Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing
I. Information about us as controllers of your data
The party responsible for this website (the „controller“) for purposes of data protection law is:
Highcard Group E-Mail: email@example.com
II. The rights of users and data subjects
With regard to the data processing to be described in more detail below, users and data subjects have the right
- to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
- to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
- to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
- to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
- to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).
In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.
Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.
III. Information about the data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.
To obtain consent for the use of technically unnecessary cookies on the website, the provider uses a cookie manager.
When the website is called up, a cookie with the settings information is stored on the end device of the user so that the request for consent does not have to be made on a subsequent visit.
The cookie is required to obtain legally compliant user consent.
You can prevent cookies from being installed by adjusting the settings on your internet browser.
a) Session cookies
This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.
The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.
When you close your browser, these session cookies are deleted.
b) Third-party cookies
Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.
c) Disabling cookies
If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.
If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders or to be able to offer you a wishlist function). We also store your IP address and the date and time of your registration. This data will not be transferred to third parties.
If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.
If the opening of the customer account is also intended to lead to the initiation of a contractual relationship with us or to fulfill an existing contract with us, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.
You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.
The data previously collected will then be deleted as soon as processing is no longer necessary. However, we must observe any retention periods required under tax and commercial law.
The legal basis for this is Art. 6 Para. 1 lit. a) GDPR.
You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.
For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.
The data thus collected will be temporarily stored, but not in association with any other of your data.
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.
The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.
We maintain an online presence on Twitter to present our company and our services and to communicate with customers/prospects. Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to Twitter.
We maintain an online presence on YouTube to present our company and our services and to communicate with customers/prospects. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA.
We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to YouTube.
General linking to third-party profiles
The provider includes a link on the website to the social media listed below.
The legal basis for this is Article 6 para. 1 lit. f GDPR. The legitimate interest of the provider is to improve the quality of use of the website.
The plugins are integrated via a linked graphic. The user is only forwarded to the service of the respective social media by clicking on the corresponding graphic.
After the customer has been forwarded, information about the user is recorded by the respective social media. This is initially data such as IP address, date, time and page visited. If the user is logged into his/her user account of the respective social media at the same time, the social media operator can, if required, assign the information collected from the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective social media, this information can be stored in the user’s personal user account and, if required, be published. If the user wants to prevent the collected information from being directly assigned to his/her user account, the user must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.
The following social media are linked by the provider:
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Posthog web analytics
We use Posthog on our website. This is a web analytics service provided byPostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114, hereinafter referred to as Posthog.
Posthog is used to analyze how our website is used. In case you have granted your consent to this processing the legal basis is Article 6 para. 1 lit. a GDPR. The legal basis can also be Article 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.
Posthog allows us to monitor your usage behaviour on our website, such as logging and evaluating your mouse movements or mouse clicks. However, your visit to our website will be anonymized. In addition, information about your operating system, your internet browser, incoming or outgoing links, the geographical origin of your access, and the type and resolution of the device you are using are evaluated by Posthog and processed for statistical purposes. Posthog can also obtain direct feedback from you. Posthog offers further information about its data protection practices at
To secure our website and to optimize loading times, we use the CloudFlare CDN (content delivery network). This is a service of Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA, hereinafter referred to as „CloudFlare“.
The legal basis for collecting and processing this information is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the secure operation of our website and in its optimization.
If you access our website, your queries are forwarded to CloudFlare servers. Statistical access data about your visit to our website is collected and CloudFlare stores a cookie on your terminal device via your browser. Access data includes
– your IP address;
– the page(s) on our site that you access;
– type and version of internet browser you are using;
– your operating system;
– the website from which you came prior to visiting our website (referrer URL);
– your length of stay on our site; and
– the frequency with which our pages are accessed.
The data is used by CloudFlare for statistical evaluations of the accesses as well as for the security and optimization of the offer.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
CloudFlare offers further information about its data collection and processing as well your rights and your options for protecting your privacy at this link:
Use of PayPal as a payment method
If you decide to pay with the online payment service provider PayPal during your order process, your contact data is transmitted to PayPal as part of the order thus triggered. PayPal is an offer of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal thereby assumes the function of an online payment service provider and a trustee and offers buyer protection services.
The personal data transmitted to PayPal is mostly first name, last name, address, telephone number, IP address, e-mail address, or other data, which is required for order processing,as well as data related to the order, such as the number of items, item number, invoice amount and tax percentage, billing information, etc.
This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship. Your data is therefore transmitted to PayPal on the basis of Article 6 para. 1 lit. b GDPR.
However, please note: PayPal may transfer the personal data to service providers, to subcontractors or other affiliated companies, to the extent necessary to fulfill the contractual obligations arising from your order or to process the data in the order on your behalf.
Depending on the payment method selected via PayPal, e.g., invoice or direct debit, the personal data transmitted to PayPal will be transmitted to credit agencies by PayPal. This transmission is used to check your identity and creditworthiness in relation to the order you have placed. For information on which credit agencies are involved and which data is generally collected, processed, saved and forwarded by PayPal, please refer to PayPal’s data protection statement at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Notes: replace Hotjar with Posthog