Data Protection

Protecting your privacy is very important to us. Below we provide detailed information on how we handle your data.

For the explanation of legal terms, we refer to the applicable definitions in the GDPR.

1. You can revoke any consent you have given us to process or share your data at any time for the future (Art. 7 para. 3 GDPR).
2. If the legal basis for processing your data is a legitimate interest according to Art. 6 para. 1 lit. f GDPR, you may object to the data processing according to Art. 21 GDPR. If the relevant data processing involves direct marketing, you do not need to provide any reasons for your objection; in all other cases, you must provide reasons for your objection that arise from your particular situation.
3. If we have stored incorrect information about you, you can request that we correct your data (Art. 16 GDPR).
4. You can request information from us at any time about the data we process about you (Art. 15 GDPR, § 34 BDSG).
5. You can request that we delete your data or restrict its processing, provided that no higher-ranking retention obligations oppose your request (Art. 17 or 18 GDPR, § 35 BDSG).
6. You can request that we provide you with the data you have provided to us in a machine-readable format for transmission to third parties (Art. 20 GDPR).
7. You may lodge a complaint with a supervisory authority for data protection about data protection matters concerning us.

You can visit our websites without providing any personal information. Each time a webpage is accessed, the web server automatically stores a so-called server logfile, which contains, for example, the name of the requested file, your IP address, date and time of access, transferred data volume, and the requesting provider (access data), and documents the access.

These access data are evaluated exclusively for the purpose of ensuring the trouble-free operation of the site as well as improving our offer. This serves, according to Art. 6 para. 1 sentence 1 lit. f GDPR, to safeguard our overriding legitimate interests in a correct presentation of our offer within the framework of a balancing of interests. All access data will be deleted at the latest seven days after the end of your visit to the site.

Hosting services by a third-party provider
As part of processing on our behalf, a third-party provider provides the services for hosting and displaying the website for us. This serves to safeguard our overriding legitimate interests in a correct presentation of our offer within the framework of a balancing of interests. All data collected during the use of this website or in forms provided for this purpose in the online shop, as described below, are processed on their servers. Processing on other servers only takes place within the framework explained here.

This service provider is located within a country of the European Union or the European Economic Area.

We collect personal data when you voluntarily provide it to us as part of your order or when contacting us. Required fields are marked as such because in these cases we need the data to process the contract or handle your contact request, and without this information, you cannot send the order or contact request. The data collected is evident from the respective input forms. We use the data you provide in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for contract processing and handling your inquiries. If you have given your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we use your data for the purpose of opening the customer account. After the contract is completely processed or your customer account is deleted, your data will be restricted for further processing and deleted after the expiration of tax and commercial retention periods, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration. Deleting your customer account is possible at any time and can be done either by a message to the contact option described below or via a function provided in the customer account.

To fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass your data to the shipping company commissioned with the delivery, to the extent necessary for the delivery of ordered goods. Depending on the payment service provider you select during the order process, we pass the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service provider. Some of the selected payment service providers collect this data themselves if you create an account there. In this case, you must log in to the payment service provider with your access data during the order process. The privacy policy of the respective payment service provider applies in this regard.

For order and contract processing, we also use an external merchandise management system. The data transfer or processing that takes place in this context is based on order processing.

Payment Service Provider (PayPal)

Description: In our webshop, you can pay for your order via the financial service provider PayPal. An encrypted connection to PayPal is established from our webshop, through which we communicate a transaction number and the invoice amount to PayPal and redirect you to PayPal to approve your payment. PayPal receives no information from us about the products you have ordered other than the invoice amount. We do not receive any information from PayPal about your bank account or credit card. PayPal only reports back to us when the invoice amount for a transaction number generated by us has been credited to us.

Regarding all transactions with PayPal, data protection arises from your independent contractual relationship with PayPal.

As a financial service provider, PayPal is subject to European banking supervision. Details on data protection at PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Data Categories: Transaction number and invoice amount, other personal data, and account information required to conduct the transaction.

Data Recipient (if applicable, third country transfer): PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. No transfer to third countries takes place.

Purpose + Legal Basis: Processing your payment via your PayPal account. The legal basis is contract fulfillment for both PayPal and us.

Storage Duration: Booking documents must be retained for 10 years according to tax law requirements (§ 147 AO).

The following data is transmitted to the service provider Klarna in connection with payment processing:

• First Name
• Last Name
• Delivery Address
• Billing Address
• Email Address
• Order Items
• Bank Details
• Credit Card Information

Payment Service Provider Sofort Transfer (Klarna)

Description: In our webshop, you can pay for your order using the Sofort Transfer service. For processing Sofort Transfers, we use the service of the financial provider Klarna. An encrypted connection to Klarna is established from our webshop, through which we communicate a transaction number and the invoice amount, and redirect you to Klarna to verify your bank account details.

Klarna and thus your account-holding financial institution receive no information from us about the products you ordered, other than the invoice amount and our name as the creditor. We do not collect or store your bank details, but only store the corresponding transaction confirmation from Klarna when the invoice amount can be credited to us for a transaction number we generated.

Regarding all processes at Klarna, data protection arises from your independent contractual relationship with Klarna. We only provide the transfer to this independent service provider as a payment option for you.

As a financial service provider, Klarna is subject to European banking supervision. Details on data protection at Klarna can be found at: https://www.klarna.com/sofort/datenschutz/

Data Categories: Transaction number and invoice amount, other personal data, and account information required to conduct the transaction.

Data Recipient (if applicable, third-country transfer): Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden. No transfer to third countries takes place.

Purpose + Legal Basis: Processing your payment via the Sofort Transfer service. The legal basis is contract fulfillment for both Klarna and us.

Storage Duration: Booking documents must be retained for 10 years according to tax law requirements (§ 147 AO).

Payment with debit or credit cards at the card reader via SumUp 

Description: At all our locations, you can pay with debit and credit cards. The card reader used for this transmits your card data along with the payment amount to the payment provider SumUp, who provides us with the card reader. The payment provider processes the data for payment processing, preventing card misuse, limiting the risk of payment defaults, and for legally mandated purposes such as anti-money laundering. For these purposes, your data is also transmitted to other responsible bodies according to financial market law.

We as the payment recipient and the payment provider are independently responsible for processing your data, each within our technical area of influence. We are responsible for operating the card reader at the checkout and for our internal network up to the secure transmission via internet or telephone line to the payment provider.

The payment provider for central network operations, processing, encryption, risk assessment, and further transmission is the:

For SumUp's European business, one of the following legal entities is usually the data controller:

• SumUp Payments Limited, authorized by the Financial Conduct Authority under the Electronic Money Regulations 2011, a limited liability company registered in England and Wales under number 07836562 with a registered office at 16-20 Shorts Gardens, London WC2H 9US, UK. SumUp Payments Limited is registered as a data controller with the Information Commissioner's Office under number ZA265663. 

• SumUp Limited, a limited liability company registered in Ireland under number 505893 with a registered office at Block 8, Harcourt Centre, Charlotte Way, Dublin 2, Ireland D02 K580. SumUp Limited is an authorized e-money institution (License No. C195030, issued on October 27, 2020), supervised by the Central Bank of Ireland. 

• SumUp EU Payments, UAB, an e-money institution licensed by the Bank of Lithuania (License No. 56, issued on August 27, 2019), with a registered office at Konstitucijos pr. 21C, 08130 Vilnius, Lithuania, and with the trade register number 305074395.

dpo@sumup.com 

Privacy information for cardholders regarding card-based payments can be found at: 

https://www.sumup.com/de-de/allgemeine-datenschutzbestimmungen/

“Book Appointment” – Calendly
Calendly LLC
115 E Main St., Ste A1B
Buford, GA 30518
USA

For scheduling appointments, we use the online provider for online appointment scheduling: Calendly.com

Further information: https://calendly.com/privacy

Use of our App 

Navigation functions (Google Maps)

Description:  Our websites incorporate maps from Google Maps, a service by Google. 

We cannot provide details on data processing by Google. For this, Google's privacy information applies: https://policies.google.com/privacy

Additional information about Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps.html.

Although we do not receive data from Google, Google considers our use of its mapping service as a joint responsibility since both Google and we have an interest in providing the service. Accordingly, there is an agreement between Google and us about joint responsibility, the content of which you can read here (only in English): https://privacy.google.com/intl/de/businesses/mapscontrollerterms/

4. Email Newsletter and Postal Advertising

Email Advertising with Newsletter Subscription

We offer a newsletter service for which you can subscribe. If you subscribe to our newsletter, we will use the data required for this purpose or separately provided by you to send you our email newsletter regularly based on your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR.

For sending our subscription-based newsletters, we use the so-called double opt-in procedure, which means we will only send you a newsletter if you have expressly agreed in advance that we should activate the newsletter service. For this purpose, we will send you a notification email and ask you to confirm by clicking on a link contained in this email that you are the owner of the provided email address. If you later no longer wish to receive newsletters from us, you can object to this at any time. A message in text form (e.g., email, fax, letter) to info@myhb.app is sufficient for this purpose. Of course, you will also find an unsubscribe link in every newsletter.

The newsletter processing is carried out by our email marketing service provider with data centers and headquarters in Germany and Belgium, which we have commissioned for the creation and sending of newsletters. If you register for a newsletter, we automatically store your IP address and the times of registration and confirmation. This allows us to prove that you have actually registered and, if necessary, recognize any misuse of your email address.

We collect device and access data that arise from your interaction with a newsletter. For this evaluation, the newsletters contain references to image files that are stored on our web server. When you open a newsletter, your email program loads these image files from our web server. We collect the device and access data that arise in pseudonymized form.

Email Advertising without Newsletter Subscription and Your Right to Object
If we receive your email address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for similar products from our range by email based on Section 7 para. 3 UWG. This serves to safeguard our overriding legitimate interests in advertising communication with our customers as part of a balancing of interests.
You can object to this use of your email address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising email, without incurring any costs other than the transmission costs according to the basic rates.

The newsletter is sent by a service provider on our behalf, to whom we provide your email address for this purpose.

Postal Advertising and Your Right to Object
Furthermore, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, such as sending interesting offers and information about our products by mail. This serves to protect our predominantly legitimate interests in commercial communication with our customers as part of a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

To make your visit to our website attractive and to enable the use of certain functions, to display suitable products, or for market research, we use so-called cookies on various pages. This serves to protect our predominantly legitimate interests in an optimized presentation of our offer as part of a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). You can find the duration of storage in the overview of the cookie settings of your web browser. You can set your browser to inform you about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers at the following links:
Internet Explorer™: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™: https://support.apple.com/en-us/guide/safari/sfri11471/12.0/mac/10.14
Chrome™: https://support.google.com/chrome/answer/95647?hl=en
Firefox™: https://support.mozilla.org/en/kb/cookies-allow-and-reject
Opera™: https://help.opera.com/en/latest/web-preferences/#cookies

If you do not accept cookies, the functionality of our website may be limited.

Use of Google (Universal) Analytics for Web Analysis
This website uses Google (Universal) Analytics for website analysis. The web analysis service is offered by Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.com). This serves to protect our predominantly legitimate interests in an optimized presentation of our offer as part of a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The information automatically collected about your use of this website is generally transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser within the scope of Google Analytics is not merged with other data from Google. After the purpose has been fulfilled and the use of Google Analytics has ended, the data collected in this context will be deleted.

To the extent that information is transferred to and stored on servers of Google in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here . Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

As an alternative to the browser plugin, you can click this link to prevent future collection by Google Analytics on this website. An opt-out cookie will be placed on your device. If you delete your cookies, you will need to click the link again.

Google Ads Remarketing
Through Google Ads, we advertise this website in Google search results as well as on third-party websites. For this purpose, when visiting our website, the so-called remarketing cookie from Google is set, which automatically enables interest-based advertising using a pseudonymous CookieID based on the pages you have visited. This serves to protect our legitimate interests in the optimal marketing of our website, which outweigh other considerations according to Art. 6 para. 1 sentence 1 lit. f GDPR. After the purpose has been fulfilled and the use of Google Ads Remarketing by us has ended, the data collected in this context will be deleted.

Further data processing will only take place if you have consented to Google linking your web and app browsing history with your Google account and using information from your Google account to personalize ads you see on the web. In this case, if you are logged into Google during your visit to our website, Google will use your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data to form target audiences.

Google Ads is a service provided by Google Ireland Limited, a company registered and operated under Irish law, based in Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).
To the extent that information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield.
An up-to-date certificate can be viewed here . Based on this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.

You can deactivate the remarketing cookie via this link . In addition, you can find information about cookie settings and make adjustments at the Digital Advertising Alliance .

Taboola, Inc.
16 Madison Square West
7th Floor
New York, New York 10010

Outbrain Inc.
111 West 19th Street, 3rd Floor
New York, NY 10011, USA

As a data subject, you have the following rights:

• according to Art. 15 GDPR the right to request information about your personal data processed by us to the extent specified therein;
• according to Art. 16 GDPR the right to request the correction of incorrect or completion of your personal data stored by us without delay;
• according to Art. 17 GDPR the right to request the deletion of your personal data stored by us, unless further processing is required
  - to exercise the right to freedom of expression and information;
  - to comply with a legal obligation;
  - for reasons of public interest, or
  - to establish, exercise, or defend legal claims;
• according to Art. 18 GDPR the right to request the restriction of processing of your personal data, provided that
  - the accuracy of the data is contested by you;
  - the processing is unlawful, but you oppose its deletion;
  - we no longer need the data, but you need them to establish, exercise, or defend legal claims, or
  - you have objected to the processing pursuant to Art. 21 GDPR;
• according to Art. 20 GDPR the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller;
• according to Art. 77 GDPR the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

Hosting by Shopify

Shopify International Limited
Victoria Buildings, 2nd Floor, 1-2 Haddington Road
Dublin 4, D04 XN32, Ireland

The shop system is the service provider Shopify International Limited for the purpose of hosting and displaying the online shop based on processing on our behalf. All data collected on our website is processed on Shopify's servers.
As part of the aforementioned services by Shopify, data may also be further processed on behalf of

Shopify Inc.
150 Elgin St,
Ottawa, ON K2P 1L4, Canada,

Shopify Data Processing (USA) Inc.
Shopify Payments (USA) Inc. or
Shopify (USA) Inc. may be transmitted.

In the event of data transfer to Shopify Inc. in Canada, an adequate level of data protection is ensured by the European Commission's adequacy decision.
For more information on Shopify's data protection, please visit the following website: https://www.shopify.de/legal/datenschutz 

Applicants
By submitting your application, you agree that we may process your data for the application process in accordance with our privacy policy. 

If you have any questions about the collection, processing, or use of your personal data, or for information, correction, restriction, or deletion of data, as well as revocation of consent given or objection to a specific data use, please contact us directly using the contact details in our legal notice.