as at 02.09.2021
Data protection is an important concern for us and your trust is our highest priority! Therefore, we will always treat your personal data with confidentiality and, of course, comply to all applicable data protection regulations. We therefore only process your personal data insofar as this is permitted by law or you have given us your consent to do so.
The way we handle personal data on the Internet.
What information is collected and analysed about visitors to our website.
Whether and how this information is used, passed on or otherwise processed.
Froach Media GmbH
Commercial Register Court: AG Berlin
Commercial Register Number: HRB 137240 B
Represented by: Agnieszka Sarnecka (Managing Director)
Sales tax ID: DE279931492
Phone: +49 (0)30 679 50 840
You can reach the Data Protection Officer appointed by us under:
comp/lex – Data Protection Officers
Attorney at law Dr. Jochen Notholt
Fax: +49 89 41614295-9
When accessing our website
When accessing our website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Web page from which the request originates
Operating system and its interface
Language and browser software version
This data is functionally required for us in order to display and provide you with our website. The legal basis for this processing is Art. 6 para. 1(1) lit. f GDPR („DSGVO“). This data is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum of 14 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the final clarification of the respective incident. The hosting service provider we use, Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, processes personal data on our behalf and within the scope of our instructions as a so-called processor (“Auftragsverarbeiter”) pursuant to Art. 28 GDPR („DSGVO“).
For Retrieval and Setting of Cookies
Our website partly uses so-called cookies. Cookies are small data records that are stored on your end device and saved by your browser. Cookies serve our legitimate interest to analyze the use of the website in order to make our website more user-friendly and effective as well as to advertise and offer our services more optimally.
Some of the cookies used are so-called session cookies. These are automatically deleted after the end of your visit. Other cookies remain stored on your end device until you delete them.
Furthermore, you can so configure your browser that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser.
On our website, you will also find a link to cookie settings in the footer, whereby you can access further information as well as adjust your cookie settings in relation to our website at any time (for example: grant / revoke consent).
If cookies are deactivated, the functionality of this website may be limited (for example: shopping cart function, etc.).
Without the use of these cookies, the website offer as well as its access and use by you are functionally not possible.Use analysis through Matomo – local hosting
We use technology from Matomo (formerly: PIWIK) to analyze the use of our website (number of visitors, click-rates, ads monitoring). Therefore, we process the following data for analysis purposes using the analysis tool Matomo, on a locally hosted basis. Used for this purpose are Cookies, which enable the recognition of your Internet browser. These store the following data:
IP address (anonymized)
Date and time of the request
Operating system and its interface
Website from which the request originates
Right to object: You can object to data processing with the purpose of creating a pseudonymized user profile at any time with effect for the future. If you would like to exercise your right to object, you can notify us by sending an e-mail to email@example.com. Alternatively, you can also use the contact data mentioned above in clause 2.
The processing of your personal data enables us to analyze your interaction behavior with the website. By evaluating the data obtained, we are able to compile information about the use of various components of our website. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in processing the data according to Art. 6 para. 1(1) lit. f GDPR (“DSGVO”). By anonymizing the IP address, your interest in the protection of your personal data is sufficiently taken into account. The legal basis for this processing is Art. 6 para. 1(1) lit. f GDPR (“DSGVO”).
The data is deleted as soon as it is no longer required for the analysis purposes. We review the necessity every 6 months.
For consent management – Borlabs Cookie Consent Management
The service Borlabs Cookie Consent Management of the company Borlabs, Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (https://de.borlabs.io/borlabs-cookie/) is used on our website for the purpose of consent management. In this context, the following data is processed: Opt-in and opt-out data, Consent ID, time of consent. The processing is necessary to comply with our legitimate interest and our legal obligations (proof and documentation of consent). The legal basis is Art. 6 para. 1(1) lit. c GDPR („DSGVO“) or Art. 6 para. 1(1) lit. f GDPR („DSGVO“).
Accessing Videos – YouTube
We partially use videos from the YouTube platform of the third-party provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and companies affiliated with Google. For users who have their habitual residence in the European Economic Area („EWR“) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, EU is the responsible party for the Google services. Accordingly, Google Ireland Limited is the company affiliated with Google LLC whose services we embed and who must also comply with the General Data Protection Regulation.
Through the accessing of videos, a connection to the service providers and your end device is established as a technical requirement and cookies are only used after notification and consent on your part and finally also when playing the video. It is therefore third-party content.
We have implemented a do-not-track function along with so-called enhanced privacy mode for the video content. This means that data processing by the third-party providers only takes place after you activate this third-party content.
The legal basis is Art. 6 para. 1(1) lit. a GDPR (“DSGVO”).
In the context of contacting us via e-mail
We process e-mails that you send to us and that we send to you using the services of our e-mail provider. In the context of e-mail communication, our e-mail provider processes your personal data (i.e. your e-mail address and the information you provide in the e-mail) on our behalf to enable us to communicate with you by e-mail or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6 para 1(1) lit. f or Art. 6 para 1(1) lit. b GDPR (“DSGVO”). We will delete this data, insofar it is no longer required and there are no legal obligations to the contrary. We review the necessity every twelve (12) months.
In the context of contacting us via telephone
If you get into contact with us via telephone, we require personal data (e.g. name, telephone number, address or email address), in order to process your inquiry or request. The processing of your personal data is based on Art. 6 para 1(1) lit. b GDPR (“DSGVO”). We will delete this data, insofar as it is no longer required and there are no legal obligations to the contrary. We review the necessity every six (6) months.
In the context of contacting us via contact form
If you get into contact with us via contact form, email, we require personal data (e.g. name, contact information, etc.) in order to process your inquiry or request. This data processing is necessary to enable us to communicate with you or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6 para 1(1) lit. f or Art. 6 para 1(1) lit. b GDPR (“DSGVO”). We will delete this data, insofar it is no longer required and there are no legal obligations to the contrary. We review the necessity every six (6) months.
When registering to receive our BGM newsletter, the data you provide will be used exclusively for this purpose of sending the newsletter to you. It is sufficient to provide an e-mail address. The data will be used exclusively for sending the newsletter and will not be passed on to third parties. The legal basis for the dispatch is your consent Art. 6 para.1(1) lit. a GDPR (“DSGVO”).
Our newsletters contain information about corporate health management and healthy break culture in the work environment as well as news about us. Insofar as its contents are specifically described when you register for the newsletter, these descriptions are conclusive for your consent to receive the newsletter. Subscribers to the newsletter will also be informed by e-mail about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical circumstances).
After registration, you will receive an e-mail asking you to confirm your registration (so-called “double-opt-in”). The background to this is the prevention of misuse of your e-mail address by third parties. The registration for the newsletter is logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the e-mail address, IP address, the time of registration and the time of confirmation. The legal basis for this is Art. 6 para 1(1) lit. f GDPR (“DSGVO”).
Payment Service Provider Stripe
On our website we offer, inter alia, payment via Stripe and related payment options. These payment services are offered by Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2.
If you choose payment via Stripe, the payment data you enter along with information about your order will be transmitted to Stripe (such as name, address, account number, bank routing number, credit card number if applicable, invoice amount, currency and transaction number, passwords, TANS, checksums). Only the payment service provider, not we, receive account or credit card related information. If necessary, data will be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard and beyond, we refer to the terms and conditions that can be called up when using Stripe and the data protection information of the payment service provider. Further information can be found at https://stripe.com/de and on data protection at: https://stripe.com/de/privacy
The processing of personal data happens on the legal basis of Art. 6 para 1(1) lit. fa (consent) or Art. 6 para 1(1) lit. b (processing of data for the performance of contract) or Art. 6 para 1(1) lit. f (legitimate interest: offering of efficient and secure payment options) GDPR (“DSGVO”).
Online Shop Plug-in WooCommerce
On our website, we integrate the plug-in WooCommerce for wordpress, in the so-called Germanized version (see: https://vendidero.de/woocommerce-germanized) It adds the functionality of an online shop to the content management system.
The legal basis is Art. 6 para 1(1) lit. b (processing for the performance of contract) or Art. 6 para 1(1) lit. f (legitimate interest: offering of the functionality of an online shop) GDPR (“DSGVO”).
order processing via Printful
We will only process your data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) when it is necessary for the fullfilment of our (pre)contractual (“vorvertraglich”) obligations (pursuant to Art. 6 para 1(1) lit. B GDPR (“DSGVO”)), on the basis of your consent (according to Art. 6 para. 1(1) lit. a GDPR (“DSGVO”)), due to a legal obligation (according to Art. 6 para. 1(1) lit. c GDPR (“DSGVO”) or on the basis of our legitimate interest (in accordance with Art. 6 para. 1(1) lit. f GDPR (“DSGVO”). The same applies for the processing of data by third parties on our behalf, the disclosure of your personal data to third parties as well as its transfer to third parties.
Service providers that process personal data on our behalf in a third country are furthermore only used if an “adequacy decision” of the European Commission (Art. 45 GDPR („DSGVO”) exists for this third country, “appropriate safeguards” (Art. 46 GDPR („DSGVO“)) or “internal data protection rules” (Art. 47 GDPR („DSGVO“)) exist with the recipient.
General information on adequacy decisions can be found at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_de, on available suitable safeguards at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de and on internal data protection rules at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_de. For further information, you can contact us.
The data processed by us will be deleted in accordance with Art. 17 GDPR („DSGVO“) or restricted in its processing in accordance with Art. 18 GDPR („DSGVO“).
Unless otherwise regulated within the scope of this Data Protection Declaration, the data processed by us will be deleted as soon as they are no longer necessary for the intended purpose and the deletion does not contradict any statutory retention obligations. We review the necessity every 6 months. If the data is not deleted because it is required for other, legally permissible purposes, its processing is restricted. I.e. the data is blocked and not used. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements in Germany, the retention or storage of, in particular, commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc. is carried out for six years in accordance with Section 257 (1) of the German Commercial Code („HGB”) and, in particular, of books, records, management reports, accounting vouchers, commercial and business letters as well as documents relevant for taxation, etc. for ten years in accordance with Section 147 (1) of the German Fiscal Code („AO”).
You are not required by law to provide personal data. However, the provision may be necessary for the conclusion of a contract or for functions of the website. Thus, if not provided, a contract or a function on the website may not be offered. There is no automated decision-making on our website.
If the legal requirements are given, you have the right:
to request information about your personal data processed by us in accordance with Art. 15 GDPR („DSGVO“). In particular, you can request information about processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, substantiated information about its details;
In accordance with Art. 16 GPDR (“DSGVO”), to immediately request the correction of incorrect or completion of your incomplete personal data stored by us;
pursuant to Art. 17 GDPR („DSGVO“), to request deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
pursuant to Art. 18 GDPR („DSGVO“), to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR („DSGVO“);
pursuant to Art. 20 GDPR („DSGVO“), to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
in accordance with Art. 7 (3) GDPR („DSGVO“), to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future; and
to complain to a supervisory authority in accordance with Art. 77 GDPR („DSGVO“). As a rule, you can contact the supervisory authority of your usual place of residency or workplace or our company headquarters for this purpose. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information („Berliner Beauftragter für Datenschutz und Informationsfreiheit“), Friedrichstr. 219, 10969 Berlin.
Revocation of Consent
If we process personal data on the basis of your consent pursuant to Art. 6 para. 1(1) lit. a GDPR („DSGVO“), you have the right to revoke any consent granted to us pursuant to Art. 7 para. 3 GDPR („DSGVO“) with effect for the future.
If you wish to exercise your right of revocation, you can notify us by e-mail to firstname.lastname@example.org. Alternatively, you can also use the contact data mentioned above under clause 2.
Objection for processing data based on legitimate interest
If we process your personal data on the basis of our legitimate interests pursuant to Art. 6 para.1(1) lit. f GDPR („DSGVO“), you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR („DSGVO“), provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you wish to exercise your right of objection, you can notify us by e-mail to email@example.com. Alternatively, you can also use the contact data mentioned above under clause 2.
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.
The current version of our data protection declaration and its history of changes can be found at https://froach.de/datenschutz/website.html . The version date is always noted at the beginning of the statement.