Privacy Policy

Information on Data Protection

This privacy policy informs you about how we handle your data. To ensure that the processing of your data is comprehensible, we would like to provide you with an overview of this processing with the following information. To ensure lawful processing, this privacy policy contains general information about how we handle your data and information about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

We also inform you in detail about

I. General information
II. data processing on our website www.kessberlin.de
III. data processing via our Kess Facebook fan page
IV. Information on the Whistleblower Protection Act

Kess Berlin GmbH, Rosenthaler Straße 40/41, 10178 Berlin (hereinafter referred to as ‘we’ or ‘us’) is responsible for data processing.

I. General information

1. Contact

If you have any questions or suggestions regarding this information or would like to contact us to assert your rights, please direct your enquiry to:

Kess Berlin GmbH
Rosenthaler Straße 40/41, 10178 Berlin, Germany
Phone: +49 30 767580 400
E-mail: datenschutz@kessberlin.de

2. General Information on Data Processing

The data protection term ‘personal data’ refers to all information relating to an identified or identifiable person. This includes all information about personal or factual circumstances of this identified or identifiable natural person.

We process such personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. We only process your personal data with your consent (Art. 6 para. 1 letter a) GDPR), to fulfil a contract with you or at your request to carry out pre-contractual measures (Art. 6 para. 1 letter b) GDPR), to fulfil a legal obligation (Art. 6 para.1 (c) GDPR) or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party and your interests, fundamental rights and freedoms, which require the protection of personal data, do not prevail (Art. 6 (1) (f) GDPR).
If you apply for an open position in our company, we also process your personal data to decide on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).

3. General Information on Purposes of Data Processing

The processing of personal data that you provide to us or that we collect about you in any other way serves the following purposes in particular:

  • identify you as a registered user when you log in to our website and visit it again;
  • process payments;
  • improve the website and our services;
  • answer your questions and provide appropriate customer services
    Send you our newsletters;
  • recommend personalised offers to you on the Website;
  • enable our social media sharing features. This includes providing you with the option to connect with members from your network and one or more social networks;
  • conduct various internal business operations, such as data analysis, monitoring, surveillance and preventive measures to protect against fraud, develop new products and services, improve or revise the Site or our services, identify usage trends, determine the effectiveness of our advertising campaigns, and conduct and expand our business activities;
  • ensure compliance with legal requirements and procedures and fulfilment of the requirements of public and governmental authorities, applicable industry standards and our internal policies;
  • enforce our Terms and Conditions and exercise and defend our legal rights.

4. Duration of Storage

Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. If we store the data due to the existence of a statutory retention obligation, this processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR.

5. Recipient of Data

We use contracted service providers for individual processing operations. This includes, for example, hosting, maintenance and support of IT systems, document management, marketing measures or monitoring. These service providers only process the data in accordance with express instructions and are contractually obliged to guarantee suitable technical and organisational measures for data protection. We may also transfer personal data of our customers to organisations such as postal and delivery services or logistics services, payment and information services, house banks, tax consultants/auditors or the tax authorities. The transfer takes place for the purpose of executing the contract with you on the basis of Art. 6 para. 1 sentence 1 letter b) GDPR.
If you apply for a job at Kess Berlin GmbH, we, as part of the EVENTIM Group, will transfer your personal data to CTS EVENTIM AG & Co. KGaA. The transfer of your personal data takes place for the purpose of processing your application to our company on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR, § 26 para. 1 sentence 1 BDSG new.

6. Your Rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not we process personal data relating to you and, if so, to what extent.
  • You have the right to request that we rectify your data in accordance with Art. 16 GDPR.
  • You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
  • In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
  • If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing that has taken place up to the time of revocation on the basis of the consent.

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR (on grounds of public interest or our legitimate interest) on grounds relating to your particular situation. If we process personal data about you for the purpose of direct advertising, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.

7. Changes to this Privacy Policy

The further development of the Internet and our website may also affect the handling of personal data. We therefore reserve the right to amend this privacy policy in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We would be pleased if you visit our website from time to time to find out about any updates to our privacy policy.

II. Data processing via our website www.kessberlin.de

When you use the website, which is available at the URL www.kessberlin.de, we collect information that you provide yourself and certain information about your use of the website that is collected automatically.

1. processing of Server Log Files

When using our website for purely informational purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default:

  • Our visited website (i.e. the URL);
  • Date and time at the time of access;
  • Amount of data sent in bytes;
  • Source/reference from which you accessed the page;
  • Browser used;
  • Operating system used;
  • IP address used (possibly in anonymised form);

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f) GDPR because we have overriding legitimate interests in making the use of the website as easy and efficient as possible and ensuring its functionality and security. The stored data will be deleted after thirty days unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason.

We are regularly unable to identify you as a data subject solely on the basis of this information. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 para. 2 GDPR unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.

2. Processing of Personal Data by Shopify International Limited

To operate our online shop, we use Shopify, a service provided by Shopify International Limited (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, ‘Shopify Limited’). Shopify is an e-commerce platform through which we offer our goods for sale.

When you use our online shop, Shopify Limited processes the data you provide (your name, email address, delivery and billing address, payment information, the name of your company if applicable and your telephone number). In addition, the IP address used, information about orders initiated by you, information about the online shops you visit that are based on the Shopify platform and information about the device and browser you use will be processed.

The processing is carried out on our behalf in order to provide you with the online shop. The data collection is based on the legal basis of Art. 6 para. 1 letters b) and f) GDPR and is carried out to fulfil the contract concluded with you and because we have overriding legitimate interests in making the use of the online shop as easy and efficient as possible and ensuring its functionality and security. We may pass on the data to our processor Shopify in accordance with the provisions of Art. 28 GDPR.

Insofar as the processed data is transferred to the Canadian-based Shopify Inc (150 Elgin St., 8th Fl, Ottawa, ON K2P 1L4, Canada), the European Commission has determined in an adequacy decision pursuant to Art. 45 GDPR that the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) provides an adequate level of data protection. You can access the adequacy decision at https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32002D0002&from=EN

We cannot rule out the possibility that personal data will also be transmitted to Shopify (USA) Inc. based in the USA. Shopify (USA) Inc. is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TNSNAA4&status=Active).

You can find more information about data processing by Shopify Limited at https://www.shopify.com/legal/privacy.

3. Contact Options and Enquiries

On our website we offer the possibility to contact us.

We use the Freshdesk customer service software to process your enquiries via the contact form, by email and via Facebook. The operator is Freshworks Inc, 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, and is contractually regulated to use a server location in Germany and a data processing agreement that complies with data protection regulations. Data is transferred on the basis of EU standard contractual clauses. Further information can be found here: https://www.freshworks.com/de/freshdesk/dsgvo/.
The transfer of your data to Freshdesk is based on Art. 6 para. 1 lit. a GDPR (consent). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.

4. Ordering a Product

a. Processing of Communicated Information

If you order a product via our website, we process personal data to fulfil the contract or to provide you with the ordered product. As part of the booking or ordering process, we process the data that you yourself have entered in the input mask, further information for processing your order and, if applicable, payment information if you pay in advance by bank transfer. We also process further information about the status of your payment.

In order to be able to deliver the ordered products to you, we transmit your data required for delivery to one of our shipping service providers as specified in the order.

The legal basis for the processing is Art. 6 para. 1 letter b) GDPR. All data fields marked as mandatory are required to process your booking or order. If you do not provide this data, we will not be able to process your booking or order. The provision of further data is voluntary.

b. Payment by Credit Card

We offer you the option of paying by credit card. To execute the payment, we transmit the credit card details you provide in encrypted form to the service provider (acquirer) Adyen N.V. (Adyen N.V. Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, Netherlands). After the payment has been executed, Adyen reports this back to us. Adyen is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4&status=Active). Please note that the respective payment information is collected and processed by Adyen on its own responsibility. Information that you provide to Adyen is not under our control and is subject to Adyen's privacy policy, which is available here: https://www.adyen.com/policies-and-disclaimer/privacy-policy.

c. Payment by PayPal

We offer you the option to pay via ‘PayPal’. If you select ‘PayPal’ as your payment option, we will transmit your personal data. Your personal data is transmitted based on your selected payment method and to process the payment with you. Your personal data will be transferred to the USA. In the case of the USA, the EU Commission has not decided that there is an adequate level of data protection within the meaning of the GDPR; there is no such adequacy decision (Art. 45 GDPR). We transmit your data for the purpose of executing the contract with you on the basis of Art. 6 para. 1 sentence 1 lit. b) in conjunction with Art. 49 para. 1 sentence 1 lit. f) GDPR. Art. 49 para. 1 sentence 1 lit. b) and c) GDPR.

d. Payment by Instant Bank Transfer

We offer you the payment method ‘Pay Now’ in co-operation with Klarna Bank AB, located at Sveavägen 46, 111 34 Stockholm, Sweden. If you use this service, Klarna will send us confirmation that the transfer order for your order has been successfully placed. This includes the data from the transfer form (name, account number, sort code, subject, transfer amount) as well as the date (with time) and the transaction identifier selected by us (e.g. order number). For SEPA transfers and if, depending on your bank, BIC and IBAN are required to set up the transfer in your online banking account, the confirmation to us also contains BIC and IBAN. We can also obtain this data from your account statement. Klarna does not transmit any further personal data to us. We process the data received for the purpose of executing the contract on the legal basis of Art. 6 (1) (b) GDPR.

Otherwise, Klarna processes the data on its own responsibility.

Further information on data protection at Klarna can be found at https://www.klarna.com/de/datenschutz/

e. Payment by Invoice

We offer you the payment method ‘Invoice’ in cooperation with Klarna Bank AB, located at Sveavägen 46, 111 34 Stockholm, Sweden. If you choose the ‘Klarna invoice’ payment option from Klarna AB during the order process, the personal data required for processing the invoice purchase and an identity and credit check will be collected and transmitted to Klarna AB. We process the data for the purpose of executing the contract on the legal basis of Art. 6 (1) (b) GDPR. In all other respects, Klarna processes the data on its own responsibility.

Further information on data protection at Klarna can be found at https://www.klarna.com/de/datenschutz/

5. Data Transfer to Shipping Service Providers

If you have given us your express consent to this during or after the order, we will pass on your e-mail address and, if applicable, telephone number to the selected shipping service provider, DHL Paket GmbH, Sträßchenweg 10, 53113 Bonn, Germany, in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR, so that they can contact you before delivery for the purpose of delivery notification or coordination.

You can revoke your consent at any time by sending a message to the contact option described below or directly to the shipping service provider at DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

6. Customer Account

You have the option of creating a user account. To do this, we collect your first and last name. You must also enter an e-mail address and assign a password. We also process the other information that you add to your user profile. Once you have successfully registered, you can log in to the protected customer area using your email address and password. If you have forgotten your password, we will use the email address provided to send you an email to reset your password.

The customer account allows you to view your order history at any time. You can also manage your addresses, which are available for preselection when ordering. The creation of a user account is voluntary. The website can also be used as a guest.

This data is processed on the basis of legal regulations that allow us to process personal data if it is necessary for the use of a service or the fulfilment of a contract (e.g. Section 15 (1) TMG; Art. 6 (1) (b) GDPR) or because we have an overriding legitimate interest in making the use of the website as easy and efficient as possible (Art. 6 (1) (f) GDPR). We delete this data as soon as you delete your customer account or the storage is no longer necessary.

7. Search in the webshop

In order to offer you the search function on our website, we process the IP address used and the search query. The processing serves to safeguard our legitimate interest in enabling visitors to our website to use the website easily and is based on the legal basis of Art. 6 para. 1 letter f) GDPR.

8. Newsletter

a. Registration and Deregistration

We offer you the opportunity to register for our newsletter on our website. After registering, we will inform you regularly about the latest news on our offers. A valid e-mail address is required to register for the newsletter. To verify your e-mail address, you will first receive a registration e-mail, which you must confirm by clicking on the link contained in this e-mail (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your email address and your name on the basis of your registration. The processing is based on the legal basis of Art. 6 para. 1 letter a) GDPR.

After an order, we will send you individual mailings about similar products and promotions (possibly also by post). We send these individual mailings regardless of whether you have subscribed to a newsletter (section 2.13.1). We process your personal data on the basis of our legitimate interests in informing you about changes to our products and services, promoting our products and services and carrying out marketing measures on the basis of Art. 6 (1) (f) GDPR in conjunction with Section 7 UWG.

You can object to this processing at any time with effect for the future, for example via the "unsubscribe" link in the newsletter or by contacting us via the above-mentioned channels. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

When you register for the newsletter, we also store your IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that you have subscribed to the newsletter. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c) in conjunction with Art. 7 para. 1 GDPR). Art. 7 para. 1 GDPR).ation deiner Einwilligung (Art. 6 Abs. 1 Buchst. c) i.V.m. Art. 7 Abs. 1 DSGVO).

b. Analysis

We also analyze the opening rates and reading behavior of our newsletter. For this purpose, we collect and process pseudonymized usage data that we do not merge with your e-mail address or your IP address.

The legal basis for the analysis of your reading behavior is Art. 6 para. 1 letter f) GDPR and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the above-mentioned contact channels.

c. Service Provider Klaviyo

We use the service provider Klaviyo, based at 125 Summer St, Boston, MA 02110, USA, to manage subscribers, send the newsletter and analyze it. Klaviyo also processes your data in the USA, among other places. Your personal data will be transferred to the USA. This data transfer takes place on the basis of EU standard contractual clauses. This ensures adequate protection of your personal data. Klaviyo thus undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.
You can find out more about the data that is processed through the use of Klaviyo in the Klaviyo Privacy Policy at https://www.klaviyo.com/legal/privacy-policy.
The processing is carried out on our behalf and is based on your consent when registering for the newsletter or on our legitimate interests after a purchase on our website (see section 8.a). It serves our legitimate interest in the optimization and economic dispatch of our newsletter. If you do not want your data to be processed by Klaviyo, you cannot subscribe to the newsletter or unsubscribe from it.

9. Event Tickets

You can register on our website for special events that we offer. To do so, you must provide us with your first and last name, your e-mail address, your order number and the date of your order. We also process information about the event when you register.

The processing of the data is based on the legal basis of Art. 6 para. 1 letter b) GDPR and is carried out to fulfill the contract with you.

10. Applications

You have the opportunity to apply for a job with us via our website. For this purpose, we collect personal data from you, including in particular your name, CV, letter of application and other content provided by you.

Your personal application data will only be processed for purposes related to your interest in current or future employment with us and the processing of your application. Your online application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. The legal basis for data collection is § 26 para. 1 sentence 1 BDSG.

If we are unable to offer you employment, we will retain the data you provide for up to two months after completion of the application process for the purpose of answering questions in connection with your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage. This processing serves our legitimate interest in being able to prove the legality of the circumstances of a rejection and is based on the legal basis of Art. 6 para. 1 letter f) GDPR.

If you have expressly consented to this, we will store your data for a period of two months and hereby inform you that this consent can be freely revoked at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.

11. Cookies for Service Provision and Usage Analysis (functional and tracking cookies)

Cookies are small pieces of information that the website stores in the persistent memory of your computer, tablet or smartphone. Please note that HTML5 has introduced the Web Storage feature, which is similar to cookies and which we therefore consider a cookie below.

Cookies contain information that the website uses to improve the efficiency of communication between you and your web browser. Cookies identify your computer or device and not primarily you as a specific user.

We use session cookies and permanent cookies. Session cookies are temporary. They are deleted after you close your web browser. Permanent cookies and HTML5 localStorage objects are stored for a longer period of time and remain on the end device until they are deleted or expire.

We differentiate between functional cookies, which are absolutely necessary for the use of the website (e.g. for login or checkout) and optional cookies for tracking and analysis purposes as well as for marketing purposes.

a. General Information on Cookies used by us

Data processing via functional cookies is based on the legal basis of Art. 6 (1) (b) or (f) GDPR. These cookies are necessary for the basic functions of the website and the processing thus serves to provide the service you have used and our legitimate interest in offering a functional website.

Data processing via the optional cookies only takes place with your consent and is based on the legal basis of Art. 6 para. 1 letter a) GDPR. You can declare your consent under "Cookie settings" on our website.

In order to document the declaration of consent and to be able to provide proof of this, we store the IP address used and a timestamp in addition to the declaration. This processing serves our legitimate interest in being able to prove your declaration of consent and is based on the legal basis of Art. 6 para. 1 letter f) GDPR.

You can prevent the storage of cookies by Google Analytics (see below, lit. c.) by setting your browser software accordingly. You can also object to the setting of optional cookies on our website under "Cookie settings".

Cookies are used for the following purposes:

  • Generating statistics: to measure website traffic, such as the number of website visitors, which domain the visitors come from, which pages they visit on the website and in which geographical areas the visitors are located.
  • Monitoring website performance and your use of our website: to monitor website performance, our applications and infrastructure and how you use our website.
  • Enabling the shopping cart and checkout: cookies are used to store the information entered when purchasing products on the website and thus support the purchasing process.
  • Login procedures and improving the functionality of our website: to optimize the user experience on the website, which includes a login status reminder function when you visit the website again, as well as a reminder function for your browser and preferred settings (e.g. your preferred language).

b. Analysis of our website with Google Analytics

We use the Google Analytics service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") or, if you are based in the EU, Google Ireland Limited, (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") to analyze our website visits. Google uses cookies that enable your use of our website to be analyzed. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website. The information generated by the cookie about the use of our website by users is usually transferred to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and the use of the Internet. Pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user's browser will not be merged with other Google data.

We use the Google Universal Analytics variant. This enables us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions into context and analyze long-term relationships.

The data on user actions is stored for a period of 14 months and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.

We also use the Google Analytics advertising functions. This function enables us to display advertisements in a more targeted manner in order to present users with advertisements that are in line with their interests. Remarketing is used to show users ads and products for which interest has been identified on other websites in the Google network. We can also link Google Analytics with other Google services such as Google Ads. For these linked services, data is then collected via Google Analytics for advertising purposes. For this purpose, Google cookies for ad preferences and anonymous identifiers are used to collect further data on access.

You can find information on the cookies used by Google at https://policies.google.com/technologies/types?hl=de.

You can prevent the storage of cookies by Google Analytics by selecting the appropriate settings in your browser software. You can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout

You can also object to the use of cookies on our website under "Cookie settings".

The legal basis for data processing in connection with the Google Analytics service is Art. 6 (1) (f) GDPR and the processing serves our legitimate interest in analyzing user behavior on our website and thus enabling a needs-based design.

When using Google Analytics, we cannot rule out the transmission of the processed data to Google LLC, which is based in the USA. Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

12. Marketing & Retargeting Cookies

a. Google Ads

We use the online advertising program Google Ads from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") or, if you are based in the EU, Google Ireland Limited, (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"), through which we place advertisements on the Google search engine. If you access our website via a Google ad, Google places a cookie on your device ("conversion cookie"). A different conversion cookie is assigned to each Google Ads customer so that the cookies cannot be tracked across the websites of different Ads customers. The information collected with the help of the cookie is used to create conversion statistics. This tells us the total number of users who have clicked on one of our Google ads. However, we do not receive any information with which users can be personally identified.

Insofar as personal data is processed, this is done for the purpose of marketing our offer and for the purpose of direct advertising. Processing only takes place with your consent and is based on the legal basis of Art. 6 (1) (a) GDPR. You can prevent inclusion in conversion tracking by preventing the setting of cookies via your browser settings.

We cannot rule out the transmission of the processed data to Google LLC, which is based in the USA. Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

b. Facebook Pixel (Conversion and Custom Audience)

Within our website, we use the Facebook pixel of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

With the help of the Facebook pixel, we can track the behavior of users after they have been redirected to the provider's website by clicking on a Facebook ad (so-called "conversion"). In this way, we can also record the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, and we will inform you of this to the best of our knowledge. Facebook can link this data to your Facebook account and also use it for its own advertising purposes in accordance with the Facebook Data Usage Policy https://www.facebook.com/about/privacy/. You can enable Facebook and its partners to place advertisements on and outside of Facebook. A cookie may also be stored on your computer for these purposes.

The Facebook pixel is triggered by Facebook when you visit our website and can store a cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online offering will be noted in your Facebook profile. The data collected about you is still anonymous to us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes.

This processing is carried out for the purpose of obtaining information about the effectiveness of Facebook ads. It is carried out exclusively with your consent and is based on the legal basis of Art. 6 (1) (a) GDPR.

You can withdraw your consent by going to "Cookie settings" on our website and withdrawing your consent.

You can also object to the collection by the Facebook pixel and the use of your data to display Facebook ads at the following address: https://www.facebook.com/settings?tab=ads.

We also use the Custom Audience service via the Facebook pixel. Facebook uses the integrated pixel to record visitors to our website and their data as the basis for ads (Facebook Ads). The pixel transmits general information about the browser session to Facebook as well as a non-reversible and non-personal checksum (hash value) generated from your Facebook ID. Details on how Facebook handles your data, as well as your rights and settings options for protecting your personal data, can be found in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.

This processing is carried out for the purpose of marketing our offers via the target group-specific display of advertising and takes place with your consent. It is based on the legal basis of Art. 6 (1) (a) GDPR.

You can withdraw your consent by going to the "Cookie settings" section of our website and withdrawing your consent.

If you also wish to object to the use of Facebook Website Custom Audiences for the future ("opt out"), you can do so at https://www.facebook.com/ads/website_custom_audiences.

Facebook is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

c. The ADEX

Cross-website advertising via third-party providers

We use the technology of The ADEX GmbH, Berlin to collect information regarding your usage behavior of our websites and to make this data available to third-party providers to display usage-based advertising. We use cookies for this purpose. In doing so, we process your personal data on the basis of your consent within the meaning of Art. 6 para. 1 sentence 1 lit. a) GDPR.

d. Linkster

We use the tracking technology of Linkster GmbH, Colonnaden 5, 20354 Hamburg, Germany, on this website to measure and visualize insights into partnerships and advertising channels. This is a function for measuring the efficiency of the corresponding advertising measures. Furthermore, the information enables us to allocate advertising successes to the
billing with corresponding advertising partners. When you click on an advertising integration, cookies are set in your browser, which are read in the event of a transaction. At each touch point, your browser sends an HTTP request to the Linkster server, with which certain information is transmitted. This information includes the URL of the website on which the advertising material is placed (referrer URL), the browser identification (user agent) of your end device (including information about the device type and operating system), the IP address of the end device (this IP address is anonymized and hashed by us before storage), HTTP header (data packet automatically transmitted by your browser with various technical information), the time of the request and, if previously stored on the end device, the cookie with its content.
A cookie is a small data packet that is exchanged between your browser and the server. The information relevant to the web application can be stored and transmitted in this data packet, e.g. the contents of a virtual shopping basket.
The tracking technology stores cookies on your end device to document actions. A 24-digit, anonymous ID is stored in the cookie. Linked to this ID, the data is encrypted and stored in our database on the server.
It contains information about the last touch points (i.e. when a specific advertising medium was displayed or clicked on by an end device). The stored touch points can be combined into a sequence chain (user journey) if necessary.
In the case of an action request, the order number and the shopping cart value of your order are usually also transmitted and stored by us. The following values may also be transmitted and stored: Your customer number, new customer feature, as well as the information you provided in a customer survey.
The cookies stored by Linkster GmbH are deleted after 30 days at the latest. The information transmitted to us and the cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing and is justified with our
legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
If you do not wish cookies to be stored in your browser, you can do so by changing your browser settings accordingly. You can deactivate the storage of cookies in your browser under Extras/Internet options, restrict them to certain websites or set your browser to notify you as soon as a cookie is sent. Please note, however, that in this case you must expect a limited display of the online offers and limited user guidance. You can also delete cookies at any time
delete them. In this case, the information stored in them will be removed from your end device.
The collection and processing of tracking data can also be deactivated by clicking on this tracking opt-out link:
https://trck.linkster.co/privacy-optout.do
Viewing your data:
https://trck.linkster.co/privacy-mydata.do
You can see which cookies are used by our tracking technology in detail in the following overview:
TRS: Unique, 24-digit identifier (ID) for tracking partnerships. This cookie is stored in the client browser and identifies database records that contain the touchpoint data.
TRSCJ: Fallback cookie with the rudimentary touchpoint data for tracking partnerships. This cookie contains all touchpoint data on the client browser in encrypted form.
trs_db_optout: When the tracking opt-out link is clicked, a special cookie is written, which deactivates tracking in the current web browser of the end device. However, tracking is reactivated as soon as you delete the tracking opt-out cookie.

You can prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by withdrawing your consent under "Cookie settings" on our website.

13. Integrated Third-Party Services and Content

We use services and content provided by third-party providers on our website (hereinafter collectively referred to as "content"). For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to the respective third-party providers.

Such third-party providers are, in particular, so-called Content Delivery Networks (CDN).

Unless otherwise stated in the following, this data processing is carried out to provide the service you have used and is based on Art. 6 para. 1 lit. b) GDPR or to protect our legitimate interests in the optimization and economic operation of our website and is based on the legal basis of Art. 6 para. 1 letter f) GDPR.

You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is the Matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.

We have integrated content from the following services provided by third-party providers into our website:

  • Services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"):
  • "Google Maps" to display maps;
  • "Google Web Fonts" for the display of fonts
  • "Google Cloud Platform" for the display of content
  • When using Google services, we cannot rule out the transmission of the processed data to Google LLC, which is based in the USA. Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
  • "YouTube" of YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA;
  • "YouTube") to display videos. We have integrated YouTube videos into our website using the so-called two-click solution. When using the two-click solution, no connection to the third-party provider is initially established, but a placeholder is first loaded from our own server. Only when you click on the placeholder will the video content be loaded from a third-party server.
  • The data processing required for this takes place with your consent and is based on the legal basis of Art. 6 (1) (a) GDPR. As a subsidiary of Google, YouTube is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
  • "Amazon Cloudfront" of the third-party provider Amazon Web Services, Inc. (410 Terry Avenue North, Seattle WA 98109, USA; "Amazon") for the provision of content. Amazon

III. Data processing via our Kess Facebook Fanpage

You can also find us on Facebook at https://www.facebook.com/kessberlin.

When you visit our Facebook fan page, we process certain data from you when you interact with our page, mark a post with "Like" or comment on it or provide other content. The data processing in this regard is regularly based on your consent (Art. 6 (1) (a) GDPR). You can withdraw your consent at any time, e.g. by deleting the content in question. This does not affect the lawfulness of the processing that has taken place to date. Further data processing may take place in order to receive and process an inquiry or message (Art. 6 (1) (b) GDPR). Furthermore, we may process your publicly disclosed profile data if we have a legitimate interest in doing so (Art. 6 (1) (f) GDPR), e.g. the pursuit of commercial interests and your interests do not outweigh this.

We are also jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland for the processing of so-called Insights data when you visit our Facebook fan page. Facebook uses this Insights data to analyze behavior on our Facebook fan page and provides us with this data in anonymized form. For this purpose, we have concluded an agreement with Facebook Ireland Ltd. on joint responsibility for data processing. Facebook Ireland Ltd. undertakes, among other things, to assume primary responsibility under the GDPR for the processing of Insights data and to fulfill all obligations under the GDPR with regard to the processing of Insights data. The processing serves our legitimate economic interests in the optimization and needs-based design of our Facebook fan page, Art. 6 para. 1 letter f. GDPR.

You can obtain the information required by the GDPR on data processing in the context of Page Insights from Facebook; currently specifically in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.

Facebook also provides you with the relevant contents of the contract concluded between Facebook and us on processing under joint responsibility in accordance with Art. 26 GDPR; currently under the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

We would also like to draw your attention to the following:

If you visit or like our Facebook page as a registered Facebook user, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") collects personal data from you. If you are not registered with Facebook and visit the Facebook page, Facebook may collect pseudonymous usage data from you.

Specifically, the following information is collected by Facebook:

  • Calling up a page, a post or a video from a page
  • Subscribe or unsubscribe from a page
  • Marking a page or a post with "Like" or "No longer like"
  • Recommend a page in a post or comment
  • Comment on, share or react to a page post (including the type of reaction)
  • Hide a page post or report it as spam
  • Click on a link that leads to the page from another page on Facebook or from a website outside of Facebook
  • Hover over the name or profile picture of a page to see a preview of the page content
  • Clicking on the website button, phone number button, "Plan route" button or any other button on a page
  • Information about whether you are logged in via a computer or mobile device while visiting a page or interacting with it or its content

You can find more information in Facebook's data protection information at https://www.facebook.com/legal/terms/information_about_page_insights_data.

Processing by Facebook also takes place in the USA. Facebook Inc. is certified in accordance with the EU-U.S. Privacy Shield. For the USA, the European Commission decided on July 12, 2016 that an adequate level of data protection exists under the provisions of the EU-U.S. Privacy Shield (adequacy decision, Art. 45 GDPR). You can find more information about Facebook's certification here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

Please note that the use of our fan page also involves further processing of your personal data by Facebook beyond the "Page Insights" function. In this respect (in particular with regard to the technical facilitation of the use of our fan page), we refer you to Facebook's data protection information at https://www.facebook.com/privacy/explanation.

IV. Information on the Whistleblower Protection Act

You can find further information on KESS BERLIN GmbH Compliance under Compliance in acc. with Whistleblower Protection Act.

Status: January 30, 2024