Click here to switch to english language X

Privacy Statement

Our goal is that you should enjoy visiting our website. The protection of your private sphere and your privacy rights are therefore important to us. So we would like to ask you to read carefully the following summary of our website’s operating principles. You can be sure that our data processing is transparent and fair, and we make every effort to ensure the careful and responsible handling of your data.

In the following privacy statement we let you know how we use your personal data. We follow the strict provisions of German data protection law and the requirements under the European General Data Protection Regulation (GDPR).


1. Name and address of the controller

The controller as defined in the General Data Protection Regulation and other, national data protection legislation of the EU member states and additional data protection provisions is:

SPOOKS GmbH
Oberbech 8 | 51519 Odenthal | Germany
Tel +49 (0) 2202 96 96 1- 0 | Fax +49 (0) 2202 96 96 1- 99
Registration court: Cologne Amtsgericht [Local Court]
Registration number: HRB 73776
VAT-ID: DE 279517810
Management: Thekla Viktoria Dieckmann


2. Name and address of the data protection officer

The controller’s data protection officer is:

Heiko Deitz
Personally certified external data protection officer (TÜV)[Technischer Überwachungsverein, Technical Inspection Association]
Officer in ISMS according to ISO/IEC 27000 series
Steinenkamp 20
51469 Bergisch Gladbach
Tel.: 02202 9275880
Email: info@dedaco.de
Internet: www.dedaco.de


3. Scope of the processing of personal data

As a general principle, we collect and use your personal data only so far as this is necessary to maintain a functioning website and to provide our content and services, e.g. when you register on our website or log in to an existing customer account or order our products.

We treat the security of your personal data as a high priority. Hence, we protect the data relating to you that we hold, including through technical and organisational measures, that effectively prevent loss of the data or misuse by third parties. In particular, our staff members who process personal data are bound to maintain data secrecy and must comply with this obligation. In order to protect your personal information it is transmitted in encrypted form. For example, for communication via your internet browser, we use SSL=Secure Socket Layer. This is shown by the symbol of a padlock which your browser displays when there is an SSL connection. In order to ensure the long-term protection of your data, the technical security measures are regularly checked and where necessary upgraded to the latest technological standards. These principles also apply to companies that process and use data on our behalf and following our instructions.


4. Purpose of processing and legal basis for processing your personal data

We collect, process and use your personal data for the following purposes:

  • to establish and implement contracts
  • to distribute our newsletter
  • for marketing measures, e.g. to organise prize games
  • for customer service and customer support
  • to provide telemedia, e.g. for the processing of orders for our online range of goods and services

Processing of your personal data may be based on the following legal regulations:

  • Art. 6 (1) a) GDPR is the legal basis for data processing operations for which we obtain your consent to the processing of your data for a specific purpose.
  • Art. 6 (1) b) GDPR is the basis where processing is necessary for the performance of a contract, e.g. when you buy a product. This also applies to processing operations in order to take steps prior to entering into a contract, e.g. to answer enquiries about our products and services.
  • Art. 6 (1) c) GDPR where processing is necessary for compliance with a legal obligation to which we are subject requiring the processing of personal data, such as, for example, to comply with our tax obligations.
  • Art. 6 (1) d) GDPR where the processing of personal data is necessary in order to protect your vital interests or those of another natural person.
  • Art. 6 (1) f) GDPR where processing is necessary for the purposes of our legitimate interests, e.g. when we use service providers such as a shipping service to process orders, or in conducting statistical surveys and analyses and in recording registration procedures. Our interest is focused on deploying a user-friendly, attractive and secure presentation and on optimising our web services both to serve our commercial interests and to meet your expectations.

5. Length of storage and routine erasure of personal data

We process and save your personal data only for the period necessary to fulfil the purpose for which the data are saved or to the extent that this is envisaged by statute or in regulations. After the purpose has been met or no longer applies, your personal data will be erased or blocked. If the information is blocked, it will be erased as soon as there are no retention periods prescribed by law, our articles of association or contract that would oppose this, there is no reason to assume that erasure would impair your legitimate interests and erasure would not entail a disproportionate effort due to the particular type of storage.


6. Collecting general data and information, log files

Every time our website is visited, it collects a range of general data and information on the basis of Art. 6 (1) b) GDPR that are temporarily stored in a server’s log files. A log file is created in the course of an automatic record of the processing computer system. The following information can be collected:

  • access to the website (date, time and frequency)
  • how you came onto the website (previous page, hyperlink etc.)
  • amount of data sent
  • which browser and which browser version you use
  • the operating system you use
  • which internet service provider you use
  • your IP address allocated to your computer by your internet access provider when a connection to the internet is made

The collection and storage of these data is necessary to operate the internet page, to ensure the functionality of the website and to deliver the contents of our website correctly. The data also enable us to optimise our website and to ensure the security of our IT systems.


7. Cookies and web analysis services 

We use cookies in order to make the web pages more user-friendly and to create a service that is tailored as far as possible to the requirements of the individual user, and to analyse and use marketing opportunities. These cookies are not only placed on our website by us but also by third party providers operating on our behalf. When our website is called up, cookies are also placed that are stored beyond your current visit to our website (the so-called session).

By using our website you expressly declare that you consent to the use of cookies and the use of your personal data by our website to improve our internet services. This agreement includes your consent to SPOOKS GmbH’s use of service providers, such as Google Analytics, and the disclosure of data to them for this purpose.

You may withdraw your consent at any time and delete existing cookies by disabling and removing them via your internet browser. You can find more information on how to remove or disable cookies in your browser’s help texts or on the internet by using search terms such as e.g. “disable cookies” or “delete cookies”.

The legal basis for processing usage data for purposes of analysis is Art. 6 (1) a) GDPR.

To this end we use various cookies and services in order to ensure the functionality of our website and to provide you with a website that is as informative and user-friendly as possible. It is important to us that you are able to surf our website with ease and for this reason we place a high value on the optimisation of our website. This includes e.g. pre-completed fields in forms so that you need not re-enter all data every time and so that settings you have made can be saved. It is also important to us that only the contents of our website that are actually of interest to you are displayed to you so as to facilitate your online experience.

However, we never lose sight of the careful handling of your personal data. Therefore, you will find detailed information about the cookies and services we use on this website in the following sections. Naturally, you have the option of disabling all cookies and services by blocking or deleting cookies via your internet browser or by a separate deactivation through setting the cookie opt-out provided or by following the link provided. Please bear in mind that deactivation will be necessary for each browser you use. If you delete all the cookies in your browser, this also affects the corresponding opt-out cookie.

a) Functional cookies

Cookies are small text files that are placed in your browser through which settings and other changes you have previously made can be reconstructed when you next visit the website.

These functional cookies ensure that our website functions properly. These cookies are saved for a maximum of 2 years – thereafter, they are automatically deleted. The following functions, for example, are possible through the use of these cookies:

  • the storing of products you have placed in your shopping basket or on your wish list,
  • the storing of data entries you made during check out or while placing an order, so that you do not need to enter these data again,
  • the storing of pre-settings such as language, place, number of search results etc.,
  • the storing of settings for the optimal display of videos, e.g. desired buffer size and the resolution data for your screen,
  • the registering of your browser settings so as to optimise the presentation of our website on your screen,
  • the recognition of misuse of our websites and services, e.g. through registering a number of consecutive and failed registration attempts,
  • the even loading of the website so that the website remains accessible and
  • the saving of your log-in data so that you do not need to enter them again every time you visit.
  • You have the option of blocking these cookies and deleting cookies that have already been placed. Further information on this is available from the manufacturer or in the help function of your internet browser. However, we must point out that certain functions on our website will no longer be available, or will only be available to a limited extent, if you do not permit these functional cookies.


b) Analysis services for statistical purposes

In order to find out which contents of our website interest you the most, we continually measure the number of visitors and the contents that are most frequently viewed. We use these data for statistical purposes, for example

  • to record the number of visitors to our websites,
  • to record the time at which our website visitors visit the site,
  • to record the order in which various websites are visited,
  • to assess which parts of our website need to be adapted and
  • to optimise the websites.

We use the following services for statistical purposes. You can deactivate them by setting an opt-out cookie or by following a link:

- Use of Google (Universal) Analytics for web analysis
On our website we use Google (Universal) Analytics, a web analysis service of Google Inc. (www.google.de), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google (Universal) Analytics employs methods that make it possible to analyse your use of the website, such as so-called “cookies”, text files that are stored on your computer. The information that is created regarding your use of this website is generally transmitted to a Google server in the USA and stored there. By activating the IP anonymisation on this website, the IP address is abbreviated before the data are transmitted within the member states of the European Union or to other states which are party to the Agreement on the European Economic Area. The complete IP address is only transmitted to a Google server in the USA and abbreviated there in exceptional cases. The anonymised IP address transmitted by your browser in the frame of Google Analytics is not merged with other data held by Google.

You can prevent the data created by the cookie that relates to your use of the website (including your IP address) from being collected by and processed by Google, by downloading and installing the browser plug-in available under the following link:
http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plug-in, you can click on this link to prevent Google Analytics from recording activity on this website in future. If you do so, an opt-out cookie will be placed on your end device. If you delete your cookies, you will have to click on the link again.

The conditions of use and the privacy statements of Google and Google Analytics can be found under
http://www.google.com/analytics/terms/de.html or under
https://www.google.de/intl/de/policies/ or
https://support.google.com/analytics/answer/6004245?hl=de

This website uses the Google Analytics function “demographic characteristics”. Through this, reports can be created containing information on the age, gender and interests of the visitors to the website. These data are drawn from Google’s interest-based advertising and from the visitor data of third party providers. These data cannot be assigned to a specific person. You can disable this function at any time via the ad settings in your Google account, or you can generally prohibit your data from being recorded by Google Analytics, as described above with regard to the topic of “objecting to the collection of data”.

- Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords und Google DoubleClick. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
This function makes it possible to link the advertising target groups developed by Google Analytics Remarketing with the cross-device functions of Google AdWords and Google-DoubleClick. In this way, personalised advertising messages relating to your interests that have been tailored to your previous use and surfing behaviour on one end device (e.g. smartphone) can also be shown on another of your end devices (e.g. tablet or PC).
For this purpose, Google therefore links your web and app browser history to your Google account provided that you have given the corresponding consent. In this way, the same personalised advertising messages can be displayed on all end devices from which you access your Google account.

To support this function, Google Analytics records Google-authenticated user IDs that are temporarily linked to our Google Analytics data in order to define and develop target groups for cross-device advertising.
You can object permanently to cross-device remarketing/targeting by deactivating personalised advertising in your Google account. To do this, follow this link:
https://www.google.com/settings/ads/onweb/

Data processing in the frame of Google Analytics Remarketing is based on the grant of consent as set forth in Art. 6 (1) a) GDPR.

Further information and the data protection provisions can be found in Google’s privacy statement under:
https://www.google.com/policies/technologies/ads/

- Facebook pixel
We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.

This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).


8. Social Media Plug-ins

Apart from this website we also maintain a presence in various social media. If you visit us there, your personal data may be transmitted to the social network provider. It is possible that apart from storing the data you enter in this specific social medium, additional data may be collected, processed or used by the social network provider.

In addition, the social network provider may collect, process and use the most important data relating to the computer system via which you visit the social network, e.g. the IP address, the type of processor used and the browser version together with plug-ins. If you are logged in with your personal user account of the medium in question during your visit, the medium can assign your visit to this account. If you do not wish this assignment to be possible, you must log out of your account before you visit our website.

Please refer to the data protection provisions of the medium concerned for information on the purpose and scope of data collection by the medium, the further processing and use of your data and your rights in this regard.

The processing of data in this connection is based on Art. 6 (1) f) GDPR.

The following social media plug-ins are inserted in our website:

Facebook Like / Share
Operator: Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
https://de-de.facebook.com/about/privacy/

Instagram Social Plug-in
Operator: Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA
https://help.instagram.com/155833707900388/

a) Facebook

Plug-ins of the social network Facebook (provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA), are installed on our websites. You can recognise the Facebook plug-ins by the Facebook logo or the “Like” button on our website. You can find an overview of Facebook plug-ins here:
https://developers.facebook.com/docs/plugins/

When you visit our pages, the plug-in will create a direct connection between your browser and the Facebook server. In this way, Facebook receives the information that you visited our page with your IP address. If you click the Facebook “Like” button while you are logged in to your Facebook account, you can link the contents of our pages to your Facebook profile. If you do this, Facebook can assign the visit to our pages to your user account. Please note that as the provider of the websites we receive no information on the content of the transmitted data and the use Facebook makes of them. You can find further information on this in Facebook’s privacy statement at:
https://de-de.facebook.com/policy.php.

If you do not wish Facebook to be able to assign the visit to our pages to your Facebook user account, please log out of your Facebook user account before you use our website.

Processing of data in this connection is based on Art. 6 (1) f) GDPR.

b) Instagram

Functions of the Instagram service are installed on our pages. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. Through this, Instagram can assign the visit of our pages to your user account. Please note that as the provider of the websites we receive no information on the content of the transmitted data and the use Instagram makes of them.

You can find further information on this in Instagram’s privacy statement:
https://instagram.com/about/legal/privacy/

Processing of data in this connection is based on Art. 6 (1) f) GDPR.


9. Mailing of information on our services and special promotions and other news, e.g. newsletter

We use your data to send information you have ordered regarding our services and other actions of ours to the email address you have provided. This is done only with your prior consent or with legal permission. Consent to dispatch is on the basis of Art. 6 Abs. 1 a) and Art. 7 GDPR and Section 7, paragraph 3 UWG [Gesetz über den unlauteren Wettbewerb, Unfair Competition Act].

a) Newsletter registration on our website

On our website there is the option to subscribe to a free newsletter. When you register for the newsletter, information from the input mask is transmitted to us; this includes at the least your email address. Registration is by means of the so-called double opt-in procedure. After registration you will receive an email in which you are requested to confirm your registration. This confirmation is necessary so that no one can register using another person’s mail address. Your consent to the processing of the data is requested in the frame of the registration process which also refers to this privacy statement. The newsletter is distributed via “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients as well as further personal data of them described in this privacy statement are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. In addition, MailChimp, according to its own information, can use this information to optimise or improve its own services, e.g. to improve the distribution and presentation of the newsletter or for commercial purposes to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to contact them itself or to hand on the data to third parties.
We have confidence in MailChimp’s reliability and its IT and data security. MailChimp is certified under the EU-US data protection agreement “Privacy Shield” and has thus undertaken to comply with EU data protection provisions. In addition, we have concluded a “Data Processing Agreement” with MailChimp. This is an agreement in which MailChimp undertakes to protect our users’ data, to process these data on our behalf in accordance with its data protection regulations and in particular not to disclose the data to third parties. You can view MailChimp’s data protection regulations here. In some cases, we will direct newsletter recipients to MailChimp’s websites. For example, our newsletter contains a link through which the newsletter recipient can access the newsletter online (e.g. if there are display problems in the email programme). In addition, newsletter recipients can make subsequent corrections to their data, e.g. email address. Furthermore, MailChimp’s privacy statement is only available on its site.

b) Mailings in connection with the sale of goods and services

If you purchase goods or services on our website, we can send information on other, similar goods and services of ours to the email address you have provided, even without your consent.

Naturally, you may cancel receipt of this information at any time by withdrawing your consent with future effect. You will find a corresponding cancellation link in every mail and newsletter and you can confirm your cancellation on our website. You may also contact us at any time to withdraw your consent:

By email: datenschutz@spooks.de
By post: SPOOKS GmbH, Oberbech 8, 51519 Odenthal, Germany

Some notifications that are necessary to implement contracts and for the functioning of our website, e.g. information on our service (confirmation of registration, customer service information etc.) or on a fee-based package (e.g. order confirmation, contract documents, payment processing) cannot be cancelled. You will receive this information at the address you provide in your contact details.

c) Postal dispatch

We may also use your data to send information on our offers and promotions by post.


10. Processing of personal data during contact, registration or LiveChat

a) Contact

When you contact us by telephone, email or via a contact form, the data you provide (family name, first or given name, billing address, delivery address, email address, telephone number, date of birth) will be stored by us pursuant to Art. 6 (1) b) GDPR (processing of the enquiry) in order to answer your queries. A record is kept of the contact in order to be able to prove it in accordance with the legal requirements. The contact form requests your consent to the processing of the data and refers to this privacy statement. Information generated in this context is deleted by us when the specific conversation with you is over and the matter in question has been conclusively settled.

b) Registration

Our website offers you the option of registering which requires you to enter personal data. The data are entered in an input mask, transmitted to us and stored. Registration serves the performance of a contract or the taking of steps prior to entering into a contract and thus it is based on Art. 6 (1) b) GDPR.

In order to conclude and process contracts we require contact details. Depending on the specific case, these include name, delivery address, billing address and email address, and information on the form of payment you have selected. We also use your data to maintain our customer data base so that only accurate data are stored in it. To avoid typographical errors and to ensure that the items you order will be delivered to you, we check the completeness and accuracy of your address when you enter the data.

c) CRM System (Zendesk)

We use the ticket system "Zendesk", a customer service platform from Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, and the chat tool Zopim from Zendesk to process customer requests.

In order to process inquiries, necessary data such as surname, first name, postal address, telephone number, e-mail address are collected via our website in order to be able to respond to the need for information.

Zendesk is a certified participant of the so-called "Privacy Shield Framework" and thus fulfils the minimum requirements for legally compliant order data processing.

Zendesk uses user data only for the technical processing of enquiries and does not pass them on to third parties. In order to use Zendesk, it is necessary to provide at least a correct e-mail address. A pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address). The use of Zendesk is optional and serves to improve and accelerate our customer and user service.

More detailed information on data processing by Zendesk can be found in Zendesk's privacy policy at http://www.zendesk.com/company/privacy .

If you have any questions, please contact Zendesk's data protection officer at the following address: privacy@zendesk.com

If users contact us by e-mail, via the contact form or via chat on our website, we use the personal data transmitted only to process the specific request. The data provided will be treated confidentially. The data provided and the progress of messages with our Service Desk are stored for follow-up questions and later contacts. The data entered in the contact form will be processed on the basis of your consent (Art. 6 para. 1 lit. a DSGVO).

We have concluded a contract with Zendesk for order data processing and fully implement the strict requirements of the German data protection authorities when using Zendesk.

If users do not agree with the collection and storage of data in Zendesk's external system, we offer these users alternative contact options for submitting service requests by telephone, fax or post.

d) Other

Based on Art. 6 (1) c) and f) GDPR we use and store your personal data and technical information where this is necessary to prevent or prosecute misuse or other unlawful behaviour on our website, e.g. to maintain data security in the case of attacks against our IT systems. This also occurs where we are legally obliged to do so, e.g. by order of a public authority or court of law, and to exercise our rights and claims and for the defence of our rights.


11. Disclosure of data to third parties

When disclosing your personal data, we pay special attention to an optimal security level. Hence your data will only be forwarded to service providers and partner companies that have previously been carefully selected and bound by contract. In addition, we will only forward your data to entities that have an obligation to observe a corresponding level of protection.

a) Disclosure to product partners and suppliers under Art. 6 (1) b) GDPR

In the frame of the offer on our website we work together with various partner businesses for certain product groups. If you order products from these partners, we forward to them the personal data that you entered when you registered and when making other purchases, if applicable, or that you added under “My Account” (in particular, email address, delivery address and billing address) so that they can conclude and process the contracts.

b) Disclosure to service providers under Art. 6 (1) b) and f) GDPR

In operating and optimising our website and services and processing contracts, a number of service providers are active on our behalf, e.g. for central IT services or hosting our website, for payment and delivery of products or distribution of the newsletter, to whom we forward the data (e.g. name, address) they require to fulfil these functions.

Some of these companies work for us as contracted data processors and they may use the data made available to them only according to our instructions. In this case, we are responsible by law for appropriate data protection arrangements at the companies contracted to us. For this reason, we agree on specific data security measures with these companies and monitor them on a regular basis.

In contrast to contracted data processors, in the following cases we transmit data to third parties to be used at their own responsibility for the implementation of contracts:

  • when goods are delivered to logistics providers and the postal service provider indicated in the order,
  • on payment of goods to the payment service provider indicated in the order.

The following payment handling services are charged with processing payments on our website:

BS PAYONE (credit cards)

We have commissioned BS PAYONE GmbH, Fraunhoferstraße 2-4, 24118 Kiel, with processing credit card payments. To do this, BS PAYONE GmbH needs information on inter alia your name and address, your account number and bank sort code or credit card number (including the validity period), the invoiced amount and currency and the transaction number. BS PAYONE GmbH may use this information for the purpose of processing the payment and may disclose it to us. PAYONE has a duty to treat this information in accordance with German data protection law. You can read PAYONE GmbH’s privacy statement under
https://www.payone.de/datenschutz/ .
We have concluded a contract with PAYONE as a contracted data processor and in using PAYONE we fully implement the strict requirements of the German data protection authorities.

PayPal

On our website we offer the option of payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

If you select the option of payment via PayPal, the payment data you have entered will be forwarded to PayPal.

Transfer of the data to PayPal is on the basis of Art. 6 (1) b) GDPR (processing for the performance of a contract). You have the option of withdrawing your consent to the data processing at any time. Withdrawal of consent does not affect the validity of data processing operations that occurred in the past.

Klarna (purchase on account)

On our website we offer via PAYONE inter alia the option of paying through the services of Klarna. The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”).

Klarna offers various payment options (e.g. payment in instalments). If you wish to pay using Klarna (Klarna checkout option), Klarna will ask you to provide certain personal data. You can find details in Klarna’s privacy statement under the following link: https://www.klarna.com/de/datenschutz/.

Klarna uses cookies to optimise the use of the Klarna checkout option. Optimisation of the Klarna checkout option is a legitimate interest in the meaning of Art. 6 (1) f) GDPR. Details on the use of Klarna cookies can be found at the following link:
https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf

Transfer of your data to Klarna is on the basis of Art. 6 (1) b) GDPR (processing for the performance of a contract).

You have the option of withdrawing your consent to the data processing at any time. Withdrawal of consent does not affect the validity of data processing operations in the past.

Instant bank transfer

On our website we offer via PAYONE inter alia the option of paying by “instant transfer”. The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter “Sofort GmbH”).

Using the “instant transfer” process, we receive confirmation of payment in real time from Sofort GmbH and can proceed immediately to fulfil our obligations.

If you opt for the payment method “instant transfer”, you will send your PIN and a valid TAN to Sofort GmbH which enables the latter to log in to your online banking account. After logging in, Sofort GmbH automatically checks the balance of your account and makes the transfer to us using the TAN you have provided.

Besides the PIN and the TAN, the payment data you have entered and personal data are also transmitted to Sofort GmbH. The personal data includes your first name and family name, your address, telephone number(s), email address, IP address and where applicable other data necessary to process the payment. Transfer of these data is necessary in order to ascertain your identity beyond a doubt and to prevent attempts at fraud.

Transfer of your data to Sofort GmbH is on the basis of Art. 6 (1) b) GDPR (processing for the performance of a contract). You have the option of withdrawing your consent to the data processing at any time. Withdrawal of consent does not affect the validity of data processing operations in the past.

Details on payment by instant bank transfer can be found at the following link: https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de

c) Disclosure to third parties under Art. 6 (1) c) and f) GDPR

Finally, we shall disclose your data to third parties or government agencies within the framework of the existing data protection legislation if we are legally obliged to do so e.g. on the basis of the order of a public authority or a court of law, or if we are entitled to do so, e.g. because it is necessary for the prosecution of criminal acts or to assert and exercise our rights and claims.

d) Your rights

Naturally you have rights respecting the collection of your data, and we are pleased to inform you of these rights here. If you wish to assert one of the following rights, free of charge, simply send us a message. You can use the following contact information; the only costs that arise are the transmission costs at the basic rate:

by email: datenschutz@spooks.de or
by post: SPOOKS GmbH, Oberbech 8, 51519 Odenthal, Germany

For your own protection we reserve the right, when we receive a request, to obtain further information required to confirm your identity, and if identification is not possible we shall refuse to process the request. 

I. Right of access
You have the right to request information from us on the personal data we have stored about you.

II. Right to rectification
You have the right to request the rectification and / or completion of the personal data concerning you without undue delay.

III. Right to restriction of processing
You have the right to demand restriction of processing of your personal data if the accuracy of the data is contested by you, if the processing is unlawful but you oppose the erasure of the data, if we no longer need the personal data but you require them for the establishment, exercise or defence of legal claims, or if you have objected to processing.

IV. Right to erasure
You have the right to demand the erasure of personal data we have stored unless processing is necessary for exercising the right of freedom of expression and information, or for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

V. Right to notification
If you assert your right to rectification, erasure or restriction of processing, we shall notify all recipients to whom the corresponding personal data concerning you have been disclosed of this rectification or erasure of the data or the restriction of processing unless this should prove to be impossible or would involve disproportionate expense and effort.

VI. Right to data portability
You have the right to have the personal data you have provided to us issued to you or a third party in a structured, commonly used and machine-readable format. If you request direct transmission of the data to another controller this will only be done if it is technically feasible.

VII. Right to object
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 (1) f) GDPR, you have the right under Art. 21 GDPR to object to processing at any time.

VIII. Right to withdraw consent
You have the right to withdraw your consent to the collection of data at any time with future effect. Data collected until the withdrawal becomes legally binding will not be affected by this. Please be aware that for technical reasons it may take a short while to implement your withdrawal and that in the meantime you may still continue to receive notifications from us.

IX. Right to complain to a supervisory authority
If the processing of your personal data infringes data protection law or if your data protection rights are otherwise violated, you can make a complaint to the competent supervisory authority.

The quickest, simplest and most convenient way for you to assert your rights to rectification and erasure is by logging in to your customer account and directly processing or erasing your data that are stored there. Please note that once you have erased your data the services of our product partners will also no longer be available via our website. This includes inter alia re-download options. Therefore, you should back up your data before asserting a claim to erasure. Data that we are required to store due to retention obligations under law, our articles of association or contract, will be blocked instead of erased in order to prevent their use for other purposes.


12. Links to internet pages of other businesses

Our website includes links to the internet pages of other businesses. We are not responsible for the data protection arrangements on external websites you can access via these links. Information on the data protection policy of these external websites can be found at these sites.


13. Changes to the privacy policy

In order to ensure that our privacy policy is always in accordance with the current legal requirements we reserve the right to make changes at any time. This also applies in the event that the privacy policy needs to be adapted due to new or revised offers and services.