Privacy policy

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Ingo Brunken GmbH, Stahlstraße 6, 26215 Wiefelstede, Germany, Tel.: +49 4402 86388 24, Fax: Please contact via email, E-mail: e_commerce@kaelte-klima-brunken.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 In the case of purely informational use of our website, i.e., if you do not register or otherwise provide us with information, we only collect such data that your browser transmits to the page server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 For the hosting of our website and the display of page content, we use a provider that provides its services itself or through selected sub-contractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded an order processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

3.2 Cloudflare

We use a Content Delivery Network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service allows us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 (1) lit. f GDPR. We have concluded an order processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision by the European Commission.

4) Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for longer and enable the saving of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the execution of the contract, in accordance with Art. 6 (1) lit. a GDPR in the case of consent given, or in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting Us

5.1 Tawk.to

This website uses a live chat system from the following provider: tawk.to inc. 187 East Warm Springs Rd, SB298 Las Vegas, NV, 89119, USA

The processing of personal data transmitted via the chat is carried out either in accordance with Art. 6 (1) lit. b GDPR because it is necessary for contract initiation or performance, or in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in effective customer support. Your data transmitted in this way will be deleted, subject to conflicting statutory retention periods, when the matter concerned has been finally clarified.

In addition, for the purpose of creating pseudonymized usage profiles, further information may be collected and evaluated with the help of cookies, which, however, do not serve your personal identification and are not merged with other data sets. If this information has a personal reference, processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.

The setting of cookies can be prevented by corresponding browser settings. In this case, however, the functionality of our website may be limited. You can object to the collection and storage of data for the purpose of creating a pseudonymized usage profile at any time with effect for the future.

We have concluded an order processing agreement with the provider. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.

5.2 ShopVote

For review reminders, we use the services of the following provider: Blickreif GmbH, Schulstraße 46, 80634 Munich, Germany

Exclusively on the basis of your express consent in accordance with Art. 6 (1) lit. a GDPR, we transmit your email address and, if applicable, other customer data to the provider so that they can contact you with a review reminder by email. You can revoke your consent at any time with effect for the future.

5.3 Calendly

For the provision of an online appointment booking function, we use the services of: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA

For the purpose of appointment scheduling, first and last name as well as email address (and phone number if required) are collected (Art. 6 (1) lit. b GDPR) and transmitted to the provider based on our legitimate interest (Art. 6 (1) lit. f GDPR) in effective customer management.

5.4 Microsoft Bookings

For the provision of an online appointment booking function, we use: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Processing is carried out in accordance with Art. 6 (1) lit. b and f GDPR for efficient appointment management. Data is deleted after the appointment has taken place or the period has expired.

5.5 WhatsApp Business

You have the option to contact us via the messaging service WhatsApp (WhatsApp Ireland Limited). We use the "Business Version". If you contact us regarding a specific transaction (e.g., an order), we process your mobile number and name in accordance with Art. 6 (1) lit. b GDPR. For general inquiries, the basis is Art. 6 (1) lit. f GDPR. We have concluded a data processing agreement with WhatsApp.

5.6 When contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and answering your request (Art. 6 (1) lit. f GDPR; if aimed at a contract, also Art. 6 (1) lit. b GDPR).

6) Comment Function

As part of the comment function, in addition to your comment, details of the time of creation and your chosen name are stored and published. Your IP address is also logged for security reasons (Art. 6 (1) lit. b and f GDPR).

7) Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) lit. b GDPR, personal data is collected and processed if you provide it to us when opening a customer account. Deletion of your account is possible at any time by sending a message to the controller.

8) Use of Customer Data for Direct Advertising

8.1 Newsletter Subscription: We use the Double Opt-in procedure. Processing is based on your consent (Art. 6 (1) lit. a GDPR). You can unsubscribe at any time.

8.2 Existing Customers: We reserve the right to send offers for similar goods/services via email (Section 7 (3) UWG) based on legitimate interest (Art. 6 (1) lit. f GDPR), unless you have objected.

8.3 & 8.6 Klaviyo: Newsletter distribution and tracking (with consent) via Klaviyo, Inc. (USA). Data transfer is covered by the EU-US Data Privacy Framework.

8.4 MailBeez: Newsletter distribution via Mailbeez Aps (Denmark).

8.5 WhatsApp Newsletter: Subscription via "Start" message (Art. 6 (1) lit. a GDPR). Unsubscribe via "Stop".

8.7 & 8.8 Availability & Cart Reminders: One-time notification based on your express consent (Double Opt-in) via Art. 6 (1) lit. a GDPR.

8.9 Postal Advertising: Based on legitimate interest (Art. 6 (1) lit. f GDPR) for sending interesting offers by mail. You can object at any time.

9) Data Processing for Order Fulfillment

9.1 Transmission of image files for order processing via email

On our website, we offer customers the possibility to commission the personalization of products by transmitting image files via email. The submitted image motif is used as a template for the personalization of the selected product.

The customer can transmit one or more image files from the memory of the device used to us via the email address provided on the website. We collect, store, and use the files transmitted in this way exclusively for the production of the personalized product within the meaning of the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed of this in the following paragraphs. No further disclosure takes place. Insofar as the transmitted files or digital motifs contain personal data (in particular images of identifiable persons), all processing operations mentioned above are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 (1) lit. b GDPR.

After the order has been finally processed, the transmitted image files are automatically and completely deleted.

9.2 Transmission of image files for order processing via messaging function

If the customer has the possibility to commission the personalization of products by transmitting image files via the messaging function, the submitted image motif is used as a template for the personalization of the selected product.

Using the existing messaging function, the customer can transmit one or more image files from the memory of the device used to us. We collect, store, and use the files transmitted in this way exclusively for the production of the personalized product within the meaning of the respective description of our services.

If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed of this in the following paragraphs. No further disclosure takes place. Insofar as the transmitted files or digital motifs contain personal data (in particular images of identifiable persons), all processing operations mentioned above are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 (1) lit. b GDPR.

After the order has been finally processed, the transmitted image files are automatically and completely deleted.

9.3 Transmission of image files for order processing via upload function

On our website, we offer customers the possibility to commission the personalization of products by transmitting image files via an upload function. The submitted image motif is used as a template for the personalization of the selected product.

Via the upload form on the website, the customer can transmit one or more image files from the memory of the device used directly to us via automated, encrypted data transmission. We collect, store, and use the transmitted files exclusively for the production of the personalized product in the sense of the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed of this in the following paragraphs. No further disclosure takes place. Insofar as the transmitted files or digital motifs contain personal data (in particular images of identifiable persons), all processing operations mentioned above are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 (1) lit. b GDPR.

After the order has been finally processed, the transmitted image files are automatically and completely deleted.

9.4 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data transmitted by you when ordering in order to inform you personally within the framework of our statutory information obligations pursuant to Art. 6 (1) lit. c GDPR. Your contact data will be used strictly for the purpose of notifying you of updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s) who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

9.5 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name as well as your delivery address and, as far as necessary for the delivery, your telephone number, exclusively for the purposes of goods delivery (Art. 6 (1) lit. b GDPR) to a shipping partner selected by us.

9.6 Transfer of personal data to shipping service providers

- Deutsche Post / DHL / UPS

As transport service providers, we use the providers mentioned in the German text. We pass on your email address and/or telephone number in accordance with Art. 6 (1) lit. a GDPR before delivery for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent during the ordering process. Otherwise, we only pass on the recipient's name and delivery address in accordance with Art. 6 (1) lit. b GDPR. Consent can be revoked at any time with effect for the future.

9.7 Use of Payment Service Providers

- Apple Pay / Google Pay / Klarna / Mollie / PayPal / Riverty

If you choose a payment method from one of these providers, your payment data (name, address, bank/card info, etc.) will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR for payment processing. For methods involving advance performance by the provider (e.g., purchase on account or installments via Klarna/PayPal/Riverty), a credit check is performed based on our legitimate interest (Art. 6 (1) lit. f GDPR). You can object to this processing at any time, though the provider may still be entitled to process data necessary for the contract.

9.8 We reserve the right to pass on your data to the debt collection service provider Creditreform Oldenburg if our payment claim has not been settled despite a previous reminder. This serves the fulfillment of the contract (Art. 6 (1) lit. b GDPR) and our legitimate interest in effective enforcement of our claim (Art. 6 (1) lit. f GDPR).

10) Online Marketing

10.1 & 10.2 ADCELL & Check24 Affiliate Programs: We participate in affiliate programs. Success measurement via cookies only occurs if you have given your express consent (Art. 6 (1) lit. a GDPR).

10.3 Own Affiliate Program: We operate our own program. Data processing for commission calculation is based on our legitimate interest (Art. 6 (1) lit. f GDPR).

11) Web Analytics Services

11.1 Google (Universal) Analytics: This website uses Google Analytics. Cookies are only set and data processed if you have given your express consent (Art. 6 (1) lit. a GDPR). Data is stored for two months. You can withdraw your consent via the cookie consent tool.

11.2 Google Analytics 4

This website uses Google Analytics 4, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.

By default, Google Analytics 4 does not use cookies when you visit the website unless you expressly consent to cookies. Instead, information about your usage behavior is collected and processed via so-called "pings" (small data packets sent to the host of a device). This information includes your IP address, which is shortened by Google by the last digits to prevent direct personal identification.

The information is transmitted to Google servers and processed there. Transfers to Google LLC based in the USA are also possible.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services related to website and internet usage. The shortened IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Data collected as part of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, including data transmission via "pings" and the possible setting of Google Analytics cookies, only takes place if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR.

Without your consent, Google Analytics 4 will not be used during your visit. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the "Cookie Consent Tool" provided on the website.

We have concluded an order processing agreement with Google, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

Demographic characteristics
Google Analytics 4 uses the special function "demographic characteristics" to create statistics regarding the age, gender, and interests of site visitors by analyzing advertising and third-party information. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and is deleted after being stored for two months.

Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics (Art. 6 (1) lit. a GDPR), analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive personal data from Google, only statistics. If you wish to stop the cross-device analysis, you can deactivate the "Personalized advertising" function in your Google account settings.

UserIDs
As an extension to Google Analytics 4, the "UserIDs" function can be used on this website. If you have consented to Google Analytics 4, established an account on this website, and log in on different devices, your activities and conversions can be analyzed across devices.

Collection of user-provided data
To improve analysis results, we use the "Collection of user-provided data" function. Subject to your express consent (Art. 6 (1) lit. a GDPR), we transmit customer data (primarily email and phone number) in aggregated, encrypted form to Google. Google does not gain access to clear data but automatically encrypts the information using a special algorithm to match it with existing Google accounts.

11.3 attriXus

This website uses the web analysis service of attriXus GmbH, Siechenstraße 14, 96052 Bamberg. Using cookies or similar technologies, pseudonymized visitor data (e.g., IP address, browser info) is collected to create usage profiles and heatmaps. Processing only occurs with your express consent (Art. 6 (1) lit. a GDPR).

11.4 Google Tag Manager

This website uses the "Google Tag Manager" (Google Ireland Limited). It provides a technical basis for bundling various web applications. The service itself does not store cookies or perform data analysis but transmits your IP address to Google. This processing only takes place with your express consent (Art. 6 (1) lit. a GDPR).

11.5 & 11.6 Microsoft Clarity & Mouseflow

These services are used for statistical analysis and heatmaps (clicks, scrolling, mouse-overs) using pseudonymized data. Processing only occurs with your express consent (Art. 6 (1) lit. a GDPR).

12) Retargeting/Remarketing and Conversion Tracking

12.1 Meta Pixel

We use the "Meta Pixel" (Meta Platforms Ireland Limited). This allows Meta to identify visitors as a target group for ads (Facebook/Instagram Ads) and track conversions. Data is anonymous to us but stored by Meta. Processing requires your express consent (Art. 6 (1) lit. a GDPR).

12.2 - 12.5 Adform, Google Ads Remarketing, Microsoft Advertising, releva.nz

These technologies use cookies to display interest-based, personalized advertising based on your previous usage behavior. No personal data is stored in the process. Processing only takes place with your express consent (Art. 6 (1) lit. a GDPR).

12.6 Microsoft Advertising Universal Event Tracking

This conversion tracking technology records user behavior (e.g., purchases, leads) to optimize our offers. It does not personally identify users. Processing requires consent (Art. 6 (1) lit. a GDPR).

12.7 Reddit Tracking Pixel

This service tracks the success of ads placed on Reddit. It collects device and browser info to evaluate predefined actions (transactions, leads). Processing requires consent (Art. 6 (1) lit. a GDPR).

13) Site Functionalities

13.1 Bunny

This website uses plugins for video playback from BUNNYWAY d.o.o. (Slovenia). When a video is played, info including your IP address is transmitted. Processing requires consent (Art. 6 (1) lit. a GDPR).

13.2 YouTube

This website uses YouTube video plugins (Google Ireland Limited). Your IP address is transmitted when a video is loaded. If you are logged into a Google account, your data will be assigned to it unless you log out beforehand. Processing requires consent (Art. 6 (1) lit. a GDPR).

13.3 ShopVote Graphics

Graphic elements from the following provider are integrated on our website to display external customer reviews and/or an externally awarded seal of quality: Blickreif GmbH, Schulstraße 46, 80634 Munich, Germany.

When you access a page containing these elements, your browser connects directly to the provider's servers to load them. Certain browser information, including your IP address, is transmitted. This processing is based on Art. 6 (1) lit. f GDPR due to our legitimate interest in optimal marketing and an appealing website design.

13.4 & 13.6 Google Maps and Google Maps API

We use Google Maps for visual geographical information and the Google Maps API for real-time address validation in our order process. Information (including your IP address) is transmitted to Google. If you are logged into a Google account, this data is assigned to your profile. You can prevent this by logging out before use or by deactivating JavaScript in your browser. Processing is based on our legitimate interests (Art. 6 (1) lit. f GDPR) or your consent (Art. 6 (1) lit. a GDPR) where applicable. Google is certified under the EU-US Data Privacy Framework.

13.5 OpenStreetMap

This website uses OpenStreetMap (OpenStreetMap Foundation, UK) to display interactive maps. Your IP address is transmitted to the provider's servers. Processing is based on Art. 6 (1) lit. f GDPR. Data protection is ensured by an adequacy decision of the European Commission for the UK.

13.7 Premsoft

We use PremSoft for real-time address validation. Your address data is transmitted to verify spelling and completeness. This ensures correct delivery (Art. 6 (1) lit. f GDPR). Data is deleted after a maximum of 30 days.

13.8 & 13.9 Web Fonts (FontAwesome & Google Web Fonts)

To display fonts uniformly, your browser loads web fonts into its cache. This involves a connection to the servers of Fonticons, Inc. or Google. This processing only occurs if you have given express consent according to Art. 6 (1) lit. a GDPR.

13.10 Cloudflare Turnstile

We use Cloudflare Turnstile to prevent automated bot attacks and spam. The service collects device and browser data to distinguish humans from bots. This processing is based on your consent (Art. 6 (1) lit. a GDPR).

13.11 Microsoft Forms

For surveys and online forms, we use Microsoft Forms. Data you enter, along with technical metadata (IP, browser), is stored on Microsoft servers. This is based on Art. 6 (1) lit. b GDPR (contractual purposes) or Art. 6 (1) lit. a GDPR (consent).

13.12 Yumpu

We use Yumpu (i-magazine AG, Switzerland) to display PDFs as flipbooks without requiring a download. Your IP and browser info are transmitted to facilitate this view. This is based on our legitimate interest (Art. 6 (1) lit. f GDPR). Switzerland is recognized as providing an adequate level of data protection.

13.13 Microsoft Power BI

For internal visualization of business processes, we use Microsoft Power BI. Data is processed within the EU under a data processing agreement (Art. 28 GDPR).

14) Tools and Miscellaneous

14.1 Accounting Services (DATEV / Lexware Office / PayJoe)

We use cloud-based software to handle accounting and transaction matching. Processing is based on our legitimate interest in efficient business organization (Art. 6 (1) lit. f GDPR).

14.2 Cookie Consent Tool

This tool is used to obtain and document valid user consent for cookies. It is legally required under Art. 6 (1) lit. c GDPR and serves our legitimate interest in compliant consent management (Art. 6 (1) lit. f GDPR).

14.3 Cloudflare Security

We use Cloudflare to protect against cyberattacks and malware. User IP addresses are compared against threat databases. This serves our legitimate interest in website security (Art. 6 (1) lit. f GDPR).

14.4 Doofinder

We use Doofinder to provide a high-performance search function. Anonymous usage data is collected to optimize search results (Art. 6 (1) lit. f GDPR).

15) Rights of the Data Subject

15.1 Applicable data protection law grants you the following rights:

  • Right to access (Art. 15 GDPR);
  • Right to rectification (Art. 16 GDPR);
  • Right to erasure (Art. 17 GDPR);
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to be informed (Art. 19 GDPR);
  • Right to data portability (Art. 20 GDPR);
  • Right to withdraw consent (Art. 7 (3) GDPR);
  • Right to lodge a complaint (Art. 77 GDPR).

15.2 RIGHT TO OBJECT

IF WE PROCESS YOUR DATA BASED ON OUR LEGITIMATE INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU OBJECT, WE WILL STOP THE PROCESSING UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, OR IF THE PROCESSING SERVES THE ASSERTION OF LEGAL CLAIMS.

16) Duration of Storage

Personal data is stored based on the legal basis and purpose. Data processed via consent is stored until withdrawal. Data related to contracts is stored until statutory retention periods (e.g., commercial or tax law) expire, typically 6 to 10 years, unless further storage is necessary for contract fulfillment.