Data Protection

Protecting your privacy is very important to us. Below we provide detailed information about how we handle your data.

For explanations of legal terms, please refer to the applicable definitions in the GDPR. 

1. You may revoke any consent you have given us for the processing or disclosure of your data at any time with effect for the future (Art. 7 Sec. 3 GDPR).
2. If the legal basis for processing your data is a legitimate interest according to Art. 6 (1) (f) GDPR, you have the right to object to the data processing under Art. 21 GDPR. If the relevant data processing is for direct marketing purposes, you do not need to provide any reason for your objection; in all other cases, you must state reasons for your objection that arise from your particular situation.
3. If we have stored incorrect information about you, you can request that we correct your data (Art. 16 GDPR).
4. You may request information from us at any time about which data we process about you (Art. 15 GDPR, § 34 BDSG).
5. You can request that we delete your data or restrict its processing, provided that there are no overriding legal retention obligations (Art. 17 or 18 GDPR, § 35 BDSG).
6. You may request that we provide you with the data you have given us in a machine-readable format for transfer to a third party (Art. 20 GDPR).
7. You have the right to file a complaint with a data protection supervisory authority about data protection matters concerning us.

You can visit our websites without providing any personal information. Each time a webpage is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, amount of data transferred, and the requesting provider (access data), and documents the access.

This access data is evaluated solely to ensure the trouble-free operation of the site and to improve our services. This serves, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, to safeguard our overriding legitimate interests in a correct presentation of our services as part of a balancing of interests. All access data will be deleted no later than seven days after your visit to the site.

Hosting services provided by a third-party provider
As part of processing on our behalf, a third-party provider delivers hosting and website display services for us. This serves to protect our overriding legitimate interests in ensuring the proper presentation of our offering, as determined by a balancing of interests. All data collected through the use of this website or via designated forms in the online shop, as described below, is processed on their servers. Processing on other servers only occurs within the scope explained here.

This service provider is located within a country of the European Union or the European Economic Area.

We collect personal data when you voluntarily provide it to us in the course of placing an order or contacting us. Required fields are marked as such because we need this information to process your contract or respond to your inquiry, and you cannot submit your order or inquiry without providing it. The specific data collected can be seen in the respective input forms. We use the data you provide in accordance with Art. 6 (1) sentence 1 lit. b GDPR to process contracts and handle your requests. If you have given your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR by choosing to open a customer account, we use your data for the purpose of setting up your customer account. After the contract is fully processed or your customer account is deleted, your data will be restricted from further processing and deleted after the tax and commercial retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, as permitted by law and as explained in this statement. You can delete your customer account at any time, either by sending a message to the contact option described below or via a function provided in the customer account.

For the fulfillment of the contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR, we will pass on your data to the shipping company commissioned with the delivery, to the extent necessary for the delivery of the ordered goods. Depending on which payment service provider you select during the order process, we will transfer the payment data collected for this purpose to the credit institution responsible for the payment and, if applicable, to payment service providers commissioned by us, or to the selected payment service provider. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you will need to log in to the payment service provider with your access data during the order process. The privacy policy of the respective payment service provider applies in this regard.

For order and contract processing, we also use an external merchandise management system. The data transfer or processing that takes place in this context is based on a data processing agreement.

Payment service provider (PayPal)

Description: In our webshop, you can pay for your order via the payment service provider PayPal. To do this, an encrypted connection to PayPal is established from our webshop, through which we communicate a transaction number and the invoice amount to PayPal and redirect you to PayPal to authorize your payment. Other than the invoice amount, PayPal does not receive any information from us about the products you ordered. We do not receive any information from PayPal about your bank account or credit card. PayPal only notifies us when the invoice amount for a transaction number generated by us has been credited to our account.

For all transactions with PayPal, data protection is governed by your independent contractual relationship with PayPal.

As a financial service provider, PayPal is subject to European banking supervision. For details on PayPal’s data protection, visit: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Data categories: Transaction number and invoice amount, other personal data and account information required to complete the transaction.

Data recipient (including any third-country transfers): PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. No transfers to third countries take place.

Purpose + Legal Basis: Processing your payment via your PayPal account. The legal basis for both PayPal and us is contract fulfillment.

Retention period: Booking records must be kept for 10 years in accordance with tax law requirements (§ 147 AO).

The following data is transmitted to the service provider Klarna in connection with payment processing:

• First name
• Last name
• Shipping address
• Billing address
• Email address
• Order items
• Bank details
• Credit card data

Payment provider Sofortüberweisung (Klarna)

Description: In our webshop, you can pay for your order using the Sofortüberweisung service. We use the financial service provider Klarna to process Sofortüberweisung payments. Our webshop establishes an encrypted connection to Klarna, through which we send a transaction number and the invoice amount, and you are redirected to Klarna to verify your bank details.

Klarna and thus your account-holding financial institution receive no information from us regarding the products you ordered, except for the invoice amount and our name as creditor. We do not collect or store any of your bank account details; we only store the relevant transaction confirmation from Klarna if the invoice amount for a transaction number generated by us has been credited to us.

For all transactions with Klarna, data protection is governed by your independent contractual relationship with Klarna. In this regard, we only provide the transfer to this independent service provider as a payment option for you.

Klarna is subject to European banking supervision as a financial service provider. Details on data protection at Klarna can be found at: https://www.klarna.com/sofort/datenschutz/

Data categories: Transaction number and invoice amount, other personal data and account information required to complete the transaction.

Data recipient (possible third-country transfer): Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden. No transfer to third countries takes place.

Purpose + Legal Basis: Processing your payment via the Sofortüberweisung service. The legal basis for both Klarna and us is the fulfillment of the contract.

Retention period: Booking records must be kept for 10 years in accordance with tax law requirements (§ 147 AO).

Payment by debit or credit card at the card reader via SumUp 

Description: At all our locations, you can pay with debit and credit cards. The card reader used for this purpose transmits your card data, together with the payment amount, to the payment provider SumUp, which supplies us with the reader. The payment provider processes the data for payment processing, to prevent card misuse, to limit the risk of payment default, and for legally required purposes such as anti-money laundering. For these purposes, your data may also be transmitted to other responsible parties in accordance with financial market regulations.

As the payment recipient and the payment provider, we are independently responsible for processing your data, each within our own technical sphere of influence. We are responsible for operating the card reader at the register and for our internal network up to the secure transmission via internet or telephone line to the payment provider.

Payment provider for central network operation, processing, encryption, risk assessment, and further transmission is:

For Sumup’s European business, one of the following legal entities is usually the data controller:

• SumUp Payments Limited, authorized by the Financial Conduct Authority under the Electronic Money Regulations 2011, a limited liability company registered in England and Wales under number 07836562, with its registered office at 16-20 Shorts Gardens, London WC2H 9US, UK. SumUp Payments Limited is registered as a data controller with the Information Commissioner’s Office under number ZA265663. 

• SumUp Limited, a limited liability company registered in Ireland under number 505893, with its registered office at Block 8, Harcourt Centre, Charlotte Way, Dublin 2, Ireland D02 K580. SumUp Limited is an authorized electronic money institution (License No. C195030, issued on October 27, 2020) supervised by the Central Bank of Ireland. 

• SumUp EU Payments, UAB, an electronic money institution licensed by the Bank of Lithuania (License No. 56, issued on August 27, 2019), with its registered office at Konstitucijos pr. 21C, 08130 Vilnius, Lithuania, and company registration number 305074395.

dpo@sumup.com 

You can find privacy information for cardholders regarding card-based payments at: 

https://www.sumup.com/de-de/allgemeine-datenschutzbestimmungen/

“Book Appointment” – Calendly
Calendly LLC
115 E Main St., Ste A1B
Buford, GA 30518
USA

To schedule appointments, we use the online provider for online appointment booking: Calendly.com

More information: https://calendly.com/privacy

Use of our app 

Navigation functions (Google Maps)

Description: Our website integrates maps from Google Maps, a service provided by Google. 

We cannot provide any details about data processing at Google. For this, please refer to Google’s privacy information: https://policies.google.com/privacy

For additional information about Google Maps, please visit:  https://www.google.com/intl/de_de/help/terms_maps.html.

Although we do not receive any data from Google, Google considers our use of its map service to be a shared responsibility, since both Google and we have an interest in providing the service. Accordingly, there is a joint responsibility agreement between Google and us, which you can read here (only available in English): https://privacy.google.com/intl/de/businesses/mapscontrollerterms/

4. Email newsletters and postal advertising

Email advertising with newsletter subscription

We offer a newsletter service you can subscribe to. If you sign up for our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

For sending our subscription-based newsletters, we use what is known as the double opt-in procedure. This means we will only send you a newsletter after you have expressly consented to activating the newsletter service. For this purpose, we will send you a notification email and ask you to confirm that you are the owner of the provided email address by clicking a link in that email. If you later no longer wish to receive newsletters from us, you can object at any time. A message in text form (e.g., email, fax, letter) to info@myhb.app is sufficient for this. Of course, you will also find an unsubscribe link in every newsletter.

Our newsletter is managed by our email marketing provider with data centers and headquarters in Germany and Belgium, whom we have contracted for the creation and distribution of newsletters. If you sign up for a newsletter, we automatically store your IP address and the times of registration and confirmation. This allows us to prove that you actually signed up and, if necessary, detect any misuse of your email address.

We collect device and access data that is generated when you interact with a newsletter. For this analysis, the newsletters include references to image files stored on our web server. When you open a newsletter, your email program loads these image files from our web server. We collect the resulting device and access data in pseudonymized form.

Email advertising without newsletter subscription and your right to object
If we receive your email address in connection with the sale of a product or service and you have not objected, we reserve the right to regularly send you offers for similar products from our range by email, based on Section 7 (3) UWG. This serves to protect our overriding legitimate interest in direct advertising to our customers within the scope of a balancing of interests.
You may object to the use of your email address at any time by sending a message to the contact option described below or via a designated link in the promotional email, without incurring any costs other than the transmission costs according to the basic rates.

The newsletter is sent on our behalf by a service provider to whom we provide your email address for this purpose.

Direct mail advertising and your right to object
We also reserve the right to use your first and last name and your postal address for our own advertising purposes, e.g., to send you interesting offers and information about our products by mail. This serves to safeguard our overriding legitimate interests in direct advertising to our customers within the context of a balancing of interests pursuant to Art. 6(1)(f) GDPR.

To make your visit to our website more attractive and to enable the use of certain features, display relevant products, or conduct market research, we use so-called cookies on various pages. This serves to protect our legitimate interests in providing an optimized presentation of our offerings, which outweigh other interests according to Art. 6 (1) sentence 1 lit. f GDPR. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after your browser session ends (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). You can find information about storage duration in your browser’s cookie settings. You can set your browser to notify you when cookies are set and decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general. Each browser manages cookie settings differently. The help menu of your browser explains how to change your cookie settings. You can find instructions for the respective browsers at the following links:
Internet Explorer™: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome™: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Firefox™: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™: https://help.opera.com/de/latest/web-preferences/#cookies

If you do not accept cookies, the functionality of our website may be limited.

Use of Google (Universal) Analytics for Website Analysis
This website uses Google (Universal) Analytics for website analysis. This web analytics service is offered by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to protect our overriding legitimate interests in an optimized presentation of our offering in accordance with Art. 6(1)(f) GDPR. Google (Universal) Analytics uses methods such as cookies to enable analysis of your use of the website. The information automatically collected about your use of this website is generally transmitted to and stored on a Google server in the USA. By activating IP anonymization on this website, the IP address is shortened before transmission within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Once the purpose has been fulfilled and we have stopped using Google Analytics, the data collected in this context will be deleted.

If information is transmitted to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here . Under this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.

You can prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Alternatively to the browser plugin, you can click this link to prevent future data collection by Google Analytics on this website. An opt-out cookie will be stored on your device. If you delete your cookies, you will need to click the link again.

Google Ads Remarketing
We use Google Ads to promote this website in Google search results as well as on third-party websites. When you visit our website, a so-called remarketing cookie from Google is set, which, using a pseudonymous cookie ID and based on the pages you visit, enables interest-based advertising. This serves to protect our predominant legitimate interests in optimal marketing of our website according to Art. 6 (1) sentence 1 lit. f GDPR. Once the purpose has been fulfilled and we stop using Google Ads Remarketing, any data collected in this context will be deleted.

Further data processing will only take place if you have given Google your consent to link your web and app browsing history with your Google Account and to use information from your Google Account to personalize ads you see online. If you are logged into Google while visiting our website in this case, Google will use your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data to form audiences.

Google Ads is a service of Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).
If information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield.
A current certificate can be viewed here . Based on this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.

You can deactivate the remarketing cookie via this link . You can also learn more about cookie settings and manage your preferences with the Digital Advertising Alliance .

Taboola, Inc.
16 Madison Square West
7th Floor
New York, New York 10010

Outbrain Inc.
111 West 19th Street, 3rd Floor
New York, NY 10011, USA

As a data subject, you have the following rights:

• According to Art. 15 GDPR, you have the right to request information about your personal data processed by us, to the extent specified therein;
• pursuant to Art. 16 GDPR, you have the right to request the immediate correction of inaccurate or the completion of your personal data stored with us;
• According to Art. 17 GDPR, you have the right to request the deletion of your personal data stored with us, unless further processing
  - is necessary for exercising the right to freedom of expression and information;
  - to fulfill a legal obligation;
  - for reasons of public interest; or
  - for the establishment, exercise, or defense of legal claims;
• pursuant to Art. 18 GDPR, the right to request restriction of processing of your personal data if
  - you contest the accuracy of the data;
  - the processing is unlawful but you oppose its erasure;
  - we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims; or
  - you have objected to processing pursuant to Art. 21 GDPR;
• According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer to another controller;
• According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your habitual residence or workplace or at our company headquarters.

Hosting by Shopify

Shopify International Limited
Victoria Buildings, 2nd Floor, 1-2 Haddington Road
Dublin 4, D04 XN32, Ireland

The shop system is provided by the service provider Shopify International Limited for the purpose of hosting and displaying the online shop based on processing on our behalf. All data collected on our website is processed on Shopify’s servers.
As part of the aforementioned Shopify services, data may also be processed further on our behalf by

Shopify Inc.
150 Elgin St,
Ottawa, ON K2P 1L4, Canada,

Shopify Data Processing (USA) Inc.
Shopify Payments (USA) Inc. or
Shopify (USA) Inc. may transfer your data.

In the event of data being transferred to Shopify Inc. in Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
Further information on Shopify's data protection can be found at the following website: https://www.shopify.com/legal/privacy 

Applicant
By submitting your application, you agree that we may process your data for the recruitment process in accordance with our privacy policy. 

If you have any questions about the collection, processing, or use of your personal data, requests for information, correction, restriction or deletion of data, or withdrawal of consent or objection to a specific use of data, please contact us directly using the contact details in our legal notice.