Data Protection

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data includes all data with which you can be personally identified. Detailed information on the topic of data protection can be found in our privacy policy outlined below this text.

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section „Note on the Responsible Party“ in this privacy policy.

How do we collect your data?

Your data is collected in two ways. Firstly, it is provided by you, for example, when you enter data into a contact form.
Other data is collected automatically or with your consent by our IT systems when you visit the website. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you access this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive, at any time and free of charge, information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have provided consent for data processing, you can revoke this consent at any time for the future. Additionally, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
For this and any other questions regarding data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

When you visit this website, your surfing behavior may be statistically analyzed. This is mainly done using so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.

General Notes and Mandatory Information
Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission on the Internet (e.g., when communicating by email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Note on the Responsible Party

The responsible party for data processing on this website is:

Gleichweit GmbH
Tolstojgasse 5/7
1130 Wien
Austria

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Retention Period

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for the data processing ceases. If you make a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion occurs after these reasons no longer apply.

General Notes on the Legal Bases for Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed according to Art. 9(1) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TTDSG. Consent can be revoked at any time. If your data is necessary for the fulfillment of a contract or for pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if necessary to fulfill a legal obligation under Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR. Details about the applicable legal basis in each case are provided in the sections of this privacy policy.

Note on Data Transfer to the USA and Other Third Countries

We use tools from companies based in the USA or other non-secure third countries under data protection law. When these tools are active, your personal data may be transferred to these third countries and processed there. We point out that no EU-comparable level of data protection can be guaranteed in these countries. For example, US companies are obliged to provide personal data to security authorities without you being able to take legal action against it. It cannot, therefore, be ruled out that US authorities (e.g., intelligence services) may process, analyze, and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. The legality of the data processing carried out until the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING IN CONNECTION WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, affected individuals have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, workplace, or the location of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically based on your consent or in the performance of a contract handed over to you or a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only occur if it is technically feasible.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the address line of the browser changing from „http://“ to „https://“ and the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website

If there is an obligation to transmit your payment data (e.g., account number for direct debit authorization) to us after the conclusion of a fee-based contract, this data is required for payment processing.
Payment transactions via common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the address line of the browser changing from „http://“ to „https://“ and the lock symbol in your browser line.

When communication is encrypted, your payment data transmitted to us cannot be read by third parties.

Access, Deletion, and Correction

Within the framework of applicable legal provisions, you have the right at any time to receive free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, if applicable, the right to have this data corrected or deleted. For this and other questions regarding personal data, you can contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing applies in the following cases:

If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data but you require it to establish, exercise, or defend legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have objected under Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Data Collection on This Website

Cookies
Our website uses so-called „cookies.“ Cookies are small text files that do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain on your device until you delete them or your web browser automatically deletes them.

Third-party cookies may also be stored on your device when you access our website (third-party cookies). These enable us or you to use certain services provided by the third party (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies are used to analyze user behavior or display advertisements.

Cookies required to carry out electronic communication processes, provide specific functions you desire (e.g., for the shopping cart function), or optimize the website (e.g., cookies to measure the web audience) are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively based on this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

You can configure your browser to inform you about the setting of cookies, allow cookies only on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

If cookies from third-party companies or for analysis purposes are used, you will be informed separately in this privacy policy, and consent may be requested.

Server Log Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

This data is not combined with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, provided that your inquiry is related to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), provided that this was requested.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory statutory provisions – particularly retention periods – remain unaffected.

Inquiry via Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The data you send us via inquiries will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – particularly legal retention periods – remain unaffected.

Analysis Tools and Advertising

Data Processing Agreement

We have entered into a data processing agreement (DPA) with the aforementioned provider. This is a contract required under data protection law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Facebook Pixel

This website uses Facebook’s visitor action pixel for conversion tracking. The service provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data may also be transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they are redirected to the provider’s website by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and helps optimize future advertising efforts.

The collected data is anonymous to us as the operators of this website; we cannot draw any conclusions about the identity of the users. However, Facebook stores and processes the data, enabling a connection to the respective user profile, which Facebook can use for its advertising purposes in accordance with the Facebook Data Usage Policy. This may allow Facebook to display ads on Facebook pages and outside of Facebook. We, as website operators, have no control over this use of data.

The use of Facebook Pixel is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective advertising, including via social media. If consent was requested, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.

Data Transfer to the USA

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381

Joint Responsibility for Data Processing with Facebook

If personal data is collected on our website using the tool described and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. Our joint obligations have been stipulated in a joint processing agreement. You can find the wording of this agreement here:
https://www.facebook.com/legal/controller_addendum

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in compliance with data protection regulations. Facebook is responsible for the security of Facebook products. You can assert your rights as a data subject (e.g., access requests) regarding data processed by Facebook directly with Facebook. If you assert your rights with us, we are obligated to forward them to Facebook.

Further information about protecting your privacy can be found in Facebook’s privacy policy:
https://de-de.facebook.com/about/privacy/

You can also deactivate the „Custom Audiences“ remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do this.

If you do not have a Facebook account, you can disable usage-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance:
http://www.youronlinechoices.com/de/praferenzmanagement/.

Newsletter

Newsletter Data
If you wish to subscribe to the newsletter offered on the website, we require your email address as well as information that allows us to verify that you are the owner of the email address provided and agree to receive the newsletter. Further data will only be collected on a voluntary basis. For handling the newsletter, we use newsletter service providers described below.

Legal Basis
The data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time with future effect.

Retention Period
The data provided by you for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Data stored for other purposes remain unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest under Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

6. Plugins and Tools

YouTube with Enhanced Privacy
This website incorporates videos from YouTube. The operator of the pages is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the enhanced privacy mode does not necessarily exclude the sharing of data with YouTube partners. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

Additionally, YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device fingerprinting) after starting a video. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness, and prevent fraud attempts.

Further data processing operations may be triggered after starting a YouTube video, over which we have no control.

The use of YouTube is in the interest of an attractive presentation of our online offerings. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. If consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined in TTDSG. Consent can be revoked at any time.

Further information about data protection on YouTube can be found in their privacy policy: https://policies.google.com/privacy?hl=de.

Google Web Fonts

This site uses so-called web fonts provided by Google to ensure uniform font representation. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

To do this, your browser must connect to Google’s servers. This gives Google knowledge that your IP address accessed this website. The use of Google Web Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of the font on its website. If consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under TTDSG. Consent can be revoked at any time.

If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google Web Fonts can be found here: https://developers.google.com/fonts/faq
Google’s privacy policy: https://policies.google.com/privacy?hl=de

Adobe Fonts

This website uses web fonts from Adobe for uniform font representation. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you visit this website, your browser loads the required fonts directly from Adobe to correctly display them on your device. Your browser establishes a connection to Adobe servers in the USA. Adobe thus learns that your IP address accessed this website. According to Adobe, no cookies are stored when providing the fonts.

Data processing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform representation of its website’s font. If consent was requested, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

More information about Adobe Fonts can be found here: https://www.adobe.com/de/privacy/policies/adobe-fonts.html

Adobe’s privacy policy: https://www.adobe.com/de/privacy/policy.html

OpenStreetMap

We use the map service OpenStreetMap (OSM). The provider is the OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

When you visit a website that includes OpenStreetMap, your IP address and other information about your behavior on this website may be forwarded to the OSMF. OpenStreetMap may store cookies in your browser or use similar recognition technologies.

Additionally, your location may be captured if you allow this in your device settings—for example, on your smartphone. The provider of this site has no control over this data transmission. Details can be found in OpenStreetMap’s privacy policy under the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

The use of OpenStreetMap is in the interest of providing an appealing presentation of our online offerings and making the locations specified on our website easy to find. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. If consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined in TTDSG. Consent can be revoked at any time.

Google reCAPTCHA

We use „Google reCAPTCHA“ (hereinafter „reCAPTCHA“) on this website. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to verify whether data entry on this website (e.g., in a contact form) is carried out by a human or an automated program. For this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor accesses the website. To perform the analysis, reCAPTCHA evaluates various data (e.g., IP address, the time spent on the website, or the user’s mouse movements). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM. If consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined in TTDSG. Consent can be revoked at any time.

Further information about Google reCAPTCHA can be found in Google’s privacy policy and terms of use at the following links:

eCommerce and Payment Providers

Processing Data (Customer and Contract Data)

We collect, process, and use personal data only to the extent necessary for establishing, structuring, or modifying the legal relationship (inventory data). This is done based on Art. 6(1)(b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process, and use personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill them.

The customer data collected will be deleted after the completion of the order or the termination of the business relationship. Statutory retention periods remain unaffected.

Data Transmission upon Contract Conclusion for Online Shops, Retailers, and Product Shipping

When you order goods from us, we pass on your personal data to the transportation company responsible for the delivery and the payment service provider responsible for the payment processing. Only the data necessary for the respective service provider to fulfill its task is disclosed. The legal basis for this is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. If you have given your consent under Art. 6(1)(a) GDPR, we will provide your email address to the transportation company responsible for the delivery so they can notify you via email about the shipping status of your order. You can revoke this consent at any time.

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase with us, your payment data (e.g., name, payment amount, account details, credit card number) is processed by the payment service provider to handle the payment transaction. For these transactions, the respective provider’s contract and data protection provisions apply.

The use of payment service providers is based on Art. 6(1)(b) GDPR (contract processing) and in the interest of a smooth, convenient, and secure payment process (Art. 6(1)(f) GDPR). If your consent is requested for certain actions, Art. 6(1)(a) GDPR serves as the legal basis for data processing; consents can be revoked at any time for future effect.

The following payment services/payment service providers are used on this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter „PayPal“).
The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay

The provider of this payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.
Apple’s privacy policy can be found here: https://www.apple.com/legal/privacy/de-ww/.

Google Pay

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google’s privacy policy can be found here: https://policies.google.com/privacy.

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter „Stripe“).
The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:

Details are also available in Stripe’s privacy policy: https://stripe.com/de/privacy.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter „Mastercard“).
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here:

VISA

The provider of this payment service is Visa Europe Services Inc., Branch Office London, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter „VISA“).
The United Kingdom is considered a data protection-safe third country. This means that the United Kingdom has a level of data protection equivalent to the level of protection in the European Union.

VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in VISA’s privacy policy:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.