Privacy Policy

Privacy Statement

On this website, we, Croozer GmbH, provide information about our products and services. The protection of your personal data is very important to us. Therefore, we collect and process your personal data exclusively in accordance with data protection law. On this page, we provide all relevant information on data protection in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) on the collection and processing of your personal data.

Responsible for data processing:

Croozer GmbH
An der Hasenkaule 10
D - 50354 Cologne
Managing director: Andreas Gehlen
Tel: +49 (2233) 95991-0
E-mail: datenschutz@croozer.com

Our data protection officer can be reached at:

Croozer GmbH

Data Protection Officer -
An der Hasenkaule 10
D – 50354 Köln
Telephone: +49 (2233) 95991-0
E-mail: datenschutz@croozer.com

General Privacy Statement

When you visit this website and use the various services, we process your personal data as described in detail below.
For the operation of this website with its various services (including the online shop for our customers and the processing of orders), we work together with a number of external service providers, all of whom are carefully selected and contracted to us in accordance with data protection law.

1. Croozer-Cookies

Each time you visit our website, we use so-called cookies, i.e. small text files that are stored in your browser.

a. Session Cookies
For example, we use so-called session cookies, which are retained until you close all browser windows. We need these session cookies so that we can process your queries on our website and direct you to the various sub-pages. It is in our legitimate interests to use session cookies, as otherwise we would not be able to provide our website services in this way (Art. 6 para. 1 lit. f GDPR). If you do not want cookies to be used, you can block the use of cookies in your browser settings. You can still visit our website if you block cookies, but you may not be able to use all the website functions to their full extent.
b. Long-Term Cookies
In addition, we use the following longer-term cookies, which allow us to make our website more user-friendly, namely persistent cookies, which are used for a fixed period of an hour (“frontend” cookie) and of a month (“store” and “croozer-user” cookies).
These cookies remain on your device and enable us to recognise your browser the next time you visit our website (“persistent cookies”) so that, for example, previous settings are retained, e.g. if you place an item in your shopping basket and then leave our site and return again. Persistent cookies are automatically deleted after a pre-defined period, depending on the cookie, as specified above. Long-term cookies enable us to recognize you on your next visit to our website. This recognition using cookies helps us optimise the content of our website and make it more user-friendly for you, e.g. by restoring the contents of your shopping basket when you return. These cookies are stored by Croozer GmbH; our company and the external service providers who are engaged by us to offer support in the operation of the website as processors have access to these cookies.

It is in our legitimate interests to use these cookies in order to make our website as attractive and user-friendly as possible and develop it accordingly (Art. 6 para. 1 lit. f GDPR). If you do not want cookies to be used, you can block the use of cookies in your browser settings. You can still visit our website if you block cookies, but you may not be able to use all the website functions to their full extent.

Sentry

We have integrated Sentry on this website. The provider is Functional Software Inc, 45 Fremont Street, 8th Floor, San Francisco, California 94105, USA (hereinafter Sentry).
Sentry is an open source bug tracking service that allows us to monitor and fix bugs and crashes anywhere in web-based software in real time.
Sentry is used on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in the error-free functioning of its own website.
Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. for device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further details can be found in the provider’s privacy policy at
https://sentry.io/privacy/.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://sentry.io/legal/dpa/5.0.0/#cross-border-transfer-mechanisms and https://sentry.io/legal/dpa/5.0.0/#third-party.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000YdenAAC&status=Active
Order processing
We have concluded an order processing agreement (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

2. Server Log Files

Furthermore, each time you access our website, your browser transfers access data, so-called server log files, which we process to maintain system security and analyse user statistics. The information that we receive in the server log files includes, in particular, the time of the access, the website from which our website was accessed (referrer URL), the sub-pages accessed, the names of requested files, your IP address, the volume of data transmitted, your browser type and your access provider. This data is required in order to ensure system security, e.g. to identify and block the attacker in the event of a hacker attack. This is in our overriding, legitimate interests (Art. 6 para. 1 lit. f GDPR).
Server log file data also allows us to perform a statistical analysis (scope of use and user behaviour, e.g. total number of visits or total page views in a certain month) which we use to optimize the website design. However, the IP address is shortened and thus anonymised.

3. User Centrics

This is a cookie consent tool based on Usercentrics technology. This tool supports us in obtaining effective user consent for cookies that require consent and cookie-based applications. A cookie consent tool with technology from Usercentrics GmbH, Rosental 4, 80331 Munich (known as “Usercentrics”). When our website is accessed, the cookie consent tool collects certain user information (including the IP address), transmits it to the Usercentrics server and stores it there. The purpose of this is that page views can be clearly assigned to individual users and the consent settings made by the user can be individually recorded, logged and saved for a session duration.

This consent is obtained as follows: By integrating a corresponding JavaScript code, users are shown a banner when the page is called up, in which checkmarks can be given for certain cookies and / or cookie-based applications. The tool blocks the setting of all cookies that require consent until the respective user grants the corresponding consent. It is thus ensured that such cookies are only actually set on the respective end device of the user if consent is given.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DS-GVO. You can change the settings for Usercentrics at any time in the footer via the navigation point “Privacy settings”.

As the person responsible, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Since this is a transfer of personal data to third parties, we have concluded an order processing contract with Usercentrics, with which we oblige Usercentrics to protect the data of visitors to our website and not to pass it on to third parties.

Further information on the use of data by Usercentrics can be found in the Usercentrics data protection declaration at https://usercentrics.com/privacy-policy/

This website uses the visitor action pixel from Facebook/Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. This allows the behaviour of page visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time. We use the extended matching function within the meta pixel. Advanced matching allows us to transmit various types of data (e.g. place of residence, state, postcode, hashed email addresses, names, gender, date of birth or telephone number) of our customers and prospects that we collect via our website to Meta (Facebook). This activation allows us to tailor our advertising campaigns on Facebook more precisely to people who are interested in our offers. In addition, advanced matching improves attribution of website conversions and enhances Custom Audiences.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data protection-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and
https://de-de.facebook.com/help/566994660333381.
You can find further information on protecting your privacy in Facebook’s data protection notices: https://de-de.facebook.com/about/privacy/.
You can also deactivate the “Custom Audiences” remarketing feature in the Ad Settings section at.
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

5. Google Analytics and Google Recapture

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to supplement the collected data records and uses machine learning technologies in the data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google signals
We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google signals. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalised advertising messages. The data is also used to create anonymised statistics on the user behaviour of our users.

Demographic characteristics on Google Analytics
This website uses the “demographic characteristics” function of Google Analytics in order to be able to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item “Objection to data collection”.

Order processing
We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Measurement
This website uses the “e-commerce measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors in order to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.

Google Recapture

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human being or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background.
Website visitors are not informed that an analysis is taking place.The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO.The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG.Consent can be revoked at any time.
For more information on Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA.Any company certified under the DPF undertakes to comply with these data protection standards.For more information, please contact the provider at the following link:https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

6. Google Ad Services, DoubleClick & Google Tag Manager

The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”) Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Double Click

This website contains components of DoubleClick by Google. DoubleClick is a brand of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which special online marketing solutions are marketed to advertising agencies and publishers.
DoubleClick by Google transfers data to the DoubleClick server with each impression as well as with clicks or other activities. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick sets a cookie on your IT system. The purpose of the cookie is to optimise and display advertising. The cookie is used, among other things, to serve and display user-relevant advertising and to create reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple displays of the same advertisement.
DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions.
A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional campaign identifiers. A Each time you access one of the individual pages of this website operated by us and on which a DoubleClick component has been integrated, the internet browser on your IT system is caused by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. As part of this technical process, Google obtains knowledge of data that Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website.
These processing operations are carried out exclusively with the granting of explicit consent in accordance with Art. 6 para. 1 lit. a) DS-GVO. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. It an adequacy decision pursuant to Art. 45 DS-GVO is hereby available, so that aidentifier serves to identify the campaigns with which you have already been in contact.
Each time you access one of the individual pages of this website operated by us and on which a DoubleClick component has been integrated, the internet browser on your IT system is caused by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. As part of this technical process, Google obtains knowledge of data that Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website.
transfer of personal data may take place without further guarantees or additional additional measures. You can read the data protection regulations of DoubleClick by Google can be viewed at: https://www.google.com/intl/de/policies/.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool with the help of which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

7. Google Fonts (local embedding)

This website uses so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed at Hostweb GmbH Biegenstr. 20 D-35037 Marburg so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Web Fonts, please follow this link:
https://developers.google.com/fonts/faq
and consult Google’s Data Privacy Declaration under:
https://policies.google.com/privacy?hl=en

7a. Other Connections to Servers
For the programming of our website, we use program parts that offer standardised functionalities and designs. These include in particular the handling of error messages (error logging) in the programming. These are reloaded by means of a direct connection between your browser and these services. For the establishment of this connection to the service provider , an analysis of our website, along with your IP address, is transferred.
A functional, safe and visually attractive design of our website is in our overriding, legitimate interests (Art. 6 para. 1 lit. f GDPR). Through this service, no user analysis is performed, and no user profile is created; your IP address is used exclusively for the targeted transmission of fonts.

7b. Trusted Shops
Provided that you have given us your explicit consent by ticking the respective box or clicking on the respective button during or after the ordering process (“Rate Later”), we will forward your email address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany (www.trustedshops.de), so that this company can send you an email reminder with the option for rating your purchase. The legal basis for this is Art. 6 para 1 lit. a of the GDPR.
This consent can be withdrawn at any time by sending a message to Trusted Shops at datenschutz@trustedshops.de.

8. Dealer Section

We have a dealer section on our website for the dealers with whom we work and the dealers who are interested in working with us. The dealer section can also be reached via our website. From the dealer section, it is possible to reach us via a contact email and to subscribe to our newsletter.

a. Form for New Dealers
At https://www.croozer.com/de-DE/haendler-bereich, interested dealers can find a form that they can fill out and return to us via email or fax. In order to get to know your business better, we ask for further information: e.g. information on your business (including the billing and shipping address and details about the branches where products should be sent, on the distribution channels (stationary and online), on the products you sell and on sales figures), on the owner of the business and on communication (contact persons).

The processing of your personal data is required in this context in order to take steps at your request prior to entering into a contract and – if a contract with you is concluded – for the fulfilment of the contract between you and Croozer GmbH (Art. 6 para. 1 lit. b of the GDPR). For us, it is important that the respective contact persons can be quickly and easily reached; the processing of the personal data of your employees (whom you can name as contact persons) is performed on the basis of overriding, legitimate interests (Art. 6 para. 1 lit. f GDPR).
The data will be stored for the duration of the contractual relationship with Croozer GmbH and subsequently for the retention period required by law; when changes are made to the information (e.g. on the owner or the contact persons), the old information will be deleted. If no partnership results, then the data will be deleted in accordance with the retention period required by law.

b. Dealer Contact Form
In addition, our dealers have the possibility to contact us via a dealer contact form. This form can be opened in the dealer section; it is also possible to open the form on the website https://www.croozer.com/de-DE/ (via “Contact”) (you are then redirected to the respective page).
The required fields on this form are your message, the subject of your message, your title, your surname/company, the address of your company and the email address of your company. You can voluntarily provide your first name, additional names/company names and telephone and fax numbers. We only process your data as required to answer your inquiry. After we have responded to your inquiry, this data will be deleted insofar as there is no retention period required by law.
We need the data in order to quickly forward your inquiry to the responsible employee at our company so that your inquiry can be answered without delay. In this sense, the data provided by you is processed on the basis of overriding, legitimate interests (Art. 6 para. 1 lit. f GDPR).

c. Newsletter
After a dealer agreement has been concluded, our dealers have the opportunity to subscribe to our email newsletter in order to stay up to date on news from our company. For this purpose, we will ask you for your email address. You can also voluntarily provide us with your first name and surname (as well as title) if you would like the newsletter to be personally addressed to you. We use the data that you provide to us for the newsletter subscription exclusively for the purpose of sending you the newsletter. In this context, we work with an external service provider for the technical implementation: This website uses Sendinblue for the sending of newsletters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. This company has been carefully selected and contracted to us in accordance with data protection law.
Prior to the first newsletter, we require your consent (Art. 6 para. 1 lit. a of the GDPR). You can withdraw your consent at any time by using the unsubscribe link included in every newsletter. For this purpose, simply use the unsubscribe function in the newsletter or contact us directly using the contact details provided above.

9. Making Contact: Email Function

On various sub-pages, we offer you the opportunity to make direct contact with us or our dealers via email. If you click on one of the email addresses with coloured letters, your email program will open, and you can send an email to the respective email address, which will be automatically inserted into the “to” field. We have no influence on the data processing by the email program of your respective provider; we only provide a link to your email program.
We will use information that you send us via email exclusively for processing your inquiry; this information will be deleted as soon as the communication is completed, unless a certain retention period is required by law. This processing of the information you send to us is in our legitimate interests (Art. 6 para. 1 lit. f GDPR).

10. Contact Form

When you submit an enquiry through our contact form, the data you provided on the form, including the contact information you entered, shall be stored by us for the purpose of processing your enquiry and for use in the event of follow-up questions. Your personal data will not be provided to third parties without your consent. If your enquiry is related to the performance of a contract or to the implementation of pre-contractual measures, your data will be processed on the basis of Art. 6 para. 1 lit. b of the GDPR. In all other cases, the processing is carried out on the basis of our legitimate interest in the effective handling of enquiries submitted to us (Art. 6 para. 1 lit. f GDPR) or on the basis of consent given by you (Art. 6 para. 1 lit. a GDPR), insofar as consent has been requested. We will retain the data that you entered on the contact form until you ask us to delete the respective data, until you withdraw your consent to the processing of the data or until the purpose of the processing no longer applies (e.g. after your enquiry has been fully processed). This shall be without prejudice to any mandatory legal provisions – in particular retention periods.

11. Online Shop

In addition to the purely informational use of our website, you can also order our products online (only on https://www.croozer.com/de-DE/) if you wish to do so. For this purpose, there is an online shop solely for end consumers www.croozer.com, for which the terms and conditions apply to consumers; there is a separate online shop for dealers that is exclusively accessible on the basis of a dealer agreement through an account area with restricted access. In order to process an order, we require additional personal data from you. This data is only collected, stored and processed if you share it with us in the context of your product order. The data in fields marked with an asterisk (title, first name, surname, address, email address) is required for processing an order.

We use the data you have provided without your separate consent exclusively for the purpose of fulfilling and processing your order. On a case-by-case basis, we use your email address to contact you should special situations arise (e.g. late payment) in the processing of your order. The legal basis for the processing of this data is Art. 6 para 1 lit. b of the GDPR. Upon complete fulfilment of the contract and full payment of the purchase price, your personal data will be blocked from further usage and erased upon expiry of the retention periods stipulated by applicable tax and commercial law provisions (10 years for billing-relevant data), provided that you have not expressly agreed to the further use of your data.

Under no circumstances will the collected data be sold or passed on to third parties without user consent or legal authorisation. Without the involvement of third parties (in compliance with data protection law), it would not be possible for us to process your order. Therefore, we work with various third parties, in particular:

• with external service providers who provide technical support for the delivery of our products and services, and who have been carefully selected and contracted to us in accordance with data protection law,
• with postal service providers, who are involved with the processing of your order (shipping), and
• with payment service providers for the processing of your payment in cooperation with the certified payment providers Mollie, PayPal and Amazon Pay (see below), depending on the payment type you select.

We would like to provide you with more detailed information on the processing of data in connection with the following services:
Amazon Pay
The provider of this payment service is Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg. For more information on how your data is processed, please read the Amazon Pay privacy policy under the following link: https://pay.amazon.de/help/201212490?ld=APDELPADirect.

PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). 79 / 91 Data is transferred to the US on the basis of the European Commission’s Standard Contractual Clauses (SCCs). More information can be found here: https://www.paypal.com/us/webapps/mpp/ua/pocpsa-full.
You can find more information on the PayPal Privacy Statement: https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Mollie
The provider of this payment service is Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands (hereinafter referred to as “Mollie”). Services provided by Mollie enable us to offer various payment methods on our website. You can find more information in the Mollie Privacy Statement: https://www.mollie.com/en/privacy

12. Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform font display. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website.
This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

13. Data Security

In order to ensure the highest possible level of protection for your personal data, we have implemented technical and organisational security measures using SSL/TLS encryption (https standard). These measures serve to ensure a risk-appropriate level of protection taking into account the current state of technology.

14. Surveys and customer dialogue

14.1 Customer dialogue

As a manufacturer, we have a legitimate interest in optimising our products for the best possible customer benefit. Therefore, we maintain a lively exchange with our customers about our products - the so-called customer dialogue. For the customer dialogue it is necessary to collect personal data. These can be, for example, personal data, socio-demographic data or data on usage behaviour and statistical data on product satisfaction. All information is always voluntary.

All this data can be collected by telephone, in personal interviews - if necessary with the support of recording devices (tape or video) - or workshops, or in written form, e.g. by digital survey via our website or by post. In some cases we create user profiles, these help us to understand what product improvements are needed and how we can communicate these in a way that is easy to understand. Personal data that we collect in customer dialogue is only used for the development and marketing of Croozer products. This data is not passed on to any third party and is only used internally and, after a statistical evaluation, is made available in anonymised form, e.g. to the product development department and the marketing department.

As part of your participation in the customer dialogue, you may receive discount vouchers by e-mail. Furthermore, these discount coupons can also be made available to you in after-sales or in the area of further marketing cooperations and activities.

14.2 Surveys

We regularly invite our customers - these can be dealers as well as end consumers - to participate in a survey regarding the use of our products and for statistical evaluation of product satisfaction. The list of recipients is compiled on the basis of a statistical survey of product purchases and/or on the basis of the consent of registered persons to customer dialogue.

There are often incentives to participate in a dialogue, such as free accessories. However, this is not obligatory. For the purpose of excluding illegal behaviour, such as multiple participation in a survey, we reserve the right to provide a survey with a code that serves to match an answer sheet and the associated redemption of an incentive. In this case, the survey is referred to as a pseudonymous survey. However, the content of the answer sheet is still kept anonymous and no personal data is assigned.

The statistical evaluation of a survey can take place manually in-house at Croozer or with the help of carefully selected service providers. For the technical implementation of an online survey we use the survey tool MS Forms.

A special URL leads from our website to the URL of the survey. The following data is collected there, which is technically necessary for us to display the website and the survey:

Date and time of access
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (in anonymised form)

This processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our legitimate interest and to ensure the functionality of the website. This data is provided to us by the survey tool for statistical evaluation. The data is not passed on or used in any other way. We reserve the right to check the server log files retrospectively if there are concrete indications of illegal use. To protect the transmission of personal data and other confidential content, SSL or TLS encryption is used at all times. An encrypted connection can be recognised by the string “https://“ and the lock symbol in your browser line.

14.2.1. survey invitation by e-mail to registered customer dialogue participants.

Only the e-mail address is required for registration as a participant in our customer dialogue. The provision of further data is voluntary and will only be used for a possible personal address. The registration procedure works with the so-called double opt-in procedure. After entering your email address in the registration field and activating the “Register now” button, we will send you a confirmation email asking you to confirm that you actually wish to receive the newsletter in future by clicking on a corresponding link. By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 lit. a DSGVO. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data we collect for customer dialogue when you register for the newsletter is used exclusively for the purposes of product satisfaction analysis and contacting you for invitations to customer dialogue (e.g. workshop, interview, survey).

For the execution of an e-mailing, we use the following technical service provider, to whom we pass on your data provided during the newsletter registration. This transfer takes place in accordance with Art. 6 Para. 1 lit. f DSGVO and serves our legitimate interest in using a secure and user-friendly newsletter system that complies with the legal standard according to EU-DSGVO:

Sendinblue GmbH
Köpenicker Street 126
10179 Berlin

Phone: +49 (0)30 / 311 995 10
E-mail: support@sendinblue.com

For more information about Sendingblue and the privacy policy of the company in question, please click on the following link:
https://de.sendinblue.com/datenschutz-uebersicht/

The following usage data is collected:

the page from which the file was requested
the description of the type of web browser used
the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established

This consent to customer dialogue and the associated use of the e-mail address can be revoked at any time in the future by clicking on the link provided in an e-mailing or by unsubscribing from the following e-mail address zgd@croozer.com. After unsubscribing, your e-mail address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data in a way that goes beyond this, which is permitted by law and about which we inform you in this declaration.

14.2.2 Survey invitation by postal direct mailing to existing customers and e-mailing for advertising purposes in the AfterSalesService

When purchasing goods in our online shop, you have provided us with your e-mail, shipping and billing address. In doing so, we reserve the right to regularly send you offers for similar goods or services, such as those already purchased, from our product range by e-mail or to invite you to participate in product satisfaction surveys. In accordance with Section 7 (3) of the German Unfair Competition Act (UWG), we do not need to obtain your separate consent for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6 Para. 1 lit. f DSGVO. In the context of contacting you or inviting you to take part in the survey by post, personal data is processed which has been collected and stored from previously placed online orders and the associated purchase contract, in particular the delivery address and evaluation of the order content are meant here and are processed for the purpose of creating a correct list of recipients. This data is stored and used exclusively for this purpose and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in, among other things, a product satisfaction survey in accordance with Art. 6 Para. 1 lit. f DSGVO. Within the scope of contacting or inviting to the survey by post, personal data is processed which has been collected and stored from previously placed online orders and the associated purchase contract, in particular the delivery address and evaluation of the order content are meant here and are processed for the purpose of creating a correct recipient list. This data is stored and used exclusively for this purpose and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in, among other things, a product satisfaction survey in accordance with Art. 6 Para. 1 lit. f DSGVO. An invitation to participate in a survey is sent by post to existing customers and/or invitations are sent using our digital social media channels. Participation is voluntary at all times. If you object to the use of your email address for this purpose, no further mailings will be made by us. You are also entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning or by using the link provided for this purpose in a mailing. You will only incur transmission costs for this in accordance with the basic rates.

We reserve the right to cooperate with various external logistics partners for shipping, these are carefully selected and integrated in accordance with data protection law, e.g. the German Post or other shipping service providers such as Postfactory.

Contact details: POSTFACTORY GmbH represented by its managing director, Ms. Rita Knuf, Vitalisstr. 312a, 50829 Cologne, Tel. 049-221-99228-0, Fax 049-221-99228-333, E-Mail: info@postfactory.org
Cologne Local Court HRB57866, VAT ID No. DE 250095625.

14.2.3 Newsletter - e-mailing for advertising purposes

Newsletter data

This website uses Sendinblue for the sending of newsletters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue services can, among other things, be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter are archived on Sendinblue’s servers in Germany.
Data analysis by Sendinblue

Sendinblue enables us to analyze our newsletter campaigns. For instance, it allows us to see whether a newsletter message has been opened and, if so, which links may have been clicked. This enables us to determine, which links drew an extraordinary number of clicks.

Moreover, we are also able to see whether once the e-mail was opened or a link was clicked, any previously defined actions were taken (conversion rate). This allows us to determine whether you have made a purchase after clicking on the newsletter.

Sendinblue also enables us to divide the subscribers to our newsletter into various categories (i.e., to
“cluster” recipients). For instance, newsletter recipients can be categorized based on age, gender, or place of residence. This enables us to tailor our newsletter more effectively to the needs of the respective target groups.
If you do not want to permit an analysis by Sendinblue, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.
For detailed information on the functions of Sendinblue please follow this link:
https://www.sendinblue.com/newsletter-software/.
Legal basis

The data is processed based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.
Storage period
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
For more details, please consult the Data Protection Regulations of Sendinblue at
https://de.sendinblue.com/datenschutz-uebersicht/.
Execution of a contract data processing agreement
We have executed a contract with Sendinblue, in which we require Newsletters2Go to protect our customers’ data and to refrain from sharing such data with third parties.

Discount vouchers
In the context of your participation in the Customer Dialogue programme, you may be offered discount vouchers. In addition, these discount coupons could also be made available to you in the context of after sales or other marketing cooperation programmes and activities.

15. Data Subject Rights

If personal data related to you as a natural person is processed, you have a number of data-protection rights that we are responsible for upholding. In accordance with Section 34 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and Article 15 of the GDPR, you have the right to obtain information about your personal data that is being stored and its source, the recipients or categories of recipients to whom the personal data has been disclosed and the purpose of its storage.
Furthermore, you also have the right (as per Section 35 BDSG and Articles 16-18 GDPR) to the rectification, erasure or restriction (of the processing) of your personal data. In addition, you can request the transmission of your data to another controller in accordance with Article 20 of the GDPR.

You can also object to the further processing of your data if we process your data for the purposes of a legitimate interests (Art. 6 para. 1 lit. f GDPR). If we are not processing your data for advertising purposes, you can only object for reasons arising from your personal situation. As of the date on which you exercise this right to object, we will stop processing your personal data until your objection has been reviewed. If the review reveals that your objection is justified, we will delete the data (Section 36 BDSG, Article 21 GDPR).

You can withdraw your consent to the processing of your personal data (Art. 6 para. 1 lit. a GDPR) at any time; in such cases we will no longer process your personal data unless we are permitted to do so by law.

An objection or withdrawal of consent does not affect the admissibility of the processing up to the time of the objection or withdrawal of consent.
We will act to uphold your rights free of charge and without delay. Please use the contact details provided at the beginning of this privacy policy to contact us or our data protection officer in order to exercise your rights.
Lastly, you have the right to complain to the competent supervisory authority in accordance with Art. 77 of the GDPR.

Contact information for the competent supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44, 40102 Düsseldorf, Germany
Tel.: +49 (0) 211/38424-0 Fax: +49 (0) 211/38424-10 Email: poststelle@ldi.nrw.de

For the processing of applicant data

Submitted application documents and other data collected in the context of the application process that can be used to personally identify you as the applicant are considered protected personal data in the sense of Art. 4 para. 1 of the General Data Protection Regulation (EU) 2016/679 (GDPR). In this text, we provide you with detailed information on the processing of your applicant data in accordance with Art. 13 of the GDPR.
Our company processes your personal data exclusively in accordance with data protection law, in particular the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). Under applicable data-protection legislation, your personal data may only be collected, stored, disseminated or used (data processing, Art. 4 para. 2 GDPR) with your express consent (Art. 6 para. 1 lit. a, in conjunction with Art. 7 GDPR) or if a legal provision expressly permits or requires us to do so. In particular, the processing of your personal data is lawful if necessary for deciding whether to establish an employment relationship or, after the employment relationship has been established, to conduct or terminate the contractual relationship (Section 26 para. 1 BDSG, Art. 6 para. 1 lit. b GDPR ). The same applies if the data processing is necessary for purposes other than the employment relationship for safeguarding the legitimate interests of the controller and there is no reason to believe that these interests are overridden by your legitimate interests (as the data subject) for excluding the processing or use of the data (Art. 6 para. 1 lit. f GDPR).

Responsibility and Contact Person

The “controller” (as per Art. 4 para. 7 GDPR) responsible for the processing of your personal data in the context of the employment relationship, including the application process is:

Croozer GmbH
Personalabteilung (HR Department)
An der Hasenkaule 10
50354 Hürth
Germany
Telephone: +49 (0) 2233-95991-0
Email: bewerbung@croozer.com
Managing director: Andreas Gehlen

If you have any questions concerning data protection at Croozer GmbH, please feel free to contact our Data Protection Officer at any time: Croozer GmbH, - Data Protection Officer -, Oskar-Jäger-Str. 125, 50825 Cologne, Germany, datenschutz@croozer.com

Personal Data and Purposes of Processing

1. Application for an advertised position

In order to apply for a certain position, you need to provide us with information on your personal profile and qualifications through the customary, informative application documents. We receive applications regularly at the email address bewerbung@croozer.com. This email address is only accessible by the Human Resources Department and – for technical reasons – the IT Administration. In general, we will also confirm the receipt of your application. This confirmation is routinely sent via email. We communicate with you via secure and encrypted email connections (TLS).

We will only use the information found in your application documents for making hiring decisions related to the position(s) for which you have explicitly applied. For this purpose, we will assess your application documents in the Human Resources Department, and then, if after the initial review process you are selected as a potential candidate for the position to be filled, these documents will be made available to the company employees who will take part in the respective decision-making process, including the managing directors. In addition, we process your application documents electronically in our email system and store them on our server as a PDF document in a protected file to which only the Human Resources Department and – for technical reasons – the IT Administration have access; we make the data available to the other employees involved in the hiring process via a file on our server with restricted access. If necessary, we additionally use printouts and copies (on paper). During the application process we may collect additional personal data from you personally, from generally accessible sources or from former employers and education providers, for these information purposes. The legal bases for the processing of your personal data are Art. 6 para. 1 lit. b of the GDPR and Section 26, para. 1 of the BDSG.

If you are not hired at the end of the application process, we will delete and destroy all of your application data within six months after you have conclusively rejected our job offer or we have conclusively rejected your application.
If you are hired at the end of the application process, we will – in accordance with Art. 6 para. 1 lit. b of the GDPR and Section 26 para. 1 of the BDSG – add your application documents to your personnel file because it contains information about your personal profile and qualifications that may be necessary for the purpose of executing the employment relationship. In addition, your application documents will be stored on our server in the employee file, to which only the Human Resources Department, the managing directors and – for technical reasons – the IT Administration have access. Additionally, a printout will be placed in the respective paper file and stored in a locked cabinet in the Human Resources Department. Your application documents will be deleted three years after the termination of the employment relationship.

2. Unsolicited Applications

If you send us an unsolicited application that makes no reference to a specific position, we may use your application documents in the context of hiring decisions for any potentially suitable job vacancy. For this purpose, we will first review your application documents in the Human Resources Department and then send them via email to the heads of the departments where there may be a suitable job vacancy for you in the future.

In all cases, we process your application documents electronically in our email system. Additionally, for the continued application process, we store interesting applications on our server as PDF documents in a protected file to which only the Human Resources Department and – for technical reasons – the IT Administration have access; we make the data available to the other employees involved in the hiring process via a file on our server with restricted access. If necessary, we additionally use printouts and copies (on paper).

As soon as your application documents are reviewed in the context of an application process, we may collect additional personal data from you personally, from generally accessible sources or from former employers and education providers for the purpose of obtaining more detailed information about your personal profile and qualifications. Your application data will be duly deleted and destroyed within one year after the receipt of your application, but not until all application processes involving your application documents have concluded or until six months after you have conclusively rejected a job offer from our company or if we have conclusively rejected your application.

These time limits do not apply if you have given your concrete and voluntary consent for a longer period of storage for your data.

If you are hired at the end of the application process, we will – in accordance with Art. 6 para. 1 lit. b of the GDPR and Section 26 para. 1 of the BDSG – add your application documents to your personnel file because it contains information about your personal profile and qualifications that may be necessary for the purpose of executing the employment relationship. In addition, your application documents will be stored on our server in the employee file, to which only the Human Resources Department, the managing directors and – for technical reasons – the IT Administration have access. Additionally, a printout will be placed in the respective paper file and stored in a locked cabinet in the Human Resources Department. Your application documents will be deleted three years after the termination of the employment relationship.

Our Cooperation with Third-Party Companies

Like other companies, we too benefit from the advantages of a society and business community that is based on the division of labour. In the area of data processing, this means that we do not perform all data processing activities on an in-house basis. Some activities are performed by external service providers:

Career platforms: In order to find you, we also advertise our job vacancies on external career platforms, such as the German employment office (Agentur für Arbeit) or Stepstone. If you apply for a job through one of these platforms, the platform will send us your documents where appropriate. No further collaboration takes place.
External (IT) service companies that, as so-called “data processors”, have concluded contracts with us in which they undertake to process data strictly in accordance with our specifications and instructions and to take comprehensive technical and organisational measures to protect this data.
External (IT) service companies that work for us under their own responsibility and are contractually obliged to take technical and organisational measures to protect data.

Your Data-Protection Rights and the Responsibilities of Those Who Hold and Process Your Personal Data

If we process your personal data, you have a number of data-protection rights that we are responsible for upholding. You have the right

to obtain information about your personal data that is being stored and its source, the purpose of the processing and the recipients or categories of recipients to whom the personal data has been disclosed (Art. 15 GDPR, Section 34 BDSG),
under certain circumstances to request the rectification, restriction of processing or erasure of your personal data by us (Articles 16–18 GDPR, Section 35 BDSG),
to request the transmission of your data to another controller (Article 20 GDPR) and
to lodge a complaint with us or the competent supervisory authority about the processing of your personal data (Article 77 GDPR).

You can also object to the further processing of your data if we process your data for the purposes of a legitimate interest (Art. 6 para. 1 lit. f GDPR). Since we do not process your data for advertising purposes, you can only object for reasons arising from your personal situation. As of the date on which you exercise this right to object, we will stop processing the personal data to which your objection refers until your objection has been reviewed. If the review reveals that your objection is justified, we will delete the data (Section 36 BDSG, Article 21 GDPR). __
__
You can withdraw your consent to the processing of your personal data (Art. 6 para. 1 lit. a GDPR) at any time; in such cases we will no longer process your personal data unless we are permitted to do so by law.

A justified objection or withdrawal of consent does not affect the lawfulness of processing up to the time of the objection or withdrawal of consent.

We will act to uphold your rights free of charge and without delay. Please use the contact details provided to contact us or our data protection officer in order to exercise your rights or obtain clarification on any other issue.

For complaints that fall under Art. 77 of the GDPR, please contact the competent supervisory authority using the contact details provided above.

End User Privacy Policy

This privacy policy for end users provides information about the processing of your personal data by

Croozer GmbH
An der Hasenkaule 10
50354 Hürth, Germany

According to Art. 4 lit. 1 GDPR, your personal data includes all information that relates or can be related to your person, in particular through association with an identifier like a name or with an organisation number or customer number that can be used for identifying your person.
We, as the data controller, make this data protection information available for end users (“Privacy Policy”), in order to explain the data-processing operations concerning the end users who are connected with Croozer GmbH.

Scope:

This privacy policy applies to the end users of Croozer GmbH.

Categories of personal data and data sources:

Croozer GmbH processes the following personal data from you:

Name, contact information, services or products offered, contract information, communication content (such as emails or business letters), payment information, billing information and personal data that arises in the course of the business relationship.

Purposes, legal bases and consequences of data processing:

Your personal data is used for fulfilling contractual obligations with the end user (including the fulfilment of contractual service obligations, invoice processing, communication and compliance with legal obligations), for marketing and CRM activities and for fraud prevention.

The legal bases for the processing of your data by Croozer GmbH include the following:

Performance of a contract to which the end user is party (Article 6(1)(b) GDPR);
Legitimate interests pursued by Croozer GmbH, (Article 6(1)(f) GDPR). Legitimate interests can include in particular marketing and CRM activities, as well as the prevention of fraud, IT misuse, money laundering, operation of a whistleblowing system, physical security, IT and network security, and internal investigations.
Consent (Article 6(1)(a) GDPR);
Compliance with legal obligations (Article 6(1)(c) GDPR);
The provision of personal data is voluntary and necessary for the conclusion and/or performance of the contractual relationship. Should you not provide this data, some end-use-management and administrative processes may be delayed or rendered impossible.

Categories of recipients:

Access to your personal data is limited to persons who require the information for the completion of their activities.

Croozer GmbH may disclose your personal data if such disclosure is required or requested by government agencies, courts, external authorities or similar third parties.

Storage duration:

Personal data is stored by Croozer GmbH and its service-providers as long as is necessary to fulfil our obligations. The data is stored as long as is necessary to fulfil the respective purposes in accordance with the GDPR. As soon as Croozer GmbH no longer requires the data for the purpose of compliance with contractual or legal obligations, the respective data is deleted from our systems and records, and/or measures are taken to properly anonymise your personal data so that it is no longer identifiable. The exceptions to this are cases in which we must keep your personal data in order to comply with legal or regulatory obligations to which Croozer GmbH is subject, e.g. statutory retention obligations that are associated with the commercial code, tax law or money-laundering act and usually require data retention for between 5 and 10 years, or we must secure evidence within the period of the statute of limitations, which is normally 3 years, but can also extend to up to 30 years.

Your rights:

If you have given your consent to certain data-processing activities, you can revoke this consent at any time, with effect for the future. This revocation does not affect the legality of the processing carried out on the basis of the consent before the revocation.

The applicable data protection regulations grant you the following rights:

Right of access, Art. 15 GDPR
You have the right to information regarding the data we process concerning you.
Right to rectification, Art. 16 GDPR
You have the right to the rectification of your data, wherever such data is incorrect or incomplete. Incomplete data must be completed taking into account the purpose of the processing.
Right to erasure, Art. 17 GDPR
You have the right to demand the erasure of your data under certain circumstances. This is in particular the case if this data is no longer required for the original purpose for which it was collected and processed.
Right to restriction of processing, Art. 18 GDPR
You have the right to restrict the processing of your personal data. This means that your data will not be deleted but will be flagged to restrict its further processing or use.
Right to data portability, Art. 20 GDPR
You have the right to receive the personal data that you have made available to Croozer GmbH. We will provide the data in a structured, commonly used and machine readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance from Croozer GmbH.
Right to object to unacceptable data processing, Art. 21 GDPR
You as the data subject are entitled for reasons arising from your special situation to object at any time to the processing of the personal data relating to you that is being processed on the basis of Article 6(1)(e) or Article 6(1)(f) of the General Data Protection Regulation (GDPR).

Due to the fact that Croozer GmbH processes and uses your personal data primarily for the purpose of its contractual relationship with you, Croozer GmbH generally has compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

In order to exercise your rights, contact us as specified in the section “Questions”.

Complaints to the supervisory authority regarding data privacy breaches

You have the right to lodge a complaint with the responsible supervisory authority if you believe that the processing of your data is contrary to data protection law. This follows from Art. 77 EU General Data Protection Regulation. Complaints to the supervisory authority can be informal.

Automated decision-making /Profiling:

Croozer GmbH does not use automated decision-making.

Questions:
You can contact the Croozer GmbH data protection officer using the following channels: Email: datenschutz@croozer.com

Privacy Policy for Business Partners

This privacy policy for business partners provides information about the processing of your personal data by

Croozer GmbH
An der Hasenkaule 10
50354 Hürth, Germany
Managing director: Andreas Gehlen HRB 25590, Cologne District Court

According to Art. 4 lit. 1 GDPR, your personal data includes all information that relates or can be related to your person, in particular through association with an identifier like a name or with an organisation number or customer number that can be used for identifying your person.
We, as the data controller, make this data protection information available for business partners (“Privacy Policy”), in order to explain the data-processing operations concerning our customers, business partners and suppliers (together with “__business partners__”) and, if applicable, their employees who are connected with Croozer GmbH.

Scope:

This policy applies if you are an independent business partner of Croozer GmbH or if you are an employee of a business partner and are working with Croozer GmbH on behalf of the business partner.

Categories of personal data and data sources:

Croozer GmbH processes the following personal data from you, your company or third parties:

Personal data related to independent business partners: name, business contact information, services or products offered, contract information, communication content (such as emails or business letters), payment information, billing information and personal data that arises in the course of the business relationship
Personal data related to employees of a business partner: name, business contact information, name of employer, title/position and communication content (such as emails or business letters)

Purposes, legal bases and consequences of data processing:

Your personal data is used for fulfilling contractual obligations with the business partner (including the fulfilment of contractual service obligations, invoice processing, communication and compliance with legal obligations), for marketing and CRM activities and for fraud prevention.
The legal bases for the processing of your data by Croozer GmbH include the following:

Performance of a contract to which the business partner is party (Article 6(1)(b) GDPR)
Legitimate interests pursued by Croozer GmbH, (Article 6(1)(f) GDPR). Legitimate interests can include in particular marketing and CRM activities, as well as the prevention of fraud, IT misuse, money laundering, operation of a whistleblowing system, physical security, IT and network security, and internal investigations.
Consent (Article 6(1)(a) GDPR)
Compliance with legal obligations (Article 6(1)(c) GDPR)

The provision of personal data is voluntary and necessary for the conclusion and/or performance of the contractual relationship. Should you not provide this data, some business-partner-management and administrative processes may be delayed or rendered impossible.

Categories of recipients:

Croozer GmbH may use service-providers who act as processors in order to provide IT and other administrative support (e.g. service providers who offer IT hosting or maintenance support). These service providers may have access to your personal data if this access is necessary for the provision of such services.
Access to your personal data is limited to persons who require the information for the completion of their activities.
Croozer GmbH may disclose your personal data if such disclosure is required or requested by government agencies, courts, external authorities or similar third parties.

Storage duration:
Personal data is stored by Croozer GmbH and its service-providers as long as is necessary to fulfil our obligations. The data is stored as long as is necessary to fulfil the respective purposes in accordance with the GDPR. As soon as Croozer GmbH no longer requires the data for the purpose of compliance with contractual or legal obligations, the respective data is deleted from our systems and records, and/or measures are taken to properly anonymise your personal data so that it is no longer identifiable. The exceptions to this are cases in which we must keep your personal data in order to comply with legal or regulatory obligations to which Croozer GmbH is subject, e.g. statutory retention obligations that are associated with the commercial code, tax law or money-laundering act and usually require data retention for between 5 and 10 years, or we must secure evidence within the period of the statute of limitations, which is normally 3 years, but can also extend to up to 30 years.

Your rights:
If you have given your consent to certain data-processing activities, you can revoke this consent at any time, with effect for the future. This revocation does not affect the legality of the processing carried out on the basis of the consent before the revocation.

The applicable data protection regulations grant you the following rights:

Right of access, Art. 15 GDPR: You have the right to information regarding the data we process concerning you.
Right to rectification, Art. 16 GDPR: You have the right to the rectification of your data, wherever such data is incorrect or incomplete. Incomplete data must be completed taking into account the purpose of the processing.
Right to erasure, Art. 17 GDPR: You have the right to demand the erasure of your data under certain circumstances. This is in particular the case if this data is no longer required for the original purpose for which it was collected and processed.
Right to restriction of processing, Art. 18 GDPR: You have the right to restrict the processing of your personal data. This means that your data will not be deleted but will be flagged to restrict its further processing or use.
Right to data portability, Art. 20 GDPR: You have the right to receive the personal data that you have made available to Croozer GmbH. We will provide the data in a structured, commonly used and machine readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance from Croozer GmbH.
Right to object to unacceptable data processing, Art. 21 GDPR: You as the data subject are entitled for reasons arising from your special situation to object at any time to the processing of the personal data relating to you that is being processed on the basis of Article 6(1)(e) or Article 6(1)(f) of the General Data Protection Regulation (GDPR).

In order to exercise your rights, contact us as specified in the section “Questions”.

Complaints to the supervisory authority regarding data privacy breaches:

Automated decision-making /Profiling:
Croozer GmbH does not use automated decision-making.

Questions:
You can contact the Croozer GmbH data protection officer using the following channels:
Email: datenschutz@croozer.com

Privacy Policy for Applicants

This privacy policy for applicants provides information about the processing of your personal data by

Croozer GmbH
An der Hasenkaule 10
50354 Hürth, Germany

According to Art. 4 lit. 1 of the General Data Protection Regulation (GDPR), your personal data includes all information that relates or can be related to your person, in particular through association with an identifier like a name or with an organisation number or personnel number that can be used for identifying your person.

Personal information and personal data:
Croozer GmbH collects and processes the following personal data (in both paper and digital form) that you have provided in the context of your application (collectively, “Applicant data”):

Contact information, such as your name, postal address and email address;
Information on your professional experience and skills, as well as any previous work experience, language skills, performance assessment, evaluations and ratings;
Photo (if voluntarily provided).

The processing of special types of personal data is not provided for. However, if you provide this data, such as health information, it will also be processed.

Purposes, legal bases and consequences of data processing:

Applicant data is collected and processed for recruitment purposes in order to assess the skills and suitability of the candidates who have applied for a position (collectively, “Processing purposes”):

The legal bases for the processing of your data by Croozer GmbH include the following:

Processing in the context of employment (Art. 88 GDPR in connection with Section 26 of the German Federal Data Protection Act, BDSG)
Legitimate interests pursued by Croozer GmbH (Article 6(1)(f) GDPR).
Consent, if given by you and permitted by law (Article 6(1)(a) of the GDPR pursuant to Article 88 of the GDPR and Section 26(2) of the German Federal Data Protection Act, BDSG);
Compliance with legal obligations (Article 6(1)(c) GDPR);
Your personal data is provided on a voluntary basis. However, should you not provide this data, the recruitment process could be rendered impossible or seriously impaired to such an extent that Croozer GmbH would unfortunately be unable to consider your application.

Categories of recipients:

Storage duration:

Application data will be stored by Croozer GmbH and, if applicable, its service-providers as long as is necessary to fulfil their obligations and in accordance with the applicable data protection law for the time necessary to fulfil the purposes for which it was collected.

Croozer GmbH will delete your application data no later than six months after we have notified you that your application will not be taken into consideration. This time limit does not apply if, upon our request, you have given your express consent for us to store your data for a longer period, because we would like to store your information in our talent pool (Art. 7 GDPR); in this case, the data will be deleted at the end of the period specified in the consent or when you withdraw your consent. The data is deleted subject to a right to storage as per Art. 17 (3) of the GDPR or in accordance with applicable rules in the German Federal Data Protection Act (BDSG). If you are hired, your application will be added to the personnel file created for you and will be considered part thereof under data protection law.

Your rights:

If you have given your consent to certain data-processing activities, you may withdraw this consent at any time, with effect for the future. This withdrawal does not affect the legality of the processing carried out on the basis of the consent before its withdrawal.

The applicable data protection regulations grant you the following rights:

Right of access, Art. 15 GDPR You have the right to information regarding the data we process concerning you.
Right to rectification, Art. 16 GDPR You have the right to the rectification of your data, wherever such data is incorrect or incomplete. Incomplete data must be completed taking into account the purpose of the processing.
Right to erasure, Art. 17 GDPR You have the right to demand the erasure of your data under certain circumstances. This is in particular the case if this data is no longer required for the original purpose for which it was collected and processed.
Right to restriction of processing, Art. 18 GDPR You have the right to restrict the processing of your personal data. This means that your data will not be deleted but will be flagged to restrict its further processing or use.
Right to data portability, Art. 20 GDPR You have the right to receive the personal data that you have made available to Croozer GmbH. We will provide the data in a structured, commonly used and machine readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance from Croozer GmbH.
Right to object to unacceptable data processing, Art. 21 GDPR You are entitled for reasons arising from your special situation to object at any time to the processing of the personal data relating to you that is being processed on the basis of Article 6(1)(e) or Article 6(1)(f) of the GDPR. Due to the fact that Croozer GmbH processes and uses your personal data primarily for the purpose of its contractual relationship with you, Croozer GmbH generally has compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

In order to exercise your rights, contact us as described in the section “Questions”.

Complaints to the supervisory authority regarding data privacy breaches:

You have the right to lodge a complaint with the responsible supervisory authority if you believe that the processing of your data is contrary to data protection law. This follows from Art. 77 of the GDPR. Complaints to the supervisory authority can be informal.

Automated decision-making/Profiling:

Croozer GmbH does not use automated decision-making in the context of your application process.

Questions:

You can contact the Croozer GmbH data protection officer using the following channels:
Email: datenschutz@croozer.com

Data protection information for raffle participants

on the processing of personal data at Croozer GmbH pursuant to Art. 13 DS-GVO

Who is the data controller?
Croozer GmbH

How can you contact us with questions about data protection?
If you have any questions about data protection, please contact us at the following address:
An der Hasenkaule 10
50354 Hürth (Germany)
E-mail: info@croozer.com

For what purposes and on what legal basis do we process your personal data?
Conducting competitions for the purpose of collecting address data in compliance with the provisions of the Unfair Competition Act (UWG).

Who has access to your personal data?
Internal departments:
Internal department (marketing, logistics)
How long do we store your personal data?
10 years (AO) (Deletion after 10 years. Retention period according to § 147 AO.)
What rights are available to you?
▪ Right to information
▪ Right to correction
▪ Right to deletion
▪ Right to restricted processing
▪ Right to data transfer
You have the right vis-à-vis us, if the legal requirements are met, to:
▪ to request information about which of your data we are processing (Art. 15 DS-GVO);
▪ to have your data corrected or deleted, insofar as this does not conflict with our legitimate interest or a legal obligation to process it
(Art. 16, 17 DS-GVO);
Restrict the processing of your data (Art. 18 DS-GVO);
▪ To exercise your right to data portability (Art. 20 of the GDPR).
Note on revocation: If you have given consent with regard to certain processing activities, you can revoke this at any time with effect for the future. This revocation will not affect the previous processing of the data.
Note on objection: If we process your data on the basis of legitimate interest, you can also object to this processing at any time in accordance with Art. 21 DS-GVO.

To exercise your rights, contact us at: datenschutz@croozer.com

Does automated decision making/profiling take place?
There is no automated decision making or profiling.
profiling is carried out.

Where can you complain about the processing of your personal data?
If you believe that we are processing your data unlawfully, you have the right to complain to the competent supervisory authority. The competent authority is the:
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: +49 211/38424-10
E-mail: poststelle@ldi.nrw.de

Addition to the Privacy Policy

Objection to promotional emails
In accordance with Section 7 (2) of the German Act against Unfair Competition (UWG), electronic mail (e.g. emails) without the addressee’s consent are always an unacceptable nuisance and therefore a violation of the law.
The operators of this website expressly prohibit the use of contact details provided in accordance with the obligation to publish a legal notice (‘Impressumspflicht’) for the purpose of sending any advertising or informational materials not expressly requested. The operators of this website expressly reserve the right to take legal action in the event of receiving unsolicited advertising information such as ‘spam’ mail.

__Status as of November, 8th 2023_

Privacy Policy

Privacy Statement

Responsible for data processing:

Our data protection officer can be reached at:

Go directly to…

General Privacy Statement

1. Croozer-Cookies

Sentry

2. Server Log Files

3. User Centrics

5. Google Analytics and Google Recapture

Google Recapture

6. Google Ad Services, DoubleClick & Google Tag Manager

Double Click

Google Tag Manager

7. Google Fonts (local embedding)

8. Dealer Section

9. Making Contact: Email Function

10. Contact Form

11. Online Shop

12. Google Maps

13. Data Security

14. Surveys and customer dialogue

15. Data Subject Rights

For the processing of applicant data

Responsibility and Contact Person

Personal Data and Purposes of Processing

Our Cooperation with Third-Party Companies

Your Data-Protection Rights and the Responsibilities of Those Who Hold and Process Your Personal Data

End User Privacy Policy

Privacy Policy for Business Partners

Privacy Policy for Applicants

Data protection information for raffle participants

Addition to the Privacy Policy

Products

Our business

Legal notice

Privacy Policy

Privacy Statement

Responsible for data processing:

Our data protection officer can be reached at:

Go directly to…

General Privacy Statement

1. Croozer-Cookies

Sentry

2. Server Log Files

3. User Centrics

4. Social Media - META Pixel (formerly Facebook Pixel)

5. Google Analytics and Google Recapture

Google Recapture

6. Google Ad Services, DoubleClick & Google Tag Manager

Double Click

Google Tag Manager

7. Google Fonts (local embedding)

8. Dealer Section

9. Making Contact: Email Function

10. Contact Form

11. Online Shop

12. Google Maps

13. Data Security

14. Surveys and customer dialogue

15. Data Subject Rights

Information on Data Protection According to Art. 13 GDPR

For the processing of applicant data

Responsibility and Contact Person

Personal Data and Purposes of Processing

Our Cooperation with Third-Party Companies

Your Data-Protection Rights and the Responsibilities of Those Who Hold and Process Your Personal Data

End User Privacy Policy

Privacy Policy for Business Partners

Privacy Policy for Applicants

Data protection information for raffle participants

Addition to the Privacy Policy