Data protection

Generally

As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that reveals something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose, and on what legal basis we process your data.

The following entity is responsible for data processing on this website and within our company:

Dr. Marcellus Bürkle

Eisenbahnstr. 32

77855 Achern

Germany

Telephone: 07841-6656873

Email: info@dr-buerkle.de

General information

SSL or TLS encryption

When you enter your data on websites, place online orders, or send emails over the internet, you must always assume that unauthorized third parties may access your data. Complete protection against such access is impossible. However, we make every effort to protect your data as best as possible and to close security gaps wherever possible.

An important security mechanism is the SSL/TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize the encryption by the padlock icon before the entered web address in your browser and by the fact that our web address begins with https:// and not with http://.

Encrypted payment transactions

Payment data, such as account or credit card numbers, requires special protection. Therefore, all payment transactions with common payment methods are conducted exclusively via an encrypted SSL or TLS connection.

How long do we store your data?

In some sections of this privacy policy, we inform you about how long we, or the companies that process your data on our behalf, store your data. If no such information is provided, we store your data until the purpose of the data processing no longer applies, you object to the data processing, or you withdraw your consent to the data processing.

In the event of an objection or revocation, we may continue to process your data if at least one of the following conditions is met:

  • We have compelling legitimate grounds for continuing the data processing which override your interests, rights and freedoms (only in case of objection to the data processing; if the objection is directed against direct marketing, we cannot provide any legitimate grounds).
  • Data processing is necessary to establish, exercise or defend legal claims (this does not apply if your objection is directed against direct marketing).
  • We are legally obligated to retain your data.

In this case, we will delete your data as soon as the requirement(s) no longer apply.

Data transfer to the USA

We also use tools on our website from companies that transfer your data to the USA, where it is stored and may be further processed. The European Commission has adopted an adequacy decision for the EU-US data protection framework. This decision establishes that the USA ensures an adequate level of protection for personal data from the EU that is transferred to US companies. This decision is based on new safeguards and measures introduced by the USA to meet data protection requirements. The adequacy decision includes, among other things, restrictions and safeguards regarding US intelligence agencies' access to data. Binding safeguards have been introduced to limit US intelligence agencies' access to what is necessary and proportionate to protect national security. Furthermore, enhanced oversight of the activities of US intelligence agencies has been established to ensure compliance with restrictions on surveillance activities. An independent judicial remedy has also been set up to address and resolve complaints from European citizens regarding access to their data. The EU-US data protection framework allows European companies to transfer data to certified US companies without having to implement additional data protection safeguards. A list of all certified companies can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search

A change in the European Commission's decision cannot be ruled out.

Your rights

Objection to data processing

If you read in this privacy policy that we have legitimate interests in processing your data and therefore base this processing on Article 6(1)(f) GDPR, you have the right to object to this processing pursuant to Article 21 GDPR. This also applies to profiling carried out on the basis of the aforementioned provision. The prerequisite is that you provide reasons for the objection arising from your particular situation. No justification is required if the objection relates to the use of your data for direct marketing purposes.

The consequence of your objection is that we are no longer permitted to process your data. This only does not apply if one of the following conditions is met:

  • WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGHT YOUR INTERESTS, RIGHTS AND FREEDOMS.
  • The processing serves the purpose of establishing, exercising or defending legal claims.

THESE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS AGAINST DIRECT MARKETING OR PROFILING CONNECTED WITH IT.

Further rights

Revocation of your consent to data processing

Many data processing operations are based on your consent. You give this consent, for example, by ticking the appropriate box in online forms before submitting them, or by allowing certain cookies when you visit our website. You can withdraw your consent at any time without giving reasons (Art. 7 para. 3 GDPR). From the moment of withdrawal, we are no longer permitted to process your data. The only exception is if we are legally obligated to retain the data for a certain period of time. Such retention periods exist, in particular, under tax and commercial law.

Right to lodge a complaint with the competent supervisory authority

If you believe that we have violated the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. You can contact a supervisory authority in the Member State of your habitual residence, your place of work, or the place where the alleged infringement took place. This right to lodge a complaint exists alongside any administrative or judicial remedies.

Right to data portability

Data that we process automatically based on your consent or in fulfillment of a contract must be provided to you or a third party in a commonly used, machine-readable format upon your request. We can only transfer the data to another controller if this is technically feasible.

Right to data access, erasure and rectification

According to Article 15 of the GDPR, you have the right to obtain information free of charge about which personal data we have stored about you, where the data comes from, to whom we transfer the data, and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Article 16 GDPR), and under the conditions of Article 17 GDPR, you may request that we delete the data.

Right to restriction of processing

In certain situations, you can request, pursuant to Article 18 of the GDPR, that we restrict the processing of your data. Apart from storage, the data may then only be processed as follows:

  • with your consent
  • for the establishment, exercise or defense of legal claims
  • to protect the rights of another natural or legal person
  • for reasons of important public interest of the European Union or of a Member State

The right to restrict processing exists in the following situations:

  • You have disputed the accuracy of your personal data stored with us, and we need time to verify this. You have the right to retain this data for the duration of the verification process.
  • Your personal data is being processed unlawfully or was processed unlawfully in the past. In this case, you have the right to have your data deleted as an alternative to having it processed unlawfully.
  • We no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims. In this case, you have the right to have the data deleted as an alternative to its processing.
  • You have objected to the processing of your personal data pursuant to Article 21(1) GDPR, and now your interests and ours must be weighed against each other. This right to object exists until the outcome of this balancing process is determined.

Hosting and Content Delivery Networks (CDN)

External hosting

Our website is hosted on a server of the following internet service provider (host):

Shopify International Limited
Victoria Buildings
1-2 Haddington Road
Dublin 4, D04 XN32, Ireland

Was a data processing agreement concluded with the hosting provider, or are standard contractual clauses (SCCs) being used?

Yes

How do we process your data?

The hosting provider stores all data from our website. This includes all personal data that is collected automatically or through your input. This may include, in particular: your IP address, pages visited, names, contact details and inquiries, as well as metadata and communication data. Our hosting provider adheres to our instructions when processing this data and only processes it to the extent necessary to fulfill its contractual obligations to us.

On what legal basis do we process your data?

Since we use our website to reach potential customers and maintain contact with existing customers, the data processing by our hosting provider serves the purpose of initiating and fulfilling contracts and is therefore based on Article 6(1)(b) GDPR. Furthermore, it is in our legitimate interest as a company to provide a professional online presence that meets the necessary requirements for security, speed, and efficiency. In this respect, we also process your data on the basis of Article 6(1)(f) GDPR.

Data collection on this website

Use of cookies

Our website places cookies on your device. These are small text files used for various purposes. Some cookies are technically necessary for the website to function at all (essential cookies). Others are required to perform certain actions or functions on the site (functional cookies). For example, without cookies, it would not be possible to use the features of a shopping cart in an online store. Still other cookies are used to analyze user behavior or optimize advertising campaigns. If we use third-party services on our website, such as for processing payments, these companies may also place cookies on your device when you visit the website (so-called third-party cookies).

How do we process your data?

Session cookies are only stored on your device for the duration of a single browsing session. They disappear automatically as soon as you close your browser. Persistent cookies, on the other hand, remain on your device unless you delete them yourself. This can, for example, lead to your browsing behavior being continuously analyzed. You can control how your browser handles cookies via its settings.

  • Do you want to be notified when cookies are set?
  • Do you want to block cookies entirely or in specific cases?
  • Do you want cookies to be automatically deleted when you close your browser?

If you disable or do not allow cookies, the functionality of the website may be limited.

If we use cookies from other companies or for analytical purposes, we will inform you about this within the framework of this privacy policy. We will also request your consent in this regard when you visit our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online services can be used by visitors without technical problems and that all desired functions are available to them. Therefore, the storage of necessary and functional cookies on your device is based on Article 6(1)(f) GDPR. We use all other cookies on the basis of Article 6(1)(a) GDPR, provided you give us your consent. You can withdraw this consent at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when asked for your consent, these cookies will also be stored exclusively on the basis of your consent.

Server log files

Server log files record all requests and accesses to our website and capture error messages. They also include personal data, in particular your IP address. However, this is anonymized by the provider after a short time, so we cannot associate the data with you personally. The data is automatically transmitted from your browser to our provider.

How do we process your data?

Our provider stores server log files to track activity on our website and identify errors. These files contain the following data:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address (possibly anonymized)

We do not combine this data with other data, but only use it for statistical analysis and to improve our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website functions correctly. It is also our legitimate interest to obtain an anonymized overview of website visits. Therefore, the data processing is lawful pursuant to Article 6(1)(f) GDPR.

Contact form

You can send us a message via the contact form on this website.

How do we process your data?

We store your message and the information from the form in order to process your request, including any follow-up questions. This also applies to the contact details you provide. We will not share this data with anyone else without your consent.

How long do we store your data?

We will delete your data as soon as one of the following occurs:

  • Your request has been processed.
  • They are requesting that we delete the data.
  • You are withdrawing your consent to the storage of your data.

This does not apply if we are legally obligated to retain the data.

On what legal basis do we process your data?

If your inquiry relates to our contractual relationship or serves the purpose of carrying out pre-contractual measures, we process your data on the basis of Article 6(1)(b) GDPR. In all other cases, it is in our legitimate interest to process inquiries addressed to us effectively. The legal basis for data processing is therefore Article 6(1)(f) GDPR. If you have consented to the storage of your data, the legal basis is Article 6(1)(a) GDPR. In this case, you can withdraw your consent at any time with effect for the future.

Registration function

To use certain features or offers on our website, you must register. This requires providing your email address and possibly other personal data.

How do we process your data?

We store the data you provide during registration and use it to provide you with the feature or service for which you registered. If there are any changes to the feature or service, we will use your email address to inform you. We will also use your email address to send you further contract offers, if applicable.

How long do we store your data?

We will delete your data as soon as one of the following occurs:

  • The purpose of the data processing no longer applies.
  • They are requesting that we delete the data.
  • You are withdrawing your consent to the storage of your data.

This does not apply if we are legally obligated to retain the data.

On what legal basis do we process your data?

We store and use your data to fulfill the user agreement established during registration and, if necessary, to initiate further contracts. The legal basis for this is therefore Article 6(1)(b) GDPR.


Plugins and Tools

Google Fonts (local hosting)

We use fonts from the US company Google on our website. We have installed these fonts locally, so no connection to Google's servers is established when you visit our website.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

hCaptcha

What is hCaptcha?

Test tool for distinguishing between humans and computers

Who processes your data?

ntuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA

Where can you find more information about data protection at hCaptcha?

https://www.hcaptcha.com/privacy

On what basis do we transfer your data to the USA?

hCaptcha adheres to the European Commission's Standard Contractual Clauses ( https://www.hcaptcha.com/privacy )

How do we process your data?

We use hCaptcha to verify whether data entered into forms on our website comes from a human or a computer. This means that the testing tool analyzes your behavior as a visitor to our website based on various characteristics. The analysis doesn't begin when you use the testing tool, but as soon as you access our website. Various data points are collected, such as your IP address, the duration of your visit, and mouse movements. This data is then transferred to the USA.

On what legal basis do we process your data?

As a company, we have a legitimate interest in protecting our website from spam and unauthorized access. Therefore, data processing is lawful under Article 6(1)(f) GDPR.

If you have consented to data processing, we will process your data exclusively on the basis of Article 6(1)(a) GDPR. You can withdraw your consent at any time. From the moment of withdrawal, we may no longer process your data.

eCommerce and payment providers

Customer and contract data

How do we process your data?

When we enter into a contract with you, we require certain personal data from you. We collect, process, and use this data only to the extent necessary to establish, define, or modify our contractual relationship. If you can only access our services via our website, or if the services are billed through the website, we also collect usage data, provided this is necessary to enable you to use our services or to bill for the services used.

How long do we store your data?

We store your data until our legal relationship ends, unless we are legally obliged to keep the data for a longer period.

On what legal basis do we process your data?

We store your data in order to fulfill the contract with you or to carry out pre-contractual measures. The legal basis for this data processing is therefore Article 6(1)(b) GDPR.

Data transmission during goods shipment

How do we process your data?

When you order goods from us, we transmit your data to companies that we commission to handle delivery and/or payment processing. Only data necessary for the commissioned company to fulfill the specific order is transmitted. If we wish to share data beyond this, we will obtain your consent. We do not share your data for advertising purposes.

On what legal basis do we process your data?

We share your data to fulfill the contract we have concluded with you. The legal basis for this data processing is therefore Article 6(1)(b) GDPR.

Payment services

To make your purchases on our website as convenient as possible, we use the services of payment providers, i.e., external companies that process payments for us. You can find a list of these providers at the end of this section.

How do we process your data?

To complete your payment, you will need to provide certain personal information, such as your name, bank account details, or credit card number. We will forward this information to the respective payment service provider. The transaction itself is governed by the terms and conditions and privacy policies of the respective services.

On what legal basis do we process your data?

We share your data to fulfill the contract we have with you. The legal basis for this data processing is therefore Article 6(1)(b) GDPR. We also have a legitimate interest in processing purchases as quickly, conveniently, and securely as possible. The legal basis for this is also Article 6(1)(f) GDPR. If you have consented to the sharing of your data, the data processing is based on Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

Which payment services do we use?

PayPal

What is PayPal?

Online payment service

Who processes your data?

PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg

Where can you find more information about data protection at PayPal?

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

On what basis do we transfer your data to the USA?

PayPal adheres to the standard contractual clauses of the European Commission (see https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full )

Apple Pay

What is Apple Pay?

Mobile payment service from Apple Inc.

Who processes your data?

Apple Inc., Infinite Loop, Cupertino, CA 95014, USA

Where can you find more information about data privacy with Apple Pay?

https://www.apple.com/legal/privacy/de-ww/

On what basis do we transfer your data to the USA?

Apple Pay adheres to the European Commission's Standard Contractual Clauses (see https://www.apple.com/legal/privacy/de-ww/ )

Google Pay

What is Google Pay?

Mobile payment system of the US company Google

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google Pay?

https://policies.google.com/privacy

On what basis do we transfer your data to the USA?

Based on the European Commission's adequacy decision and the company's corresponding certification.

Klarna

What is Klarna?

Payment service

Who processes your data?

Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden

Where can you find more information about data protection at Klarna?

https://www.klarna.com/de/datenschutz/

Instant bank transfer

What is instant bank transfer?

An online payment method that works like a bank transfer, but with a third-party company intermediary that confirms the payment to us as the seller.

Who processes your data?

Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (Sofort GmbH is part of the Klarna Group)

Where can you find more information about data protection at Sofortüberweisung?

https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/

Other services and data processing

Plausible Analytics

What is Plausible Analytics?
Tool for analyzing user behavior

Who processes your data?
Plausible Insights OÜ, Västriku tn 2, Tartu 50403, Estonia.

Where can you find more information about data protection at Plausible Analytics?
https://plausible.io/data-policy

How do we process your data?
We are constantly striving to optimize our website for users and to place advertising effectively. Plausbile Analytics helps us with this. The tool records how many people visit our website and how they behave, which website they came from, their location, and which browser and operating system versions they use. To do this, the IP address and other user data are completely anonymized after visiting our website using a unique hash. The hash is stored on European servers for 24 hours. It is not possible to decode the hash afterward. Cookies and other data that could be used to track visitors are not processed.

Data processing on social media

What is social media?

By social media, we mean the social networks on which we have created publicly accessible profiles. You can read more about which specific social networks these are below.

Who processes your data?

The respective operating companies of the social networks. You can find the individual operators further down under the respective networks.

How is your data processed?

Social network operators are generally able to collect and analyze comprehensive data about the behavior of visitors and users of their networks. It is not possible for us to track all data processing activities on the social networks we use, which is why the operators of these networks may carry out additional processing activities not listed here. You can find further information in the terms of service and privacy policies of the respective social networks.

Your data may be processed when you visit the website of the social network or our profile page there. Even if you simply access a website that uses certain network content, such as Like or Share buttons, data may already be transferred to the social network operators. If you are a user of the social network and logged into your account, the operator of the social network can associate your visit to our profile page with your account. Even if you do not have a user account or are not logged in, the network operator may still collect your personal data, for example, by recording your IP address or setting cookies. With this data, the operators can create user profiles tailored to your behavior and interests and display interest-based advertising to you both within and outside the network. If you are a registered user of the network, interest-based advertising may also be displayed on all devices on which you are or have been logged in.

On what legal basis is your data processed?

Our social media profiles are intended to ensure the broadest possible online presence for our company. As a company, we have a legitimate interest in this. Therefore, the data processing is lawful pursuant to Article 6(1)(f) GDPR.

The data processing and analysis carried out by the operators of the social networks themselves may be based on other legal grounds. These must be specified by the operators of the social networks.

Who is responsible for processing your data and how can you exercise your rights?

When you visit one of our profiles on social networks, we are jointly responsible with the operator of the respective network for the data processing operations triggered by this visit. You can generally assert your rights against both us and the operator of the respective network.

Despite the joint responsibility with the operators of the social networks, our influence on the data processing operations of the respective operator is limited and is primarily governed by the operator's specifications.

How long will your data be stored?

When we collect data about your social media profiles, this data is deleted from our systems as soon as the purpose for its storage no longer applies, you request its deletion, or you withdraw your consent to its storage. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular, retention periods – remain unaffected.

We have no control over how long social network operators store your data, which they collect for their own purposes. You can obtain information about this directly from the operator of the respective social network, for example, in their privacy policy.

Which social media platforms do we use?

Facebook

What is Facebook?
 A social network

Who processes your data?
 Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Will your data be transferred to third countries?
 Yes, to the USA and also to other third countries

Where can you find more information about data protection at Facebook?
https://www.facebook.com/about/privacy/

Where can you, as a Facebook user, adjust your advertising settings?
 As a registered Facebook user, you can adjust your advertising settings in your user account. To do this, click on the following link and log in:
 https://www.facebook.com/settings?tab=ads.

Instagram

What is Instagram?
A social network specializing in photos and videos

Who processes your data?
 Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Will your data be transferred to third countries?
 Yes

Where can you find more information about data protection at Instagram?
 https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Richtlinien%20und%20Meldungen

Where can you, as a user, adjust your privacy settings?
 As a registered Instagram user, you can adjust your privacy settings in your user account. To do this, click on the following link and log in:
https://www.instagram.com/accounts/privacy_and_security/