top of page

DATA PROTECTION

With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process for what purposes and to what extent. This Privacy Statement applies to all processing of personal data carried out by us, both within the framework of the provision of our services and in particular on our websites, in mobile applications as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as the "Online Offer").

The terms used are not gender-specific.

Stand: 10.04.2024

Content Overview
Introduction
Responsible
Overview of processing
Applicable legal bases
Safety measures
Transmission and disclosure of personal data
Use of cookies
Commercial and business services
Use of online marketplaces for e-commerce
Payment service providers
Contact
Provision of the online offer and web hosting
Presence in social networks
Deleting data
Amendment and update of the data protection declaration
Rights of data subjects
Definitions of terms
 

Responsible
Amicata GmbH Carl-Benz-Straße 22
28237, Bremen, Germany
Persons entitled to represent: Jannik Ehring, Mahkam Khakpour, Julian Khakpour
Email address: info@amicata.de




Overview of processing

The following summary summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed
Stock Data (e.g. Names, addresses).
Content data (e.g. Texts, Photos, Videos).
Contact details (e.g. E-Mail, Phonenumbers).
Meta/communication data (e.g. device information, IP addresses).
Usage Data (e.g. visited Websites, Interests, usertimes).
Contract data (e.g. Contracts, dues, costumerkategories).
Payment details (e.g. bankaccounts, bills, paymenthistorie).

Categories of data subjects
Business and contractual partners.
Interesting people.
Communication partners.
Customers.
Users (e.g. Websitevisitors, user of Onlineservices).
Purposes of processing
Office and organizational procedures.
Contact requests and communication.
Remarketing.
Range measurement (z.B. Zugriffsstatistiken, Erkennung wiederkehrender Besucher).
Tracking (e.g. profiling based on interests/behavior, use of cookies).
Contractual services and service.
Managing and responding to queries.

Applicable legal bases

The legal bases of the General Data Protection Regulation (GDPR) on the basis of which we process personal data are described below. Please note that in addition to the regulations of the GDPR, the national data protection requirements in your or our country of residence and seat may apply.



Consent (Art. 6 para. 1 S. 1 lit. a GDPR) - The data subject has given his/her consent to the processing of the personal data concerning him/her for a specific purpose or several specific purposes.


The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures, which are taken at the request of the person concerned.


Legal obligation (art. 6 para. 1 p. 1 lit. c. GDPR) - The processing is necessary to fulfil a legal obligation to which the controller is subject.


Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR) - The processing is necessary to protect the legitimate interest of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

​

National data protection rules in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection laws apply in Germany. This includes, in particular, the law on the protection against the misuse of personal data in the processing of data (Bundesdatenschutzgesetz – BDSG). In particular, the BDSG contains special regulations on the right to information, the right of deletion, the Right of objection, the processing of special categories of personal data, processing for other purposes and the transmission and automated decision-making in individual cases, including profiling. It also regulates the processing of data for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, conduct or termination of employment relationships as well as the consent of employees. Furthermore, the data protection laws of the individual federal states may apply.




Safety measures

We take appropriate technical and organizational measures, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing, as well as the different probability of occurrence and the extent of the threat to the rights and freedoms of natural persons, in accordance with the legal requirements, to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we take into account the protection of personal data already when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technical design and through data protection-friendly defaults.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encrypting. You can detect such encrypted connections by the https:// prefix in your browser's address bar.




Transmission and disclosure of personal data

In the context of our processing of personal data, it happens that the data is transferred to or disclosed to other entities, companies, legally independent organizational units or persons. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers entrusted with IT tasks or providers of services and content that are integrated into a website. In such a case, we comply with the legal requirements and in particular conclude appropriate contracts or agreements to protect your data with the recipients of your data.

Data transfer within the organization: We may transfer personal information to other entities within our organization or give them access to this information. Insofar as this disclosure is for administrative purposes, it is based on our legitimate business and business interests or is necessary to fulfil our contractual obligations or if there is a consent of the data subjects or a legal permission.




Use of cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after his or her visit within an online offer. The information stored can include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was viewed. The term "cookies" also includes other technologies that perform the same functions as cookies. (z.B., wenn Angaben der Nutzer anhand pseudonymer Onlinekennzeichnungen gespeichert werden, auch als "Nutzer-IDs" bezeichnet)

The following types of cookies and functions are distinguished:



Temporary cookies (also known as session or session cookies): Temporal cookies are deleted no later than after a user leaves an online offer and closes his or her browser.

Persistent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Similarly, the interests of users used for reach measurement or marketing purposes can be stored in such a cookie.


First Party Cookies: First Party cookies are set by us.


Third party cookies (also: third party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.


Necessary (also: essential or absolutely necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g. to store logins or other user entries or for security reasons).


Statistical, marketing and personalization cookies: Furthermore, cookies are also used as part of reach measurement as well as when the interests of a user or his behaviour (e.g. viewing certain content, use of functions, etc.) on individual web pages are stored in a user profile. Such profiles are used to show users, for example, content that corresponds to their potential interests. This process is also referred to as "tracking", i.e., tracking the potential interests of users. To the extent that we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.



Legal basis notice: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the stated consent. Otherwise, the data processed by means of cookies will be processed on the basis of our legitimate interests (e.g. in operating our online offer and improving it) or if the use of cookies is necessary to fulfil our contractual obligations.

General notice on withdrawal and opt-out: Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke a given consent or object to processing of your data through cookie technologies (zusammenfassend als "Opt-Out" bezeichnet). You can first explain your objection by using the settings of your browser, e.g. by disabling the use of cookies (which may also limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be expressed through a variety of services, especially in the case of tracking, through the websites http://optout.aboutads.info and http://www.youronlinechoices.com/ In addition, you can receive further objection notices in the context of the information about the services used and cookies.

Cookie data processing on the basis of consent: Before we process or let data be processed in the context of the use of cookies, we ask users for a consent that can be revoked at any time. Before the consent has been given, cookies are used which are necessary for the operation of our online offer. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.



Processed data types: usage data (e.g. visited web pages, interest in content, access times), meta/communication data (eg. device information, IP addresses).


Affected persons: Users (e.g. Website visitors, users of online services).


Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f. DSGVO).

Commercial and business services

We process data of our contractual and business partners, e.g. customers and stakeholders (collectively referred to as "contractual partners") within the framework of contractual or comparable legal relationships and related measures and in the context of communication with the contractual partners (or pre-contractually), for example, in order to respond to inquiries.

We process these data in order to fulfil our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with these data as well as the business organization. We will only disclose the data of the contractual partners to third parties in accordance with applicable law to the extent necessary for the above-mentioned purposes or for the fulfilment of legal obligations or with the consent of the contracting partners (e.g. to the telecommunications, transportation and other auxiliary services involved as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Further forms of processing, e.g. for marketing purposes, will be communicated to the contractual partners within the framework of this data protection declaration.

Which data is necessary for the above-mentioned purposes, we communicate to the contractual partners before or within the framework of data collection, e.g. in online forms, by means of special labelling (e.g., colors) or symbols (eg. stars, etc.), or personally.

We will delete the data after expiry of legal warranty and comparable obligations, i.e., in principle after the expiration of 4 years, unless the data is stored in a customer account, e.g. as long as they have to be kept for legal reasons of archiving (e.g., for tax purposes in the general case 10 years). Data disclosed to us as part of an order by the contractual partner will be deleted in accordance with the specifications of the order, in principle after the end of the contract.

To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and data protection statements of the respective third party providers and platforms apply to the relationship between the users and the providers.

Agency services: We process the data of our customers within the framework of our contractual services, which may include, e.g. conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/ consulting services and training services.

Handicraft services: We process the data of our customers and clients (hereinafter referred to as "customers") in order to enable them to select, acquire or commission the selected services or works and related activities as well as their payment and delivery or execution or delivery.

The required details are marked as such in the context of the order, order or comparable contract conclusion and include the details required for delivery and invoicing as well as contact information in order to be able to hold any consultations.

Artistic and literary services: We process the data of our clients in order to enable them to select, acquire or commission the selected services or works and related activities as well as their payment and delivery or execution or delivery.

The required details are marked as such in the context of the order, order or comparable contract conclusion and include the details required for delivery and invoicing as well as contact information in order to be able to hold any consultations.



Processed data types: inventory data (e.g. names, addresses), payment data (eg. bank contacts, invoices, payment history), contact data (ex. e-mail, telephone numbers), contract data (z.B. Vertragsgegenstand, Laufzeit, Kundenkategorie).


Affected persons: stakeholders, business and contractual partners.


Purposes of processing: Contractual services and services, contact requests and communications, office and organizational procedures, administration and response to requests.


Legal bases: fulfilment of contracts and pre-contractual inquiries (art. 6 para. 1 s. 1 lit. b. GDPR), legal obligation (Art. 6 Para. 1 S. 1 l. c. DSGVO), legitimate interests (Art. 6 Abs. 1 S. 1 lit. f. DSGVO).


Use of online marketplaces for e-commerce

We offer our services on online platforms operated by other service providers. In this context, in addition to our data protection notices, the data privacy notices of the respective platforms apply. This applies in particular to the approaches used on the platforms for reach measurement and interest-based marketing.



Processed data types: inventory data (e.g. name, addresses), payment data (eg. bank connections, invoices, payment history), contact data (ex. e-mail, telephone numbers), contract data (for example contract object, duration, customer category), usage data (i.e. visited websites, interest in content, access times), meta/communication data (ie. device information, IP addresses).


Affected persons: customers.


Purposes of processing: Contractual services and service.


Legal bases: fulfilment of contracts and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b. GDPR), legitimate interests (Art. 6 Abs. 1 S. 1 lit. f. DSGVO).



Used services and service providers:



eBay: Online marketplace for e-commerce; Service provider: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland; Website: https://www.ebay.de/; Privacy Statement: https://www.ebay.de/help/policies/member-behavior-polecies/privacy policy?id=4260.


Etsy: Online marketplace for e-commerce; Service Provider: Etsy, Inc., 55 Washington Street, Suite 712, Brooklyn, NY 11201, USA; Website: https://www.etsy.com/en; Privacy Statement: https://www.etsy.com/en/legal/privacy/?ref=ftr.



Payment service providers

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions. (zusammenfassend "Zahlungsdienstleister").

The data processed by the payment service providers include inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and cheque amounts, as well as contract, sum and recipient information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. In other words, we do not receive account or credit card-related information, but only information with confirmation or negative payment information. In some cases, the data may be transmitted by the payment service providers to business intelligence agencies. This transmission is for the purpose of identity and credit checking. To this end, we refer to the Terms and Conditions and the data protection notices of the payment service providers.

Payment transactions are governed by the terms and conditions and the privacy notices of the respective payment service providers, which are available within their respective websites or transaction applications. We refer to this also for further information and the enforcement of revocation, information and other data subjects' rights.



Processed data types: inventory data (e.g. names, addresses), payment data (eg. bank connections, invoices, payment history), contractual data (ex. contract subject matter, duration, customer category), usage data (i.e. visited web pages, interest in content, access times), meta/communication data (ie. device information, IP addresses).


Affected persons: customers, interested parties.


Purposes of processing: Contractual services and service.


Legal bases: fulfilment of contracts and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b. GDPR), legitimate interests (Art. 6 Abs. 1 S. 1 lit. f. DSGVO).



Used services and service providers:



Amazon Payments: payment services; Service provider: Amazon Payments Europe S.C.A. 38 avenue J.F. Kennedy, L-1855 Luxembourg; Website: https://pay.amazon.com/en; Privacy Statement: https://pay.amazon.com/en/help/201212490.


Klarna / instant bank transfer: payment services; Service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; Website: https://www.klarna.com/en; Privacy Statement: https://www.klarna.com/en/data protection.


Mastercard: payment services; Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Website: https://www.mastercard.de/de-de.html; Privacy Statement: https://www.mastercard.de/de/datenschutz.html.


PayPal: payment services and solutions (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/en; Privacy Statement: https://www.paypal.com/en/webapps/mpp/ua/privacy-full.


Contact

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the data of the requesting persons will be processed to the extent necessary to respond to the contact requests and any requested actions.

Responding to contact requests within the framework of contractual or pre-contractual relationships is carried out in order to fulfil our contractual obligations or to respond to (pre)contractal inquiries and otherwise on the basis of the legitimate interest in responding to requests.

bottom of page