Privacy Policy

1. General

Data protection and data security when using our website are very important to us.

If you would like an introduction to the topic of data protection and the General Data Protection Regulation, you can find further information on the website of the Federal Data Protection Commissioner, for example, at https://www.bfdi.bund.de/DE/Home/home_node.html.

Below we explain how we collect your personal data when you visit our website and for what purposes we use it. As changes to the law or changes to our internal company processes may make it necessary to adapt this privacy policy, we ask you to read this privacy policy regularly. The privacy policy applies to the betoul website, which can be accessed under the domain betoul.net.

2. Information on the controller and data protection officer

2.1 The controller responsible for the processing of your personal data is betoul GmbH, Aschauer Straße 32a, 81549 Munich, Germany. You can contact us for general questions either by telephone on +49 (89) 3564717-71 or by email at info@betoul.de. Further information can be found on our website at https://betoul.com.

2.2 If you have any questions regarding data protection or the exercise of your rights under data protection law (see section 10), you can contact our data protection officer, Dr. Karsten Kinast, LL.M., either at the address KINAST Rechtsanwaltsgesellschaft mbH, Hohenzollernring 54, 50672 Cologne or by e-mail at support@betoul.net.

3. General information on data processing

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information that we cannot link to your person (or only with disproportionate effort), e.g. by anonymizing the information, is not personal data.

The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be complied with.

If we process your personal data for the provision of certain offers, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.

4. Activities in which we process your personal data

The following is a list and detailed description of all processing operations in connection with your personal data that may become relevant when using our website and our services.

4.1 Provision and use of the website

a. Type and scope of data processing

For the purpose of providing our website, we process the personal data that your browser automatically transmits to our servers. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

  • IP addresses

  • Access time

  • Information on browser, operating system, language settings and screen resolution,

  • The page or file called up in each case

  • Access status (successful or error code) for each page view of all website visitors

For the purpose of detecting and defending against attacks on our website and technical infrastructure (e.g. hacking, denial of service attacks), we process personal data including

  • Identification data

  • Connection data or

  • Localization data (including IP addresses)

For this purpose, we use the Content Delivery Network (CDN) of Cloudflare Inc, 101 Townsend St San Francisco, CA 94107, with whom we have concluded a Data Processing Agreement in accordance with Art. 28 GDPR to ensure the security of your personal data. Personal data may be processed in Cloudflare's server log files.

You can find more information on data protection at Cloudfare at: https://www.cloudflare.com/privacypolicy/

b. Legal basis

Art. 6 (1) lit. f GDPR serves as the legal basis for the aforementioned data processing. The data processing is technically necessary to enable the use of our website and to prevent and detect attacks on our website and thus serves to safeguard a legitimate interest of our company.

c. Storage period

As soon as the aforementioned data is no longer required to display the website, it will be deleted. The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. Consequently, the user has no option to object. Further storage may take place in individual cases if this is required by law.

4.2 Registration on the website

a. Type and scope of data processing

On our website, we offer you the opportunity to register by providing personal data in order to be able to use the functionalities of our website that require registration, such as the user and customer portal. We process the following personal data for the purpose of registration and verifying the identity of the person making the request:

  • IP addresses

  • First name

  • Surname

  • Gender

  • Address

  • Country

  • E-mail address

  • Status as a private individual or business customer

If applicable, company name and tax identification number or comparable company identification information for business customers

b. Legal basis

The processing of the personal data described serves the fulfilment of a contract between you and betoul GmbH or the implementation of pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR. For persons who are not party to the contract but representatives of their company, the legal basis for data processing is Art. 6 (1) lit. f GDPR.

c. Storage period

As soon as the processed data is no longer required for the performance of the contract, it will be deleted. Thereafter, the processing of the data will be restricted until the expiry of any statutory retention periods and will no longer be used for identification and access to website functions that require registration.

d. Cancellation of the registration / deletion of the user account

As a registered user, you have the option of cancelling your registration at any time. You can change the data stored about you at any time via the settings of your user account.

However, if the processed data is required for the execution/termination of a contract, premature deletion of the data is not possible.

Persons who represent their company and whose data is therefore processed on the basis of Art. 6 (1) lit. f GDPR have the right to object to the processing of their data in accordance with Art. 21 GDPR as described in section 10.

4.3 Order processing

a. Type and scope of data processing

For the purpose of processing customer orders for our products and services and delivering the products and services, we process the following personal data provided during registration on the website:

  • IP addresses

  • First name

  • Surname

  • Gender

  • Address

  • Country

  • E-mail address

  • Status as a private individual or business customer

  • If applicable, company name and tax identification number or comparable company identification information for business customers

b. Legal basis

The processing of the personal data described serves the fulfilment of a contract between you and betoul GmbH or the implementation of pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR.

c. Storage period

As soon as the processed data is no longer required for the performance of the contract, in particular if the customer has terminated all their contracts, it will be deleted. Thereafter, the processing of the data is restricted until the expiry of any statutory retention periods and is no longer used for other purposes.

4.4 Payment processing

a. Type and scope of data processing

For the purpose of processing payments for products and services, we process the personal data provided when registering on the website:

  • IP addresses

  • First name

  • Surname

  • Gender

  • Address

  • Country

  • E-mail address

  • Status as a private individual or business customer

  • If applicable, company name and tax identification number or comparable company identification information for business customers

  • Payment and transaction data

  • the products and services ordered

If the customer does not pay the entire amount for the entire term of the contract in advance, the data will be transmitted to the respective payment service provider selected by the customer, e.g. PayPal (Europe) S.à.r.l & Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Dublin 2, Ireland or Skrill (Paysafe Payment Solutions Limited, 70 Sir John Rogerson's Quay, Dublin 2,D02 R296, Ireland).

In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

The following data is transmitted to the payment service provider and credit institutions involved as part of payment processing:

  • Name of the invoice recipient

  • Billing address

  • Name of the recipient of the service

  • Shipping address

  • Order number

  • Credit card number, if applicable

  • Account number

  • Bank code

  • Invoice amount

  • Currency

  • Transaction number

b. Legal basis

When processing your personal data that is required to fulfil a purchase contract concluded with us, i.e. in particular for payment processing, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. In some cases, we may also be legally obliged to transfer the above-mentioned data concerning you (implementation of strong customer authentication in accordance with Directive EU 2015/2366 (PSD 2) or the Payment Services Supervision Act (ZAG)). Insofar as we are legally obliged to transfer data, Art. 6 (1) lit. c GDPR in conjunction with the corresponding provisions of Directive EU 2015/2366 (PSD 2) or the Payment Services Supervision Act (ZAG) is used as the legal basis.

c. Storage period

We store the account information for the duration of the active customer relationship and for six months thereafter. Subsequent processing is limited to this purpose and will be deleted after all statutory retention periods have expired.

4.5 Fraud prevention

a. Type and scope of data processing

For the purpose of protection against payment fraud or misuse of our products or services for illegal purposes (e.g. spamming, hosting illegal content), we process the following personal data provided during registration on the website:

  • IP addresses

  • First name

  • Surname

  • Gender

  • Address

  • Country

  • E-mail address

  • Status as a private individual or business customer

  • If applicable, company name and tax identification number or comparable company identification information for business customers

We transmit IP addresses to Maxmind, Inc., based at 14 Spring Street, 3rd floor, Waltham, MA 02451 USA, whose MinFraud tool determines whether it is a proxy address. We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR, which guarantees data protection at the provider.

Further information on how Maxmind handles data protection can be found at: https://www.maxmind.com/en/privacy-policy

bLegal basis

The processing and transfer are necessary to safeguard our legitimate interest in fraud prevention (Art. 6 (1) lit. f GDPR). It serves the legitimate interest of minimizing the risk of payment defaults, misuse and fraud.

c. Storage period

We will store the data until you request the deletion of your account. The processing of the data will then be restricted and no longer used for fraud prevention. The data will be stored by the provider for 18 months and then deleted.

4.6 Sanctions list screening

a. Type and scope of data processing

To comply with legal requirements, we compare the customer data you provide during registration with sanctions lists.

We use the controlled service provider Refinitiv Germany GmbH to carry out the sanctions list screening as part of order processing within the meaning of Art. 28 GDPR. Further information on how Refinitiv uses your personal data to carry out the sanctions list screening can be found in its data protection information at https://www.refinitiv.com/en/policies/privacy-statement.

b. Legal basis

Processing is required by law and is therefore based on Art. 6 (1) lit. c GDPR.

c. Storage period

The personal data will be stored until the purpose for which it was collected is achieved or ceases to apply and then deleted.

4.7 Customer and product support

a. Type and scope of data processing

In order to process all customer and product support requests that reach us by e-mail or telephone, we process

  • Name

  • First name

  • E-mail address

  • Phone number

  • If applicable, other personal data specified in the e-mail and information on the content of the request.

b. Legal basis

The processing is necessary to process the request or concern (Art. 6 (1) lit. b GDPR).

c. Storage period

Depending on the content of the request, processing is limited to the specific purpose of the request and is terminated immediately after the request has been processed. The data will be deleted after all mandatory retention periods have expired.

4.8 Typeform

a. Type and scope of data processing

We use the Typeform tool (Typeform S.L., Bac de Roda 163, 08018 Barcelona, Spain) on our website for the purpose of recording and transmitting customer inquiries and feedback using forms. The following personal data is processed by you:

  • Name

  • E-mail address

  • Your message

  • Customer feedback

We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR, which guarantees data protection at the provider.

Further information on how Typeform handles data protection can be found at: https://www.typeform.com/help/a/what-happens-to-my-data-360029581691/

b. Legal basis

The processing is necessary to process the request (Art. 6 (1) lit. b GDPR). Your feedback is also processed on the basis of our legitimate interest in processing in accordance with Art. 6 (1) lit. f GDPR).

cStorage period

Depending on the content of the request, processing is limited to the specific purpose of the request and is terminated immediately after the request has been processed. The data will be deleted after all mandatory retention periods have expired.

4.9 E-mail newsletter

a. Type and scope of data processing

We offer you the betoul newsletter service. With your consent, you can subscribe to our newsletter, with which we inform you about industry news and advertising for our own products and services, such as information about promotions, product launches and new offers.

We use the so-called double opt-in procedure for sending our newsletter, which requires registration, i.e. we will only send you a newsletter if you have previously expressly consented to us activating the newsletter service. You must also confirm that the e-mail address you have provided belongs to you. For this purpose, we will send you a notification e-mail and ask you to confirm that you are the owner of the e-mail address provided by clicking on a link contained in this e-mail.

We process the following personal data from you as part of sending the newsletter:

  • E-mail address

  • Consent

  • Time of consent

b. Legal basis

Data processing for the purpose of sending the newsletter is based on the consent of the subscriber (Art. 6 (1) lit. a GDPR).

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the unsubscribe link provided in every newsletter e-mail or by sending an e-mail to the contact details given above.

c. Storage period

Your personal data will be stored for as long as you have subscribed to the newsletter. After you unsubscribe from the newsletter, your personal data will be deleted unless it is also processed for other purposes.

4.10. Applying for vacancies

a. Type and scope of data processing

By submitting an application on our recruiting page or by e-mail to us, the applicant declares that they wish to take up employment with us. In this context, you transmit personal data to us, which we use and store exclusively for the purpose of your job search/application.

In particular, the following data is collected:

  • Name (first name and surname)

  • E-mail address

  • Phone number

  • LinkedIn profile (optional)

  • channel how you became aware of us.

You also have the option of uploading informative documents such as a cover letter, your CV and certificates. These may contain further personal data such as date of birth, address, etc.

If indicated by the applicant, we may also process special categories of personal data, such as information on disabilities, ethnic origin or biometric data (handwritten signature).

The application procedure is carried out for betoul GmbH within the framework of order processing (in accordance with Art. 28 GDPR) by betoul Holding GmbH (Aschauer Straße 32a, 81549 Munich).

The data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio Operations GmbH & Co KG (Rundfunkplatz 4, 80335 Munich), which offers personnel administration and applicant management software. (https://www.personio.de/impressum/) Personio is our processor in this context in accordance with Art. 28 GDPR. The basis for the processing is an order processing contract between us as the controller and Personio.

The HR department and the decision-makers for the position to be filled will have access to the personal data contained in the application.

b. Legal basis

The processing of the aforementioned personal data is necessary as a pre-contractual measure for the implementation and handling of the application process and the assessment of the suitability for the position in question and is therefore carried out on the basis of Art. 6 (1) lit. b, Art. 88 GDPR in conjunction with § 26 (1) S. 1 BDSG.

If special categories of personal data are voluntarily provided by the applicant, the processing is carried out on the basis of Art. 9 (2) lit. a GDPR, Art. 88 GDPR in conjunction with. § 26 (2) BDSG. By providing the special categories of personal data in question, the applicant consents to the processing.

c. Storage period

Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied. We store the personal data for six months after the applicant has been notified of the decision to fill the vacancy. The personal data will then be deleted or anonymized. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of women or men in applications, number of applications per period, etc.).

The applicant has the right to withdraw his/her consent to the processing of the voluntarily provided special categories of personal data at any time in accordance with Section 10.

4.11. Talent pool

a. Type and scope of data processing

For possible consideration for future vacancies, we process the personal data provided by the applicant to decide whether to consider an applicant for other vacancies.

b. Legal basis

Processing is carried out on the basis of the applicant's express consent (Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR).

c. Storage period

We store the data for 12 months or until consent is withdrawn, whichever is earlier. The application and the data contained therein will be deleted, returned to the applicant or destroyed unless the applicant has given their consent again (e.g. due to our request) or the data is not processed further for the purpose of employment.

You have the right to revoke your consent at any time and without giving reasons with effect for the future by sending us an e-mail to the e-mail address support@betoul.net .

cStorage period

Depending on the content of the request, the processing is limited to the specific purpose of the request and is terminated immediately after the processing of the request has been completed. The data will be deleted after all mandatory retention periods have expired.

5. Cookies and web analysis

a. Type and scope of data processing

We use cookies on our website. Cookies are small files that are sent by us to the browser of your end device and stored there when you visit our website. This website uses cookies to improve your experience and to provide you with personalized content and functions. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. In this notice, we would like to inform you about the different types of cookies we use and how you can manage your cookie settings. More detailed information on the individual cookies can be found below and in our cookie banner.

(1) Required cookies:

These cookies are essential to ensure that the website functions properly. For example, they enable you to navigate the website and fill in forms. Without these cookies, certain services on our website cannot be provided.

(2) Performance and marketing cookies:

These cookies collect information about how you use our website. They help us measure and improve the performance of our website by providing statistics and analytics. We use this information to optimize the user-friendliness and relevance of our content. This enables us to make our website more user-friendly and effective for you.

However, you can change your cookie settings at any time by clicking on the cookie settings option on our website. You have control over your cookie preferences.

b. Legal basis

The legal basis for the use of technically necessary cookies for the associated storage of information on your end device and its subsequent reading is § 25 (2) Nr. 2 TDDDG. The following processing of your personal data is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR.

The legal basis for the use of performance or marketing cookies with regard to their associated storage on your end device is Section 25 (1) TDDDG. The processing of the personal data collected on this basis takes place exclusively on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR.

c. Storage period

As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information is deleted. Further storage may take place in individual cases if this is required by law.

You can find more detailed information on the respective storage periods in our cookie banner.

d. Configuration of the browser settings

Most browsers are set to accept cookies by default. However, you can configure some browsers so that they only accept certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are deactivated by your browser settings on our website. You can also delete cookies already stored in your browser via your browser settings. It is also possible to set your browser to notify you before cookies are stored. As the various browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the configuration options. If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.

5.1 Affiliate marketing

a. Type and scope of data processing

Affiliate marketing is an Internet-supported form of sales that enables commercial operators of websites, known as merchants or advertisers, to display advertising, which is usually remunerated via click or sale commissions, on third-party websites, i.e. with sales partners, also known as affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on their own website or advertised via other channels, such as keyword advertising or e-mail marketing.

For the purpose of affiliate marketing, we use the two network operators AWIN (AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany) and Conversion Junction (Epsilon International UK Ltd., 2 Television Centre 101 Wood Lane London W12 7 FR, United Kingdom) as an interface between publishers/affiliates and advertisers.

The following personal data is processed for the purpose of affiliate marketing:

  • Identification number of the affiliate

  • Order number of the website visitor and the advertising item clicked on

  • Information about the end device

  • Browser used

  • Order contents

b. Legal basis

We only use the service if you have previously given your consent via our cookie banner, Section 25 (1) TDDDG. The further processing of your personal data is also based on your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future by adjusting the corresponding settings in the cookie banner.

c. Storage period

If the processing of your personal data is no longer necessary for the above-mentioned purposes, the personal data will be deleted. Alternatively, the personal data will be deleted if you make use of your option to withdraw your consent

5.2 Microsoft Clarity

a. Type and scope of data processing

We use the Clarity tool from Microsoft (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland 18, D18 P521) to check the website, evaluate sessions and record metrics that indicate possible problems with user-friendliness. The following personal data is processed for this purpose:

  • User data (e.g. access times, IP addresses, cursor/scroll movements, pages visited on the website)

We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR to ensure the security of your personal data.

b. Legal basis

We only use the service if you have previously given your consent via our cookie banner, Section 25 (1) TDDDG. The further processing of your personal data is also based on your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future by adjusting the corresponding settings in the cookie banner.

c. Storage period

If the processing of your personal data is no longer necessary for the above-mentioned purposes, the personal data will be deleted. Alternatively, the personal data will be deleted if you make use of your option to withdraw your consent.

5.3 Varify

a. Type and scope of data processing

We use Varify.io from the company Varify GmbH, Südliche Münchner Straße 55, 82031 Grünwald, Germany. Varify is a service that makes it possible to further develop our website with the help of so-called "A/B tests" and adapt it to your needs.

We process the following personal data from you for this purpose:

  • User data (e.g. access times, IP addresses, cursor/scroll movements, pages visited on the website)

We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR to ensure security during processing.

b. Legal basis

We only use the service if you have given your prior consent via our cookie banner, Section 25 (1) TDDDG. The further processing of your personal data is also based on your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future by adjusting the corresponding settings in the cookie banner.

c. Storage period

If the processing of your personal data is no longer necessary for the above-mentioned purposes, the personal data will be deleted. Alternatively, the personal data will be deleted if you make use of your option to withdraw your consent.

5.4 Google Tag Manager

a. Type and scope of data processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website. This allows us to flexibly integrate additional services in order to evaluate user access to our website.

The following personal data will be processed by you for this purpose:

  • User data (e.g. access times, IP addresses, cursor/scroll movements, pages visited on the website)

We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR to ensure security during processing.

b. Legal basis

We only use the service if you have previously given your consent via our cookie banner, Section 25 (1) TDDDG. The further processing of your personal data is also based on your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future by adjusting the corresponding settings in the cookie banner.

c. Storage period

If the processing of your personal data is no longer necessary for the above-mentioned purposes, the personal data will be deleted. Alternatively, the personal data will be deleted if you make use of your option to withdraw your consent.

6. Security measures to protect the data stored by us

We are committed to protecting your privacy and treating your personal data confidentially. In order to prevent the loss or misuse of the data stored by us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress. However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data - even if it is sent by e-mail - can be read by third parties. We have no technical influence over this. It is the responsibility of the user to protect the data provided by him/her against misuse through encryption or in any other way.

7Hyperlinks

Our website contains so-called hyperlinks to websites of other providers. If you activate these hyperlinks, you will be forwarded directly from our website to the website of the other provider. You can recognize this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on other websites. Please refer directly to the respective websites for information on how your personal data is handled on other websites.

8. External service providers

We use service providers to provide services and to process your data relating to our services. The service providers process the data exclusively in accordance with our instructions and are obliged to comply with the applicable data protection regulations. All processors have been carefully selected and are only given access to your data to the extent and for the period required to provide the services or to the extent to which you have consented to data processing and use.

In this context, personal data may also be transferred to countries outside the EU/EEA in which the provisions of the GDPR do not apply. However, we will take the necessary precautions in accordance with the provisions of the GDPR to ensure that your data is transferred in compliance with data protection regulations.

We therefore work in particular with companies in countries for which the EU Commission has issued an adequacy decision. These include the USA in particular. Since 10.07.2023, data transfers to the USA have been legitimized by a so-called EU adequacy decision (EU-US Data Privacy Framework) if the respective US company has committed itself to appropriate data protection standards with the US Department of Commerce. US companies that have not done so will be treated in the same way as other global companies outside the European Union if there is no EU adequacy decision for the country in question. At betoul, we only work with companies for which legally required measures have been taken to ensure the lawful transfer of your data to these countries. If there is no adequacy decision for a third country in this respect, compliance with the required level of data protection is generally ensured by concluding standard contractual clauses and implementing additional measures.

9. Storage period

Your personal data will be deleted as soon as the respective purpose for processing has been achieved or has subsequently ceased to apply.

In order to fulfil contractual obligations, data collected from you may be stored for as long as the contract exists and, depending on the scope of the contract, for 6 or 10 years beyond that in order to comply with statutory retention obligations and to clarify any inquiries or claims that may arise after the contract expires.

If, at our discretion, data is necessary to verify or defend claims against us or to initiate criminal prosecution or bring claims against you, us or third parties, we may retain it for as long as such proceedings could be brought.

For customer service purposes, the data collected from you may be stored for 3 to 10 years after collection, unless you request the deletion of this data and there are no contractual or statutory retention obligations that conflict with this request for deletion.

Relevant verification and retention obligations arise from the German Commercial Code and the German Fiscal Code, among others.

In this case, the legal basis for the processing is the respective legal regulations in conjunction with Art. 6 (1) lit. c GDPR.

10. Your rights as a data subject affected by data processing

10.1 You can exercise your rights as a data subject at any time by writing to the following e-mail address: datenschutzbeauftragter@betoul.de. Please note that we are unable to process telephone enquiries regarding personal data, as it is generally not possible to establish the identity of the caller with sufficient certainty.

10.2 You have the following rights with regard to your personal data:

10.2.1 Right to information, Art. 15 GDPR

You have the right to request information from us at any time about the data we have stored about you, as well as its origin, recipients or categories of recipients to whom this data is passed on and the purpose of storage.

10.2.2 Right to rectification, Art. 16 GDPR

You can request the correction of incorrect data or the completion of your data stored by us.

10.2.3 Right to erasure and blocking, Art. 17 and 18 GDPR

You have the right to block and delete your personal data stored by us. If the deletion conflicts with statutory retention obligations or other statutory reasons, your data can only be blocked instead of deleted.

10.2.4 Your right to data portability (Art. 20 GDPR) also provides that, if the legal requirements are met, you may request that we transfer the personal data concerning you to you - or, if technically feasible, to another controller designated by you - in a structured, commonly used and machine-readable format.

10.2.5 You have the right to object to processing (Art. 21 GDPR) for certain processing purposes, in particular advertising purposes. Insofar as we process your data on the basis of a balancing of interests (pursuant to Art. 6 (1) lit. f GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation. Such reasons exist in particular if these reasons give your interests particular weight and therefore outweigh our interests, for example if these reasons are not known to us and therefore could not be taken into account in the balancing of interests. You can object to the processing by sending us an e-mail to the e-mail address support@betoul.net and we will inform you about the further possibilities of objecting to each specific processing purpose mentioned in section 4.

10.2.6 You have the right to withdraw the consent you have given us to process your personal data (Art. 7 (3) GDPR). You can withdraw your consent at any time and without giving reasons, either in relation to all or only to individual processing activities based on your consent. The revocation is effective immediately and for all future processing. The lawfulness of the processing of your personal data up to the point of withdrawal remains unaffected. You can withdraw your consent by sending us an e-mail to the e-mail address support@betoul.net and we will inform you about the further possibilities of withdrawing your consent against each specific processing purpose mentioned in section 4.

10.3 You also have the right to contact the competent data protection supervisory authority if you have any questions or complaints regarding our processing of your personal data. Contact information for the supervisory authority of the state of Bavaria can be found at https://www.lda.bayern.de/de/kontakt.html.

11. Automated decision-making/profiling

We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).

Status: September 2024