This data protection policy applies to the online offers on www.lightshift.co.
Information on the collection of personal data
- In the following lines, we provide information on the collection of personal data when using our online offers. Personal data is all data that can be related to you personally, e.g. your name, address, email addresses, user behavior, and IP address.
- The responsible party according to Art. 4, para. 7 of the EU General Data Protection Regulation (GDPR) is:
- If we make use of commissioned service providers for individual functions of our offers or if we wish to use your data for commercial purposes, we will inform you of the respective processes as described in detail below. In so doing, we will also cite the set criteria for the storage period.
DIAL GmbHYou can contact our data protection officer at:
Tel. +49 (0) 2351 5674 0
Fax +49 (0) 2351 5674 410
Tel. +49 (0) 2351 5674 0
Fax +49 (0) 2351 5674 410
Höveler Weg 2
Tel: + 49 (0) 2353 9096 31
Fax: + 49 (0) 2353 9096 49
Höveler Weg 2
Tel: + 49 (0) 2353 9096 31
Fax: + 49 (0) 2353 9096 49
General information about data processing
- As a matter of principle, we collect and utilize personal data from visitors to our website only to the extent required to ensure the functioning of our website and of our contents and services. The collection and utilization of our users' personal data also occurs after users have given their consent. An exception applies to cases in which prior consent can not be obtained for practical reasons and/or where the processing of the data is legally permitted.
- In so far as we have obtained consent for the processing of personal data from the data subject, Art. 6, para. 1, point a of the GDPR acts as the legal basis. When processing personal data in order to fulfil a contract, to which the data subject is a party, Art. 6, para. 1 point b of the GDPR serves as the legal basis. This also applies to processing that is required in order to perform pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6, para. 1, point c of the GDPR serves as the legal basis. If vital interests of the data subject or of another natural person require the processing of personal data, Art. 6, para. 1, point d of the GDPR serves as the legal basis. If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interests, Art. 6, para. 1, point f of the GDPR acts as the legal basis for processing.
- The personal data of the data subject are deleted or locked once the purpose of their storage no longer applies. Furthermore, data can be stored if provision has been made by the European or national legislator in ordinances, acts or other regulations in EU law to which the controller is subject. The data are also locked or deleted if a storage period prescribed by the stated standards expires, unless it is necessary to continue to store the data in order to conclude or fulfil a contract.
Data collection when visiting our website
- If you are using our website solely for informational purposes, i.e. if you have not registered or otherwise conveyed information to us, we will only collect personal data transmitted by your browser to our server. If you would like to view our website, we will collect the following data, which is a technical requirement for us in order to be able to display our website and to ensure stability and security (the legal basis for this is Art. 6, para. 1, sentence 1, point f of the GDPR):
- IP address,
- Date and time of request,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific page),
- Access status/HTTP status code,
- Volume of data transmitted,
- Website issuing the request,
- previously visited page,
- Operating system and its interface,
- Language and version of browser software.
- The data are also stored in the logfiles of our system. These data are not stored together with other personal data of the user. The legal foundation for the temporary storage of the data and logfiles is Art. 6, para. 1, point f of the GDPR. The data are stored in logfiles in order to ensure that the website functions properly. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
- The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. If data has been collected for the provision of the website, this occurs when the respective session ends. The collection of data for the provision of the website and the storage of data in logfiles is absolutely necessary for the operation of the internet site. As a result, the user may not object.
Other functions and offers of our website
- In addition to the purely informational use of our website, we offer various services that you can use if needed, and use other common functions to analyze or market our offers, which are presented in more detail below. To do this, you usually have to provide additional personal data, and we may process additional data that we use to carry out the respective services. The aforementioned data processing principles apply to all data processing purposes described here.
- In some cases, we use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are checked regularly.
- Furthermore, we may also disclose your personal data to third parties when we offer participation in campaigns, contests, contract conclusions, or similar services together with partners. Depending on the service, your data can also be collected by the partners on their own responsibility. You will receive more detailed information when you provide your details or below in the description of the respective offers.
- If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the service being offered.
Objection to or revocation of the processing of your data
- If you have consented to the processing of your data, you can revoke this at any time in accordance with Art. 7, para. 3 of the GDPR. Once communicated to us, such a revocation affects the admissibility of the processing of your personal data.
- If we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if processing in particular is not necessary for the fulfilment of a contract with you, which we will note in the subsequent description of each function. If you raise such an objection, we ask that you explain the reasons why we should not process your personal data in the manner we have done. If your objection is justified, we will examine the situation and either cease or adjust the data processing or explain to you our compelling and legitimate reasons as to why we will continue to perform the processing as such.
- Of course, you may object at any time to the processing of your personal data for advertising and data analysis purposes. You may inform us of your objection to such uses via the following contact details: firstname.lastname@example.org
Deletion of data
The data processed by us will be deleted or have its processing restricted in accordance with Art. 17 and 18 of the GDPR. Unless expressly stated in this data protection policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any legal storage obligations. If the data are not deleted because they are necessary for other legally permissible purposes, their processing is restricted. This means that the data is locked and not processed for any other purposes. This applies, for example, to data that must be kept for commercial or tax reasons. According to legal requirements in Germany, records shall be kept for 6 years in accordance with section 257, para. 1 of the HGB (German Commercial Code) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with section 147, para. 1 of the AO (German Fiscal Code) (books, records, progress reports, accounting documents, commercial and business letters, for documents relevant to taxation, etc.).
Transfer of data to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in order to utilize third-party services, disclose or transfer data to third parties, then this will only happen in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the particular requirements of Art. 44 ff. of the GDPR apply. This means, for example, that processing is carried out on the basis of special guarantees, such as the officially recognized establishment of a data protection level in compliance with the EU or compliance with officially recognized special contractual obligations (so-called 'standard contractual clauses').
- You have the following rights regarding your personal data:
- Right of access You have the right to request confirmation as to whether relevant data will be processed, and to information on this data as well as further details and copies of the data in accordance with Art. 15 of the GDPR.
- Right to rectification In accordance with Art. 16 of the GDPR, you have the right to request the completion of the data or the rectification of the incorrect data concerning you.
- Right to erasure or right to restriction of processing In accordance with Art. 17 of the GDPR, you have the right to request that personal data be deleted immediately, or alternatively the right to request the restriction of processing of the data in accordance with Art. 18 of the GDPR.
- Right to data portability You have the right to receive the data concerning you, which you have provided to us, in accordance with Art. 20 of the GDPR, and to request their transmission to other controllers.
- You also have the right to submit a complaint to the relevant data protection supervisory authorities concerning our processing of your personal data. In our case, this is the North Rhine-Westphalia state official for data privacy and information security (ldi): https://www.ldi.nrw.de/
- To protect the transmission of confidential content that you send to us (e.g. orders, inquiries), this website uses so-called SSL or TLS encryption These can be recognized by the lock symbol in your browser address bar. Concurrently, the address line changes from 'http://' to https://. This means that third parties are not able to read this data.
- Temporary cookies or 'session cookies' or 'transient cookies' are cookies that are deleted after a user leaves an online offer and closes their browser. In such a cookie, the contents of a shopping cart in an online shop or a login status are stored, for example.
- 'Permanent' or 'persistent' cookies refer to those that remain stored even after the browser has been closed. In doing so, the login status can be stored, for example, if users visit the website after several days.
- In addition to so-called 'first-party cookies', which are set by us as the party responsible for data processing, 'third-party cookies' are also used, which are offered by third-party providers. If 'third party cookies' are set, we will inform you about this within the respective data protection information of the online offers and about the cooperation with external service providers.
- Mandatory functions that are technically necessary to display the website: The technical structure of the website requires that we use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted after you have finished visiting the website, at the latest when you close your browser. You cannot deactivate these cookies if you want to use our website. The individual cookies can be viewed in the Consent Manager. The legal basis of this processing is Art. 6, para. 1, sentence 1, point f of the GDPR.
- We only set cookies with your consent. The functions are only activated with your consent and can enable us, in particular, to analyze and improve your visits to our website, to make it easier for you to use different browsers or end devices, to recognize you upon a visit or to advertise (possibly also to target advertising to your interests, to measure the effectiveness of advertisements or to show interest-oriented advertising). The legal basis of this processing is Art. 6, para. 1, sentence 1, point a of the GDPR. You can revoke your consent at any time without affecting the admissibility of processing until the revocation.
Google Tag Manager
- We use the 'Google Tag Manager' service on our website. Google Tag Manager is a service provided by Google Ireland Limited ('Google'), Gordon House, Barrow Street, Dublin 4, Ireland. The service allows us to manage website tags via an interface. The service triggers other tags that may collect data. Google may sometimes process personal data when a tag is triggered. There is a possibility that Google will also send the information to a server in a third country. The following personal data are processed by the Google Tag Manager service: Online designations (including cookie identifiers) and IP address. You can find more detailed information about the Google Tag Manager at https://www.google.com/analytics/terms/tag-manager/ and also at https://www.google.com/intl/de/policies/privacy/index.html
- We have concluded an agreement for order processing in accordance with Art. 28 of the GDPR. Google processes the data on our behalf in order to trigger the saved tags and display the services on our website. Google can pass on this information to third parties where required to do so by law or insofar as third parties process these data on Google's behalf.
- We integrate the Google Tag Manager on our website in order to achieve a simplified and clear integration of various services. Moreover, the integration of the Google Tag Manager optimizes the setup times of various services. The legal basis for the processing of the personal data described here is the consent you expressly granted in accordance with Art. 6, para. 1, point a of the GDPR. The legal basis for the processing of those data that are processed for the purpose of obtaining such consent is our legitimate interest in accordance with Art. 6, para. 1, point f of the GDPR. The legitimate interest can be seen in the evidence of the consent granted by you.
Registration on our platform
- If you want to use Lightshift in our platform, you have to register with your company data, invoice data and a contact person. The mandatory information fields required for processing are specially marked. Other details are voluntary.
- We use the so-called double opt-in procedure for registration, i.e. you will receive an e-mail in which you must confirm that you are the owner of the e-mail address provided and that you wish to receive the notifications.
- If you use our platform, we will store the data required to fulfill the contract and also details on the method of payment until you permanently delete your access data. Furthermore, we will store the voluntary data you have provided for the duration of your platform use, unless you delete these beforehand. The legal basis is Art. 6, para. 1, sentence 1 point b of the GDPR. When you use the platform, your data may become accessible to other users of the platform; in the case of certain functions of the platform, this may only occur under certain conditions. If you post questions about orders, these are visible to all registered users of the platform. The legal basis for this is – depending on the use of the respective function of the platform – Art. 6 para. 1, sentence 1, point b GDPR or Art. 6 para. 1, sentence 1, point f GDPR.
- We can also process the data you provide in order to inform you about other interesting products from our portfolio or to send you emails with technical information.
- We delete your data as soon as it is no longer necessary for its intended purpose and the deletion does not conflict with any statutory retention requirements.
- To prevent unauthorized access by third parties to your personal data, especially financial data, the connection is encrypted using TLS technology.
Use of our contact form
- There is a contact form on our website which can be used to contact us electronically. If a user makes use of this option, then the data entered in the input mask are transmitted to us and stored. These data include: title, first name, last name, company, email. The following data are also stored when the message is sent: The IP address of the user, date and time of the registration.
- As part of this process, your consent is obtained for the processing of data and reference is made to this data protection policy. Alternatively, it is possible to contact us via the email address provided. In this case, we store the user's personal data transmitted with the email. The data are not forwarded to any third parties in this context. The data are used exclusively to process the conversation. The legal basis for the processing of data when consent is given by the user is Art. 6, para. 1, point a of the GDPR. The legal basis for the processing of data which are transmitted when sending an email is Art. 6, para. 1, point f of the GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6, para. 1 point b of the GDPR. Processing the personal data from the input mask only assists us in handling the communication. If contact is made via email, this also includes the required justified interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that have been transmitted via email, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be seen from the circumstances that the issue being discussed has been conclusively resolved. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. The user has the option to revoke their consent to the processing of the personal data at any time. If the user contacts us via email, then they can object at any time to their personal data being stored. In this instance, the conversation cannot be continued. All personal data that have been stored during the communication are deleted in this case.
- With your consent, you can subscribe to our newsletter in which we will keep you informed of our current interesting offers. The goods and services advertised will be set out in the declaration of consent.
- We employ the double opt-in method for subscribing to our Newsletter. This means that once you have registered, we will send an email to the email address you have provided to us, asking you to confirm that you wish to receive the notifications. If you fail to confirm your registration within three months, your information will be locked and will be automatically deleted after one month. Furthermore, we will store the IP addresses you have used and the time at which you registered/confirmed your registration in each case. The purpose of this procedure is to give us a record of your registration and to allow us to resolve any potential misuse of your personal data.
- The only mandatory information we require in order for the newsletter to be sent to you is your email address. Any provision of further, separately marked data is voluntary and these will be used to address you personally. Once we receive your confirmation, we will store your email address for the purpose of sending the newsletter to you. The legal basis is Art. 6, para. 1, sentence 1, point a of the GDPR.
- You may revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. To do so, you can click on the link provided in each Newsletter email, send an email to email@example.com you may declare your revocation by sending a message to the contact details provided in the website information.
- The following 'newsletter data' are collected, stored and processed by us:
- the page from which the page was requested (so-called referrer URL)
- date and time of access
- the description of the type of web browser used
- the IP address of the requesting computer, which is shortened in such a way that a personal connection can no longer be established
- the email address
- date and time of the registration and confirmation
- Please note that we analyze your user behavior when we send out the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your email address and an individual ID. Links contained in the newsletter also contain this ID. The data is only collected in pseudonymized form, i.e. the IDs are not linked to your other personal data, and direct personal reference is excluded.
Integration of YouTube videos
- We have integrated YouTube videos into our website, which are stored at http://www.YouTube.com and can be played directly from our website. [These are all integrated in the 'extended data protection mode', i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. The data mentioned in Paragraph 2 will only be transmitted when you play the videos. We have no influence on this data transfer.] The legal basis for the display of the videos is Art. 6 para. 1, sentence 1 point a GDPR, i.e. the integration only takes place with your consent.
- By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP address and time stamp are transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or no such user account exists. If you are logged into Google, your data will be allocated directly to your account. If you do not want any allocation to your YouTube profile, you must log out prior to activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or for the design of its website according to demand. Such an analysis is conducted in particular (even for users who are not logged in) in order to display advertisements in line with user preferences and to inform other users of the social network about your activities on our website. You are entitled to raise an objection against the creation of such user profiles, but you must contact YouTube directly in order to exercise that right.
- The information collected is stored on Google servers, also in the USA. For these cases, the provider has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws for international data transmission. We have also agreed so-called standard data protection clauses with Google, the purpose of which is to maintain an appropriate level of data protection in third countries.
- For further information on the purpose and scope of data collection and data processing by YouTube, please refer to their data protection policy. Here you will also find further information on your rights and setting selection possibilities for the protection of your privacy: www.google.de/intl/de/policies/privacy.
Encrypted payment transactions
If you are obliged to provide us with your payment data due to the conclusion of a contract that results in a payment obligation on your part, the data required to do this is used exclusively for payment processing. This applies to all standard methods of payment (credit cards, direct debit). We use an encrypted SSL or TLS connection for payment transactions. These can be recognized by the lock symbol in your browser address bar. Concurrently, the address line changes from 'http://' to 'https://'. This means that third parties are not able to read this data.
Use of Matomo
- This website uses the web analysis service Matomo to analyze and regularly improve the use of our website. Using the statistics generated in this way allows us to improve our service and to make it more interesting for you, the user. The purpose of the Matomo component is the analysis of traffic on our website. Among other things, we use the data and information obtained to evaluate the use of this website in order to compile online reports that show the activities on our website. The following information is collected:
- the URL from which the administration portal or one of its sub-pages is accessed (e.g. a search engine or a link from another website),
- the URLs of the administration portal that are called up,
- the time spent on the respective websites of the administration portal,
- the search terms entered,
- information transmitted by the user's access device (operating system, screen resolution, browser, language setting of the browser).
- We store the information collected in this way exclusively on one of our servers. We do not pass on this personal data to third parties. This website uses Matomo with the extension 'AnonymizeIP'. As a result, IP addresses are processed in a shortened form and direct references to persons can be ruled out. Matomo will not associate the IP address transmitted by your browser with any other data we have gathered.
- Cookies are stored on your computer for this analysis (we have already discussed cookies in more detail above). The placing of the cookie enables us to analyze the use of our website. Every time you call up one of the individual pages of this website, your internet browser is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain knowledge of personal data, such as the IP address of the data subject, which we use, among other things, to trace the origin of both visitors and clicks. Cookies are used to store personal information such as the time of access, the location from which access was made and the frequency of visits to our website.
- For information on third-party privacy, visit https://matomo.org/privacy/.
Use of Google Analytics
- This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ('Google'). Web analysis refers to the collection, compilation and analysis of data on the behavior of visitors to websites. Google Analytics uses so-called 'cookies', which are placed on your computer, to help the website analyze how users use the website. We have already explained above what cookies are. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. For these cases, Google has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws for international data transmission. We have also agreed so-called standard contract clauses with Google, the purpose of which is to maintain an appropriate level of data protection in third countries.
- This website uses Google Analytics with the anonymization function. As a result, IP addresses are processed in a shortened form and direct references to persons can be ruled out. Due to the activation of IP anonymization on these websites, Google will however truncate your IP address within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyze your use of the website, to compile reports on website activities and to provide the website operator with other services relating to website use and internet use. We use Google Analytics to enable us to analyze and improve the use of our website. Using the statistics generated in this way allows us to regularly improve our offer and to make it more interesting for you as the user.
- The following data types are processed by Google:
- Online designations (including cookie identifiers)
- IP address
- Data about the device/browser
- Website or app activities
- Google will not associate the IP address transmitted by your browser in the context of Google Analytics with any other data held by Google.
- You can find more detailed information about the performance scope of Google Analytics at https://marketingplatform.google.com/about/analytics/terms/de/. Google provides information on data processing during the use of Google Analytics under the following link: https://support.google.com/analytics/answer/6004245?hl=de/. General information on data processing, which, according to Google, should also apply to Google Analytics, can be found in Google's data protection declaration at https://policies.google.com/privacy?hl=de&gl=de.
- By integrating Google Analytics, we aim to analyze and react to user behavior on our website. This enables us to continuously improve our offer. The legal basis for the processing of personal data described here is Art. 6, para. 1, point a of the GDPR. You can revoke your consent at any time without affecting the admissibility of processing until the revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to withdraw your consent is to use our consent manager or to install the Google browser add-on, which can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=de/.
- We have signed a contract for the use of Google Analytics with Google in accordance with Art. 28 of the GDPR. Google therefore processes data on our behalf for the purposes mentioned above. As part of the order processing Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://business.safety.google/adssubprocessors/.
Data protection rules on the implementation and use of Google AdSense
- This website uses the online advertising service Google AdSense in order to show you personalized banner ads which provide information about our products. The ads can be recognized by the 'Google ads' reference in the display concerned. The legal basis for the processing of your data is Art. 6, para. 1, sentence 1, point a of the GDPR, i.e. the integration only takes place with your consent.
- Whenever you visit our website, Google receives the information that you have accessed our website. Google uses a short text in the website's source code ('code snippet') to place a cookie on your computer. The above-mentioned basic data such as IP address and time stamp are transmitted. We allow Google to collect the information about you that is required for the appropriate ad. Other than that, however, we have no knowledge about the extent of the data collection process or retention period. If you are logged into your Google account, your data can be allocated to this account directly. If you do not want any data to be allocated to your Google profile, you must log out. It is possible that these data will be passed on by contracting partners of Google to third parties and authorities. This website does not place ads of third-party providers via Google AdSense.
- You can revoke your consent at any time without affecting the admissibility of processing until the revocation. The easiest way to withdraw your consent is to use our consent manager or the functions below: a) through a corresponding setting in your browser software; if you suppress third-party cookies, you will not, in particular, see any ads from third-party providers; b) by deactivating personalized ads in Google via the link www.google.com/settings/ads, although this setting will be cleared when you delete your cookies; c) by deactivating personalized ads from providers involved in the self-regulation campaign 'About Ads', via the link www.aboutads.info/choices, although this setting will be cleared when you delete your cookies; d) by permanently deactivating ads in Firefox, Internet Explorer or Google Chrome browsers via the link https://support.google.com/ads/answer/7395996, Please note that in this case, you may not be able to make full use of all the functions on this website.
- You can obtain further information on the purpose and extent of data processing, as well as more information about your rights and setting options for protecting your privacy from: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; data protection conditions for advertising: https://policies.google.com/technologies/ads?hl=de&gl=de.
Data protection regulations for Stripe
- On our website we offer payment by means of 'Stripe' (Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA). This is a payment service that enables cashless payment for products and services on the Internet.
- We pass on the personal data collected by us, in particular your payment data, to Stripe as part of the payment processing, if this is necessary for the execution of the contract. The legal basis for the transfer of data is Art. 6, para. 1, point b GDPR (processing to fulfill a contract).
- The information collected is stored on Stripe servers, also in the USA. For these cases, Stripe has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws for international data transmission. We have also agreed so-called standard data protection clauses with Stripe, the purpose of which is to maintain an appropriate level of data protection in third countries. You can find more information about Stripe´s data privacy at https://stripe.com/de/guides/general-data-protection-regulation#stripe-und-die-dsgvo.