Data Protection Statement
1. Quick overview on data protection
The information below is intended to give you an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to our Data Protection Statement set out below.
Data collection on this website
Who is responsible for the data collection on this website?
Data processing on this website is carried out by the website operator. You can find the contact details of the website operator in the section “Information on controller” in this Data Protection Statement.
How do we collect your data?
Your data are collected, partly, when you provide them to us. For example, this can be data that you enter in a contact form.
Other data are collected by our IT systems automatically or following your consent you give when you visit the website. These are mainly technical data (e.g., Internet browser, operating system or time of the page visit). The data collection is carried out automatically from the moment you access this website.
What do we use your data for?
Some data are collected in order to ensure that the website is displayed correctly. Other data may be used to analyse your user behaviour.
What rights do you have in respect to your data?
You have the right at any time to obtain, free of charge, information about origin, destination and purpose of your personal data stored. You also have a right to request correction or deletion of these data. If you gave your consent to data processing, you may revoke this consent at any time for the future. Under certain conditions, you may request restriction of the processing of your personal data. You also have the right to lodge a complaint with the relevant supervisory authority.
In regards to this, as well as for any questions on the subject of data protection, you may contact us at any time.
Analysis tools and third-party tools
When you visit this website, your surfing behaviour may be analysed for statistical purposes. This analysis is carried out mainly by so-called analysis programs.
A detailed information on these analysis programs can be found in the Data Protection Statement below.
2. Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (“host”). The personal data collected on this website is stored on the host's servers. This may include, in particular, IP addresses, contact requests, meta data and communication data, contract data, contact data, names, data on website accesses and other data generated via this website.
Deployment of host is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) of GDPR) and in the interests of secure, fast and efficient provision of our online services through a professional provider (Art. (6)(1)(f) of GDPR).
Our host will only process your data to the extent necessary to fulfil its service obligations, and will follow our instructions in respect to these data.
We use the services of the following host:
Address: 415 Mission Street, Suite 300, San Francisco, CA 94105.
112 E Pecan St #1135, San Antonio, TX78205, USA.
Registered office of the joint stock company:
Telefon: 030-300 146 0
Registry Court: Berlin Charlottenburg
USt-ID-Nr.:DE 211 045 709
Contract on commissioned processing
In order to ensure that data are processed in compliance with the data protection legislation, we have concluded a data processing contract with our host.
3. General notes and mandatory information
As operator of this website, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this Data Protection Statement.
While you are using this website, personal data of various kinds are collected. Personal data is any data that can be used to personally identify you. This Data Protection Statement explains what information we collect and how we use it. It also explains how and for what purpose this is carried out.
We would like to point out that data transmission on the Internet (e.g., email communication) can have security gaps. Complete protection of data against any access by third parties is therefore not possible.
Information on controller
Controller for data processing on this website is
Buckower Chaussee 47-54
Telephone: 030-746 83 100
“Controller” means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses etc.).
Unless a more specific storage period is indicated in this Data Protection Statement, your personal data will be stored by us until the purpose of data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted except the cases where we have other legitimate reasons for storing your personal data (e.g., retention periods required in accordance with fiscal and commercial law) – in such a case, the data will be deleted once these reasons no longer apply.
Data protection officer as required by law
Our company designated a data protection officer. You can reach him/her at the e-mail address firstname.lastname@example.org.
Information on data transfer to the USA
Our website deploys, among others, tools provided by companies based in the USA. Whenever these tools are active, your personal data may be transferred to the US servers to the respective company. We would like to point out that the USA is not a “safe third country” as defined by EU data protection legislation. US companies are obliged to disclose personal data to security agencies without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Revoking your consent to data processing
Many data processing operations require an explicit consent provided by you. You may at any time revoke a consent that you provided. The legality of the data processing carried out prior to such revocation remains unaffected by the revocation.
Right to object to data collection in specific cases as well as objecting to direct marketing purposes (Art. 21 GDPR)
IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 (1)(E) OR (F) OF GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE INFORMATION ON WHICH LEGAL BASIS THE DATA PROCESSING IS CARRIED OUT CAN BE FOUND IN THIS DATA PROTECTION STATEMENT. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE THAT THERE ARE COMPELLING LEGITIMATE GROUNDS FOR THE DATA PROCESSING WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE DATA PROCESSING IS NECESSARY FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING OF YOUR PERSONAL DATA AT ANY TIME; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO DIRECT MARKETING PURPOSES. IN THE CASE YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSES OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Complaint with a supervisory authority
In cases of infringement of the GDPR provisions, the data subject concerned has the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of its habitual residence, place of work or place of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
Right to data portability
In respect to the data that we process automatically on the basis of your consent or in performance of the contract, you have the right to have these data handed over to you or to a third party in a conventional and machine-readable format. If you request a direct transfer of these data to a different controller, this can be done only insofar as it is technically feasible.
SSL or TLS encryption
For security reasons and in order to protect transfer of confidential contents such as orders or enquiries sent by you to us as the website operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and a lock symbol appears in the address line of your browser.
If the SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information about personal data, deletion and correction
Within the scope of the applicable statutory provisions, you have the right to receive, free of charge, information about your personal data stored, their origin, recipients and the purpose of the data processing and, where applicable, you have the right to rectify or delete this data. In regards to this, as well as for further questions on the subject of data protection, you may contact us at any time.
Right to restriction of the data processing
You have the right to request the restriction of the processing of your personal data. In regards to this, you may contact us at any time. The right to restriction of the data processing applies to the following cases:
If you have restricted the processing of your personal data, such data may only be processed – except the storage of the data – with your consent or for the purpose of assertion, exercise or defence of legal claims, or for the protection of the rights of a different natural or legal person, or for reasons of an important public interest of the European Union or of an EU Member State.
- Whenever you contest the accuracy of your personal data stored by us, we usually need time to verify this. While your objection is being examined, you have the right to request the restriction of the processing of your personal data.
- If your personal data has been processed unlawfully, you may request – instead of erasure of the data – the restriction of data processing.
- If we no longer need your personal data but you need it to exercise, defend or assert legal claims, you have the right to request – instead of erasure of the data – the restriction of the processing of your personal data.
- If you have filed an objection pursuant to Art. (21)(1) GDPR, then your interests and our interests need to be weighed up against each other. As long as it has not been determined, whose interests outweigh, you have the right to request the restriction of the processing of your personal data.
4. Data collection on this website
Our webpages use so-called “cookies”. Cookies are small text files and they do not cause any harm to your device. They are either temporarily stored on your device for the duration of a session (“session cookies”) or stored permanently on your device (“permanent cookies”). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your browser deletes them automatically.
In some cases, third-party cookies can also be stored on your device when you enter our website (“third-party cookies”). They allow us and/or you to use certain services offered by third parties (e.g., cookies for the processing of payment services).
Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart functions or displaying of videos). Certain cookies serve to evaluate user behaviour or display advertising.
Cookies may be necessary to carry out electronic communication processes (“necessary cookies”) or to provide certain functions you wish to see or use (“functional cookies”, e.g., used for the shopping cart function) or to optimise the website (e.g., cookies used for measuring the web audience), and such cookies are stored on the basis of Art. 6(1) (f) of GDPR, unless any other legal basis is indicated. The website operator has a legitimate interest in the storage of cookies in order to ensure technically accurate and optimised provision of the services. If it was requested to give a consent for the storage of cookies, the storage of the relevant cookies is carried out exclusively on the basis of this consent (Art. 6(1)(a) of GDPR); this consent may be revoked at any time.
You can arrange the settings of your browser in such a way that you are informed about the possibility of storage of the cookies and only allow them in individual cases, or you can reject cookies in certain cases or generally, or you can activate the automatic deletion of cookies upon closing the browser. With cookies disabled, the functionality of this website may be limited.
Insofar as cookies are used by third-party companies or for analysis purposes, we will provide separate information in the framework of this Data Protection Statement, and, where applicable, request your consent.
Server log files
The provider of the webpages automatically collects and stores information in so-called server log files, which are automatically transmitted to us by your browser. These data are:
These data will not be merged with other data sources.
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
The collection of these data is carried out on the basis of Art. (6)(1)(f) of GDPR. The website operator has a legitimate interest in technically accurate presentation and optimisation of this website, and for this purpose, the server log files must be recorded.
If you send us enquiries via the contact form, your details provided in the enquiry form, including the contact details given there by you, will be stored for the purpose of the processing of the request and in case of any follow-up questions. We will not disclose these data without your consent.
The processing of these data is carried out on the basis of Art. 6(1)(b) of GDPR, insofar as your request is related to the performance of a contract, or the processing is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effective processing of the queries addressed to us (Art. 6(1)(f) of GDPR), or is based on your consent (Art. 6(1)(a) of GDPR) where it was requested.
The data provided by you in the contact form will be stored by us until you instruct us to erase them, until you revoke your consent to the storage or until the purpose for the data storage no longer applies (e.g., after your request has been completed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
5. Analysis tools and advertising
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out independent analyses. It serves only administration and display of the tools integrated through it. However, Google Tag Manager collects data on your IP address, which can also be transferred to the Google’s parent company in the United States.
Deployment of Google Tag Manager is carried out on the basis of Art. (6)(1)(f) of GDPR. The website operator has a legitimate interest in quick and uncomplicated integration and administration of various tools on the operator’s website. If a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. (6)(1)(a) of GDPR; this consent may be revoked at any time.
6. Email delivery
This website uses the service Mailgun to manage email addresses and send messages. The operator is Mailgun Inc., 112 E Pecan St #1135, San Antonio, TX 78205, United States.
Mailgun allows us to send, receive and track emails within our applications. The email service collects, among others, personal data such as email addresses, first and last names, usage data and telephone numbers.
The use of the email service is carried out on the basis of Art. (6)(1)(f) of GDPR. We have a legitimate interest in using this email tool in order to organise and optimise our email delivery. If a corresponding consent was requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. (6)(1)(a) of GDPR; this consent may be revoked at any time.
7. Plugins and tools
MapBox and Storerocket
This website uses the map service MapBox API. The provider is MapBox Inx. ("MapBox"), 740 15th Street NW 5th Floor, Washington, DC 20005.
As part of the of MapBox application the service Storerocket is integrated. This enables us to display the locations of our stores while using MapBox. For more information about Storerocket's privacy practices, please visit: https://storerocket.io/privacy.
To use the functions of the MapBox API and Storerocket, it is necessary to store your IP address. This information is usually transmitted to a MapBox and Storerocket server in the USA and stored there. The provider of this website has no influence on this data transfer.
The use of MapBox API and Storerocket is carried out in the interest of an attractive representation of our services online and for an easy finding of the locations indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. (6)(1)(f) of GDPR. If a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. (6)(1)(a) of GDPR; this consent may be revoked at any time.
The data transmission to the USA is carried out on the basis of the EU Commission’s Standard Contractual Clauses. Please find other details here: https://www.mapbox.com/legal/privacy/
Package Tracking Tool
This website uses a package-tracking tool to register and track shipments. The provider is JSC Russian Post [АО «Почта России»], 2A, 3-rd Peschannaya, 125252, Moscow, Russian Federation.
The Package Tracking Tool allows us to determine information on shipments by entering respective shipment number. The Package Tracking Tool records, among others, sender, delivery and recipient addresses as well as the full name, the shipment’s journey and the planned COD amount.
The use of this tool is carried out on the basis of Art. (6)(1)(f) of GDPR. We have a legitimate interest in tracking the shipments in order to optimize both our shipping processes and our services. If a corresponding consent was requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. (6)(1)(a) of GDPR; this consent may be revoked at any time.
8. Our own services
Handling of applicants’ data
We offer opportunities to apply for a job in our company (e.g., by email, post or via online application form). The information below is intended to inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection legislation and all other legal provisions, and that your data will be treated strictly confidentially.
Scope and purpose of the data collection
If you send us an application, we process your personal data associated to it (e.g., contact and communication data, application documents, notes in the context of interviews etc.) as far as this is necessary to decide on establishment of an employment relationship. The legal basis for this is Art. 26 of the German Federal Data Protection Act [BDSG] (as amended) under German law (initiating an employment relationship), Art. 6 (1)(b) of GDPR (general initiation of the contract) and – if you gave your consent – Art. 6 (1)(a) of GDPR. The consent may be revoked at any time. Your personal data will be disclosed within our company only to persons who are involved in the processing of your application.
In the case the application is successful, the data you submitted will be stored in our data processing systems on the basis of Art. 26 of the German Federal Data Protection Act [BDSG] (as amended) and Art. 6(1)(b) of GDPR for the purpose of carrying out the employment relationship.
Retention period for data
If we are not able to make you a job offer, if you reject our job offer or withdraw your application, we reserve the right to keep the data, which you provided, on the basis of our legitimate interests (Art. 6(1)(f) of GDPR) for up to 6 months from the end of the application process, rejection or withdrawal of the application. Afterwards, the data will be deleted and physical application documents will be destroyed. The storage serves in particular the evidence purposes in the event of a litigation. If it becomes apparent that the data will be required after the expiry of the 6-month period (e.g., due to an imminent or pending litigation), deletion will only take place, if this purpose for further retention no longer applies.
A longer retention of the data may also take place if you gave a corresponding consent (Art. 6(1)(a) of GDPR) or if statutory retention requirements oppose erasure of the data.
Registration in the applicants’ pool
If you are not offered a job offer, there might be a possibility to include you in our applicants’ pool. In the case of such registration, all documents and information from the application will be transferred to the applicants’ pool so that you can be contacted for suitable vacancies.
Registration in the applicants’ pool is carried out exclusively on the basis of your explicit consent (Art. 6(1)(a) of GDPR). Such consent remains voluntary and it bears no relation to the ongoing application process. The data subject concerned may revoke his/her consent at any time. In this case, the data will be irrevocably deleted from the applicants’ pool insofar as there are no other legal reasons for storage of the data.
The data will be irrevocably deleted from the applicants’ pool at the latest two years after the consent has been provided.
9. Handling data of recipients of goods shipped on behalf of EU sellers by us and our partners to Russia
Sellers from the European Union (EU) may commission us with the delivery of their goods to recipients within the Russian Federation. The information below is intended to inform you about the scope, purpose and use of your personal data collected and processed during this delivery. Responsibility for the collection of your personal data lies with the EU seller from whom you order the goods and from whom we receive your data.
Scope, purpose and legal basis of the data processing
In order to carry out the delivery, we receive from the EU seller, from whom you have ordered goods, the surname, first name, patronym, address and, if applicable, further contact details (esp. telephone number in the case of shipping services for the purpose of door-to-door delivery and for notifying the receivers by means of SMS-messages and PUSH notifications about the status of delivery ) of the person placing the order and of the alternative recipient (if any).
These data are processed in order to fulfil the contract between our company and the EU seller from whom you have ordered the goods. The legal basis of the data processing is Art. 6(1)(b) of the GDPR. In addition to this, our company may be obliged by the law to process your data to comply with legal requirements under German or EU regulations, e.g. mail seizure in the event of a criminal investigation under Sec. 99 of the German Code of Criminal Procedure, notification obligation to courts and public authorities under Sec. 40 of the German Postal Act, etc. In such case, the processing is carried out on the basis of Art. 6 (1)(c) of the GDPR.
Your personal data will be deleted by us as soon as the purpose of storage no longer applies and the data no longer needs to be stored in accordance with legally prescribed retention period. In this case, the data will be deleted after the legally prescribed retention period has expired.
Recipients or categories of recipients
Data is shared with the companies which are involved in the provision of postal and logistics services. Data can be also shared within the scope of fulfilment of legal obligations (e.g. with the investigating and customs authorities).
The above-mentioned controllers do not sell, transfer or otherwise share your data with third parties themselves, and will not do so in the future, unless this is required by law, or is necessary for the purposes of the contract, or you have consented to such transfer of the data. For example, in the case of postal services, your address data may be passed on to the companies involved in the transportation process (e.g. courier service providers, customs service providers and, in the case of non-postal services, sanction screening service providers to check against the sanction lists).
External service providers processing the data on behalf of RusPost GmbH (e.g. for customer services, IT services) provide sufficient guarantees that appropriate technical and organisational measures are implemented in such a way that the data processing is carried out in line with the requirements of the GDPR. In accordance with Art. 28 of the GDPR, they are contractually obliged, among other things, to maintain strict confidentiality. In these cases, RusPost GmbH remains responsible for the protection of your personal data. The external service providers only process the personal data on the documented instructions by RusPost GmbH.
Data transfer to the Russian Federation
When goods are shipped to the Russian Federation, the delivery of the goods to the recipient is carried out by JSC Russian Post, 2A, 3-rd Peschannaya, 125252, Moscow, Russian Federation. For the purpose of performance of the contract (Art. 6 (1)(b) of the GDPR), the data is therefore transferred to JSC Russian Post, Moscow, Russian Federation.
Russia is a so-called third country (country outside the European Union or the European Economic Area). The transfer of the recipient’s data is necessary for the performance of the respective transportation contract (e.g. shipment delivery). If a transfer to a third country is performed by RusPost GmbH, this is only carried out on the basis of the EU Standard Contractual Clauses or under the GDPR exceptions.
Processing customers’ service requests and queries
If you contact us to obtain information or to make use of our services, we process your personal data in this context.
Scope, purpose and legal basis of the data processing
The handling of (service) requests may involve data such as the name, address and other contact details of the requesting party, the name and address of the recipient (where applicable), the content of the request and information about the shipment as well as bank details (where applicable).
The data will be processed for the purpose of handing the request under an existing contract or for an initiation of the contract. The legal basis is therefore Art. 6(1)(b) of the GDPR. In addition to this, our company may be obliged by the law to process your data to comply with legal requirements under German or EU regulations, e.g. mail seizure in the event of a criminal investigation under Sec. 99 of the German Code of Criminal Procedure, notification obligation to courts and public authorities under Sec. 40 of the German Postal Act, etc. In such case, the processing is carried out on the basis of Art. 6 (1)(c) of the GDPR.
Recipients or categories of recipients
If necessary as a part of request processing, the data may be transferred to another group company. In the event of damage, it may also be necessary to share the data with insurance companies. In addition to this, the data may be shared within the scope of fulfilment of legal obligations (e.g. with investigating authorities).
Transfer to a third country
Dealing with the requests may require involvement of companies outside the European Union or the European Economic Area, in particular involvement of the JSC Russian Post, 2A, 3-rd Peschannaya, 125252 Moscow, Russia. However, transfer of personal data takes place only if there is an adequacy decision by the European Commission or other appropriate data protection safeguards (e.g. binding corporate rules or EU Standard Contractual Clauses).
10. RusPost GmbH at LinkedIn
Scope of processing of personal data
If you contact us, e.g. via the contact form or by comment, we process personal data in this context exclusively for the purpose of handling your request. The legal basis for this processing is Art. 6(1)(f) of the GDPR. We have a legitimate interest in dealing with your request. In the case of requests that are made within the scope of an existing contract or for the purpose of initiating a contract, the legal basis for processing is Art. 6(1)(b) of the GDPR.
Controllers for the processing of personal data in such page insights events (insights data) are jointly LinkedIn Ireland and our company.
Our profiles in the social networks are intended to ensure the broadest possible presence of our company on the Internet. As a business company, we have a legitimate interest in this. The legal basis for the data processing is therefore Article 6(1)(f) of the GDPR.
Data processing and analysis carried out by the social network operators themselves may be based on other legal grounds. These must be indicated by the social network operators.
Exercise of your rights and responsibility for data processing
When you visit our LinkedIn profile, our company and LinkedIn are jointly responsible for the data processing operations triggered during this visit. You are therefore able to exercise your rights both towards our company and LinkedIn.
However, despite the joint responsibility of our company and LinkedIn, our influence on LinkedIn’s data processing operations is limited and depends primarily on LinkedIn’s requirements.
Data protection settings on LinkedIn
If you are a registered LinkedIn user, you can adjust your privacy settings in your user account. To do so, please click on the following link and log in: https://www.linkedin.com/psettings/
In cases where we collect data through our LinkedIn profile, this data will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it or withdraw your consent to storage. Stored cookies will remain on your device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.
We have no influence on how long LinkedIn stores your data collected by LinkedIn for its own purposes. For more information, please contact LinkedIn directly, e.g. through this link in the privacy statement at https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
Transfer to a third country
LinkedIn transfers your data also to third countries outside the European Union or the European Economic Area.