Privacy Policy

1. Introduction
With the following information, we would like to provide you, as a "data subject," with an overview of the processing of your personal data by us and your rights under data protection laws. The use of our websites is generally possible without the input of personal data. However, if you wish to contact us or make an order in our online shop, the processing of personal data is necessary. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.
The processing of personal data, such as your name, address, or email address, will always be in accordance with the General Data Protection Regulation (GDPR) and in compliance with the applicable national data protection regulations. Through this privacy notice, we would like to inform you about the scope and purpose of the personal data we collect, use, and process.
As the data controller, we have implemented numerous technical and organizational measures to ensure the most comprehensive protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed.

2. Responsible Entity
The entity responsible under Art. 4 (7) GDPR is:
Ernst Strassacker GmbH & Co. KG
Staufenecker Straße 19
73079 Süßen
Germany
Phone: +49 (0) 7162 16-0
Fax: +49 (0) 7162 16-355
Email: mail@strassacker.de
Representative of the responsible entity: Edith Strassacker

3. Data Protection Officer
You can contact our Data Protection Officer as follows:
Torsten Schmid
Email: datenschutz@strassacker.de
You can reach out to our Data Protection Officer at any time for any questions or suggestions regarding data protection.

4. Definitions
This privacy policy is based on the terms used by the European legislator in the enactment of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this privacy policy, we use, among others, the following terms:

1. Personal Data
Personal data refers to any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3.  Processing
Processing refers to any operation or set of operations performed on personal data, whether by automated means or not, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.

4. Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

5. Profiling
Profiling refers to any type of automated processing of personal data that involves using personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning the person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

6. Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.

7. Processor
A processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

8.  Recipient
A recipient is a natural or legal person, authority, agency, or other body to whom personal data is disclosed, regardless of whether they are a third party. However, authorities that may receive personal data in the course of a specific inquiry under Union or member state law are not considered recipients.

9.  Third Party
A third party is a natural or legal person, authority, agency, or other body, other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data.

10.  Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to them.

5. Legal Basis for Processing
Art. 6 (1) (a) GDPR (in conjunction with § 25 (1) TDDDG (formerly TTDSG)) serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, such as processing operations required for the delivery of goods or the provision of other services or counter-performance, the processing is based on Art. 6 (1) (b) GDPR. The same applies to processing operations required to take pre-contractual steps, such as inquiries about our products or services.
If our company is subject to a legal obligation that requires the processing of personal data, such as fulfilling commercial or tax obligations, the processing is based on Art. 6 (1) (c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured, and their name, age, health insurance details, or other vital information needed to be passed on to a doctor, hospital, or other third parties. In such a case, the processing would be based on Art. 6 (1) (d) GDPR.
Finally, processing operations may be based on Art. 6 (1) (f) GDPR. This legal basis applies to processing operations not covered by any of the above legal grounds if the processing is necessary for the protection of the legitimate interests of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override those interests. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator, who considered that a legitimate interest may be assumed if you are a customer of our company (Recital 47, Sentence 2 GDPR).

6. Disclosure of Data to Third Parties
We will not disclose your personal data to third parties for purposes other than those outlined below.
We will only share your personal data with third parties if:

1.    You have given us your explicit consent in accordance with Art. 6 (1) (a) GDPR,

2.    Disclosure is necessary for the protection of our legitimate interests under Art. 6 (1) (f) GDPR and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data,

3.    There is a legal obligation to disclose the data under Art. 6 (1) (c) GDPR, or

4.    Disclosure is legally permissible and necessary for the performance of a contract with you under Art. 6 (1) (b) GDPR.

To protect your data and potentially enable data transfer to third countries (outside the EU/EEA), we have entered into data processing agreements based on the Standard Contractual Clauses of the European Commission. If the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent under Art. 49 (1) (a) GDPR may serve as the legal basis for data transfer to third countries. This does not apply if the data transfer to third countries is covered by an adequacy decision issued by the European Commission under Art. 45 GDPR.
To operate our online shop, we use the shop platform provided by Shopify Inc., 151 O’Connor St – K2P 2M5 Ottawa, Canada. Shopify acts as a data processor in the context of its services under Art. 4 (8) GDPR. Shopify is contractually obligated under Art. 28 (3) GDPR to ensure that it processes your personal data only according to our instructions and in compliance with the applicable data protection regulations. Shopify may store and process personal data in the US, Canada, Europe, or other jurisdictions—either itself or through subcontractors affiliated with Shopify. The US is considered a "third country," which does not provide an adequate level of data protection (as required by the strict rules of the GDPR) in comparison to the EU/EEA. Therefore, when data is transferred to the US, there is generally a risk that your data could be processed by US authorities for control and surveillance purposes, without necessarily granting you the right to legal redress. The subprocessors Shopify works with are contractually bound to protect personal data. Data transfers to the US and other third countries are based on the Standard Contractual Clauses of the EU Commission or similar guarantees under Art. 46 GDPR (Data Privacy Framework).

7. Technology

7.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact inquiries you send to us as the operator. An encrypted connection can be recognized by the fact that the browser's address bar shows "https://" instead of "http://" and by the lock symbol in your browser bar.

7.2 Data Collection When Visiting the Website
When you use our website for informational purposes only, i.e., when you do not register or transmit any information to us or give consent to any consent-based processing, we only collect data that is technically necessary to provide the service. This typically includes data that your browser transmits to our server (in so-called server log files). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server's log files. The following may be collected:

1. The type and version of the browser used,
2. The operating system of the accessing system,
3. The website from which an accessing system comes to our website (so-called referrer),
4. The subpages accessed via an accessing system on our website,
5. The date and time of access to the website,
6. An Internet Protocol address (IP address), and
7. The Internet Service Provider (ISP) of the accessing system.

When using this general data and information, we do not draw conclusions about your person. Rather, this information is needed to:

1. Correctly deliver the content of our website,
2. Optimize the content of our website and advertising for it,
3. Ensure the continuous functionality of our IT systems and the technology of our website, and
4. Provide law enforcement agencies with the necessary information in the event of a cyberattack.

The data collected in this way is therefore analyzed statistically and with the goal of increasing the level of data protection and data security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The data from server log files is stored separately from all personal data provided by a data subject.
The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest arises from the purposes of data collection listed above.

7.3 Encrypted Payment Transactions via Shopify Payments
After completing a paid contract, you (depending on the chosen payment method) are required to transmit your payment details to us according to the offered payment methods. This data is necessary for processing the payment.
For payment processing in our online shop, we use the service Shopify Payments. Shopify Payments is provided by Shopify Inc. (150 Elgin Street, Suite 800, Ottawa, Ontario K2P 1L4, Canada) or through affiliated subsidiaries within the Shopify group.
When you place an order in our online shop and select the payment method "Shopify Payments," we or our shop system transmit your required payment data (e.g., card number, expiration date, cardholder’s name, billing address, IBAN, BIC, etc.) to Shopify Payments to process the payment. Additional order details necessary for proper processing (e.g., order number, purchase amount, currency) may also be included.
The processing of your data by Shopify Payments usually takes place in data centers that may also be located outside the European Union (e.g., in the USA or Canada). In this case, it cannot be excluded that government authorities in these countries may have access to the processed data. However, according to Shopify, they use recognized protective measures (e.g., Standard Contractual Clauses) to establish an adequate level of data protection.
The transmission of your data to Shopify Payments is carried out for the purpose of payment processing and fraud prevention in the context of your purchase in our online shop.
The collection, transmission, and processing of data is based on Art. 6 (1) (b) GDPR (performance of a contract), as the data processing is necessary to fulfill the contract regarding your order, and possibly also Art. 6 (1) (f) GDPR (legitimate interest), as we have a legitimate interest in ensuring a reliable and secure payment process.
Your payment data is transmitted solely to Shopify Payments and the payment service providers and banks involved in the payment process. Further disclosure of the data will only occur if we are legally obligated to do so or if you have explicitly consented.
We store your payment data only as long as necessary to process the payment and, if applicable, to comply with legal retention periods (e.g., from tax and commercial law regulations). Shopify Payments stores your data according to its own retention and deletion periods, over which we have no control. For more information, please refer to Shopify's privacy policy.

8. Cookies
8.1 General Information About Cookies
Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site.
Cookies store information that is specific to the device used. However, this does not mean that we obtain direct knowledge of your identity.
The use of cookies aims to make the use of our services more convenient for you. For example, we use session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our site.
Additionally, we use temporary cookies to optimize user-friendliness, which are stored on your device for a specific period of time. When you visit our site again to use our services, it will be automatically recognized that you have previously visited our site and which inputs and settings you have made, so you don't need to enter them again.
We also use cookies to statistically capture the usage of our website and to evaluate our offerings for optimization purposes. These cookies allow us to automatically recognize that you have already visited our site during a subsequent visit. The cookies set in this way are automatically deleted after a defined period of time.

8.2 Legal Basis for the Use of Cookies
The data processed through cookies that are required for the proper functioning of the website is necessary to protect our legitimate interests and those of third parties under Art. 6 (1) (f) GDPR.
For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6 (1) (a) GDPR.

8.3 Consent Management
To protect your privacy and comply with legal requirements, particularly the GDPR and the TDDDG regarding cookies and similar technologies, we use a so-called consent management tool (commonly referred to as a "cookie banner") in our online shop. With this tool, we can manage and document your consent (or rejection) for the use of certain cookies and similar technologies. The service provider for the tool is CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.
The consent management tool shows you a notification or consent banner when you first visit our online shop (and possibly at regular intervals thereafter). Here, you have the option to select cookies and trackers by category (e.g., "Necessary," "Statistics," "Marketing") and give or refuse consent. The tool sets a cookie in your browser to store your selected settings, so you do not have to make the same choices on every visit.
The consent management tool collects the following information:

• Your consent or rejection decision(s),
• The IP address used,
• Information about your browser and device configuration,
• The time of your decision.
  The processing of this data is based on Art. 6 (1) (c) GDPR to fulfill our legal obligation to be able to prove your consents and Art. 6 (1) (f) GDPR (legitimate interest) to ensure a verifiable and user-friendly consent process.
  Your consent settings (consent or rejection) are stored in the form of a cookie on your device. You can change or revoke your consent at any time by revisiting the consent banner or by deleting the stored cookies in your browser

9. Content of Our Website

9.1 Data Processing When Opening a Customer Account and for Contract Execution
In accordance with Art. 6 (1) (b) GDPR, personal data is collected and processed when you provide it to us for the performance of a contract or when opening a customer account. The data collected can be seen in the respective input forms. You can delete your customer account at any time, which can be done, among other ways, by sending a message to the above-mentioned address of the data controller. We store and use the data you provide to us for contract execution. After the complete execution of the contract or the deletion of your customer account, your data will be blocked considering the retention periods for tax and commercial law, and after these periods expire, your data will be deleted, unless you have explicitly consented to further use of your data or a legally permitted further use of your data has been reserved by us, which we will inform you about below.

9.2 Data Processing for Order Fulfillment
The personal data we collect will be shared with the transport company entrusted with the delivery as part of the contract execution, insofar as it is necessary for the delivery of the goods. Your payment data will be forwarded to the bank instructed with the payment process, insofar as this is necessary for payment processing. If payment service providers are used, we will explicitly inform you about this below (see section 7.3). The legal basis for sharing the data is Art. 6 (1) (b) GDPR.

9.3 Contacting Us / Contact Form
When contacting us (e.g., via contact form or email), personal data is collected. The data collected when using a contact form can be found in the respective contact form. This data will only be stored and used for the purpose of responding to your request or for contacting you and the related technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your inquiry has been fully processed. This is the case when it is clear from the circumstances that the matter has been conclusively resolved, and there are no legal retention obligations that would prevent deletion.

10. Newsletter Subscription

10.1 Marketing Newsletter
On our website, you are given the opportunity to subscribe to our newsletter. The personal data transmitted to us when subscribing to the newsletter can be seen in the input form used for this purpose.
We inform our customers and business partners at regular intervals about our offers through a newsletter. You can generally only receive our company’s newsletter if:

1. You have a valid email address, and

2. You have registered for the newsletter.

A confirmation email is sent to the email address you first registered for the newsletter for legal reasons, using a double opt-in procedure. This confirmation email serves to verify whether you, as the owner of the email address, have authorized the receipt of the newsletter.
When subscribing to the newsletter, we also store the IP address assigned to you by your Internet Service Provider (ISP) and the date and time of the subscription. The collection of this data is necessary in order to trace any potential misuse of your email address at a later time and therefore serves as our legal safeguard.
The personal data collected during the newsletter subscription process will only be used to send our newsletter. There will be no transfer of the personal data collected as part of the newsletter service to third parties. You can cancel the subscription to our newsletter at any time. The consent you have given for the storage of personal data for the newsletter distribution can be revoked at any time. Every newsletter contains a corresponding link for revoking consent. Additionally, you may also communicate the revocation to us in another way (e.g., informally via email).
The legal basis for data processing for the purpose of newsletter distribution is your consent in accordance with Art. 6 (1) (a) GDPR.

10.2 Use of hCaptcha
We use the hCaptcha service on our website, provided by Intuition Machines, Inc. (350 Alabama St, San Francisco, CA 94110, USA). hCaptcha is used to distinguish between human users and automated requests (e.g., bots). This is intended to ensure that our forms and interactive areas are protected from spam and misuse.
When using hCaptcha, the following information may be collected and processed: IP address, browser and operating system information, mouse movements, click behavior, and possibly other data related to user behavior. This data is transmitted to servers of Intuition Machines, Inc.
The processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR, as we have a legitimate interest in protecting our website and related services from abusive, automated data scraping and spam. The use of our contact forms is not technically possible or is only possible to a limited extent without hCaptcha. If you do not wish for hCaptcha to collect data from you, you are free to use alternative contact options (e.g., phone, email).
hCaptcha may also process data on servers outside the European Union, particularly in the USA. For transfers to third countries, appropriate safeguards (e.g., Standard Contractual Clauses) ensure an adequate level of data protection.
We do not store personal data collected by hCaptcha permanently. For information about data storage and deletion at Intuition Machines, Inc., please refer to the hCaptcha privacy policy.

11. Web Analysis

11.1 Shopify Analytics
We use the analytics features of Shopify Analytics in our online shop, a service provided by Shopify Inc. (150 Elgin Street, Suite 800, Ottawa, Ontario K2P 1L4, Canada). Shopify Analytics allows us to capture and evaluate the behavior of our shop visitors. For this purpose, cookies or similar technologies are typically used, which record information such as your IP address (possibly shortened/anonymized), browser and device information, referrer URL, pages visited, and the time and duration of your visit.
The data processing takes place for the purpose of analyzing user behavior to optimize and make our online offering more user-friendly. For example, we can identify which products are particularly popular or where visitors abandon the ordering process. The legal basis for this is, depending on the integration, your consent (Art. 6 (1) (a) GDPR) or our legitimate interest (Art. 6 (1) (f) GDPR). In the case of legitimate interest, this interest lies in optimizing our offering and improving the economic performance of our online shop.
Shopify may process the collected data on servers located in Canada and the USA. According to Shopify, an adequate level of data protection is ensured, among other things, by using Standard Contractual Clauses or comparable protection mechanisms. For more information, please refer to Shopify's privacy policy.
The retention period is determined by the respective usage purposes. You can object to the storage of cookies and the use of tracking technologies at any time or revoke your consent for the future by adjusting the corresponding settings in your browser or deleting already stored cookies. Please note that disabling tracking cookies may result in functional limitations in our online shop.

12. Advertising

12.1 Use of Meta Ads (Facebook Ads)
We use services from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") on our website to target advertising for our products and services on Meta platforms (e.g., Facebook, Instagram). For this purpose, we specifically use the "Meta Pixel," an analytics tool that tracks the behavior of users after they have seen or clicked on a Meta ad. This serves the purpose of analyzing the effectiveness of our ads and optimizing future campaigns (so-called conversion tracking).
The legal basis for using the Meta Pixel and for storing and reading information on your device is your consent under Art. 6 (1) (a) GDPR, which you can give via our cookie banner. The processing of personal data based on this is also based on your consent. Once consent is given, you can withdraw it at any time for future processing, e.g., via the cookie settings on our website.
The data collected by the Pixel is anonymous to us, meaning we cannot draw conclusions about your identity. However, the data is stored and processed by Meta, allowing it to be linked to your Meta profile, and Meta can use this data for its own purposes, particularly for personalized advertising. This may also result in the transfer of data to third countries, particularly the USA. In this case, the transfer is based on the Standard Contractual Clauses approved by the EU Commission and, if applicable, other appropriate guarantees such as the EU-US Data Privacy Framework.
The data will be stored as long as necessary for the purposes for which it was collected or until you withdraw your consent.
For more information about data processing by Meta, please refer to Meta’s privacy policy: https://www.facebook.com/privacy/policy/
You can make settings for interest-based advertising on Meta here: https://www.facebook.com/adpreferences/ad_settings

13. Our Activities on Social Networks
In order to communicate with you and inform you about our services, we are also present on social networks with our own pages. When you visit one of our social media pages, we are jointly responsible for the processing operations triggered by this, in accordance with Art. 26 GDPR, together with the provider of the respective social media platform.
We are not the original provider of these pages; rather, we use them within the framework of the possibilities offered to us by the respective providers.
Therefore, we would like to point out in advance that your data may also be processed outside the European Union or the European Economic Area. This use may be associated with data protection risks for you, as the enforcement of your rights, such as access, deletion, objection, etc., may be more difficult. Moreover, processing in social networks often takes place directly for advertising purposes or for analyzing user behavior by the providers, without us being able to influence it. When the provider creates usage profiles, cookies are often used or the usage behavior is assigned to your personal profile in the social networks.
The described processing of personal data takes place in accordance with Art. 6 (1) (f) GDPR, based on our legitimate interest and the legitimate interest of the respective provider, to communicate with you in a timely manner and to inform you about our services. If you are required to give consent to data processing as a user with the respective providers, the legal basis is Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR.
As we do not have access to the data held by the providers, we advise you to assert your rights (e.g., access, rectification, deletion, etc.) directly with the respective provider. Further information on the processing of your data in social networks is provided below for each provider of social networks we use:

13.1 Facebook
Joint controller for data processing in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy (Data Policy): https://www.facebook.com/about/privacy

13.2 X (formerly Twitter)
Joint controller for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy Policy: https://x.com/de/privacy
Access to your data: https://x.com/settings/your_twitter_data

13.3 Pinterest
Joint controller for data processing in Germany:
Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA
Privacy Policy: https://policy.pinterest.com/de/privacy-policy

14. Duration of Processing
Your data will be processed starting from the point of collection, as long as you or a third party provide it to us. We will delete your personal data when the contractual relationship with you is terminated, all mutual claims are fulfilled, and there are no further statutory retention obligations or legal justifications for storage. These include retention obligations under the Commercial Code (HGB) and the Fiscal Code (AO). At the latest, after the statutory retention periods have expired (usually 10 years after the contract ends), we will delete your personal data.

15. Your Rights as a Data Subject

15.1 Right to Confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.

15.2 Right to Access Art. 15 GDPR
You have the right to receive, at any time and free of charge, information about the personal data we hold about you and a copy of that data, in accordance with the legal provisions.

15.3 Right to Rectification Art. 16 GDPR
You have the right to request the rectification of any inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, considering the purposes of the processing.

15.4 Right to Erasure Art. 17 GDPR
You have the right to request the immediate deletion of your personal data if one of the legally provided reasons applies and if the processing or storage is not necessary.

15.5 Right to Restriction of Processing Art. 18 GDPR
You have the right to request the restriction of processing of your personal data if one of the legal conditions is met.

15.6 Right to Data Portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or a contract in accordance with Art. 6 (1) (b) GDPR, and the processing is carried out using automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability under Art. 20 (1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and without prejudice to the rights and freedoms of other persons.

15.7 Right to Object Art. 21 GDPR
You have the right to object to the processing of personal data concerning you at any time, based on grounds relating to your particular situation, if the processing is carried out based on Art. 6 (1) (e) GDPR (processing in the public interest) or Art. 6 (1) (f) GDPR (processing based on a legitimate interest).
This also applies to profiling based on these provisions under Art. 4 (4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
In individual cases, we process personal data for direct marketing purposes. You may object to the processing of your personal data for the purposes of such marketing at any time. This also applies to profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
Additionally, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

15.8 Withdrawal of a Data Protection Consent
You have the right to withdraw consent for the processing of personal data at any time with effect for the future.

15.9 Complaint to a Supervisory Authority
Furthermore, you have the right to lodge a complaint with the supervisory authority responsible for us (Art. 77 GDPR in conjunction with § 19 BDSG):
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
Address: Lautenschlagerstraße 20, 70173 Stuttgart, Germany
Postal Address: PO Box 10 29 32, 70025 Stuttgart, Germany
Phone: +49 711 615541-0, Fax: +49 711 615541-15, Email: poststelle@lfdi.bwl.de
As a data subject, you are free to lodge your complaint with the supervisory authority in the member state of your habitual residence, your place of work, or the place of the alleged infringement.
Supervisory authorities in the European Union can be found here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

16. Update and Modification of the Privacy Policy
This privacy policy is currently valid and is dated April 2025.
As our websites and services evolve, or due to changes in legal or regulatory requirements, it may be necessary to update this privacy policy. The most current version of the privacy policy can be accessed and printed at any time on the website at https://selections.strassacker.com/pages/datenschutzerklarung.