PRIVACY POLICY OF DIBBERN GMBH

DIBBERN GmbH ("DIBBERN") takes the protection of your personal data very seriously. We want you to know when we store which data and how long we use it. As a company under private law, we are subject to the provisions of the General Data Protection Regulation of the European Union ("GDPR") and other national data protection laws of the member states as well as other data protection regulations. We have taken technical and organizational measures to ensure that both we and external service providers comply with data protection regulations. In the following statement, we inform you about the nature and purpose of the processing of your personal data when you use our website.

1 Who controls your personal data?

The controller responsible for the processing of all personal data via the website www.dibbern-onlineshop.de https://www.dibbern.de is

DIBBERN GmbH
Heinrich-Hertz-Straße 1
22941 Bargteheide
Phone: +49 (0)40 303 77 68-68
E-mail: info@dibbern.de
Managing directors: Jan Dibbern, Ben Dibbern

Data protection officer:
Cordula Schau
Phone: +49 (0)152/01813521
E-mail: ds@the-core-solution.de

2 What is personal data?

According to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3 What personal data does Dibbern process and for what purposes?

Data processing when you visit our website

We collect and use your personal data as soon as you access our website, insofar as this is necessary to provide a functional website and our content and services. This includes the IP address assigned to your computer, which we need to transmit the content you request, such as images or files provided for download, to your computer.
We also collect information about the use of our website that your browser transmits to us. This includes the date and time of access, the URL of the previously visited website, the browser type and version, the user's operating system and general system information. We use such information to ensure data security, for example to defend against and track attacks on our servers or attempts at misuse, which is necessary to safeguard our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR.

4. data processing for the provision of services initiated by you

We collect and use personal data that you provide to us when you place an order, write us a letter or an email, and when you call us. This may include the following information about you: Name, title, company, postal address, email address, telephone number, fax number, credit card number and expiry date and/or your bank details, other demographic information, details of orders and payment history, return requests or offers made to you, and data relating to your use of our websites. We may require additional personal data such as your age or date of birth.

We process your personal data that you provide to us in order to participate in our advertising program or otherwise contact us. We may also use the data to contact you if we have questions about your order or to inform you about the status of an order. We may also use your e-mail address to identify you in our internal system.

Processing for the purpose of direct marketing is in our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. Insofar as the processing of your data is necessary for the fulfillment of the contract with you or for the implementation of pre-contractual measures, it finds its legal basis in Art. 6 para. 1 lit. b) GDPR.

4.1 Use for advertising purposes after consent has been given

If you have given your consent, we will also use your personal data to inform you about new services or special advertising campaigns or to send you offers or information about our products. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. a) GDPR.

4.2 Use of cookies

"Cookies" are small files that are stored on your end device. "Cookies" do not allow us to control your computer. Unless otherwise described below, the processing of this information serves to make our website more user-friendly and effective and is therefore in our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Cookies cannot execute programs or transmit viruses to your computer. We use temporary cookies with anonymized session information (so-called session IDs) for the operation of our website.

You can remove cookies that have already been saved in your browser settings and deactivate the future storage of cookies. Please refer to the help settings of your browser to find out how to deactivate cookies. Please note that if you deactivate cookies, you may not be able to use all the functions of our website.

5 Use of third-party providers

5.1 Usercentrics

The recipient of your data within the meaning of Art. 13 (1) (e) GDPR is Usercentrics GmbH. As part of the order processing, Dibbern GmbH transmits personal data (consent data) to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich as processor. Consent data includes the following data: Date and time of the visit or consent / refusal, device information. The data is processed for the purpose of compliance with legal obligations (obligation to provide evidence pursuant to Art. 7 para. 1 GDPR) and the associated documentation of consent and thus on the basis of Art. 6 para. 1 lit. c) GDPR. Local storage is used to store the data.

The consent data is stored for 1 year. The data is stored in the European Union. Further information on the data collected and contact options can be found at https://usercentrics.com/privacy-policy/.

5.2 PAYONE

We use PAYONE as a processor for payment services in our store. The legal basis for this is Art. 6 para. 1 lit. b. For further information on the processing of your personal data by PAYONE, please refer to PAYONE's privacy policy:

PAYONE privacy policy

5.3 Google Analytics

We use Google Analytics, an analysis service operated by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, "Google"). For this purpose, Google places a cookie on your device when you visit our website. This makes it possible to recognize your browser and to analyze your use of our website on our behalf, which is in our legitimate economic interest, Art. 6 para. 1 lit. f) GDPR.

Google generally anonymizes your IP address within the EU or EEA before the data about your website use is transmitted to the USA. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield to ensure an adequate level of data protection. You can find more information on this here:

https://www.privacyshield.gov/EU-US-Framework.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

We would also like to point out that the code "anonymizeIp();" has been added to Google Analytics on our website in order to ensure anonymized collection of IP addresses. As a result, IP addresses are further processed in abbreviated form. This prevents the data collected by Google Analytics from being assigned to you. If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately. Further information on the use of your data by Google can also be found here:

https://policies.google.com/?hl=de.

You also have the option of preventing the use of your data at any time by installing the plug-in offered by Google. You can find this plug-in at:

https://tools.google.com/dlpage/gaoptout?hl=de.

You can also prevent the use of Google Analytics by clicking on this link. This will store an opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted. In this case, you must set it again if you wish to continue to prevent this form of data collection. We would also like to point out that the opt-out cookies always relate to a specific browser and a specific end device and must therefore be activated separately for each browser, computer or end device.

5.4 Hotjar

This website uses the Hotjar analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, + 1 (855) 464-6788, support@hotjar.com. This tool creates so-called "heat maps". These overviews enable us, for example, to understand which elements of our site the user has interacted with, how far they have scrolled or which elements they have clicked on. We use this tool to make our website more interesting, to adapt it to the needs of our customers and to identify user trends. The legal basis for data collection is Art. 6 I 1 lit. f GDPR. Cookies are stored on your computer for this analysis. The data collected is stored in a pseudonymized user profile. The IP addresses are anonymized before storage. The data is not merged with other data and individual users are not identified. The data collected is stored on a server in Ireland. You can prevent the storage of cookies in your browser. In this case, we would like to point out that some functions of our website may not work properly. You can also object to data collection by Hotjar by clicking on the following link. In this case, a cookie is set which prevents data collection by Hotjar. https://www.hotjar.com/legal/compliance/opt-out You can find more information about Hotjar and how it works at

:https://www.hotjar.com/legal/policies/privacy

6. data transmission when concluding a contract in the online store and shipping goods

If you order goods from us, we will pass on your personal data to the transport company entrusted with the delivery and to the payment service provider commissioned to process the payment. Only the data required by the respective service provider to fulfill its task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will pass on your e-mail address to the transport company entrusted with the delivery so that it can inform you by e-mail about the shipping status of your order; you can revoke your consent at any time.

7 Where is the collected information stored?

We store your data on a specially protected central online server in Germany. Access to it is only possible for a few specially authorized persons who are entrusted with the technical, commercial or editorial support of the servers. By using modern encryption technology (SSL/TLS), your personal data is protected at a high level against access by unauthorized third parties during transmission to our servers.

7.1 Duration of storage of your data

We only store your data for as long as we need it to achieve the respective processing purpose and then delete it. We regularly delete data about the use of our website after 28 days at the latest. Otherwise, we restrict the processing if we are not allowed to delete the data due to legal regulations, for example.

7.2 Will your personal data be passed on to third parties?

We will only pass on your personal data to third parties in the following cases. We have contracts with other companies to fulfill your order and provide you with the requested products or services or to process your payment to us. This specifically includes

These external service providers only receive data that you need in order to fulfill their respective tasks, and these external service providers are not permitted to use or disclose your personal data for other purposes without your prior permission.

Furthermore, we will not pass on your personal data to third parties without your consent, in particular we will not use your personal data for advertising purposes of third parties or pass it on to them.

On the basis of the GDPR, the new version of the Federal Data Protection Act and other national data protection laws of the member states as well as other data protection regulations, personal data may be passed on if we are legally obliged to do so (Art. 6 para. 1 lit. c) GDPR).

8. how can I restrict the use of personal data about me?

You can revoke your consent to the processing of your personal data, which is not required for the direct execution of your order, at any time with effect for the future, by e-mail (info@dibbern.de), by telephone (+49 (0)40 303 77 68-68) or by fax (+49 (0)40 303 77 68-69). This does not affect the lawfulness of the processing of your data up to the time of revocation on the basis of consent previously given by you.

10. your rights

In addition, you have the following rights with regard to the personal data concerning you:

• a. the right to information about your data processed by us, including the purposes of processing,
• b. the right to rectification of inaccurate personal data,
• c. the right to erasure of your personal data ("right to be forgotten")
• d. the right to restrict the processing of your personal data
• e. the right to receive a copy of your personal data in a structured, commonly used and machine-readable format.

You also have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority about our processing of your personal data at any time.
You can exercise your rights against us by contacting us by email at info@dibbern.de or by post at DIBBERN GmbH, Heinrich-Hertz-Straße 1, 22941 Bargteheide, Germany.

This privacy policy was updated in February 2024. We reserve the right to make changes due to adjustments to the legal situation.

Bargteheide, February 14, 2024