Privacy Notice (Datenschutzerklärung) & Use of Cookies

We will process personal data (referred to as “data” below) only to the extent necessary for providing a functional and user-friendly website, including its contents and the services offered. As defined in Article 4 No. 1 of the General Data Protection Regulation (GDPR), “processing” refers to any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction, whether automated or not.

The purpose of this privacy policy is to inform you about the type, scope, purpose, duration, and legal basis for the processing of such data, both under our control and in conjunction with others. We also provide information about the third-party components we use to optimize our website and enhance the user experience. Please note that these third parties may also process data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing

I. Information about us as controllers of your data

The entity responsible for the operation of this website and acting as the “controller” in accordance with data protection laws is Frills GmbH, Prinzessinnenstr. 30, 10969 Berlin, Germany, +49 40 800 934 800, frills@frills.de. The designated data protection officer for the controller is: Daniel Argasinski

II. The rights of users and data subjects

Users and data subjects have certain rights regarding data processing, which are outlined below:

  1. Right to confirmation and information: Users have the right to obtain confirmation whether their personal data is being processed and to receive information about the data processing, including its nature and purpose (Art. 15 GDPR).
  2. Right to rectification: If users’ personal data is incorrect or incomplete, they have the right to have it corrected or completed (Art. 16 GDPR).
  3. Right to erasure (Right to be forgotten): Users can request the immediate deletion of their personal data under certain circumstances. However, there may be legal grounds for the controller to continue processing the data (Art. 17 GDPR).
  4. Right to restriction of processing: In certain situations, users have the right to restrict the processing of their personal data. This means the data can only be stored and not processed further (Art. 18 GDPR).
  5. Right to data portability: Users can request copies of their personal data and have it transmitted to other providers or controllers if technically feasible (Art. 20 GDPR).
  6. Right to lodge a complaint: If users believe that the controller is processing their personal data in violation of data protection regulations, they have the right to file a complaint with the supervisory authority (Art. 77 GDPR).
  7. Obligation to inform recipients: The controller is required to inform all recipients to whom it has disclosed the data about any corrections, deletions, or restrictions on the processing unless it is impossible or involves disproportionate effort (Art. 16, 17(1), 18 GDPR).
  8. Right to object: Users and data subjects have the right to object to the future processing of their data by the controller based on legitimate interests (Art. 21 GDPR). This includes the right to object to direct advertising.

These rights are provided under the General Data Protection Regulation (GDPR) and aim to protect the privacy and control over the personal data of users and data subjects.

III. Information about the data processing

We will ensure that your data, which is processed when using our website, is deleted or blocked as soon as the purpose for its storage no longer applies. This will be done unless there are any legal obligations requiring us to retain the data or unless otherwise specified below.

Server data
For technical purposes, certain data transmitted by your internet browser to our server provider or to us will be collected. The primary purpose of collecting this data is to ensure the security and stability of our website. The collected data includes server log files that record information such as the type and version of your browser, operating system, the referrer URL (the website you came from), the webpages you visited on our site, the date and time of your visit, as well as your IP address.

Please note that this data will be temporarily stored and will not be associated with any other personal data you have provided. The legal basis for this storage is Article 6(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interest in collecting this data lies in improving the functionality, stability, and security of our website.

Unless there is a need for further retention of the data for evidentiary purposes, it will be deleted within a maximum period of seven days. However, if the data is required to investigate a specific incident, it may be excluded from deletion until the matter is resolved conclusively.

Cookies

a) Session cookies:
We utilize cookies on our website to enhance your browsing experience. These cookies are small text files or storage technologies that are stored on your computer by your browser. They process specific information about you, such as your browser, location data, or IP address. This processing enables us to make our website more user-friendly, efficient, and secure. For example, it allows us to display the website in different languages or offer a shopping cart function. The legal basis for processing such data is Article 6(1)(b) of the General Data Protection Regulation (GDPR) when the cookies are used to collect data for initiating or processing contractual relationships. If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website, and the legal basis is Article 6(1)(f) GDPR. These session cookies are deleted when you close your browser.

b) Third-party cookies:
In certain cases, our website may also use cookies from partner companies we cooperate with for advertising, analysis, or enhancing the features of our website. For detailed information regarding the legal basis and purpose of data collection and processing by these third parties through cookies, please refer to the following information.

c) Disabling cookies:
You have the option to refuse the use of cookies by adjusting the settings in your browser. You can also delete cookies that have already been stored. However, the specific steps to do so may vary depending on the browser you are using. If you need assistance, please consult the help function or documentation of your browser, or contact the browser’s support team. It’s important to note that browser settings may not prevent the setting of flash cookies. To adjust flash cookie settings, you’ll need to modify the settings of your Flash player, which may vary depending on the specific player you are using. If you have questions regarding this, please consult the help function or documentation of your Flash player, or contact the player’s support team. Please be aware that if you prevent or restrict the installation of cookies, some functions on our website may not be fully usable.

Newsletter
If you choose to subscribe to our free newsletter, we will collect the data you provide, such as your email address, and optionally, your name and address. Additionally, we will store your IP address, as well as the date and time of your registration. During the registration process, we will obtain your explicit consent to receive the newsletter and specify the type of content it will contain, referring to this privacy policy. The collected data will be used solely for the purpose of sending the newsletter and will not be shared with third parties. The legal basis for this processing is Article 6(1)(a) of the General Data Protection Regulation (GDPR). You have the right to withdraw your consent at any time in accordance with Article 7(3) GDPR. You can do so by informing us of your withdrawal or by clicking the unsubscribe link provided in each newsletter.

To facilitate the sending of newsletters, we utilize the services of Sendinblue, provided by Sendinblue GmbH, located at Köpenicker Str. 126, 10179 Berlin. When you subscribe to our newsletter, Sendinblue processes the data provided during the registration process, including your email address. Sendinblue also records your IP address and the registration date and time. As part of the registration process, your consent to receive the newsletter will be obtained, and the specific content will be described, referring to this privacy policy. For more detailed information, please refer to the following links:

The newsletters sent via Sendinblue may contain technologies that allow us to track whether and when an email was opened and which links within the newsletter were clicked. We store this data along with technical information (system data and IP address) to tailor future newsletters to your preferences and interests and continuously improve their quality. The legal basis for sending the newsletter and conducting the analysis is Article 6(1)(a) of the GDPR. You can revoke your consent to receive the newsletter and the associated analysis at any time by following the instructions in Article 7(3) GDPR. Simply inform us of your revocation or use the unsubscribe link provided in each newsletter.

Contact
When you reach out to us via email or the contact form, the data you provide will be utilized solely for the purpose of processing your inquiry. This data is essential for us to effectively respond to and address your request. Without this data, we may not be able to provide a complete or any response. The legal basis for processing this data is Article 6(1)(b) of the General Data Protection Regulation (GDPR). Your data will be deleted once we have fully addressed your inquiry, and there is no further legal obligation to retain it, such as if an order or contract arises from the communication.

User posts, comments, and ratings

User Posts
We provide you with the opportunity to share questions, answers, opinions, and ratings on our website, collectively referred to as “posts.” If you choose to make use of this feature, we will process and publish your post, along with the date and time of submission and any pseudonym you may have used. The legal basis for this processing is Article 6(1)(a) of the General Data Protection Regulation (GDPR). You have the right to revoke your consent under Article 7(3) GDPR at any time, by informing us of your decision.

In addition, we will also process your IP address and email address. The processing of the IP address serves a legitimate interest, as we may need to take appropriate measures or provide support if your post infringes upon the rights of third parties or is otherwise unlawful. In such cases, the legal basis for processing is Article 6(1)(f) GDPR. Our legitimate interest is to protect our legal rights and interests.

Follow-up comments
When you make posts on our website, we provide an option for you to subscribe to subsequent follow-up comments made by third parties. In order to notify you about these follow-up comments, we will need to process your email address. The legal basis for this processing is Article 6(1)(a) of the General Data Protection Regulation (GDPR). You have the right to withdraw your consent to this subscription at any time in accordance with Article 7(3) GDPR. To do so, you can inform us of your decision to revoke consent or use the unsubscribe link provided in each email.

Online job applications/publication of job advertisements
We provide you with the opportunity to apply for jobs with our company through our website or third-party web services used for the management and publication of job vacancies. For digital applications, we collect your application data electronically to process your application effectively. The legal basis for this processing is §26(1) sentence 1 of the Federal Data Protection Act (BDSG) in conjunction with Article 88(1) of the General Data Protection Regulation (GDPR).

If you are hired as a result of the application process, the data you provide will be stored in your personnel file for regular organizational and administrative purposes, in compliance with applicable legal obligations. The legal basis for this processing is §26(1) sentence 1 BDSG in conjunction with Article 88(1) GDPR.

If your application is not successful, we will automatically delete the data you submitted within two months after the final decision has been made. However, we may retain the data if we are required to do so for legal reasons, such as evidence of equal treatment of applicants until any potential legal action is concluded, for a period of up to four months. In this case, the legal basis for retaining the data is Article 6(1)(f) GDPR and §24(1) No. 2 BDSG. Our legitimate interest in retaining the data lies in our potential legal defense.

If you provide explicit consent for the longer storage of your data, for example, to be included in an applicant or interested party database, the data will be processed further based on your consent. The legal basis for such processing is then Article 6(1)(a) GDPR. You have the right to withdraw your consent at any time, in accordance with Article 7(3) GDPR, which will take effect for future processing.

Twitter
We maintain an online presence on Twitter to present our company and our services and to communicate with customers/prospects. Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. That may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to Twitter. Twitter Inc. is certified under the Privacy Shield and committed to adhering to European privacy standards. https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active The privacy policy of Twitter can be found at https://twitter.com/privacy

YouTube
We maintain an online presence on YouTube to present our company and our services and to communicate with customers/prospects. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA. We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. That may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to YouTube. Google LLC is certified under the Privacy Shield and committed to complying with European privacy standards. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active The YouTube privacy policy can be found here: https://policies.google.com/privacy

LinkedIn
We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. That may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to LinkedIn. LinkedIn Corporation is certified under the Privacy Shield and committed to complying with European privacy standards. https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active The LinkedIn privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy

Facebook
To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Facebook platform. On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. The data protection officer of Facebook can be reached via this contact form: https://www.facebook.com/help/contact/540977946302970. We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services. The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect. When accessing our online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.). This data of the user is used for statistical information on the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Facebook based on your interests. If you are logged into Facebook at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account. If you contact us via Facebook, the personal data you provide at that time will be used to process the request. We will delete this data once we have completely responded to your query unless there are legal obligations to retain the data, such as for subsequent fulfilment of contracts. Facebook Ireland Ltd. might also set cookies when processing your data. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all the functions of Facebook may be entirely usable. Details on the processing activities, their suppression, and the deletion of the data processed by Facebook can be found in its privacy policy: https://www.facebook.com/privacy/explanation. It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025. Facebook Inc. has submitted to the EU-US Privacy Shield, thereby complying with the data protection requirements of the EU when processing data in the USA. https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Instagram
To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Instagram platform. On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data protection officer of Instagram can be reached via this contact form: https://www.facebook.com/help/contact/540977946302970. We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services. The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect. When accessing our online presence on the Instagram platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.). This data of the user is used for statistical information on the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Instagram based on your interests. If you are logged in to Instagram at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account. If you contact us via Instagram, the personal data you provide at that time will be used to process the request. We will delete this data once we have completely responded to your query unless there are legal obligations to retain the data, such as for subsequent fulfilment of contracts. Facebook Ireland Ltd. might also set cookies when processing your data. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all the functions of Instagram may be entirely usable. Details on the processing activities, their suppression, and the deletion of the data processed by Instagram can be found in its privacy policy: https://help.instagram.com/519522125107875. It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025. Facebook Inc. has submitted to the EU-US Privacy Shield, thereby complying with the data protection requirements of the EU when processing data in the USA. https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Social media links via graphics
We also integrate the following social media sites into our website. The integration takes place via a linked graphic of the respective site. The use of these graphics stored on our servers prevents the automatic connection to the servers of these networks for their display. Only by clicking on the corresponding graphic will you be forwarded to the service of the respective social network. Once you click, that network may record information about you and your visit to our site. It cannot be ruled out that such data will be processed in the United States. Initially, this data includes such things as your IP address, the date and time of your visit, and the page visited. If you are logged into your user account on that network, however, the network operator might assign the information collected about your visit to our site to your personal account. If you interact by clicking Like, Share, etc., this information can be stored your personal user account and possibly posted on the respective network. To prevent this, you need to log out of your social media account before clicking on the graphic. The various social media networks also offer settings that you can configure accordingly. The following social networks are integrated into our site by linked graphics:

Facebook
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. Privacy Policy: https://www.facebook.com/policy.php EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Google Analytics
We use Google Analytics on our website. That is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). Through certification according to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States. The Google Analytics service is used to analyse how our website is used. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimisation, and economic operation of our site. Usages and user-related information, such as IP address, place, time, or frequency of your visits to our website, will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymisation function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US. The data collected in this way is, in turn, used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and the internet in general. Google states that it will not connect your IP address to other data. Besides, Google provides further information regarding its data protection practices at https://www.google.com/intl/de/policies/privacy/partners, including options you can exercise to prevent such use of your data. Besides, Google offers an opt-out add-on at https://tools.google.com/dlpage/gaoptout?hl=en again, with further information. This add-on can be installed on the most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed herein.

Google Fonts
Our website uses Google Fonts to display external fonts. That is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). Through certification according to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States. To enable the display of specific fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the optimisation and economic operation of our site. When you access our site, a connection to Google is established from which Google can identify the website from which your request has been sent and to which IP address the fonts are being transmitted for display. Google offers detailed information at https://adssettings.google.com/authenticated https://policies.google.com/privacy in particular, on options for preventing the use of data.