This is how we limit tracking as best we can:
Affected protection level(s): | marketing website only |
Affected website visitors: | Exclusively visitors who came to our website directly via the Facebook website (via link or advertising) AND have consented to tracking in the cookie notice. |
Scope of tracking: | First entry page and page for completing a registration. No tracking of other sites. |
This website uses the visitor action pixel from Facebook to measure conversion. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data collected is also transferred to the USA and other third countries.
In this way, the behavior of site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous to us as the operator of this website, we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes. This enables Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of Facebook pixels is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Article 6 Paragraph 1 lit. the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendumhttps://de-de.facebook.com/help/566994660333381
You will find further information on the protection of your privacy and the use of data by Facebook in Facebook's data protection information: https://de-de.facebook.com/about/privacy/
You can also disable the "Custom Audiences" remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
5.2.6.4 LinkedIn Insight Tag
This is how we limit tracking as best we can:
Affected protection level(s): | marketing website only |
Affected website visitors: | Only visitors who came to our website directly from the LinkedIn website (via link or advertising) AND who consented to tracking in the cookie notice. |
Scope of tracking: | First entry page and page for completing a registration. No tracking of other sites. |
This website uses LinkedIn's Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
With the help of the LinkedIn Insight Tag we receive information about the visitors of our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the professional key data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better align our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our website make a purchase or take another action (conversion measurement). The conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function, with the help of which we can show visitors to our website targeted advertising outside of the website, whereby, according to LinkedIn, the advertising addressee is not identified. LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted from LinkedIn after seven days. The remaining pseudonymised data will then be deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn's data protection declaration at https://www.linkedin.com/legal/privacy-policy#choices-oblig
LinkedIn Insight is used on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Article 6 Paragraph 1 lit. the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpahttps://www.linkedin.com/legal/l/eu-sccs
You can object to the analysis of usage behavior and targeted advertising by LinkedIn under the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
5.2.7 Other and previous plugins and tools
(Compared to the previous version of this document, these are omitted. All external plugins and tools mentioned earlier have been removed from our system.)
5.2.8 eCommerce and payment providers - processing of data (customer and contract data)
Applicable: at protection level "Payment system"
We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1 lit.b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
5.3 Data transmission upon conclusion of contract for services and digital content
We only transfer personal data to third parties if this is necessary within the framework of contract processing.
Any further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
5.3.1 Payment transactions
The transmission of your data to the named payment service providers and banks takes place on the basis of Art. 6 Para. 1 lit.a GDPR (consent) and Art. 6 Para. 1 lit.b GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.
5.3.1.1 SEPA direct debit
Applicable: at protection level "Payment system"
On this website we offer the option of paying by SEPA direct debit. If you choose to pay via SEPA direct debit, the payment details you enter will be sent to the banks responsible for processing the payment, which are subject to their own strict data protection regulations. For our part, payment data is passed on to the Volksbank im Bergisches Land, TenterWeg 1-3, 42897 Remscheid, BIC VBRSDE33XXX, BLZ 34060094, which in turn exchanges data with the bank you specified.
5.3.1.2 PayPal
Applicable: at protection level "Payment system"
On this website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal(Europe) S.à.rl.et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
If you choose to pay via PayPal, the payment details you enter will be sent to PayPal, which in turn will exchange data with the bank you specified.