Privacy Policy

Data Privacy Statement

Thank you for visiting our website and for your interest in our company and services. The protection of your privacy when using our website is important to us. We,

trenzyme GmbH
Byk-Gulden-Str. 2
78467 Konstanz
(Imprint)

(hereinafter also referred to as “we” or “trenzyme”),

would like to inform you below concerning the processing of your personal data and concerning your rights as a data subject in the context of using our website

shop.trenzyme.com
(hereinafter also referred to as “website”)

as the data controller and also service provider.

The processing of your personal data will take place exclusively in the context of the legal provisions of data protection law in the European Union, in particular the EU General Data Protection Regulation (hereinafter “GDPR”) and in addition to the Federal Data Protection Act (hereinafter “BDSG”) and additional legal provisions on data protection (collectively “data protection laws”).
If you would like to take a look at the GDPR yourself, you can find it on the internet at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
This data privacy statement applies only to the website accessible by the domain shop.trenzyme.com. The following notes do not relate to other websites of trenzyme or third party websites of other providers to which the website is linked. The terms used such as e.g. “personal data” or its “processing” correspond to the definitions in Art. 4 GDPR.

1. Subject matter of the data protection, legal bases and sources

Subject matter of the data protection is personal data. Personal data are all information that relates to an identified or identifiable natural person (so-called data subject). Your personal data therefore includes all data that allows your person to be identified, such as e.g. your name, your address, your telephone number or your email address. Personal data also includes information necessarily arising through use of our website such as e.g. beginning, end and scope of the use or your IP address. 

Personal data are also collected, insofar as you provide them to us by performing a contract (contractual data). We process your data only when an applicable legal regulation permits this. We will base the processing of your data, inter alia, on the following legal bases:

  • Consent (Art. 6 Paragraph 1 Clause 1 a GDPR): We will process determined data only on the basis of your previously granted, express and voluntary consent. You have the right to revoke your consent at any time with effect for the future.
  • Fulfillment of a contract or performance of pre-contractual measures (Art. 6 Paragraph 1 Clause 1 b GDPR): We require determined data from you in particular to enter into or perform a contractual relationship with trenzyme.
  • Compliance with a legal obligation (Art. 6 Paragraph 1 Clause 1 c GDPR): We also process your personal data to comply with legal obligations such as e.g. supervisory regulations or retention duties under commercial and tax law.
  • Safeguarding legitimate interests (Art. 6 Paragraph 1 Clause 1 f GDPR): trenzyme will process determined data to safeguard its interests or the interests of third parties. However, this only applies when your interests do not overridden in the specific case.

Please note that this is not a complete or exhaustive list of the possible legal bases, but these are merely examples that should make the legal bases under data protection law more transparent. These personal data originate from the following sources:
Largely from you yourself, in particular by your use of our website, from your contact enquiries and possibly information upon conclusion of a contract.

Further information on the legal bases of the individual data processing processes on our website and on the sources of the underlying data can be found in the statements under the following points.

2. Hosting

We are hosting the content of our website at the following provider:

Shopify

The provider is the Shopify International Limited, Victoria Building, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter: “Shopify”).

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address and information about the device and browser you use. Shopify also analyses the number of visitors, visitor sources and customer behavior and compiles user statistics. When you make a purchase on our site, Shopify also collects your name, email address, shipping and billing addresses, payment information and other information related to the purchase (e.g., phone number, number of sales made, etc.). Shopify stores cookies in your browser for the purpose of analysis.

Please see the Shopify privacy policy for details: https://www.shopify.de/legal/datenschutz.

The use of Shopify is based on Art. 6(1)(f) GDPR. We have a legitimate interest the most reliable presentation of our website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

3. Server log data

You can visit our website without providing information about your person. By visiting our website, the following information concerning the access may be stored:

  • The IP address of the requesting end device,
  • accessed pages and files,
  • the http response code,
  • the number of accessed pages and files in bites,
  • the previous website from which you visit the website (referrer URL),
  • date, time and time zone of the server request,
  • browser type and version,
  • operating system of the requesting end device that was used.

We process these data based on Art. 6 Paragraph 1 Clause 1 f GDPR to provide the website, to ensure the technical operation and the security of our IT systems. We pursue the interest of enabling the use of our website and its technical functionality and to permanently maintain this. These data are automatically processed upon accessing our website. You cannot use our website without providing this data. We do not use this data for the purpose of drawing conclusions about your identity.
The automatically collected data are generally deleted after 7 days, unless we require them for the above-mentioned purposes for exceptionally longer periods. In such a case, we will delete the data without delay when there is no longer a purpose for it.
You cannot object to the collection and storage of your server log data since these data are necessarily required for seamless operation of the website.

4. Registration on this website

You have the option to register on this website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise, we shall reject the registration.

To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process.

We shall process the data entered during the registration process on the basis of your consent (Art. 6(1)(a) GDPR).

The data recorded during the registration process shall be stored by us as long as you are registered on this website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.

5. Communication via contact form or email

If you communicate with us via contact form or email, your voluntarily disclosed contact data (such as e.g. name, email address) are only purposefully collected, processed and used, either to receive and answer your request(s) and for technical administration. The data disclosed by you via our contact forms are encrypted upon transmission by Transport Layer Security (TLS), widely-known under the former name Secure Socket Layer (SSL).

The processing of data that are transmitted in the context of communication via contact form or via email takes place based on Art. 6 Paragraph 1 Clause 1 b GDPR when it concerns entering into a contractual relationship or based on Art Paragraph 1 Clause 1 f GDPR. In the latter case, we have a legitimate interest in processing contact requests voluntarily sent to us.

We delete the data indicated by you as soon as the purpose of the collection is completely unnecessary, subject to compliance with continuing legal retention duties.

Insofar as your data are processed based on legitimate interests, you may object to the storage of your personal data at any time. In this case, we will no longer process your data, provided we cannot prove any legitimate interest in doing so or are otherwise legally required to store it. To exercise your right to object in relation to storage, please contact us in writing, by fax or email.

But please note that upon communication via contact form, complete data security cannot be guaranteed by us and communication via email does not take place via a secured data connection. Accordingly, please refrain from sending any confidential information such as bank or credit card details, etc., via these methods. We recommend that you use a secure transmission route such as the mail to send confidential information.

6. Cookies

This website uses cookies and similar technologies, such as for example HTML5 Storage (hereinafter referred to as “cookies” as a whole) in order to be able to optimally design the website. This allows, inter alia, the navigation to be simplified and a high degree of user-friendliness.

Cookies are small identification markers which our webserver sends to your browser and which your end device stores in the case of corresponding standard setting. They can be used to determine whether communication with us from your end device already existed. As a result, they serve the purpose of making the usage more comfortable for you and optimizing our service. In this case, we distinguish whether the cookie is technically necessary, whether it is set by our website itself or by a third party. Please read the following provisions for detailed information on the type, function, purposes, legal bases and objection options to the data processing in the case of cookies.

If you use our website, you will be informed by us concerning the use of cookies. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission. You can change your cookie preference settings on our website at any time.

Furthermore you can object to the storage of cookies at any time by selecting “do not accept cookies” in your browser settings. Please use the help function of your browser for the processes for administration and deletion of cookies in the settings of your browser. You can also deactivate all cookies by means of free browser add-ons such as e.g. “Adblock Plus” (adblockplus.org/en) in combination with the “EasyPrivacy” list (easylist.to) or “Ghostery” (ghostery.com). If you do not accept cookies, this may, however, lead to functional limitations of the website.

a) Cookies that are absolutely necessary

We use the following cookies on our website that are absolutely necessary for the functioning of our website, to the storage of which we have a legitimate interest since we could not otherwise provide our website with determined underlying functionalities (e.g. you would have to log in again each time you changed the page):

Title

Function/purpose

Storage duration

_ga

Register a unique ID that is used to generate statistical data on how the visitor uses the website. The cookies collect information in anonymised form, including the number of visitors to our website.

2 months

_gid

Register a unique ID that is used to generate statistical data on how the visitor uses the website. The cookies collect information in anonymised form, including the number of visitors to our website.

Session

The data processing takes place to safeguard our legitimate interests on the basis of Art. 6 Paragraph 1 Clause 1 f GDPR. Our legitimate interest emerges in this respect from the outlined usage purposes.

b) Additional first party cookies

Additional first party cookies, which are not absolutely necessary to be able to use the website, fulfill important tasks. They allow comfortable surfing on our website, such as for example pre-filled forms. We can also respond to you with individually tailored offers. We use the following additional first party cookies on our website:

Title

Function/purpose

Storage duration

_dc_gtm_UA-#

Used by Google Tag Manager to control the loading of the Google Analytics script tags.

Session

_gat

Used to limit the requirement rate.

Session

The data processing takes place to safeguard our legitimate interests on the basis of Art. 6 Paragraph 1 Clause 1 f GDPR.  Our legitimate interest emerges in this respect from the outlined usage purposes.

c) Cookies from third party providers

To integrate content and functions of third party providers (see following points), we set cookies of third party providers (also called third party cookies) which for example allow them to obtain the information that you have accessed this website. Please visit the websites of the third party providers to obtain additional information on their use of cookies. We use the following cookies from third party providers:

Title

Function/purpose

Third party provider

Storage duration

collect

Used to send data concerning the device and behavior of the visitor to Google Analytics. Tracks the visitor via devices and marketing channels.

google-analytics.com

Session

yt-remote-caste-installed

Stores the user settings when a YouTube video integrated on other websites is accessed.

youtube-nocookie.com

Session

yt-remote-connected-devices

Stores the user settings when a YouTube video integrated on other websites is accessed.

youtube-nocookie.com

Persistent

yt-remote-device-id

Stores the user settings when a YouTube video integrated on other websites is accessed.

youtube-nocookie.com

Persistent

yt-remote-fast-check-period

Stores the user settings when a YouTube video integrated on other websites is accessed.

youtube-nocookie.com

Session

yt-remote-session-app

Stores the user settings when a YouTube video integrated on other websites is accessed.

youtube-nocookie.com

Session

yt-remote-session-name

Stores the user settings when a YouTube video integrated on other websites is accessed.

youtube-nocookie.com

Session

The data processing takes place to safeguard our legitimate interests on the basis of Art. 6 Paragraph 1 Clause 1 f GDPR. Our legitimate interest emerges in this respect from the outlined usage purposes.

You can find additional details and options to object to data processing in the case of cookies from third party providers in the following descriptions of the individual functions that relate to the use of such cookies or technologies similar to cookies.

Change cookie preference settings

7. Web analysis

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

    Google Tag Manager

    We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

    The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

    The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

    Hotjar

    This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

    Hotjar is a tool used to analyze your user patterns on this website. Hotjar allows us to for instance record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heatmaps, that make possible to determine which parts of the website visitor reviews with preference.

    We are also able to determine how long you have stayed on a page of this website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).

    Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.

    Hotjar uses technologies that make it possible to recognize the user for the purpose of analyzing the user patterns (e.g., cookies or the deployment of device fingerprinting).

    If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6(1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of Art. 6(1)(f) GDPR; the website operator has a legitimate interest in the analysis of user patterns to optimize both, the web presentation and the operator’s advertising activities.

    Deactivation of Hotjar

    If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link:  https://www.hotjar.com/policies/do-not-track/.

    Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device.

    For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link:  https://www.hotjar.com/privacy.

    Data processing

    We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

    8. Content from third party providers / Google Fonts

    We use services of third party providers on this website in order to embed their content such as e.g. fonts and maps (hereinafter “content”). The processing of your data takes place based on our legitimate interests (Art. 6 Paragraph 1 Clause 1 f GDPR) in the economic operation, the optimization (in particular the user-friendliness) and the usage analysis of our website.

    The third party providers of this content always receive information on your IP address since they could not transfer the content to your end device without the IP address. The IP address is required to display the content. It may also be that the third party providers store cookies on your end device.

    We use the following content from third party providers:

    • We integrate so-called Google Fonts from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website. You can find further information on data usage by Google, settings and objection options on the Google websites from the following link: https://policies.google.com/privacy?hl=en.

    You can prevent the storage and use of cookies for the listed services by setting your browser or browser add-ons accordingly (see above Point 6).

    You can find further information on data usage by Google and on settings and objection options on the Google websites from the link listed under a).

    9. Plug-ins and Tools

    Tidio

    We use Tidio (hereinafter referred to as “Tidio”) for the processing of user inquiries via our support channels or live chat systems. The provider is Tidio LLC, 180 Steuart St, CA 94119, San Francisco, California, USA.

    Messages you send to us, can be stored in the Tidio ticket system or our employees respond to them in the live chat system. If you communicate with us via Tidio, all data you have entered from the start of the chat (i.e., name or chat ID, address, and phone number) as well as your IP address, your country of origin, the utilized browser and device, the accessed website and the exchanges messages are consolidated in a profile and saved on Tidio’s servers.

    Messages that are addressed to us remain in our possession until you ask us to delete them or the reason for the data storage is no longer effective (e.g. after your inquiry has been processed). This shall be without prejudice to any statutory provisions – especially statutory mandatory retention obligations.

    The use of Tidio is based on Art. 6(1)(f) GDPR. We have a legitimate interest in marketing activities that are as effective as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

    For more information, please consult the data privacy declaration of Tidio: https://www.tidio.com/privacy-policy/.

    Data processing

    We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

    10. Recipients of personal data

    Your personal data are provided by us only to external recipients insofar as this is required to handle or process your matter, we have your consent for this or there is another legal permission available.

      External recipients may be in particular:

      • Order processors: These are service providers who we use to render services, for example in the areas of technical infrastructure and maintenance of our website. Such order processors are carefully selected by us and regularly checked to ensure that your privacy stays protected. These service providers may use the data exclusively for the purposes predefined by us and according to our instructions. We are authorized to use such order processors to safeguard the legal requirements of Art. 28 GDPR.
      • Public bodies: These are authorities, state institutions and other public corporations or supervisory authorities, courts, public prosecutors or finance authorities. Personal data are transmitted to such public bodies only for the legally required reasons. The legal basis of such a transmission is Art. 6 Paragraph 1 Clause 1 c GDPR.
      • Non-public bodies: Service providers and assisting individuals to whom data are transmitted based on a legal obligation or to safeguard legitimate interests, are for example tax advisers or auditors. The transmission then takes place based on Art. 6 Paragraph 1 Clause 1 c and/or f GDPR.

      11. Data processing in third party countries

      Insofar as we transmit your data to third party countries outside the EU or the EEA in accordance with the above statements, we ensure prior to the disclosure that there is either a suitable level of data protection or you consent to the data transmission irrespective of legally permissible exceptional cases for the recipient. A suitable level of data protection is for example ensured by an EU-US Privacy Shield certification of the recipient, the conclusion of EU Standard Contractual Clauses or the existence of so-called Binding Corporate Rules (BCR).

      12. Storage duration

      We store your personal data only for as long as it is required to fulfill the purposes or, in the case of consent, provided the consent is not revoked. In the case of an objection, we will no longer process your personal data, unless its further processing is permitted according to the relevant legal provisions or even obligatorily prescribed (e.g. in the context of retention duties under commercial and tax law). We will also delete your personal data when we are required to do so for legal reasons.
      Otherwise, you can find the details on the storage duration of your personal data from the respective statements in the previously listed points.

      13. Your rights

      As a data subject of data processing, you have numerous rights. They are in detail:

        Right of access (Art. 15 GDPR): You have the right to obtain access concerning the data stored by us about your person.

        Right to rectification and erasure (Art. 16 and Art. 17 GDPR): You can request us to rectify inaccurate data and, insofar as the legal requirements are met, to delete your data.

        Right to restriction of processing (Art. 18 GDPR): You can request us, insofar as the legal requirements are met, to limit the processing of your data.

        Right to data portability (Art. 20 GDPR): If you have provided data to us based on a contract or consent, you can request in the presence of the legal requirements that you obtain the data provided by you in a structured and commonly used format or that we transmit this data to another controller.

        Right to object to data processing based on legitimate interests (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing by us, provided this relates to legitimate interests within the meaning of Art. 6 Paragraph 1 Clause 1 f GDPR. Insofar as you make use of this right to object, we will adjust the processing of your data, unless we can prove compelling legitimate grounds for the continued processing which override your rights.

        Objection to cookies: You can also object to the use of cookies at any time. If you would like to object to the use of determined cookies, please take note of our statements under Point 5.

        Revocation of consent (Art. 7 GDPR): Insofar as you have granted us consent to the processing of your data, you can revoke this at any time with effect for the future. The legality of the processing of your data until revocation remains unaffected thereby.

        Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You can also lodge a complaint with the responsible supervisory authority when you believe that the processing of your data breaches applicable law. You can also optionally contact the data protection authority who is responsible for your habitual residence, your workplace or the location of the alleged infringement or the data protection authority responsible for us. The supervisory authority for data protection responsible for us is the State Officer for Data Protection in Baden-Württemberg (LfDI), contactable at Königstraße 10a, 70173 Stuttgart, Tel: 0711 615541-0, Fax: 0711 615541-15, Email: poststelle@lfdi.bwl.de, Internet: www.baden-wuerttemberg.datenschutz.de.

        For queries on the topic of processing of your personal data, your rights as a data subject and any granted consent, please do not hesitate to contact us using the methods of communication mentioned under Point 13. Please also use the below contact details directly to exercise your rights as a data subject.

        14. eCommerce and payment service providers

          Data transfer upon closing of contracts for online stores, retailers, and the shipment of merchandise

          Whenever you order merchandise from us, we will share your personal data with the transportation company entrusted with the delivery as well as the payment service commissioned to handle the payment transactions. Only the data these respective service providers require to meet their obligations will be shared. The legal basis for this sharing is Art. 6 (1)(b) GDPR, which permits the processing of data for the fulfillment of contractual or pre-contractual obligations. If you give us your respective consent pursuant to Art. 6 (1)(a) GDPR, we will share your email address with the transportation company entrusted with the delivery so that this company can notify you on the shipping status for your order via email. You have the option to revoke your consent at any time.

          Payment services

          We integrate payment services of third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank account details, credit card number) are processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contractual and data protection provisions of the respective providers apply. The use of the payment service providers is based on Art. 6(1)(b) GDPR (contract processing) and in the interest of a smooth, convenient, and secure payment transaction (Art. 6(1)(f) GDPR). Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing; consent may be revoked at any time for the future.

          We use the following payment services / payment service providers within the scope of this website:

          Klarna

          The supplier is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna“). Klarna offers various payment options (e.g., hire purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of Klarna checkout solution. For details on the use of Klarna cookies, please see the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

          Details can be found in Klarna’s privacy policy under the following link: https://www.klarna.com/de/datenschutz/.

          instant transfer Sofort

          The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have chosen the payment method “Sofortüberweisung”, please send the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. Sofort GmbH automatically checks your account balance after logging in and carries out the transfer to us with the help of the TAN you have transmitted. Afterwards, it immediately sends us a transaction confirmation. After you log in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also checked automatically. In addition to the PIN and the TAN, the payment data entered by you as well as personal data will be transmitted to Sofort GmbH. The data about your person are first and last name, address, telephone number(s), email address, IP address and possibly other data required for payment processing. The transmission of this data is necessary to determine your identity beyond doubt and to prevent fraud attempts. For details on payment with immediate bank transfer, please refer to the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

          American Express

          The provider of this payment service is the American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).

          American Express may transfer data to its parent company in the US. The data transfer to the US is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.

          For more information, please see the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

          Mastercard

          The provider of this payment service is the Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

          Mastercard may transfer data to its parent company in the US. The data transfer to the US is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

          Union Pay International Co., Ltd

          German Branch, An der Welle 4,60322 Frankfurt, für die Zahlungsmarken „CUP” und „Union Pay”
          http://www.unionpayintl.com/en/aboutUs/companyProfile/contactUs/Europe/Europe2/?currentPath=%2FglobalCard%2Fen%2Fglobal_7%2F10050072

          VISA

          The provider of this payment service is the Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

          Great Britain is considered a secure non-EU country as far as data protection legislation is concerned. This means that the data protection level in Great Britain is equivalent to the data protection level of the European Union.

          VISA may transfer data to its parent company in the US. The data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

          For more information, please refer to VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

          15. Contact in the case of queries on data protection

          In the case of queries on data protection and to exercise your rights as a data subject, please contact us as follows:

            trenzyme GmbH
            Byk-Gulden-Str. 2
            78467 Konstanz
            P: +49 (0) 75 31 / 1 22 90-0
            F: +49 (0) 75 31 / 1 22 90-11
            www.trenzyme.com
            E-Mail: privacy@trenzyme.com

            16. Security

            We take technical and organizational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or from access by unauthorized persons. These security measures are adapted accordingly to the state of the art.
            Your personal data transferred in the context of the use of our website are transferred to us securely through encryption. We use the encryption protocol Transport Layer Security (TLS), widely-known under the former name Secure Socket Layer (SSL).
            Our officers are obligated to data secrecy.

            17. Changes

            From time to time, it may be necessary to adapt the content of the present data privacy statement. We therefore reserve the right to change it at any time. Insofar as your consent is required for a change, we will obtain this from you. We will also publish the amended version of the data privacy statement at this point. When you revisit our website, you should therefore reread the data privacy statement.

              Issued: December 2023