Data protection declarations

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. This information is essential for the technical transmission of the web pages and secure server operation. There is no personalized evaluation of this data.

Responsible party:

natureOffice GmbH
Steubenhof 1
65207 Wiesbaden
Phone +49 69 173 20 20 0
Fax +49 69 173 20 20 99
E-mail: info(at)natureoffice.com
www.natureoffice.com

Inquiries about data protection: datenschutz@natureoffice.com

Personal data

Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as other information in order to be able to offer you the requested service.

The same applies if we supply you with information material on request or if we answer your inquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

If you use one of our services, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to be able to offer you our service or to pursue our commercial objectives.

Contacting us

When contacting us (e.g. via contact form, email, social media or by telephone), the details of the person making the inquiry are processed insofar as this is necessary to respond to the contact inquiries and any measures requested.

Contact inquiries are answered in the context of contractual or pre-contractual relationships in order to fulfil our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries.

• Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).
• Data subjects: Communication partners.
• Purposes of processing: Contact requests and communication.
• Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 lit. f GDPR).

Automatically stored data

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status (file transferred, file not found, etc.)
• Web browser and operating system used
• Complete IP address of the requesting computer
• Volume of data transferred

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons from this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymized form for statistical purposes; it is not compared with other data sets or passed on to third parties, even in excerpts. Only in the context of our server statistics, which we publish every two years in our activity report, does a presentation of the number of page views take place.

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.

Through the use of session cookies, the controller can provide the users of this website with a user-friendly service that would not be possible without the setting of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily consent to tracking or analysis via the cookie banner that appears. Your data may be passed on to partners or third-party providers. These cookies are only stored if you explicitly consent to this; the legal basis is then your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG.

You can change your settings for the use of cookies at any time using the button in the bottom left-hand corner.

Borlabs Cookie

Our website uses the cookie consent technology of Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Borlabs GmbH - Benjamin A. Bornschein, Hamburger Str. 11, 22083 Hamburg (hereinafter referred to as Borlabs). When you enter our website, a Borlabs cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. This data is not passed on to the provider of Borlabs Cookie. The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/. Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR (logging and accountability). We have concluded an order processing contract (AVV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Google Analytics 4

We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google"). In this context, pseudonymous user profiles are created and cookies are used.

The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is usually transmitted to Google servers in the USA and processed there.

The use of Google Analytics is based on your consent in accordance with (Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG) in the analysis and optimization of our online offer and the economic operation of this website. Google therefore processes the information on our behalf in order to evaluate the use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website.

We have concluded an order processing contract with Google for the use of Google Analytics. Through this contract, Google ensures that it processes the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject.

The IP address processed by Google Analytics is automatically truncated. The last three digits of your IP address are replaced by a "0", which prevents them from being assigned.

The data collected may be transferred to third parties if this is required by law or if third parties process the data on our behalf. The user data collected via cookies is automatically deleted after 14 months.

The information generated by the cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there. Google relies on the Transatlantic Data Privacy Framework of 10.07.2023 (TADPF) for the transfer of data to recipients based in the USA and, in the case of data transfer to other third countries, on standard contractual clauses approved by the EU Commission as a guarantee of a level of data protection comparable to that in the EU. You can obtain a copy of the standard contractual clauses here. We only transfer data to Google on the basis of your consent.

You can revoke or adjust your consent at any time with effect for the future. Further information on data protection in connection with Google Analytics can be found in the Google Analytics help section. Information on Google's use of data can be found in their privacy policy.

Google Tag Manager

Our website uses the Google Tag Manager tool from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google"). We use Google Tag Manager to manage the tools used on our website, about which we provide information in this privacy policy. For details on these tools, please refer to the information on the specific tool. We use Google Tag Manager on the basis of our legitimate interest in the integration of tags in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The use of Google Tag Manager enables us to integrate additional services on our website.

The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. The Tag Manager processes and transmits your IP address to servers in the USA.

The transmitted data are only pseudonyms; it is not possible to draw conclusions about your name. Google bases the transfer of data to the USA on the Data Privacy Framework of 10.07.2023 (DPF) and, in the case of data transfer to other third countries, on EU standard contractual clauses. You can obtain a copy of the EU standard contractual clauses here. This ensures that there is a level of protection comparable to that in the EU.

We have concluded a data processing agreement with Google for the use of Google Tag Manager. Through this contract, Google ensures that it collects the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject. Further information on Google Tag Manager can be found in the usage guidelines for this product.

Registration on the website (software demo: precise CO₂ accounting for products & processes)

The data subject has the option of registering on the controller's website by providing personal data. The following personal data is collected: Name, address, telephone number, e-mail address, date of birth and, if applicable, bank details.

By registering on the controller's website, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of criminal offenses committed. In this respect, the storage of this data is necessary to safeguard the controller. This data is not passed on to third parties unless there is a legal obligation to pass it on or it serves the purpose of criminal prosecution.

The registration of the data subject with the voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database.

You undertake to treat the personal access data confidentially and not to make it accessible to unauthorized third parties. We cannot accept any liability for misused passwords unless we are responsible for the misuse.
With the "stay logged in" function, we want to make your visit to our website as pleasant as possible. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, you wish to change your personal details or place an order. We recommend that you do not use this function if the computer is used by several users. Please note that the "stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.

YouTube

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that

YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to the servers of

YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.

If necessary, further data processing operations may be triggered after the start of a YouTube video

be triggered, over which we have no influence. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

Google DoubleClick

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "DoubleClick").

DoubleClick is used to show you interest-based advertisements throughout the Google advertising network. With the help of DoubleClick, the advertisements can be targeted to the interests of the respective viewer. For example, our advertising can be displayed in Google search results or in advertising banners linked to DoubleClick.

In order to be able to display interest-based advertising to users, DoubleClick must be able to recognize the respective viewer and assign the websites visited, clicks and other information on user behavior to them. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the user concerned.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. Consent can be revoked at any time. Google relies on the Transatlantic Data Privacy Framework of 10.07.2023 (TADPF) for the transfer of data to recipients based in the USA and, in the case of data transfer to other third countries, on standard contractual clauses approved by the EU Commission as a guarantee of a level of data protection comparable to that in the EU.

For more information on how to object to the advertisements displayed by Google

advertisements displayed by Google can be found in the following links:

https://policies.google.com/technologies/ads and

https://myadcenter.google.com/personalizationoff?sasb=true&ref=ad-settings

We have concluded an order processing contract (AVV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Google conversion tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. Consent can be revoked at any time.

You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.

We have concluded an order processing contract (AVV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Unpkg

A web service of the company Npm, Inc, 1999 Harrison Street #1150, CA 94612 Oakland, USA (hereinafter referred to as "Unpkg") is loaded on our website. We use unpkg as a content delivery network. The files integrated via Unpkg are open source and can therefore be viewed and checked at any time.

The integration takes place on the basis of Art. 6 para. 1 lit. f GDPR from the legitimate interest in enhancing our website as well as a technically secure, maintenance-free and efficient way of integrating external libraries and frameworks. Since Unpkg uses the hosting provider Cloudflare to provide the data, the requests sent to these servers may be stored for statistical or other usage purposes.

If you have activated Java Script in your browser and have not installed a Java Script blocker, your browser may transmit personal data to Unpkg.

You can prevent the collection and processing of your data by Unpkg by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

Further information on the handling of the transferred data can be found in Unpkg's privacy policy at https://www.npmjs.com/policies/privacy and at https://www.unpkg.com/ and https://www.cloudflare.com/de-de/privacypolicy/

Adobe Fonts

This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you access this website, your browser loads the required fonts directly from Adobe in order to display them correctly on your device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This gives Adobe knowledge that this website has been accessed via your IP address. According to Adobe, no cookies are stored when the fonts are provided.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The

website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the adequacy decision (Data Privacy Framework) of the EU Commission.

Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.

You can find more information about Adobe Fonts at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

You can find Adobe's privacy policy at: https://www.adobe.com/de/privacy/policy.html

SOCIAL PLUGIN Instagram and LinkedIn

Social buttons from social networks are used on our website. These are only integrated into the page as HTML links, so that no connection to the servers of the respective provider is established when our website is accessed. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser, where you can click on the Like or Share button, for example.

ONLINE PRESENCE ON INSTAGRAM and LINKEDIN

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media mentioned above, from which user profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator as well as a contact option and your rights and settings options for protecting your privacy, please refer to the providers' data protection notices linked below. If you still need help in this regard, you can contact us.

Polylang

We use the Polylang program for the multilingualism of our website. Polylang is a product of the company: WP SYNTEX 8, rue Joseph Cugnot 38307 Bourgoin Jallieu,
France. Polylang cookies are only used to recognize and remember the language used or selected by the user. These cookies remain stored for one year and are then deleted. Further information on data protection compliance can be found here: https://polylang.pro/privacy-policy/

Brevo (formerly Sendinblue)

This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Stra e 126, 10179 Berlin, Germany.

Sendinblue is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter is stored on Sendinblue's servers in Germany

With the help of Sendinblue, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often.

We can also recognize whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can recognize whether you have made a purchase after clicking on the newsletter.

Sendinblue also enables us to subdivide ("cluster") the newsletter recipients according to various categories. The newsletter recipients can be subdivided according to age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups. If you do not wish to be analyzed by Sendinblue, you must unsubscribe from the newsletter.

We provide a link for this purpose in every newsletter message. Detailed information on the functions of Sendinblue can be found at the following link: https://de.sendinblue.com/newsletter-software/.

Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings.

mailings is necessary. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

For more information, please refer to Sendinblue's privacy policy at: https://de.sendinblue.com/datenschutz-uebersicht/.

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors to our website. outside the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access).

browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn's privacy policy at

https://www.linkedin.com/legal/privacy-policy#choices-oblig.

The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

LinkedIn Corporation relies on the Transatlantic Data Privacy Framework of July 10, 2023 (TADPF) for the transfer of data to recipients based in the USA and, in the case of data transfer to other third countries, on standard contractual clauses approved by the EU Commission as a guarantee of a level of data protection comparable to that in the EU:

https://www.linkedin.com/legal/l/dpa and

https://www.linkedin.com/legal/l/eu-sccs.

You can object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website,

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Raidboxes GmbH
Hafenstraße 32
48153 Münster, Germany
https://raidboxes.io/legal/privacy/

Order processing

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Google AdSense (not personalized)

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in "non-personalized" mode. In contrast to personalized mode, the advertisements are therefore not based on your previous user behavior and no user profile is created for you. Instead, so-called "contextual information" is used to select the advertisements. The selected advertisements are then based, for example, on your location, the content of the website you are on or your current search terms. You can find out more about the differences between personalized and non-personalized targeting with Google AdSense at

https://support.google.com/adsense/answer/9007336.

Please note that cookies or comparable recognition technologies (e.g. device fingerprinting) may also be used when using Google Adsense in non-personalized mode. According to Google, these are used to combat fraud and abuse.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. Consent can be revoked at any time.

Google bases the transfer of data to the USA on the Transatlantic Data Privacy Framework of 10.07.2023 (TADPF) and, in the case of data transfer to other third countries, on EU standard contractual clauses. You can obtain a copy of the EU standard contractual clauses here. This ensures that there is a level of protection comparable to that in the EU.

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://adssettings.google.com/authenticated.

You can find more information about Google's advertising technologies here:

https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/.

Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing analyzes your user behavior on our website (e.g. clicks on certain products) in order to classify you into certain advertising target groups and subsequently display suitable advertising messages to you when you visit other online offers (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. You can withdraw your consent at any time. Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Among other things, we use Google Remarketing customer matching to create target groups. Here we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google account, they will be shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

Processing of data (customer and contract data)

We collect, process and use personal data only insofar as it is necessary for the establishment

content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable or charge the user for the use of the service. The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data protection for applications and in the application process

Applications that are sent to the controller electronically or by post are processed electronically or manually for the purpose of handling the application process. We expressly point out that application documents with "special categories of personal data" according to Art. 9 GDPR (e.g. a photo that provides information about your ethnic origin, religion, professional background or marital status), with the exception of a possible severe disability, which you wish to disclose of your own free will, are undesirable. You should submit your application without this data. This will have no effect on your chances of being considered. The legal basis for the processing is Art. 6 Para. 1 S.1 lit. b) GDPR and § 26 BDSG n.F. If an employment relationship is entered into with the applicant after completion of the application procedure, the applicant data will be stored in compliance with the relevant data protection regulations. If you are not offered a position after completion of the application process, your submitted letter of application including documents will be deleted 6 months after the rejection has been sent in order to be able to meet any claims and obligations to provide evidence under the AGG.

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly being revised. Please ensure that you have the latest version.

Rights of data subjects

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing and a right to data portability and to lodge a complaint at any time in accordance with the requirements of data protection law.

Right to information:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:

You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

Right to restriction of processing:

You can demand that we restrict the processing of your data if

- you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data

- the processing of the data is unlawful, but you oppose the erasure of the data and request the restriction of its use instead

- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or

- you have objected to the processing of the data.

Right to data portability:

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

- we process this data on the basis of your revocable consent or for the performance of a contract between us, and

- this processing is carried out by automated means.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:

If we process your data on the basis of legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint:

If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of these rights against us, please contact our data protection team. In case of doubt, we may request additional information to confirm your identity.

Changes to this privacy policy

We reserve the right to change our privacy policy should this be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website. All interested parties and visitors to our website can contact us regarding data protection issues at

datenschutz@certuria.de

Information obligations pursuant to Art. 13 GDPR for customers, business partners and suppliers

We hereby wish to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Art. 13 of the European General Data Protection Regulation (EU GDPR).

Who is responsible for data processing and who can you contact?

natureOffice GmbH
Steubenhof 1
65207 Wiesbaden
Tel +49 69 173 20 20 0
Fax +49 69 173 20 20 99
E-mail: info(at)natureoffice.com
www.natureoffice.com

Inquiries about data protection: datenschutz(at)natureoffice.com

What data is processed and from which sources does this data originate?

We process the data that we have received from you as part of the contract initiation or processing, based on your consent.

The personal data includes

Your master/contact data, for customers/prospective customers this includes, for example, salutation, first name and surname, title, address, contract data, communication data, log files, contact data (e-mail address, telephone number, fax), bank data.

For business partners, this includes, for example, the name of their legal representatives, company, commercial register number, VAT number, company number, address, contact details (e-mail address, telephone number, fax), bank details.

For competition participants, this includes first and last name, e-mail address.

In addition, we also process the following other personal data:

• Information on the type and content of contract data, order data, sales and receipt data, customer and supplier history and consultation documents,
• advertising and sales data,
• information from your electronic communication with us (e.g. IP address, log-in data),
• other data that we have received from you in the course of our business relationship (e.g. in discussions with customers),
• data that we generate ourselves from master/contact data and other data, e.g. by means of customer demand and customer potential analyses,
• the documentation of your declaration of consent for the receipt of e.g. newsletters.
• Photographs taken as part of events.

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:

• for the fulfillment of (pre-)contractual obligations (Art 6 para. 1lit.b GDPR):

Your data is processed online or at one of our business premises for the purpose of contract processing. The data is processed in particular when initiating business and when executing contracts with you.

• for the fulfillment of legal obligations (Art. 6 para. 1 lit.c GDPR):

Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.

• to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):

Based on a balancing of interests, data processing may take place beyond the actual fulfillment of the contract to safeguard legitimate interests of us or third parties. Data processing to safeguard legitimate interests takes place, for example, in the following cases

Advertising or marketing (see Processing of personal data for advertising purposes),

• Measures for business management and further development of services and products;
• Maintaining an internal customer database to improve customer service
• in the context of legal prosecution

• Sending of non-sales-promoting information and press releases.

• within the scope of your consent (Art. 6 para. 1 lit. a GDPR, partly in conjunction with Art. 9 para. 2 lit. a GDPR):

If you have given us consent to process your data, e.g. to send you our newsletter, publish photos, competitions, etc.

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Subject to the legal requirements of Section 7 (3) UWG, we are entitled to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this. Of course, an unsubscribe link is always included in every e-mail.

Who receives my data?

If we use a service provider in the sense of order processing, we remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data if they require the data to perform their respective services. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

Your data is processed in our customer database. The customer database supports the enhancement of the data quality of the existing customer data (duplicate cleansing, moved/deceased indicator, address correction), and enables enrichment with data from public sources or third-party providers.

If there is a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.

In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of contract initiation and fulfillment.

How long will my data be stored?

We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code); in addition, until the end of any legal disputes in which the data is required as evidence.

Is personal data transferred to a third country?

In principle, we do not transfer any data to a third country. In individual cases, data is only transferred on the basis of an adequacy decision by the European Commission, standard contractual clauses, suitable guarantees or your express consent.

What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing and a right to data portability and to lodge a complaint at any time in accordance with the requirements of data protection law.

Right to information:

You can request information from us as to whether and to what extent we process your data

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:

You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

Right to restriction of processing:

You can demand that we restrict the processing of your data if

• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data
• the processing of the data is unlawful, but you oppose the erasure of the data and request the restriction of its use instead
• we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
• you have objected to the processing of the data.

Right to data portability:

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

• we process this data on the basis of your revocable consent or for the performance of a contract between us, and
• this processing is carried out by automated means.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:

If we process your data on the basis of legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint:

If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of these rights against us, please contact our data protection team. In case of doubt, we may request additional information to confirm your identity.

Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfillment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfillment of the contract.

Changes to this privacy policy

We reserve the right to amend our privacy policy should this be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.

All interested parties and visitors to our website can contact us regarding data protection issues at: datenschutz@natureoffice.com

If our data protection team is unable to answer your request to your satisfaction, you always have the right to lodge a complaint with the data protection supervisory authority responsible for your federal state.