Name and address of responsible authority
Responsible authority in the sense of the data protection laws, in particular the EU data protection basic regulation (DSGVO), is:
Rheinsberger Str. 76/77
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which internet pages and servers can be assigned to the specific Internet browser. This allows visited websites to separate the individual’s browser from other Internet browsers. A particular web browser can be identified and identified by the unique cookie ID.
By using cookies, we can provide users of this website with more user-friendly services that would not be possible without cookies. For example, cookies enable the online store to remember the items placed in a shopping cart.
The person concerned can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via the internet browser used or other software programs. If the person concerned deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.
Insofar as the cookies serve to provide specific functions on our website, data processing takes place on the basis of Art. 6 Para. 1 lit. b) GDPR, otherwise on the basis of Art. 6 Para. 1 lit. f) GDPR, whereby our legitimate interest lies in the submission of customer-oriented product offers and recommendations.
Collection of general data and information
The web pages are collected and analyzed each time the web page is accessed by a person or an automated system . The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the internet page from which an accessing system accesses our website (so-called referrers), (4) the sub-web pages which can be accessed via (5) Internet Protocol (IP) address, (6) Internet Protocol (IP) address, (7) the Internet service provider of the accessing system and (8) other similar data and information used in the event of attacks on our information technology systems.
When using this general data and information, we draw no conclusions about the person concerned. Rather, (1) to provide the content of our website, (2) to optimize the content of our website and to advertise it; our website, and (3) to provide law enforcement authority in the event of a cyberattack. This anonymously collected data and information is in a process to ensure the best possible level of protection for the personal data we process. The anonymous data of the server log files are stored separately.
The legal basis for processing the data obtained through cookies is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest arises from the aforementioned purposes.
Contact via the website
Due to legal regulations, the website contains information that enables quick electronic contact to our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If an affected person contacts the data controller by e-mail or through a contact form, the personal data provided by the data subject will be automatically saved. Such personal data, voluntarily transmitted by an individual to the controller, is stored for the purpose of processing or contacting the data subject. There is no disclosure of this personal data to third parties. The legal basis for the corresponding processing of the data is Art. 6 Para. 1 lit. b) GDPR.
If you apply for a job with us, we will, of course, treat your application and the personal data it contains confidentially. We will only pass on your application internally and only to those for whom knowledge of it is required during the hiring process (e.g., the HR department and the relevant department heads).
Your application documents and the personal data contained therein will be stored and processed on our servers and systems for the purpose of handling your application and carrying out the application process. After the application process is complete, your application documents and personal data will be stored for six months for in-house reasons and then fully erased. The purpose of storing them is to enable your application procedure to be processed properly, among other things. The legal basis for this is our legitimate interest according to Article 6(1)(f) GDPR. We will not provide any further information after the data have been erased. If you have given us your express consent to include you in the applicant pool, we will store your application and the personal data contained therein for up to 24 months after the application process is complete in order to consider you for comparable/similar job offers. The legal basis is in this case is your consent according to Article 6(1)(a) GDPR.
When an application is submitted via the contact forms in the career section of the website (https://www.score4more.eu/en/jobs/) the data from the input screen, such as first name, last name, e-mail address, telephone number, gender, available from, expected salary and the application documents uploaded by the applicant (e.g. CV, cover letter), are transmitted to Personio GmbH. As a result, the service provider commissioned receives, processes and prepares the data sent with the submission of an application, including the applicant data and application documents. We have concluded an order processing contract with Personio GmbH.
When an application is submitted via the contact form, your consent (Article 6(1)(a) GDPR) to the processing of the application data is obtained and reference is made to this data protection policy. In this case, we transmit the user’s personal data included in the e-mail to Personio GmbH. According to Personio GmbH, the use of the Personio software solution does not result in personal data being transferred to third countries. Personio affirms that it uses a trusted subcontractor within the EU to provide its cloud-based services. You can find more information in the Personio GmbH data protection policy: https://www.personio.de/datenschutz/.
When a user orders products via our website, they are asked to provide certain personal data (e.g. first and last name, email address) as part of the order process as inventory data necessary for order processing. This data is processed by us in order to process the user’s order and to execute and fulfill the contracts concluded with the user. The data is also used to contact the user, if necessary, about orders that have been placed.
The processing of the order and inventory data takes place on the basis of Art. 6 Para. 1 lit. b) GDPR. We are also legally obliged to store certain data such as invoices, contracts and other accounting-relevant information for a certain period of time. The processing necessary for this purpose takes place on the basis of Art. 6 Para. 1 lit. c) GDPR in conjunction with § 147 AO and 257 HGB.
Rights of the person concerned
- Right to information
According to Art. 15 GDPR, every person concerned has the right to request confirmation from us as to whether personal data relating to the person is being processed. If this is the case, it has the right to information about the data concerned and the details of its processing.
- Right to rectification
According to Art. 16 GDPR, every person concerned has the right to request the immediate correction of incorrect personal data relating to them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – including by means of a supplementary declaration.
- Right to cancellation (right to be forgotten)
According to Art. 17 GDPR, every person concerned has the right to demand that we delete the personal data relating to them immediately, provided there is a reason for deletion and the processing is no longer necessary.
- Right to restriction of processing
According to Art. 18 GDPR, every person concerned has the right to demand that we restrict processing.
- Data transferability
In accordance with Art. 20 GDPR, any person concerned has the right, in the event of processing based on consent or for the performance of a contract, to receive the personal data concerning them that they have provided in a structured, common and machine-readable format, and this data to transmit to another person in charge without hindrance from us or to have the data transmitted directly to the other person in charge, as far as this is technically feasible.
- Right to object
According to Art. 21 GDPR, any person concerned by the processing of personal data shall have the right conferred by the European directive and regulatory authority at any time, for reasons arising from its particular situation, against the processing of personal data relating to it pursuant to Article 6 (1) e) or f) DS-GVO takes an objection. This also applies to profiling based on these provisions.
- In the event of an objection, we will no longer process personal data unless we can establish compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of asserting, exercising or defending legal claims.
- If we process personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purposes of such advertising. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
- Recht auf Beschwerde bei einer Aufsichtsbehörde
In accordance with Art. 77 GDPR i. V. m. 19 BDSG, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if it is of the opinion that the processing of the personal data concerning you violates applicable law.
- Right to revoke a data protection consent
Any person affected by the processing of personal data has the right, granted by the European directive and regulatory authority, to revoke consent to the processing of personal data at any time. All data processing that has been carried out up to your revocation remains lawful in this case.
The revocation can be sent by email to the above email address or in writing to our above address. The effects of the revocation are limited to the storage and use of personal data that may not already be stored and used without the consent of the person concerned due to legal permission.
The controller has integrated on this website the component Google Analytics (with anonymization function). Google Analytics is a web analytics service. Web analysis is the collection, collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website an affected person has come to a website (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimize a website and cost-benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition “_gat._anonymizeIp” for web analytics via Google Analytics. By means of this addendum, the IP address of the Internet access of the data subject will be shortened and anonymised by Google if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.
Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are, has already been explained above. By using this cookie Google is enabled to analyze the usage of our website. Each time one of the pages of this website is accessed by the controller and a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically initiated by the respective Google Analytics component To submit data to Google for online analysis purposes. As part of this technical process, Google will be aware of personal data, such as the IP address of the person concerned, which serve, among other things, Google to track the origin of the visitors and clicks, and subsequently make commission settlements possible.
The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of site visits by the data subject. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
http://www.google.com/analytics/terms/en.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.
This page uses so-called web fonts to represent the font. These are provided by Google (https://fonts.google.com/). To do this, when you visit our page, your browser loads the required web font into your browser cache. This is necessary so that your browser can display a visually improved presentation of our texts. If your browser does not support this feature, a default font will be used by your computer for viewing. The processed data may include, in particular, users’ IP addresses and location data, but these are not collected without their consent (usually as part of the settings of their mobile devices). The data can be processed in the USA.
The operating company of the Google Fonts component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
This site uses so-called web fonts provided by Fonticons, Inc. for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.
For this purpose, the browser you are using must connect to the servers of Fonticons, Inc. or the provider Stackpath. This gives Fonticons, Inc. knowledge that our website was accessed via your IP address. Web fonts are used in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
We incorporate the Bots Detection feature, for example when entering into online forms (“ReCaptcha”) of the provider Google LLC.
The operating company of the Google ReCaptcha component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Online presence in social media
We maintain online presence within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services.
We point out that data of the users outside the area of the European Union can be processed. This may result in risks for the users because e.g. enforcement of user rights could be made more difficult. With respect to US providers certified under the Privacy Shield, we point out that they are committed to respecting EU privacy standards.
Furthermore, the data of the users are usually processed for market research and advertising purposes. Thus, e.g. user profiles are created from the user behavior and the resulting interests of the users. The usage profiles can in turn be used to e.g. Place advertisements inside and outside the platforms that are allegedly in line with users’ interests. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and logged in to them).
The processing of the personal data of users is based on our legitimate interests in an effective information of users and communication with users in accordance with. Art. 6 para. 1 lit. f) GDPR. If the users are asked by the respective providers for a consent to the data processing (that is, they declare their agreement, for example, by ticking a check box or confirming a button), the legal basis of the processing is Art. 6 para. a., Art. 7 GDPR.
For a detailed description of the respective processing and the possibilities of contradiction (opt-out), we refer to the following linked information of the provider.
Also in the case of requests for information and the assertion of user rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.
The controller has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments through credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects “PayPal” as a payment option during the order process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.
The personal data sent to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. For the execution of the purchase contract, also such personal data are necessary, which are in connection with the respective order.
The purpose of the transmission of the data is payment processing and fraud prevention. The controller will provide PayPal with personally identifiable information, in particular if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and the controller may be transferred by PayPal to credit reporting agencies. This transmission aims at the identity and credit check.
PayPal may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfill its contractual obligations or to process the data on behalf of.
The data subject has the option to revoke the consent to the handling of personal data against PayPal at any time. A revocation has no effect on personal data which must be processed, used or transmitted for (contractual) payment processing.
The person responsible for the processing has integrated components from Stripe on this website. Stripe is an online payment service provider. If you opt for a payment method from the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will provide the information and information you provided during the ordering process about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this.
You can find more information about Stripe’s data protection at the URL https://stripe.com/de/privacy#translation.
Legal basis of processing
Art. 6 I lit. A DS-GMO serves our company as the legal basis for processing operations where we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing shall be based on Art. 6 I lit. b) DS-GMO. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c) DS-GMO. Ultimately, processing operations could be based on Art. 6 I lit. f) DS-GMOs are based. On this legal basis, processing operations that are not covered by any of the above legal bases are required if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail.
Duration for which the personal data is stored
Log files are stored for 14 days. We store e-mails and contacts for as long as is necessary to process the respective request and then for a period of 3 years if the user concerned contacts us again with reference to the original question.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.
There is initially no contractual or legal obligation to provide us with personal data. However, we are not able to accept or process an order without the requested data. After entering into a contract with us, you may be obliged under the law of obligations to provide the personal data required to process the contract.
As a responsible company we refrain from automatic decision-making or profiling that have legal effects on a user or impair a user.