Privacy policy

1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1 Thank you for visiting our website. Below, we inform you about how we handle your personal data when you use our website. Personal data refers to all data that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Melanie Hanf
Simrockstraße 5
53619 Rheinbreitbach
Germany
Phone: +49 1578 760 9990
Email: mel@soulcraft.design

1.3 To ensure the security of your data during transmission, we use state-of-the-art encryption technologies (e.g., SSL or TSL) via HTTPS.

2. Data Collection When Visiting Our Website

Each time you access our website, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following technically necessary data is collected:

The website visited
Date and time of access
Amount of data sent (in bytes)
Source/referrer from which you reached the page
Operating system used
Browser used
IP address used (possibly in anonymized form)

The legal basis for data processing is Article 6(1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website. These data are not shared or used in any other way.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

We reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use. The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of data collection for the provision of the website, this is the case when the session has ended.

In the case of storage in log files, the data will be deleted no later than seven days. Longer storage is possible. In this case, the IP addresses of the users are deleted or anonymized so that identification of the accessing client is no longer possible.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility of objection by the user.

We use the Ecwid shop system. This is operated by Ecwid, Inc. (144 West D Street, Suite 103, Encinitas, California 92024, USA).

3. Cookies

Our website uses cookies.

Cookies are text files that are stored on the user’s device. When a user accesses a website, a cookie may be stored on the user’s operating system. Some features of our website cannot be offered without the use of cookies. For these features, it is necessary for the browser to be recognized even after a page change. The data collected through technically necessary cookies is not used to create user profiles. Our legitimate interest in processing personal data in accordance with Art. 6(1)(f) GDPR lies in the above-mentioned purposes.

In addition, our website may use cookies that enable the analysis of users’ browsing behavior (so-called third-party cookies). More detailed information about the scope, purpose, legal basis, and opt-out options can be found in the respective sections of this privacy policy.

As a user, you have full control over the use of cookies. You can disable, restrict, or delete the transmission of cookies by changing the settings in your internet browser. If you disable cookies for our website, some functions of the website may no longer be fully usable. You can prevent the transmission of Flash cookies by changing the settings in your Flash Player.

Help for browser settings can be found in the respective help menu of your browser or via the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Some cookies used here are deleted after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process specific user information, such as browser and location data and IP address values, to varying extents. Persistent cookies are automatically deleted after a specified duration, which may vary depending on the cookie.

4. Contacting Us

When you contact us via contact form, the data entered into the input mask is transmitted to us and stored. The specific data collected can be seen from the respective input form. When contacting us via email, only the data you provide there will be transmitted.

These data are used exclusively for processing the conversation and your inquiry. The legal basis for processing the data is, if the user has given consent, Art. 6(1)(a) GDPR. The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact aims at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR.

The data will be deleted once they are no longer necessary for the purpose of their collection and provided there are no legal retention obligations. For personal data from the input form and those transmitted via email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

4. Continued: Contact via Email or Contact Form

For personal data collected through the contact form and those transmitted via email, this applies when the respective conversation with the user has ended. A conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

The user may revoke their consent to the processing of personal data at any time. If the user contacts us via email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

4.1 WhatsApp Business

Visitors to our website have the option to contact us via WhatsApp (a service provided by Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA).

We use the "Business Version" of WhatsApp. If you contact us via WhatsApp in connection with a specific contract, we store and use the mobile phone number you use on WhatsApp and — if published and/or provided — your first and last name (pursuant to Art. 6(1)(b) GDPR) for the purpose of processing your inquiry.

You may be asked to provide additional data if this is necessary to process your request (Art. 6(1)(b) GDPR).

If WhatsApp is used for general inquiries not related to a specific contract, we store and use your mobile phone number and — if published and/or provided — your first and last name (based on Art. 6(1)(f) GDPR) for the purpose of handling your inquiry.

Our legitimate interest here lies in the prompt response to customer or prospect inquiries.

Your data will not be passed on to third parties.

WhatsApp Business accesses the address book of the mobile device used. The stored phone numbers are automatically transmitted to a Facebook server in the USA.

Only the WhatsApp contact data of users who have already contacted us via WhatsApp are stored on the device we use for WhatsApp Business.

For data transfers from the European Economic Area to the USA, WhatsApp relies on the EU Commission’s standard contractual clauses. For more details on WhatsApp’s data practices, please refer to their privacy policy:
https://www.whatsapp.com/legal/?eea=1#privacy-policy

5. Data Processing for Customer Account Creation and Contract Fulfillment

If you wish to place an order in our online shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order.

We process the data you provide in order to fulfill your order.

In some cases, we work with external service providers to process your order. For this purpose, we must pass on the required personal data.

If we commission a shipping company to deliver your goods, we pass on the necessary data for delivery to the respective shipping company. For payment processing, we transfer the necessary data to the respective credit institution. If we use payment service providers, you will be informed about this separately below.

The legal basis for the transfer of your data is Art. 6(1)(b) GDPR.

We use the Ecwid shop system.

This shop system is operated by Ecwid, Inc. (144 West D Street, Suite 103, Encinitas, California 92024, USA) and based in the United States.
For more information about Ecwid's data protection practices, please visit:
https://www.ecwid.com/eu-privacy-policy

6. Use of Your Data for Direct Advertising

6.1 Newsletter

You have the option to subscribe to a free newsletter on our website. When registering for the newsletter, the data entered in the input form is transmitted to us. The only required field is your email address. Any additional voluntary information will only be used for personalized communication.

The legal basis for processing your data after newsletter registration is your consent pursuant to Art. 6(1)(a) GDPR. This consent is obtained by sending you a confirmation email after registration, which contains a confirmation link. By clicking this link, you consent to receiving the newsletter.

When registering for the newsletter, we store your IP address as well as the date and time of registration. This data is stored to trace any potential misuse of your email address.

The data collected during newsletter registration is used exclusively for sending the newsletter.

You can unsubscribe from the newsletter at any time. Each newsletter contains a corresponding link for this purpose. This also allows you to revoke your consent to the storage of the personal data collected during the registration process.

6.2 Newsletter for Existing Customers

If you purchase goods or services on our website and provide your email address in the process, we may use it to send you a newsletter. In this case, the newsletter will only contain direct advertising for our own similar goods or services.

The legal basis for this newsletter is Section 7(3) of the German Unfair Competition Act (UWG) and Art. 6(1)(f) GDPR. Data processing in this context is based solely on our legitimate interest in personalized direct advertising.

If you have already objected to the use of your email address for direct advertising, you will not receive this newsletter. You may also object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying us. After receiving your objection, the use of your email address for advertising purposes will be stopped immediately.

7. Data Processing for Order Fulfillment

7.1 If you wish to place an order in our online shop, it is necessary for the conclusion of the contract that you provide personal data which we need to process your order.

The data you provide will be processed to fulfill your order.

7.1 Continued: Order Processing and Use of Payment Service Providers

We process the personal data you provide to fulfill your order.

In some cases, we collaborate with external service providers to complete your order. To do so, we must share the necessary personal data.

If we commission a shipping company to deliver your goods, we pass on the data necessary for delivery to the respective company. For payment processing, your data will be passed on to the appointed credit institution as required. If we use payment service providers, you will be informed accordingly below.

The legal basis for the transfer of your data is Art. 6(1)(b) GDPR.

Use of Payment Service Providers

– PayPal
If you choose a payment method offered by PayPal (such as credit card via PayPal, direct debit via PayPal, “Pay upon invoice” or “Installment payment”), payment processing is carried out via PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

We transfer your personal data to PayPal only to the extent necessary and in accordance with Art. 6(1)(b) GDPR.

PayPal reserves the right to perform a credit check for certain payment methods. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6(1)(f) GDPR based on PayPal's legitimate interest in determining your ability to pay.

The credit check may contain probability values (so-called “score values”), which are based on scientifically recognized mathematical-statistical procedures. Address data may also be included in the calculation.

For details on the data PayPal collects, please refer to their privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by contacting PayPal. However, PayPal may still be entitled to process your data if this is necessary for contractual payment processing.

– Stripe
If you select a payment method provided by Stripe, the payment is processed via Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”).

We pass on your personal data and order information (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) to Stripe, solely for the purpose of payment processing and only to the extent required, pursuant to Art. 6(1)(b) GDPR.

8. Review Reminders via Google Customer Reviews

With your express consent in accordance with Art. 6(1)(a) GDPR, we transmit your email address to the Google Customer Reviews platform (© Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, www.google.de).

You will then receive a review reminder from Google via email.

You may revoke your consent at any time by contacting the data controller or Google.

More information on Google's privacy practices can be found here:
https://business.safety.google/privacy/

9. Use of Social Media: Social Plugins

9.1 Instagram as a Standard Plugin

We use social plugins ("plugins") from the Instagram social network on our website, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Instagram").

You can typically recognize Instagram plugins by the "Instagram camera" icon. Other plugin designs can be found here:
http://blog.instagram.com/post/36222022872/introducing-instagram-badges

When you access a page on our site that includes such a plugin, your browser establishes a direct connection to Instagram’s servers. Instagram directly transfers the content of the plugin to your browser, even if you do not have an Instagram account or are not logged in.

This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there.

If you are logged into Instagram at the time of your visit, Instagram can associate your visit to our site with your Instagram account. If you interact with a plugin (e.g., click the Instagram button or leave a comment), this information is also sent directly to an Instagram server and stored there. These actions may also be published on your Instagram profile and shown to your followers.

Our legitimate interest lies in personalized advertising and the economic exploitation of our website. The legal basis is Art. 6(1)(f) GDPR.

If you do not want Instagram to link data collected via our website with your Instagram profile, you must log out of Instagram before visiting our website. You can also block Instagram plugins using browser add-ons like “NoScript” (http://noscript.net/).

Meta Platforms Inc. (USA) is certified under the EU-U.S. Data Privacy Framework, ensuring compliance with EU data protection standards.
More information: https://instagram.com/about/legal/privacy/

9.1 Instagram as a Standard Plugin

We use social plugins ("plugins") of the Instagram social network on our website (operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; hereinafter "Instagram").

You can usually recognize the plugins by the "Instagram camera" icon. Other versions of the Instagram plugin can be viewed here:

http://blog.instagram.com/post/36222022872/introducing-instagram-badges

When you visit one of our web pages containing such a plugin, your browser establishes a direct connection to Instagram's servers and transmits the content of the plugin directly to your browser, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is sent directly from your browser to an Instagram server in the USA and stored there.

If you are logged into Instagram at the time of your visit, Instagram can directly associate your visit to our website with your Instagram profile. If you interact with a plugin (e.g., by clicking the "Instagram" button or commenting), this information is also transmitted directly to an Instagram server and stored there. These actions may be published on your Instagram profile and made visible to your Instagram contacts.

Our legitimate interest lies in the display of personalized advertising and in maximizing the financial potential of our website. The legal basis is Art. 6(1)(f) GDPR.

If you do not wish Instagram to associate data collected via our website with your Instagram profile, you must log out of Instagram before visiting our website. You can also block Instagram plugins using browser add-ons such as "NoScript"
http://noscript.net/

Meta Platforms, Inc., based in the USA, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with EU data protection standards.
More information can be found in Instagram's privacy policy:
https://instagram.com/about/legal/privacy/

9.2 LinkedIn as a Standard Plugin

We use social plugins ("plugins") of the LinkedIn social network on our website (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; hereinafter "LinkedIn").

You can usually recognize the plugins by the LinkedIn logo or the “Recommend” button.

When you access one of our web pages that includes such a plugin, your browser establishes a direct connection to LinkedIn’s servers and transmits the plugin content directly to your browser, even if you do not have a LinkedIn profile or are not currently logged into LinkedIn. This information (including your IP address) is transmitted directly from your browser to a LinkedIn server in the USA and stored there.

If you are logged into LinkedIn at the time, LinkedIn can directly associate your visit to our website with your LinkedIn profile. If you interact with a plugin (e.g., click the "LinkedIn" button), this information is also transmitted directly to a LinkedIn server and stored there. These actions may be published on your LinkedIn profile and shown to your LinkedIn contacts.

Continued – 9.2 LinkedIn as a Standard Plugin

Our legitimate interest lies in the display of personalized advertising and in maximizing the financial potential of our website. The legal basis is Art. 6(1)(f) GDPR.

LinkedIn's legitimate interest lies in the display of personalized advertising and in the tailored design of its services. The legal basis is Art. 6(1)(f) GDPR.

If you do not wish LinkedIn to associate the data collected via our website with your LinkedIn profile, you must log out of LinkedIn before visiting our website. You can also block the loading of LinkedIn plugins by using browser add-ons, such as the script blocker “NoScript”
http://noscript.net/

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details are available here:
https://de.linkedin.com/legal/l/dpa
LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy

10. Online Marketing

10.1 Use of Affiliate Programs
We participate in affiliate programs to promote our products and services through third-party partners.

10.2 Use of the Affiliate Program by Affiliatly

Our website uses the affiliate tracking tool Affiliatly, provided by Overcode Ltd., Konstantin Ognyanovich 16, Floor 2, 3000 Vratza, Bulgaria (hereinafter referred to as “Affiliatly”).

Affiliatly allows us to manage affiliate programs and track sales or leads referred by our affiliate partners.

Data Collected
If you access our site via an affiliate link, Affiliatly sets cookies to track your activity. The following data may be processed:

Referrer URL and affiliate ID
IP address (shortened or anonymized)
Time of visit
Order number and value (in case of a purchase)

Legal Basis
Processing is carried out in accordance with Art. 6(1)(f) GDPR, based on our legitimate interest in operating and optimizing our affiliate program. If consent is required (e.g., for cookie placement), processing is based on Art. 6(1)(a) GDPR.

Storage Duration and Right to Object
Cookies may remain stored for up to 30 days. You can object at any time by deleting the cookies in your browser or disabling third-party cookie storage.

We have entered into a data processing agreement with Affiliatly to ensure that your data is protected in accordance with legal requirements and is not disclosed to unauthorized third parties. The agreement can be viewed here:
https://www.affiliatly.com/legal-dpa

11. Web Analytics

Wix Analytics
We use Wix Analytics on our website, a service provided by Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel (hereinafter "Wix Analytics").

Wix Analytics collects and processes various user data to help us optimize our website and generate statistical reports. This includes, for example:

Login data
Time zone settings
Operating system
Platform information
Details about your visit, such as page views, session duration, search terms, loading times, and conversion rates

This data is collected through cookies, which are small text files stored on your device. These cookies allow your browser to be recognized during subsequent visits.

Without your express consent (Art. 6(1)(a) GDPR), these cookies are not set and no data is collected. You may revoke your consent at any time via our cookie consent tool.

Wix processes data in Israel. An adequate level of data protection is ensured by a corresponding adequacy decision by the European Commission.

More information on Wix’s privacy practices can be found at:
https://de.wix.com/about/privacy

We have concluded a data processing agreement with Wix to ensure the protection of your data in accordance with legal requirements:
https://de.wix.com/about/privacy-dpa-users/

Continued – 11. Wix Analytics

Wix Analytics collects and processes various user data to help us optimize our website and perform statistical analysis. This includes login data, time zone settings, the operating system used, platform information, and visit details such as accessed pages, session duration, search terms, load times, and conversion rates.

These data are collected using cookies, which are small text files stored on your device. They allow your browser to be recognized during future visits.

These cookies will not be set, and data will not be collected, without your express consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time through our cookie consent tool with future effect.

Wix processes data in Israel. An adequate level of data protection is ensured by the European Commission’s adequacy decision.

More information about data protection at Wix can be found here:
https://de.wix.com/about/privacy

We have concluded a data processing agreement with Wix to ensure that your data is protected in accordance with legal requirements and not shared with unauthorized third parties. This agreement can be found at:
https://de.wix.com/about/privacy-dpa-users/

12. Use of a Live Chat System – Wix Chat

We use the Wix Live Chat Tool on our website (Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel).

When you open the live chat, Wix temporarily collects your IP address at the beginning of the session to determine the country from which the chat was initiated. This allows us to provide visitors with customer support tailored to their needs. The IP address is collected solely for this purpose and is not stored permanently by Wix.

In addition, Wix stores the chat communication until the request is completed, i.e., when the chat is closed. Exceptionally, chat transcripts may be saved if required for legal defense or if a contract is initiated or concluded during the chat.

If the collected information includes personal data, it is processed based on our legitimate interest in providing effective customer service, in accordance with Art. 6(1)(f) GDPR. If your inquiry is related to the conclusion of a contract, the legal basis is additionally Art. 6(1)(b) GDPR.

For the transfer of data to Wix in Israel, an adequate level of data protection is ensured by a corresponding adequacy decision by the European Commission.

For more information about Wix's privacy policy, please visit:
https://de.wix.com/about/privacy

13. Tools and Other Services

13.1 Google reCAPTCHA

We use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google"), in accordance with Art. 6(1)(f) GDPR, based on our legitimate interest in preventing misuse and spam.

reCAPTCHA is a function used to verify whether data entries are made by a natural person.

The service transmits your IP address and, if necessary, other data required by Google for reCAPTCHA to Google.

Continued – 13.1 Google reCAPTCHA

When using Google reCAPTCHA, your personal data may also be transferred to the servers of Google LLC in the USA.

Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the data protection level applicable in the EU.
Further information on Google's privacy policies can be found at:
http://www.google.de/policies/privacy/
Additional details:
https://business.safety.google/privacy/

13.2 Google Web Fonts

To ensure a consistent presentation of fonts, we use Google Web Fonts, provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

When you visit our website, your browser loads the required web fonts into its cache to display text and fonts correctly.

To do this, your browser must connect to Google’s servers, which results in your IP address being transmitted to Google. In this process, your personal data may also be transferred to Google LLC servers in the USA.

The legal basis for this is your explicit consent under Art. 6(1)(a) GDPR.

If your browser does not support web fonts or you decline their use, a standard font from your device will be used.

More information about Google Web Fonts:
https://developers.google.com/fonts/faq

Google LLC is certified under the EU-U.S. Data Privacy Framework, ensuring compliance with EU data protection standards.
More information on Google's data protection policies:
http://www.google.de/policies/privacy/
https://business.safety.google/privacy/

13.3 Google Tag Manager

We use the Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager allows us to integrate tracking and statistical tools, as well as other technologies, into our website via so-called "tags." Tags are small code elements that do not themselves collect personal data but serve to manage and deploy tools that might do so — including browser data collectors, cookie integrations, or third-party scripts.

The Google Tag Manager itself does not create user profiles, store cookies, or conduct independent analytics. It is used solely for managing and displaying the tools integrated via it.

Your IP address is recorded by the Google Tag Manager and may be transferred to Google’s parent company in the United States.

The legal basis for using Google Tag Manager is your consent pursuant to Art. 6(1)(a) GDPR.

Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection according to EU standards.

14. Data Subject Rights

14.1 Under applicable data protection law, you have comprehensive rights with regard to the processing of your personal data. These rights are outlined below:

Right of Access (Art. 15 GDPR):
You have the right to obtain confirmation from the controller as to whether or not personal data concerning you is being processed. If so, you have the right to obtain access to the personal data and further information including the purpose of the processing, the categories of data, the recipients, the planned storage duration, your additional rights (e.g. rectification or complaint), the origin of the data (if not collected from you), the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the significance and consequences of such processing. You also have the right to be informed of the safeguards under Art. 46 GDPR when your data is transferred to third countries.

Right to Rectification (Art. 16 GDPR):
You have the right to have inaccurate personal data concerning you corrected and/or incomplete personal data completed without undue delay.
Right to Restriction of Processing (Art. 18 GDPR):
You have the right to request restriction of processing if:
- the accuracy of your data is contested (for the duration of verification),
- you oppose deletion due to unlawful processing and instead request restriction,
- we no longer need your data, but you require it for the establishment, exercise, or defense of legal claims,
- you have objected to processing under Art. 21(1) GDPR and it is not yet clear whether our legitimate grounds override yours.

Where processing is restricted, your personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another person or for reasons of important public interest of the Union or a Member State. You will be informed before the restriction is lifted.

Right to Erasure (Art. 17 GDPR):
You have the right to have your personal data erased without undue delay if the conditions under Art. 17(1) GDPR are met. However, this right does not apply, in particular, where the processing is necessary:
- for exercising the right of freedom of expression and information,
- for compliance with a legal obligation,
- for reasons of public interest,
- or for the establishment, exercise, or defense of legal claims.
Right to Notification (Art. 19 GDPR):
If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obliged to inform all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about those recipients.
Right to Data Portability (Art. 20 GDPR):
You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller, where technically feasible.
Right to Withdraw Consent (Art. 7(3) GDPR):
You have the right to withdraw your consent to the processing of your personal data at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to Object (Art. 21 GDPR):
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
Right to Lodge a Complaint (Art. 77 GDPR):
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

14.2 Right to Object

You have the right to object at any time, with effect for the future, to the processing of your personal data if it is carried out based on our legitimate interest following a balancing of interests (Art. 6(1)(f) GDPR).

If you exercise your right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

15. Duration of Personal Data Storage

The duration of the storage of personal data depends on the respective statutory retention periods.

After these periods expire, the data will be routinely deleted unless it is still required for the fulfillment or initiation of a contract, or unless we have a legitimate interest in continued storage.