Privacy policy on the use of data on JUMiNGO

Data protection is a matter of trust and your trust is important to us. We respect your privacy and personal sphere. The protection and legally compliant collection, processing and use of your personal data is therefore an important concern for us. To ensure that you feel secure when visiting our website, we strictly observe the statutory provisions when processing your personal data and would like to inform you here about our data collection and data use.

1. Responsible body

JUMiNGO GmbH, Breslauer Platz 4, 50668 Cologne (hereinafter: "JUMiNGO" or "we") is responsible for the collection, processing and use of your personal data within the meaning of the General Data Protection Regulation (GDPR). If you wish to object to the collection, processing or use of your data by JUMiNGO in accordance with these data protection provisions as a whole or for individual measures, you can send your objection by e-mail, fax or letter to the following contact details

JUMiNGO GmbH
Data Protection Department
Breslauer Platz 4
50668 Cologne
Fax: +49 (0) 221 980 44 997
E-mail: datenschutz@jumingo.com

In addition, you can obtain information about the data stored by us free of charge at any time (see also section 11).

2. Data protection officer

If you have any questions and/or suggestions on the subject of data protection, you can contact our data protection officer directly at any time. You can reach our data protection officer at the following contact details

nyr Law Rechtsanwaltsgesellschaft mbH

Riehler Str. 33
50668 Köln
Fax: +49 (0) 221 980 44 997
E-mail: datenschutzbeauftragter@jumingo.com

3. Collection and use of general data

This website collects a range of general data and information each time it is accessed by a user. This general data and information is stored in the log files of our servers. This primarily involves the following data:

Browser types and versions used,
the operating system used by the accessing system
the website from which an accessing system reaches this website (so-called referrer)
the sub-websites that are accessed via an accessing system on this website
the date and time of access to the website
the IP address and the geolocation,
the internet service provider of the accessing system and
other similar data and information used for security purposes in the event of attacks on our information technology systems.

When using this general data and information, JUMiNGO does not draw any conclusions about the data subject. JUMiNGO requires this general data in order to

deliver the content of this website correctly
optimise the content of this website and the advertising for it
ensure the long-term functionality of our information technology systems and the technology of this website, and
to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

This anonymously collected data and information is therefore analysed by JUMiNGO both statistically and with the aim of increasing data protection and data security. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. The web servers used by JUMiNGO GmbH are located in a data centre of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The servers are located in Germany (zone europe-west3-a, data centre in Frankfurt, Germany).

4. Collection, processing and use of personal data

4.1 Personal data

Personal data is information about the factual or personal circumstances of an identified or identifiable natural person. This includes, for example, your name, telephone number, address and all inventory data that you provide to JUMiNGO as part of the registration process or as part of your order. This does not include statistical data that we collect, for example, when you visit our website and which cannot be directly linked to your person. These are, for example, statistics about which pages of our website are particularly popular or how many users visit certain pages of the JUMiNGO website.

4.2 Customer account

After registration or after completion of the first order, we set up a password-protected, direct access to the inventory data stored by us (customer account) for each customer. JUMiNGO provides an initial password for this purpose and sends it to the e-mail address you have provided.

After receiving the initial password, we recommend that every customer create a personal password for security reasons. You can change your password at any time in your customer account under the menu item "Settings".

You undertake to treat your personal access data confidentially and not to make it accessible to unauthorised third parties. We cannot accept any liability for misused passwords unless we are responsible for the misuse. If you do not log out, you will automatically remain logged in for a maximum of one year. This is the lifetime of the cookie required for this purpose. Each time you visit the website, the cookie lifespan is extended again and you remain logged in until you log out or have not visited our website for at least one year (end of cookie lifespan). This function basically allows you to use our services without having to log in again each time.

In addition, you can view data about your completed, open and recently sent orders in your customer account, as well as manage your data and message settings.

If you use our portal, we will store your data required to fulfil the contract and details of your payment method until you permanently delete your account. We also store the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

4.3 Contact form

If you send us an enquiry via the contact form in our help section, via chat or by email, your details, including the contact details you provide, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains. Mandatory statutory provisions - in particular retention periods - remain unaffected by this.

We use the CRM system "Zendesk", provided by Zendesk, Inc, 989 Market Street 300, San Francisco, CA 94102, USA, to process your enquiries faster and more efficiently (legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR).

Due to the transfer of data to recipients in third countries (USA), additional protective measures must be taken to ensure an adequate level of data protection. We have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c) GDPR and also endeavour to take appropriate technical and organisational protective measures as well as contractual assurances from the recipient in the third country with regard to ensuring data security.

Further information can be found in Zendesk's privacy policy.

4.4 Collection, processing and use of your personal data

Data protection is very important to us. We therefore strictly adhere to the statutory provisions of the Data Protection Act when collecting, processing and using your personal data. We collect, store and process your data for the entire processing of your order, including any subsequent warranties, for our services, technical administration and for our own marketing purposes. Your personal data will only be passed on or transmitted to third parties if this is necessary for the purpose of contract processing or invoicing or if you have given your prior consent. As part of order processing, for example, the service providers we use (such as carriers, logistics companies, banks) receive the necessary data for order and order processing. The data passed on in this way may only be used by our service providers to fulfil their tasks. Any other use of the information is not permitted and does not take place with any of the service providers entrusted by us.

We require the complete sender and delivery address for your order. We require your name, address and payment details for invoicing purposes. We need your e-mail address so that we can confirm receipt of your order and communicate with you. If the service you have ordered requires a consignment note, this will also be sent to you by e-mail. We also use your e-mail address for your identification (customer login). Your personal data will be deleted unless statutory retention obligations prevent this and if you have asserted a claim for deletion, if the data is no longer required to fulfil the purpose for which it was stored or if its storage is inadmissible for other legal reasons.

4.5 Use of your data for advertising purposes

If you are already a customer of JUMiNGO GmbH, we will also process the contact data you provide during the ordering process in order to inform you about our own similar goods and services (advertising to existing customers).

The legal basis for the processing of your contact data for existing customer advertising is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR in conjunction with Section 7 para. 3 UWG. In addition, you will be sent information about the collection and delivery of the consignments you have ordered by e-mail. This can be deactivated at any time in the customer area.

You can revoke your consent at any time with effect for the future by clicking on the corresponding opt-out link at the end of the email or by sending us an email to datenschutz@jumingo.com informing us of your revocation. In this case, only your e-mail address will be stored in a so-called "blacklist". The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

5. Cookies

Accepting cookies is not a prerequisite for visiting our website. However, we would like to point out that our website and our service will only offer limited functionalities if you do not allow us to set cookies.

5.1 What are cookies?

Cookies are small files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. There are basically two different types of cookies, so-called session cookies, which are deleted as soon as you close your browser, and temporary/permanent cookies, which are stored on your data carrier for a longer period of time or indefinitely. This storage helps us to customise our website and our offers for you and makes it easier for you to use, for example by saving certain entries you make so that you do not have to keep repeating them.

5.2 Which cookies does JUMiNGO use?

Most of the cookies we use are automatically deleted from your hard drive at the end of the browser session (hence session cookies). Session cookies are required, for example, to offer you the shopping basket function across several pages. We also use cookies that remain on your hard drive. When you visit our website again, it is then automatically recognised that you have already visited our website and which entries and settings you prefer. These temporary or permanent cookies (lifespan 1 month to 10 years) are stored on your hard drive and delete themselves after the specified time. These cookies in particular serve to make our website more user-friendly, effective and secure. Thanks to these files, it is possible, for example, to display information on the site that is specifically tailored to your interests. The sole purpose of these cookies is to customise our offer to your wishes in the best possible way and to make your visit to our website as convenient as possible.

5.3 What data is stored in the cookies?

Only pseudonymised data is stored in the cookies used by JUMiNGO. When the cookie is activated, it is assigned an identification number. However, no assignment of your personal data to this identification number is made. Your name, IP address or similar data that would enable the cookie to be assigned to you are not stored in the cookie. Based on the cookie technology, we only receive pseudonymised information, for example about which pages of our website have been visited, which products have been viewed, etc.

5.4 What is on-site targeting?

On the JUMiNGO website, data is collected on the basis of cookie technology to optimise our advertising and the entire online offering. This data is not used to identify you personally, but is used solely for pseudonymised analysis of the use of our website. At no time will your data be merged with the personal data stored by us. With this technology, we can present you with adverts and/or special offers and services whose content is based on information that we have obtained through the clickstream analysis (for example, adverts that are aimed at the fact that only sports shoes have been viewed in the last few days). Our aim here is to make our online offering as attractive as possible for you and to present you with offers that match your areas of interest.

5.5 Are there also cookies from third-party providers (so-called third-party cookies)?

JUMiNGO uses a number of partners who help to make our online offering and our website more interesting for you. Therefore, cookies from partner companies are also stored on your hard drive when you visit the website. These are temporary/permanent cookies that are automatically deleted after the specified time. These temporary or permanent cookies (lifespan 14 days to 10 years) are stored on your hard drive and delete themselves after the specified time. The cookies of our partner companies also only contain pseudonymised, usually even anonymous data. This includes, for example, data on which products you have viewed, whether something has been purchased, which products have been searched for, etc. Some of our advertising partners also collect information beyond the website about which pages you have previously visited or which products you were interested in, for example, in order to be able to show you advertising that best matches your interests. This pseudonymised data is never merged with your personal data. Its sole purpose is to enable our advertising partners to target you with adverts that may actually be of interest to you.

5.6 Re-targeting

Our website uses so-called re-targeting technologies. We use these technologies to make our website more interesting for you. This technology makes it possible to target internet users who have already shown an interest in our website and our services with adverts on our partners' websites. We are convinced that the display of personalised, interest-related advertising is generally more interesting for the Internet user than advertising that has no such personal reference. These advertisements are displayed on our partners' websites on the basis of cookie technology and an analysis of previous user behaviour. This form of advertising is completely pseudonymous. No user profiles are merged with your personal data.

5.7 How can you prevent the storage of cookies?

You can set your browser to only accept the storage of cookies if you agree to this. If you only want to accept the JUMiNGO cookies, but not the cookies of our service providers and partners, you can select the "Block third-party cookies" setting in your browser. As a rule, the help function in the menu bar of your web browser will show you how to reject new cookies and switch off cookies you have already received. We recommend that you always log out completely when you have finished using shared computers that are set to accept cookies.

6. Log files

Every time the JUMiNGO website is accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files (see section 3). The IP addresses of the users are deleted or anonymised after the end of use. In the case of anonymisation, the IP addresses are changed in such a way that the individual details about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or only with a disproportionate amount of time, cost and labour. We evaluate these log file data records in anonymised form in order to further improve our offer and our website and make it more user-friendly, to find and correct errors more quickly and to control server capacities.

7 Web analysis, third-party tools

7.1 Google Analytics 4

Google Analytics 4 is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Google LLC, ("Google"). Google Analytics uses cookies, i.e. text files that are stored on your computer and enable Google to analyse the use of our website. The information collected by the cookie about the use of our website (including your IP address) is usually transferred to a Google server in the USA and stored there. We also use the User ID function, which is used to assign a permanent and unique ID to one or more sessions and activities within the sessions. This allows user behaviour to be analysed across devices.

For your protection, however, we naturally use the anonymisation function ("IP masking"), which means that Google truncates the IP addresses by the last octet within the EU/EEA. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information to analyse your use of our website, to compile reports on website activity for us and to provide us with other services relating to the use of the website and the Internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. A transfer of this data by Google to third parties only takes place on the basis of legal regulations or in the context of order data processing. Under no circumstances will Google combine your data with other data collected by Google. We use Google Tag Manager to simplify the administration of the tool.

For these cases, Google has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has thus promised to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard contractual clauses with Google, the purpose of which is to maintain an appropriate level of data protection in the third country.

The legal basis for the processing of your personal data is your express, active consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You have the option to withdraw your consent at any time with effect for the future. For this purpose, you can prevent the collection of data generated by the cookie and related to your use of this website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available here. You can find more information on data protection and Google Analytics 4 at the following link.

7.2 Google Analytics Universal

We also use Google Analytics Universal, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of our use of this tool is to enable us to analyse user interactions on websites and in apps and to use the statistics and reports obtained to improve our offering and make it more interesting for you as a user.

We primarily record the interactions between you as a user of the website and our website using cookies, device/browser data, IP addresses and website or app activities. Your IP addresses are also recorded in Google Analytics to ensure the security of the service and to provide us as the website operator with information about the country, region or location from which the respective user originates (so-called "IP location determination"). For your protection, however, we naturally use the anonymisation function ("IP masking"), which means that Google truncates the IP addresses by the last octet within the EU/EEA. We use Google Tag Manager to simplify the administration of the tool.

Google acts as a processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. For these cases, Google has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has thus promised to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard contractual clauses with Google, the purpose of which is to maintain an appropriate level of data protection in the third country.

The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. In apps, you can reset the advertising ID in the Android or iOS settings. The easiest way to revoke your consent is via our Consent Manager or by installing the Google browser add-on, which can be accessed via the following link https://tools.google.com/dlpage/gaoptout?hl=de/

For more information on the scope of Google Analytics services, please click on the following link https://marketingplatform.google.com/about/analytics/terms/de/

Google provides information on data processing when using Google Analytics at the following link: https://support.google.com/analytics/answer/6004245?hl=de/

General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google's privacy policy at the following link: www.google.de/intl/de/policies/privacy/

7.3 Google Signals

This website uses the Google Signals function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a European branch of Google Inc., USA ("Google"). The extended advertising function Google Signals is used to provide additional information about visitors to this website who use different devices. Google uses the data of users who have signed in to their Google account. This function is used to collect visitor data from this website in Google Analytics and link it to the Google accounts of logged-in users. This data is used to provide cross-device summarised and anonymised statistics on the behaviour of users of this website. However, a basic cross-device (computer, smartphone, tablet) analysis of your use of this website does not take place. Cross-device reports do not provide any conclusions about the identity of the individual visitor. However, if visitors to this website are logged into their Google account, Google can identify these visitors. Furthermore, Google can use the user data to display personalised advertising. In order to receive personalised advertising, users must have previously agreed to such a link in their Google account. If you do not want this, you can deactivate this function by adjusting the Google settings for advertising accordingly.

Otherwise, your data will be processed as described in section 7.1 (Google Analytics 4).

7.4 Google Optimise

We use the Google Optimize analysis service to experimentally display some of our pages in several variants and to optimise them using comparative statistics. Cookies are used to differentiate between anonymous test groups. The data is processed as with Google Analytics 4 (see section 7.1); if you deactivate Google Analytics, your data will not be included in the comparison tests.

7.5 Google Tag Manager

We use the service provider Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users' personal data, please refer to the following information on Google services. You can find the usage guidelines here.

7.6 Google Adwords

The website uses Google Conversion Tracking, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), a European subsidiary of Google Inc, USA. Google Adwords places a cookie on your computer if you have reached our website via a Google advert.

As part of its sales activities, JUMiNGO draws the attention of potential interested parties to the website's offers through Google Adwords, i.e. adverts, e.g. in Google search results. In this context, there are some special features to know about the cookie that Google places on your computer if you access the website via a Google advert: This cookie loses its validity after the end of its purpose and is not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. Each Adwords customer receives a different cookie.

Cookies can therefore not be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers find out the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

The legal basis for the processing of your personal data is your express, active consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You have the option to withdraw your consent at any time with effect for the future. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, by setting your browser to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that the cookies relevant for tracking are blocked. To do this, you must configure your browser accordingly. You can find out how to deactivate cookies for the Chrome browser here.

Google's privacy policy on conversion tracking can be found here.

7.7 Bing Ads

JUMiNGO also uses the Microsoft service Bing Ads, a service of Microsoft Advertising, 1 Microsoft Way, Redmond WA 98052, USA, and uses conversion tracking to measure the effectiveness of individual ads, offers and functions and thus create personalised ad profiles. A cookie is set for this purpose as soon as you click on an advert. This cookie is not used for personal identification, but to determine whether you return to the page with the specific offer while the cookie is valid.

The legal basis for the processing of your personal data is your express, active consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You have the option to withdraw your consent at any time with effect for the future. You can prevent the storage of Microsoft conversion cookies by selecting the appropriate settings in your internet browser.

You can find more information on Microsoft Bing Ads and data protection here.

7.8 Hotjar

JUMiNGO uses the analysis service Hotjar, a service of Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St. Julian's STJ 3141, Malta, to better understand the needs of users and to optimise the offer and experience on this website. Hotjar's technology helps us to get a better understanding of our users' experiences (e.g. which links they click on, what they like and dislike, etc.) and this helps us to tailor our offering to our users' feedback. Hotjar works with cookies and other technologies to collect data about the behaviour of our users and their devices, in particular IP address of the device (only collected and stored in anonymised form during your use of the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

The legal basis for the processing of your personal data is your express, active consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You have the option to revoke your consent at any time with effect for the future.

Further information can be found in the "about Hotjar" section on Hotjar's help page and in Hotjar's privacy policy.

7.9 Google Remarketing

This website uses the remarketing function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a European branch of Google Inc, USA ("Google"). This function is used to present interest-based adverts to visitors to the website as part of the Google advertising network. The website visitor's browser stores so-called "cookies", text files, on your computer. They make it possible to recognise the visitor when he or she visits websites that belong to the Google advertising network. On these pages, the visitor can then be presented with adverts that relate to content that the visitor has previously accessed on websites that use Google's remarketing function. According to its own information, Google does not collect any personal data during this process.

The legal basis for the processing of your personal data is your express, active consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You have the option to withdraw your consent at any time with effect for the future. If you do not wish to use Google's remarketing function, you can deactivate it by making the appropriate settings here. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions here.

Further information on Google Remarketing and Google's privacy policy can be found here.

7.10 Google Maps

This website uses Google Maps to auto-complete addresses. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a European branch of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The legal basis for the processing of your personal data is your express, active consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You have the option to revoke your consent at any time with effect for the future.

The terms of use for Google Maps can be found under Terms of Use for Google Maps. Further details can be found in Google's Privacy Centre.

7.11 SendGrid

We use the services of SendGrid to send emails. The provider is SendGrid, Inc, 1801 California Street, Suite 500, Denver, Colorado 80202, USA. SendGrid is a service that can be used to organise and analyse the sending of e-mails, among other things. SendGrid is a company of the Twilio Group, which has implemented EU-recognised Binding Corporate Rules with regard to data protection in accordance with Art. 47 GDPR.

With the help of SendGrid, we can analyse the sending of emails. This allows us to determine whether a message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). They are used exclusively for the statistical analysis of messages. The results of these analyses can be used to identify problems with the delivery of emails.

The service provider SendGrid is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and an order processing contract pursuant to Art. 28 para. 3 sentence 1 GDPR.

You can view the data protection provisions of SendGrid as part of the Twilio Group here.

7.12 New Relic

On this website we use the service New Relic, a service of New Relic Inc, San Francisco, CA, 188 Spear St., USA. Data processing is carried out for the purpose of website optimisation by means of statistical evaluations of the speed of the website and evaluations of page views by our users.

For this purpose, New Relic processes information about the page views of website visitors, the IP address of the website visitor and information about the existence of a user account with New Relic.

The legal basis for the processing of your personal data is our legitimate interest in the proper operation of our website in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

Further information on the provider can be found at the following link.

7.13 Trustpilot

We participate in the evaluation process of the provider Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark.

Trustpilot offers users the opportunity to rate our services. Users who have used our services are informed about the possibility of receiving rating requests by email during check-out. In order to ensure that users have actually used our services, we transmit the necessary data to Trustpilot with regard to the user and the service used (this includes the name, email address and a reference number). This data is used solely to verify the authenticity and address of the user.

The legal basis for the processing of the user's data as part of the evaluation process is our legitimate interest in obtaining customer reviews as part of advertising to existing customers in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR in conjunction with Section 7 para. 3 UWG.

In order to submit a review, it is necessary to open a customer account with Trustpilot. In this case, Trustpilot's terms and conditions and privacy policy apply. In order to maintain the neutrality and objectivity of the reviews, we have no direct influence on the reviews and cannot delete them ourselves. For this purpose, we ask users to contact Trustpilot.

We can also integrate the Trustpilot widget on our website. A widget is a functional and content element integrated into our online offering that displays variable information. Although the corresponding content is displayed within our online offering, it is retrieved from the Trustpilot servers at that moment. Only in this way can the current content always be shown, especially the current rating. To do this, a data connection must be established from the website accessed within our online offering to Trustpilot and Trustpilot receives certain technical data (access data, including the IP address) that is necessary for the content to be delivered. Trustpilot also receives information that users have visited our website. This information can be stored in a cookie and used by Trustpilot to recognise which online offers that participate in the Trustpilot rating process have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes.

The legal basis for the processing of the user's data in the context of the integration of the widget is our legitimate interest in informing our users about the quality of our services in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.

Users can find further information on the processing of their data by Trustpilot as well as their rights of objection and other rights of data subjects in Trustpilot's privacy policy at the following link https://de.legal.trustpilot.com/end-user-privacy-terms.

7.14 LinkedIn Insight tag

On our website, we use the LinkedIn Insight Tag, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Palace, Dublin 2, Ireland.

The LinkedIn Insight tag is a JavaScript code snippet that we add to this website to analyse the use of our website and evaluate the effectiveness of LinkedIn advertisements. We receive aggregated campaign reports from the provider and can track conversions in order to retarget website visitors.

The following (personal) data is processed for the aforementioned purpose URL, referrer URL, IP address (shortened or hashed), device and browser properties (user agent) and the time of your visit. The direct identifiers of the members are removed within seven days in order to pseudonymise the data. This remaining pseudonymised data is then deleted within 180 days.

As the website operator, we only receive statistical analyses (reports and messages in which members are not identified) about the website's target group and the performance of the advertisements. By retargeting visitors to our site, we can also display targeted adverts outside our website. The data collected using the Insight tag is not visible to us and we cannot draw any conclusions about your identity. However, LinkedIn can store and process the data for its own purposes, for which a connection to the respective LinkedIn user profile is possible. The provider can then use this data for its own advertising purposes. As the website operator, we have no influence on this processing. Further information on data protection at LinkedIn can be found at the following link https://de.linkedin.com/legal/privacy-policy?.

The legal basis for the processing of your personal data is your prior express consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. This consent is voluntary and can be revoked at any time with effect for the future.

As a LinkedIn member, you also have the option of blocking data processing by LinkedIn by deactivating the setting of the corresponding cookies at www.linkedin.com. You can also refuse the use of data for advertising purposes in your LinkedIn member profile.

A transfer of personal data to a third country cannot be ruled out with this provider, as the company is based in the USA. In order to ensure an adequate level of data protection, we have concluded standard data protection clauses with the provider as a suitable guarantee in accordance with Art. 46 para. 2 lit. c) GDPR. These are model contracts provided by the EU Commission, which ensure that data processing complies with European data protection standards even if personal data is transferred to and stored in third countries (e.g. the USA).

Further information on the LinkedIn Insight Tag can be found at https://www.linkedin.com/help/linkedin/answer/a427660.

7.15 HubSpot

On our website, we use the service of HubSpot, a service of HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. We use the software to generate leads and for marketing and customer care purposes. This includes email marketing, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms. HubSpot uses cookies that are stored locally in the cache of your web browser on your end device and enable an analysis of your user behaviour on our website. The information collected (including IP address, geographical location, type of browser and duration of the visit) is analysed by HubSpot. We thus receive reports on the website visitors and the pages they have visited. The data is processed by HubSpot on our behalf and stored on HubSpot servers. Data processing for marketing purposes is carried out on the basis of our legitimate interest in advertising to existing customers pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR in conjunction with Section 7 para. 3 UWG and for the performance of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR.

The data will be deleted after the purpose has ceased to apply in compliance with the statutory retention periods.

Further information on the handling of personal data at HubSpot can be found at the following link.

7.16 Fraud prevention using Risk.Ident

For fraud prevention, we use the service of Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg. The data you provide when placing an order is checked for atypical order transactions (e.g. simultaneous ordering of a large number of goods to the same address using different customer accounts). The following data is processed for this purpose

E-mail domain
Internet browser
browser language
Operating system
Provider location (city, country)
Provider name
IP address (pseudonymised)
Billing country
Customer type (business or private customer)
Value of goods
Order value
Consignment content
Transaction date

Cookies and other tracking technologies are used to collect and process data to identify the end device used by the user to place an order during the order completion (so-called transaction).

This data is stored by Risk.Ident in a global fraud prevention database. This database stores the above-mentioned data on end devices that have already been used to commit (attempted) fraud. This enables a possible fraud attempt to be recognised. However, there is no allocation to specific users, but only to the end device used. Insofar as IP addresses are collected by Risk.Ident, these are encrypted.

As part of an order process on our website, we retrieve a risk assessment of the user's end device from the Risk.Ident database. This risk assessment on the probability of a fraud attempt takes into account, among other things, whether the end device has dialled in via different service providers, whether the end device has a frequently changing geo-reference, how many transactions have been processed via the end device and whether a proxy connection is used.

The legal basis for processing is our legitimate interest in checking orders to prevent fraud in accordance with Article 6(1)(f) GDPR.

Further information on data protection at Risk.Ident can be found here: https://riskident.com/impressum/.

8. Payment provider

8.1 PayPal

On our website, we offer payment via PayPal and services provided by PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

If you select payment via PayPal, the payment data you enter will be transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.

Further information on data protection at PayPal can be found at https://www.paypal.com/myaccount/privacy/privacyhub.

8.2 Instant bank transfer (Sofort.)

On our website we offer, among other things, payment via "Sofort.". The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as "Sofort GmbH").

With the help of the "Sofortüberweisung" procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations.

If you have opted for the "Sofortüberweisung" payment method, you transmit the PIN and a valid TAN to Sofort GmbH, which the provider can use to log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. Sofort GmbH then immediately sends us a transaction confirmation. After logging in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked.

In addition to the PIN and the TAN, the payment data entered by you and your personal data are also transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), e-mail address, IP address and any other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent attempts at fraud.

The transmission of your data to Sofort GmbH is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract). You have the option to withdraw your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.

You can find the link to Sofort GmbH's privacy policy here: Sofort GmbH privacy policy

8.3 Credit card

On our website we offer, among other things, payment by credit card. This payment method allows you to pay with your MasterCard, VISA or Amex credit card. The provider of this payment service is Stripe Payments Europe, Ltd, company number 513174, The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland (hereinafter referred to as "Stripe").

If you have chosen to pay by credit card, you will transmit your credit card information such as first name, surname, card number, CVV and the expiry date of your credit card to Stripe.

The transmission of your data to Stripe is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract). You have the option to withdraw your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.

If you opt for the Apple Pay or Google Pay payment methods, data may also be exchanged to and with these payment service providers as part of payment processing, which is also processed via Stripe.

Further information on the handling of your personal data can be found here: Privacy Policy Stripe Payments Europe, Ltd.

8.4 Payment on account, direct debit

For existing customers with a regular order volume, we also offer the payment method invoice and/or payment by SEPA direct debit on request and after a prior credit check.

We use the services of the credit agency Creditsafe Deutschland GmbH, Schreiberhauer Straße 30, 10317 Berlin, Germany (hereinafter referred to as "Creditsafe") for prior credit checks.

The legal basis for our use of Creditsafe's services is our legitimate interest pursuant to Article 6(1)(f) GDPR. This lies in minimising default risks and thus preventing financial damage.

You have the option to withdraw your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.

Further information can be found in the data protection information for credit agency data at www.creditsafe.com or at this link.

9. Call recordings for customer enquiries

To ensure and improve service quality, it is possible to record individual customer calls and convert them into service enquiries. Calls will only be recorded if you agree to this.

We use the "CallOne" tool from the provider CallOne GmbH, Hugo-Vogel-Str. 23, 14109 Berlin, Germany, to record calls. CallOne GmbH is used as a processor within the meaning of Art. 28 GDPR. The CallOne tool is a VoIP telephone system and call centre software.

The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. A call recording is only started if and insofar as you have given your consent.

Personal data may be collected in the context of identification, assignment, the content of the call and in connection with metadata (phone numbers, time stamps, etc.). The data is only made accessible to those employees who need it to fulfil the stated purposes.

The recordings are stored until consent is revoked or a request for deletion is made. If no revocation of consent has been declared or deletion requested, the data will be deleted no later than 3 years after the end of the year in which the order was placed.

The link to CallOne GmbH's privacy policy can be found here: CallOne GmbH privacy policy.

10. Secure data transmission

Your personal data is transmitted securely by us using encryption. This applies to your order and also to the customer login. We use the SSL (Secure Socket Layer) coding system. We also use technical and organisational measures to protect our website and other systems against loss, destruction, access, modification or dissemination of your personal data by unauthorised third parties.

11. Deletion and blocking of personal data

JUMiNGO processes and stores personal data only for the period of time required to fulfil the purpose of storage. If the purpose of storage ceases to apply, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

12. Right to access of the data subject

If you wish to exercise one of the rights mentioned in this section, you can send a message at any time to the contact details of the controller mentioned in paragraph 1 (e.g. by e-mail or letter).

12.1 Right to confirmation

You have the right to request confirmation as to whether personal data concerning you is being processed by JUMiNGO.

12.2 Right to information

You have the right to obtain the following information

the personal data stored about you;
the purposes of the processing;
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed
the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to lodge a complaint with a supervisory authority
the existence of automated decision-making;

personal data transferred to a third country or to an international organisation.

12.3 Right to rectification

You have the right to request the rectification of inaccurate personal data concerning you and the completion of incomplete personal data.

12.4 Right to erasure

You have the right to obtain the erasure of personal data concerning you without undue delay if

the purpose for which the personal data was collected or otherwise processed no longer applies
you withdraw your consent on which the processing was based and there is no other legal basis for the processing
you object to the processing and there are no overriding legitimate grounds for the processing
the personal data have been processed unlawfully.

12.5 Right to restriction of processing

You have the right to request the restriction of processing if

you contest the accuracy of the personal data, for a period enabling JUMiNGO to verify the accuracy of the personal data
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
the personal data are no longer necessary for the purposes of the processing, but you require the personal data for the establishment, exercise or defence of legal claims
you have objected to the processing and it is not yet certain whether your objection will result in the data processing being discontinued.

12.6 Right to data portability

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.

You also have the right to have the personal data transmitted directly to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

12.7 Right to object

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you.

In the event of an objection, JUMiNGO will no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by JUMiNGO for statistical purposes, unless such processing is necessary for the fulfilment of a task carried out in the public interest.

If you wish to exercise your right to object, you can send a message at any time to the contact details stated in paragraph 1 or paragraph 2 (e.g. by e-mail, fax, letter).

12.8 Automated decisions in individual cases

You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless the decision

is necessary for the conclusion or fulfilment of a contract between you and JUMiNGO, or
is authorised by Union or national law and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
with your express consent.

12.9 Right to withdraw consent under data protection law

You have the right to withdraw your consent to the processing of your personal data at any time. If you wish to withdraw your consent under data protection law, you can send a message to the contact details specified in paragraph 1 or paragraph 2 (e.g. by e-mail, fax, letter) at any time.

12.10 Legal basis of the processing

The legal basis for data processing is the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to JUMiNGO (BDSG-(new)).

If the processing of personal data is based on the consent of the data subject, Art. 6 para. 1 lit. a) EU General Data Protection Regulation (GDPR) serves as the legal basis. If the processing of personal data is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. If the processing of personal data is necessary to fulfil a legal obligation to which JUMiNGO is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis. If the processing of personal data is necessary to safeguard a legitimate interest of JUMiNGO or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the interests of JUMiNGO or a third party, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.

Status: 03.09.2024

In the event of any discrepancies or contradictions, the German version of the privacy policy shall prevail over the English version.