Privacy Policy

Data protection

(Status: November 2025)

1. Introduction

Below we provide information about the processing of personal data when using our website www.holy.com and our profiles on social media. Personal data means any data relating to an identified or identifiable natural person, e.g. their name or IP address.

1.1. Contact details

The controller within the meaning of Article 4 (7) of the EU General Data Protection Regulation (GDPR) is HOLY Softdrinks GmbH, Saarbrücker Straße 37, 10405 Berlin, Germany, email: hello@holy.com. We are legally represented by Mathias Horsch, Frederick Jost and Philipp Naß.

Our data protection officer can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, email: datenschutz@heydata.eu.

1.2. Scope of data processing, purposes of processing and legal bases

We set out the scope of the processing of the data, the purposes of processing and the legal bases in detail below. As a legal basis for data processing, the following generally come into consideration:

Article 6 (1) sentence 1 (a) GDPR serves as the legal basis for processing operations for which we obtain consent.
Article 6 (1) sentence 1 (b) GDPR is the legal basis where the processing of personal data is necessary for the performance of a contract, e.g. where a visitor to the site purchases a product from us or we perform a service for them. This legal basis also applies to processing required for pre-contractual measures, for example in the case of enquiries about our products or services.
Article 6 (1) sentence 1 (c) GDPR applies where we fulfil a legal obligation by processing personal data, as may be the case, for example, under tax law.
Article 6 (1) sentence 1 (f) GDPR serves as the legal basis where we can rely on legitimate interests to process personal data, e.g. for cookies that are required for the technical operation of our website.

1.3. Data processing outside the EEA

Insofar as we transfer data to service providers or other third parties outside the European Economic Area (EEA), adequacy decisions of the EU Commission in accordance with Article 45 (3) GDPR ensure the security of the data during transmission where such decisions exist, as is the case, for example, for the United Kingdom, Canada and Israel.

For the transfer of data to service providers in the USA, the legal basis for the data transfer is an adequacy decision of the EU Commission if the service provider is also certified under the EU-US Data Privacy Framework.

In other cases (e.g. if no adequacy decision exists), the legal basis for data transfers is generally – unless we provide a different notice – standard contractual clauses. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. Pursuant to Article 46 (2) (b) GDPR, they ensure the security of the data transfer. Many providers have provided contractual guarantees going beyond the standard contractual clauses, which protect the data over and above the standard contractual clauses. These include, for example, guarantees regarding the encryption of data or regarding an obligation of the third party to notify data subjects if law enforcement authorities wish to access data.

1.4. Storage period

Unless expressly stated otherwise in this privacy notice, the data stored by us is deleted as soon as it is no longer required for its intended purpose and there are no statutory retention obligations preventing deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for commercial or tax law reasons.

1.5. Rights of data subjects

Data subjects have the following rights vis-à-vis us with regard to personal data concerning them:

Right of access,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to withdraw consent at any time.

Data subjects also have the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data. Contact details of the data protection supervisory authorities are available at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html .

1.6. Obligation to provide data

Customers, prospects or third parties are only required to provide us with those personal data which are necessary for the establishment, implementation and termination of the business relationship or for any other relationship, or which we are legally obliged to collect. Without this data, we will generally have to refuse to enter into a contract or provide a service, or we will no longer be able to perform an existing contract or other relationship. Mandatory fields are marked as such.

1.7. No automated individual decision-making

To establish and conduct a business relationship or other relationship, we generally do not use fully automated individual decision-making in accordance with Article 22 GDPR. Should we use such procedures in individual cases, we will inform about this separately where required by law.

1.8. Contacting us

When contacting us, e.g. by email or telephone, we store the data provided to us (e.g. names and email addresses) in order to respond to queries. The legal basis for processing is our legitimate interest (Article 6 (1) sentence 1 (f) GDPR) in answering queries addressed to us. The data arising in this context will be deleted once storage is no longer required, or processing will be restricted if statutory retention obligations exist.

1.9. Competitions

From time to time we offer competitions via our website or in other ways. We process the data requested in this context in order to determine and notify the winners. The data is then deleted. It may also be that we offer competitions only for existing customers. In that case we only process the name to determine the winners and the contact details to notify the winners. It is our legitimate interest to offer competitions for customer acquisition or interaction with our existing customers. The legal basis for the data processing is Article 6 (1) sentence 1 (f) GDPR.

1.10. Customer surveys

From time to time we conduct customer surveys in order to get to know our customers and their needs better. In the process, we collect the data requested in each case. It is our legitimate interest to better understand our customers and their needs, so that the legal basis for the associated data processing is Article 6 (1) sentence 1 (f) GDPR. The data is deleted once the results of the surveys have been evaluated.

2. Newsletter

We reserve the right to inform customers who have already used our services or purchased goods from time to time by email or other means about our offers, provided they have not objected. The legal basis for this data processing is Article 6 (1) sentence 1 (f) GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR). Customers may object to the use of their email address for advertising purposes at any time without additional costs, for example via the link at the end of each email or by email to the above email address.

Prospects have the option of subscribing to a free newsletter. We process the data provided at registration solely for the purpose of sending the newsletter. Registration takes place by selecting the corresponding field on our website, by ticking the corresponding box in a paper document or by another clear action by which prospects declare their consent to the processing of their data, so that the legal basis is Article 6 (1) sentence 1 (a) GDPR. Consent may be withdrawn at any time, e.g. by clicking the relevant link in the newsletter or by notifying us at the email address stated above. Processing of the data up until withdrawal remains lawful even if consent is withdrawn.

On the basis of the recipients’ consent (Article 6 (1) sentence 1 (a) GDPR), we also measure the open and click rate of our newsletters in order to understand which content is relevant for our recipients.

We send newsletters using the Klaviyo tool of the provider Klaviyo, Inc., 125 Summer St, Floor 6, Boston, MA 02111, USA. The provider processes content, usage, meta/communication and contact data in the USA. Further information is available in the provider’s privacy notice at https://www.klaviyo.com/privacy/policy .

We send newsletters using the Charles tool of the provider Charles GmbH, Gartenstraße 86-87, 10115 Berlin. The provider processes content, usage, meta/communication and contact data in the EU. Further information is available in the provider’s privacy notice at https://www.hello-charles.com/privacy-policy .

3. Data processing on our website

3.1. Notice for website visitors from Germany

Our website stores information on visitors’ terminal equipment (e.g. cookies) or accesses information already stored on the terminal equipment (e.g. IP addresses). The specific information involved is set out in the sections below.

This storage and access take place on the basis of the following provisions:

Insofar as this storage or access is absolutely necessary for us to provide the service on our website expressly requested by website visitors (e.g. to operate a chatbot used by the website visitor or to ensure the IT security of our website), this is carried out on the basis of Section 25 (2) no. 2 of the Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG).
In all other respects, this storage or access is carried out on the basis of the consent of website visitors (Section 25 (1) TDDDG).

Subsequent data processing is carried out in accordance with the following sections and on the basis of the provisions of the GDPR.

3.2. Informational use of the website

When using the website for informational purposes only, i.e. when visitors do not otherwise transmit information to us, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This constitutes our legitimate interest, so that the legal basis is Article 6 (1) sentence 1 (f) GDPR.

This data is:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transmitted in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software

This data is also stored in log files. It is deleted when storage is no longer required, at the latest after 14 days.

3.3. Web hosting and provision of the website

Our website is hosted by GoDaddy. The provider is GoDaddy Netherlands B.V., 's-Gravelandseweg 696, 3119 RG Schiedam, Netherlands. The provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication and contact data, in the EU. Further information can be found in the provider’s privacy notice at https://www.godaddy.com/de-de/legal/agreements/privacy-policy .

It is our legitimate interest to provide a website, so that the legal basis for the data processing described is Article 6 (1) sentence 1 (f) GDPR.

Our website is hosted by Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication or contact data, in the EU. Further information can be found in the provider’s privacy notice at https://www.shopify.de/legal/datenschutz .

It is our legitimate interest to provide a website, so that the legal basis for the data processing described is Article 6 (1) sentence 1 (f) GDPR.

We use the Shopify Content Delivery Network for our website. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes personal data transmitted via the website, e.g. content, usage, meta/communication or contact data, in the USA. Further information can be found in the provider’s privacy notice at https://www.shopify.de/legal/datenschutz .

We have a legitimate interest in using sufficient storage and delivery capacities in order to ensure optimal data throughput even at peak loads. The legal basis for the data processing described is therefore Article 6 (1) sentence 1 (f) GDPR.

The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the review procedure under Article 93 (2) GDPR (Article 46 (2) (c) GDPR), which we have agreed with the provider.

3.4. Contact form

When contacting us via the contact form on our website, we store the data requested there and the content of the message.

The legal basis for processing is our legitimate interest in responding to queries addressed to us. The legal basis for processing is therefore Article 6 (1) sentence 1 (f) GDPR.

The data arising in this context will be deleted once storage is no longer required, or processing will be restricted if statutory retention obligations exist.

3.5. Job advertisements

We publish job advertisements on our website, on pages linked to the website or on websites of third parties.

The processing of the data provided as part of the application is carried out for the purpose of conducting the application procedure. Insofar as this is necessary for our decision on establishing an employment relationship, the legal basis is Article 88 (1) GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). We have labelled the data required to conduct the application procedure accordingly or point this out. If applicants do not provide this data, we cannot process the application.

Additional data is voluntary and not required for an application. If applicants provide further information, the legal basis is their consent (Article 6 (1) sentence 1 (a) GDPR).

We ask applicants to refrain from including information on political opinions, religious beliefs and similarly sensitive data in their CV and cover letter. Such information is not required for an application. If applicants nevertheless provide such information, we cannot prevent its processing when processing the CV or cover letter. Its processing is then also based on the applicants’ consent (Article 9 (2) (a) GDPR).

Finally, we process applicants’ data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Article 6 (1) sentence 1 (a) GDPR.

We pass on applicants’ data to the responsible employees of the HR department, to our processors in the area of recruiting and to the employees otherwise involved in the application procedure.

If, following the application procedure, we enter into an employment relationship with the applicant, we will only delete the data after the employment relationship has ended. Otherwise, we delete the data no later than six months after rejection of an applicant.

If applicants have given us their consent to use their data for further application procedures, we delete their data only one year after receipt of the application.

3.6. Customer account

Visitors to the website can open a customer account on our website. We process the data requested in this context on the basis of the website visitor’s consent. The legal basis for processing is therefore Article 6 (1) sentence 1 (a) GDPR.

Consent may be withdrawn at any time, e.g. via the contact details stated in our privacy notice. Withdrawal does not affect the lawfulness of processing up until withdrawal. If consent is withdrawn, we will delete the data unless we are obliged or entitled to retain it further.

3.7. Offering goods

We offer goods via our website. In the course of ordering, we process the following data:

Name
Address
Telephone number (optional)
Email

The processing of the data is carried out for the performance of the contract concluded with the respective website visitor (Article 6 (1) sentence 1 (b) GDPR).

We pass on the above data to the following service providers where this is necessary in the context of the order:

HIVE

The legal basis for processing is Article 6 (1) sentence 1 (b) GDPR, as it is necessary for the performance of the contract.

3.8. Payment service providers

We use payment processors to handle payments, which are themselves controllers within the meaning of Article 4 (7) GDPR under data protection law. Insofar as these receive data entered by us in the order process and payment data, we thereby fulfil the contract concluded with our customers (Article 6 (1) sentence 1 (b) GDPR).

These payment service providers are:

Amazon Payments Europe s.c.a., Luxembourg
American Express Europe S.A.
Apple Inc., USA (for Apple Pay)
giropay GmbH
Google Ireland Limited, Ireland (for Google Pay)
Klarna Bank AB (publ), Sweden (“Klarna invoice”)
Klarna Bank AB (publ), Sweden (“Klarna Sofort”)
Mastercard Europe SA, Belgium
PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
Shopify Inc., Canada (for Shop Pay)
Stripe Payments Europe, Ltd., Ireland
Visa Europe Services Inc., United Kingdom
Amazon Pay

3.9. Technically necessary cookies

Our website uses cookies. Cookies are small text files that are stored in the web browser on a visitor’s terminal device. Cookies help make our offering more user-friendly, effective and secure. Insofar as these cookies are required for the operation of our website or its functions (hereinafter “technically necessary cookies”), the legal basis for the associated data processing is Article 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in providing customers and other website visitors with a functional website.

Specifically, we use technically necessary cookies for the following purpose or purposes:

Cookies that store language settings,
Cookies that store the shopping basket,
Cookies that store log-in data,
Cookies set by payment providers for payment processing and that do not analyse user behaviour, and
Flash cookies set for the playback of media content.

3.10. Third-party providers

3.10.1. Hive

We use Hive for fulfilment. The provider is Hive Technologies GmbH, Rosenthaler Straße 36, 10178 Berlin. The provider processes content data (e.g. entries in online forms), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for processing is Article 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in selling our products in an easily accessible way for prospects.

The data is deleted when the purpose of its collection no longer applies and there is no retention obligation preventing this. Further information is available in the provider’s privacy notice at https://www.hive.app/legal/privacy-policy .

3.10.2. cookiefirst

We use cookiefirst for the management of consents. The provider is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42a, 1018DH, Amsterdam, Netherlands. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for processing is Article 6 (1) sentence 1 (c) GDPR. The processing is necessary for compliance with a legal obligation to which we are subject.

3.10.3. Klar

We use Klar for analytics. The provider is Klar Insights GmbH, Marktstr. 18, 80802 Munich. The provider processes usage data (e.g. pages visited, interest in content, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for processing is Article 6 (1) sentence 1 (a) GDPR. Processing is carried out on the basis of consent. Data subjects may withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy notice. Withdrawal does not affect the lawfulness of processing up until withdrawal.

3.10.4. Google Webfonts

We use Google Webfonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. However, processing takes place only on our servers. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for processing is Article 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in using a font on our website that is easy to implement and cost-effective.

Further information is available in the provider’s privacy notice at https://policies.google.com/privacy?hl=de .

3.10.5. Sovendus

We use Sovendus to operate an online shop and for increased sales engagement. The provider is Sovendus GmbH, Hermann-Veit-Straße 6, 76135 Karlsruhe. The provider processes contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for processing is Article 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in selling our products in an easily accessible way for prospects and optimising this through special offers.

3.10.6. Shopify

We use Shopify to operate an online shop. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for processing is Article 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in selling our products in an easily accessible way for prospects.

3.10.7. Lifetimely

We use Lifetimely for analytics. The provider is Lifetimely Oy, Revontulentie 11, 02100 Espoo, Finland. The provider processes contract data (e.g. subject matter of the contract, term), usage data (e.g. pages visited, interest in content, access times) and master data (e.g. names, addresses) in the EU.

3.10.8. Hotjar

We use Hotjar for analytics. The provider is Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's, STJ 3141, Malta. The provider processes usage data (e.g. pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.

3.10.9. Google Analytics

We use Google Analytics for analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The provider processes usage data (e.g. pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.

The legal basis for the transfer to a country outside the EEA is an adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is ensured because the EU Commission has decided in an adequacy decision in accordance with Article 45 (3) GDPR that the third country provides an adequate level of protection.

3.10.10. Google Webfonts

We use Google Webfonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA.

Further information is available in the provider’s privacy notice at https://policies.google.com/privacy?hl=de .

3.10.11. Meta Pixel

We use Meta Pixel for analytics. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. pages visited, interest in content, access times) in the USA.

3.10.12. Google Conversion Tag

We use Google Conversion Tag for conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. pages visited, interest in content, access times) in the USA.

3.10.13. TikTok Pixel

We use TikTok Pixel for analytics and advertising. The provider is TikTok, Inc., 10100 Venice Blvd Suite 401, Culver City, CA 90232, USA. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA.

3.10.14. Facebook Conversion API

We use Facebook Conversion API for analytics. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.

3.10.15. Google Marketing Platform

We use Google Marketing Platform for analytics and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.

We delete the data when the purpose of its collection no longer applies. Further information is available in the provider’s privacy notice at https://policies.google.com/privacy?hl=de .

3.10.16. Google Tag Manager

We use Google Tag Manager for analytics and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. pages visited, interest in content, access times) in the USA.

We delete the data when the purpose of its collection no longer applies. Further information is available in the provider’s privacy notice at https://policies.google.com/privacy?hl=de .

3.10.17. Reviews.io

We use Reviews.io for customer reviews. The provider is Liquid New Media Limited, 29 St Nicholas Place, Leicester, LE1 4LD, United Kingdom. The provider processes usage data (e.g. pages visited, interest in content, access times) in the United Kingdom.

The legal basis for the transfer to a country outside the EEA is the transitional arrangement in the Trade and Cooperation Agreement between the European Union and the United Kingdom.

3.10.18. Klaviyo

We use Klaviyo for email marketing and customer relationship management. The provider is Klaviyo, Inc., 125 Summer St, Floor 6, Boston, MA 02111, USA. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA.

3.10.19. Google Merchant Center

We use Google Merchant Center to operate an online shop. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA.

3.10.20. Facebook Custom Audiences

We use Facebook Custom Audiences for advertising. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. pages visited, interest in content, access times) in the USA.

We delete the data when the purpose of its collection no longer applies. Further information is available in the provider’s privacy notice at https://www.facebook.com/policy.php .

3.10.21. heyData

We have integrated a data protection seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (e.g. IP addresses) in the EU.

The legal basis for processing is Article 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in providing website visitors with confirmation of our data protection compliance. At the same time, the provider has a legitimate interest in ensuring that only customers with existing contracts use its seals, which is why a simple image copy of the certificate is not a viable alternative to confirmation.

The data is masked after collection so that no personal reference remains. Further information is available in the provider’s privacy notice at https://heydata.eu/datenschutzerklaerung .

3.10.22. Shoplift.ai

We use Shoplift.ai as the CRO platform for our online shop. The provider is Plurality Web Technologies, LLC, 117 Oaks Blvd, Bay Saint Louis, MS 39520, USA. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA.

4. Data processing on social media platforms

We are present on social media networks in order to present our organisation and our services there. The operators of these networks regularly process their users’ data for advertising purposes. Among other things, they create user profiles based on their online behaviour, which are used, for example, to display advertising on the networks’ pages and elsewhere on the internet that corresponds to users’ interests. To this end, the operators of the networks store information about usage behaviour in cookies on the users’ computers. It is also possible that the operators combine this information with other data. Further information and details of how users can object to processing by the site operators can be found in the privacy notices of the respective operators set out below. It is also possible that the operators or their servers are located in non-EU countries and process data there. This may entail risks for users, e.g. because it is more difficult to enforce their rights or because public authorities have access to the data.

If users of the networks contact us via our profiles, we process the data provided to us to answer the enquiries. This constitutes our legitimate interest, so that the legal basis is Article 6 (1) sentence 1 (f) GDPR.

4.1. Facebook

We operate a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy notice can be accessed here: https://www.facebook.com/policy.php . An option for objecting to data processing is available via the ad settings: https://www.facebook.com/settings?tab=ads .

On the basis of an agreement, we are jointly responsible with Facebook within the meaning of Article 26 GDPR for the processing of data of visitors to our profile. Facebook explains which data are processed in detail at https://www.facebook.com/legal/terms/information_about_page_insights_data . Data subjects may exercise their rights vis-à-vis either us or Facebook. However, under our agreement with Facebook, we are obliged to forward requests to Facebook. Data subjects will therefore receive a faster response if they contact Facebook directly.

4.2. Instagram

We operate a profile on Instagram. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy notice can be accessed here: https://help.instagram.com/519522125107875 .

4.3. Snapchat

We operate a profile on Snapchat. The operator is Snap Inc., 3000 31st Street, Santa Monica, California 90405, USA. The privacy notice can be accessed here: https://snap.com/de-DE/privacy/privacy-policy .

4.4. TikTok

We operate a profile on TikTok. The operator is TikTok Technology Limited, whose registered office is at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The privacy notice can be accessed here: https://www.tiktok.com/de/privacy-policy .

4.5. YouTube

We operate a profile on YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The privacy notice can be accessed here: https://policies.google.com/privacy?hl=de .

4.6. X (formerly Twitter)

We operate a profile on X. The operator is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy notice can be accessed here: https://twitter.com/de/privacy . An option for objecting to data processing is available via the ad settings: https://twitter.com/personalization .

4.7. LinkedIn

We operate a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy notice can be accessed here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE . An option for objecting to data processing is available via the ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

5. Changes to this privacy notice

We reserve the right to change this privacy notice with effect for the future. A current version is available here at any time.

6. Questions and comments

If you have any questions or comments regarding this privacy notice, please feel free to contact us using the contact details provided above.

BLACK WEEK BONANZA!

SAVE UP TO 30% IN BLACK WEEK!

Black Week Bargain!

THE PERFECT START

BLACK WEEK!!