PunchCommerce Insights:
Setting up PunchOut for Vendure - the complete gui...
Privacy Policy
These data protection notices apply to our offers that can be reached at https://punchcommerce.de, https://www.punchcommerce.de or https://*.enterprise.punchcommerce.de.
Legal Notice
Legally binding is only the German version of these privacy notices. The provided English translation is for better understanding and is not legally binding. In case of discrepancies or interpretation issues, the German version shall prevail.
The privacy notice under A. relates to the processing of your personal data in the context of our website as an internet presence.
For the processing of your personal data in the context of our services, please see Section B.
Unless expressly stated otherwise in this privacy notice, the controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union, and other provisions of a data protection nature is:
netzdirektion | Gesellschaft für digitale Wertarbeit mbH,
legally represented by the Managing Director: Patrick Dornbusch
Adam-Foßhag-Str. 29
65428 Rüsselsheim am Main
Phone: +49 (0) 6142 / 953 80 - 60
Email: hallo@punchcommerce.de
The Data Protection Officer of the controller is:
Mr. Attorney Jens Engelhardt,
his deputy is Mr. Attorney Prof. Sven Kolja Braune
c/o NOTOS Xperts GmbH
Heidelberger Str. 6
64283 Darmstadt
Phone: +49 6151-52010-0
Fax: +49 6151-52010-99
Website: www.notos-xperts.de
Email: datenschutz@notos-xperts.de
Any data subject may contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.
The privacy notice of netzdirektion | Gesellschaft für digitale Wertarbeit mbH is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy notice is intended to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
In this privacy notice and on our website, we use, among others, the following terms:
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party means a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data protection, data security, and confidentiality are of high priority for netzdirektion | Gesellschaft für digitale Wertarbeit mbH (hereinafter also referred to as netzdirektion). The lasting protection of your personal data, your company data, and your trade secrets is important to us.
You can generally visit our website without providing any personal information. However, if you wish to use services of our company via our website, the provision of personal data may be necessary. As a rule, we use the data you provide and the data collected and stored during the use of the website exclusively for our own purposes, namely for the operation and provision of our website and the initiation, performance, and execution of the services/offers provided via the website (contract fulfilment), and do not disclose them to third parties unless there is an obligation ordered by authorities. In all other cases, we obtain your separate consent.
The processing of your personal data is carried out in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection provisions applicable to netzdirektion. By means of this privacy notice, we would like to inform you about the nature, scope, and purpose of the personal data we process. Furthermore, we inform you by means of this privacy notice about the rights to which you are entitled.
netzdirektion has implemented technical and organisational measures to ensure an appropriate level of protection for personal data processed via this website. Nevertheless, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed.
The website of netzdirektion collects a series of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-pages accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that serves to avert danger in the event of attacks on our information technology systems.
When using this general data and information, netzdirektion does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) ensure the permanent functionality of our information technology systems and the technology of our website, and (3) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by netzdirektion both statistically and with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.
Our website contains an inquiry form which can be used for electronic contact. When you use the form, in addition to the general information mentioned in Section 5, the following data is transmitted to us and stored:
The data collected during the contact process is automatically transmitted to our ticket system and further processed for responding to your inquiry. In this process, we use an AI tool trained and operated by us, which provides us with suggested responses based on the inquiry and previous tickets, in order to accelerate and optimise the answering of inquiries.
After processing a ticket, the tickets are fed into the AI tool. This enables us to answer future inquiries more quickly and efficiently. The tool was programmed by us and does not contain any third-party software. Your data is not processed online in this context and is not forwarded to any other providers.
Our website also contains contact information. It is possible to contact us via the provided email address, fax, or telephone number. When you contact us via one of these means, the personal data you transmit to us is automatically stored (email, fax) or recorded and manually stored by us. In this context, no data is passed on to third parties. The data is used exclusively for processing the conversation or handling your inquiry.
Our website uses only technically necessary cookies required for the operation of the website. In no case is data transmitted to third-party providers.
Cookies are text files that are stored in or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.
§ 25 (2) TDDDG in conjunction with Art. 6 (1) lit. f GDPR for technically strictly necessary cookies
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.
We define the shortest possible lifetime for cookies. Furthermore, you have the option to manually delete cookies on your device at any time.
By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.
The following technically necessary cookies may be stored in your browser during your visit to our website.
| Name | Purpose |
|---|---|
| punch_commerce_session | Maintains the user's state across all page requests. |
| XSRF-TOKEN | Required for the secure transmission of form data to our server. |
On our website, we use a newsletter service provided by Brevo. The provider is SendinBlue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany (or SendinBlue SAS, 55 rue d'Amsterdam, 75008 Paris, France; e.g., as the server location). Brevo is a service that can be used to organise and analyse the sending of newsletters. The data you enter for the purpose of receiving the newsletter (e.g., email address) is stored on the servers of SendinBlue.
Our newsletters sent via Brevo enable us to analyse user behaviour. For example, it is recorded how many recipients opened the newsletter and which links in the newsletter were clicked and how often. So-called tracking links are used to count these clicks.
During the newsletter registration, the following data from the input form is transmitted to us:
Fields marked with * are mandatory.
In addition, the following data is collected during registration:
For the processing of data, we obtain your consent within the framework of the so-called double opt-in procedure. In this process, we also refer to this privacy notice.
If you do not wish to receive analysis by Brevo, you can unsubscribe from the newsletter at any time. You will find a corresponding unsubscribe link in every newsletter email. Alternatively, you can revoke your consent at any time with effect for the future by sending an email to the address stated in our legal notice.
The data you have provided for the newsletter is stored by us until you unsubscribe from the newsletter. After unsubscribing, your data is deleted from both our servers and the servers of SendinBlue. Data that has been stored by us for other purposes (e.g., for the members area) remains unaffected.
Further information can be found in our privacy notice and in Brevo's privacy policy at: https://www.brevo.com/legal/privacypolicy/
We use the web analytics tool "Matomo" by InnoCraft Ltd. (7 Waterloo Quay PO625, 6140 Wellington, New Zealand) to analyse and regularly improve the use of our website. Matomo enables us to generate statistics and improve our offering, thus making it more interesting for you as a user. Cookie tracking is deactivated in the analytics tool. We therefore only collect technically necessary data for which no consent is required. Your IP address is collected in anonymised form by masking the last 2 bytes. This means that it is no longer possible to assign the truncated IP address to the accessing computer. In addition, an overview of your access data, the browser and device type you used, and the activities you performed on our website is stored. When individual pages of our website are accessed, the following data is stored:
No tracking cookies are placed on your computer as part of our web analytics. The Matomo software and the data collected by Matomo are operated, stored, and processed exclusively on our own servers.
The processing is based on our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes pursuant to Art. 6 (1) lit. f GDPR. You have a right to object pursuant to Art. 21 GDPR (see below).
The IP address transmitted by your browser is neither merged with other data collected by us nor disclosed to third parties.
We maintain a page on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use this page to:
When visiting our page, LinkedIn as the controller collects personal data of users, for example through the use of cookies. Such data collection by LinkedIn may also occur for visitors to this page who are not logged in or registered with LinkedIn. Information about data collection and further processing by LinkedIn can be found in LinkedIn's privacy notices at https://www.linkedin.com/legal/privacy-policy?_l=de_DE.
netzdirektion | Gesellschaft für digitale Wertarbeit mbH cannot trace which user data LinkedIn collects. netzdirektion | Gesellschaft für digitale Wertarbeit mbH also does not have full access to the collected data or your profile data. netzdirektion | Gesellschaft für digitale Wertarbeit mbH can only see the public information of your profile. You decide which information this includes in your LinkedIn settings.
If our page offers a chat function, netzdirektion | Gesellschaft für digitale Wertarbeit mbH uses your data when using the chat function to answer your inquiry. The service and customer support information collected in this way serves to contact you in order to provide you with the desired information and offers.
Based on legitimate interest, netzdirektion | Gesellschaft für digitale Wertarbeit mbH receives anonymous statistics from LinkedIn regarding the use and utilisation of the page. The following information is provided:
netzdirektion | Gesellschaft für digitale Wertarbeit mbH receives personal data via LinkedIn when you actively share it with us via a personal message on LinkedIn. We use your data (e.g., first name, last name, company, and position) to respond to your inquiry. Your data is stored for this purpose. Further information about the processing of personal data by netzdirektion | Gesellschaft für digitale Wertarbeit mbH and about your rights can be found in this privacy notice.
For conducting surveys and feedback forms, we use the service Easyfeedback. The provider is easyfeedback GmbH, Ernst-Abbe-Straße 4, 56070 Koblenz, Germany.
Easyfeedback enables us to conduct surveys and feedback processes in a data-protection-compliant and efficient manner. The data you provide in the context of surveys or feedback forms is stored and processed on Easyfeedback's servers in Germany.
Participation in surveys is voluntary. The following data is processed in the context of the survey:
The processing of data is carried out exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR. You may revoke your consent at any time with effect for the future.
The collected data is used exclusively for the evaluation of the respective survey and is not used for other purposes. The data is evaluated in anonymised form, unless you have expressly given us your consent to process personal data.
The data you have provided in the context of the survey will be deleted as soon as the purpose of the collection no longer applies. As a rule, deletion takes place no later than 12 months after the completion of the survey.
Further information on data protection at Easyfeedback can be found at: https://easy-feedback.de/datenschutz/
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and the interests, fundamental rights, and fundamental freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or erased when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the purpose of entering into or performing a contract.
If your personal data is being processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-a-vis the controller:
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request information from the controller regarding the following:
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
You have a right to rectification and/or completion vis-a-vis the controller, provided that the processed personal data concerning you is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
Under the following conditions, you may request the restriction of processing of the personal data concerning you:
Where processing of personal data concerning you has been restricted, such data may - apart from storage - only be processed with your consent or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
You may request the controller to erase personal data concerning you without undue delay, and the controller is obligated to erase such data without undue delay where one of the following grounds applies:
The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you has been unlawfully processed.
The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
Where the controller has made the personal data concerning you public and is obligated pursuant to Art. 17 (1) GDPR to erase it, the controller shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as a data subject have requested the erasure of all links to, or copies or replications of, those personal data.
The right to erasure does not apply to the extent that processing is necessary:
If you have exercised the right to rectification, erasure, or restriction of processing vis-a-vis the controller, the controller is obligated to communicate such rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right vis-a-vis the controller to be informed about these recipients.
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, where the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR, and the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be impaired by this. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on those provisions. The controller shall no longer process the personal data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.
You have the option, in the context of the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.
You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performance of, a contract between you and the controller, is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent. However, such decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g applies and suitable measures to safeguard your rights, freedoms, and legitimate interests have been taken. With regard to cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view, and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant about the status and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The following privacy notice relates to the data processing carried out in the context of our services on the PunchCommerce platform. This privacy notice applies in addition to the data processing already described in Section A on our website for the use of the services we offer.
For the processing of personal data described below, either we, netzdirektion | Gesellschaft für digitale Wertarbeit mbH, or, as defined below, Users or Customers, are independent controllers within the meaning of data protection law, as specified in the information under "11.3 Individual Details" in this section.
For details on which user is the controller for the personal data concerning you, please refer to the tab "Information on the Controller".
netzdirektion | Gesellschaft für digitale Wertarbeit mbH
Mr. Attorney Jens Engelhardt,
his deputy is Mr. Attorney Prof. Sven Kolja Braune
c/o NOTOS Xperts GmbH
Heidelberger Str. 6
64283 Darmstadt
Phone: +49 6151-52010-0
Fax: +49 6151-52010-99
Website: www.notos-xperts.de
Email: datenschutz@notos-xperts.de
Any data subject may contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.
User/Customer:
Whether the User or Customer has appointed a Data Protection Officer and, if so, their contact details can be found in the tab "Information on the Controller" on the PunchCommerce portal.
Our website collects a series of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-pages accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that serves to avert danger in the event of attacks on our information technology systems.
When using this general data and information, netzdirektion does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimise the content of our website and advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by netzdirektion both statistically and with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.
It is possible to create a personalised user account. In this process, the following data is transmitted to us and stored until the deletion of the user account or the end of the statutory warranty periods:
In the event of entering into a contract, the following data is additionally transmitted to us and stored until the deletion of the user account or the end of the statutory retention obligation:
Upon login, the following data is transmitted to us and stored:
When creating a business partner, the name assigned by the user is stored by us, a randomly generated username and a randomly generated password are created and displayed to the user.
Access to the OCI PunchOut catalog is not person-specific. The following information is transmitted to us upon access via the OCI protocol. The OCI protocol is a protocol for the transmission of shopping carts to an ERP system.
Access to the cXML PunchOut catalog by the user of a business partner is not person-specific. The following information is transmitted to us upon access via the cXML protocol. The cXML protocol is a protocol for the transmission of shopping carts to an ERP system.
We offer the user the option to configure our application as a gateway (access point) to their online shop via the OCI protocol. In this case, upon access by the user of the business partner, the following data is transmitted to us:
We offer a free software extension for Shopware 5 that enables the upload of products for display in a PunchOut catalog within our platform. When using the plugin for the upload of products to our platform, the following data is transmitted to us:
We offer a free software extension for Shopware 6 that enables the upload of products for display in a PunchOut catalog. Furthermore, the plugin enables access to the online shop via the Gateway OCI protocol (see also 7.) When using the plugin for the upload of products to our platform, the following data is transmitted to us:
When using the plugin for access by the user of a business partner, the following data is transmitted to us:
When using the plugin for access by the user of a business partner, the following data is transmitted to us:
We offer the logged-in user the option to create support requests. When creating a support request, the following data is transmitted to our ticket system:
We process your personal data exclusively on the basis of a legal basis.
Insofar as the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
For data processing on behalf of our User/Customer, the processing of your personal data is based on contract fulfilment pursuant to Art. 6 (1) lit. b GDPR between the business partner and the User/Customer. We have concluded a data processing agreement with the User/Customer pursuant to Art. 28 GDPR regarding this processing.
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or erased when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the purpose of entering into or performing a contract.
You are entitled to the rights listed under Section A, Paragraph 13.
Furthermore, you have the right to lodge a complaint with the supervisory authority responsible for us.
You may exercise these rights by sending a request to the following address: datenschutz@notos-xperts.de
In your relationship with the User/Customer, you may also exercise these rights vis-a-vis them. For this purpose, please contact the User/Customer at the email address provided in the tab "Information on the Controller" on the "Privacy Notice" page.
Note: We and the User/Customer are each independent controllers within the meaning of Art. 4 No. 7 GDPR.
As of: March 2026
