As of: May 2026

1 – Introduction and contact details of the data controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information on how we handle your personal data when you use our website. Personal data refers to any data that can be used to identify you personally.

1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is subtel GmbH, Mainzer Str. 3, 10247 Berlin, Germany, Tel.: +49-(0)30-8020899-50, Fax: +49-(0)30 8020899-69, Email: info@subtel.se. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 The controller has appointed a data protection officer, who can be contacted as follows: “Jan Eichelmann, Mainzer Str. 3, 10247 Berlin”

2 – Data collection when visiting our website

2.1 When you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

• The website you have visited
• Date and time of access
• Amount of data sent in bytes
• Source/link from which you accessed the page
• Browser used
• Operating system used
• IP address used (where applicable: in anonymised form)

Processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the padlock symbol in your browser address bar.

3 – Hosting & Content Delivery Network

Bunny.net

We use a content delivery network provided by the following provider: BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Article 6(1)(f) of the GDPR. We have concluded a data processing agreement with the provider which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

The provider is based in the European Union (Slovenia), meaning that personal data is not, in principle, transferred to third countries. Where the provider processes data via edge servers outside the EEA, this is done on the basis of the European Commission’s standard contractual clauses.

4 – Cookies

To make visiting our website an attractive experience and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), whilst others remain on your device for longer and enable page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.

Where individual cookies used by us also process personal data, such processing is carried out in accordance with Article 6(1)(b) of the GDPR either for the performance of a contract, in accordance with Article 6(1)(a) of the GDPR where consent has been given, or in accordance with Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective design of the site visit.

Insofar as cookies that are not strictly necessary for the provision of the service are stored on your device or information on your device is accessed, this is done on the basis of your consent in accordance with Chapter 6 Section 18 of the Swedish Electronic Communications Act (2003:389) in conjunction with Article 6(1)(a) of the GDPR. Technically necessary cookies are set on the basis of Chapter 6 Section 18 LEK in conjunction with Article 6(1)(f) of the GDPR.

You can configure your browser so that you are informed when cookies are set and can decide individually whether to accept them, or you can exclude the acceptance of cookies in specific cases or generally. You can withdraw or adjust your consent at any time using the cookie consent tool provided on the website.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5 – Contact

5.1 Review reminders

Once your order has been completed, we will send you a review reminder to the email address provided during the ordering process. This reminder is intended solely to give you the opportunity to share your experiences with the purchased product and the order processing.

The legal basis for this processing is Article 6(1)(f) of the GDPR in conjunction with Section 7(3) of the. Our legitimate interest lies in ensuring product quality and the continuous improvement of our offering based on customer feedback.

Your data will not be transferred to third parties. Review reminders are sent exclusively by us via our own infrastructure, and the reviews submitted are also stored exclusively in our shop system.

You may object to the use of your email address for review reminders at any time, without incurring any costs other than the transmission costs in accordance with standard rates. To do so, simply send an informal message to info@subtel.se.

5.2 Contact enquiries

When you contact us (e.g. via the contact form or by email), personal data is processed – solely for the purpose of processing and responding to your enquiry and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that there are no legal retention obligations to the contrary.

5.3 Processing of contact enquiries via Intercom

To process and respond to contact enquiries received via our contact form, we use the services of Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen’s Green, Dublin 2, Ireland (“Intercom”). To this end, the data you provide in the contact form (in particular your name, email address and message) is transmitted to Intercom and stored there.

The legal basis for this processing is Article 6(1)(f) of the GDPR, namely our legitimate interest in the efficient and transparent processing of your enquiry. If your contact is aimed at entering into a contract, the additional legal basis is Article 6(1)(b) of the GDPR.

We have entered into a data processing agreement with Intercom. Intercom’s servers are located in the European Union (Endpoint api.eu.intercom.io); where processing takes place outside the EEA, this is carried out on the basis of the European Commission’s standard contractual clauses. Further information can be found in Intercom’s privacy policy: https://www.intercom.com/legal/privacy.

6 – Data processing when opening a customer account

In accordance with Article 6(1)(b) of the GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can see which data is required to open an account in the input fields of the relevant form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the data controller. Following the deletion of your customer account, your data will be deleted provided that all contracts concluded in connection with it have been fully processed, there are no statutory retention periods preventing this, and we no longer have a legitimate interest in continuing to store the data.

7 – Data processing for order fulfilment

7.1 Insofar as necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the contracted transport company and the contracted credit institution in accordance with Article 6(1)(b) of the GDPR.

Where we are obliged to provide you with updates for goods containing digital elements or for digital products on the basis of a relevant contract, we will process the contact details (name, address, email address) to personally inform you, within the scope of our statutory information obligations pursuant to Article 6(1)(c) of the GDPR, via a suitable communication channel (such as by post or email) about upcoming updates within the period prescribed by law. Your contact details will be used strictly for the specific purpose of communicating updates for which we are responsible and will only be processed by us to the extent necessary for the provision of the relevant information.

To process your order, we also work with the service provider(s) listed below, who assist us, either fully or in part, in the performance of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

7.2 Disclosure of personal data to delivery service providers

PostNord Group AB

We use the following provider as our transport service provider: PostNord Group AB, 105 00 Stockholm, Sverige

We pass on your email address and/or telephone number to the provider in accordance with Article 6(1)(a) of the GDPR prior to delivery of the goods for the purpose of arranging a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(b) of the GDPR, we will only pass on the recipient’s name and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date with the provider in advance or to provide a delivery notification.

Consent may be withdrawn at any time with future effect by contacting the controller named above or the supplier.

UPS Deutschland S.à r.l. & Co. OHG

We use the following provider as our transport service provider: UPS Deutschland S.à r.l. & Co. OHG, Görlitzer Str. 1, 41460 Neuss, Deutschland

We pass on your email address and/or telephone number to the provider in accordance with Article 6(1)(a) of the GDPR prior to delivery of the goods for the purpose of arranging a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(b) of the GDPR, we will only pass on the recipient’s name and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date with the provider in advance or to provide a delivery notification.

Consent may be withdrawn at any time with future effect by contacting the controller named above or the supplier.

7.3 Use of payment service providers

Adyen

One or more online payment methods from the following provider are available on this website: Adyen, Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, Netherlands

If you select a payment method from this provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the contents of your order will be passed on to the provider in accordance with Article 6(1)(b) of the GDPR. In this case, your data is transferred solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

8 – Web analytics services

Google Tag Manager

To manage and uniformly implement the tracking, analytics and marketing services described below (in particular Google Analytics 4, Google Ads, Microsoft Advertising and Meta Pixel), we use Google Tag Manager provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Tag Manager is a cookie-free domain that does not itself collect any personal data; it serves solely to centrally manage other tags and to trigger them only in accordance with the consents you have given via the cookie consent tool.

When the Tag Manager is accessed, your IP address is transmitted to Google’s servers for technical reasons; transmissions to Google LLC, based in the USA, are possible in this context. For these transmissions, the provider has adhered to the EU-US Privacy Shield; in addition, the European Commission’s Standard Contractual Clauses apply.

The legal basis for the use of the Tag Manager is Article 6(1)(f) of the GDPR; our legitimate interest lies in the efficient and consistent management of the tools we use. Further information can be found at https://marketingplatform.google.com/about/tag-manager/use-policy/.

Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.

By default, when you visit the website, Google Analytics 4 sets cookies, which are small text files stored on your device and collect certain information. This information includes your IP address, although Google truncates the last few digits to prevent direct personal identification.

The information is transmitted to Google’s servers and processed there. This may also involve transfers to Google LLC, which is based in the USA.

Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics and truncated in this process is not merged with other data held by Google. The data collected through the use of Google Analytics 4 is stored for a period of two months and subsequently deleted.

All processing described above, in particular the setting of cookies on the device used, takes place only if you have given us your express consent in accordance with Chapter 6 Section 18 LEK in conjunction with Article 6(1)(a) of the GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the site. You may withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service via the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with Google which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites.

Demographic characteristics

Google Analytics 4 uses the special ‘demographic characteristics’ feature and can use this to generate statistics that provide insights into the age, gender and interests of website visitors. This is done by analysing advertising and information from third-party providers. This enables target groups to be identified for marketing activities. However, the data collected cannot be attributed to any specific individual and is deleted after being stored for a period of two months.

Google Signals

As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have enabled personalised ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Chapter 6 Section 18 LEK in conjunction with Article 6(1)(a) of the GDPR, analyse your usage behaviour across devices and create database models, including those relating to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the “Personalised ads” feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de. Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de.

UserIDs

As an extension to Google Analytics 4, the “UserIDs” feature may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Chapter 6 Section 18 LEK in conjunction with Article 6(1)(a) of the GDPR, have set up an account on this website and log in to this account on various devices, your activities, including conversions, can be analysed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission. In addition, the European Commission’s Standard Contractual Clauses serve as an additional safeguard.

9 – Retargeting / Remarketing and Conversion Tracking

9.1 Google Ads Conversion Tracking

This website uses the online advertising programme “Google Ads” and, as part of Google Ads, the conversion tracking service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

We use Google Ads to draw attention to our attractive offers on external websites using advertising materials (so-called Google AdWords). We can use the data from the advertising campaigns to determine how successful the individual advertising measures are. Our aim is to show you adverts that are of interest to you, to make our website more interesting for you and to ensure a fair calculation of the advertising costs incurred.

The conversion tracking cookie is set when a user clicks on a Google Ads advertisement. Cookies are small text files that are stored on your device. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages on this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the advert and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are informed of the total number of users who clicked on their advert and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

When using Google Ads, personal data may also be transferred to the servers of Google LLC in the USA.

Details regarding the processing triggered by Google Ads conversion tracking and Google’s handling of website data can be found here: https://policies.google.com/technologies/partner-sites.

All processing described above, in particular the setting of cookies to read information on the device used, will only take place if you have given us your express consent to do so in accordance with Chapter 6 Section 18 LEK in conjunction with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the Google browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=de.

In order to target users whose data we have received in the context of business or business-like relationships with advertising that is even more relevant to their interests, we use a customer matching function within Google Ads. To this end, we transmit one or more files containing aggregated customer data (primarily email addresses and telephone numbers) electronically to Google. Google does not gain access to plain text data in this process, but automatically encrypts the information in the customer files during the transmission process using a special algorithm. The encrypted information can then only be used by Google to associate it with existing Google accounts set up by the data subjects. This enables the display of personalised advertising across all Google services linked to the respective Google account.

Customer data is only transmitted to Google if you have given us your express consent to do so in accordance with Article 6(1)(a) of the GDPR. You may withdraw this consent at any time with future effect. Further information on Google’s data protection measures relating to the customer matching function can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182.

Google’s privacy policies can be viewed here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission. In addition, the European Commission’s Standard Contractual Clauses serve as an additional safeguard.

9.2 Microsoft Advertising (Bing Ads) Conversion Tracking

This website uses conversion tracking from Microsoft Advertising (formerly Bing Ads) provided by the following provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland

Microsoft Advertising places a cookie on your device if you have accessed our website via a Microsoft Bing advert. In this way, Microsoft and we can recognise that someone has clicked on an advert, been redirected to our website and reached a pre-defined landing page (known as a ‘conversion page’). We only receive the total number of users who clicked on a Bing advert and were then redirected to the conversion page. No personal information regarding the user’s identity is disclosed. Data may also be transferred to servers operated by Microsoft Corporation in the USA.

All processing described above, in particular the setting of cookies on the device used, is only carried out if you have given us your express consent in accordance with Chapter 6 Section 18 LEK in conjunction with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission. In addition, the European Commission’s Standard Contractual Clauses serve as an additional safeguard.

Further information on data protection at Microsoft can be found at: https://privacy.microsoft.com/de-de/privacystatement.

9.3 Meta Pixel (Facebook Pixel)

On our website, we use the so-called “Meta Pixel” (formerly “Facebook Pixel”) from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

With the help of the Meta Pixel, Meta is able, on the one hand, to identify visitors to our website as a target group for the display of advertisements (so-called “Meta Ads”). Accordingly, we use the Meta Pixel to ensure that the Meta Ads we place are only shown on Meta and within the services of partners cooperating with Meta (the so-called “Audience Network”) to users who have shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in specific topics or products, determined on the basis of the websites visited), which we transmit to Meta (so-called “Custom Audiences”). With the help of the Meta pixel, we also aim to ensure that our Meta ads correspond to users’ potential interests and do not appear intrusive. Furthermore, we can track the effectiveness of Meta adverts for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta advert (so-called “conversion tracking”).

When using the Meta pixel, data (including IP address, web browser information, location information, device ID, and the date and time of the page visit) is transmitted to Meta’s servers. This may also involve transfers to Meta Platforms Inc., which is based in the USA.

All processing described above, in particular the setting of cookies on the device used, will only take place if you have given us your express consent in accordance with Chapter 6 Section 18 LEK in conjunction with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

Insofar as personal data is collected on our website and forwarded to Meta using the procedure described here, we and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 of the GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The agreement is available at https://www.facebook.com/legal/controller_addendum. Under this agreement, we are responsible for providing data protection information when using the Meta tool and for the data protection-compliant implementation of the tool on our website. Meta is responsible for the data security of Meta products. You may exercise your data subject rights (e.g. requests for information) regarding the data processed by Meta directly with Meta. If you exercise your data subject rights with us, we are obliged to forward these to Meta.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission. In addition, the European Commission’s Standard Contractual Clauses serve as an additional safeguard.

Further information on data protection at Meta can be found at: https://www.facebook.com/privacy/policy/.

10 – Website features

10.1 Google reCAPTCHA

On our website, we use the Google reCAPTCHA service provided by the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

In addition to data being transferred to the provider’s location mentioned above, data may also be transferred to: Google LLC, USA

This service enables us to check whether an entry on our website (e.g. in a contact form, during registration or login) is made by a human or, abusively, through automated, machine-based processing. To this end, Google reCAPTCHA analyses the website visitor’s behaviour based on various characteristics. This analysis begins automatically as soon as the website visitor enters the page protected by reCAPTCHA. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, length of time the website visitor spends on the website, mouse movements). The data collected during the analysis is forwarded to Google.

All processing described above, in particular the reading or storage of information on the user’s device, takes place only if you have given us your express consent in accordance with Chapter 6 Section 18 LEK in conjunction with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service via the “Cookie Consent Tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission. In addition, the European Commission’s Standard Contractual Clauses serve as an additional safeguard.

Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://policies.google.com/privacy?hl=de.

10.2 Google Sign-In

On our website, we provide a single sign-on function from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

In addition to data being transferred to the provider’s location mentioned above, data may also be transferred to: Google LLC, USA

If you have an account with the provider, you can use these account details to log in to create a user account or to register on our website.

When you visit this site, this login function may establish a direct connection between your browser and the provider’s servers, even if you do not have an account with the provider or are not logged in to one. This informs the provider that you have visited our site. The information collected in this context (including your IP address, where applicable) is transmitted directly from your browser to a server of the provider and stored there. However, the information is not used to identify you personally and is not passed on to third parties.

These data processing operations are carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in ensuring a user-friendly and interactive design of our online presence.

If you click the login button to register on our website using your account details with the provider, the provider will transmit the general and publicly accessible information stored in your account (user ID, name, address, email address, age and gender) to us solely on the basis of your explicit consent in accordance with Article 6(1)(a) of the GDPR.

We store and use the data transmitted by the provider to set up a user account with the necessary details (title, first name, surname, address details, country, email address, date of birth), provided you have shared these with the provider. Conversely, based on your consent, data (e.g. information about your browsing or purchasing behaviour) may be transferred by us to your account with the provider.

The consent given may be withdrawn at any time with future effect by notifying us.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission. In addition, the European Commission’s standard contractual clauses serve as an additional safeguard.

Further information on Google’s data protection can be found here: https://business.safety.google/intl/de/privacy/.

10.3 Signing in with Apple (“Sign in with Apple”)

On our website, we provide a login function from the following provider: Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland (“Apple”). If you have an Apple ID, you can use these login details to create a user account or to register on our website.

When you log in via “Sign in with Apple”, Apple transmits the data required for identification (an Apple-specific anonymised email forwarding address or – if you have authorised this – your Apple ID email address and your name) to us solely on the basis of your explicit consent in accordance with Article 6(1)(a) of the GDPR. Apple offers you the option to hide your real email address before it is transmitted (“Hide My Email”).

You may withdraw the consent you have given at any time with future effect. Further information on data protection at Apple can be found at: https://www.apple.com/de/legal/privacy/de-ww/.

11 – Rights of the data subject

11.1 Applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis cited for the respective conditions for exercising these rights:

• Right of access pursuant to Article 15 of the GDPR;
• Right to rectification pursuant to Article 16 of the GDPR;
• Right to erasure pursuant to Article 17 of the GDPR;
• Right to restriction of processing pursuant to Article 18 of the GDPR;
• Right to be informed pursuant to Article 19 of the GDPR;
• Right to data portability pursuant to Article 20 of the GDPR;
• Right to withdraw consent pursuant to Article 7(3) of the GDPR;
• Right to lodge a complaint pursuant to Article 77 of the GDPR.

11.2 The competent supervisory authority for data protection complaints is:

Integritetsskyddsmyndigheten (IMY)
Box 8114
104 20 Stockholm
Sverige
Phone: +46 8 657 61 00
Email: imy@imy.se
Website: https://www.imy.se

For users resident in Sweden, the Swedish Data Protection Authority is alternatively responsible:

Integritetsskyddsmyndigheten (IMY)
Box 8114
104 20 Stockholm
Sweden
Telephone: +46 8 657 61 00
Email: imy@imy.se
Website: https://www.imy.se

You also have the right to lodge a complaint with any other data protection supervisory authority in the European Union – in particular with the supervisory authority for your usual place of residence, your place of work or the place where the alleged infringement occurred (Art. 77 GDPR).

11.3 Right to object

If, following a balancing of interests, we process your personal data on the basis of our overriding legitimate interest, you have the right at any time to object to this processing with effect for the future on grounds relating to your particular situation.

If you exercise your right to object, we will cease processing the data in question. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves to establish, exercise or defend legal claims.

12 – Automated decision-making

Automated decision-making, including profiling, as defined in Article 22(1) and (4) of the GDPR, does not take place. Insofar as we use profiling for advertising purposes within the scope of the services described above (e.g. Google Analytics 4 with demographic features, Google Ads Customer Match), this serves exclusively to display advertising tailored to the target audience. No decisions are made that have legal effects on you or similarly significantly affect you.

13 – Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – where applicable – additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).

Where personal data is processed on the basis of explicit consent pursuant to Article 6(1)(a) of the GDPR, the data concerned will be stored until you withdraw your consent.

Where statutory retention periods apply to data processed in the context of contractual or quasi-contractual obligations on the basis of Article 6(1)(b) of the GDPR, such data is routinely deleted upon expiry of the retention periods, provided that it is no longer required for the performance of a contract or for entering into a contract and/or we no longer have a legitimate interest in continuing to store it.

When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data is stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

Where personal data is processed for the purposes of direct marketing on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.

Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will otherwise be erased when it is no longer necessary for the purposes for which it was collected or otherwise processed.