Privacy Policy

Any collection, processing and use (hereinafter "use") of data is solely for the purpose of providing our services. The services of Makerist GmbH have been designed to use as little personal information as possible. For that matter, "personal data" is understood as all individual details about a person or factual circumstances of an identifiable natural person (so-called "affected person").

The following statements on data protection describe what types of data are collected when accessing our website, what happens with these data and how you may object to data usage.

1 General information on data processing

1.1 Person Responsible (Controller)

Responsible within the meaning of the EU General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG) is:

Makerist GmbH

Address: Am Treptower Park 28-30, 12435 Berlin

Phone: +49 (0)30 208 987 247

Email: hallo@makerist.de

Homepage: https://www.makerist.com/

1.2 Name and address of the Data Security Officer

The data security officer is:

Kemal Webersohn of WS Datenschutz GmbH

If you have questions about data protection, you can contact WS Datenschutz GmbH at the following email address: makerist@ws-datenschutz.de

Or by mail:

WS Datenschutz GmbH
Meinekestraße 13
D-10719 Berlin

https://ws-datenschutz.de

1.3 Protection of your data

We have taken technical and organizational measures to ensure that the requirements of the EU General Data Protection Regulation (GDPR) are met by us, as well as, by external service providers working for us.

If we work with other companies to provide our services, such as email and server providers, this will only be done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in terms of technical and organizational data protection skills. This selection procedure will be documented in writing and an agreement on the order processing of data (order processing contract) will only be concluded if the third party complies with the requirements of Art. 28 GDPR.

Your information will be stored on specially protected servers. Access to it is only possible for a few specially authorized persons.

Our website is SSL/TLS encrypted, as can be seen by the https:// at the start of our URL.

1.4 Erasure of personal data

We process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

2 Use of data on this website and in logfiles

2.1 Scope of processing personal data

When visiting our website, our web servers temporarily store every access in a log file. The following data is collected and stored until automated erasure:

We or our partners may process additional data occasionally. You will find information about this below.

2.2 Legal basis for processing personal data

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 s. 1 lit. f) of the GDPR. Our legitimate interest is to make our website accessible for you.

2.3 Purpose of data processing

The processing of this data serves: the purpose of enabling the use of the website (connection establishment), system security, the technical administration of the network infrastructure, as well as to optimize the website. The IP address is evaluated only in case of attacks on our network infrastructure or the network infrastructure of our internet provider.

Furthermore, no input of your personal data is required to use our website.

2.4 Duration of storage

As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out.

This happens as soon as you close our website. Our hosting service might use data for statistical purposes. Any personal data will be anonymized for this. Our hosting service will delete this data as soon as we or a customer asks for.

2.5 Right of objection and erasure

The data processing is necessary in order to present the website and to ensure the website's operation. Therefore, objecting is impossible.

3 Use of cookies

3.1 Description and scope of data processing

Our website is using cookies. Cookies are stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive assigned to the browser you use. Through this information flows to us or the party who set the cookie. Cookies cannot run programs on or transmit viruses to your computer. Cookies are used to analyze the use of our website in anonymized or pseudonymized form and to enable personalized advertisements on this website.

The following data may be transmitted:

Upon entering this website, a cookie banner informs you about the use of cookies on this website and asks for your consent to the use of cookies. Also, you are pointed to the data privacy statement of this website.

3.2 Legal basis for data processing

This processing is legally based on Art. 6 para. 1 s. 1 lit. f) GDPR.

3.3 Purpose of data processing

Our legitimate interests are to provide you with a working website connection and to ensure a comfortable use of this website. Also, we need to process your personal data to solve occurring safety and security issues, as well as to ensure system stability.

The data processing takes place to make a statistical evaluation of our website possible.

3.4 Duration of storage

This website uses the following types of cookies. The extend and function of each are being explained below:

a) Transient cookies are automatically deleted when you close the browser. This is especially true for session cookies which store your session ID, with which various requests from your browser can be assigned to your session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

3.5 Right to objection and erasure

You can delete the cookies in the security settings of your browser at any time. Please be aware that you may not be able to use all features of this site, when deleting the cookies from your browser history. The use of cookies can be prevented by appropriate browser settings at any time.

4 Contact

4.1 Description and scope of data processing

Via our website it is possible to contact us via e-mail or via contact form. This will require different data to answer the request, which will be automatically saved for processing.

The following data are required to process your request:

Furthermore, you can enter the following data optionally:

Your data will not be passed on to third parties, unless you have given your consent.

4.2 Legal basis for data processing

Therefor data processing will be based on Art. 6 para. 1 s. 1 lit. b) GDPR.

4.3 Purpose of data processing

The processing of personal data from the input form is used solely handling the contact request.

4.4 Duration of storage

The data will be deleted as we receive your delete reuest.

4.5 Right to objection and erasure

The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us, they can object to storage of their personal data at any time. In such cases, the conversation cannot be continued. All personal data that has been stored in the course of the contact will be deleted.

5 Registration on the website

5.1 Description and scope of data processing

The data subject can register on our website. This requires the data subject to enter personal data in the registration form. The following data is at least collected for this:

The user can optionally specify the following data:

The information provided by the data subject in the registration mask will be used exclusively for processing and will not be disclosed to third parties.

5.2 Legal basis for data processing

If the data subject enters mandatory personal data in the registration form, the legal basis of the data processing is based on Art. 6 para. 1 s. 1 lit. b) GDPR. However, if the user also enters personal data in the optional input field, the data processing is based on Art. 6 para. 1 s. 1 lit. a) GDPR.

5.3 Purpose of data processing

The processing of personal data is used solely for us to finish your registration and organize your website-account.

5.4 Duration of storage

The data are deleted as soon as we receive your delete request.

5.5 Right to objection and erasure

During and after the registration, the data subject is free to change, correct or delete their personal data.

5.6 Social Login by social media

5.6.1 Description of data processing

If you own an account on Facebook, you can register with your account on our website or App (Social-Login). By doing so, you will be linking your social media account to your account on this website and can also sign up on our website with your social media account in the future.

Following data will be provided to us from your chosen social media account and its company the Facebook Inc.,:

For more information regarding each social media login, the transmitted data and the data privacy settings of your social media account, we refer to the following data policies of each social media provider:

Facebook (https://www.facebook.com/legal/terms)

5.6.2 Legal basis for data processing

As far as we receive your first and last name as well as your e-mail address, the legal basis of the data processing is based on Art. 6 para. 1 s. 1 lit. b) GDPR. All further information is given to us voluntarily. Therefore, data processing is based on Art. 6 para. 1 s. 1 lit. a) GDPR.

5.6.3 Purpose of data processing

The social login facilitates the use of our registration function. In addition, we receive information about the use of our website by social media users. We also use social media logins to make our website better known.

5.6.4 Duration and storage

Social login data is stored until the declaration of a revocation and used as described.

5.6.5 Right to objection and erasure

You can prevent this data processing by using our regular registration process.

During and after the registration, the data subject is free to change, correct or delete their personal data.

As far as the data processing is based on your consent, you can withdraw your consent to this data processing at any time regarding future processing in accordance to Art. 7 GDPR.

Further adjustments may be possible within the settings of your social media account.

6 Data processing for applications

6.1 Description and scope of data processing

We offer the opportunity to apply for jobs by an application form and/or by email (jobs@makerist.de). For this purpose, personal data is processed and stored for further processing during the respective application process.

If an application form is used, we collect the following data as part of our application form:

The user can optionally specify the following data:

6.2 Legal basis for data processing

Data processing will be based on Art. 88 GDPR and § 26 BDSG (2018).

6.3 Purpose of data processing

We process your data exclusively for the purpose of carrying out the application process.

6.4 Duration and storage

In case of successful application and employment, the personal data is stored in accordance with the legal requirements. In case of unsuccessful application, the data will be deleted in accordance with the rules of the local erasure concept. In doing so the provisions of the AGG (German Employment Law), especially the existing evidence pursuant to § 22 AGG, are taken into account.

This does not apply if we are obliged to any legal erasure periods or if you have given consent to store your data for further communication with us (e.g. we have another suitable job in the future). If you have given consent the legal basis for further storage of your data is Art. 6 para. 1 s. 1 lit. c) or lit. a) GDPR.

6.5 Right to objection and erasure

You can contact us at any time and object to further processing of your data. All personal data of the application process will be deleted in this case.

6.6 Personio

6.6.1 Description and scope of data processing

We use the HR operating system Personio to manage the entire application process.

Responsible for data processing is:

Personio GmbH, Rundfunkplatz 4, 80335 München, Deutschland

In particular, we advertise our vacancies with the help of Personio. Besides that also the application form itself is configured by this provider. For the recognition of the individual user and the statistical evaluation of the individual job offers, Personio uses persistent and transient cookies, when calling the subpage https://makerist-jobs.personio.de/?language=de#all. Applications are made accessible to us through our Personio Account. Only selected employees of our employees have access to this account; since 25.05.2018 Personio employees are no longer authorized to do so.

We trust in the reliability and the IT and data security of Personio.

Further information about data protection at Personio can be found under:

https://www.personio.de/wp-content/uploads/2018/05/Whitepaper_EU-DSGVO_Personio.pdf

6.6.2 Legal basis for data processing

The data processing takes place due to our legitimate interest of providing a user-friendly, central supply of an application form on our website. We hereby fulfil the requirements of Art. 6 para. 1 s.. 1 lit. f) GDPR.

6.6.3 Purpose of data processing

With the help of as our HR services provider we are able to ensure effective management of applications.

6.6.4 Duration and storage

The cookies set by Personio lose their validity after two years at the latest. For applications that go into our Personio Account the principles set out under 6.4. apply.

6.6.5 Right to objection and erasure

In addition to the objection option of 6.5, you can delete cookies in the security settings of your browser at any time. Please note that you may not be able to use all the functions of this website. The setting of cookies can also be prevented at any time by making the appropriate settings in your Internet browser.

7 Newsletter

7.1 Description and scope of data processing

On our website visitors can subscribe to our newsletter. When signing-up to receive a newsletter, we ask for your email address. This data is necessary to send the newsletter to its recipients.

The newsletter will be sent via email only after the sign-up process is completed. In order to meet the requirements of the GDPR, we use DOI (Double Opt.-In). If you sign up for our newsletter, we will send a confirmation email to the address you provided us with. This email contains a confirmation link that you must click to complete the sign-up process. Following this procedure, the IP address, date and time of login are stored. This is done to prevent abuses. We won't transfer the data to third parties.

7.2 Legal basis for data processing

This processing is legally based on Art. 6 para. 1 s.1 lit. a) GDPR, thus your consent.

7.3 Purpose of data processing

The newsletter has the functions of informing the affected parties about offers and news at a regular basis.

7.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

7.5 Right to objection and erasure

The consent to receiving the newsletter can be revoked by you at any time. For this purpose, you can click the integrated link in each newsletter to unsubscribe. It is also possible to inform us about the revocation of the consent in any other way, e.g. via mail or email.

7.6 Emarsys

7.6.1 Description and scope of data processing

The newsletter is being sent by „Emmarsys", an online marketing platform. The personal data is being processed by: Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, Deutschland.

The e-mail addresses of our newsletter recipients, as well as any other data described under the section newsletter, is being saved on servers of Emarsys within the EU. Emarsys uses this information on our behalf for our newsletter management (e.g. sending, reporting, ...). Emarsys does not use the personal data of our newsletter recpients and does not pass them to third parties. Each Newsletter contains a so called „web-beacons", which is a file not larger than a pixel, that is retrieved from Emarsys servers when the newlsetter is openend. As a result, information as for example your IP-adress and the timestamp of the newsletter retrieval gets stored. Moreover Emarsys evaluates how often the newsletters are opened and which links are clicked. Due to technical reasons these statistical values could be assigned to indivudal newsletter recepients but it is neither Emarsys nor our aim to observe single users.

We trust in the reliability and the IT and data security of Emarsys.

7.6.2 Legal basis for data processing

This data processing is legally based on our legitimate interests in efficiently and safely sending our newsletter, Art 6 para. 1 s. 1 lit. f) GDPR.

7.6.3 Purpose of data processing

We use Emarsys as our sub- processor to ensure an efficient management of our mailing list and to send newsletters to stay in touch with you.

7.6.4 Duration of storage

Emarsys claims to keep your personal data only as long as we use it for sending newsletters. When we delete you from our mailing list, Mailchimp will delete this data as well.

7.6.5 Right to objection and erasure

You can object to the processing of your data by Emarsys. We will take your objection into consideration and will notify you if and why we continue the processing. You are also free to use the „opt out" link in the footer of each e-mail. If you do so, we will delete your e-mail address from our mailing list which in turn will prompt Emarsys to stop processing your personal data. This will not have any effect on other mailing lists (e.g. by other companies) managed through Emarsys.

8 Online shopping

8.1 Description and scope of data processing

When you shop at our website and a delivery is arranged, we will process your first name and surname, address, telephone number and e-mail address to complete the purchase agreement and the delivery agreement with you.

In the case of parcel deliveries, we also pass on your name, address, telephone number and e-mail address to our contracted processors and service providers.

8.2 Legal basis for data processing

The legal basis for this data processing is Art. 6 para. 1 s.1 lit. b) GDPR. We are processing your data for the fulfilment of purchase contracts and supply agreements.

8.3 Purpose of data processing

We process your data to close the contract, to handle the payment, for billing, to ensure on-time delivery and to inform you about that delivery.

We provide your data to our contracted processors and service providers, so that they can process the delivery and, if necessary, communicate with you to announce and coordinate the delivery of your ordered goods.

8.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

8.5 Right to objection and erasure

The data processing is necessary in order to be able to process your purchase contract, which is why it cannot be waived. There is therefore no option to object.

8.6 Advance Payment

8.6.1 Description and scope of data processing

If you opt for advance payment by bank transfer, you transfer money to us using the bank of your choice. The following payment data will be transmitted to us:

We do not process the payment data itself. The payment data is processed directly by the service provider who processes the payment.

Responsible for data processing is:

Deutsche Bank AG

Taunusanlage 12

60325 Frankfurt am Main

The service provider cannot assign this information to other information (such as your address or email address). Please note the privacy policy of the service provider:

https://www.deutsche-bank.de/pfb/content/pk-datenschutz.html

8.6.2 Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

8.6.3 Purpose of data processing

The processing of the data is required for advance payment and thus for the execution of the contract.

8.6.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

8.6.5 Right to objection and erasure

Data processing is mandatory in order to process your advance payment, which is why you cannot waive it if you have chosen this payment method. There is therefore no option to object.

8.7 Credit Card

8.7.1 Description and scope of data processing

If you want to pay with your credit card while online shopping, we need your personal data for payment. We will ask you for following data:

We check this personal data with the data of your order to detect an abusive use of the credit card or the payment possibility with credit card. Hereafter we will use the data to settle the agreed payment by credit card.

8.7.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR. The processing of your data is required for payment by credit card.

8.7.3 Purpose of data processing

The transmission of the data is necessary to prevent any possible misuse and use the data after successful verification to process the agreed payment by credit card.

8.7.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

8.7.5 Right to objection and erasure

Data processing is mandatory in order to process your payment, so it cannot be waived if you have chosen this payment method. Therefore, objecting is impossible.

8.8 PayPal

8.8.1 Description and scope of data processing

We offer PayPal as a possible payment service. PayPal is a virtual means of payment. In order to use the payment service via PayPal, you must first register with PayPal.

Responsible Person is:

PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the user uses PayPal as a means of payment, personal data of the user will be transmitted to PayPal, to which he ultimately agrees. The personal data includes:

In addition to the transfer of data to credit bureaus, it is also possible that PayPal may transfer the personal data to affiliated companies, including subcontractors, as far as this is necessary to fulfill the contractual obligations. The same applies to order processing.

For the privacy policy of PayPal, please refer to the following link:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

8.8.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

8.8.3 Purpose of data processing

The transmission of the data is necessary to prevent any possible misuse. We inform you that PayPal may transfer your personal information to credit bureaus. This is because PayPal reserves its right to verify the identity and creditworthiness of the user.

8.8.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

8.8.5 Right to objection and erasure

Data processing is mandatory in order to process your payment through PayPal, so it cannot be waived if you have chosen this payment method. Therefore, objecting is impossible or would lead to withdrawal from the contract.

8.9 sofort.com / Klarna

8.9.1 Description and scope of data processing

We use the payment service "Sofortüberweisung - sofort.com" by Klarna (hereinafter "Sofortüberweisung"). For this purpose, we have integrated components of "Sofortüberweisung" on this website. "Sofortüberweisung" uses a technical procedure by which we immediately receive a payment confirmation. Thus, we can immediately determine whether there is a receipt of payment, whereupon the order can be delivered.

Responsible Person is:

Sofort GmbH, Theresienhöhe 12 in 80339 Munich, Germany being part of the Klarna Bank AB(publ), Sveavägen 46, 111 34 Stockholm, Sweden.

If the user wishes to use the payment option "Sofortüberweisung" for payment processing, personal data will be transmitted to "Sofortüberweisung". The following personal data is processed:

It is possible that "Sofortüberweisung" transfers the personal data also to credit bureaus in order to carry out an examination of the identity and creditworthiness of the user. It is also possible that "Sofortüberweisung" transfers the personal data to affiliated companies and / or subcontractors if this is necessary to fulfill contractual obligations.

Regarding the privacy policy, please refer to the following link:

https://www.sofort.de/datenschutz.html

https://www.klarna.com/de/datenschutz/ .

8.9.2 Legal basis of data processingRechtsgrundlage für die Datenverarbeitung

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

8.9.3 Purpose of data processing

The transmission of data is not only necessary for the processing of payments, but also to prevent misuse. We use "Sofortüberweisung" as a convenient and fast option for you to process your payment.

8.9.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

8.9.5 Right to objection and erasure

Data processing is mandatory in order to process your payment, so it cannot be waived if you have chosen this payment method. There is therefore no option to object.

9 Social media on our website

We integrated social media platforms on our website via links, which may result in social media providers receiving data from you if necessary. We will break this down for you in the following.

9.1 Facebook

9.1.1 Description and scope of data processing

We have integrated Facebook on the website. The link that redirects to Facebook can be found on the website at the bottom right.

Responsible for data processing is:

Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

If an affected person lives outside the US or Canada and Facebook processes data, the person responsible is:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

If the user clicks on the Facebook link, the website of Facebook will be opened. By accessing Facebook through our website, Facebook will receive the respective reference data of Makerist GmbH Through this Facebook receives the information that the user has visited our website. The plug-ins used by Facebook can be accessed at:

https://developers.facebook.com/docs/plugins/?locale=en_US

For more information on the topic of data protection on Facebook, we refer to the following data policy of Facebook: https://www.facebook.com/about/privacy/

According to own data stores Facebook following data:

to optimize the services of Facebook.

9.1.2 Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. f) GDPR. Our legitimate interests are to provide information about our company and to keep in contact with our customers and prospective customers.

9.1.3 Purpose of data processing

We use social media to promote our company. We also want to give you the opportunity to interact with social media through our website.

9.1.4 Duration of storage

Facebook claims to store your data for a period of 90 days. At the end of the 90 days, the data will be anonymized so that they cannot be further associated with you.

9.1.5 Right to objection and erasure

To prevent this form of processing, the user has to log out of Facebook and delete all cookies before visiting our website.

Other settings and disagreements regarding the use of data for advertising purposes are possible within the Facebook profile settings or via the US page or the EU page of Facebook. The settings are platform independent, they are adopted for all devices, such as desktop computers or mobile devices.

9.2 Instagram

9.2.1 Description and scope of data processing

We have integrated the services of Instagram on this website. Instagram can be reached via the link at the bottom right of our website.

Responsible for data processing is:

Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

If the user clicks on the Instagram link, the website of Instagram will be opened. By accessing the Instagram website via our website ("through clicking the button"), Instagram receives the information that the user has visited our website.

For more information on privacy, we refer to the following data policy of Instagram: https://help.Instagram.com/155833707900388 and https://www.Instagram.com/about/legal/privacy

9.2.2 Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. a) GDPR. Our legitimate interests are to provide information about our company and to keep in contact with our customers and prospective customers.

9.2.3 Purpose of data processing

We use social media to promote our company. We also want to give you the opportunity to interact with social media through our website.

9.2.4 Duration of storage

Facebook claims to store your data for a period of 90 days. At the end of the 90 days, the data will be anonymized so that they cannot be further associated with you. To our knowledge, this also applies to Instagram data.

9.2.5 Right to objection and erasure

Other settings and disagreements regarding the use of data for advertising purposes are possible within the Instagram profile settings or via the US page or the EU page of Instagram. The settings are platform independent, they are adopted for all devices, such as desktop computers or mobile devices.

9.3 Pinterest

9.3.1 Description and scope of data processing

We have integrated the services of the social network Pinterest on this website. The Pinterest Plugin can be recognized by the Pinteres link on our site.

Responsible for data processing is:

Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA

If you click on the Pinterest link you will be redirected to the Pinterest website. This allows Pinterest to associate your visit to our pages with your activity on Pinterst. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Pinterest.

For more information about privacy, we refer to the following data policy of Pinterest: https://policy.pinterest.com/de/privacy-policy

9.3.2 Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. a) GDPR. Our legitimate interests are to provide information about our company and to keep in contact with our customers and prospective customers.

9.3.3 Purpose of data processing

We use social media to promote our company. We also want to give you the opportunity to interact with social media through our website.

9.3.4 Duration of storage

Pinterest has bound the data processing that results from the use of the "Remember" button to the purposes of data processing. This means that if you have an account the data will be stored. As soon as Pinterest no longer uses the data and no legal or official retention periods preclude erasure, Pinterest deletes the data as it says.

9.3.5 Right to objection and erasure

To prevent this form of processing, the user has to log out from Pinterest and delete all cookies before visiting our website.

Other settings and disagreements regarding the use of data for advertising purposes are possible within the Pinterest profile settings or via the US page or the EU page of Pinterest. The settings are platform independent, they are adopted for all devices, such as desktop computers or mobile devices.

9.4 Vimeo Video

9.4.1 Description and scope of data processing

We have integrated the services of Vimeo on its website. We use for the integration of videos the provider Vimeo.

Responsible for data processing is:

Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

On some of our websites we use plugins of the provider Vimeo. If you want to access the website, you can connect to the Vimeo servers. This will be transmitted to the Vimeo server, which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When using the plugin, for example Clicking on the start button of a video, will also assign this information to your user account.

For more information on data protection at Vimeo, we refer to the following data policy of Vimeo: https://vimeo.com/privacy

9.4.2 Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. a) GDPR. Our legitimate interests are to provide information about our company and to keep in contact with our customers and prospective customers.

9.4.3 Purpose of data processing

We use social media to promote our company. We also want to give you the opportunity to interact with social media through our website. We also want to give you the opportunity to stream videos through Vimeo.

9.4.4 Duration of storage

By its own admission, Vimeo stores your personal data only as long as you have an account. If you do not have an account, the data will only be stored in an anonymous form, so that the GDPR will not be used for this data.

9.4.5 Right to objection and erasure

To prevent the processing of data by Vimeo, you have the possibility to log out of Vimeo and delete all cookies before visiting our website.

Other settings and objections to the use of data for promotional purposes are possible within the Vimeo profile settings or via the US-page or the EU-side of Vimeo.

9.5 YouTube

9.5.1 YouTube Button

9.5.1.1 Description and scope of data processing

We have integrated the services of YouTube on this website. YouTube can be reached via the button at the bottom right of our website.

Responsible for data processing is:

YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC

Data processing for the European Economic Area and for Switzerland is carried out by:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If the user clicks on the YouTube button or link, a website of YouTube will be opened. This might also happen in form of a small window in our website (a so-called iframe). By accessing YouTube's website through our website ("per click"), YouTube receives the information that the user has visited our website.

If, at the time of visiting our website, the user is logged in via a YouTube account (it does not matter if it is their own), YouTube will receive further information, such as which pages were entered on our website by the user. YouTube collects this information, which theoretically gives you the opportunity to associate this information with the YouTube account.

For more information about privacy, please refer to the following data policy from YouTube: https://policies.google.com/privacy?hl=en&gl=de

9.5.1.2 Legal basis of data processing

The legal basis for this data processing is Art. 6 para. 1 s. 1 lit. a) GDPR. We use YouTube to make our company better known.

9.5.1.3 Purpose of data processing

We use social media to promote our company. We also want to give you the opportunity to interact with social media through our website.

9.5.1.4 Duration of storage

Data collected by YouTube (Google) will be deleted by the controller after a fixed retention period of 9 to 18 months.

9.5.1.5 Right of objection and erasure

To prevent the processing of data by YouTube, you have the possibility to log out of YouTube and delete all cookies before visiting our website.

Additional settings and objections on the use of data for promotional purposes are available within the YouTube Profile settings.

9.5.2 YouTube Video

9.5.2.1 Description and scope of data processing

We have integrated the services of YouTube on its website. We use for the integration of videos the provider YouTube.

Responsible for data processing is:

YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA,

Data processing for the European Economic Area and for Switzerland is carried out by:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit our website with embedded videos, your IP address will be sent to YouTube and cookies will be installed on your computer. We have included our YouTube videos in enhanced privacy mode (in which case, YouTube still contacts the Google DoubleClick service, but personal data is not evaluated according to Google's privacy policy). As a result, YouTube does not store any information about visitors unless they watch the embedded video. If you click the video, your IP address will be sent to YouTube and YouTube will know that you've watched the video. If you are logged in to YouTube, this information is also assigned to your user account (you can prevent this by logging out of YouTube before clicking the video). We use no influence on any possible collection or use of your data by YouTube.

For more information about privacy, please refer to the following data policy of YouTube: https://www.google.de/intl/de/policies/privacy/

9.5.2.2 Legal basis of data processing

The legal basis for this data processing is Art. 6 para. 1 s. 1 lit. f) GDPR. We use YouTube to make our company better known.

9.5.2.3 Purpose of data processing

We use social media to promote our company. We also want to give you the opportunity to interact with social media through our website.

9.5.2.4 Duration of storage

Data collected by YouTube (Google) will be deleted by the controller after a fixed retention period of 9 to 18 months.

9.5.2.5 Right to objection and erasure

To prevent the processing of data by YouTube, you have the possibility to log out of YouTube and delete all cookies before visiting our website.

Additional settings and disagreements on the use of data for promotional purposes are available within the YouTube Profile settings.

10 Tracking and analytics

For the continuous improvement of our website we use the following tracking and analytics tools. Below you can find information on which personal data is processed in each case and how you can reach the respective service providers:

10.1 Dynamic Yield

10.1.1 Description and scope of data processing

Our Website uses Dynamic Yield for needs-oriented and continuous optimization of our services.

Responsible for data processing is:

Dynamic Yield, 6 W 18th Street, New York, NY 10011, USA, Tel:+1-888-784-1905

Cookies enable us to analyse your use of our website. The information collected by means of a cookie (IP address, access time, access time) is transmitted to a Dynamic Yield server in the USA and stored there. The evaluation of your activities on our website is transmitted to us in the form of reports. Dynamic Yield may pass on the information collected to third parties, if required by law or as far as third parties process this data on behalf of Dynamic Yield.

If you would like further information on how Dynamic Yield processes your data and what Dynamic Yield does to be GDPR compliant, please visit the links below:

https://www.dynamicyield.com/gdpr/

and

https://www.dynamicyield.com/platform-privacy-policy/

10.1.2 Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. f) GDPR.

10.1.3 Purpose of data processing

We process your data to continue the optimization of our website. This also explains our legitimate interest in data processing.

10.1.4 Duration of storage

So long as there are no legal, official or contractual regulations that prevent their deletion, the data will be deleted as soon as they are no longer needed for our recording purposes, regularly after 365 days.

10.1.5 Right to objection and erasure

You can prevent the installation of the cookies of Dynamic Yield even by a corresponding setting of your browser software itself. In this case, however, it may happen that you cannot fully use all the features of our website. Browser extensions can also disable and control the processing of personal data by Dynamic Yield.

You can opt out of this by clicking the link below:

https://www.dynamicyield.com/privacy-policy/#optinout

10.2 Facebook Custom Audience / Facebook-Pixel

10.2.1 Description and data processing

Our website uses Facebook's Custom Audience pixel to measure conversions.

Responsible for data processing is:

Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

With the help of the Facebook pixel, we can analyze the behaviour of our website's visitors. As a result, the effectiveness of Facebook advertisements can be evaluated. Facebook receives the following data:

The data is stored and processed by Facebook, a connection to the user profile is possible. Facebook can use the data for its own advertising purposes. This use of data cannot be influenced by us as the site operator.

The data we receive is used for: [...] We cannot [...] create a personal reference.

The data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage directive. As a result, Facebook can enable ads to be displayed on Facebook and outside of Facebook. This use of data cannot be influenced by us as the site operator.

You can find Facebook's data privacy policy here: https://www.facebook.com/about/privacy/

10.2.2 Legal basis of data processing

Legal basis for processing data is Art. 6 para. 1 s. 1 lit. f) GDPR. Our legitimate interest is to optimize our advertising campaigns and to monitor the traffic on our website.

10.2.3 Purpose of data processing

We process your data to continue the optimization of our website and our advertising activities.

10.2.4 Duration of storage

So long as there are no legal, official or contractual regulations that prevent their deletion, the data will be deleted as soon as they are no longer needed for our recording purposes, regularly after 180 days.

10.2.5 Right to objection and erasure

You can deactivate the remarketing feature "Custom Audiences" in the Ads Settings section of Facebook. https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, if you have a Facebook account.

If you do not have a Facebook account, you can disable Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/

Alternatively, you can prevent the collection of your data on our website by the Facebook Pixel by clicking on the following link. An opt-out cookie is set in your browser, which records your data prevented from future visits to this website with their current browser: disable Facebook Pixel.

10.3 Google Analytics

10.3.1 Description and scope of data processing

Our website uses Google Analytics. This is a service for analyzing access to websites of Google Inc. ("Google") and allows us to improve our website.

Data processing for the European Economic Area and for Switzerland is carried out by:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Cookies enable us to analyze your use of our website. The information collected by a cookie are:

The information is transmitted to a Google server in the USA and stored there. The evaluation of your activities on our website is transmitted to us in the form of reports. Google may pass on the collected information to third parties, if required by law or if third parties process this data on behalf of Google. The Google tracking codes of our Internet offer use the function "_anonymizeIp ()", thus IP addresses are processed only shortened, in order to exclude a possible direct personal link to you.

Under https://www.google.de/intl/de/policies/ as well as under http://www.google.com/analytics/terms/de.html you can find out more about the terms of use and privacy policy of Google Analytics.

10.3.2 Legal basis of data processing

Legal basis is the Art. 6 para 1 s. 1 lit. f) GDPR. Our interest is to provide a website which is tailored to its audience and to optimize our online services accordingly.

10.3.3 Purpose of data processing

By processing the data, we can analyze how our website is used, so we can improve it for our users. We protect your data by using only anonymized IP addresses.

10.3.4 Duration of storage

The data will be deleted after 38 months or will be deleted 38 months after your last website visit.

10.3.5 Right to objection and erasure

You can prevent the installation of cookies by Google Analytics in your browser settings. In this case, however, it may happen that you cannot fully use all features of our website. Also, trough browsers extensions e.g. http://tools.google.com/dlpage/gaoptout?hl=de Google Analytics can be disabled and controlled. You can also prevent tracking by using following link: OPT OUT

10.4 Google Tag Manager

10.4.1 Description and scope of data processing

Google Tag Manager is a solution that allows us to manage web site tags through one interface (including Google Analytics and other Google marketing services on our website). The tag manager itself (which implements the tags) does not process users' personal data. Regarding the processing of users' personal data, reference is made to the details of the Google services.

Google Tag Manager usage policies can be viewed here: https://www.google.com/intl/de/tagmanager/use-policy.html

11 Tools for advertisement and marketing

Tools are also included on our website to ensure that our website is displayed to you during an internet search, as a relevant search result or as an advertisement. Moreover we (=advertiser) are running an Affiliate-Marketing program to acquire new advertising partner (=affiliates). Below, the programs used in connection with our website have been broken down for you:

11.1 Awin

11.1.1 Description and scope of data processing

We use the services of Awin on our website. Awin is an Affiliate Network that allow us to reward partners who have referred users to us through the awin tracking technology.

Responsible for data processing through awin is:

Awin AG, Eichhornstraße 3, 10785 Berlin, Germany.

Through Affliate Marketing we are able examine transactions on our website for previous advertising services of third parties. When you are on a partner site that participates in the awin network (blogs, price comparisons, cashback ...) and click on an Awin link to a Makerist offer , a cookie from Awin is placed on your system. This cookie makes it possible to assign any subsequent transactions to the referring advertising partner. The Awin cookie in your browser creates an individual hash value of digits that is suitable for recognition, but cannot be assigned to an individual user. Awin thus helps us to remunerate third parties for advertising our services and goods.

We trust Awin to process our data in accordance with data protection regulations. Awin has signed the "Code of Conduct Affiliate Marketing for Networks" of the Federal Association of the Digital Economy. Awin is thus committed to ensuring high quality and security standards in affiliate marketing. https://www.bvdw.org/zertifizierungen/affiliate-marketing-code-of-conduct/unterzeichner/

For further information on how Awin works and on it's data protection, please visit: https://www.awin.com/de/rechtliches/privacy-policy-DACH

11.1.2 Legal basis of data processing

The data processing is based on Art. 6 para. 1 s. 1 lit. f) GDPR.

11.1.3 Purpose of data processing

It is in our legitimate interest to make successful mediation of transactions by third parties measurable and to remunerate our advertising partners.

11.1.4 Duration of storage

The data will be deleted as soon as the purpose of the data processing no longer applies and there are no legal retention periods to prevent deletion.

11.1.5 Right to objection and erasure

Dropping of cookies can be prevented at any time by appropriate settings in your Internet browser. The cookies already set can also be deleted manual within the Internet browser. We would like to point out that disallowing cookies may result in restrictions regarding the usage of our website. You also have the option of setting an opt-out cookie under the following link: https://www.awin.com/de/rechtliches/cookieoptout

11.2 Bing Ads (Microsoft)

11.2.1 Description and scope of data processing

We use Bing Ads, an online advertisement service.

Responsible for data processing are:

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA; and Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

If you have reached the homepage of Companisto after clicking on a Bing ad, Bing Ads saves a conversion cookie to your browser which stores your IP address. This data is stored in the USA. The information gathered using the conversion cookie is used to generate conversion statistics. It is possible that Microsoft will share this information with third parties.

For more information, please refer to the Microsoft privacy policy: https://privacy.microsoft.com/de-de/privacystatement#mainbingmodule

11.2.2 Legal basis of data processing

The data processing is based on Art. 6 para. 1 s. 1 lit. f) GDPR. Our legitimate interest lies in reaching our audience by using targeted advertisements.

11.2.3 Purpose of data processing

The purpose of the processing is the provision of user-specific advertisements. Through advertising, we can reach a larger group of users and interested parties. In addition, we increase awareness of our brand.

11.2.4 Duration of storage

The conversion cookie will expire 1 year after setting. This means that you can no longer be identified. Within this year both we and Microsoft can track which subpages have been accessed. The Data is deleted after a storage period of 180 days.

11.2.5 Right to objection and erasure

You can delete the cookies in the security settings of your browser at any time. Please be aware that you may not be able to use all features of this site, when deleting the cookies from your browser history. The use of cookies can be prevented by appropriate browser settings at any time.

You may opt out of targeted advertising by Microsoft at any time. If you have a Microsoft account, please visit: https://choice.microsoft.com/de-de/opt-out

If you do ot have an account, you can also opt out using third party services like https://www.networkadvertising.org/choices/ or https://www.aboutads.info/.

11.3 Google Ads

11.3.1 Description and scope of data processing

We have integrated the services of Google Ads (formerly Google AdWords) on its website. Google Ads is an internet advertising service. We use Google Ads to gain relevance in the results of Google's search engine.

Data processing for the European Economic Area and for Switzerland is carried out by:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If the user accesses our website through a Google ad, Google will set a so-called conversion cookie on the user's system. For the explanation of the cookies, please refer to the pass to the cookies. The conversion cookie is used to create and analyze web-use statistics.

The conversion cookie stores the IP address when visiting the website. This data is stored in the USA. It is possible that Google will share this information with third parties.

For further privacy notices of Google refer to: https://policies.google.com/privacy?hl=en&gl=de

11.3.2 Legal basis of data processing

The legal basis is Art. 6 para. 1 s. 1 lit. f) GDPR. Using advertisements to reach our audience is our legitimate interest.

11.3.3 Purpose of data processing

In particular, we use Google Ads to gain relevance in the results of Google's search engine.

11.3.4 Duration of storage

38 months after setting the conversion cookie the cookie loses its validity. This means that the user can no longer be identified. Within these 38 months both- us and Google can track which subpages have been accessed.

11.3.5 Right to objection and erasure

The setting of cookies can be prevented by appropriate settings in the user's Internet browser at any time. The already set cookies can also be deleted in the settings of the Internet browser. We express our concern that preventing cookies from being set may mean that not all features are fully available.

The user may separately object to interest-based personalized advertising by Google. Please refer to the following link: www.google.de/settings/ads

https://www.cloudflare.com/privacypolicy [ ]{.underline}

12 Service providers from third countries

In order to be able to provide our services, we use the support of service providers from third party countries (non-EU countries). In order to ensure the protection of your personal data in this case, we conclude processing contracts with each - carefully selected - service provider. All of our processors provide sufficient guarantees to implement appropriate technical and organizational measures. Our third country data processors are either located in a country with an adequate level of data protection (Art. 45 GDPR) or provide appropriate safeguards (Art 46 GDPR). Below you may find our categories of processors, the country they are located at and the safeguards or guarantees they provide:

EU-US Privacy Shield: The Privacy Shield is an agreement between the United States of America and the European Union to ensure compliance with European privacy standards. For more information, see:

EU standard contract clauses: Our provider has submitted to the EU standard contractual clauses to ensure secure data transfer. For more information, see: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

Binding Corporate Rules: Article 47 of the GDPR provides the possibility of ensuring data protection when transferring data to a third country via Binding Corporate Rules. These are examined and approved by the data security authorities within the framework of the consistency mechanism pursuant to Art. 63 GDPR. Further information can be found here:

13 Your rights

You have the following rights with respect to the personal data concerning you:

13.1 Right to withdraw a given consent (Art. 7 GDPR)

If you have given your consent to the processing of your data, you can withdraw it at any time. This will affect the admissibility of processing your personal data by us for the time after you have withdrawn your consent. To withdraw your consent, contact us personally or in written form.

13.2 Right of access (Art. 15 GDPR)

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data and the following information:

In the case of such a request, you must provide enough information about your identity to proof that the request concerns your own personal data.

13.3 Right to rectification and erasure (Art. 16, 17 GDPR)

You have the right to obtain from us without undue delay the rectification and completion of inaccurate personal data concerning yourself.

You may also request the erasure of your personal data if any of the following applies to you:

Where we made the personal data public and are obliged to erase the personal data pursuant to Art. 17 para. 1 GDPR, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

These rights shall not apply to the extent that processing is necessary:

13.4 Right to restriction of processing (Art. 18 GDPR)

You shall have the right to obtain from us restriction of processing where one of the following applies:

Where processing has been restricted under the aforementioned conditions, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the limitation of the processing is restricted, you will be informed by us before the restriction is lifted.

13.5 Right to information (Art. 19 GDPR)

If you have asserted us your right to rectification, erasure or restriction of data processing, we will inform all recipients of your personal data to correct, delete or restrict the processing of data, unless this proves impossible or involves disproportionate effort.

You also have the right to know which recipients have received your personal data.

13.6 Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to transmit those data to another controller, where

In exercising your right to data portability, you have the right to obtain that personal data transmitted directly from us to another controller, as far as technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to us.

13.7 Right to object (Art. 21 GDPR)

Where we based the processing of your personal data on a legitimate interest (Art. 6 para. 1 s. 1 lit. f) GDPR), you may object to the processing. The same applies if the data processing is based on Art. 6 para. 1 s. 1 lit. e).

In this case, we ask you to explain the reasons why we should not process your personal data. Based on this we will terminate or adapt the data processing or show you our legitimate reasons why we continue the data processing.

13.8 Right to lodge a complaint with supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the infringes of the GDPR.

The supervisory authority to which the complaint has been submitted shall inform you of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.

14 How you perceive these rights

To exercise these rights, please contact our data security officer:

Kemal Webersohn from Webersohn & Scholtz GmbH

makerist@ws-datenschutz.com

or by mail:

WS Datenschutz GmbH
Meinekestraße 13
D-10719 Berlin

15 Subject to change

We reserve the right to change this privacy policy in compliance with legal requirements.

November 2019