Privacy policy

Preamble

We, edding International GmbH (hereinafter referred to as “edding”), have written this privacy statement to inform you about the personal data we collect when you interact with our website, how these data are used and your options for influencing the way we collect, store and process data (hereinafter also referred to as “use”).

1. Responsibility and contact

The controller responsible for the use of personal data within the terms of the General Data Protection Regulation (hereinafter referred to as “GDPR”) is edding International GmbH, Bookkoppel 7, 22926 Ahrensburg, Germany, telephone +49 (0)4102 808-0, online@edding.com.

The company’s data protection officer, Frau Romy Borm, can be reached via the contact details above.

If you would like to view or update personal data, or have questions about privacy in relation to our website, please email datenschutz@edding.de or write to us at the above address.

2. Use of personal data

Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.1 Collection with your cooperation

We collect and store your personal data when you use this website if you provide us with such data voluntarily. We use such personal data without specific consent solely for the purpose of dealing with your request or question. You are free to choose whether to provide us with your data for the stated purposes. If the nature of your request or question permits, you can also interact with us anonymously, or by using a pseudonym. We will always obtain your express consent to use your personal data for other purposes (in particular for advertising).

In principle, we will only store your data for the length of time required to deal with your request or question. Data required for internal administrative purposes, in particular for commercial purposes and in order to defend legal claims, will not be erased until such data are no longer required for the purpose in question (legal basis is Art. 6 (1f) GDPR), but until that time will be barred from being used for any other purpose.

2.1.1 Email enquiries

If you send us an email, we will store your email address and any personal information that the message contains (legal basis is Art. 6 (1f) GDPR). We only do this in order to be able to deal with your enquiry, and we will erase the data in question once the data are no longer required. You may also assert your rights as a data subject (see point 5) at any time with regard to the processing of data; in particular, you can object to the corresponding processing of data.

2.1.2 Enquiries using the contact form

If you have contacted us using the contact form and have agreed the declaration of consent shown below, we will use your personal data as follows:

In order to process the form, the personal data you have entered in the corresponding entry fields of the contact form will be collected and stored.

Depending on the matter in question, this shall include the following personal data in particular:

  • title
  • name
  • email address
  • telephone number

Furthermore, you can compose a message to edding in the area of the contact form provided for this. If you enter any personal data as part of your message, these data will also be collected and stored.

These personal data are used exclusively in order to deal with your enquiry and are stored in the event that you have further questions. The enquiry may be forwarded by email to the relevant individual(s) within the company in order for us to be able to respond to your enquiry.

If you fill in the contact form or send an email to express interest in specific or general goods or services offered by edding, we will use the data you have provided so that we may advise you and, where necessary, send you information about these goods or services.

We use your personal data for the stated purposes on the basis of your consent (legal basis is Art. 6 (1a) GDPR). Furthermore, we store your IP address and the time at which you gave your consent to document the fact that you have given your consent.

2.1.3 Newsletter

On the website www.edding.com, edding provides a newsletter that contains news about products, services and promotions. We will use your personal data as follows if you subscribe to the newsletter and if you have consented to receiving the newsletter when you register:

When you subscribe to the newsletter, we will store your email address. Futhermore, you are able to submit your title, forename, surname and date of birth. The same applies to your interests. We use these data for internal statistical purposes and in order to personalise your newsletter.

We use what is known as the "double opt-in process" when you sign up for our newsletter. After you have signed up for our newsletter, we will send an email to the email address you have provided and will ask you to confirm that you have asked to receive the newsletter. If you confirm your subscription, the newsletter will be sent to your email address until further notice. If, on the other hand, you do not confirm your subscription, your registration will be automatically deleted after 48 hours.

We use your personal data for the stated purposes on the basis of your consent (legal basis is Art. 6 (1a) GDPR). Furthermore, when you sign up for and confirm your newsletter subscription, we store your IP address and the time at which you gave your consent to document the fact that you have given your consent.

We use MailChimp, a service of the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter "MailChimp"), to structure the remaining content, distribute our newsletter and to analyse the response. We have concluded a data processing agreement with MailChimp for this purpose. This agreement ensures that MailChimp processes your personal data exclusively according to our instructions and in accordance with current data protection law. MailChimp is licensed under the EU-US Privacy Shield and therefore guarantees a level of data protection which corresponds to the standards of European laws on the protection of personal data.

If you sign up our newsletter, your email address and other personal data that you have given us in order to personalise the newsletter will therefore be stored on MailChimp's servers in the USA. MailChimp uses this information to send out our newsletters and to analyse user behaviour once the newsletter is received. MailChimp collects technical information when analysing use, in particular with regard to the browser used, the IP address and the time of download. MailChimp establishes whether and when a newsletter or the links it contains are opened. This information is used exclusively to make a better assessment of the expectations of the newsletter recipient and to adapt the content accordingly. In addition, it is also possible for MailChimp to use these data to optimise or improve its own services (for example, making newsletter distribution more efficient), by recording the language settings, location data or time zones. At no time will MailChimp write to you for its own ends using your personal data, or pass your data on to third parties.

Please have a look at MailChimp's Privacy Policy and terms for further information.

The legal basis on which the newsletter is distributed is the consent for which provision is made in Art. 6 (1a) GDPR. We therefore use the services of MailChimp as our processor on the basis of the statutory consent given in accordance with Art. 6 (1f) GDPR. Our legitimate interest lies in the centrally coordinated offer of a legally compliant and interest-specific newsletter by a professional provider. If you no longer wish to receive the newsletter, you may cancel at any time (Art. 21 GDPR), or withdraw your consent (Art. 7 (3) GDPR) and thereby unsubscribe from the newsletter. To do so, click on the link that can be found in each newsletter. You will then be taken through the subscription cancellation process. Alternatively, you can cancel the newsletter by sending an email to newsletter@edding.com.

2.1.4 Competitions

If you participate in one of our competitions on our Website or Social Media Accounts, we process personal data of the participants on the organization of the competition. This includes, depending on the individual case and on the type of platform used, as far as necessary, in particular the following data:

  • Titel,
  • First and last name,
  • Your account name of the respective social media platform,
  • E-mail Address,
  • Date of birth,
  • Postal Address,
  • Telephone Number,
  • Competition entry.

The personal data will be stored, processed and used for the purpose of carrying out and processing the respective competition. The legal basis for this is Art. 6 (1) b) GDPR. Accordingly, we may process your personal data insofar as it is necessary to carrying out, which includes in particular the assessment of the entry fee, the verification of compliance with the terms of use and the notification and delivery of the prize.

To the extent necessary, your data may be passed on to our cooperation partners in the implementation of the competition and to shipping service providers in compliance with applicable data protection law.

Insofar as the winner or winners are announced on the websites / social media channels of the organizer after the conclusion of the competition, this is done based on Art. 6 (1) f) GDPR. Our overriding legitimate interest is to communicate the successful completion of the sweepstakes to the community in a promotional manner. You can object to this at any time by sending an informal message to edding (Art. 21 GDPR).

We will delete your data if it is no longer required for the aforementioned purposes and we are not legally obliged or entitled to continue storing the data, in particular for verification purposes in connection with participation in the competition. In this case, we will block the data for all other purposes and restrict access rights accordingly.

For more information on the processing of your data via our social media accounts, please refer to section 2.3.2 (Facebook) and 2.3.3 (Instagram) of the privacy policy of the website www.edding.shop.de as well as the respective privacy policies of the social media platform.

2.2 Collection of data without your cooperation

We collect and use personal data generated automatically by your visit to our website in order to provide our services. The authoritative legal basis for this analysis of user behaviour is section 15 (3) of the German Telemedia Act [Telemediengesetz] and Art. 6 (1f) GDPR. Our legitimate interest lies in offering a user-friendly service, optimising our product to meet our customers’ expectations, for example by tracking how users reach our website, the content that is of interest when they do and how much time is spent viewing it. We can then offer products that correspond more specifically to interests on this basis.

2.2.1 Log files and (session) cookies

Whenever you visit our website, our server temporarily notes your computer’s IP address, the client’s file request (filename and URL) and the http status code, as well as the website from which you have visited us, in what are known as log files. We store your IP address for seven days to highlight abuse (spam, virus, worms, etc.) and to identify and rectify problems.

Furthermore, our website uses “cookies” in several places, designed to make our products more user-friendly and efficient. Cookies are small text files which do not contain any personal data. These are placed on your computer and stored by your browser. These data are not combined with other data sources. Most of the cookies we use are “session cookies” and are deleted once you finish browsing.

Cookies do not damage your computer per se and do not contain viruses. You can set your browser so that it does not accept cookies at all or so the cookies are deleted at the end of your browser session. Please note that you may not be able to use all of our website’s functions if you do so.

2.2.2 Web analytics

This website uses Matomo to analyze user behaviour. Matomo is a free and open source software project in which many developers from different countries and professional backgrounds are engaged.

Matomo sets cookies in your local browser. The information stored in these cookie files is transferred to our web analytics server on every page view. We do not process any personal data: Your IP address is masked before any data gets stored.

In order to better understand what content on our website is of interest to our users and what we can improve, we use a tool from elbWalker GmbH, Harburger Schloßstraße 6-12, 21079 Hamburg, Germany. This tool is an extension to Matomo and allows us, for example, to find out how far our users scroll down our pages and which buttons they click during their visit on our website. You can find more information about the tool used at https://www.elbwalker.com/. Data processing is carried out in accordance with Art. 6 para. 1 f) DSGVO. Our legitimate interest lies in the improvement of our online service.

We host our analytics software on our own servers and do not share this data with any third parties unless we grant access to our analytics software for technical reasons, e.g. regular updates.

You can prevent the tracking mechanism from working in your local browser by opting out in the form below. Furthermore, Matomo recognizes the "Do not track" setting which is available in most modern browsers.

You will find more information about Matomo at matomo.org.

2.2.3. Google Tracking and Marketing Tools

Our Website uses tracking and marketing tools by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ('Google').

If you are normally resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller for your data.

If you consented expressly to the data processing described in sections 2.2.3.1 - 2.2.3.3 (Art. 6 (1) a) GDPR), Google will generate the information its services require using cookies. This data is normally sent to one of Google's servers in the USA and saved there. To guarantee an EU-equivalent level of data protection, we have concluded EU standard contract clauses with Google EU (Art. 46 (2) c) GDPR) under which Google agrees to comply with European data protection standards.

There are a number of ways you can stop cookies being used, as follows:
• By setting your browser software accordingly: in particular, suppressing third party cookies means you will not receive any third party ads. But please note you may not then be able to use all the functionalities we offer in full;
• By installing the plug-in Google provides at https://www.google.com/settings/ads/plugin;
• By deactivating the interest-related ads of providers who belong to the About Ads campaign via http://www.aboutads.info/choices. This setting will then be deleted when you delete your cookies.

To find out more about data protection when using Google Analytics, go to support.google.com/analytics/answer/2838718. To find out more about protecting your data when using Google services, you can also visit:


https://www.google.com/analytics/terms/de.html 
https://policies.google.com/?hl=de 
2.2.3.1. Google Analytics

We use Google Analytics on our Website. Google Analytics saves cookies in your web browser for 26 months since you last visited and records the data below amongst others when you visit our Website, sends it to one of Google's servers in the USA and saves it there:
• Browser type/version
• The operating system you are using
• Referrer URL (last site you visited)
• Accessing computer's host name (IP address)
• Time server request made
• Achieving 'website targets' (e.g. contact requests)
• What you do on sites (e.g. clicks, scrolling and dwell time)
• Roughly where you are (city, state)
• Technical information like browsers, Internet providers, terminal and screen resolution
• Where you came from (i.e. via what website and/or ad you came to us).

Google does not merge the IP address your browser sent with any other data, however. We have also extended Google Analytics on this Website to include the code 'anonymiseIP'. This guarantees your IP address will be marked. Only in exceptional cases will the full IP be sent to one of Google's servers in the USA and abbreviated there.
The cookies Google Analytics uses also contains a randomly generated user ID by which you can be recognised when you visit Websites in future. The information the cookies generate is saved along with the randomly generated user ID, which makes it possible to analyse pseudo user profiles. This user-related data is deleted automatically after 540 days. Other data remains saved in aggregated form indefinitely.

Google uses the information obtained by using cookies to analyse how you use our Website, compile Website activity reports and provide us with Website usage and Internet-related services, so we can improve our offer and design it to be more interesting for you as the user. We also get information on how our site is working, such as detecting navigation problems.

Google may also use the information obtained for its own purposes, which is why we do not use Google's services on our Website unless you consent to this when processing your personal data (legal basis is Art. 6 (1) a) GDPR). Once you have given your consent, of course, you can withdraw it anytime as stated in section 2.2.3 going forward. You are also given an opt-out cookie here which you can install to prevent Google recording data, which is particularly helpful in case the deactivation add-on does not work and/or on mobile devices. If you use different browsers/peripherals to use our Website, you must repeat these steps with all the browsers and devices you use.

To find out more about data protection when using Google Analytics, go to https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376. To find out more about protecting your data when using Google services, you can also visit:
https://www.google.com/analytics/terms/de.html 
https://policies.google.com/?hl=de 

2.2.3.2. Google Ads Conversion

We use Google Ads Conversion to use ads ('Google Ad') to draw attention to our attractive offers on external Websites. We use ad campaign data to see how successful individual ad campaigns are. This is because we have an interest in showing you ads you will find interesting, designing our Website to make it more interesting for you and calculate fair ad costs.

Google provides these ad resources via so-called 'ad servers'. For this, we use ad server cookies to measure certain success parameters such as fading in ads or clicks by users. If you reach our Website via a Google ad, Google Ads saves a cookie on your device. These cookies are normally valid for 540 days and should not be used to identify you personally.

This cookie is generally used to save analyses:
• Unique cookie ID
• Number of ad impressions per placement (frequency)
• Last impression (relevant to post-view conversions) and
• Optout information (flag showing user does not want to be contacted any more)

Google uses these cookies to recognise your browser. If you visit certain pages on an Ads customer's website and the cookie saved on your computer has not run out, Google and we can recognise that you have clicked on the ad and been forwarded to this page. Each Ads client is assigned a different cookie, so cookies cannot be traced via Ads clients' websites.

We do not collect or process any personal data in these ads ourselves. Google merely provides us with statistical analyses, which we can use to see which of the ads we use is particularly effective. We do not get any other data from using Ads, and cannot identify users from this information in particular.

If you have consented to the data being processed as described (Art. 6 (1) a) GDPR), your browser will make a direct connection with Google's server based on the marketing tools used. We have no control over how much data Google collects using this tool or how it is then used, and we can therefore only tell you what we ourselves know: incorporating Ads Conversion tells Google you have called up the part of our Internet presence concerned or clicked on one of our ads. If you have registered with a Google service, Google can attribute the visit to your account. Even if you are not registered with Google and/or have not logged in, Google may record and store your IP address.

2.2.3.3. Google Ads Remarketing

We also use the Google Ads Remarketing function if you've consent to this expressly (Art. 6 (1) a) GDPR). We can use the Remarketing function to present those using our Website on other websites within the Google Ads network (in Google Search or on YouTube, 'Google Ads' or on other websites) with ad displays based on their interests. We do this by analysing how you interact as a user of our Website, e.g. what offers you were interested in so we can show you ads directed at other sites even after you visited our Website. To enable us to analyse this, Google saves cookies on your device if you visit Google services or websites in the Google Display network. These cookies expire after no more than 540 days (this applies only to cookies set via this website). These cookies can be used to identify your browser you used to visit the website concerned: they are used only to identify the web browser on a given terminal, not to identify anyone.

2.2.4. Google Tag Manager

This Website uses Google Tag Manager, a solution we can use to manage website tags via an interface. The tool itself (which implements the tags) is a cookie-less domain and does not record any personal data. The tool serves to trigger other tags, such as (cf. Google Analytics section 2.2.3 below) which record data themselves in some cases. Google Tag Manager does not access this data. If you deactivate at domain or cookie level, these continue for all tracking tags implemented using Google Tag Manager.

2.2.5. Facebook Pixel

To continue analysing and optimising our offer and operate it economically, we also use Facebook Pixel by social network Facebook which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ('Facebook').

To ensure we protect our data to EU level, we have concluded EU standard contract clauses with Facebook (Art. 46 (2) c) GDPR) whereby Facebook agrees to meet European data protection rules.

Facebook Pixel is tied to our Website indirectly via Facebook and can save a cookie on your device provided you have consented to this expressly (Art. 6 (1) a) GDPR). If you then log into Facebook or visit Facebook while you are logged in, visiting our online offer is noted in your profile. Data collected about you is anonymous as far as we are concerned, we cannot tell who you are; but Facebook saves and processes this data, so it can be linked to the user profile concerned and Facebook can use it for its own market research and advertising purposes. If we send Facebook data for comparison purposes, this will be encrypted locally on the browser and only then sent to Facebook via a secure https connection. The only reason we do this is comparing with the data Facebook encrypts.

Using the Facebook Pixel, Facebook can also select visitors to our Website as its target group for ads ('Facebook Ads'): so we set the Facebook Pixel settings so they show only the Facebook Ads we send to Facebook users who have also shown an interest in our online offer or show certain features, such as being interested in certain subjects or products according to the websites they have visited, which we send to Facebook ('custom audiences'). We also use the Facebook pixel to ensure our Facebook Ads reflect what users could be interested in and are not annoying. We can also use the Facebook Pixel to check how effective Facebook ads are for statistical and market research purposes by seeing whether users visit our Website after clicking on a Facebook ad ('conversion').

We also use the add-on 'extended comparison' function when using the Facebook Pixel, sending encrypted data creating target groups ('custom audiences' or 'lookalike audiences').

We only use the Facebook Pixel on our Website if you consent to your personal data being processed in this way (Art. 6 (1) a) GDPR). You can of course withdraw extended consent going forward at any time: if you withdraw it, your data can still be processed lawfully until you do so.
To find out more about how Facebook collects and uses data, what your rights are here and how you can protect your privacy, see Facebook's data protection notices at https://www.facebook.com/about/privacy/.

Alternatively, you can disable the Custom Audiences remarketing function at https://www.facebook.com/settings/?tab=ads#_=. (You need to be registered with Facebook to be able to do this.)

To set what kinds of ads can be shown you in Facebook, you can call up the page Facebook created and follow the instructions on setting use-based advertising there. These settings are platform-neutral: that is, they are used for all hardware such as desktop computers or mobile devices. You can also object to using cookies which serve to measure range and are used for advertising purposes via the network advertising initiative's deactivation page, US website aboutads.info or European website youronlinechoices.com.

2.2.6. Embedding Videos via YouTube

We embed YouTube videos in our online offer; these are saved at www.youtube.com and can be played direct from our Website. YouTube is provided by a third party which is not affiliated with us, YouTube LLC, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube's embed function in 'extended data protection mode', which according to YouTube’s information does not store any user information until a video starts being played.

At the moment an embedded video starts being played, YouTube uses cookies to collect information on how users behave: it does this irrespective of whether YouTube provides a user account which you logged in via or whether there is no user account. If you log into Google, your data is assigned directly to your Google account. If you do not want YouTube to assign you via your profile, you must log out before activating the button.

Even if users are not logged in, YouTube saves your data amongst other things to collect video statistics, make itself user-friendlier and suppress abuse.

To find out more about what YouTube collects and processes data and to what extent, see their data protection statement. This also tells you more about your rights and settings available to protect your privacy: https://www.google.de/intl/de/policies/privacy.

Google also processes your personal data in the USA, so we have signed standard EU contract clauses to ensure a reasonable level of data protection.

2.2.7. Sleeknote

We use Sleeknote to show email newsletter sign-up pop-ups. Sleeknote is a service provided by Sleeknote ApS, Jens Baggesens Vej 90A, 8200 Aarhus.

We collect the following data:
•    Submitted data: This is the data you collect with Sleeknote, for example, name and email fields on a SleekBox. This will in many cases be personal data.
•    Analytics data: This is data you passively gather using Sleeknote, you can compare it to what you would gather with a service like Google Analytics. Below is a list of data you will be collecting with Sleeknote in regards to Analytics and what you could be collecting in the various SleekBoxes or SleekBars.
•    Submitted Data via Sleeknote: Using Sleeknote you can collect various personal data. Often this will include but not be limited to: Email, Name, Address, Phone number, Gender, IP address.
•    Analytics Data: Using Sleeknote you are gathering analytics data that consists of Time of visit, Geolocation of visitor, Browser language, Pages visited, Website referrer, User agent, Returning visitor and Device. Sleeknote specific data: SleekBoxes and SleekBars shown, SleekBoxes and SleekBars engaged (Newsletter signup or links clicked), SleekBoxes and SleekBars closed and Links clicked.

To supplement the description as it comes from Cookiebot (tooling we use for this):
•    analytics.sleeknote.com
Provider: analytics.sleeknote.com
Purpose: Used to generate statistical data on how visitors use the website / sleeknote.
Expiration Time: Session
Type: Pixel Tracker
•    SleekNote
Provider: www.edding.com
Purpose: Functional cookie that allows pop-ups to be displayed.
Expiration Term: Persistent
Type: Cookie

2.2.8 Squarelovin

For displaying your Instagram content on our website and for the organization of usage rights, we use the user-generated content management tool "Squarelovin" from our partner, Anchor Media GmbH, Budapester Str. 47, 20359 Hamburg ("Squarelovin").

Via Squarelovin, it is possible for us to display content selected by us that has been published by users on the social media platform (so-called user-generated content) on our website. We will review, select and store your user-generated content (e.g. photos with the mention or hashtag of our company) in Squarelovin after you have confirmed our usage right request. An integration of this user-generated content on our website then takes place from Squarelovin's servers. We might display the selected content in galleries, on product pages or elsewhere on our website. Squarelovin uses cookies for analysis and statistical purposes when integrating the content, provided you have given your express consent to this. A transmission of data of visitors to our website to Instagram is not associated with the integration of Squarelovin. For more information on data protection at Squarelovin, please visit squarelovin.com/privacy/. Information on obtaining the rights of use and on the use of user-generated content can be found at sqln.io/edg.

The processing, i.e. the integration of user-generated Squarelovin content, is based on the agreement for the use of user-generated content (Art. 6 (1) b) GDPR). The use of Squarelovin is based on our overriding legitimate interest (Art. 6 (1) f) GDPR) to use a professional service provider for the implementation and presentation of the content. With regard to the cookies delivered by Squarelovin for analysis and statistical purposes, the processing is based on consent pursuant to Art. 6 (1) a) GDPR. We obtain your consent via our cookie consent tool. Such consent is voluntary and can be revoked at any time with effect for the future.

We will delete the relevant data once the purpose has ceased to exist. With regard to this data processing, you can also assert your data subject rights at any time (see section 6), in particular object to the corresponding data processing.

2.2.9. Microsoft Advertising

We use the Microsoft Advertising service on our website, which is provided and operated by Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft").

If you have your habitual residence in the European Economic Area or Switzerland, Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521) is the responsible for your data.

In order to use Microsoft's services, we have implemented a so-called Universal Event Tracking (UET) tag from Microsoft on our website. This is a code which, in conjunction with a cookie, can be used to collect and store information about the use of our website. Microsoft collects and processes personal data via the cookie, from which usage profiles are created for us using pseudonyms. In this way, we can learn more about the user behavior of the users of our website with the help of Microsoft. When Microsoft provides its services, data is also transferred to Microsoft servers in the USA, which is why we have concluded EU standard contractual clauses with Microsoft that oblige Microsoft to guarantee an appropriate level of data protection.

Microsoft will only set a cookie on your end device if you have given your express consent for this (legal basis Art. 6 (1) a) DSGVO) and have accessed our website via a Microsoft ad (e.g. via Bing).

In this case, we receive mainly statistical information about which keyword or ad users used to come to us, what users click on our website, how many users visit our website via Microsoft Ads and how long users stay on our website. The information collected is stored for a maximum of 180 days.

Microsoft also uses the data for its own purposes, e.g. to optimize its own advertising and other services. If you have a Microsoft account, the collected data can also be linked to your account. Thus, Microsoft may recognize and store your IP address. In addition, Microsoft may be able to track your usage behavior across multiple electronic devices through cross-device tracking, which enables Microsoft to display personalized advertising on or within Microsoft websites and apps.

If you do not want Microsoft to process information about your user behavior as described above, you can refuse the necessary setting of a cookie, for example, via browser settings that allow you to generally disable the setting of cookies, manage cookies, or delete cookies that have been set. You can also prevent Microsoft from collecting your data by means of cookies by declaring your objection under the following link.

You can find more information about data protection and the cookies used by Microsoft on the Microsoft website.

2.3. Social media platforms

2.3.1. YouTube

We use the youtube.com website to post our own videos and make them publicly available. YouTube is provided by a third party which is not affiliated with us, YouTube LLC, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Some of the Websites we offer contain links to what we offer on YouTube. If you follow a link to YouTube, we point out that YouTube saves its users' data (e.g. personal information and IP addresses) according to its own guidelines for using data and uses it for business purposes. We have no control over how YouTube collects data or how it processes it; nor do we know how much data it collects, what it processes it for or how long it saves it for. So we cannot rule out the possibility that data will be disclosed, including to third parties outside the EU. You can see YouTube's data protection statement at https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_de_eu.pdf.

YouTube collects personal data to analyse how users behave, and provides some of this data to YouTube channel operators like edding in anonymised form. This involves demographic data such as age, sex, place of residence, country or mother tongue without reference to any identifiable persons, so edding cannot identify anyone who visits our YouTube channel.

It also provides edding with statistics on where calls to our YouTube channel come from, what kind of terminal it is accessed from or what pages are called up. As this channel's operator, YouTube also sends edding statistics data ('Insights'), which cannot be used to trace the users concerned. Nor can we link this statistics data we receive with our subscribers' profile data: we can only specify the categories of data and visitors YouTube uses when analysing the data it collects and provides as anonymised statistics. The only reason edding uses this data is to analyse user behaviour so we can match our YouTube channel and what we offer better to users' needs and interests.

We use your data YouTube sends us on the basis of our legitimate interest (Art. 6 (1) f) GDPR).

We only get anonymised information and statistics, even if you are registered with YouTube when you visit our YouTube channel; but we must point out that, if you go to our YouTube channel directly, YouTube could theoretically trace who you are e.g. by reading out logfiles (such as IP addresses) or by setting cookies.

If visitors subscribe to our YouTube channel, YouTube adds a list of all subscribers to this channel to your profile, and sends edding this list; but this list contains only data in the public domain, i.e. information you voluntarily make available to other YouTube Users via your YouTube settings. What these are specifically is something you decide in your YouTube settings yourself. You can also use your Google settings (https://myaccount.google.com/u/1/privacycheckup/1/0?hl=de) to review your privacy.

To find out more about the individual settings available, go to https://policies.google.com/technologies/product-privacy?hl=de&gl=de.

We can also trace comments on our YouTube channels to individual users.

We process this data for the purpose above under Art. 6 (1) a) GDPR based on your voluntary consent and registering with YouTube.

2.3.2. Facebook

We also operate a Facebook page to present our company on this platform, provide information there and contact you when you visit and use our Facebook page. As the operator of this Facebook page, we are joint controller with the platform operator Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

When you visit our Facebook page, the controller processes your personal data under a joint controllers' agreement under Art. 26 GDPR which you can see here: https://www.facebook.com/legal/terms/page_controller_addendum.

We tell you what data this involves and how it is processed below.

We collect personal data ourselves if you message us, for example (username and any personal data which appears in your message). We store and use this data solely to answer your concerns and/or contact you and the technical administration involved. The reason we can process your data by law is that we have a legitimate interest in answering your concerns (legal basis is Art. 6 (1) f) GDPR). We delete your data once we finish dealing with your concerns unless we are bound to retain it by law. We assume we have finished dealing with them once the circumstances indicate the matter in question has been finally clarified.

We also analyse calls and interactions on our Facebook page. With this in mind, Facebook produces user profiles and provides us with anonymous-only data by way of page insights ('page insights'): https://www.facebook.com/business/a/page/page-insights.

This is aggregated data we can use to find out how people interact with our page. Page insights may be based on personal data collected when people visit our page and/or interact with it and its content. We do this to assert our overriding legitimate interest balancing all interests together in optimising how we present our offer and communicating more effectively with customers and interested parties (legal basis is Art. 6(1) f) GDPR).

Please note, when you call up and use our Facebook page, Facebook processes your personal data too. When it comes to processing insights data, edding and Facebook are joint controllers. How Facebook uses insights data from when people visit Facebook pages for its own purposes, how far activities on Facebook pages are assigned to individual users, how long Facebook saves this data and whether data from visiting a Facebook page is disclosed to third parties is Facebook's responsibility.

In respect of data processing on our Facebook page, you can assert your rights not just against edding but against Facebook too. To find out more, see Facebook's data processing guidelines at http://de-de.facebook.com/about/privacy.

As well as processing your data as above, Facebook also processes its data for analysis and advertising purposes and/or playing personalised advertising. We know Facebook also uses cookies, pixels and other methods which store date on how you use it (including via different terminals), so Facebook can use its own platform and third party sites to send targeted advertising. Facebook also sends data it collects about you in the course of doing this to the USA and other countries outside the European Union. Precisely what information Facebook gets and how it uses it, Facebook describes in general form in its data processing guidelines. Here you can also find details of how to contact Facebook and advertising settings options. These data use guidelines are available at: http://de-de.facebook.com/about/privacy.

For Facebook's complete data guidelines, go to https://de-de.facebook.com/full_data_use_policy.

Facebook also offers its members ways to object to data being processed in certain ways; you can find notes on this and optout options at https://www.facebook.com/settings?tab=ads.

To contact Facebook's data protection officer, you can use their online contact form at www.facebook.com/help/contact/540977946302970. 


The regulatory authority for Facebook Ireland Ltd. is the Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois R32 AP23, Ireland (https://www.dataprotection.ie).

2.3.3. Instagram

We use Instagram's technical platform and services to offer our products. The Instagram service is one of the Facebook products provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ('Facebook'). We are jointly responsible with Facebook as this Instagram page's operator. When people visit our Instagram page, those responsible process their personal data. As this page's controller, we have made agreements with Facebook which govern the terms for using the Instagram page. Instagram's terms and conditions of use apply (https://help.instagram.com/581066165581870) and the other conditions and guidelines listed at the end there.

We will now tell you what data is involved and how it is processed.

We must point out expressly that Facebook saves its users' data, such as personal information, IP addresses, etc.) and may also use it for business purposes. To find out more about how Facebook processes your data, see its date protection guidelines at https://dede.facebook.com/policy.php.

We have no control over how Facebook collects data and then processes it, and we cannot tell to what extent or where Facebook's data is saved or for how long, how far it complies with existing obligations to delete, how it analyses and makes links with this data or who it sends it to. If you would like to avoid Facebook processing personal data you send us, please contact us by other means than via Instagram.

We only collect and use our users' personal data in principle insofar as this is necessary or reasonable to providing the functioning Instagram company page and/or an Instagram linked website and for our content and services, such as being involved in campaigns, competitions etc. published via Instagram.

You can contact us via our Instagram page either by writing to us privately or by putting a comment under a picture. You can ask us about edding, our Instagram page or anything else. When you contact us, you will give us your username, tell us what you are writing about and possibly other personal data. We will only use this data to answer your queries and/or get in touch with you and the technical administration that involves.

The law allows us to process your data on the grounds that we have a legitimate interest in answering your concerns (legal basis is Art. 6 (1) f) GDPR). We delete your data once we finish dealing with your concerns unless we are bound to retain it by law. We assume we have finished dealing with them once circumstances indicate the matter in question has been finally clarified.

We can also see if you have liked/shared our Instagram pages/posts/comments, depending on how you have set your user privacy settings at Instagram. We can also attribute comments on our Instagram pages to you as an Instagram user. The legal basis for the processing is Art. 6 (1) f) GDPR, as we have a legitimate interest in communicating and interacting with you via Instagram.

So what kind of personal data is collected about you and how much when you visit an Instagram page also depends on what you can do and is something you can influence.

You can always visit our Instagram page without leaving any comments or clicking on 'Like'. Please note, you can only use Instagram's interactive functions if you register. Facebook can also process data on this.

Facebook's Insights function also provides us with statistical data on who visits our Instagram page. This is aggregated data we can use to find out how people interact with our page. Page Insights may be based on personal data collected when people visit our page and/or interact with it and its content. We can use this function to analyse our site better and tailor it to our users' interests. We have a legitimate interest under Art. 6 (1) f) GDPR in operating our Instagram page and using Insights to market ourselves effectively via a much-used platform. To find out more about the 'Insights' function see https://www.facebook.com/iq/tools-resources/audience-insights/.

To contact Facebook's data protection officer, you can use Facebook's online contact form at https://www.facebook.com/help/contact/540977946302970.

The regulatory authority for Facebook Ireland Ltd. is the Data Protection Commission, 21 Fritzwilliam Square South, Dublin 2, D02 RD28, Ireland (https://www.dataprotection.ie/en/contact/how-contact-us).

2.3.4. Pinterest

We also operate a company profile on the Pinterest platform. Pinterest is a service by Pinterest Europe Ltd., Palmerstone House, 2nd Floor, Fenian Street, Dublin 2, Ireland ('Pinterest').

We must point out that you use Pinterest and its functions at your own responsibility. This applies to the interactive functions in particular. Alternatively, you can also call up some of the information Pinterest offers on our Website.

When you visit our Pinterest page, Pinterest records your IP address and other information present as cookies on your terminal. This information is used to give us as the Pinterest page operator anonymised statistical information on how that page is used. This is demographic data such as age, sex, place of residence or country without any reference to identifiable persons. edding cannot identify anyone who visits our Pinterest profile.

It also provides edding with statistics on who calls up our Pinterest profile, what kind of terminal they accessed it via or how many times our page was called up. As a Pinterest profile operator, Pinterest also sends edding anonymised statistical data ('Audience Insights'). This data cannot be traced back to the visitor, subscriber or registered user concerned (referred to together hereinafter as 'visitors'; in an individual case, only the group of persons is named whom the matter in question concerns). We can only specify what categories of data and visitors by which we want Pinterest to analyse the data it collects and provide us with as anonymised statistics. The only purpose for which edding uses this data is to analyse user behaviour so we can tailor our Pinterest profile and our offer to visitors' needs and interests better.

We use the data Pinterest provides as Audience Insights to select relevant information for our posts on Pinterest or order ads aimed at certain groups on the platform ('Promoted Pins').

We only get anonymised information and statistics if visitors to our Pinterest profile are registered with Pinterest; but we would point out that Pinterest may store this data itself as a consequence of controlling our Pinterest profile directly by reading out logfiles (such as IP addresses) or by setting cookies.

We use your data Pinterest sends us on the grounds that we have a legitimate interest (Art. 6 (1) f) GDPR) in marketing our products and constantly improving and managing our offers and products.

We cannot influence how Pinterest collects data or processes it; nor do we know how much data it actually collects, what it processes it for or how long it saves it for: so we cannot rule out that data may be passed on in anonymised statistics.

If you follow our Pinterest profile as a registered user (or 'subscribe' as Pinterest calls it), Pinterest adds your profile to a list of all subscribers to this profile. Pinterest then provides you with our pins on your pin wall. Pinterest provides edding with a list of our subscribers: but this list contains only data which is in the public domain, that is, information visitors provide of their own accord via their Pinterest settings. What these are specifically, each user decides in their Pinterest settings themselves; each user can also use their Pinterest settings (https://www.pinterest.de/settings/privacy) to set their privacy individually.

We can also assign comments on our Pinterest contributions ('pins') and what happens on the pinwall to individual users.

This data is processed for the purpose above under Art. 6 (1) a) GDPR on the grounds that you gave it voluntarily by registering with and logging into Pinterest.

To find out more about how Pinterest processes data, see their data protection guidelines at https://policy.pinterest.com/de/privacy-policy.

To contact Pinterest's data protection officer, visit: https://help.pinterest.com/de/data-protection-officer-contact-form

You can object to this data being processed specifically either by disabling your Pinterest account settings ( https://help.pinterest.com/de/articles/edit-your-settings#Web) under 'Individual Adjustment' or activating your browser's 'Do Not Track' settings at any time.

2.3.5. Xing

edding uses XING SE's XING technical platform and information service (XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany).

Please note, you use this XING page and its functions at your own responsibility. This applies in particular to using interactive functions like Comment, Share or Rate. Alternatively, you can also find some of the information offered via this site on our Website too.

When you visit our XING page amongst other things, XING records your IP address and other information present as cookies on your terminal. This information is used to provide us as the XING page operator with statistical information on how it is used. XING tells you more about this at https://www.xing.com/terms.

Please check carefully what personal data you share with us via XING. While you are logged into your XING account and visiting our XING profile, XING can log this to your XING profile. We must point out expressly that XING saves its users' data (e.g. personal information, IP address etc.) and may also use this for business purposes. To find out more about how XING processes data, see their data protection guidelines at https://privacy.xing.com/en/privacy-policy.

We cannot influence how XING collects data or processes it; nor can we tell how much data it actually collects, what it processes it for or how long it saves it for, how far XING complies with its obligations to delete, how it analyses and links data or to whom it forwards it. If you want to avoid XING processing personal data sent to us, please get in touch with us by some other means. XING Ltd. processes data collected about you in the course of this and may send it outside the European Union. What information XING obtains and how it uses it, it describes in general terms in its data processing guidelines, where you can also find out how to contact XING and ad setting options.

3. Cookies

4. Forwarding of data

Some data may have to be forwarded to comply with contractual and statutory requirements:

4.1 Forwarding to external service providers

Service providers come into contact with our customers’ personal data only within the scope of data processing. There is express legal provision for this (Art. 6 (1f) GDPR in conjunction with Art. 28 GDPR) in accordance with our legitimate interest in offering our services on a more user-friendly, secure and more operationally meaningful basis.

In this case, too, edding remains responsible for protecting your data. The service provider works exclusively in line with our instructions, which we ensure through strict contractual regulations, technical and organisation measures and additional checks.

4.2 Forwarding on the basis of statutory obligations

We reserve the right to disclose your personal data if we are obliged to do so by law, or if we are asked to provide such information by officials or prosecution authorities. Beyond this, we do not pass any data on to third parties.

5. Data processing location and data security

In principle, your data are processed in Germany. In individual cases, the data may also be processed outside Germany if permitted by law. We have taken comprehensive, state-of-the-art technical and organisational safety measures in accordance with European data protection law (Art. 32 GDPR) to protect your data from unauthorised access and abuse.

6. Rights of the data subject

You can request information about the scope, origin and recipients of the stored data and the reason for which such data are stored, free of charge, at any time (Art. 15 GDPR). You can ask for incorrect data to be rectified at any time (Art. 16 GDPR). You also have the option of receiving the personal data relating to you in a structured, commonly-used and machine-readable format (Art. 20 GDPR). You can object to the use of your personal data in future (Art. 21 GDPR), request partial or complete erasure (Art. 17 GDPR), restrictions on the processing thereof or blocking (Art. 18 GDPR).

We will verify your request and comply with it, provided there is no other statutory basis for processing. We will inform you of the outcome.

No special format is required when asserting your right to information. Send an email to online@edding.com or a letter to the above address.

Legal notice

You will find detailed information about this website's provider in our legal notice.