top of page

Data protection

We only process personal data (hereinafter mostly referred to as "data") to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there. According to Art. 4 paragraph 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as "GDPR"), "processing" means any operation or set of operations carried out with or without the aid of automated procedures in connection with personal data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.

With the following data protection declaration, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide on the purposes and means of processing either alone or jointly with others. In addition, we inform you below about the third-party components we use for optimization purposes and to improve the quality of use, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as responsible parties
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as responsible parties

The responsible provider of this website in terms of data protection law is:

SNAP GmbH

Gesundheitscampus-Süd 17

44801 Bochum

Germany

Phone: +49 234 54507060

Fax: +49 234 54507069

E-Mail: post@snap-gmbh.com

 

The provider’s data protection officer is: Mr. Tobias Jokiel

Email: data protection officer@snap-gmbh.com

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

  • to confirmation as to whether data concerning them is being processed, to information about the data being processed, to further information about the data processing and to copies of the data (see also Art. 15 GDPR);

  • to rectification or completion of incorrect or incomplete data (see also Art. 16 GDPR);

  • to the immediate erasure of data concerning them (see also Art. 17 GDPR), or, alternatively, if further processing is necessary pursuant to Art. 17 Para. 3 GDPR, to the restriction of processing in accordance with Art. 18 GDPR;

  • to receive the data concerning them and provided by them and to transmit this data to other providers/controllers (see also Art. 20 GDPR);

  • to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in violation of data protection regulations (see also Art. 77 GDPR).

 

Furthermore, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing carried out pursuant to Articles 16, 17 (1) and 18 of the GDPR. However, this obligation does not apply if this notification is impossible or involves disproportionate expenditure. Notwithstanding this, the user has a right to information about these recipients.

Likewise, according to Art. 21 GDPR, users and data subjects have the right to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6 (1) (f) GDPR. In particular, an objection to data processing for the purposes of direct advertising is permissible.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, there are no statutory retention periods that prevent the deletion of the data and no other information is provided below regarding individual processing procedures.

server data

For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted to us or to our web space provider through your Internet browser. These so-called server log files collect, among other things, the type and version of your Internet browser, the operating system, the website from which you accessed our Internet presence (referrer URL), the website(s) of our Internet presence that you visit, the date and time of each access, and the IP address of the Internet connection from which you access our Internet presence.

The data collected in this way will be stored temporarily, but not together with other data about you.

This storage is carried out on the legal basis of Art. 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted after seven days at the latest, unless further storage is required for evidentiary purposes. Otherwise, the data will be fully or partially exempt from deletion until the incident has been finally resolved.

Cookie Manager

To obtain consent to use cookies that are not technically necessary on the website, the provider uses a cookie manager.

When the website is accessed, a cookie with the setting information is stored on the user's device so that the user does not have to provide consent on subsequent visits.

The cookie is required to obtain legally compliant consent from the user.

The user can prevent or stop the installation of cookies by adjusting his browser settings.

cookies

a) Session cookies

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are stored on your device by the Internet browser you use. These cookies process certain information about you on an individual basis, such as your browser or location data or your IP address.

This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.

The legal basis for this processing is Art. 6 Para. 1 lit b.) GDPR, provided that these cookies process data for the purpose of initiating or executing a contract.

If the processing does not serve to initiate or execute a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.

When you close your Internet browser, these session cookies are deleted.

Cookies

b) Third-party cookies

Our website may also use cookies from partner companies with whom we work for the purposes of advertising, analysis or the functionality of our website.

For details, in particular the purposes and legal basis for processing such third-party cookies, please see the information below.

c) Possibility of removal

You can prevent or restrict the installation of cookies by adjusting the settings on your Internet browser. You can also delete cookies that have already been saved at any time. The steps and measures required to do this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation for your Internet browser, or contact the manufacturer or support. However, in the case of so-called Flash cookies, processing cannot be prevented via the browser settings. Instead, you must change the settings on your Flash player. The steps and measures required to do this also depend on the specific Flash player you are using. If you have any questions, please use the help function or documentation for your Flash player, or contact the manufacturer or user support.

However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website are fully usable.

customer account / registration function

If you create a customer account with us via our website, we will collect and store the data you entered during registration (e.g. your name, address or email address) exclusively for pre-contractual services, for the performance of the contract or for the purpose of customer care (e.g. to provide you with an overview of your previous orders with us or to be able to offer you the so-called wish list function). At the same time, we then store the IP address and the date and time of your registration. This data will of course not be passed on to third parties.

 

As part of the further registration process, your consent to this processing will be obtained and reference will be made to this data protection declaration. The data we collect will be used exclusively to provide the customer account. If you consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for the processing.

 

If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Art. 6 (1) (b) GDPR.

You can revoke your consent to open and maintain a customer account at any time with future effect in accordance with Art. 7 Paragraph 3 GDPR. All you have to do is notify us of your revocation.

The data collected in this regard will be deleted as soon as processing is no longer necessary. However, we must observe retention periods under tax and commercial law.

contact requests / contact options

If you contact us via the contact form or email, the data you provide will be used to process your request. Providing the data is necessary to process and answer your request - without it, we cannot answer your request or can only answer it to a limited extent. The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR.

Your data will be deleted if your request has been conclusively answered and there are no statutory retention periods that prevent deletion, such as in the case of any subsequent contract processing.

contact requests / contact options

If you contact us via the contact form or email, the data you provide will be used to process your request. Providing the data is necessary to process and answer your request - without it, we cannot answer your request or can only answer it to a limited extent. The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR.

Your data will be deleted if your request has been conclusively answered and there are no statutory retention periods that prevent deletion, such as in the case of any subsequent contract processing.

user contributions, comments and ratings

We offer you the opportunity to publish questions, answers, opinions or evaluations, hereinafter referred to as "contributions", on our website. If you take advantage of this offer, we will process and publish your contribution, the date and time of submission and any pseudonym you may use.

The legal basis for this is Art. 6 (1) lit. a) GDPR. You can revoke your consent at any time with future effect in accordance with Art. 7 (3) GDPR. All you have to do is inform us of your revocation.

In addition, we also process your IP and email address. The IP address is processed because we have a legitimate interest in initiating or supporting further steps if your contribution infringes on the rights of third parties and/or is otherwise unlawful.

The legal basis in this case is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the legal defense that may be necessary.

subscription to articles

If you publish contributions on our website, we also offer you the opportunity to subscribe to any follow-up contributions from third parties. In order to be able to inform you about these follow-up contributions by email, we process your email address.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent to this subscription at any time with future effect in accordance with Art. 7 Para. 3 GDPR. To do so, you simply have to inform us of your revocation or click on the unsubscribe link contained in the respective email.

 

Online job applications / publication of job advertisements

We offer you the opportunity to apply to us via our website. With these digital applications, your applicant and application data will be collected and processed electronically by us to handle the application process. The legal basis for this processing is Section 26 Paragraph 1 Sentence 1 BDSG in conjunction with Article 88 Paragraph 1 GDPR.

 

If an employment contract is concluded after the application process, we will store the data you submitted during the application process in your personnel file for the purposes of the usual organizational and administrative process – of course in compliance with any further legal obligations.

The legal basis for this processing is also Section 26 Paragraph 1 Sentence 1 BDSG in conjunction with Article 88 Paragraph 1 GDPR. If an application is rejected, we automatically delete the data sent to us two months after notification of the rejection. However, the data will not be deleted if the data requires longer storage of up to four months or until the conclusion of legal proceedings due to legal provisions, e.g. due to the burden of proof under the AGG.

The legal basis in this case is Art. 6 Para. 1 lit. f) GDPR and Section 24 Para. 1 No. 2 BDSG. Our legitimate interest lies in legal defense and enforcement.

If you expressly consent to your data being stored for a longer period, e.g. for your inclusion in an applicant or prospective customer database, the data will be further processed based on your consent. The legal basis is then Art. 6 Para. 1 lit. a) GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 Para. 3 GDPR by notifying us with effect for the future.

contract execution

The data you provide to use our range of goods and/or services will be processed by us for the purpose of contract execution and are necessary for this purpose. Contract conclusion and contract execution are not possible without the provision of your data.

The legal basis for the processing is Art. 6 Para. 1 lit. b) GDPR.

We delete the data once the contract has been fully processed, but we must observe the retention periods under tax and commercial law.

As part of the contract processing, we will pass on your data to the transport company commissioned to deliver the goods or to the financial service provider, insofar as the transfer is necessary for the delivery of the goods or for payment purposes.

The legal basis for the transfer of data is then Art. 6 Para. 1 lit. b) GDPR.

 

Sample data protection declaration of the law firm Weiß & Partner

Customer Relationship Management (CRM)

We use HubSpot exclusively as a CRM system to manage certain customer data. The provider, HubSpot Inc. is based at 25 First Street, Cambridge, Massachusetts, USA (hereinafter referred to as ‘HubSpot’). HubSpot offers a comprehensive platform for customer relationship management (CRM). The customer data collected by us is used exclusively to manage our customer relationships and is stored in HubSpot.
The data collected by HubSpot may be stored on servers worldwide, including in the USA. For further details, please refer to HubSpot's privacy policy: https://legal.hubspot.com/de/privacy-policy. The transfer of data to the USA and other third countries takes place in accordance with the standard contractual clauses of the European Commission or similar guarantees in accordance with Article 46 of the General Data Protection Regulation (GDPR). Further information on this can be found at https://legal.hubspot.com/de/dpa.
The use of HubSpot is based on Article 6(1)(f) GDPR. We have a legitimate interest in managing our customer relationships. If necessary, processing takes place processing is carried out exclusively on the basis of your consent in accordance with Article 6 paragraph 1 lit. a
GDPR and Section 25(1) of the German Telemedia Act (TMG), insofar as this authorises the storage of cookies or
access to information on your end device (e.g. device fingerprinting) in accordance with TMG includes. This consent can be revoked at any time. HubSpot is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards when processing data in the USA. Every company that is certified under the DPF undertakes to comply with these standards. Further information can be obtained from the provider at the following link: https://www.privacyshield.gov/participant id=a2zt0000000TN8pAAG&status=Active.

Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract that is prescribed by data protection law and contract, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.


Hosting
We host the content of our website with the following provider. The provider is Wix.com Ltd, 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter ‘WIX’). WIX is a tool for creating and hosting websites. When you visit our website, WIX is used to analyse user behaviour, visitor sources, the region of website visitors and visitor numbers are analysed. WIX stores cookies on your browser, which are used required to display the website and to ensure security (necessary cookies). The data collected by WIX may be stored on various servers around the world. The WIX servers are located in the USA, among other places. For details, please refer to the WIX privacy policy: https://de.wix.com/about/privacy. According to WIX, data transfer to the USA and other third countries is based on the standard contractual clauses of the EU Commission or comparable guarantees in accordance with Art. 46 GDPR supported. Details can be found here: https://de.wix.com/about/privacy-dpa-users.
The use of WIX is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent authorises the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. The company is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States, which aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail contact=true&id=a2zt0000000GnbGAAS&status=Active


Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law which contract that guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.


Event data
We use Eventbrite exclusively to manage event data. The provider, Eventbrite, is based at 155 5th St, Floor 7, San Francisco, CA 94103, USA (hereinafter ‘Eventbrite’). Eventbrite offers a comprehensive platform for managing events and ticket sales. The event data collected by us is used exclusively for the organisation of our organisation of our events and are stored in Eventbrite. In order to use the event management system, necessary cookies are stored in your browser. The data collected by Eventbrite may be stored on servers worldwide, including in the USA. For further details, please refer to the privacy policy of
Eventbrite:https://www.eventbrite.com/support/articles/de_DE/Troubleshooting/datenschutzrichtlinie-von-eventbrite?lg=en_DE. The transfer of data to the USA and other third countries takes place in accordance with the
standard contractual clauses of the European Commission or similar guarantees in accordance with Article 46 of the General Data Protection Regulation (GDPR). Further information on this can be found at https://www.eventbrite.com/support/articles/de_DE/Troubleshooting/datenschutzrichtlinie-von-eventbritelg=en_DE#7. The use of Eventbrite is based on Article 6(1)(f) GDPR. We have a legitimate interest in the organisation of our events. If necessary, the processing is carried out exclusively on the basis of your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) of the German Telemedia Act (TMG), insofar as this permits the storage of cookies or the access to information on your end device (e.g. device fingerprinting) in accordance with the TMG.

 

This consent can be withdrawn at any time.
Eventbrite is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when processing data in the US. Any company certified under the DPF commits to adhering to these standards.
For more information, please visit the provider's website at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active.

 

Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law that ensures the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

This consent can be withdrawn at any time.
Eventbrite is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when processing data in the US. Any company certified under the DPF commits to adhering to these standards.
For more information, please visit the provider's website at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active.


 

Social media

1. presence in social media: We maintain profiles or fan pages in social media. When you use and access our profile in the respective network, the respective data protection notices and terms of use of the respective network or social media platform apply.

We are not the operator of this social media platform. The platform you use is another controller that processes data without our direct involvement.

In the context in which we carry out data processing via this platform, we comply with all relevant data protection regulations without exception. Furthermore, we endeavour to ensure that the operator of the social media platform complies with data protection regulations to the best of our ability and knowledge. As a rule, however, the data processing by the operator of the social media platform is beyond our knowledge and it is not possible for us to exert any influence in these cases. For this reason, the description of the data categories and the corresponding processing under point 2 is not conclusive in terms of content and merely reflects our current state of knowledge.

2. data categories and description of data processing: usage data, contact data, content data, inventory data. Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, based on the
user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks. In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

 

3. Purpose of processing: Communication with the users connected and registered on the social networks; information and advertising for our products, offers and services; public image and image management; evaluation and analysis of users and content of our social media presence.
services; external presentation and image cultivation; evaluation and analysis of the users and content of our social media presence.
 
4. legal basis: The legal basis for the processing of personal data is our legitimate interest in the above purposes in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. If you have given us or the controller of the social network consent to the processing of your
processing of your personal data, the legal basis is Art. 6 para. 1 sentence 1 lit.
a) in conjunction with. Art. 7 GDPR.
 
5. data transmission/recipient category: Social network.

 

6. the data protection notices, information options and opt-out options of the respective networks / service providers can be found here:
(1) Facebook - service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland); Website: www.facebook.com; Privacy Policy:
https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com;
 
Objection:
https://www.facebook.com/help/contact/2061665240770586; Agreement on joint processing of personal data on Facebook pages (Art. 26 GDPR):
https://www.facebook.com/legal/terms/page_controller_addendum, Data protection information for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
We are jointly responsible with Facebook for our fan page in accordance with Art. 26 GDPR. For this purpose, an agreement called ‘Information on Page Insights’, available at https://www.facebook.com/legal/terms/page_controller_addendum, has been concluded, according to which Facebook must observe certain security measures and will also directly fulfil the rights of data subjects itself. You can therefore also contact Facebook directly regarding information rights and deletion. Your rights as a data subject, in particular information, erasure, objection and
to the competent supervisory authority, are not affected by this. Further information on joint responsibility can be found in the ‘Information on Page Insights data’ at
https://www.facebook.com/legal/terms/information_about_page_insights_data.
(2) Instagram - service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour,nDublin 2, Ireland) - privacy policy/opt-out: https://help.instagram.com/519522125107875, objection: https://help.instagram.com/contact/186020218683230; agreement on joint processing of personal data on Instagram pages (Art. 26 GDPR):
https://www.facebook.com/legal/terms/page_controller_addendum.
(3) LinkedIn - service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) - Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy and Opt-Out:
https://www.linkedin.com/legal/cookie-policy.

Use of Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics allows us to analyze and improve the usage of our website.

Legal Basis

The processing of your data is based on your voluntary consent in accordance with Art. 6(1)(a) GDPR. No tracking via Google Analytics will take place without your consent.

What Data is Processed?

Google Analytics uses cookies that enable an analysis of your website usage. The following data is collected:

  • Anonymized IP address (truncated by the last octet)

  • Pages visited and time spent on the site

  • Visitor origin (referrer)

  • Device type, operating system, and browser type

  • Location (approximate geographic region based on anonymized IP data)

IP Anonymization

We have implemented the anonymizeIP function on this website. This means that your IP address is truncated before being transmitted to Google, ensuring that it cannot be directly linked to you.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with Google to ensure that your data is processed in compliance with GDPR requirements.

Data Transfer to Third Countries

 

Data may be transferred to the United States. To protect your data, Standard Contractual Clauses (SCCs) have been agreed upon with Google to ensure an adequate level of data protection.

Objection & Withdrawal of Consent

You can withdraw your consent at any time via our Consent Management Tool. Alternatively, you can prevent data collection by Google Analytics by using the Google Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout.

For more information on Google’s data processing, please refer to Google’s Privacy Policy: https://policies.google.com/privacy.

bottom of page