Gravestone with QR code in heart shape for memorial pages. Gravestone with QR code in heart shape for memorial pages.

Data protection

Data protection declaration

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data means any data by which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Mike Jäger, memorio, Berliner Straße 97, 13189 Berlin, Germany, Tel.: 00491772223665, Email: info@memorio.info. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the moment of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the site
  • Used browser
  • Used operating system
  • Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 For hosting our website and displaying content, we use a provider who provides services exclusively on servers within the European Union, either directly or via selected subcontractors.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider to ensure the protection of the data of our website visitors and to prohibit unauthorized disclosure to third parties.

3.2 jsDelivr

We use a content delivery network from the following provider: Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB, United Kingdom

This service allows us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. Processing takes place to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider to ensure the protection of the data of our website visitors and to prohibit unauthorized disclosure to third parties.

In the event of data transfer to the provider's location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and enable the saving of page settings (so-called “persistent cookies”). You can find the storage duration in your browser’s cookie settings.

If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for contract execution, in accordance with Art. 6(1)(a) GDPR in the case of given consent, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can configure your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies in certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting Us

5.1 WhatsApp Business

You can contact us via the messaging service WhatsApp, operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the so-called “business version” of WhatsApp.

If you contact us via WhatsApp on the occasion of a specific business transaction (e.g., a placed order), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6(1)(b) GDPR to process and respond to your request. On the same legal basis, we may ask you for additional information (order number, customer number, address or email address) via WhatsApp to be able to assign your request to a specific process.

If you use our WhatsApp contact for general inquiries (e.g., about our services, availability, or our website), we store and use the mobile number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in providing the requested information efficiently and promptly.

Your data will only be used to respond to your request via WhatsApp. It will not be passed on to third parties.

Please note that WhatsApp Business has access to the address book of the mobile device we use and automatically transfers phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. We use a mobile device for our WhatsApp Business account on which only those WhatsApp contact data are stored of users who have also contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact data is stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts pursuant to Art. 6(1)(a) GDPR by accepting the WhatsApp terms of use when using the app for the first time. The transfer of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For the purpose and scope of data collection and further processing and use of the data by WhatsApp, as well as your rights and settings options for protecting your privacy, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a data processing agreement with the provider to protect the data of our website visitors and to prohibit disclosure to third parties.

As part of the processing described above, data may be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has joined the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

5.2 As part of contacting us (e.g., via contact form or email), personal data is processed solely for the purpose of handling and responding to your request and only to the extent necessary.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations.

6) Comment Function

As part of the comment function on this website, in addition to your comment, information regarding the time of the comment's creation and the commentator name you have chosen will be stored and published on this website. Furthermore, your IP address will be logged and stored. The IP address is stored for security reasons and in the event that the data subject violates the rights of third parties or posts unlawful content by submitting a comment. We require your email address to contact you in the event that a third party objects to your published content as being unlawful.

The legal bases for storing your data are Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are objected to by third parties as being unlawful.

7) Data Processing When Opening a Customer Account

According to Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required for opening an account can be found on the input form on our website.

You can delete your customer account at any time by sending a message to the controller's address mentioned above. Your data will be deleted after your customer account is deleted, provided that all contracts concluded through it have been fully processed, there are no statutory retention periods, and there is no legitimate interest on our part in continuing to store the data.

8) Data Processing for Order Fulfillment

8.1 To the extent necessary for the fulfillment of the contract for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products under a corresponding contract, we will use the contact details you provided during the order to personally inform you as part of our legal information obligations pursuant to Art. 6 para. 1 lit. c GDPR. Your contact data will strictly be used for communications about updates owed by us and will only be processed to the extent necessary for this purpose.

To fulfill your order, we also work with the following service providers who support us wholly or partially in executing concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the information below.

8.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name, delivery address and, if required for delivery, your phone number, solely for the purpose of delivering goods according to Art. 6 para. 1 lit. b GDPR to a shipping partner selected by us.

8.3 Use of Payment Service Providers

- Klarna

This website offers one or more online payment methods from the following provider: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you choose a payment method that requires advance payment (e.g. credit card payment), your payment data (including name, address, bank and card information, currency, and transaction number), as well as information about your order, will be forwarded to the provider under Art. 6 para. 1 lit. b GDPR. This data transfer is only made to process the payment and only to the extent necessary.

When choosing a payment method where the provider pays in advance (e.g. invoice or installment purchase), you will be asked to enter certain personal data (name, address, date of birth, email, phone number, possibly alternative payment method data) during the order process.

To safeguard our legitimate interest in checking the creditworthiness of our customers, we forward this data to the provider according to Art. 6 para. 1 lit. f GDPR for a credit check. The provider assesses, based on the information you provide and other data (e.g. shopping cart, invoice amount, order history, payment experiences), whether your chosen payment option can be granted in view of payment and/or default risks.

In addition to internal criteria, identity and creditworthiness data from the following credit agencies may also be used according to Art. 6 para. 1 lit. f GDPR:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). These scores are calculated on the basis of scientifically recognized mathematical-statistical procedures. Address data is among the data used in the calculation.

You can object to this processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if necessary for contractual payment processing.

- PayPal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you choose a payment method where you pay in advance, your payment data and order details will be forwarded to PayPal in accordance with Art. 6 para. 1 lit. b GDPR. The data transfer is for payment processing and only to the extent necessary.

When selecting a payment method where we pay in advance, you will also be asked to provide personal information (as above). To assess your creditworthiness, we transmit this data to PayPal according to Art. 6 para. 1 lit. f GDPR. PayPal uses various data (personal info, shopping cart, payment history, etc.) to evaluate risks.

Score values may be included and are calculated on a mathematical-statistical basis. Address data may also be included in the score.

You may object to the processing at any time, but PayPal may still process your data if necessary for fulfilling the contract.

- Stripe

This website offers one or more online payment methods from the following provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

If you choose a payment method where you pay in advance, your payment data and order details will be transmitted to Stripe in accordance with Art. 6 para. 1 lit. b GDPR for payment processing.

When using a payment method where Stripe pays in advance, you must also enter personal data. This data is transferred to Stripe for credit assessment in accordance with Art. 6 para. 1 lit. f GDPR.

Score values may be calculated using mathematical-statistical methods. Address data may be part of this calculation.

You may object to this processing at any time by contacting us or Stripe. However, processing may still occur if necessary for contract-compliant payment processing.

9) Web Analytics Services

9.1 Hotjar

This website uses the web analytics service provided by the following provider: Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta

Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information about the device used such as IP address and browser data. This information is used to perform statistical analysis of user behavior on our website and to create pseudonymized user profiles. Among other things, this allows for the analysis of movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). The pseudonymization fundamentally prevents any direct reference to a person. The data is not merged with other personal data collected elsewhere.

All processing described above, particularly reading or storing information on the user's device, only takes place if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

9.2 Matomo

This website uses a web analytics service from the following provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”)

The service collects and stores pseudonymized visitor data, including information about the device used such as the IP address and browser information. Pseudonymized user profiles can be created and evaluated from this data for the same purpose. Cookies may be used for this purpose. Cookies are small text files stored locally in the cache of the visitor’s internet browser and allow for the recognition of the browser.

The pseudonymized information generated by the cookie is not used to personally identify the visitor of this website and is not merged with personal data about the bearer of the pseudonym.
If data is also transmitted to the provider’s servers and the web analytics service is not hosted locally on our server, we have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorized disclosure to third parties.

All processing described above, particularly the setting of cookies for reading information on the device used, only takes place if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, Matomo will not be used during your visit to the site.

You can revoke your consent at any time with future effect. To exercise your revocation, please deactivate this service using the “cookie consent tool” provided on the website.

Data is only transmitted to the provider if the service is not hosted on our own servers. In the case of self-hosting, no data collected via the service is transmitted to the provider.

If the service is not hosted on our servers, we have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.

For data transfers to New Zealand, an adequacy decision by the EU Commission applies, confirming that New Zealand ensures an adequate level of data protection according to EU standards.

9.3 OpenReplay

This website uses a web analytics service provided by the following provider: Asayer, Inc., 121 West 36th Street #237, New York City, New York 10018, USA

The service collects and stores pseudonymized visitor data, including information about the device used such as the IP address and browser data. Pseudonymized user profiles can be created and evaluated from this data for the same purpose. Cookies may be used for this purpose. Cookies are small text files stored locally in the cache of the visitor’s internet browser and allow for the recognition of the browser.

The pseudonymized information generated by the cookie is not used to personally identify the visitor of this website and is not merged with personal data about the bearer of the pseudonym.
If data is also transmitted to the provider’s servers and the web analytics service is not hosted locally on our server, we have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorized disclosure to third parties.

All processing described above, particularly the setting of cookies for reading information on the device used, only takes place if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, OpenReplay will not be used during your visit to the site.

You can revoke your consent at any time with future effect. To exercise your revocation, please deactivate this service using the “cookie consent tool” provided on the website.

Data is only transmitted to the provider if the service is not hosted on our own servers. In the case of self-hosting, no data collected via the service is transmitted to the provider.

If the service is not hosted on our servers, we have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.

For the transfer of data to the USA, the provider relies on standard contractual clauses issued by the European Commission, which are intended to ensure compliance with European data protection standards.

10) Website Functionalities

10.1 YouTube

This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC, USA

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the plugin. In this process, certain information, including your IP address, is transmitted to the provider.

If playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, compile playback statistics, and prevent misuse.

If you are logged into a user account with the provider during your visit to our site, your data will be directly associated with your account when you click on a video. If you do not wish this association with your account, you must log out before activating the playback button.

All aforementioned processing, particularly the setting of cookies for reading information on the device used, will only take place if you have given us your express consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service via the “cookie consent tool” provided on the website.

For data transfers to the USA, the provider is certified under the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

10.2 OpenStreetMap

This website uses an online map service provided by the following provider: OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, UK

The online map service is a tool for displaying interactive (land) maps to visually present geographical information. Through the use of this service, our location is displayed and any geolocation may be facilitated.

When you access the subpages in which the map of the provider is embedded, information about your use of our website (such as your IP address) is transmitted to servers of the provider and stored there.

The processing of your personal data takes place in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in the needs-based design of our website. If you do not agree with the future transmission of your data to the provider, there is the option to completely disable the online map service by deactivating JavaScript in your browser. The online map service on this website can then no longer be used.

Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6(1)(a) GDPR. You can revoke your given consent at any time with effect for the future. To exercise your revocation, please follow the procedure described above.

For data transfers to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

10.3 Google reCAPTCHA

We use the CAPTCHA service of the following provider on this website: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transferred to: Google LLC, USA. For the visual design of the CAPTCHA window, "Google Fonts" – fonts loaded from the internet by Google – are used by the provider. No further processing of information beyond the aforementioned, which is already transmitted to Google via the functionality of ReCaptcha, takes place.

The service checks whether an entry is made by a natural person or improperly through automated processing, thereby preventing spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits this data to the provider’s servers for evaluation. Cookies may be used in the process – small text files that are stored in the browser of the end device.

If the processing described above is based on cookies, they are only set if you have given us your express consent in accordance with Art. 6(1)(a) GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

If the processing described above is carried out without the use of cookies, the legal basis is our legitimate interest in determining individual responsibility on the internet and preventing misuse and spam in accordance with Art. 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider is certified under the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

Further information on Google’s privacy policies can be found here: https://business.safety.google/intl/de/privacy/

11) Tools and Miscellaneous

Cookie Consent Tool

This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users upon accessing the site in the form of an interactive user interface, where consents for certain cookies and/or cookie-based applications can be given by ticking checkboxes. In this process, all cookies/services requiring consent are only loaded if the respective user has granted consent by ticking the respective checkbox. This ensures that such cookies are only set on the user’s end device if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. In principle, no personal user data is processed in this regard.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this processing is carried out on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and thus in the legally compliant design of our website, pursuant to Art. 6 (1)(f) GDPR.

Another legal basis for the processing is Art. 6 (1)(c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user’s consent.

Where necessary, we have concluded a data processing agreement with the provider to ensure the protection of our site visitors' data and to prohibit unauthorized disclosure to third parties.

Further information about the operator and configuration options of the cookie consent tool can be found directly in the relevant user interface on our website.

12) Rights of the Data Subject

12.1 The applicable data protection law grants you the following data subject rights vis-à-vis the controller regarding the processing of your personal data (rights of access and intervention), whereby reference is made to the stated legal basis for the respective conditions for exercising these rights:

  • Right of access pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to notification pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR.

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING AT ANY TIME. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

13) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and—if applicable—also by the respective statutory retention period (e.g., retention periods under commercial and tax law).

If personal data is processed on the basis of explicit consent pursuant to Art. 6 (1)(a) GDPR, such data will be stored until you withdraw your consent.

If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer required for contract fulfillment or contract initiation and/or there is no legitimate interest on our part in continuing to store it.

If personal data is processed on the basis of Art. 6 (1)(f) GDPR, it will be stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

If personal data is processed for the purpose of direct advertising on the basis of Art. 6 (1)(f) GDPR, it will be stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.