Privacy Policy

Privacy Policy

Privacy Policy

This Privacy Policy explains how personal data is processed when you use this website. “Personal data” means any information that can be used to identify you directly or indirectly. For detailed information, please read the full policy below.

Attention: Consent Required

Certain services may – according to prevailing opinions of data protection authorities and courts – only be used with your consent. This mainly applies to analysis and marketing tools (e.g. Google Analytics or Meta Pixel). Consent is particularly required for the following tools used on this website:

  • Bing Maps
  • Google Maps

Attention: Consent Recommended
For certain services it has not been conclusively clarified whether consent is required. In view of current legal developments it is likely that data protection authorities and courts will also require consent for these tools. To reduce the legal risk, we recommend obtaining consent also for:

  • Google reCAPTCHA
  • Wordfence

An overview of recommended consent tools can be found here: https://www.e-recht24.de/mitglieder/lp-cookieeinwilligung/

For sharing content on social media platforms, eRecht24 also offers the eRecht24 Safe Sharing Tool: https://www.e-recht24.de/erecht24-safe-sharing.html

Attention: Data Transfer to Non-Secure Third Countries

According to the configuration of this website, some services may transfer personal data to third countries that are not considered data protection-secure under EU standards. Data transfers to such third countries are only permitted if appropriate safeguards are in place (e.g. EU Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or – for the USA – certification under the EU-US Data Privacy Framework (DPF), where applicable).

A current list of DPF-certified companies can be found here: https://www.dataprivacyframework.gov/s/participant-search

The following service provider used on this website may transfer data to the USA and may not be DPF-certified: Wordfence

Where providers offer SCCs or BCRs, this Privacy Policy refers to these safeguards. Please ensure that the relevant safeguards are valid and applicable for the services you actually use and how they are configured.

Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides an easy-to-understand overview of what happens to your personal data when you visit this website. For detailed information on data protection, please refer to the full Privacy Policy below.

Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the controller. The controller’s details can be found in the section “Notice on the Data Controller”.

How do we collect your data?
Your data is collected partly by you providing it to us (e.g. data entered into a contact form). Other data is collected automatically or with your consent when you visit the website via our IT systems (e.g. technical data such as browser, operating system, time of access).

What do we use your data for?
Some data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. Where purchase contracts are concluded via the website, the transmitted data is also processed for handling orders and service inquiries.

Your Rights
You have the right to receive information about your stored personal data, its origin, recipients, and purpose of processing. You also have the right to request correction or deletion of this data. If you have given consent, you may revoke it at any time with effect for the future. You also have the right, under certain circumstances, to request restriction of processing and to lodge a complaint with a supervisory authority.

2. Hosting

Hetzner

Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (“Hetzner”).
Details: https://www.hetzner.com/de/legal/privacy-policy/
Legal Basis: Article 6(1)(f) GDPR (legitimate interest in reliable presentation). If consent has been obtained, processing is based on Article 6(1)(a) GDPR and Section 25(1) TDDDG.

IONOS

Provider: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (“IONOS”).
Details: https://www.ionos.de/terms-gtc/terms-privacy
Legal Basis: Article 6(1)(f) GDPR (legitimate interest in reliable presentation). If consent has been obtained, processing is based on Article 6(1)(a) GDPR and Section 25(1) TDDDG.

3. General Information and Mandatory Information

Data Protection

We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy. Please note that data transmission over the internet (e.g. via email) can have security vulnerabilities; complete protection against third-party access cannot be guaranteed.

Notice on the Data Controller

Controller (Art. 4 No. 7 GDPR)
Data processing in connection with this website and the products offered is carried out by:

Impressioncues Co., Ltd.
Thailand

Impressioncues Co., Ltd. determines the purposes and means of processing personal data, in particular in connection with the offer, sale, manufacture and delivery of products.

EU Representative / EU Contact Point (Art. 27 GDPR)

For users located in the European Union, the following person acts as EU-based service and contact point pursuant to Art. 27 GDPR:

Danial Ghanbari Odivi
EU Service & Marketing Contact for Impressioncues Co., Ltd.
Email: info@impressioncues.com
Phone: +49 176 61720726

The EU representative acts solely as a contact point for supervisory authorities and data subjects and does not determine the purposes or means of data processing.

Retention Period

Unless a specific retention period is mentioned elsewhere in this Privacy Policy, your personal data will remain with us until the purpose for processing ceases to exist. If you assert a justified request for deletion or revoke your consent, your data will be deleted unless other legally permissible reasons (e.g. statutory retention obligations) apply.

Legal Bases for Data Processing

If you have consented to data processing, processing is based on Article 6(1)(a) GDPR (and, where applicable, Article 9(2)(a) GDPR). If you have consented to storing cookies or accessing information on your device, processing is also based on Section 25(1) TDDDG. For contract fulfillment and pre-contractual measures, processing is based on Article 6(1)(b) GDPR. For legal obligations, on Article 6(1)(c) GDPR. Processing may also be based on legitimate interests pursuant to Article 6(1)(f) GDPR.

Data Transfer to Non-Secure Third Countries and to US Companies Not DPF-Certified

We use tools from providers that may process data in third countries where a level of data protection comparable to the EU cannot always be guaranteed. Transfers may take place on the basis of appropriate safeguards (e.g. SCCs) or other permitted legal bases described in this Privacy Policy.

The USA may be considered a secure third country where the recipient is certified under the EU-US Data Privacy Framework (DPF). If a provider is not DPF-certified, transfers may rely on SCCs and, where necessary, additional measures.

Data Recipients

We cooperate with external parties (e.g. hosting providers and tool vendors). Personal data is only transferred where necessary for contract fulfillment, to comply with legal obligations, based on legitimate interests, or where another legal basis permits such transfer. Where processors are used, a valid data processing agreement (DPA) is concluded where required.

Revocation of Consent

Many data processing operations are only possible with your explicit consent. You may revoke your consent at any time with effect for the future. The lawfulness of processing carried out prior to the revocation remains unaffected.

Right to Object and Direct Marketing (Art. 21 GDPR)

If data processing is based on Article 6(1)(e) or (f) GDPR, you have the right at any time to object, for reasons arising from your particular situation, to the processing of your personal data, including profiling based on these provisions. If you object, we will no longer process the affected personal data, unless we can demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time. In that case, your personal data will no longer be used for direct marketing.

Complaint and Data Portability

In the event of a violation of the GDPR, you have the right to lodge a complaint with a competent supervisory authority. You also have the right to receive, or have transmitted to a third party, data processed based on your consent or for contract fulfillment in a commonly used, machine-readable format, where the legal requirements are met.

Access, Correction, Deletion and Restriction of Processing

Under applicable legal provisions, you have the right to obtain information about your stored personal data and to request correction or deletion. You also have the right to request restriction of processing in certain cases (e.g. if you dispute the accuracy of your data or if processing is unlawful).

SSL/TLS Encryption

This website uses SSL/TLS encryption to protect the transmission of confidential content. You can recognize an encrypted connection by the change from “http://” to “https://” and the padlock symbol in your browser.

4. Data Collection on This Website

Cookies

This website uses “cookies”. Cookies are small data packets and do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit, while persistent cookies remain until you delete them or your browser removes them automatically.

Cookies may be provided by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies enable the integration of external services. Many cookies are technically necessary for the proper functioning of the website. Other cookies may be used to analyze user behavior or for advertising purposes.

Contact Form

When you submit an inquiry via a contact form, the data you provide (including your contact details) is stored for processing your inquiry and follow-up questions. This data is not shared without your consent. Processing is based on Article 6(1)(b) GDPR (contract/pre-contractual measures), Article 6(1)(f) GDPR (legitimate interest), or Article 6(1)(a) GDPR (consent), depending on the context.

Inquiry via Email, Telephone or Fax

If you contact us by email or telephone, your inquiry – including all resulting personal data – is stored and processed to handle your request. Processing is based on Article 6(1)(b) GDPR, Article 6(1)(f) GDPR, or Article 6(1)(a) GDPR, depending on the context.

5. Analysis Tools and Advertising

WP Statistics

This website uses WP Statistics to statistically evaluate visitor accesses.
Provider: Veronalabs, Tatari 64, 10134 Tallinn, Estonia (https://veronalabs.com).
The tool collects log files (e.g. IP address, referrer, browser details) and visitor actions (e.g. clicks, page views). The data is stored on our own server. Processing is based on Article 6(1)(f) GDPR and, where required/obtained, on Article 6(1)(a) GDPR and Section 25(1) TDDDG.

IP Anonymization

WP Statistics is configured to use IP anonymization. Your IP address is truncated so that it can no longer be directly associated with you.

6. Newsletter

If you subscribe to our newsletter, we require your email address and additional information to verify that you are the owner of the email address and to confirm your consent. Newsletter processing is carried out exclusively on the basis of your consent (Article 6(1)(a) GDPR). You may unsubscribe at any time. The data you provide for the newsletter will be stored until you unsubscribe or until the purpose ceases to apply. We reserve the right to delete or block email addresses from our distribution list based on legitimate interest under Article 6(1)(f) GDPR.

7. Plugins and Tools

Google Fonts (Local Hosting)

This site uses Google Fonts for a uniform display of fonts provided by Google. The fonts are hosted locally, so no connection to Google servers is made. More information can be found at Google Fonts FAQ and in Google’s Privacy Policy.

Google Maps

This site uses Google Maps to embed maps on the website.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps, your IP address is typically transferred to Google servers (including the USA). Processing is based on Article 6(1)(f) GDPR and, where required, on Article 6(1)(a) GDPR and Section 25(1) TDDDG. Data transfer is based on the EU Commission’s Standard Contractual Clauses (SCCs). Details: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Bing Maps

We have integrated Bing Maps on this website.
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
To use Bing Maps, your IP address is typically transferred to Microsoft servers (including the USA). Processing is based on Article 6(1)(f) GDPR and, where required, on Article 6(1)(a) GDPR and Section 25(1) TDDDG. Data transfer is based on the EU Commission’s SCCs. More information: https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.

Google reCAPTCHA

We use Google reCAPTCHA on this website.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to verify whether data entries are made by humans or automated programs. It analyzes various parameters (e.g. IP address, time spent, mouse movements). Processing is based on Article 6(1)(f) GDPR and, where required, on Article 6(1)(a) GDPR and Section 25(1) TDDDG. More details: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

hCaptcha

We use hCaptcha on this website.
Provider: Intuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA.
hCaptcha is used to verify whether data entries are made by humans or automated programs. It analyzes parameters such as IP address, duration of visit, and mouse movements. When used in invisible mode, the analysis may run in the background. Processing is based on Article 6(1)(f) GDPR and, where required, on Article 6(1)(a) GDPR and Section 25(1) TDDDG. More details: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.

Cloudflare Turnstile

We use Cloudflare Turnstile on this website.
Provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.
Turnstile is used to verify whether data entries are made by humans or automated programs. It analyzes parameters such as IP address, duration of visit, and mouse movements and transfers them to Cloudflare. Processing is based on Article 6(1)(f) GDPR and, where required, on Article 6(1)(a) GDPR and Section 25(1) TDDDG. SCCs: https://www.cloudflare.com/cloudflare-customer-scc/; DPA: https://www.cloudflare.com/cloudflare-customer-dpa/.

Wordfence

We have integrated Wordfence on this website.
Provider: Defiant Inc., 800 5th Ave, Ste 4100, Seattle, WA 98104, USA.
Wordfence protects our website from unauthorized access or malicious cyberattacks by maintaining a connection to its servers. Processing is based on Article 6(1)(f) GDPR and, where required, on Article 6(1)(a) GDPR and Section 25(1) TDDDG. Data transfer to the USA may take place on the basis of the EU Commission’s SCCs. Details: https://www.wordfence.com/help/general-data-protection-regulation/.

Source: https://www.e-recht24.de