Last updated: June 01, 2024

1) Introduction and Controller Contact Information

1.1 We are pleased that you visit our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Liam Kremer trading as Trivox, Auf Staffels 44, 53619 Rheinbreitbach, Germany, Tel.: +15157562525, Email: contact@trivox.sh. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 During purely informational use of our website, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the site server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

• Our visited website
• Date and time of access
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Cloudflare

We use a Content Delivery Network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. The processing takes place to protect our legitimate interest in improving the stability and functionality of our website according to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.

3.2 jsDelivr

We use a Content Delivery Network from the following provider: Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB, United Kingdom

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. The processing takes place to protect our legitimate interest in improving the stability and functionality of our website according to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfer to the provider's location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), some remain stored on your device longer and enable the saving of page settings (so-called "persistent cookies"). In the latter case, you can find out the storage duration from the overview in your browser's cookie settings.

If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the execution of the contract, in accordance with Art. 6(1)(a) GDPR in the case of consent given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

You can set your browser to inform you about the setting of cookies and to decide individually about their acceptance or to exclude the acceptance of cookies for certain cases or in general.

Please note that the functionality of our website may be limited if cookies are not accepted.

5) Contact

When you contact us (e.g., via contact form or email), personal data is processed - exclusively for the purpose of processing and handling your inquiry and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

6) Comment Function

As part of the comment function on this website, in addition to your comment, information about the time of creation of the comment and the commenter name you have chosen is stored and published on this website. Furthermore, your IP address is logged and stored. This storage of the IP address is for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a submitted comment. Your email address is required so that we can contact you if a third party should object to your published content as unlawful.

The legal basis for storing your data is Art. 6(1)(b) and (f) GDPR. We reserve the right to delete comments if they are objected to as unlawful by third parties.

7) Data Processing When Opening a Customer Account

In accordance with Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website.

Deletion of your customer account is possible at any time and can be done by sending a message to the controller's address mentioned above. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no legal retention periods oppose this, and we do not have a legitimate interest in continued storage.

8) Use of Customer Data for Direct Marketing

8.1 Registration for our Email Newsletter

When you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of additional data is voluntary and is used to be able to address you personally. We use the so-called double opt-in procedure for sending the newsletter, which ensures that you will only receive newsletters after you have explicitly confirmed your consent to receive the newsletter by activating a verification link sent to the specified email address.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6(1)(a) GDPR. In doing so, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later point in time. The data collected by us when registering for the newsletter is used strictly for the purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

8.2 Amazon SES

Our email newsletters are sent through this provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on your data provided during newsletter registration to this provider in accordance with Art. 6(1)(f) GDPR, so that the provider can send the newsletter on our behalf.

Subject to your express consent in accordance with Art. 6(1)(a) GDPR, the provider also conducts a statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the contents of the newsletter. In doing so, device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our site visitors and prohibits disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.

9) Data Processing for Order Processing

9.1 To the extent necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data (name, address, email address) provided by you when ordering to inform you personally about upcoming updates within the legally prescribed period through appropriate communication channels (e.g., by mail or email) in accordance with Art. 6(1)(c) GDPR. Your contact data will be used strictly for the purpose of notifications about updates owed by us and will only be processed by us to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s) who support us in whole or in part with the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

9.2 Use of Payment Service Providers

- PayPal

On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider where you pay in advance, your payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be forwarded to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where we pay in advance, you will also be asked during the ordering process to provide certain personal information (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable data for an alternative payment method).

In order to protect our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6(1)(f) GDPR. The provider checks, on the basis of the personal data provided by you as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment option selected by you can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called "score values"). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among others, but not exclusively, is included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.

- SOFORT

On this website, one or more online payment methods from the following provider are available: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany

If you select a payment method from the provider where you pay in advance (e.g., credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be forwarded to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

9.3 Electronic Cancellation Option for Continuous Obligations with Consumers

Consumers who have entered into contracts for chargeable continuing obligations on this website (e.g., subscription contracts) have the option of canceling these in accordance with the applicable cancellation periods via an electronic button.

Clicking the button leads to a confirmation page where the consumer can provide more details about the cancellation, clearly identify themselves, and subsequently declare their cancellation electronically.

The collection of personal data and its transmission to us takes place in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for the proper processing of the cancellation. Also on the basis of Art. 6(1)(b) GDPR, the provided personal data is used to confirm receipt of the cancellation declaration and the cancellation date electronically in text form. The additional legal basis for the processing is Art. 6(1)(c) GDPR. We are legally obligated to provide an electronic cancellation option for consumer contracts on chargeable continuing obligations concluded by means of electronic commerce.

10) Web Analytics Services

Matomo

This website uses a web analytics service from the following provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Matomo")

To protect site visitors, Matomo uses a so-called "config_id" to enable various analyses of site usage within a short time window of up to 24 hours. The "config_id" of the site is a randomly set, time-limited hash of a limited amount of settings and attributes of the visitor. The config_id or config-hash is a string that is calculated for a visitor based on their operating system, browser, browser plugins, IP address, and browser language. Matomo does not use device fingerprinting and uses an anonymized IP address of the site visitor for the creation of the "config_id".

If the information processed in this way includes personal user data, the processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. To object to data processing of your visitor data for the future, we provide you with a separate objection option on our website.

If data collected with the Matomo technology (including your pseudonymized IP address) is transferred to Matomo servers in New Zealand and processed for usage analysis purposes, we inform you that the European Commission has issued a so-called adequacy decision for New Zealand, which attests to compliance with European data protection standards in international data transfers.

If data is also transferred to the provider's servers and the web analytics service has not been installed locally on our server, we have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

You have the option to prevent actions you perform here from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users.

11) Site Functionalities

11.1 Google Sign-In

On our website, we provide a single sign-on function from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

In addition to a transfer of data to the above-mentioned provider location, data may also be transferred to: Google LLC, USA

If you have an account with the provider, you can use these account data to create a user account or to register on our website.

When visiting this page, a direct connection can be established between your browser and the provider's servers through this login function, even if you do not have an account with the provider or are not logged into one. The provider thereby receives the information that you have visited our page. The information collected in this way (possibly including your IP address) is transmitted directly from your browser to a server of the provider and stored there. However, the information is not used to identify you personally and is not passed on to third parties.

These data processing operations are carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in a user-friendly and interactive design of our online presence.

If you click the login button to register on our website with the data of your account with the provider, the provider transmits the general and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender) exclusively on the basis of your express consent in accordance with Art. 6(1)(a) GDPR.

We store and use the data transmitted by the provider to set up a user account with the necessary data (salutation, first name, last name, address data, country, email address, date of birth), provided that you have released these to the provider. Conversely, based on your consent, data (e.g., information about your browsing or purchasing behavior) can be transferred from us to your account with the provider.

The consent given can be revoked at any time with effect for the future towards us.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.

11.2 Microsoft Forms

For conducting surveys or for online forms, we use the services of the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

The provider enables us to design and evaluate surveys and online forms. In addition to the respective personal data that you enter into the forms, information about your operating system, browser, date and time of your visit, referrer URL, and your IP address is also collected, transmitted to the provider, and stored on the provider's servers.

The information you enter into the forms is stored password-protected to ensure that third-party access is excluded and only we can evaluate the data for the purpose stated in the form.

For the processing of personal data that is necessary for the fulfillment of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6(1)(b) GDPR serves as the legal basis. If you have given us consent for the processing of your data, the processing is based on Art. 6(1)(a) GDPR. A consent given can be revoked at any time with effect for the future.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.

12) Tools and Miscellaneous

sevDesk

For the completion of accounting, we use the service of the cloud-based accounting software from the following provider: sevDesk GmbH, Hauptstraße 115, 77652 Offenburg, Germany

The provider processes incoming and outgoing invoices as well as, if applicable, the bank movements of our company to automatically record invoices, match them to transactions, and from this create financial accounting in a semi-automated process.

If personal data is also processed, the processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in efficiently organizing and documenting our business transactions.

13) Rights of the Data Subject

13.1 The applicable data protection law grants you the following rights of data subjects (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise requirements:

• Right of access according to Art. 15 GDPR;
• Right to rectification according to Art. 16 GDPR;
• Right to erasure according to Art. 17 GDPR;
• Right to restriction of processing according to Art. 18 GDPR;
• Right to information according to Art. 19 GDPR;
• Right to data portability according to Art. 20 GDPR;
• Right to withdraw consents granted according to Art. 7(3) GDPR;
• Right to lodge a complaint according to Art. 77 GDPR.

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTEREST BY MEANS OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

14) Duration of Storage of Personal Data

The duration of the storage of personal data is measured according to the respective legal basis, the processing purpose and – if applicable – additionally according to the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data on the basis of express consent pursuant to Art. 6(1)(a) GDPR, this data is stored until the data subject revokes their consent.

If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment of the contract or the initiation of a contract and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Art. 6(1)(f) GDPR, this data is stored until the data subject exercises their right to object according to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, this data is stored until the data subject exercises their right to object according to Art. 21(2) GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.