LEGAL

Privacy­ declaration

1) Introduction and contact details of the responsible person 1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data in this context is all data with which you can be personally identified. 1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (DSGVO) is SURAP GmbH, Mönchebergstraße 50a, 34125 Kassel, Germany, Tel.: 004916093414043, e-mail: info@surap.de. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website During the mere informational use of our website, i.e. when you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you: - Our website visited - Date and time at the time of access - Amount of data sent in bytes - Source/reference from which you reached the page - Browser used - Operating system used - IP address used (if applicable: in anonymized form) The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

3) Cookies In order to make visiting our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. In part, these cookies are automatically deleted again after closing the browser (so-called "session cookies"), in part, these cookies remain on your end device for a longer period of time and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser. If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given, or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. You can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contacting us Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

5) Registration with the portal or forum You can register on our website by providing personal data. Which personal data is processed for the registration can be seen from the input mask used for the registration. We use the so-called double-opt-in procedure for registration, i.e. your registration is only completed once you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If your confirmation is not received within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory. You can provide all other information voluntarily by using our portal. If you use our portal, we store your data required for the fulfillment of the contract, including any information on the method of payment, until you finally delete your access. Furthermore, we store the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 para. 1 lit. f DSGVO. In addition, we store all content published by you (such as public posts, pinboard entries, guestbook entries, etc.) in order to operate the website. We have a legitimate interest in providing the website with the full user-generated content. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. If you delete your account, your public statements, especially in the forum, will remain visible to all readers, but your account will no longer be retrievable. All other data will be deleted in this case.

6) Web analytics services Google (Universal) Analytics This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website. By default, Google (Universal) Analytics sets cookies when you visit the website, which are stored as small text modules on your terminal device and collect certain information. The scope of this information also includes your IP address, which is, however, shortened by Google by the last digits in order to exclude a direct personal reference. The information is transferred to Google servers and processed there. In the process, transfers to Google LLC, based in the USA, are also possible. Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide other services related to website activity and internet usage. The IP address transmitted and shortened by your browser as part of Google Analytics will not be merged with other data from Google. The data collected as part of the use of Google (Universal) Analytics will be stored for a period of two months and then deleted. All processing described above, in particular the setting of cookies on the end device used, will only take place if you have given us your express consent for this in accordance with Art. 6 Para. 1 lit. a DSGVO. Without your consent, Google (Universal) Analytics will not be used during your visit to the site. You can revoke your consent with effect for the future at any time. To exercise your right of revocation, please deactivate this service via the "Cookie Consent Tool" provided on the website. We have concluded an order processing agreement with Google, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties. For the transfer of data to the USA, Google invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection. Further legal information on Google (Universal) Analytics, including a copy of the aforementioned standard contractual clauses, can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites Demographic characteristics Google (Universal) Analytics uses the special "demographic characteristics" function and can use this to generate statistics that make statements about the age, gender and interests of site visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months. Google Signals As an extension to Google (Universal) Analytics, Google Signals can be used on this website to have cross-device reports generated. If you have activated personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6 (1) lit. a DSGVO, analyze your usage behavior across devices and create database models, including on cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop the cross-device analysis, you can deactivate the "Personalized advertising" function in the settings of your Google account. To do so, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de For more information about Google Signals, see the following link: https://support.google.com/analytics/answer/7532985?hl=de UserIDs As an extension to Google (Universal) Analytics, the "UserIDs" function can be used on this website. If you have consented to the use of Google (Universal) Analytics pursuant to Art. 6 (1) lit. a DSGVO, have set up an account on this website and log in with this account on various devices, your activities, including conversions, can be analyzed across devices.

7) Page functionalities

7.1 Google Web Fonts This site uses so-called web fonts from the following provider for the uniform display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly and establishes a direct connection to the provider's servers. In the process, certain browser information, including your IP address, is transmitted to the provider. Data may also be transmitted to: Google LLC, USA The processing of personal data in the course of establishing a connection with the provider of the fonts is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) lit. a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service via the "cookie consent tool" provided on the website. If your browser does not support web fonts, a standard font will be used by your computer. For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

7.2 Google reCAPTCHA On this website, we use the CAPTCHA service of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland Data may also be transmitted to: Google LLC, USA. For the visual design of the captcha window, the provider uses "Google Fonts", i.e. fonts loaded from the Internet by Google. There is no processing of information other than that mentioned above, which is already transmitted to Google via the functionality of ReCaptcha. The service checks whether an entry is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, Cloudflare Turnstile collects the IP address of the end device used, recognition data of the browser and operating system type used, as well as the date and duration of the visit, and transmits these to servers of the provider for evaluation. The legal basis is our legitimate interest in determining individual ownership on the Internet and the prevention of abuse and spam in accordance with Art. 6 (1) lit. f DSGVO. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties. For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

7.3 Google Customer Reviews (formerly Google Certified Merchant Program) We work with Google under the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program gives us the opportunity to collect customer reviews from users of our website. Here, after making a purchase on our website, you will be asked if you would like to participate in an email survey from Google. If you give your consent in accordance with Art. 6 (1) lit. a DSGVO, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate the purchase experience on our website. The rating you provide will then be aggregated with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. In addition, your review will be used for Google Seller Reviews. As part of the use of Google Customer Reviews, there may also be a transfer of personal data to the servers of Google LLC. in the USA. You can revoke your consent at any time by sending a message to the data controller or to Google.

8) Tools and miscellaneous Google Maps This website uses an online map service of the following provider: Google Maps (API) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland Google Maps is a web service for the display of interactive (land) maps to visually display geographical information. By using this service, our location is shown to you and a possible approach is made easier. Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there, this may also result in a transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of Google's legitimate interest in the insertion of personalized advertising, market research and / or the design of Google websites to meet the needs. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used. As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 (1) lit. a DSGVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option described above to make an objection.

9) Rights of the data subject

9.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites: - Right of information pursuant to Art. 15 GDPR; - Right of rectification pursuant to Art. 16 GDPR; - Right to erasure pursuant to Art. 17 GDPR; - Right to restriction of processing pursuant to Art. 18 GDPR; - Right to information pursuant to Art. 19 GDPR; - Right to data portability pursuant to Art. 20 GDPR; - Right to revoke consent given pursuant to Art. 7(3) GDPR; - Right to lodge a complaint pursuant to Art. 77 GDPR. 9.2 RIGHT OF OBJECTION IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS. IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

10) Duration of the storage of personal data The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and - if relevant - additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law). When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, the data concerned will be stored until you revoke your consent. If there are legal retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) DSGVO, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of a contract and/or there is no legitimate interest on our part to continue storing it. When personal data is processed on the basis of Art. 6(1)(f) DSGVO, this data is stored until you exercise your right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purpose of direct marketing on the basis of Article 6 (1) (f) DSGVO, this data will be stored until you exercise your right to object pursuant to Article 21 (2) DSGVO. Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.