Privacy Policy Social Media

1. Controller(s)

CYBEX Retail GmbH
CYBEX GmbH
Columbus Trading-Partners GmbH & Co. KG
Goodbaby (Europe) GmbH & Co. KG
("CYBEX")
Riedinger Str. 18
95448 Bayreuth, Germany
Germany
Tel. +49 (0)92178511-0
E-mail: info@cybex-online.com

The controller within the meaning of the GDPR is the company with which you have a contract or which you have contacted. Information on this can be found in the contract concluded with your company.

Joint Controllership:
The companies use the same database solution for their activities and access a shared database where necessary. The companies are each independently responsible for the lawful processing activity of personal data and the granting of data subject rights, including the provision of mandatory information. Where necessary, the companies support each other in this.

Data Protection Officer:
c/o activeMind.legal Rechtsanwaltsgesellschaft mbH
Potsdamer Str. 3
80802 München

Phone: +49 89 919 294-900

E-mail: dpo@goodbabyint.com

2. Social Media Channels

Meta (Facebook & Instagram)

We use the technical platform and services of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

We would like to point out that you use the Facebook/Instagram page and its functions on your own responsibility. This applies to the interactive functions (e.g., commenting, sharing, liking).

Meta processes personal data about your account, your IP address as well as about the end devices you use. Meta also uses cookies to collect and analyze personal data. These are small files that are stored on your end devices. Meta describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Meta, how to opt out, and how to adjust the settings for advertisements. You can find Meta's complete data guidelines here: https://www.facebook.com/privacy/policy/.

The information may be used by Meta to provide us, as operators of the Facebook/Instagram pages, with statistical information such as gender and age distribution about the use of the Facebook/Instagram page. In addition, Meta may shows you further information or advertisements according to your preferences. Meta provides more detailed information on this at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

When you access a/an Facebook/Instagram page, the IP address assigned to your end device is transmitted to Meta. According to Meta, the IP address is stored anonymously and deleted after 90 days. Meta also stores information about its users' end devices (for example, as part of the "login notification" function); this may enable Meta to assign IP addresses to individual users.

If you are currently logged in to Facebook/Instagram as a user, a cookie is set with your Facebook/Instagram identifier. In this way, Meta can track that you have visited this page and how you have used it. This also applies to all other Facebook/Instagram pages. Facebook/Instagram buttons embedded in websites enable Meta to record your visits to these websites and assign them to your Facebook/Instagram profile. This data can be used to offer content or advertising tailored to you.

In case you want to avoid this, you should log out of Facebook/Instagram or deactivate the "stay logged in" function, delete the cookies present on your device and close and restart your browser. This will delete Facebook/Instagram information that can directly identify you. This allows you to use our Facebook/Instagram page without revealing your Facebook/Instagram identifier. When you access interactive features of the page (Like, Comment, Share, Message, etc.), a/an Facebook/Instagram login screen will appear. After any login, you will again be recognizable to Facebook/Instagram as a specific user. Alternatively, you can use a different browser than usual to visit our Facebook/Instagram page.

Information on how to manage or delete information about you can be found on the following Facebook support pages: https://de-de.facebook.com/about/privacy.

Instagram describes what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook as well as on the settings options for advertisements.

The full data policies of the Instagram service can be found here: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.

In what way Meta uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook/Instagram page are assigned to individual users, how long Meta stores this data and whether data from a visit to the Facebook/Instagram page is passed on to third parties is not conclusively and clearly stated by Meta and is not known to us.

YouTube

We use the technical platform and the services of the video portal YouTube of the company Google Ireland Limited for the information services offered by our company. The contact details of the platform provider are:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. A possibility of contact offers the page: https://www.YouTube.com/t/contact_us.

We would like to point out that you use our YouTube page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

When you visit our YouTube page, YouTube collects, among other things, your IP address and other information that is available in the form of cookies on your device. This information is used to provide us, as the operator of the YouTube page, with statistical information about the use of the pages.

YouTube provides more detailed information on this under the following link:
https://www.youtube.com/static?gl=DE&template=terms&hl=de.

The data collected about you in this context is processed by Google Ireland Limited and may be transferred to countries outside the European Union. Google describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact YouTube and information on the settings for advertisements. The data usage guidelines are available at the following link: https://policies.google.com/privacy.

When accessing a YouTube page, the IP address assigned to your end device is transmitted to YouTube. YouTube also stores information about the end devices of its users; this may enable YouTube to assign IP addresses to individual users.

If you are currently logged in to YouTube as a user, a cookie with your YouTube ID is stored on your end device as a result of the login. This enables YouTube to track that you have visited the page and how you have used it. This also applies to all other YouTube pages. YouTube buttons embedded in web pages enable YouTube to record your visits to these web pages and assign them to your YouTube profile. Based on this data, content or advertising can be offered tailored to you.

If you want to avoid this, you should log out of YouTube, delete the cookies present on your device, and exit and restart your browser. In this way, YouTube information that can directly identify you will be deleted. This will allow you to use our YouTube site without revealing your YouTube identifier. When you access interactive features of the site (like, comment, share, etc.), a YouTube login screen will appear. If you now log in, you will again be recognizable to YouTube as a specific user. For information on how to manage or delete information about you, visit the YouTube Support page at https://support.google.com/youtube/answer/9315727.

YouTube will retain your personal data until you close your account. YouTube may also store certain data beyond this point in an anonymous form.

We use technical platform and the services of the social network Pinterest. The contact details of the platform provider are:

Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, hallo@pinterest.com.

We would like to point out that you use the Pinterest channel offered by us and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, commenting).

Pinterest processes your voluntarily entered data and, if applicable, evaluates content shared or viewed by you. Information about what data is processed by Pinterest and for what purposes is available can be found in the Pinterest privacy policy: https://policy.pinterest.com/de/privacy-policy.

Pinterest stores and processes certain data about you, so-called log data. This includes information about your browser, your IP address, the address of our website and the activities performed on it (e.g. when you click on the "Bookmark" or "Pin" button), search histories, date and time of the request, as well as cookie and device data. When you interact with an embedded Pinterest feature, cookies may also be set in your browser that store various data. In most cases, the log data mentioned above, default language settings, and clickstream data are stored in cookies. By clickstream data, Pinterest means information about your website behavior.

If you have a Pinterest account and are logged in, the data collected through our website may be added to your account and used for advertising purposes. When you interact with our embedded Pinterest features, you are usually redirected to the Pinterest page.

TikTok

We use technical platform and the services of the social network TikTok. The contact details of the platform provider are:

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

We would like to point out that you use TikTok and its functions at your own risk. This applies in particular to the interactive functions (e.g. commenting, sharing, rating). In your own interest, therefore, please check carefully what information you wish to disclose and share with other users.

We expressly point out that TikTok stores the data of its service users (e.g. personal information, IP address, etc.) and may also use it for business purposes. For more information on TikTok's data processing, please refer to TikTok's privacy policy at https://www.tiktok.com/legal/privacy-policy-eea?lang=de.

Unless otherwise described below, we have no influence on data collection and further processing by TikTok. Furthermore, it is not clear to us to what extent, where and for how long the data is stored by TikTok, to what extent TikTok complies with existing deletion obligations, which evaluations and links are made with the data by TikTok and to whom the data is passed on by TikTok. If you would like to prevent TikTok from processing personal data that you have transmitted to us, please contact us by other means.

X (former Twitter)

We use the technical platform for the short message services of Twitter, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

We would like to point out that you use the Twitter short message service and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. retweeting, liking). The information collected about you when you use this service is processed by Twitter and may be transferred to countries outside the European Union. This includes your IP address, the application you are using, information about the device you are using (including device ID and application ID), information about the websites you visit, your location, and your mobile operator. This data is associated with your Twitter account or Twitter profile.

We have no control over the nature and extent of the data processed by Twitter, how it is processed and used, or how it is shared with third parties. For information about what data Twitter processes and how it is used, please see Twitter's privacy policy: https://twitter.com/de/privacy; and for information about the ability to view your own data on Twitter: https://help.twitter.com/de/managing-your-account/accessing-your-twitter-data.

Our Twitter profile gives you the opportunity to respond to our posts, comment on them, etc. Please consider carefully what personal information you share with us through our Twitter profile. If you wish to prevent Twitter from processing the personal data you have provided to us, please contact us by other means.

You can restrict the processing of your data in the general settings of your Twitter account under "Privacy and Security. On mobile devices (smartphones, tablets), you can also limit Twitter's access to your contact and calendar information, photos, location data, etc. in your mobile settings. This depends on the operating system you are using. For more information on these issues, please visit the following Twitter support page: https://support.twitter.com/articles/105576#.

Twitter buttons or widgets embedded in websites and the use of cookies allow Twitter to track your visits to those websites and associate them with your Twitter profile. This information may be used to tailor content or advertisements to you. For more information about this practice and to control it, please visit the following Twitter support pages: https://help.twitter.com/de/using-twitter/tailored-suggestions.

Twitter stores the profile data and content for the duration of the account. Other personal data that Twitter collects when you use its products and services is generally stored for a maximum period of 18 months.

We use the information service offered on LinkedIn via the technical platform and services of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland is responsible for the data processing of persons living in EU: https://www.linkedin.com/legal/impressum.

We would like to point out that you use the LinkedIn and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

The information and publications to be found on our LinkedIn page are a voluntary additional offer. Visiting our LinkedIn page is only possible for registered users of the LinkedIn platform. Alternatively, you can also access all the information offered on this page on our website.

Information on what data is processed by LinkedIn and for what purposes can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

By using LinkedIn, your personal data is collected, transferred, stored, disclosed and used by the LinkedIn Corporation. LinkedIn transfers your data from the countries designated in the GDPR to the United States of America (USA) and back. We do not have any influence on the type and scope of the data processed by LinkedIn, the type of processing and use or the transfer of this data to third parties. Nor does we have any effective means of control in this respect.

In addition to your voluntarily entered data such as profile, login, contact and calendar data, LinkedIn also collects and processes e.g. location and device information as well as internet protocol addresses (IP addresses). Using cookies or similar technologies, LinkedIn can also identify you outside of its own services and across different devices. LinkedIn collects and analyzes data from the content, news and messages you publish and upload, as well as data from partners and affiliated companies, such as information provided by your workplace/educational institution, websites or third-party services.

You can find more information about this at: https://www.linkedin.com/legal/privacy-policy.

LinkedIn states that it uses your personal data to provide you with further services (including advertisements), including with the help of automated systems and its own conclusions, and to adapt them so that they are more relevant and useful to you and others.

For this purpose, LinkedIn may also combine data internally via various services covered in its privacy policy (details at: https://www.linkedin.com/legal/privacy-policy#use).

Furthermore, LinkedIn states that it may use the services of third parties (partner companies and external service providers) to assist it in providing its services (e.g. maintenance, analysis, verification, payment, fraud detection, marketing and development). These third parties have access to your information to the extent reasonably necessary to perform the relevant tasks for LinkedIn and are obligated not to disclose or use your information for any other purpose. More information on this can be found at: https://www.linkedin.com/legal/privacy-policy#share.

Finally, LinkedIn also receives information when you view content, for example, even if you have not created an account (e.g. via a public LinkedIn profile). This so-called “log data” may include the IP address, the browser type, the operating system, information about the previously accessed website and the pages you have accessed, your location, your mobile phone provider, the device you are using (including device ID and application ID), the search terms you have used and cookie information.

LinkedIn buttons or widgets integrated into websites and the use of cookies enable LinkedIn to record your visits to these websites and assign them to your LinkedIn profile. This data can be used to tailor content or advertising to you.

Even if the LinkedIn Corporation is a non-European provider, it is bound by the GDPR in the designated countries. This applies, for example, to your rights to information, blocking or deletion of data. You have the option of restricting the processing and visibility of your data in your account navigation under “Settings and data protection” under the various menu items listed there.

You can find information about LinkedIn's comprehensive data collection and other privacy settings options at: http://www.linkedin.com/legal/privacy-policy.

You also have the option of contacting LinkedIn via the LinkedIn contact form or via the LinkedIn office in Ireland responsible for the designated countries if you have any questions about the privacy policy or user agreement. Online contact form: https://www.linkedin.com/help/linkedin/ask/PPQ.

We also process your data, in particular, the data you enter on LinkedIn such us username and the content published under your account, will be processed by us to the extent that we may share or comment on your postings or write postings from us that refer to your account. As the provider of our LinkedIn page, we do not collect or process any other personal data from your use of our service. The page is used exclusively for information and communication.

LinkedIn retains your personal data until you close your account. LinkedIn may also store certain information (e.g. employer ratings) in anonymous form beyond this time.

XING

We use the information service offered on XING via the technical platform and services of New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland: https://www.xing.com/legalnotice.

We would like to point out that you use the XING page and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

The information and publications to be found on our XING page are a voluntary additional offer. Visiting our XING page is only possible for registered users of the XING platform. Alternatively, you can also access all the information offered on our website.

Information about which data is processed by XING and for what purposes can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung/druckversion.

When you use XING, your personal data is collected, transferred, stored, disclosed and used by New Work SE. We do not have any influence on the type and scope of the data processed by XING, the type of processing and use or the disclosure of this data to third parties. Nor does it have any effective control options in this respect. Likewise, our company has no knowledge of the content of your data transmitted to XING and cannot provide any information about what data is stored about you through the use of the XING service.

In addition to your voluntarily entered data such as profile, login, contact and calendar data, XING also collects and processes, for example, location and device information as well as Internet Protocol addresses (IP addresses). XING collects and analyzes data from the content, news and messages you publish and upload, as well as data from partners and affiliated companies, such as information, websites or third-party services provided by your workplace/educational institution. You can find more information on this at https://privacy.xing.com/de/datenschutzerklaerung/druckversion.

XING states that it will use your personal data to provide you with additional services (including advertisements), including with the help of automated systems and its own conclusions, and to adapt them so that they are more relevant and useful to you and others. To this end, XING may also combine data internally via various services covered by its privacy policy. The way in which XING uses the data from visits to XING pages for its own purposes, the extent to which activities on the XING page are assigned to individual users, how long XING stores this data and whether data from a visit to the XING page is passed on to third parties is explained in the privacy policy.

XING also states that it may use the services of third parties (partner companies and external service providers) to support it in providing its services (e.g. maintenance, analysis, auditing, payment, fraud detection, marketing and development). These third parties have access to your information to the extent reasonably necessary to perform the relevant tasks for XING and are obligated not to disclose or use your information for any other purpose.

Finally, XING also receives information when you view content, for example, even if you have not created an account (e.g. via a public XING profile). This so-called “log data” may include the IP address, the browser type, the operating system, information about the previously accessed website and the pages you have accessed, your location, your mobile phone provider, the device you are using (including device ID and application ID), the search terms you have used and cookie information.

XING buttons or widgets integrated into websites and the use of cookies enable XING to record your visits to these websites and assign them to your XING profile. This data can be used to tailor content or advertising to you.

As New Work SE is a European provider, it is bound by the GDPR in the designated countries. This applies, for example, to your rights to information, blocking or deletion of data.

You have the option of restricting the processing and visibility of your data in your account navigation under “Settings | Privacy” under the various menu items listed there. Further information on these points can be found on the following XING pages: https://privacy.xing.com/de/ihre-privatsphaere.

The option to view and download your own data on XING can be found in your account navigation under “Settings” under “Privacy” and there under “Your personal data information”.

Information about the comprehensive data collection by XING and other data protection settings can be found at: https://privacy.xing.com/de/datenschutzerklaerung.

You also have the option of contacting NEW WORK SE via the XING contact form if you have any questions about the privacy policy or user agreement. Online contact form: https://www.xing.com/support/contact/security/data_protection.

We also process your data, in particular, the data you enter on XING, such as your username and the content published under your account, will be processed by us to the extent that we may share or comment on your postings or write postings from us that refer to your account. As the provider of our XING pages, we do not collect or process any other personal data from your use of our service. The pages are used exclusively for information and communication.

3. Insights

If you have a profile and are logged in, the operators of the social networks can analyze your usage behavior and create a user profile corresponding to your usage behavior. This user data is regularly processed for market research and (personalized) advertising purposes (so-called “page insights” or “Twitter Analytics”).

Advertisements are placed within the social network or on third-party websites. We have no influence on the type and scope of the data processed by the operators of the social networks. We use the analysis functions provided there to obtain statistical evaluations of the users of our online presence and thus gain insights into the types of actions that visitors take on our site. The user data is based, among other things, on your own published information in your profile. It is not possible for us to draw conclusions about individual members from the information in the page insights. We do not make any decisions regarding the processing of insights data and all other information resulting from Art. 13 GDPR, including the legal basis, identity of the controller and storage duration of cookies on user end devices.

You can find more information on joint controllership for these data processing operations at

• Meta: https://www.facebook.com/legal/controller_addendum
• TikTok: https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en
• LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

We have concluded a corresponding joint controllership agreement with Meta and LinkedIn (Art. 26 GDPR), which defines the distribution of data protection obligations between us and the social network. If you wish to assert requests for information or your user rights, you can assert these rights against us or Meta, TikTok or LinkedIn.

YouTube, Pinterest, X (former Twitter) and XING do not currently provide an agreement on joint responsibility within the meaning of Art. 26 GDPR, which specifies which controller fulfills which data protection obligations under the GDPR.

4. Joint Controllership

If you visit one of our presences in social media, you trigger a processing of your personal data during such a visit. In this case, we are jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 GDPR, provided that we actually make a joint decision with the operator of the social network on the data processing and we also exert an influence on the data processing. As far as possible, we have concluded Joint Controllership Agreements with the operators of the social networks in accordance with Art. 26 GDPR.

• Facebook, Instagram (Meta): so in particular the Controller Addendums of Facebook . This agreement, from which the mutual obligations arise, is available under the following link: https://www.facebook.com/legal/controller_addendum.

• YouTube (Google): Google Controller-Controller Data Protection Terms This agreement, from which mutual obligations arise, is available under the following link: https://business.safety.google/controllerterms/

• Pinterest: ANNEX B to Advertising service contract: Pinterest Annex for joint controllers This agreement, from which mutual obligations arise, is available under the following link: https://business.pinterest.com/en-gb/pinterest-advertising-services-agreement/germany/

• TikTok: CONTROLLER TO CONTROLLER DATA TERMS This agreement, from which mutual obligations arise, is available under the following link: https://ads.tiktok.com/i18n/official/article?aid=998850064133680764

• X (former Twitter): X Controller-to-Controller (Outbound) Data Protection Addendum This agreement, from which mutual obligations arise, is available under the following link: https://gdpr.x.com/en/controller-to-controller-transfers.html

• LinkedIn: Joint Controller Addendum (the “Addendum”) This agreement, from which mutual obligations arise, is available under the following link: https://legal.linkedin.com/pages-joint-controller-addendum

Please note that despite the joint responsibility according to Art. 26 GDPR with the operators of social networks, we do not have full influence on the data processing of the individual social networks. The corporate policy of the respective social media network has a significant influence on our options. In the event of the assertion of data subject rights, we could only forward these requests to the operator of the respective social media network.

We also are jointly responsible as controllers mentioned under the section “Controller”. We have concluded Joint Controllership Agreements.

5. Facebook Lead Ads

We use "Facebook Lead Ads" function within the scope of advertisements to collect and process certain data from interested parties. For individual advertisements that we place within the social network Facebook, you have the option to fill out a contact form. The content and scope of the data requested in this form depends on the focus of the respective leads campaign. The processing of the data is strictly bound to the purposes pursued with the respective Lead Ad campaign. These purposes are clearly stated in the Lead Ad or on the form provided before the data provided is transmitted. When you submit the form, the data you have entered will be transmitted to Cybex Retail GmbH and entered into the CRM.

The following information is collected: Full name, address, e-mail address. The data is stored for the purpose of contacting you.

Within the scope of the aforementioned services, data transmitted in the form may be stored on the servers of Meta Platforms Inc, 1601 Willow Rd, Menlo Park, CA 94025, USA.

For more information on using Facebook Leads Ad, please visit: https://de-de.facebook.com/business/news/Lead-Ads.

6. Contact via Social Media

If you contact us via Facebook and Instagram using direct messaging services such as Facebook Messenger, your user name, the description of your request and other personal data transmitted will be stored. If you use such contact options, you are informed and agree that your data will also be processed in accordance with the privacy policy in the respective current version of the respective provider.

In addition, we use the chatbot function of Sprinklr, in the form of a live chat function of the company Sprinklr Inc, 29 West 35th Street, 7th Floor New York, NY 10001.

We use the chatbot to ensure easier contact and better communication with our customers. You can use the live chat like a contact form or direct messages to chat with us in near real time. When using the chat, the following personal data is stored:

- Date and time of the message,
- Browser type and version,
- IP address,
- Operating system used,
- URL of the previously visited website,
- Amount of data sent,
- First name, last name (if provided by the end user)
- E-mail address, telephone number (if provided by the end user)
- Content of the exchanged messages (chat history) and
- Geographical location as well as time zone.

Depending on the course of the conversation, further personal data entered by you in the chat will be stored. The type of personal data stored depends on your individual request.

The storage of the chat history serves the purpose of preventing extensive investigations into the history of your enquiry as well as ensuring constant quality control of our live chat service. If you do not wish the chat history to be stored, you are welcome to inform us of this using the contact details below and the stored live chats will then be deleted immediately. Otherwise, your data will be deleted six months after the final processing of the request.

The provision of your data is voluntary, based on our legitimate interest, Art. 6(1)(f) GDPR, in providing simplified communication. By collecting initial data via chatbot, we can pass on your request to the relevant department more quickly. If you object to communication via chatbot, you can contact us via our contact channels on our homepage (cybex-online.com). You can read about your right to object at the end of this privacy policy.

Communication via WhatsApp

We use the instant messaging service WhatsApp to communicate with our customers, when customers actively approach us via this channel. The provider is WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. WhatsApp is part of the Meta group of companies.

In this context, we are merely a user of the services and features provided by WhatsApp. We have no influence on the terms and conditions under which WhatsApp processes data. This applies in particular to the privacy terms associated with the use of WhatsApp.

We use both free and the "WhatsApp Business" version of WhatsApp. If you contact us via WhatsApp, this means that not only we but also WhatsApp will come into contact with any personal data you disclose in this context. We have no influence on the type and scope of the data processed by the provider, the type of processing and use or the transfer of this data to third parties. Information about which data is processed by the provider and for what purposes it is used can be found in the service provider’s privacy policy, which can be viewed here: www.whatsapp.com/legal/ and https://www.whatsapp.com/legal/#privacy-policy.

We will not actively contact you or send you advertising via WhatsApp unless you have consented to this. The communication is encrypted end-to-end (peer-to-peer), which prevents WhatsApp or other third parties from accessing the content of the communication.

We would also like to point out that WhatsApp states that it shares personal data of its users with its parent company Facebook/Meta, which is based in the USA. Meta is certified under the EU-U.S. Data Privacy Framework and bases data transfers to the U.S. on the adequacy decision.

The data provided to us in WhatsApp is processed on the basis of a legitimate interest (Art. 6 (1) (f) GDPR). Our legitimate interest in processing your data is to enable you to contact us easily.

If you contact us by WhatsApp as customer or to request a quote, the data provided will be processed for the fulfillment of contractual obligations or to carry out pre-contractual measures (Art. 6 (1) (b) GDPR).

We have concluded a data processing agreement with WhatsApp as recipient of the data which can be found under: https://www.whatsapp.com/legal/business-data-processing-terms

The data will be deleted no later than six months after the final processing of the request. If there is a contractual relationship, we are subject to the statutory retention periods and delete your data after six or ten years.

The provision of your personal data is voluntary. However, without the necessary data and the reason for the request, we will not be able to process your request. Alternatively, you may contact us at any time using the telephone number, e-mail address or contact form provided on the website.

Objection: Please read the information on your right to object under Art. 21 GDPR below.

7. Legal basis

The processing of your personal data takes place in order to stay in contact with our customers, to inform them or, if necessary, to carry out pre-contractual measures with interested parties or applicants in accordance with Art. 6 (1) (b) GDPR.

The legal basis for the provision of social media channels is based on Art. 6 (1) (f) GDPR. Our legitimate interest results in the effective information of users and interested parties as well as in the context of marketing, e.g. for better accessibility of target groups, image building, employer branding or advertising function of social media. We use these to increase awareness of our company. We also use the statistical evaluations to continuously make the information provided attractive for visitors to the company profile and to align it with user interests. Additionally, we communicate with users based on Art. 6 (1) (f) GDPR, in particular to respond to criticism, build a relationship and exchange information. The purpose is to improve our services and respond to customer needs.

If you have given your consent in accordance with Art. 6 (1) (a) GDPR (e.g. by setting your LinkedIn or XING status to “actively looking for a job”), we will also contact you directly to provide you with suitable job offers.

Depending on the orientation of the lead ad campaign, the legal basis for data processing is your express consent pursuant to Art. 6 (1) (a) GDPR (e.g. for direct advertising measures or for further information on our products) or our legitimate interest in optimal marketing of our offer, Art. 6 (1) (f) GDPR.

8. Recipients

Recipients of the data are initially the respective operators of the social networks, where they may be transmitted to third parties for their own purposes and under their own responsibility.

We have concluded corresponding contracts with the service providers, which oblige them to handle your data confidentially.

If data is posted on the social media network, the recipient of publications is also the public, i.e. potentially anyone.

9. Third Country Transfers

The data collected about you in this context is processed by the operator of the respective social network and is also transferred to countries outside the European Union.

Since July 10, 2023, the EU Commission has issued an adequacy decision for the USA, which is effective for companies certified under the EU-U.S. Data Privacy Framework. In the event of a transfer, this guarantees a level of data protection that is provided for by the GDPR. A list of certified companies can be found here.

The following operators of social networks transferring collected data outside European Union, namely in the USA:

• Meta Platforms, Inc., Google LLC, X Corp. (former Twitter) and LinkedIn Corporation are certified according to the EU-U.S. Data Privacy Framework and base the transfer of data to the USA on the adequacy decision.
• Pinterest Inc. and TikTok Inc. are not certified under the EU-U.S. Data Privacy Framework. Therefore, we have concluded standard contractual clauses with Pinterest and TikTok and will provide you with a copy of the standard contractual clauses on request.

10. Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. As a rule, we delete your private messages to us after three years, starting at the end of the calendar year in which the message was sent to us. Your comments will be stored by the respective network until you delete them yourself.

We have no influence on the data processing by the operators of the social networks and are not responsible for the third country transfers of companies based in the USA.

11. Provision prescribed or required

The provision of your personal data is neither legally nor contractually required, but voluntary. However, you cannot interact with us or our content on social networks without providing your personal data.

12. Objection and forms for objection

• Meta (Facebook & Instagram):
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fpreferences%2F%3Fentry_product%3Dad_settings_screen
• YouTube:
https://myaccount.google.com/intro/privacycheckup?utm_source=pp&utm_medium=Promo-in-product&utm_campaign=pp_body&hl=de and
https://support.google.com/policies/answer/9581826?hl=de&visit_id=638180071003734036-4215394538&rd=1
• Pinterest:
https://help.pinterest.com/de/article/edit-notification-settings
and
https://www.pinterest.com/settings/
• TikTok:
https://www.tiktok.com/legal/page/global/right-to-object/de
and
https://www.tiktok.com/legal/report/privacy?lang=de
• X (former Twitter):
https://x.com/settings/account?failedScript=vendor
and
https://optout.aboutads.info/?c=2&lang=EN
• LinkedIn:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
and
https://www.linkedin.com/help/linkedin/answer/a1338610/widerspruch-gegen-die-datenverarbeitung-einschrankung-der-datenverarbeitung?lang=de
• XING:
https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen/widerspruchsrecht
and
https://www.xing.com/support/contact

Please read the information on your right to object in accordance with Art. 21 GDPR in section 16.

13. Data Subject Rights

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure.

You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawal only takes effect for the future. Processing that took place before the withdrawal is not affected.

In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR). A list of the German supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

14. Data Security

We only handle personal data insofar as this is possible in accordance with data protection regulations. We also strive to take all necessary technical and organizational security measures to adequately protect your personal data from unauthorized access and misuse at all times.

15. Amendments

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The updated privacy policy will then apply to your next visit.

16. Information about your right to object, Art. 21 GDPR

Right to object on a case-by-case basis:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipient:

The objection can be made informally with the subject "Objection", stating your name, address or other identification to:

CYBEX Retail GmbH
CYBEX GmbH
Columbus Trading-Partners GmbH & Co. KG
Goodbaby (Europe) GmbH & Co. KG
("CYBEX")
Riedinger Str. 18
95448 Bayreuth
Tel. +49 (0)92178511-0
E-Mail: dpo@goodbabyint.com