Privacy Policy
Privacy
1. We are pleased that you are using our app and thank you for your interest! Protecting your privacy while using our app is important to us. Therefore, please note the following information regarding the handling of your data.
The responsible entity is NewStep UG (limited liability), Thierstraße 20, 80538 Munich, Germany.
2. Data Collection When You Visit Our Website
If you only use our website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser sends to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
• Our visited website
• Date and time of access
• Amount of data sent in bytes
• Source/referral from which you came to the page
• Browser used
• Operating system used
• IP address used (if applicable, in anonymous form)
Processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
3. Cookies
To make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable your browser to be recognized the next time you visit (persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a certain period, which may vary depending on the cookie. You can find the duration of the respective cookie storage in the overview of the cookie settings in your web browser.
In some cases, cookies are used to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data are also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the performance of a contract, in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
Please note that you can set your browser to inform you about the setting of cookies and to decide individually whether to accept them or to exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages cookie settings. The help menu of each browser describes how to change your cookie settings. You can find this for the respective browser under the following links:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Chrome: https://support.google.com/chrome/answer/95647?hl=en
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that the functionality of our website may be restricted if you do not accept cookies.
4. Contact
When you contact us (e.g., via the contact form or email), personal data is collected. The data collected when using a contact form is evident from the respective contact form. This data is stored and used solely for the purpose of responding to your inquiry or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after your inquiry has been processed. This is the case when it can be inferred from the circumstances that the matter concerned has been conclusively clarified and there are no legal retention obligations.
5. Data processing when opening a customer account and during contract execution
In accordance with Art. 6 Para. 1 lit. b) GDPR, personal data is also collected and processed when you provide it to us for the purpose of contract execution or when opening a customer account. The data collected is evident from the respective input forms. You can delete your customer account at any time by sending a message to the address of the controller provided above. We store and use the data you provide for contract processing. After complete execution of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted upon expiry of these periods, unless you have expressly consented to further use of your data or we reserve the right to further use your data within the scope of legal provisions.
6. Use of Single Sign-On Google Sign-In
On our website, you have the option to create a customer account or register using the "Google Sign-In" service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") as part of the so-called Register for Single Sign-On technology if you have a Google profile. You can recognize the Google login function on our website by clicking on the button "Sign in with Google," "Sign in with Google Account," or "Sign in with Google."
When you visit a page of our website that contains a Google sign-in function, your browser establishes a direct connection to Google's servers. The content of the login button is transmitted directly to your browser by Google and integrated into the page. Through this integration, Google receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Google profile or are not currently logged in to Google. This information (including your IP address) is transmitted directly from your browser to a Google server and stored there; it may also be transferred to the server of Google LLC. in the USA. This data processing is carried out in accordance with Article 6 (1) (f) GDPR based on Google's legitimate interest in displaying personalized advertising based on browsing behavior.
Through the Google login button on our website, you also have the option to log in or register on our website using your Google user data. Only if you have given your express consent in accordance with Art. 6 Para. 1 lit. Personal data protection settings at Google will general and publicly accessible information be stored in your profile. This information includes user ID, name, profile picture, age, and gender.
We would like to point out that, according to changes in Google's privacy policies and terms of use, if you have given your consent, your profile pictures, your friends' user IDs, and your friends list can also be transferred if they have been marked as "public" in your privacy settings at Google. The data transmitted by Google is stored and processed by us to create a user account with the necessary data (title, first name, last name, address data, country, email address, date of birth), provided you have given Google your consent. Conversely, we can transmit data (e.g., information about your browsing or purchasing behavior) to your Google profile based on your consent.
The consent given can be revoked at any time by sending a message to the responsible person mentioned at the beginning of this privacy policy.
For the purpose and scope of data collection, further processing and use of data by Google, as well as your related rights and privacy protection settings, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=en
The terms of use for the use of "Google Sign-In" can be viewed here: https://policies.google.com/terms
If you do not want Google to directly associate the data collected through our website with your Google profile, you must log out of Google before visiting our website. You can also completely prevent the loading of Google plugins with add-ons for your browser, e.g., with "Adblock Plus" (https://adblockplus.org/en/).
7. Comment Function
As a user, you can subscribe to follow-up comments. You will receive a confirmation email to ensure that you are the owner of the provided email address (double opt-in procedure). The legal basis for data processing in the case of subscribing to comments is Article 6(1)(a) GDPR. You can unsubscribe from ongoing comment subscriptions at any time with effect for the future. Further information on unsubscribing can be found in the confirmation email.
8. Use of Customer Data for Direct Marketing
8.1 Signing up for our Email Newsletter
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter if you have expressly confirmed that you consent to receiving the newsletter. We will then send you a confirmation email in which you must click on a link to confirm that you wish to receive the newsletter in the future.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6 (1) (a) GDPR. When registering for the newsletter, we store your IP address, as well as the date and time of registration, as entered by the Internet service provider (ISP), to track any potential misuse of your email address at a later time. The data collected by us during newsletter registration will be used exclusively for advertising through the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the responsible person mentioned above. Upon unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data, or we reserve the right to use your data beyond what is legally permissible, about which we will inform you in this statement.
8.2 Sending the Email Newsletter to Existing Customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. According to § 7 para. 3 UWG (German Act Against Unfair Competition), we are not required to obtain separate consent from you for this purpose. The data processing is carried out exclusively on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person mentioned above. For this, you will only incur the transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be immediately discontinued.
9. Data Processing for Order Fulfillment
9.1 To process your order, we collaborate with the following service providers who assist us, either entirely or partially, in executing the concluded contracts. Certain personal data will be transferred to these service providers according to the following information.
The personal data collected by us will be forwarded to the transport company responsible for delivery within the scope of contract processing, to the extent necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution as part of the payment process, to the extent necessary for payment processing. When using payment service providers, we will expressly inform you as follows.
The legal basis for data transfer is Art. 6 para. 1 lit. b GDPR.
9.2 Utilization of Payment Service Providers (Payment Services)
• Stripe
If you choose a payment method offered by the payment service provider "Stripe," the payment processing will be carried out by "Stripe," to which we will transfer the data provided by you during the ordering process as well as the information about your order according to Art. 6 para. 1 lit. b GDPR. Your data will be transferred solely for the purpose of payment processing with the payment service provider "Stripe" and only to the extent necessary for this purpose.
• NowPayments
If you opt for a payment method offered by the payment service provider "NowPayments," the payment processing will be carried out by "NowPayments," to which we will transfer the data provided by you during the ordering process as well as the information about your order according to Art. 6 para. 1 lit. b GDPR. Your data will be transferred solely for the purpose of payment processing with the payment service provider "NowPayments" and only to the extent necessary for this purpose.
10. Usage of a Live Chat System - Own Live Chat System
For the purpose of operating a live chat system aimed at responding to live inquiries, your provided chat name and the content of your chat message are collected and stored as data on this website. The chat and the chat name you provide are stored only in the Random Access Memory (RAM). Cookies are used for the operation of the chat function. Cookies are small text files that are locally stored in the visitor's internet browser cache. The cookies enable recognition of the website visitor's browser, allowing for differentiation of individual users of the chat function on our website.
If the data collected in this manner are personal, the processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in effective customer support and statistical analysis of user behavior for optimization purposes.
To avoid storing cookies, you can configure your internet browser to prevent cookies from being stored on your computer in the future or to delete already stored cookies. However, disabling all cookies may result in the chat function on our website no longer functioning.
11. Tools and Others - Google reCAPTCHA
On this website, we also utilize the reCAPTCHA function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function primarily serves to distinguish whether an input originates from a natural person or is being misused through automated and machine processing. The service involves the transmission of the IP address and other data required by Google for the reCAPTCHA service to Google, and it is carried out in accordance with Art. 6(1)(f) GDPR to prevent abuse and spam. When using Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the United States.
For more information about Google reCAPTCHA and Google's privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/
Where required by law, we have obtained your consent for the processing of your data as described above in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please use the option described above to object.
12. Rights of the Data Subject
12.1 The applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) vis-à-vis the data controller, which we hereby inform you about:
Right to information pursuant to Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the envisaged storage duration or the criteria for determining the storage duration, the existence of a right to rectification, erasure, restriction of processing, the existence of a right to object to processing, the right to lodge a complaint with a supervisory authority, the origin of your data if not collected from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing, and your right to be informed about the guarantees pursuant to Art. 46 GDPR relating to the transfer of data to third countries;
Right to rectification pursuant to Art. 16 GDPR: You have the right to demand the immediate rectification of any inaccurate personal data concerning you and/or completion of incomplete data stored by us;
Right to erasure pursuant to Art. 17 GDPR: You have the right to demand the erasure of your personal data if the conditions of Art. 17 (1) GDPR are met. However, this right does not exist, in particular, where processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to demand the restriction of processing of your personal data as long as the accuracy of your data is being verified, if you oppose the erasure of your data due to unlawful data processing and instead request the restriction of their processing, if you need your data for the establishment, exercise or defense of legal claims after we no longer need these data for the purposes of processing or if you have objected to processing based on grounds relating to your particular situation pending the verification whether our legitimate grounds override yours;
Right to information pursuant to Art. 19 GDPR: If you have asserted your right to rectification, erasure or restriction of processing against the controller, the latter is obliged to communicate to each recipient to whom the personal data concerning you have been disclosed the rectification or erasure of the data or the restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request transmission to another controller, to the extent technically feasible;
Right to revoke consent pursuant to Art. 7 (3) GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of processing based on consent before its revocation;
Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
12.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, AS WE INDICATE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA. FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA FOR SUCH MARKETING AT ANY TIME. YOU CAN OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA FOR THE PURPOSES OF DIRECT MARKETING.
13. Duration of Storage of Personal Data
The duration of storage of personal data depends on the respective legal basis, the purpose of processing, and, if applicable, additionally on the respective statutory retention period (e.g., commercial and tax retention periods).
For personal data processed on the basis of explicit consent pursuant to Article 6(1)(a) GDPR, these data are stored until the data subject revokes their consent.
If there are statutory retention periods based on Article 6(1) and/or if we have no legitimate interest in further storage, data processed within the scope of legal or similar obligations are stored accordingly.
For personal data processed on the basis of Article 6(1) that serve to prove the interests, rights, and freedoms of the data subject outweigh any opposing interests, or if the processing is for the establishment, exercise, or defense of legal claims.
For the processing of personal data for the purpose of direct marketing, it is based on Article 6(1)
