We are pleased about your interest in our website. Below, we provide you with detailed information about how your data is handled.
The controller in the sense of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
COCOLI GmbH
Greifswalder Straße 13H
10405 Berlin
E-Mail info@cocoli.com
Phone: +49 (0)30 83798585
Our data protection officer is:
heyData GmbH
Schützenstraße 5
10117 Berlin
E-mail: datenschutz@heydata.eu
Phone: +49 (0) 89 41325320
-
1. Collection and storage of personal data during website provision
1.1 When visiting the website
When you visit our website www.cocoli.com, the browser used on your device automatically sends information to our websites server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
The mentioned data are processed by us for the following purposes: ensuring a smooth connection setup of the website, ensuring comfortable use of our website, processing payments and shipping of articles listed on our website, evaluating system security and stability, and for other administrative purposes. In no case do we use the collected data for the purpose of drawing conclusions about your person.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
1.2 When subscribing to our newsletter
It is possible to subscribe to a free newsletter, which we send regularly after explicit consent. The following personal data is processed by us for the newsletter:
Optionally, this data can also be stored with information about your place of residence (city, postal code) or, in the case of a purchase, the products acquired.
You can unsubscribe at any time, for example, via a link at the end of each newsletter. Alternatively, you can send your unsubscribe request to info@cocoli.com by e-mail at any time.
To send our newsletter, we work with Klaviyo. Klaviyo is a service that allows, among other things, the organization and analysis of newsletter dispatches. The data you provide for the purpose of subscribing to the newsletter is stored within our protected Cocoli account on Klaviyos servers in the United States of America. If you do not want your data to be stored by an American company or analyzed by Klaviyo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. With the help of Klaviyo, we can analyze our newsletter campaigns. For example, we can see if a newsletter message has been opened and which links, if any, have been clicked. This way, we can determine, among other things, which links were clicked on particularly often, or if certain predefined actions were carried out after opening/clicking.
The legal basis for its use is based on our legitimate interests under Art. 6 para. 1 lit. f GDPR.
The operating company is Klaviyo, 125 Summer St, Boston, MA 02110, USA [Data transfer based on Standard Contractual Clauses/DPF]. You can view Klaviyos applicable data protection provisions here: https://www.klaviyo.com/legal/privacy-policy. Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
1.3 When an order process is abandoned
If an order process has not been completed, we send a reminder e-mail, also called an Abandoned Basket email. You will receive this reminder e-mail from us regardless of whether you have subscribed to a newsletter.
For this, we use the following personal data:
Klaviyo is a service that allows, among other things, the organization and analysis of sending mail automations. For this e-mail, your e-mail address and the products you have placed in the shopping cart are stored within our protected Cocoli account on Klaviyos servers in the United States of America.
If you do not want to receive these messages, you can send your unsubscribe request to info@cocoli.com by e-mail at any time.
The operating company is Klaviyo, 125 Summer St, Boston, MA 02110, USA [Data transfer based on Standard Contractual Clauses/DPF]. You can view Klaviyos applicable data protection provisions here: https://www.klaviyo.com/legal/privacy-policy Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
1.4 During checkout
As part of the checkout process, we work with various service providers to process, for example, vouchers, payments, or all e-mails related to the purchase process.
1.4.1 General order process
Within the order, we process the following personal data:
This data is used to process the order. We pass this data on to our partner companies in accordance with the legal and required framework. This includes selling private individuals, dealers, and shipping service providers. These are in turn obliged to comply with the applicable data protection regulations, in particular, they may only process the data exclusively to fulfill their tasks on our behalf and only according to our instructions.
The legal basis for the use of the shipping service provider is based on our legitimate interests Art. 6 para. 1 lit. f GDPR.
We retain order data in accordance with tax and commercial law retention periods. These are 10 years for accounting records according to § 147 para. 1 of the German Fiscal Code (AO) and 6 years for business documents according to § 257 para. 1 of the German Commercial Code (HGB). For Austrian customers, the retention obligations of the Federal Fiscal Code (BAO) also apply.
1.4.2 Vouchery
We use the voucher management solution Vouchery. Vouchery allows us to control customer and campaign-specific discount promotions. To validate vouchers, Vouchery compares the purchase and customer data from the shopping cart with the conditions of the voucher being checked. This corresponds to our legitimate interest in offering efficient and secure voucher validation (Art. 6 para. 1 lit. f GDPR).
Vouchery processes the following personal data for this purpose:
The operating company is Vouchery, Inc, HoxtonMix, 86-90 Paul Street, London, EC2A 4NE, United Kingdom. You can view Voucherys applicable data protection provisions here: https://www.vouchery.io/privacy
1.4.3 PayPal
To process payments, we use the online payment service PayPal. Through this provider, we enable you to purchase products from us.
This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR).
PayPal processes the following personal data for this purpose:
PayPal compares this with the data you have provided directly to PayPal, such as first and last name, address, e-mail address, IP address, phone number, credit card number, and possibly account balance, turnover, or credit limit. The operating company is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. You can view PayPals applicable data protection provisions here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
1.4.4 Stripe
To process payments, we use the online payment service Stripe. Through this provider, we enable you to purchase products from us using various payment methods (e.g., credit card, Klarna, etc.). Stripe also enables the legally compliant payout of sales proceeds to private individuals. This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR).
Stripe processes the following personal data for this purpose:
Stripe compares this with the data you have provided directly to Stripe, such as first and last name, address, e-mail address, IP address, phone number, credit card number, and possibly account balance, turnover, or credit limit. The operating company is Stripe Inc., 510 Townsend St., San Francisco, CA 94103, USA [Data transfer based on Standard Contractual Clauses/DPF]. You can view Stripes applicable data protection provisions here: https://stripe.com/at/privacy Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
1.4.5 Mailjet
We send automatic e-mails, such as confirmation of a successful product upload or purchase confirmations, using the e-mail service provider Mailjet. This corresponds to our legitimate interest in ensuring continuous and targeted customer communication (Art. 6 para. 1 lit. f GDPR).
Mailjet processes the following personal data for this purpose:
The operating company is Mailjet SAS, 13-13bis, Rue de l’Aubrac, 75012 Paris, France. You can view Mailjets applicable data protection provisions here: https://www.mailjet.com/de/rechtliches/datenschutzerklaerung/
2. Data transfer Categories of recipients: Hosting service providers, payment service providers, marketing and analysis tools, shipping partners.
Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy. We only pass on your personal data to third parties if explicit consent has been given for this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Or if the disclosure is necessary according to Art. 6 para. 1 lit. f GDPR (legitimate interest) for the processing of contractual relationships, assertion, exercise or defense of legal claims, and there is no reason to assume that there is an overriding legitimate interest in not disclosing the data.
External Hosting
This website is hosted by an external European service provider. Personal data collected on this website is stored on the hosts servers. This can include, among other things, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via a website. Our host will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
We regularly perform technical maintenance on our platform and continuously improve its security and functionality. For this purpose, we share your profile data with service providers who provide cloud and hosting services, IT security measures, maintenance and technical services, and communication services.
To provide our services and to fulfill the purposes mentioned above, we work with the following service providers:
These service providers support us in providing the platform, storing and processing data, and technical maintenance.
3. Cookies
We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.). Information is stored in the cookie, which arises in each case in connection with the specifically used device. However, this does not mean that we gain direct knowledge of your identity.
The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific, fixed period. If you visit our site again, it is automatically recognized that you have already been with us and which entries and settings you have made. So you do not have to enter everything a second time.
Furthermore, we also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. These cookies are automatically deleted after a respectively defined time. The data processed by cookies are necessary for the purposes mentioned to protect our legitimate interests as well as those of third parties according to Art. 6 para. 1 lit. f GDPR (legitimate interest). Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. The complete deactivation of cookies may, however, mean that not all functions of our website can be used.
3.1 Necessary Cookies
3.1.1 Cookiebot
To store your cookie preferences, we use the provider Cookiebot. Cookiebot stores the users consent status for cookies on the current domain and allows you to change it at any time.
Cookiebot processes the following personal data:
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR (consent). The operating company of Cookiebot is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, company registration number DK34624607. Note: Marketing and tracking cookies are only set after explicit consent and can be revoked at any time.
You can view Cookiebots applicable data protection provisions here: https://www.cookiebot.com/de/privacy-policy/
Inquiries regarding the protection of personal data, privacy, and security can be sent to the following e-mail address: privacy@cookiebot.com.
3.1.2 Google Tag Manager
To better orchestrate cookies according to your consent and across tools, we use Google Tag Manager from the provider Google. Google Tag Manager implements tags and serves as a trigger for further processing.
Google processes the following personal data:
When a tag is triggered, Google may process personal data. As Googles servers are located internationally, we cannot rule out that personal data may also be transferred to a US server. The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR (consent).
The operating company is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can view Googles applicable data protection provisions and further information on data transfer here: https://policies.google.com/privacy?hl=en
https://policies.google.com/privacy/frameworks?gl=en.
3.2 Functional Cookies
3.2.1 Algolia
This website uses Algolia Instantsearch ("Algolia") to search and index our content. By using Algolia Instantsearch, your IP address and your search query are transmitted to an Algolia server and stored there for 90 days for statistical purposes. The search data enables us to display more relevant search results and related products (e.g., Related Items). Algolia does not transfer the collected data to third parties but processes it exclusively internally for statistical evaluations and monitoring of its services. The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR.
The operating company is Algolia Inc., 589 Howard Street, 5th floor, San Francisco, CA 94105, USA [Data transfer based on Standard Contractual Clauses/DPF]. You can view Hotjars applicable data protection provisions here: https://www.algolia.com/policies/privacy/ Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
3.2.2 Elfsight
To show you our Google reviews in the footer of the homepage, we use the provider Elfsight. Elfsight uses a cookie (_p_hfp_client_id) to prevent abuse and failed page loads. Personal data is not stored for this purpose.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR (consent). The operating company is Elfsight LLC, 304b Lunacharskogo 1, Tula, Tula, 300002, Russia. You can view Elfsights applicable data protection provisions here: .
3.3 Cookies for analysis and evaluation
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest). With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
3.3.1 Google Analytics
For the purpose of needs-based design and continuous optimization of our pages, we use Google Analytics, a web analysis service of Google Inc.; hereinafter "Google". In this context, pseudonymized usage profiles are created and cookies are used. A personal reference to you specifically is therefore not possible.
Google processes the following personal data in an anonymized form:
Since Googles servers are located internationally, we cannot rule out that this personal data may also be transferred to a US server.
The information is used to evaluate the use of the website, to compile reports on website activities, and to provide other services related to website use and internet use for the purposes of market research and needs-based design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.
Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking). You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case, not all functions of this website may be fully usable.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR (consent).
The operating company is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA [Data transfer based on Standard Contractual Clauses/DPF]. You can view the applicable data protection provisions of Google Analytics here: https://support.google.com/analytics/answer/6004245?hl=en Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
3.3.2 Hotjar
We use Hotjar to better understand the needs of our users and to optimize the offer and experience on this website. With the help of Hotjars technology, we get a better understanding of our users experiences (e.g., how much time users spend on which pages, which links they click, what they like and what they dont). This helps us to align our offer with the feedback of our users.
Hotjar processes the following personal data in an anonymized form:
Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR (consent). The operating company is Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julians STJ 3141 Malta. You can view Hotjars applicable data protection provisions here: https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar
3.3.3 Microsoft Clarity
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
3.4 Cookies for marketing purposes and advertising measures
3.4.1 Google Ads Conversion Tracking
To statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. In this process, Google Ads sets a cookie (see section 4) on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads customers website and the cookie has not yet expired, Google and the customer can see that the user clicked on the ad and was redirected to this page. Each Ads customer receives a different cookie. Cookies cannot, therefore, be tracked through the websites of Ads customers. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page equipped with a conversion tracking tag. However, they do not receive any information that allows users to be personally identified. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com".
Since Googles servers are located internationally, we cannot rule out that personal data may also be transferred to a US server. The operating company is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA [Data transfer based on Standard Contractual Clauses/DPF]. You can view the applicable data protection provisions of Google Ads Conversion Tracking here: https://services.google.com/sitestats/en.html Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
3.4.2 Google Remarketing or "Similar Audiences" component of Google
On our website, we use the Remarketing or "Similar Audiences" function. This is a service of Google Inc., hereinafter referred to as "Google". Through certification according to the EU-US Privacy Shield - https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active - Google guarantees that the EUs data protection requirements are also complied with when processing data in the USA [Data transfer based on Standard Contractual Clauses/DPF]. We use this function to display interest-based, personalized advertising on third-party websites that are also part of the Google advertising network. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our website. To enable this advertising service, Google stores a cookie with a sequence of numbers on your device via your internet browser during your visit to our website. This cookie records both your visit and the use of our website in an anonymized form. Personal data is not passed on. If you subsequently visit the website of a third party who also uses the Google advertising network, advertisements may appear that have a connection to our website or our offers there. Through so-called cross-device marketing, Google may also track your usage behavior across multiple devices, so that you may be shown interest-based, personalized advertising even if you change devices. However, this requires that you have consented to the linking of your browser history with your existing Google account. Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
Since Googles servers are located internationally, we cannot rule out that personal data may also be transferred to a US server. The operating company is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA [Data transfer based on Standard Contractual Clauses/DPF]. You can view the applicable data protection provisions and further information of Google Remarketing here: https://policies.google.com/privacy?hl=en Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
http://www.google.com/privacy/ads/
3.4.3 Meta Pixel: Facebook Remarketing / Facebook Custom Audiences Pixel
Within our online offer, so-called "Facebook pixels" of the social network Facebook are used. With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our offer as a target group for the display of advertisements, so-called "Facebook Ads [Joint responsibility according to Art. 26 GDPR with Meta, details see Metas privacy policy]". Accordingly, we use the Facebook pixel to display the Facebook Ads placed by us [Joint responsibility according to Art. 26 GDPR with Meta, details see Metas privacy policy] only to those Facebook users who have also shown an interest in our internet offer. This means that with the help of the Facebook pixel, we want to ensure that our Facebook Ads [Joint responsibility according to Art. 26 GDPR with Meta, details see Metas privacy policy] correspond to the potential interest of the users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes, by seeing whether users were redirected to our website after clicking on a Facebook ad. The Facebook pixel is directly integrated by Facebook when our websites are called up and can store a so-called cookie, i.e., a small file, on your device. If you then log into Facebook or visit Facebook while logged in, the visit to our offer will be noted in your profile. The data collected about you is anonymous to us, so it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible. The processing of the data by Facebook takes place within the framework of Facebooks data usage policy. Accordingly, you will receive further information on the functioning of the remarketing pixel and generally on the display of Facebook Ads [Joint responsibility according to Art. 26 GDPR with Meta, details see Metas privacy policy], in Facebooks data usage policy. You can object to the collection by the Facebook pixel and use of your data for the display of Facebook Ads [Joint responsibility according to Art. 26 GDPR with Meta, details see Metas privacy policy]. To do this, you can call up the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare the objection via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/ The settings are platform-independent, i.e., they are adopted for all devices, such as desktop computers or mobile devices.
Since Facebook servers are located internationally, we cannot rule out that personal data may also be transferred to a US server.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR (consent).
The operating company is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
You can view the applicable data protection provisions here: https://www.facebook.com/privacy/
3.4.4 Pinterest Tag
We maintain an online presence on Pinterest to present our company and our services, and to communicate with customers/prospects. Pinterest is a service of Pinterest Inc.
Pinterest sets a cookie. Personal data is not transferred to Pinterest.
Since Pinterest servers are located internationally, we cannot rule out that personal data may also be transferred to a US server.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR (consent).
The operating company is Pinterest Inc., 635 High Street, Palo Alto, CA, USA [Data transfer based on Standard Contractual Clauses/DPF]. Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
You can view the applicable data protection provisions here: https://policy.pinterest.com/en/privacy-policy.
3.4.5 Microsoft Advertising Tag
Microsoft Advertising allows us to display advertisements on the Bing search engine or on third-party websites. Based on the user data available to Microsoft (e.g., location data and interests), targeted advertisements can also be displayed (audience targeting). In this process, no personal data is transferred to Microsoft. Since Microsoft servers are located internationally, we cannot rule out that personal data may also be transferred to a US server.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR (consent).
The operating company is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA [Data transfer based on Standard Contractual Clauses/DPF]. You can view the applicable data protection provisions here: https://privacy.microsoft.com/en-us/privacystatement. Providers such as Google, Meta, and Stripe participate in the EU-US Data Privacy Framework; if this does not apply, Standard Contractual Clauses are used.
3.4.6. Criteo
We use Criteo for remarketing and advertising. The provider is Criteo SA, 32 rue Blanche, 75009 Paris, France. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the EU.
The legal basis for the processing is Art. 6 para. 1 S. 1 lit. a GDPR. The processing is based on consent. Data subjects can withdraw their consent at any time by adjusting the settings in the cookie banner. The withdrawal does not affect the lawfulness of the processing until the withdrawal.
The data is stored for a maximum of 13 months from the date of collection. Further information is available in the providers privacy policy at https://www.criteo.com/privacy/ available.
4. Rights of data subjects
You have the right: to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about their details; to demand the immediate correction of incorrect or completion of your personal data stored by us in accordance with Art. 16 GDPR; to demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims; to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it for the establishment, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR; to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller in accordance with Art. 20 GDPR; to withdraw your once given consent to us at any time in accordance with Art. 7 para. 3 GDPR. This has the consequence that we may no longer continue the data processing that was based on this consent for the future and to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our office. Additionally, in Austria you can contact the Data Protection Authority (Barichgasse 40-42, 1030 Vienna, E-mail: dsb@dsb.gv.at). There is no automated scoring with legal effect; tracking is used exclusively for personalized advertising.
5. Right to object
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR (legitimate interest), you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you wish to make use of your right of revocation or objection, an e-mail to datenschutz@conscienta.de is sufficient.
6. Data security
We use the widespread SSL (Secure Socket Layer) method within the website visit in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
7. Timeliness and amendment of this privacy policy
This privacy policy is currently valid and is as of August 2025. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed by you at any time on the website at https://www.cocoli.com/en/privacy.