cadooz Privacy Policy.

I. Preamble

The following data protection information is intended to explain to you in a clear, transparent and concise manner how we at Cadooz GmbH, cadooz for short, process your personal data in connection with the use of our websites and/or online offers and protect your privacy. Personal data will be deleted as soon as possible and will never be used or passed on for advertising purposes without your consent. If the following information is insufficient or not comprehensible, please do not hesitate to contact our data protection officer using the contact details provided below.

II. Responsible body/data protection officer

The controller within the meaning of Article 4(7) of the EU General Data Protection Regulation for the processing of your personal data is:

Responsible body

cadooz GmbH
Osterbekstraße 90b
22083 Hamburg
Represented by the managing directors Marc Ehler, Dr. Samareh Frantz, Jochen Freese
Email: business@cadooz.de

Data protection officer

Cadooz GmbH has appointed a data protection officer in accordance with Art. 37 GDPR. You can contact the Cadooz GmbH data protection officer using the following contact details:

cadooz GmbH
Personal/Confidential for the attention of the Data Protection Officer
Osterbekstraße 90b
22083 Hamburg
Email: datenschutz@cadooz.de or dpo@euronetworldwide.com

III. General principles / information

1. Purposes and legal base

The term personal data is defined in the General Data Protection Regulation (GDPR). According to this, personal data is any information relating to an identified or identifiable natural person – i.e. for example your name, address or telephone number, but also online identifiers such as IP addresses. We collect and use our users’ personal data only to the extent necessary to provide and deliver our services and to provide our web or online offers (including mobile apps).

If you take advantage of our offers, we process your personal data on the basis of different legal principles:

We process your personal data to fulfill contractual obligations (Art. 6 para. 1, p. 1 lit. b) GDPR). This includes in particular

the processing of orders,
for managing your user account,
for contacting you if it concerns relevant information about your order with us or if you send us inquiries.

We also process your data based on our legitimate interests (Art. 6(1)(f) GDPR), i.e. for the purpose of compiling statistics to improve our products and services,

for the purpose of preventing, investigating and reporting crimes (e.g. fraud, credit card abuse, identity theft),
for asserting legal claims, or
for advertising, provided you have consented to your data being used for this purpose.

We also process your data to protect our legitimate interests (Art. 6 (1) (1) (f) GDPR), i.e. for the purposes of creating statistics to improve our products and services, for the purposes of preventing, investigating and reporting criminal offences, e.g. fraud, credit card misuse or identity fraud, for the assertion of legal claims or advertising, provided you have consented to the use of your data.

We process your data on the basis of your consent (Art. 6 (1) (a) GDPR) for certain purposes, such as personalized use of the website and personalized offers, as well as optimization of the website for the purpose of creating statistics to improve products and services for analytical purposes, to optimize our offer for you, for sending newsletters and customer surveys.

You can revoke the consent you have given us at any time without having to give us the reasons for doing so. The revocation of your consent is only effective for the future and does not affect the legality of the data processed up to the point of revocation.

2. Potential recipients of personal data

In order to provide our web and/or online offers, we sometimes use service providers who, in the course of providing services, work on our behalf and according to our instructions (contract processors). These service providers may receive personal data or come into contact with personal data in the course of providing services and represent third parties or recipients within the meaning of the GDPR. In such a case, we ensure that our service providers offer sufficient guarantees that appropriate technical and organizational measures are in place and that processing is carried out in accordance with the requirements of the GDPR and ensure the protection of the rights of the data subject (see Art. 28 GDPR).

If personal data is transferred to third parties and/or recipients outside of order processing, we ensure that this is done exclusively in accordance with the requirements of the GDPR and only if there is a corresponding legal basis.

We use service providers from the following areas:

IT service providers (e.g. maintenance service providers, hosting service providers)
Service providers for file and data destruction
Printing services
Consulting and advisory services, auditors
Service providers for marketing or sales
Logistics service providers

3. Processing of data in so-called third countries

As part of our online services, we use tools from Meta Platforms Ireland Limited (Meta) and Google LLC (Google Analytics, Google Ads), among others. Both companies are headquartered in the United States of America (USA), a so-called third country outside the European Union (EU) or the European Economic Area (EEA).

When using these services, personal data may be transferred to the USA. Since July 10, 2023, there has been an adequacy decision by the European Commission within the framework of the EU-U.S. Data Privacy Framework (DPF), which guarantees an adequate level of data protection for certified companies such as Meta and Google.

If no such adequacy decision or certification is available, data transfers are based on the Standard Contractual Clauses (SCCs) approved by the European Commission, which ensure appropriate data protection guarantees within the meaning of the GDPR.

Despite the measures taken, it cannot be completely ruled out that US authorities may gain access to the transferred data without the data subjects being able to assert comprehensive legal remedies. The transfer therefore only takes place on the basis of your express consent within the framework of our cookie consent declaration in accordance with Art. 6 (1) (a) GDPR.

For more information about Meta’s data protection practices, please visit:
https://www.facebook.com/privacy/policy

For information about Google (Google Analytics, Google Ads), please visit:
https://policies.google.com/privacy

4. Data deletion and storage period

Personal data will be deleted or blocked as soon as the purpose of the processing no longer applies. Storage after the purpose of the processing no longer applies shall only take place if this is provided for by the European or national legislator in EU regulations, laws or other provisions to which our company is subject (e.g. to fulfill statutory retention obligations and/or if there are legitimate interests in storage, e.g. during the course of limitation periods for the purpose of legal defense against any claims). The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or for other purposes.

IV. Data processing in connection with our website

1. Automatic data processing

When you visit a website, certain data is automatically processed, and this also applies to our website. When you access our website, the browser used on your device automatically sends information to our website’s server (so-called server log files). This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

IP address of the requesting computer (in anonymized form),
Date and time of access
Name and URL of the retrieved file
Website from which access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer, smartphone, etc., as well as the name of your access provider
Location (country).
This data is processed by us for the following purposes:
Ensuring a smooth connection to the website
Ensuring a comfortable use of our website
Evaluation of system security and stability,
Determining the correct price (including taxes) and
for other administrative purposes.

Under no circumstances do we use the collected data for the purpose of drawing conclusions about you as a person.

2. Cookies

We only use the etracker analysis tool on our main domain (cadooz.com). We deliberately refrain from using cookies. Data processing is carried out on the basis of Art. 6 (1) lit. f GDPR (legitimate interest) in pseudonymized form.

We use additional cookies on our subdomains, for example for session management, login functions, or web analysis. You can find more detailed information on the type, purpose, and legal basis of these cookies directly on the respective subdomains in the cookie banner integrated there and also in this privacy policy in the description of the analysis and marketing cookies.

These are small text files that are stored on your end device (desktop PC, laptop, tablet, smartphone, console, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware. Information is stored in cookies that arises in connection with the specific device used. However, this does not mean that we obtain direct knowledge of your identity as a result. The information stored may include, for example, the login status on a website or the shopping cart. Some of these cookies are deleted after you close your browser (so-called session cookies). Other cookies remain stored on your device and enable us or our partner companies to recognize your browser on your next visit (so-called persistent cookies). Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all the features of our website. Cookies can be divided into different categories.

The following cookie categories are used:

Necessary cookies
These cookies are necessary to ensure basic website functionality. For example, these cookies are necessary if you add a product to your shopping cart, then continue surfing on other pages and only click through to the payment page later. These cookies ensure that the shopping cart is not deleted even if you close your browser window.

Marketing- and analysis cookies

These cookies collect information about user behavior and whether the website visitor receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website in different browsers. They also ensure a better user experience. For example, the locations entered, font sizes or form data are stored.

We also use these cookies for marketing purposes. The data is used to create the option to display personalized advertisements tailored to user behavior and user interest.

Cookie	Description	Storage period	Origin
cookieHint	Provides the tool for cookie management	2 months	cadooz.com
Scookie	This cookie remembers the status of two factor authentication for a logged-in user.	2 years	LinkedIn
Li_gc	This cookie is used to store guests’ consent to the use of cookies that are not strictly necessary.	2 years	LinkedIn
Lidc	This cookie facilitates the selection of the data center.	24hours	LinkedIn
Bcookie	This cookie is a browser identifier. It is used to uniquely identify devices accessing LinkedIn in order to detect misuse of the platform	Session	LinkedIn
Lang	This cookie stores the language preference of a user. This ensures that the LinkedIn.com website appears in the language selected by the user.	Session	LinkedIn
AnalyticsSyncHistory	This cookie is used to store the time of synchronization with the “lms_analytics” cookie for users in the designated countries.	30 days	LinkedIn
UserMatchHistory	This cookie is used to synchronize the IDs of LinkedIn Ads.	30 days	LinkedIn
_ga	Used to uniquely identify individual users and analyze their behavior across multiple sessions.	2 years	Google Analytics
_ga_#	Used to send data to Google Analytics about the visitor’s interaction across the website for analytics reporting.	2 years	Google Analytics
_gcl_au	Used by Google AdSense to experiment with advertising effectiveness on websites that use their services.	Google Ads	Google Ads
_ga_8FTZ5QJ9C	is used to store session information and analyze user behavior on websites.	Session	Google Analytics
_gcl	Used to store and track conversions, i.e., whether a user performs a specific action on the website after clicking on an ad.	3 months	Google Ads
_gic	Used to count page views and analyze user behavior on the	24h	Google Analytics
Incap_ses_536_3118738	Used to maintain an existing session during a visit to the website.	Session	Imperva
Nlbli_3118738	Assign a specific server instance to a user to ensure session consistency.	Session	Imperva
Visid_incap_	Used to recognize a visitor across multiple sessions.	364 days & 1 h	Imperva
NID	Storage of user preferences and personalization of advertising	6 months	Google
Cdz-accepted-Cookies	Storage of cookie consent	6-12 months	Cadooz
JSESSIONID	This cookie is used by the server in JAVATM 2 Platform Enterprise Edition web applications to maintain an anonymous user session. It is a necessary cookie that expires at the end of a session.	Session	Shop Domain
fbp	Recognizes website visitors and displays targeted advertising	90 days	Facebook
wp-wpml_current_language	Enables the website to be displayed in the correct language.	1 day	Shop Domain
et_oi_v2	Used to store the user’s decision in the consent banner	480 days	Etracker
___utmvc	Collects information on user behaviour on multiple websites. This information is used in order to optimize the relevance of advertisement on the website.	1 day	Google Ads

How can I delete cookies?

You are free to decide how and whether you want to allow cookies to be set. Regardless of the service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies. If you want to check which cookies have been stored in your browser, change your cookie settings or delete cookies, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove data that websites have stored on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies

3. Cookie management

Cookie consent tool

To enable you to control the use of cookies, an extension has been installed on the website that provides a cookie consent tool. The extension “Cookie Hint” from Medienwerft – Agentur für digitale Medien und Kommunikation GmbH, Wendenstraße 130, 20537 Hamburg, Germany, displays information that is structured according to function groups and explains the purpose of the cookie function groups.

For the use of the extension “Cookie Hint” of Medienwerft – Agentur für digitale Medien und Kommunikation GmbH, Wendenstraße 130, 20537 Hamburg, the storage of a cookie is technically necessary.

Settings via the Cookie Consent Tool

When you visit our website for the first time, the cookie consent tool of Medienwerft – Agentur für digitale Medien und Kommunikation GmbH, Wendenstraße 130, 20537 Hamburg, will be displayed as a pop-up window on our website. Here you can activate or deactivate the cookies, which are divided into function groups, by clicking the corresponding box. Please note that the necessary cookies (see our description above) are already stored when you access the website and the relevant box is preset.

V. Registration / Setting up a user account

For certain services and offers that we provide through our website and online services, registration and setting up a personal user account is required. As part of this process, we collect and store certain personal data (mandatory information). This data will not be passed on to third parties. The mandatory information includes:

Username
Password
Business e-mail address of the user
First name, last name, title
Company (if relevant)
Address
Country, federal state and location of the company

At the time of registration, the user’s IP address and the date and time of registration are also stored. In addition, voluntary information can be provided, such as telephone number, fax number, mobile phone number or further information about the company such as personnel number, mandatory information required for registration is marked as mandatory fields in the input mask. You cannot register without completing these mandatory fields truthfully and in full. You will need to complete the registration process by clicking on the link in the confirmation e-mail that we send you. The information you provide voluntarily can be used to improve our services.

VI. Web analysis, marketing/website security

We use web analysis tools to optimize our websites and adapt them to the changing habits and technical requirements of our users. For example, we measure which elements are visited by users, whether the information they are looking for is easy to find, etc. This information only becomes interpretable and meaningful when a larger group of users is considered. To do this, the collected data is aggregated, i.e. combined into larger units.

This allows us to adapt the design of pages or optimize content if, for example, we determine that a relevant proportion of visitors use new technologies or cannot find existing information or can only find it with difficulty.

We carry out the following analyses on our web and online services and use the following web analysis tools:

1. analysis of log data

The use of log data for analysis purposes is carried out exclusively on an anonymous basis; in particular, there is no link to personal data of the user and/or to an IP address or a cookie. Such an analysis of log data is therefore not subject to the data protection provisions of the GDPR.

2. Advanced Conversions by Google

We use the advanced conversion option provided by Google Analytics. This advanced tracking option allows us to capture conversions even more accurately and enables us to optimize and target ads more precisely. A conversion is, for example, clicking on a banner or sending a contact form. The secure one-way hash algorithm (SHA256) is used here before the data is transferred to Google. You can find out more about Google’s use of advanced conversion data on Google’s help page.

3. Google Tag Manager

For further analysis and marketing purposes, we use the Google Tag Manager, which belongs to Google Ireland Ltd. (service provider). The Google Tag Manager (GTM) is a tool for our websites to load additional tools. This is done using so-called tags. A tag is a program logic that ensures that its activities are recorded on our websites. The tags come from Google’s internal products, such as Google Ads or Google Analytics, but tags from other companies can also be integrated via the Google Tag Manager. The Google Tag Manager is an auxiliary service and itself processes personal data only for technically necessary purposes. The Google Tag Manager ensures that other components are loaded, which in turn may collect data under certain circumstances. The Google Tag Manager itself does not access this data. If you do not want the Google Tag Manager tool to be used, you can block it by selecting the “Decline all cookies” option in the Cookie Consent Tool (see 3. “Cookie Management”), or by making the appropriate selection in the function groups of the Cookie Consent Tool.

Further information about Google Tag Manager can be found in Google’s privacy policy.

4. Matomo

We also use the web analysis tool “Matomo” (formerly PIWIK) to analyze our websites usage. With Matomo, the usage information generated by the cookie is transferred to our server in Europe and stored for usage analysis purposes. The information generated by the cookie about your use of our websites will not be disclosed to third parties. If you do not want cookies to be used and/or do not want an analysis to be carried out by Matomo, you can also prevent the cookies used for profiling from being stored by adjusting your browser software accordingly.

5. E-tracker

We use the services of etracker GmbH from Hamburg, Germany, to analyze usage data. We do not use cookies for web analysis by default. If we use analysis and optimization cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this websites, a measurement of the success of our online marketing measures and test procedures, for example to test and optimize different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user’s device. etracker cookies do not contain any information that would enable the identification of a user. The data generated by etracker is processed and stored by etracker exclusively in Germany on behalf of the provider of this websites and is therefore subject to the strict German and European data protection laws and standards. The data processing is carried out on the basis of the legal provisions of Art. 6 (1) (f) (legitimate interest) of the General Data Protection Regulation (GDPR). Our concern within the meaning of the GDPR (legitimate interest) is the optimization of our online offer and our websites. Since the privacy of our visitors is important to us, the data that may possibly allow a reference to an individual person, such as the IP address, login or device IDs, is anonymized or pseudonymized as soon as possible. There is no other use, merging with other data or disclosure to third parties. You can object to the data processing at any time by clicking on. The objection has no adverse consequences.

Further information on data protection at etracker can be found here.

6. Google Remarketing

We use remarketing technology from Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). This technology allows users who have already visited our websites and/or online services and shown an interest in what we offer to be retargeted with targeted advertising on the pages of the Google Partner Network. The display of advertising is done through the use of cookies. With the help of cookies, user behavior when visiting the websites can be analyzed and then used for targeted product recommendations and interest-based advertising.

If you do not wish to receive interest-based advertising, you can disable Google’s use of cookies for these purposes by visiting . Alternatively, users can disable the use of third-party cookies by visiting the opt-out page of the Network Advertising Initiative http://www.networkadvertising.org/managing/opt_out.asp

7. LinkedIn Inside Tag

We use the LinkedIn Insight Tag conversion tool from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This tool creates a cookie in your web browser that enables the collection of the following data, among other things: IP address, device and browser properties, and page events (e.g., page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with cadooz GmbH, but instead provides anonymized reports about the websites target group and ad performance. In addition, LinkedIn offers the option of retargeting via the Insight tag. We can use this data to display targeted advertising outside of our websites without identifying you as a websites visitor. For more information about LinkedIn’s privacy practices, please see the LinkedIn Privacy Policy www.linkedin.com/legal/privacy-policy

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To disable the Insight tag on our websites (“opt-out”), see www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

8. Meta Pixel

We use the Meta Pixel from the social network Facebook on our websites, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland.

The Meta Pixel enables us to track the behavior of visitors to our websites who have been exposed to Meta advertisements, measure and optimize our advertising activities. We also use the Meta Pixel to define user groups that, based on their behavior on our websites, are suitable as target groups for personalized advertisements on Meta. This ensures that our advertising is relevant to you and is not perceived as disruptive. When you visit our websites, Meta Pixel is integrated directly by Meta and a cookie may be stored on your device. Meta processes personal data such as your IP address, browser information, the page you visited and, if you are logged into Meta your user ID and behavioral data in order to associate your visit to our websites with your user account.

Meta processes your data exclusively on the basis of your consent in accordance with Art. 6 (1) a GDPR, which you can give in our cookie banner. You can revoke your consent at any time with future effect.

Further information on data protection at Meta and your rights can be found in Meta’s privacy policy at:

https://www.facebook.com/privacy/policy

9. Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, on our websites. Google Analytics uses cookies that enable an analysis of your use of our websites. The information generated by the cookie (e.g., IP address, page views, length of stay) is usually transferred to Google servers in the US and stored there.

We have activated IP anonymization so that your IP address is truncated within the EU. Processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Cookies are stored for up to 2 years.

Further information on data processing by Google can be found at:

https://policies.google.com/privacy

10. Google Ads

We use Google Ads to show you relevant offers and promotions, e.g., in BenefitBuddy, and to measure the effectiveness of our campaigns. Cookies may be set and usage information may be processed in this process. In this context, personal data may also be transferred to the USA. The transfer will only take place with your consent in accordance with Art. 6 (1) (a) GDPR and, if applicable, on the basis of the EU-U.S. Data Privacy Framework (DPF) or the Standard Contractual Clauses (SCCs) approved by the EU Commission.

Further information can be found at: https://policies.google.com/privacy

11. Trustpilot reviews

We use the rating process of the provider Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark, to offer users the opportunity to rate our services. To do this, we use the corresponding Trustpilot widget on our website. The widget is a functional element integrated into our online offering that displays information and content for the purpose of submitting a rating. The content is displayed on our website but is loaded from the servers of Trustpilot A/S. In doing so, information about the impression, the view and clicks on the widget are recorded. Trustpilot A/S only collects data to record these events and does not use cookies or similar technologies. The data collected will not be used for any other purpose and will be deleted as soon as the purpose of this processing has been fulfilled.

To submit a review, you have to click on the content of the Trustpilot widget embedded in our website. The user is then redirected to the Trustpilot A/S offering and has to provide specific information about the service. In this case, the terms and conditions and privacy policy of Trustpilot A/S apply. In order to maintain the neutrality and objectivity of the ratings, we have no direct influence on the ratings and cannot delete them ourselves. For this, we ask users to contact Trustpilot. For more information about how Trustpilot processes your data, please refer to Trustpilot’s privacy policy: https://de.legal.trustpilot.com/end-user-privacy-terms

VII. Newsletter

On our websites and online services, we also offer you the opportunity to register for our newsletter.

1. newsletter registration

If you wish to subscribe to our newsletter, we require a valid e-mail address from you. In order to verify whether you are the owner of the e-mail address provided or whether the owner of this address agrees to receive the newsletter, we send an automated e-mail to the e-mail address provided after the first registration step (so-called double opt-in). We only add the email address provided to our mailing list after you have confirmed your newsletter registration via a link in the confirmation email. We do not collect any other data apart from the email address and the information provided to confirm registration. Your data is processed solely for the purpose of sending the newsletter you have requested.

2. newsletter delivery

We use the services and tools of Inxmail GmbH, Wetzinger Straße 17, 79106 Freiburg, Germany, to send our newsletters. The data you enter to subscribe to the newsletter is processed on Inxmail’s servers.

We use Inxmail’s tools to analyze the newsletters and newsletter campaigns we send. For example, we analyze whether a newsletter message has been opened and which links contained therein have been clicked on. Furthermore, we analyze whether certain predefined actions have been carried out after opening/clicking. This allows us to determine, for example, whether you have made a purchase in one of our shops or in one of our partners’ shops after clicking on links contained in the newsletter. This so-called tracking includes in particular

Opening an e-mail
Clicking on text and image links
Downloading images in an e-mail program

We use personalized tracking from Inxmail, in which the behavior of a recipient can be directly traced back to the recipient’s unique identifier.

Storage period

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or when it is no longer needed for the intended purpose. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO. Data stored by us for other purposes remain unaffected.

If you do not want your usage of the newsletter to be analyzed by Inxmail, you can unsubscribe from the newsletter using the link provided in every newsletter message. After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and is not merged with other data.

You can find the Inxmail privacy policy at: https://www.inxmail.de/datenschutz

3. Use of personal data for advertising and marketing purposes / customer surveys

Your personal data will only be used for advertising and/or marketing purposes or to conduct customer satisfaction surveys if you have given your consent or if there is another legal basis that allows advertising and/or marketing without consent. The legal basis for advertising and/or marketing measures via e-mail for the purpose of direct advertising for similar goods or services of our own is Section 7 (3) of the German Unfair Competition Act (UWG); this presupposes that we (i) have received your e-mail address in connection with the sale of a good or service , (ii) you have not objected to the use of your e-mail address for the purpose of direct advertising and (iii) we clearly and distinctly point out to you when collecting the e-mail address and each time it is used that you may object to such use of your e-mail address at any time.

VII. Contact form and e-mail contact

To contact us, you can contact us by post, telephone, fax or e-mail. If you contact us by post, please use this address. If you contact us by telephone, your telephone number and, if applicable, data such as your name, e-mail address or time of call or details of your request will be processed in the course of the conversation. If contact is made by fax, the fax number or sender ID and data contained in the fax will be processed. In addition, a contact form is available on our website that users can use to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

Company*
First name*
Surname*
Enquiry type
Order or serial number
Telephone number
Email*
Message field*
Postcode*
Country

*Mandatory information required for the purpose of establishing contact is marked with an asterisk as a mandatory field (also in the input mask).

At the time of sending the message, the following data is also processed and stored:

The user’s IP address
Date and time of sending

Alternatively, you can contact us via the email address provided on our website. In this case, the user’s personal data transmitted by email will be stored. Under no circumstances will the data be passed on to third parties, unless we have to resort to third parties to process the request. Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR). If you contact us using the contact form on our website, this is done on the basis of Article 6(1)(f) GDPR, which allows processing to safeguard legitimate interests. Our legitimate interest lies in responding to your request and contacting you. In cases where your request is aimed at the fulfillment of a contract or pre-contractual measures, Article 6 (1) (b) GDPR serves as the legal basis for the processing of your data.

Storage and deletion of data

The data you provide in the context of your inquiry or contact will only be stored for as long as is necessary to process your inquiry. As soon as your inquiry has been completed and the data is no longer needed, it will be deleted, unless there are legal obligations to retain it that require longer storage. In this case, your data will be stored for the duration of the legal retention period, but no longer than necessary.

Voluntary provision of information

The use of the contact form on our website is voluntary. You are not obliged to provide your data via the contact form, and this has no influence on the use of our website.

IX. Fraud Prevention

To prevent fraud, we use the services of Risk Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, Germany, to operate our website.

Risk Ident uses cookies and other tracking technologies to collect and process data to determine the device used by the user and other data about the use of the website. This data is not assigned to a specific user. Any IP addresses collected by Risk Ident are encrypted immediately.

Risk Ident stores the data in a database for fraud prevention. The database also stores data on end devices that we have transmitted to Risk Ident, which have already been used for (attempted) fraud. This data is also not assigned to specific users.

As part of the ordering process on our website, we retrieve a risk assessment for the user’s end device from the Risk Ident database. This risk assessment of the probability of fraud attempts takes into account, among other things, whether the device has logged in via various service providers, whether the device has a frequently changing geo-reference, how many transactions have been carried out via the device and whether a proxy connection is being used.

We use the services of Imperva (Imperva Inc., One Curiosity Way, Suite 203 San Mateo, CA 94403) to protect our website from DDoS attacks (Distributed Denial of Service) and as a web application firewall.

A web application firewall enables the filtering, monitoring, and blocking of malicious HTTP traffic to and from a web service. Imperva WAF works as a reverse proxy, all Cadooz web traffic is routed through the Imperva network, allowing Imperva to inspect every request to identify and block malicious activity. Imperva identifies malicious requests based on predefined patterns for web application attacks (e.g. XSS, SSRF, XXE, etc.). Imperva Reverse Proxy also contains patterns for detecting personal data and immediately performs real-time data masking. In the event of a malicious request, Imperva creates an event that contains the client IP address and allows us to review/analyze the request. This stored IP address is deleted after 10 weeks, or rather after the analysis, elimination and clarification of the security-related event.

A DDoS attack is an attempt to overload an internet service with data traffic by sending a large number of targeted requests, rendering it inoperable. If a DDoS attack is launched against a website, it can no longer be accessed.

Imperva’s service helps us to detect and defend against such attacks on our website. To do this, a reverse proxy server is placed in front of the website to be protected. This accepts requests from the internet on behalf of the website, filters out “harmful” requests and only forwards “safe” requests to the website server. In this context, Imperva processes the IP address of website visitors to evaluate whether the request is an attack. The data is normally stored on servers in European Union countries. In exceptional cases, data may be stored on servers in the United States. As a user of our website, you have the option of blocking cookies at any time via your browser settings. You can object to any future recording of your user behavior on our website; if you click on the link below, you will find instructions on how to disable cookies on your computer: https://www.imperva.com/legal/privacy-policy/.

X. Rights of data subjects

As a data subject, you have the following rights in connection with the processing of your personal data:

– Right of access: You can request information from us at any time about whether and which personal data we store about you. The information is provided to you free of charge. In the event of manifestly unfounded or, in particular, in the event of frequent repetitive excessive requests by a data subject, cadooz will either demand a reasonable fee that takes into account the administrative costs of providing the information or notification or taking the action requested, or refuse to act on the request. The right of access does not apply, or only to a limited extent, if the access would reveal confidential information, such as information subject to professional confidentiality (Art. 15 GDPR).

Right to rectification: If your personal data stored by us is incorrect or incomplete, you have the right to request that we rectify this data at any time (Art. 16 GDPR).

Right to erasure: You have the right to request that we erase your personal data if the data is no longer needed for the purposes for which it was collected or if the processing is based on your consent and you have withdrawn your consent. In this case, we must stop processing your personal data and remove it from our IT systems and databases. There is no right to erasure if the data may not be erased due to a legal obligation or must be processed due to a legal obligation; the data processing is necessary to assert, exercise or defend legal claims (Art. 17 GDPR).

Right to restriction of processing: You have the right to request the restriction of the processing of your personal data if the accuracy of the data is contested, the processing is unlawful, the data is required for legal claims or an objection to the processing is being examined (Art. 18 GDPR).

Right to data portability: You have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. This right exists only if you have provided us with the data on the basis of consent or on the basis of a contract concluded with you and the processing is carried out by automated means. (Art. 20 GDPR)

– Right to object to the processing: If your data is processed on the basis of Art. 6 (1) (f) GDPR, you have the right to object to the processing at any time.

Withdrawal of your consent at any time, with the result that we are no longer allowed to continue the data processing based on this consent in the future (Art. 7 (3) GDPR).

If you wish to exercise any of the aforementioned rights, you can contact us using the contact details provided above. In addition, you have the right to complain to the relevant data protection supervisory authority if you believe that your personal data is being processed unlawfully (Art. 77 GDPR).

XI. Status/changes to this privacy policy

This privacy policy is dated September 2025.

It may be necessary to change this privacy policy as a result of the further development of our website and offers. You can access the current privacy policy at any time on the website at https://www.cadooz.com/datenschutz/ .