Home
Enter Underverse

PRIVACY

PRIVACY

PRIVACY POLICY

Last updated: September 2022

Information notice for the website https://charonium.com/ ("Website") in accordance with Art 13 of the EU General Data Protection Regulation ("DSGVO") regarding data processing operations in the context of accessing and using the Website, as well as for the appearances in social networks shown under point 9, insofar as the respective platform is interacted with accordingly.

Thank you for your interest in our website. The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the legal requirements of the DSGVO in conjunction with the Austrian Data Protection Act (DSG) and other relevant legal provisions.

You are not obliged to provide data. Data automatically processed from the circumstance of accessing the website is not personal or is only stored for a very short period of time (see in particular point 6.1). However, if you would like to take advantage of our offers, in particular to purchase products via the online store, we need certain of your data to process the contract.

##Content

Information on the data controller & contact (1)

Definitions of terms (2)

Links to third party sites (3)

Data Subject Rights (4)

Transfer of your data; recipients (5)

Data processing operations (6)

6.1 Processing of access data when calling up the website

6.2 Contacting

6.3 Orders in the online store; user account

6.4 Newsletter

6.5 Web analysis and tracking

6.6 Legal storage and documentation obligations

Storage technologies and consent form (7)

7.1 Cookies

7.2 Local storage; session storage

7.3 Consent mask

7.4 Tracking pixel

Third-party services (8)

8.1 Common references

8.2 Overview and brief description

8.3 Shopify (online store operation)

8.4 Other third-party services and integrations

8.4.1 Google Services (i) Tag Manager (ii) Google Fonts (iii) Google Analytics (iv) Google Ads Conversion Tracking (v) Google Ads Remarketing

8.4.2 Meta Pixel

8.4.3 Twitter Conversion Tracking; Twitter Pixel

8.4.4 LinkedIn Insight tag

8.4.5 TikTok Business Tools; TikTok Pixel

Social media and platform appearances (9)

9.1 Facebook

9.2 Instagram

9.3 Twitter

Information on the person responsible for data processing & contact (1)

Responsible in the sense of Art 4 Z 7 DSGVO:

Charonium GmbH ("we").

Höttinger Gasse 32

6020 Innsbruck

Austria

Contact: Email: info@charonium.com

Definitions (2)

Data protection regulations focus on the processing of personal data, with certain exceptions. For the scope of this data protection declaration, the definition of the GDPR is used. Thus, the processing (Art. 4 Z 2 DSGVO) of personal data essentially includes any handling of the same. Insofar as data processed by us is human-related and makes you identifiable as a person, it is basically personal data, which means that you are to be regarded as the person affected by data processing (Art. 4 Z 1 DSGVO). For the best possible understanding of this privacy policy, the following terms are also relevant:

Term Explanation Definition Controller Natural or legal person or other entity that exercises decisive influence over data processing and is in turn subject to obligations under data protection law. Art 4 Z 7 DSGVO Art 24 DSGVO Jointly responsible persons Responsible persons who process data in the common interest and who each at least partially exercise decisive influence on the decisions made in this respect. Art 26 GDPR Processor External service provider who processes data on behalf of the controller and is contractually bound by the controller's instructions. Art 4 Z 8 DSGVO Art 28 DSGVO Recipient In principle, any natural or legal person or other body outside the organization of the controller to whom data from the controller's area of responsibility is disclosed. Art 4 Z 9 DSGVO Legitimate basis The legal basis, which creates an authorization to process personal data of data subjects lawfully. Art 6 (1) GDPR Third Country Transfer The transfer of personal data to countries outside the EU or the EEA, thereby removing it from the exclusive control of the GDPR through connecting factors to the respective legal system, by disclosure to a recipient that is either (i) established or (ii) operates data processing servers in a third country. Chapter V GDPR Adequacy Decision A decision by the EU Commission which certifies that a third country has an adequate level of data protection, thereby allowing free movement of data without additional restrictions. Art 45 GDPR Appropriate safeguards Appropriate safeguards are various instruments that allow data transfers to a third country for which no adequacy decision exists.

Art 46 GDPR

Links to third party sites (3)

We use links to third-party sites on our website and within this privacy policy. If you click on one of these links, you will be forwarded directly to the respective page. For the website operators, the only thing that is apparent is that you have accessed via our website. Please note, however, that the fact of accessing such a site exposes you to a new processing of your data in the sphere of influence of the respective third party! Accordingly, we generally refer to the separate data protection statements of these websites. Regarding our processing of your data in the context of our profiles in social networks and on comparable platforms, however, see point 9.

Rights of the data subject (4)

You have the following rights at any time with regard to your personal data processed by us, which can be exercised free of charge by notifying one of the contact options listed under point 1 and will be answered as soon as possible, but in any case within one (1) month (restrictions are possible in certain exceptional cases, for example in the event of imminent impairment of the rights of third parties): - Access to and further information about specifically processed personal data (right of access, Art 15 GDPR); - Correction of incomplete or inaccurate data recorded or become (right of rectification, Art 16 GDPR); - Deletion of data that (i) are not necessary for the purposes listed, (ii) are processed unlawfully, (iii) must be deleted due to a legal obligation or an objection (right of erasure, Art 17 GDPR); - temporary restriction of processing under certain conditions (right to restriction, Art 18 GDPR); - revocation at any time of consent once given (for definition of terms, see point 6) to the processing of your data; please note, however, that a revocation does not retroactively render past processing activities based on the consent concerned unlawful - it only has effect for the future (right of revocation, Art 7(3) GDPR); - object to processing of your data on the basis of our legitimate interest (for definition of terms, see point 6) for reasons arising from your particular situation, as well as object at any time to processing of your data for direct marketing purposes (right to object; Art 21 (1-2) DSGVO); - transfer your personal data, which we process for the performance of a contract or on the basis of your consent (see point 6 in each case), in a commonly used machine-readable format to you or directly to another controller (right to data portability, Art 20 DSGVO); - Right to lodge a complaint about the processing of your personal data by us with a national supervisory authority; a complaint in Austria must follow the requirements of Section 24 of the Data Protection Act and should be addressed to the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, (e-mail) dsb@dsb.gv.at, (telephone) +43 1 52 152-0 (to simplify procedures, the Austrian Data Protection Authority provides forms: https://www. dsb.gv.at/documents.

Transfer of your data; recipients (5)

In order to perform the processing activities listed in this Privacy Policy, your personal data will be transferred or disclosed to the following recipients: Within our organization, only those employees have access to your data who absolutely need this access to fulfill your or our corresponding obligations. Furthermore, commissioned processors receive your data if they need the data (or access to it) to provide their respective services. In the context of our website, the following processors used by us may receive access to your data: - Amazon Web Services EMEA Sàrl, Avenue John F. Kennedy 38, 1855 Luxembourg, Luxembourg (as hosting provider); - Socialweb Online GmbH, Anichstrasse 1, AT-6020 Innsbruck (as social media agency); - our newsletter service provider (see point 6.4); - the third-party providers outlined in point 8 as part of their service provision. In addition, we transmit your data to independent responsible parties, insofar as this is necessary or we are legally obligated to do so. These are in particular our tax consultancy, EA Steuerberatungs OG, Südtiroler Platz 12, AT-6330 Kufstein. In addition, there is a joint responsibility within the meaning of Article 26 of the GDPR with the platform operators described in section 9 with regard to the call-up of and interaction with our websites on the respective platform. In addition, there is joint responsibility with third-party providers of certain services (see point 8.4.5). Some of the aforementioned recipients have their registered office or server landscape outside the EU or the EEA or use (additional) processors for the provision of services to which this applies. Any resulting transfers of your data to the legal sphere of such third countries, for which no adequacy decision of the EU Commission pursuant to Art 45 GDPR exists with regard to the prevailing level of data protection, are based - unless otherwise stated - on standard data protection clauses of the EU Commission within the meaning of Art 46 (2) lit c GDPR as suitable guarantees.

Data processing operations (6)

This section describes the specific data processing operations that may occur when you access and use our website. In doing so, we inform you about the essential elements of each processing activity, which are (a) type and scope (when and how), (b) purpose (why) as well as (c) duration of the storage of your data (how long). In addition, we will inform you about the legal basis we use to justify the respective processing of your data within the meaning of the GDPR. The following table provides you with an initial overview of the legal bases that we specifically refer to in this regard: Basis Explanation Provision Consent You have given us consent for the specific case before carrying out the respective processing activity, which authorizes us to process your data. (For the right to revoke consent given at any time, see point 4.) Art 6 para 1 lit a DSGVO Contract performance The processing of your data is necessary in order to fulfill a contract concluded with you or to take pre-contractual measures, which are carried out at your request. Art 6 Abs 1 lit b DSGVO Legal obligation The processing of your data is necessary in order to comply with a legal obligation to which we are subject. Art 6 Abs 1 lit c DSGVO Legitimate interests The processing of your data is (i) necessary to protect our legitimate interests or the legitimate interests of a third party and we have (ii) weighed your potentially conflicting interests, fundamental rights and freedoms accordingly. (For the right to object, see point 4.) Art 6 para 1 lit f DSGVO

6.1 Processing of access data when calling up the website

(a) Type and scope of data processing: You can visit our website without having to provide any personal information. When you access the website, only general access data is stored automatically in so-called server log files. In particular, the following data is processed: (i) name of the website visited; (ii) browser type/browser version used; (iii) operating system used by the user; (iv) website previously visited (referrer URL); (v) time of the server request; (vi) volume of data transferred; (vii) host name of the accessing computer (IP address used in abbreviated form). This information does not itself allow us to draw any conclusions about your person; however, IP addresses are considered personal data within the meaning of the DSGVO. (b) Legal basis and purpose: The purpose of this data processing is to establish and maintain the technical security of our website, to improve its quality and to generate statistical information. The processing is based on our legitimate interest (Art 6 para 1 lit f DSGVO), which is to achieve the stated purposes. (c) Storage period: The server log files are generally only stored for short periods of time and deleted as soon as they are no longer necessary to achieve the above-mentioned purposes.

6.2 Contacting us

(a) Type and scope of data processing: When contacting us via one of the contact options listed within this privacy policy or on our website (esp. in the imprint), the information you provide will be processed for the purpose of handling the contact request and its processing. The processing of your data is necessary to process and respond to your request, otherwise we would not have the opportunity to contact you.

(b) Legal basis and purpose: The purpose of this data processing is to enable us to exchange information with users of the website. We answer your inquiries on the basis of our legitimate interest (Art 6 para 1 lit f DSGVO) in a functioning contact system as a prerequisite for the provision of any services (for the "right to object" see point 4). If your request relates to an existing contractual relationship with you or you are interested in concluding a contract, the data will be processed for the purpose of processing the contract or taking pre-contractual measures upon request (Art 6 (1) (b) of the GDPR).

(c) Storage period: We will delete your inquiry(s) and your contact data if your inquiry has been conclusively answered. Your data will generally be stored for six (6) months and will be deleted within fourteen (14) days after the expiration of this period, unless you send us follow-up inquiries or we need to further process the data for other purposes.

6.3 Orders in the online store; user account

(a) Type and scope of data processing: If you have decided to purchase products in our online store, you must provide certain information in the ordering process so that we can process the purchase contract concluded with you. For this purpose, you must create a user account, through which essential functions in connection with our offers are made available to you. Required information is marked with an "*" symbol; if necessary, you can provide us with certain information voluntarily.

(b) Legal basis and purpose: The processing of your data within the framework and for the handling of the ordering process serves the purpose that we can pursue our business activities and provide our online store offer. It is necessary for the fulfillment of the purchase contract concluded with you (Art 6 para 1 lit b DSGVO).

(c) Storage period: The data collected to carry out the order process will be stored by us in principle for the duration of the existence of the user account, in the case of completely inactive accounts, however, for a maximum period of three (3) years and then deleted within fourteen (14) days. If certain information is retained by us for you on the basis of a corresponding agreement, the respective data will, however, be retained for the duration of the current existence of this agreement and deleted only after its termination within fourteen (14) days. Longer storage periods for certain data may also arise, in particular due to legal retention periods (see point 6.6), and possibly also due to pending legal claims.

6.4 Newsletter

(a) Type and scope of data processing: On our website, you have the option of registering for our newsletter. The newsletter informs you about news concerning our company; it is sent exclusively to e-mail addresses provided by interested parties themselves. In the event that you no longer wish to receive the newsletter, you can unsubscribe at any time (revoke your consent) by sending a message to the contact address listed under point 1 or by clicking on the unsubscribe link at the end of each newsletter. For the delivery of the newsletter, we use the newsletter service "Sendinblue", which is operated by Sendinblue GmbH, Köpenicker Straße 126, DE-10179 Berlin. For this purpose, your voluntarily disclosed personal data is stored on servers of Sendinblue GmbH in order to send you the ordered newsletter. Sendinblue GmbH acts as our order processor in this context and is strictly bound by our instructions. Sendinblue also enables us to evaluate the success and reach of the newsletter. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often. In addition, we can see whether certain predefined actions were performed after opening/clicking (conversion rate).

(b) Legal basis and purpose: The above data is processed for the purpose of direct advertising in the form of a newsletter and is necessary to be able to send the newsletter. Under no circumstances will a newsletter or other electronic advertising be sent without your prior consent (Art 6 para 1 lit a DSGVO), which we obtain on our website (for the "right of withdrawal" see above as well as point 4). Subsequently, we will send you an e-mail to the specified e-mail address, which you can use to confirm your registration. Any evaluation of the performance of the newsletter is carried out on the basis of our legitimate interest in creating newsletter statistics that are easy to handle and effective in terms of marketing in a cost-efficient manner (Art 6 para 1 lit f DSGVO; for the "right to object" see point 4).

(c) Storage period: The data collected for the purpose of sending the newsletter will be deleted within fourteen (14) days after any unsubscription, unless the data is also permissibly processed for other purposes.

6.5 Web analytics and tracking

(a) Type and scope of data processing: With regard to accesses to our website, we analyze the behavior of visitors using various software solutions and tools provided to us by third-party providers. The individual services and their functional purpose are outlined in section 8.2; additional information can be found in the detailed descriptions in section 8.3.

(b) Legal basis and purpose: Within the scope of the functionality of the respective service, we use the collected data for the purpose of generating statistics, analysis reports and other information that provide us with conclusions about the user experience and allow us to personalize our offer. The legal basis is shown accordingly in the course of the presentation of the respective service.

(c) Storage period: We store the generated data within the framework of the specifications and possibilities of the respective service for as long as they are required for the fulfillment of the respective processing purpose.

6.6 Legal storage and documentation obligations

(a) Type and scope of data processing: In principle, we try not to store your personal data longer than absolutely necessary. Nevertheless, we cannot immediately delete certain data processed by you due to legal requirements. This concerns data relating to the billing of services provided via the website, which must be retained by us on the basis of tax law and company law retention and documentation periods, among other things. (b) Legal basis and purpose: We process your billing data in this context on the basis of Art 6 para 1 lit c DSGVO (legal obligation). The processing of your data on this basis serves the purpose of fulfilling relevant legal obligations. (c) Storage period: Your billing data will generally be stored for a period of seven (7) years due to retention and documentation periods under tax law and company law. If the data is relevant for pending (tax) proceedings, it may be stored for a longer period. Storage periods for certain data that deviate from this may result from other legal requirements.

Storage technologies and consent form (7)

We use the following technologies for various purposes on our website. Insofar as information is stored on your end device or information stored there is accessed, this is referred to as storage technologies, which are subject to special data protection rules. Insofar as their use is not technically necessary for the maintenance of our website operation, we obtain your prior consent. In addition, we use other technologies for similar purposes and may process data collected in this way using storage technologies. Storage technologies are also used as part of the third-party services described in section 8.

7.1 Cookies

So-called "cookies" are used on our website if you give us your consent (Art 6 para 1 lit a DSGVO) (for the "right of revocation" see point 4 as well as point 7. 3); if you refuse such consent, we limit the cookie setting to technically necessary cookies, which we need to maintain the functionality of our website (see below) and use on the basis of our legitimate interest in this regard (Art 6 para 1 lit f DSGVO), insofar as this involves the processing of personal data (for the "right to object" see point 4). Cookies are small data sets that are basically managed by your browser on your terminal device and stored there. They are initially placed by a web server and sent back to it as soon as a new connection is established in order to recognize the user and his settings. Your terminal device is assigned a specific identity consisting of numbers and letters. Cookies can serve various purposes and, for example, help to maintain the functionality of a website in terms of functions and user experience according to the state of the art. The actual content of a specific cookie is always determined by the website that created it. In any case, cookies always contain the following information: - name of the cookie; - name of the server from which the cookie originates; - ID number of the cookie; - an end date, after which the cookie is automatically deleted. Cookies can be differentiated by type and purpose as follows: - Technically necessary cookies: Technically necessary (also: essential) cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. In many cases, a website cannot function properly without these cookies. Technically necessary cookies are always first-party cookies. These cookies can only be deactivated in your browser settings by rejecting all cookies without exception (see below) and are also legally used on our website without obtaining consent. - Preference cookies: Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in. - Statistics cookies: Statistics cookies help website operators understand how visitors interact with websites by collecting and analyzing information anonymously. Such cookies are consequently used to collect information about user behavior. For example, the following information may be stored: sub-pages accessed (duration and frequency); order of pages visited; search terms used that led to a visit to our website; movements of the mouse (scrolling and clicks); country and region of access. The cookies allow us to determine what the user is interested in and thereby adapt the content and functionality of our website to individual user needs.

  • Tracking cookies: Tracking cookies are used to track visitors to websites. The intention is to serve ads that are relevant and engaging to the individual user, and therefore more valuable to publishers and third-party advertisers. This is made possible by analyzing your usage behavior, which allows for the appropriate personalization of advertising based on the interests identified as a result. - Social media and plugin cookies: Such cookies originate from third-party platforms and services and are necessary to retrieve content from the respective platform or service that is integrated into a website. They may in turn be used by the respective third-party provider for certain analysis and tracking purposes (especially in connection with accounts maintained there). According to the storage period, a distinction is also made between: - Session cookies: These cookies are deleted without your intervention as soon as you end your current browser session - Persistent cookies: These cookies (e.g. for storing your language settings) remain stored on your end device until a previously defined expiration date or until you manually remove them. First-party cookies: Such cookies are used by us and are set directly by our website. They are generally not made accessible by browsers across domains, which is why the user can only be recognized by the site from which the cookie originated. - Third-party cookies: Such cookies (also third-party cookies) are not set by us, but by third parties, especially for advertising purposes (e.g. to track surfing behavior) when you visit our website. This concerns, for example, information about different page views as well as the frequency of the same. Most browsers accept cookies automatically. For submission and revocation of your consent via our consent form, see section 7.3. However, you also have the option of adjusting your browser settings so that cookies are either generally rejected or only certain types are permitted (e.g. restricting the rejection to third-party cookies). However, if you change the cookie settings of your browser, you may no longer be able to use our website to its full extent. You also have the option of deleting all cookies already stored in your end device via the browser settings. This also corresponds to a revocation of your consent.

7.2 Local Storage; Session Storage

If you give us your consent (Art 6 (1) (a) DSGVO), we use the storage capacity of your browser software, for example, for the purpose of improving the usability of our website, its user-friendliness and our offer in general (e.g. to save your language settings). (For the "right of revocation" see section 4 and section 7.3) For this purpose, we use the so-called local storage or session storage to store certain data on your terminal device, whereby your browser creates the local storage or session storage separately for different domains. Apart from you, only we can access the data that is processed in this context. Insofar as this is technically absolutely necessary to maintain the functionality of our website, certain information may also be stored in the local or session storage of your browser without your consent. Uninvolved third parties are never able to access this information; however, it may be stored on your terminal device by our partners (third-party providers) on our behalf for specific purposes. In contrast to cookies, this method is faster and more secure, as data is not automatically transferred to the respective server with every HTTP request, but is merely stored by your browser software; in addition, the Local Storage or Session Storage each offers up to 5 megabytes of storage volume, while a single cookie can be a maximum of 4096 bytes. Since the functionalities are similar to cookies, what has been said under point 7.1 applies mutatis mutandis. Please note that information in Local Storage has no predefined expiration date (it is comparable to persistent cookies). Information in Session Storage, on the other hand, is only stored for the duration of the respective browser session (they are comparable to session cookies). For submission and revocation of your consent via our consent form, see section 7.3. Manually removing data from the local storage or session storage functions within the settings of most browsers in exactly the same way as the manual removal of cookies, since cookies are usually combined with other website data within this option (e.g. "cookies and other website data"); in this respect, we refer to the explanations under section 7.1. If the browser software you use combines cookies and other website data in this way, blocking cookies also blocks access to the local storage or session storage (which can also lead to restrictions on the use of our website). If you deactivate JavaScript, the local storage or session storage can also no longer be used by us, but this can generally lead to considerable restrictions in use.

7.3 Consent mask

In order for us to ensure that you give us your prior consent for the use of storage technologies, insofar as this is specifically required, a corresponding consent mask appears automatically when you access the website. There you can make your desired settings using the options that appear in each case. A necessary cookie is stored on your terminal device to save your selection. If you do not give us your consent, certain content on our website may not be usable.

7.4 Tracking pixel

Another possibility apart from storage technologies to collect certain user data exists through so-called tracking pixels (also: tracking pixels, pixel tags or web beacons). These are transparent images that are practically invisible because they consist of only a single pixel. The tracking pixel is located on a server and is loaded as soon as a designated sub-page of our website is called up. They enable us to track the circumstance of a website visit as well as subsequent user activity in order to provide targeted marketing. With the help of the tracking pixel, the following information can generally be retrieved: (i) operating system used; (ii) browser software used; (iii) time a web page was viewed; (iv) user behavior on the web page visited; (v) IP address and approximate location of the user. Tracking pixels are used on our website on the basis of our legitimate interest (Art 6 para 1 lit f DSGVO; for the "right to object" see point 4) in a state-of-the-art analysis of accesses; if necessary, we also obtain your prior consent in certain cases (Art 6 para 1 lit a DSGVO; for the "right to revoke" see point 4). Since it is merely an image loaded from a server, the lifetime of a tracking pixel cannot extend beyond a single browser session. However, information generated by tracking pixels may subsequently be stored using storage technologies (see above).

Third-party services (8)

8.1 Common Information

Processing Purposes: In order to optimize our website for its intended use and to provide features that are necessary or useful for service delivery or commercially reasonable operation, as well as to provide users with features commonly expected as part of our business operations, we use a number of services on our website that are provided by third party vendors and are described below. Processing Roles: Unless otherwise stated, the respective service providers act as our processors and therefore provide their services on our behalf based on a corresponding agreement. Where applicable, service providers may also use data received as data controllers for their own purposes, in particular to optimize their own offerings. Regardless of their specific role in the processing context, they are in any case considered recipients of certain of your data, as the provision of the respective service on our website requires processing by the associated service provider. Necessary data processing: From a purely technical point of view, certain data is transmitted when you visit any website, which is basically also passed on to all integrated services and in its entirety represents the digital fingerprint that you leave behind in the course of your online activities - this fingerprint (browser fingerprint) can be used to draw certain conclusions about you or your terminal device. The following categories of "connection data" can be distinguished, which are (or can be) transmitted to the server to which the request is directed to provide the website or a specific file: (i) Implicit connection data (automatic, forced and unsolicited transmission): - IP address of the accessing computer; - user agent (browser type/version, operating system); - page accessed (URL); - page from which the user came (referrer); - time of access; - language setting. (ii) Explicit connection data (transmission, if provided for in the code of the respective service): - screen resolution; - color depth; - time zone; - touch screen support; - browser plugins. In addition, most of the services in question use cookies or similar storage or tracking technologies (see point 7). Third-country transmission: Some of the service providers used have their headquarters or server landscape outside the EU or the EEA or use (additional) contract processors for the provision of services to which this applies. Any resulting transfers of your data to the legal sphere of such third countries, for which no adequacy decision of the EU Commission pursuant to Art 45 DSGVO exists with regard to the prevailing level of data protection, are based - unless otherwise stated - on standard data protection clauses of the EU Commission within the meaning of Art 46 para 2 lit c DSGVO as suitable guarantees.

8.2 Overview and brief description

Below you will find a condensed presentation of the services used as well as the essential accompanying legal information. By clicking on the name of the respective service, you will be taken to the linked privacy policy of the respective provider (in German, subject to availability). Please note, however, that the fact of accessing such a third-party site exposes you to a new processing of your data in the sphere of influence of the respective third-party provider (cf. point 3). Service Processing Purpose Legal basis Shopify(online store operation) Depending on the individual case; use of the range of services provided to us Provision of a modern online store Depending on the individual case; esp consent (Art 6 para 1 lit a DSGVO) and legitimate interests (Art 6 para 1 lit f DSGVO) Google Tag Manager Website structure Technical structure of the website Legitimate interests (Art 6 para 1 lit f DSGVO) Google Fonts Presentation of Google fonts Uniform presentation of the website Legitimate interests Art 6 para 1 lit f DSGVO Google Analytics Website analysis; Tracking Analysis of the usage behavior of our website Consent (Art 6 Abs 1 lit a DSGVO) Google Ads Conversion tracking Marketing; Tracking Analysis of the effectiveness of advertising measures, implementation of advertising campaigns Consent (Art 6 Abs 1 lit a DSGVO) Google Ads Remarketing Marketing; Tracking analysis of the effectiveness of advertising measures; implementation of advertising campaigns Consent (Art 6 para 1 lit a DSGVO) Meta Pixel Website analytics; Tracking analysis of usage behavior on our website Consent (Art 6 para 1 lit a DSGVO) Twitter Conversion tracking; Twitter Pixel Website analytics; Tracking analysis of usage behavior on our website and the effectiveness of advertising measures Consent (Art 6 para 1 lit a DSGVO) LinkedIn Insight tag Website analytics; Marketing; tracking analysis of usage behavior on our website and the effectiveness of advertising measures; implementation of advertising campaigns Consent (Art 6 para 1 lit a DSGVO) TikTok Business Tools; TikTok Pixel Marketing; tracking analysis of the effectiveness of advertising measures; implementation of advertising campaigns Consent (Art 6 para 1 lit a DSGVO)

8.3 Shopify (Online Shop Operation)

We use the service of Shopify International Ltd, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify International") for the creation and operation of our website. Shopify International's range of services provides the framework within which we can operate a professional online store that is adapted to the current technical state of the art. This includes functions that are necessary for the operation of the online store (e.g. shopping cart, technical processing of the payment process) as well as the analysis services required for an appropriate promotion and presentation of our offer. The data collected is in particular the data provided by you in the context of the use of our online store (see in particular point 6.3) as well as information about your terminal device and usage behavior (e.g. data about your interaction behavior with our website). For this purpose, Shopify International works with cookies (or comparable storage technologies; see point 7), which (in the case of cookies that are not technically necessary) are placed on your terminal device after you have given your consent (Art 6 para 1 lit a DSGVO) (for the "right of revocation" see point 4). In the context of Shopify International's technically necessary services for us, processing in this regard is based on our legitimate interests (Art 6 para 1 lit f DSGVO) in a functioning and technically adequate online store (for the "right to object" see point 4). Shopify International acts in this regard as our order processor pursuant to Art 28 DSGVO. For the exact breakdown of all cookies placed by Shopify International, we refer to the corresponding explanations in the Cookie Policy of Shopify International https://www.shopify.de/legal/cookies for reasons of transparency and correctness. If applicable, your data may also be transferred to companies affiliated with Shopify International or third-party providers used by Shopify International to provide services. For the relevant transfer of your data by Shopify International to such sub-processors within the meaning of Art 28 (4) DSGVO, we refer to the corresponding presentation of the (core) sub-processors at https://help.shopify.com/de/manual/your-account/privacy/GDPR/subprocessors. More detailed information on data transfers by Shopify International can also be found at https://help.shopify.com/pdf/cross-border-whitepaper.pdf. You can also find more detailed information on data processing in the Shopify privacy policy at https://www.shopify.de/legal/privacy/customers.

8.4 Other third-party services and integrations

8.4.1 Google services

The services described below are provided to us by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland ("Google Ireland"). Google Ireland tries to process the data of users from the EEA region in European data centers as far as possible, but your data may be transferred to companies affiliated with Google Ireland, in particular to the parent company based in the USA, Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. An overview of all Google data center locations can be found here:

https://www.google.com/about/datacenters/inside/locations/?hl=de. For more information on the use of data by Google Ireland and affiliated companies, as well as on setting and objection options, please refer to the Google privacy policy at https://policies.google.com/privacy?hl=de. If you come into contact with Google services while you are logged into your Google account, Google Ireland may be able to assign your data records collected in this regard to this account. We therefore request that you log out of your Google account before (further) using our website. (i) Tag Manager We use the Google Tag Manager ("GTM") on our website. GTM is a service that allows us to manage website tags through a custom interface. This allows us to include code snippets such as tracking code or tracking pixels on our website without interfering with the source code. In doing so, the data is only forwarded by the GTM, but not collected or stored. The GTM does not set any cookies itself and serves us purely for the administration of other services of our online offer. The GTM provides for the resolution of other tags, which in turn may collect data. However, the GTM does not access this data (it simply makes a request to the relevant Google servers). We base the use of the GTM on our legitimate interest (Art 6 para 1 lit f DSGVO; for the "right to object" see point 4) in the efficient and economic management of the online services of our website. The purpose of the processing is to better adapt our offer to the interests of our users through the effective use of these services and to generate corresponding evaluations. (ii) Google Fonts We integrate the "Google Fonts" fonts on our website, as these are web-optimized and save data volume. This results in a shorter loading time of the website and a uniform appearance on all end devices and common browsers. When using Google Fonts, your connection data (see point 8.1) is transferred to Google servers and stored there. The use of Google Fonts is for the uniform and appealing presentation of our website, this represents a legitimate interest within the meaning of Art 6 para 1 lit f DSGVO (for the "right to object" see point 4). The purpose of the data processing is to make our website more attractive for users through a uniform presentation. Google Ireland acts as an independent controller with regard to your transferred data and uses it for analysis purposes. More information about Google Fonts can be found here: https://developers.google.com/fonts/faq. (iii) Google Analytics We use the web analysis and online marketing tool "Google Analytics" on our website, which enables us to analyze the use of the website. The tool records, for example, the time users have spent on sub-pages of our website or on which links users have clicked. Furthermore, Google Analytics allows us to record when a website user reaches goals (so-called conversions) set by us. The tracking is done with the help of JavaScript libraries provided by Google Ireland. Google Analytics works with cookies or comparable technologies (see point 7). In the context of the use of Google Analytics, connection data (see section 8.1) is transmitted to Google servers and stored there. On our behalf, Google Ireland will use the information collected to evaluate the use of our website, to compile reports on website activities and to provide us with other services related to the use of our website and the Internet. The IP address transmitted by your browser will not be merged with other data from Google Ireland. The IP address transmitted by your browser will not be merged with other data from Google Ireland. To best protect you, we use IP anonymization by adding "anonymizeIP" to our website code. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases is the full IP address transmitted to a Google server and shortened there. We base the use of Google Analytics on your prior consent (Art 6 para 1 lit a DSGVO; for the "right of revocation" see point 4). The data about the use of our website will be automatically deleted after the end of the retention period of fourteen (14) months set by us for Google Analytics.

(iv) Google Ads conversion tracking In order to advertise our offer in the most effective way, we use "Google Ads". Google Ads enables us to use the enormous reach of Google Ireland to advertise our offer and to draw the attention of potentially interested users to it. In this context, we use the tracking tool "Google Ads Conversion Tracking" or "Conversion Tracking" from Google Ireland to gain feedback on our advertising efforts via Google. Conversion tracking enables us to generate information about the reception of our advertising offer by recording so-called "conversions". A conversion refers to the process when a defined goal is reached by a website user. For example, the conversion of a website user who shows interest in our offer to someone who actively interacts with it (e.g. clicks on one of our advertising measures and is then redirected to our website). The analysis of conversions allows us to obtain useful information about the uptake of our offer and to better adapt it to the needs of our website users. The conversion tracking collects your data via a tag embedded on our website. If a conversion occurs (for example, if you click on our advertisements), conversion tracking uses cookies or similar technologies (cf. point 7) to subsequently store data about your user behavior. For example, your click and interaction behavior regarding our offers is recorded. Further data collected by conversion tracking are connection data (cf. point 8.1). If necessary, these records can be further refined by Google Analytics (see section 8.3.1 [iii]). We base the use of conversion tracking on our website on your prior consent (Art 6 para 1 lit a DSGVO; for the "right of revocation" see point 4). Your data collected in this context will generally be deleted after a few months. (v) Google Ads Remarketing We use the Google Ads Remarketing ("Google Remarketing") service on our website. Remarketing means the renewed addressing of former users of our website with offers that may be of interest to you. If, for example, you show an interest in certain services when visiting our website, we can use Google Remarketing via Google Ads (see section 8.3.1 [iv]) to provide you with further ads that may be of interest to you after you leave our website. For this purpose, Google Remarketing works with cookies or similar storage technologies (cf. point 7), which make it possible to recognize you when you visit other participant pages of the Google advertising network. Google Remarketing works via advertising campaigns which are based on so-called remarketing lists. These lists can in turn contain various predefined behavior-based target groups. If the behavior of a user corresponds to this target group, the cookie set for this target group is supplemented with an ID. If the user subsequently moves to a website that offers advertising space within the Google advertising network, we can display our offers again. In the course of the process described here, connection data is collected (cf. point 8.1) as well as data about your interaction behavior with our website (e.g. when you click on one of our offers). We base the use of Google Remarketing on our website on your prior consent (Art 6 para 1 lit a DSGVO; for the "right of revocation" see point 4). You can prevent the use of your data for the personalization of advertising by Google through the appropriate settings on the deactivation page of the Google Marketing Platform (https://adssettings.google.com/authenticated?hl=de#display_optout) or the deactivation page of the Network Advertising Initiative (https://thenai.org/opt-out/) or through appropriate device settings (see point 7.1).

8.4.2 Meta Pixel

Within our offer, we use the "Meta Pixel", provided that you have given us your consent in advance (Art 6 para 1 lit a DSGVO; for the "right of revocation" see point 4). This is a Meta Business Tool for which Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta Ireland") is responsible for data protection in the EEA. The Meta Pixel is embedded in our website as a JavaScript code snippet and enables us to track the activities of website users. Certain actions that a user takes are defined as so-called events and are analyzed with the help of the pixel (in particular, calling up a specific sub-page of our website, so-called button click data); this allows us to measure, for example, the effectiveness of the construction of our website and the effectiveness of our advertisements (conversion tracking). The meta pixel is therefore used for statistical and market research purposes in order to optimize our offer. In particular, targeted advertisements on various meta platforms (e.g. Instagram) are displayed to users who are recognized on our website via the meta pixel (retargeting). In addition to the defined event data, the Meta Pixel collects your connection data (see point 8.1) as well as a pixel ID and cookie information. This data is exchanged with Meta Ireland. By activating the "extended matching" function, our use of the Meta Pixel and accordingly the exchange of data with Meta Ireland is not limited exclusively to event data; rather, data is enriched with data that is read, in particular, from entries in text fields when you are on our website and is hashed (pseudonymized) and transmitted to Meta Ireland together with the associated event data. Tracking takes place by means of tracking pixels and cookies (see point 7). Your data may be transferred to companies affiliated with Meta Ireland, in particular Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA. The data is stored and processed by Meta Ireland on our behalf; Meta's own use of data, in particular for the personalization of functions and content (including advertisements and recommendations), occurs only after the data has been aggregated with data from other advertisers or from other Meta products. The enrichment of event data with data from advanced matching allows us to improve the conversion measurement performed using the Meta Pixel and to better match Meta users in order to make advertising more interesting for users while improving the effectiveness of our advertising campaigns. The hashed (pseudonymized) data from the enhanced matching is immediately deleted in its personal form by Meta Ireland after appropriate linking. Overall, non-personal clusters are formed, which are stored for a longer period of time. If you have created an account on the social Meta network "Facebook" and are logged in, you can manage your settings for personalization of advertising by Meta here: www.facebook.com/settings?tab=ads. You can also make settings for usage-based online advertising via https://www.youronlinechoices.com/de/praferenzmanagement/?tid=331645673048.

8.4.3 Twitter conversion tracking; Twitter Pixel

We use a service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter International") on our website, which enables us to analyze the behavior of our website users after they have interacted with our advertising measures on Twitter ("Twitter Conversion Tracking"). For this purpose, we use the tracking pixel provided by Twitter International (see item 7.4), the "Twitter Pixel", on our website. Twitter conversion tracking is integrated into our website via a tag (code snippet) and enables us to generate various website actions defined by us, so-called "conversions". A conversion occurs when a defined goal is achieved by a website user (e.g. the conversion of a website user who is interested in our offer to someone who actively interacts with our offer). This allows us to determine when and how users visit our website or interact with our products (e.g. click on one of our advertisements). Should a conversion occur, it will be recorded using the Twitter Pixel. Twitter then uses conversion tracking cookies or similar technologies (cf. point 7) to store the data about your user behavior. By evaluating these conversions, we can gain important information about the reception of our offer and thus better tailor it to your needs. We base the use of Twitter conversion tracking on your prior consent (Art 6 para 1 lit a DSGVO; for the "right of revocation" see point 4). If applicable, your data may be transferred to companies affiliated with Twitter International, in particular to the parent company based in the USA, Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For more information about Twitter International's data processing activities, please see the privacy policy at https://twitter.com/de/privacy.

8.4.4 LinkedIn Insight Tag

On our website, we use a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn Ireland"), which enables us to analyze the behavior of our website users, allows us to gain information about the reception of our advertising offer and enables additional and effective advertising measures ("LinkedIn Insight Tag"). The LinkedIn Insight Tag is a tag (code snippet) that we have embedded on our website and through which we can measure the interaction behavior of our website users. In doing so, the LinkeIn Insight tag enables us to obtain demographic information about the users. This allows us to gain important insights into user behavior on our website and to better adapt our offer to your needs. Another function of the LinkedIn Insight tag is the recording of individually defined website actions, so-called "conversions". A conversion occurs when a defined goal is reached by a website user (e.g. the conversion of a website user who is interested in our offer to someone who actively interacts with our offer). Here, for example, the click and interaction behavior with regard to our offers is recorded. This allows us to determine when and how users visit our website or interact with our offers (e.g. click on one of our advertisements). Accordingly, we can gain important insights about the reception of our offer by our website users and better tailor it to your needs and preferences. In addition, the LinkedIn Insight tag enables us to conduct so-called retargeting campaigns. "Retargeting" means retargeting former users of our website with offers that may be of interest to them. For example, we can play out tailored content again after a successful interaction with one of our offers. Here, the LinkedIn Insight tag allows us to define specific target groups (so-called audiences). If the behavior of a user corresponds to a target group, this user is assigned to it and can then be identified again and informed about suitable offers. The LinkedIn Insight tag works with cookies or similar technologies (cf. point 7) to store the generated data. Further data collected by the tracking are connection data (cf. point 8.1). Your IP address is only collected in abbreviated form. We base the use of the LinkedIn Insight tag on your prior consent (Art 6 para 1 lit a DSGVO; for the "right of withdrawal" see point 4). Further information about the data processing activities of LinkedIn Ireland can be found at https://www.linkedin.com/legal/privacy-policy.

8.4.5 TikTok Business Tools; TikTok Pixel

We use various services ("TikTok Business Tools") on our website, which are provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok Ireland") and TikTok Information Technologies UK Limited, One London Wall, 6th Floor, London, England ("TikTok England"). By using TikTok Business Tools, we are able to measure your interaction patterns with our advertising efforts to understand their effectiveness and reception. This allows us to better tailor our offerings to your individual needs. In addition, the TikTok Business Tools allow us to improve the effectiveness of our advertising campaigns by using the services to better tailor them to specific user groups. To this end, we use the provided tracking pixel (see Section 7.4), "TikTok Pixel", on our Website. First, the TikTok Business Tools allow us to measure so-called events (also referred to as conversions). An event describes the occurrence of a predefined event. For example, the conversion of a website user who shows interest in our offer to someone who actively interacts with it (e.g. clicks on one of our advertisements and is then redirected to our website). The statistical analysis of such events allows us to obtain useful information about the reception of our offer and to better adapt it to the needs of our website users. In addition, through the TikTok Business Tools, we are able to target our advertising offers to potentially interested user groups. For this purpose, certain categories/groups of users are created based on behavioral characteristics (so-called Custom Audiences). Subsequently, the users of our website are assigned to these categories if their individual behavior corresponds to one of these predefined user groups. In this case, an identification number is assigned to their end device through cookies and similar storage technologies (see point 7). If these users subsequently move to a website on which advertising space is available to us (especially the TikTok social media platform), we can (re)display our offers to them. In order to achieve the above purposes, your data is first collected through the use of various technologies (esp. the TikTok Pixel) which are available to us as part of the TikTok Business Tools. Subsequently, your data collected in this context will be stored in cookies or similar storage technologies (see point 7). This allows us to analyze certain aspects of your usage behavior. Other data collected through tracking is connection data (see point 8.1). We base the use of TikTok Business Tools on your prior consent (Art 6 para 1 lit a DSGVO; for the "right of withdrawal" see point 4). Your data collected in this context will generally only be stored for short periods of time and deleted as soon as they are no longer necessary to achieve the above-mentioned purposes. During the use of TikTok Business Tools to the extent indicated above, we are jointly responsible with TikTok Ireland and TikTok England for the processing of your data collected in this context in accordance with Art 26 DSGVO. In this regard, TikTok Ireland and TikTok England act as primary contacts for the exercise of your data subject rights under the provisions of the GDPR. We therefore encourage you to bring your concerns in this regard to TikTok Ireland or TikTok England as a matter of priority, although you are free to exercise your relevant rights against us as well. For more information on how to exercise your rights against TikTok Ireland or TikTok England, please see their privacy notices at: https://www.tiktok.com/legal/privacy-policy-eea?lang=de. Where applicable, in addition to the transfer of your data to TikTok England, there may be a third country transfer of your data to companies affiliated with TikTok Ireland. In this regard, we refer to our explanations under point 8.1 on third country transfer. Following the processing activity described in this section, your data may be further processed by TikTok Ireland or TikTok England as independent data controllers. Such processing serves the purpose of improving the products of TikTok Ireland or TikTok England, for example, in order to better target them to specific groups or to generate statistical analyses.

Social media and platform presences (9)

For the purpose of promoting our business activities and advertising our offers, we maintain presences in social networks as well as on comparable platforms. The processing of your data in this context is based on our legitimate interests pursuant to Art 6 para 1 lit f DSGVO, which are to increase our reach as well as to provide users of social networks and platforms with additional information and communication channels (for the "right to object" see point 4). For the best possible achievement of these purposes, reach measurement (access statistics, recognition of returning users, etc.) may be carried out within the framework of the offer of the respective service provider. In the context of accessing one of the online presences illustrated below, we process the general information that is evident from your profile with the respective provider and, if applicable, further inventory data, contact data or content data, insofar as you make these available to us by interacting with our respective online presence and its content. Separate storage of this data outside the respective social network does not take place on our part. Since we decide jointly with the respective provider (or the entity otherwise designated as responsible) on the purposes and means with regard to the data processing that occurs within the scope of our respective online presence, joint responsibility within the meaning of Art. 26 DSGVO applies in each case. In this context, the provider of the respective platform is the central contact for all general as well as technical questions in connection with our online presence; this also applies to the fulfillment of data subject rights within the meaning of point 4. As far as inquiries concern the concrete operation of our online presence, your interactions with the same as well as the information published/collected thereon, we, on the other hand, are the primary contact; point 4 and the other explanations of this privacy policy apply accordingly.

9.1 Facebook

From a data protection perspective, the social network "Facebook" is the responsibility of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta Ireland") in the EEA region. With regard to the operation of our Facebook fan page "Charonium" (https://www.facebook.com/charonium), we are jointly responsible with Meta Ireland for the processing of your personal data carried out in this context within the meaning of Art 26 DSGVO. Your data may also be transferred to companies affiliated with Meta Ireland, in particular Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA; any transfer of your data by Meta Ireland to such affiliated companies is based on standard data protection clauses of the EU Commission within the meaning of Art 46 para 2 lit c DSGVO. Please note that we have no influence on the programming and design of the social network, but can only personalize and manage our Facebook fan page to the extent provided by Facebook. Therefore, please take into account the conditions that the service provider places on the use of the social network (https://www.facebook.com/terms), the separately provided data protection information (https://www.facebook.com/policy.php) and the existing settings options in your Facebook account. We are, of course, fully responsible for the information we provide using the mechanisms provided by Facebook (posts, shares, etc.).

9.2 Instagram

The social network "Instagram" is operated by Instagram Inc, 1601 Willow Road, Menlo Park, California 94025, USA, which is part of the Meta Group. The data protection controller for the EEA region is Meta Ireland (see point 9.1). With regard to the operation of our Instagram account "charonium_com" (https://www.instagram.com/charonium_com/), we are jointly responsible with Meta Ireland for the processing of your personal data carried out in this context within the meaning of Art 26 DSGVO. Your data may also be transferred to companies affiliated with Meta Ireland, in particular Instagram Inc or Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA; any transfer of your data by Meta Ireland to such affiliated companies is based on standard data protection clauses of the EU Commission within the meaning of Art 46 para 2 lit c DSGVO. Please note that we have no influence on the programming and design of the social network, but can only personalize and manage our Instagram account to the extent provided by Instagram. Therefore, please take into account the conditions that the service provider places on a use of the social network (https://help.instagram.com/581066165581870), the separately provided data protection information (https://help.instagram.com/519522125107875) and the existing settings options in your Instagram account. We are, of course, fully responsible for the information we provide by means of the mechanisms provided by Instagram (posts, stories, etc).

9.3 Twitter

The social network "Twitter" is the responsibility of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland ("Twitter International") in the EEA region from a data protection perspective. With regard to the operation of our Twitter account "Charonium" (https://twitter.com/charonium_com), we are jointly responsible with Twitter International for the processing of your personal data carried out in this context within the meaning of Art 26 DSGVO. If applicable, your data may also be transferred to companies affiliated with Twitter International in third countries, in particular Twitter Inc, 1355 Market Street Suite, 900 San Francisco, California 94103, USA; any transfer of your data by Twitter International to such affiliated companies is based on standard data protection clauses of the EU Commission within the meaning of Art 46 (2) lit c DSGVO. Please note that we have no influence on the programming and design of the social network, but can only personalize and manage our Twitter account to the extent provided by Twitter. Therefore, please take into account the conditions that the service provider places on the use of the social network (https://twitter.com/de/tos), the separately provided data protection information (https://twitter.com/de/privacy) and the existing settings options in your Twitter account. We are, of course, fully responsible for the information provided by us via the mechanisms provided by Twitter (tweets, etc.).

This is an automatic translation from source (German) to target language (English) without any human input.