Data Protection and Legal Notice

AVM Content

A. Data Protection for Websites and Social Media Platforms of the FRITZ! group of companies

I. Preamble

The FRITZ GmbH and FRITZ.com GmbH belong to the FRITZ group of companies (subsequently also referred to collectively as ‘we’) and are responsible for the web presence at fritz.com, avm.de, and the associated subdomains (e.g. business.avm.de, fritzfinder.avm.de, content.avm.de, download.avm.de) as well as on the FRITZ social media channels.

In the following we would like to inform you about how personalized data is processed during the use of our websites and/or online services.

Personalized data is erased as soon as possible, and never used or passed on for advertising purposes without your consent.

II. Responsible Authority / Data Protection Officer / Responsible Supervisory Authority

Joint Controllers

FRITZ! GmbH

Alt-Moabit 95
D-10559 Berlin
Germany
Phone: +49 (0)30 / 399 76-0
Email: info@avm.de

FRITZ.com GmbH

Alt-Moabit 95
D-10559 Berlin
Germany
Phone: +49 (0)30 / 399 76-0
Email: info@avm.de

Data Protection Officer

FRITZ! GmbH

Data Protection Officer
Alt-Moabit 95
D-10559 Berlin
Germany
Phone: +49 (0)30 / 399 76-0
Email: datenschutz@avm.de

Responsible Supervisory Authority

Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit)

Alt-Moabit 59-61
D-10555 Berlin
Germany
Phone: +49-30-13889-0
Fax: +49-30-2155050
Email: mailbox@datenschutz-berlin.de
Website: datenschutz-berlin.de

III. General Principles / Information

1. Definitions

The definitions are in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter ‘General Data Protection Regulation’ or ‘GDPR’). In particular, the definitions of Article 4 and Article 9 of the GDPR apply.

2. Scope of Personal Data Processing

We collect and use the personalized data of our users in principle only insofar as this is necessary to render and provide our services and to prepare our web presence or online offers.

Further, personalized data is collected and used on a regular basis only

with the user's consent,
if the processing is necessary for the purpose of contract performance or
for the protection of legitimate interests, insofar as this is not overridden by the interests or fundamental rights of the persons affected that require the protection of personalized data. This also includes the transmission of data to authorities and/or courts.

Moreover, such cases are excepted in which it was not possible to obtain prior consent for practical reasons, or in which the processing of the data is permitted by statutory regulations.

3. Legal Bases

Insofar as personalized data are processed on the basis of consent by the data subject, Article 6(1a) of the GDPR is the legal basis for such processing.

For the processing of personalized data for the performance of a contract to which the data subject is party, Article 6(1b) of the GDPR is the legal basis; this also applies for processing which is necessary for the implementation of pre-contractual measures.

If personalized data is processed in order to comply with legal obligations (such as, for example, retention periods stipulated by tax or commercial law, or information provided by authorities, etc.), Article 6(1c) of the GDPR is the legal basis.

Should processing take place in order to protect a legitimate interest of our company or of a third party, and this interest is not overridden by the interests, fundamental rights, and basic freedoms of the data subject, Article 6(1f) of the GDPR is the legal basis for processing.

4. Obtaining Consent / Right of Revocation

Consent in accordance with Article 6(1a) of the GDPR is generally obtained electronically. Consent is given, for example, by checking the checkbox in the corresponding field to document that consent was granted. When consent is granted electronically, the ‘opt-in’ method is used in the area for registered users for the purpose of identifying the user, ‘double opt-in’ is used (e.g. to register for the newsletter). The contents of the consent form are logged electronically.

Right of revocation: Please note that consent already granted can be revoked prospectively at any time – in full or in part; the legality of any processing that took place on the basis of consent up to the time consent was revoked remains unaffected. Please direct any revocation to the contact information for the responsible authority or the data protection officer listed under (II).

5. Possible Recipients of Personalized Data

In order to provide our web and/or online services, we also employ service providers (‘processors’) to act on our behalf and upon our instructions in the framework of service provision. In the framework of service provision, these service providers can receive personalized data or come into contact with personalized data, and constitute third parties or recipients in the terms of the GDPR.

In such a case we ensure that our service providers offer sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject (cf. Article 28 of the GDPR).

Insofar as a transmission of personalized data to third parties and/or recipients outside of processing a job, we ensure that this occurs only in accordance with the requirements of the GDPR (e.g., Article 6(4) of the GDPR) and only where there is a corresponding legal basis (e.g., Article 6(4) of the GDPR).

6. Processing of Data in So-called ‘Third Countries’

In general, the processing of your personalized data takes place within the EU, or within the European Economic Area (‘EEA’).

Only in exceptional cases (e.g., in connection with the involvement of service providers to provide web analytic services) can it happen that information is transferred to so-called ‘third countries’. ‘Third countries’ are countries outside of the European Union and/or the Agreement on the European Economic Area, in which it cannot necessarily be assumed that the level of data protection is adequate according to the standards of the EU.

Insofar as the transmitted information also includes personalized data, we ensure before such a transfer that an adequate level of data protection is guaranteed in the given third country, or by the given recipient in the third country, or that you have provided your consent to such transfer, or there is another basis that permits such a transfer (e.g. Article 49 of the GDPR). An adequate data protection level can arise from what is called an ‘adequacy decision’ by the European Commission or be guaranteed by application of the ‘EU standard contractual clauses’. We are happy to provide you with further information on appropriate and suitable guarantees for adherence to an adequate level of data protection upon request; the contact information is provided under (II) of this data protection documentation.

7. Data Erasure and Storage Period

Personalized data on the data subject are erased or locked as soon as the purpose of processing has expired. Data is stored after the purpose of processing has expired only when this is provided for by the European or national legislator in EU regulations, laws or other directives to which our company is subject (e.g., to satisfy legal record-keeping requirements and/or when there are justified interests in storage, as well as during the period of statutes of limitation for the purpose of legal defence against any claims). The data is also erased or locked when a storage period prescribed by the relevant standards expires, unless there is a necessity for the further storage of the data for the conclusion of a contract of for other purposes.

8. Rights of the Data Subjects

The GDPR grants certain rights to data subjects effected by the processing of personalized data (known as ‘rights of the data subject’, especially Articles 12 through 22 of the GDPR). The individual rights of the data subjects are clarified in (XI). If you would like to exercise one or more of these rights, you can contact us at any time. Please do so by using the contact information (responsible authority or data protection officer) listed under (II).

IV. Registration / Creating a User Account

Registration and/or creation of a personal user account are required for certain services provided via our website and online platforms. In the framework of registration and creating a user account – depending on the given service, we collect and store the following personal data (‘mandatory information’). This data is not transmitted to third parties:

Username
User's (business) email address
Password
Title, first name, last name
Company (where relevant)
Address
Country, state, and city where company is located

Mandatory information entries required for the purpose of registration are marked in the input mask with an asterisk to designate them as required fields. Registration cannot be completed without complete and valid entries in the mandatory fields. Application for registration is not completed until after you provide entries for all of the mandatory fields AND confirm the password link we send you by email.

Also stored upon registration are (i) the user's IP address and (ii) the date and time of registration.

The user may provide voluntary details in addition to this mandatory information. Such details may include data as phone number, fax number, mobile phone number, or details about the company such as number of employees, sector, floor space. Voluntary information may be used for the purpose of improving our sales and marketing services.

1. Purpose and Legal Basis

Registration of the user serves to restrict and/or control access to certain contents and services that we offer only to registered users on our websites and/or online platforms. Such a registration can further serve the purpose of providing certain contents and services for registered users as part of contract performance and/or for the implementation of pre-contractual measures.

The legal basis for processing data for the purpose of registration with the user's consent is Article 6(1a) of the GDPR. If registration serves the performance of a contract to which the user is party, or the implementation of pre-contractual measures, the legal basis for processing is Article 6(1b) of the GDPR. Insofar as registration serves the purpose of access restriction and/or control, the protection of legitimate interest is the legal basis as stipulated in Article 6(1f) of the GDPR; in this case the legitimate interest is in the restriction of access to protect the contents and information we developed.

2. Data Erasure and Storage Period

Should registration take place in connection with performance of a contract or for the implementation of pre-contractual measures (Article 6(1b) of the GDPR), the registration data is stored for the duration of the given working or contractual relationship, and then erased or locked after expiration of the given contract, or after the period of notice as stipulated in (III.7).

If registration does not take place in connection with performance of a contract or the implementation of pre-contractual measures, the registration data is erased as stipulated in (III.7) as soon as a registration with our websites is withdrawn, modified or deleted by the user.

3. Opt-out and Elimination Options

The data about you that is stored in registered areas can be modified at any time. Such a change to the data you provided can be made in the registered area, or after contacting us with your request. If the data is (still) required for the performance of a contract or the implementation of pre-contractual measures, it can be erased only if no contractual or legal obligations prevent its erasure.

IV. Data Processing to Prepare the Websites / Collection of Log Files

Every time our websites are opened, our system automatically collects data and information from the requesting user's computer system. The following data is collected (hereinafter ‘log data’):

information about the type and version of the browser used
information about the user's operating system
the user's IP address
date and time of access
file size of the object accessed

The log data mentioned above – with the exception of the IP address – does not make it possible to identify the person of the user; personalized identification is possible only by allocating or linking the log data to a certain IP address.

1. Purpose and Legal Basis

The collection and processing of log data, especially the IP address, takes place for the purpose of providing to the user the contents contained on our website, that is, for the purpose of communication between the user and our web or online services. Temporary storage of the IP address is necessary for the duration of the given communication process. This is required for addressing the communication traffic between the user and our web or online presence, or necessary in order to utilize our web and/on online services. The legal basis for this data processing – which applies for the duration of your visit to our websites – is Article 6 (1b) of the GDPR, or Sections 9, 25 of the TDDDG (Telecommunications Digital Services Data Protection Act).

Any processing and storage of the IP address in log files that goes above and beyond a given communication process is undertaken in order to ensure the functionality of our web and online content, for the purpose of optimizing these contents, and to guarantee the security of our information technology systems. The legal basis for storage of the IP address for these purposes above and beyond a given communication process is Article 6(1f) of the GDPR (protection of legitimate interests) or Section 19(4) of the TDDDG.

2. Data Erasure and Storage Period

Data is erased as soon as it is no longer required to achieve the purpose of its collection. In the case of data collection for the preparation of the web pages, this is the case whenever the given session – the visit to the website – has ended. Any storage of log data above and beyond this, including saving the IP address for the purpose of system security, will last for a period of no longer than seven days from the time the user leaves the web page. Any processing and/or storage of log data above and beyond this is possible and permissible, as long as the IP addresses of the users are erased or altered after the above mentioned storage period of seven days such that it is no longer possible to match the log data to an IP address.

3. Opt-out and Elimination Options

The collection of log data for the preparation of websites, including its storage in log files as limited in the above paragraph, is absolutely necessary for operation of the websites. There is thus no possibility for the user to opt out. The above does not apply for the processing of log data for purposes of analytics; depending on the web analytic tool used and the kind of data analysis (personalized/anonymous/pseudonymous), this is conform to (VII).

VI. Use of Cookies and Other Data Processing – Where Applicable

In the following we inform you about the use of cookies and the processing of other data on our websites. Whenever we use cookies, we will notify you about their use via a ‘Consent Banner’ before your visit to our website. Further, you can adjust the selection of cookies at any time using the link at the end of the website.

1. Necessary for Technical Reasons

We use cookies that are necessary for technical reasons and other technologies to guarantee the smooth operation of our web presence and/or online offers; thus these cannot be disabled. Some of the functions on our websites cannot be offered without the use of cookies and other technologies. For this it is also necessary that the browser also be recognized even after switching pages. The data processed by our strictly necessary cookies / other technologies are used for the following purposes:

language settings
anti-spam protection
provision of Chat Support (Botario / Zendesk – see under (IX. 5.)
provision of general web shop functionalities (incl. last products viewed, last visit, shopping cart, login, etc.)
remembering search terms and filter settings
volume settings

The legal basis is Article 6 (1b) of the GDPR, Section 25(2.2) of the TDDDG, insofar as the cookies/other technologies are used to provide chat support. Further, the legal basis is Article 6(1f) of the GDPR, Section 25(2.2) of the TDDDG, since the use of cookies serves to ensure the protection of our legitimate interests and the smooth use and essential basic functions of the websites.

2. Functional Cookies

Functional cookies (and similar technologies) are required for certain functions on the website. These can be disabled.

Technologies deployed:

2.1 Google Maps (: http://www.google.com/intl/en/policies/privacy/)

Before viewing a map from Google Maps you are requested to consent to the display of the map, and to allowing Google to set cookies in your browser. Information about which data is processed by Google and for what purposes they are used is presented in the Data Privacy Statement from Google LLC.

We have no influence over the kind and scope of the data processed by Google, nor the kind of processing and use or the forwarding of this data to third parties. To this extent we have no effective means of control. In particular, Google can use the data for any purposes of its own, for instance, to generate profiles and to link these with data already stored by Google, including your Google account data.

In any case Google also receives information about the contents you viewed, even if you did not create an account. Such information, known as ‘log data’, can include the IP address, the type of browser, the operating system, information on the website previously viewed and the pages you opened, your location, your mobile network provider, the terminal device you are using (including device ID and application ID), the search terms you used, and cookie information.

2.1.1 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing

You can consent to the processing of your data by Google Maps using our Consent Manager or directly at the given map, prevent the recording of your data, or revoke consent previously given. To revoke your consent, open the cookie settings at the bottom of our website to change them.

The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data and the cookies set in your browser along with the associated data processing takes place only if you consented to this voluntarily and revocably. Google Maps uses cookies. These cookies have a service life of up to 2 years.

2.1.2 Responsible Authority

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

It cannot be ruled out that Google Ireland may transmit the information processed by you to a server belonging to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for further processing.

With regard to the level of data privacy protection in the USA, the EU Commission on the EU-U.S. Data Privacy Framework (DPF) issued an adequacy decision which certifies to the USA a level of data privacy protection that exists in the European Union. In particular, security measures were undertaken that restrict the access of US authorities or authorities from other countries. This adequacy decision refers to certified companies which are listed in this DPF. Google is listed in the registry of the Data Privacy Framework program of the U.S. Department of Commerce (as of 01/04/2025).

2.2 YouTube (https://www.youtube.com/howyoutubeworks/user-settings/privacy/)

2.2.1 Purpose of Data Processing

For our marketing and instructional clips we use several YouTube channels belonging to Google Ireland Limited. Our videos published on YouTube are integrated on our website via frames, in order to offer you smooth access without any need to switch web pages.

2.2.2 Processed Data

Upon opening the video Google processes your personalized data (at least the IP address, browser data, settings).

Before viewing the video you are requested to consent to the video display, and to allowing Google to set cookies in your browser. Information about which data is processed by Google and for what purposes they are used is presented in the Data Privacy Statement from Google LLC.

2.2.3 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing

The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data and the cookies set in your browser along with the associated data processing takes place only if you consented to this voluntarily and revocably before viewing our videos. YouTube uses cookies. These cookies have a service life of up to 2 years.

2.2.4 Responsible Authority

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

2.3 Vimeo (https://help.vimeo.com/hc/en-us/sections/12402580421393-Privacy-settings)

2.3.1 Purpose of Data Processing

For our marketing and instructional clips we use a Vimeo channel belonging to Vimeo Inc. Our videos published on Vimeo are integrated on our website via frames, in order to offer you smooth access without any need to switch web pages.

2.3.2 Processed Data

Upon opening the video Vimeo processes your personalized data (at least the IP address, browser data, settings).

Before viewing the video you are requested to consent to the video display, and to allowing Vimeo to set cookies in your browser. Information about which data is processed by Vimeo and for what purposes they are used is presented in the Vimeo Data Privacy Statement Inc.

We have no influence over the kind and scope of the data processed by Vimeo, nor the kind of processing and use or the forwarding of this data to third parties. To this extent we have no effective means of control. In particular, Vimeo can use the data for any purposes of its own, for instance, to generate profiles and to link these with data already stored by Vimeo.

In any case Vimeo also receives information about the contents you viewed, even if you did not create an account. Such information, known as ‘log data’, can include the IP address, the type of browser, the operating system, information on the website previously viewed and the pages you opened, your location, your mobile network provider, the terminal device you are using (including device ID and application ID), the search terms you used, and cookie information.

2.3.3 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing

You can consent to the processing of your data by Vimeo using our Consent Manager or directly at the given video, prevent the recording of your data, or revoke consent previously given. To revoke your consent, open the cookie settings at the bottom of our website to change them.

The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data and the cookies set in your browser along with the associated data processing takes place only if you consented to this voluntarily and revocably before viewing our videos. Vimeo uses cookies. These cookies have a service life of up to 2 years.

2.3.4 Responsible Authority

Vimeo Inc.
555 West 18th Street New York
New York 10011, USA
Email: Email: Privacy@vimeo.com

Vimeo's headquarters are located in the USA, but its services are offered globally. For this the company uses computer systems, databases, and servers in the USA and in other countries. Thus your data can be transmitted to the USA and processed there. Vimeo bases these activities on legitimate business interests and standard data protection clauses. More information on this can be viewed in Vimeo’s Data Privacy Statement.

With regard to the level of data privacy protection in the USA, the EU Commission on the EU-U.S. Data Privacy Framework (DPF) issued an adequacy decision which certifies to the USA a level of data privacy protection that exists in the European Union. In particular, security measures were undertaken that restrict the access of US authorities or authorities from other countries. This adequacy decision refers to certified companies which are listed in this DPF. Vimeo is listed in the registry of the Data Privacy Framework program of the U.S. Department of Commerce (as of 01/04/2025).

2.4 Google Analytics

2.4.1 Purpose of Data Processing

This website uses functions of the web analytics service Google Analytics. This service is offered by Google LLC. The authority responsible for users in the EU, the EEA, and Switzerland is Google Ireland Limited.

With the assistance of Google Analytics we analyse your user behaviour, on the basis of which we make decisions about optimizing products and marketing.

At Google Analytics the ‘IP anonymization’ feature is enabled by default. Through this your IP address is shortened by Google before transmission within the member states of the EU or to other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and shortened there.

On our behalf Google will use this information to analyse your use of the website, to compile reports about website activities, and to deliver to us additional services connected with the use of the website and the internet. According to Google, the IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google.

2.4.2 Processed Data

The following categories of data are processed:

Time of query
IP addresses (in shortened form)
Online IDs (including cookie identifiers)
Device IDs
Technical properties of users (e.g. type and version of browser, device type, operating system)
Measurement of use behaviour (e.g. individual pages / contents opened, contents in various areas opened, length of session / stay, bounce rate)
Reference URL (site visited previously)

2.4.3 Contractor Employed in accordance with Art. 28 GDPR

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Google Analytics is deployed in the framework of job processing in accordance with Art. 28 GDPR. However, we have no influence over the kind and scope of the data processed by Google, nor the kind of processing and use or the forwarding of these data to third parties. To this extent we have no effective means of control. In particular, Google can use the data for any purposes of its own, for instance, to generate profiles and to link these with data already stored by Google, including your Google account data.

The information processed by Google about your use of our website is generally transmitted to a Google server in the USA and processed there.

2.4.4 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing

You can consent to the processing of your data by Google Analytics using our Consent Manager, prevent the recording of your data, or revoke consent previously given. To revoke your consent, open the cookie settings at the bottom of our website to change them.

The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data by Google Analytics along with the associated data processing takes place only if you granted us your voluntary and revocable consent. Google Analytics uses cookies. These cookies have a service life of up to 2 years.

2.5 Amazon Ads

(https://advertising.amazon.com/resources/ad-policy/eu-data-protection-and-privacy?ref_=a20m_us_spcs_gdpr)

2.5.1 Purpose of Data Processing

This website uses functions of the advertising service Amazon Ads. This service is provided by Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l, and Amazon Media EU S.à.r.l., as well as Amazon Digital Germany.

With the help of Amazon Ads we can offer personalized advertising in order to display ads based on your interests and to measure your interaction with our advertising.

On our behalf Amazon will use this information to analyse your use of the website, to compile reports about advertising activities, and to deliver to the operator of the website additional services connected with the use of the website and the internet.

2.5.2 Processed Data

The following categories of data are processed:

Time of query
IP addresses (in shortened form)
Online IDs (including cookie identifiers)
Device IDs
Technical properties of the user’s device (e.g. type and version of browser, device type, operating system)
Measurement of use behaviour (e.g. individual pages / contents opened, contents in various areas opened, length of session / stay, bounce rate)
Reference URL (site visited previously)
Tag-specific data: These include the tag ID and Amazon display cookie (ad ID)
Data defined by the advertiser: For instance, the name of the advertiser, the ID of the advertiser, the time stamp of the last website activity, the name of the event, the attribute name, and values.

2.5.3 Contractor Employed in accordance with Art. 28 GDPR

Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l and Amazon Media EU S.à.r.l.
38, avenue John F. Kennedy
L-1855 Luxemburg
and Amazon Digital Germany GmbH
Domagkstr. 28
80807 Munich

Amazon Ads is deployed in the framework of job processing in accordance with Art. 28 GDPR. However, we have no influence over the kind and scope of the data processed by Amazon, nor the kind of processing and use or the forwarding of these data to third parties. To this extent we have no effective means of control. In particular, Amazon can use the data for any purposes of its own, for instance, to generate profiles and to link these with data already stored by Amazon, including your Amazon account data.

The information processed by Amazon about your use of this website is generally not transmitted to an Amazon server in the USA nor processed there. According to Amazon the data is stored on EU servers.

2.5.4 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing

The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data by Amazon Ads along with the associated data processing takes place only if you granted us your voluntary and revocable consent. Amazon Ads uses cookies. These cookies have a service life of up to 13 months.

3. Data Erasure and Storage Period

Cookies are saved on the user's terminal device (smart device/PC) and transmitted from there to our websites. The system differentiates between ‘permanent cookies’ and ‘session cookies’. Session cookies are saved for the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the browser session is closed, but saved on the user's terminal device for a longer period. Cookies for provision of chat support are deleted no more than 8 hours after the session has concluded.

VII. Web Analytics

In order to optimize our web pages and adapt to the changing habits and technical conditions of our users, we use tools for what is known as ‘web analytics’. Such tools measure things like which elements are visited by users, and whether the information they seek is easy to find. Such information cannot be interpreted in any meaningful way until information on a larger group of users can be considered. The data collected for such analysis are aggregated into larger units.

This way we can adapt the design of pages or contents, for instance, if we discover that a relevant share of site visitors are using new technologies, or are having trouble finding available information.

We carry out the following analyses on our website and online platforms and/or implement the following tools for web analytics:

1. Analysis of Log Data

Log data is used exclusively for analytics purposes on an anonymous basis; in particular, there is no linkage with data that can be used to identify the user personally and/or matched with an IP address or a cookie. Such an analysis of log data thus is not subject to the data protection provisions of the GDPR.

2. Matomo

For the analysis of the use of our website (click counts, for instance), we use the ‘Matomo’ web analytics service. This service does not set cookies. No personalized data is processed.

VIII. FRITZ! Online Shop

In the following we inform you about data processing in the framework of our FRITZ! Online Shop. In order to make ordering and payment as convenient as possible in the FRITZ! Online Shop of Fritz.com GmbH, you can create a user account. When you do so, the personalized data described below is processed. Alternatively, you can order as a guest user. In that case your personalized data is used only for the given order.

To process the payment process and delivery, we transmit your payment information to the contracted payment service and shipping provider, or this information is collected by the payment service provider. Please note the section on methods of payment in this data protection statement.

In the framework of our FRITZ! Online Shop, which is operated via the Shopify Plus platform (Shopify International Ltd., 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland), we handle personalized data to process orders, payments, and shipping as well as for customer communication.

1. The Processing of Personalized Data

The categories of data processed in the framework of our FRITZ! Online Shop especially include:

contact information (e.g. first name, last name, email address, phone number)
invoicing and shipping information
payment information (e.g. credit card information, payment service provider)
ordering information (e.g. invoice number, transaction information, order details)
The legal basis for this is Article 6 (1b) of the GDPR.
usage data (e.g. IP address, last visit, bounce website)
The legal basis for the processing of these categories of data is – depending on the application – Sofort GmbH

Your data is transferred to the shipping company contracted with delivery, to the extent this is required for delivery of the goods (on this, see point 2.1 in this section).

To process the payment process and delivery, we transmit your payment information to the selected payment service and shipping provider, or this information is collected by the payment service provider. These companies may use your data only to process the order and not for any other purposes (on this, see point 2.2 below). We see merely which method of payment you selected, whether payment was successful, and in some cases, the last numerals of the card used.

For the processing of personalized data which are required to fulfil a contract to which the data subject is party, Article 6(1b) of the GDPR serves as the legal basis. If the processing of personalized data is required to fulfil a legal obligation (e.g. fulfilment of information obligations for consumer contracts or retention periods stipulated by tax law), Article 6 (1c) of the GDPR is the legal basis of data processing. In this case Shopify acts as the job processor in accordance with Article 28 of the GDPR.

Data may be transferred to third countries (especially Canada and the USA). Shopify guarantees an adequate data protection level, through, among others, standard contractual clauses and adequacy decisions by the European Commission.

2. Transmission of Data to Third Parties

2.1 Shipping Services

We contract DHL Home Delivery GmbH with the delivery of our products and logistics activities. Orders are delivered by shipping services such as DHL and DHL Express.

These service providers receive the personalized data necessary to fulfil the given order. These data include especially

Last name, first name
Delivery address
Post number (insofar as you would like the order to be delivered to a DHL Packstation)
Email address (for the purpose of shipment notification and delivery status)
Phone number (e.g. for shipping notices)

The last name, first name, delivery address, and (where applicable) post number are transferred for the purpose of fulfilling a contract to which the person in question is a party, in accordance with Article 6 (1b) of the GDPR. The transmission of the email address and, where necessary, the phone number, takes place on the basis of a legitimate interest in accordance with Article 6 (1f) of the GDPR, in order to be able to offer you a notification service and thus to make shipping as customer-friendly as possible.

2.2 Payment Services

We offer various payment services, including advance payment, payment by credit card, and payment via PayPal. For the processing of payments we forward you payment information to the credit institute or payment provider contracted with payment. These companies may use your data only to process the order and not for any other purposes. Further information on the processing of privatized data by these providers is presented in their data protection guidelines:

Google Pay: We enable payment transactions via the payment provider Google Pay (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). For the purpose of payment processing, the information provided in the context of the ordering process are transmitted to Google along with the information about your order. Google reserves the right to collect, store, and evaluate certain process-specific information on every transaction effected via Google Pay. Further, in its data protection statement Google reserves the right to forward collected data to third-party providers and subsidiaries. For more information please see the data protection information for Google Pay as well as the relevant conditions of use and guidelines accessible at https://support.google.com/googlepay/answer/9039712?hl=en and https://business.safety.google/privacy/.

Shopify Payments: We use the payment service provider ‘Shopify Payments’, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you decide on a payment method offered by the payment service provider Shopify Payments, especially payment with a credit or debit card, the payment will be processed by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we forward your information provided in the context of the ordering process, along with the information about your order (name, address, account number, bank sort code, if necessary also credit card number, invoice amount, currency and transaction number) on the basis of Article 6 (1b) of the GDPR. Your data is forwarded for the exclusive purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary therefor. More detailed information on the data protection of Shopify Payments is available at the following web address: https://www.shopify.com/legal/privacy. Data protection information on Stripe Payments Europe Ltd. is presented here: https://stripe.com/de/privacy.

Klarna – Pay now or later: In cooperation with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, we offer several payment options.

Insofar as you decide on Pay in full as the payment method, you pay via online banking using a PIN and TAN without any additional registration necessary. The entry of this information takes place after completion of the order on the pages of Sofort GmbH, part of the Klarna Group. For the transfer we send the following personalized information on your order to Klarna: order number, payment amount, and country.

If you opt for ‘Pay in 3’ or ‘Pay in 30 days’ instead, for payment processing we require the following information for processing of your purchase and an identity and credit check by Klarna: First and last name, address, date of birth, email address, as well as information related to the order such as invoice amount, article, delivery method. Klarna collects and also uses information on previous payment behaviour as well as probability values on this behaviour in the future.

Please also consider Klarna's Terms and Conditions and Privacy information, accessible at https://www.klarna.com/uk/terms-and-conditions/ and https://www.klarna.com/uk/privacy/.

PayPal: For payment via PayPal your payment information are transmitted in the context of payment processing to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Insofar as you decided on PayPal, you will be routed directly to the PayPal website. Independently of this, for processing of the order we send the following information to PayPal: Last name and first name, delivery address (if different from the address stored, also the name of third parties such as a neighbour), order number, payment amount.

For the payment methods credit card via PayPal, debit via PayPal, or – if offered – 'Pay Later’ via PayPal, PayPal reserves the right to perform a credit check. PayPal uses the result of the credit check with reference to the statistical probability of default for the purpose of deciding whether to make the given payment method available.

Further information on data protection, including the credit agencies consulted, are provided in the PayPal privacy principles: https://www.paypal.com/myaccount/privacy/privacyhub/principles.

2.3 IT Service Providers

We work with technical service providers in order to render our services to you. These service providers include, for instance, external IT service providers who enable the technical provision of our website and our shops (e.g. Shopify) as well as providers of software as a service (e.g. Reviews.io). The essential service providers and suppliers are:

2.3.1 Website / FRITZ! Online Shop:

Our website, including the provision of the online shop, is operated by Shopify. Shopify offers a comprehensive e-commerce platform with which vendors can create an online shop and streamline their commercial activities. Shopify is also deployed for marketing activities (e.g. personalized messages) and for customer management and customer care (e.g. back-in-stock emails, reactivation emails, web push notifications). For more information on the supplier, see https://www.shopify.com.

The service provider for Europe is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, with the VAT ID number IE 3347697KH (see the Shopify Terms of Service, https://www.shopify.com/uk/legal/terms).

Your personalized data (e.g. name, invoice address, delivery address, email address, phone number, and payment information as well as information about how you access our websites, your account and our platform) are processed by Shopify International Limited, the Shopify company in Ireland. In the context of rendering services, this personalized data can be transmitted to other countries, among them Canada. Your personalized data is protected during transmission to Canada. According to EU Commission decision 2002/2/EC of 20 December 2001, Canada provides adequate protection for personalized information and electronic documents. Therefore this data processing is permitted by the GDPR.

Should Shopify send this personalized data to a country outside Canada (e.g. to sub-processors), this data is protected through contractual obligations which are comparable to those in the standard contractual clauses of the EU Commission.

More information on the collection and use of personalized data is provided in the ‘Privacy for Customers (for customers who buy in shops that use Shopify)’ at https://www.shopify.com/uk/legal/privacy/customers, in the Shopify Privacy Policy at https://www.shopify.com/uk/legal/privacy, and in the addendum on data processing at https://www.shopify.com/uk/legal/terms.)

2.3.2 Reviews

To receive your experiences and reviews, we use the REVIEWS.io service. When a review is generated on the product pages or on the website sent to you by email, your data is collected by REVIEWS.io 2020 GmbH, Skalitzer Straße 104, 10997 Berlin, Germany, and transferred to us.Your review will then be published on our website. Further information on data protection, including on the deletion of reviews, is provided in the REVIEWS.io User Privacy Policy: https://www.reviews.io/legal/user-privacy-policy.

2.3.3 Product Returns

We use the Service 8Returns offered by 8Returns GmbH, Pappelallee 78/79,
10437 Berlin, Germany, to facilitate the simple, efficient processing of returns. In the context of using this services, certain personalized data is processed to manage and improve the returns process. The data processed by 8Returns includes:

Ordering information (e.g. order number, product information)
customer information (e.g. name, email address, delivery address)
return information (e.g. reason for return, condition of article)

This information is used by 8Returns for the exclusive purpose of executing the return process and not processes for any other purposes.

Further information on data processing by 8Returns is presented in the Privacy Policy at: https://www.8returns.com/de/legal/privacy-policy

VIII. Further Data Processing

1. Newsletter / Competitions / Surveys

1.1. Newsletter

We process the data provided during your registration for the newsletter (e.g. first name, surname, email). For newsletter dispatch we use the LianaMailer tool from Lianatech GmbH, Leopoldstraße 180, 80804 Munich, Germany.

If you take advantage of the newsletter we offer, we need you to provide a valid email address. In order to check whether you are the owner of the given email address, or that the address's owner consents to receiving the newsletter, after the first registration step we will send an automated email to the given email address (known as the ‘double opt-in’). Only after confirmation of registration via a link in the confirmation email will we include the given email address in our mailing list. We do not collect any data beyond the email address and the information provided to confirm the registration.

In addition to the data supplied while registering for the newsletter, the following data is processed:

information about the deliverability of the newsletter mailing,
information about which editions of the newsletter the newsletter recipient opened,
information about which links the newsletter recipient clicked on in the newsletter they opened,

Your data are processed for the purpose of mailing the newsletter you requested, including surveys included within, in order to improve our services and to organize competitions. The legal basis for this processing is Article 6 (1a) of the GDPR. You can unsubscribe from the newsletter at any time; in addition, the remarks on the right of revocation in (III.4) apply. We store the data processed in connection with the newsletter for the duration of your registration for the newsletter. Upon your deregistration from the newsletter your personalized data are deleted.

1.2. Competitions

Unless otherwise specified for a competition, the following applies: If you win in the context of a competition, we will contact you at the email address provided to determine the mailing address for sending the prize. Your postal address is used only for the purpose of sending the prize. We store the data supplied in the context of the competition until the competition is completed (generally deletion takes place no more than eight weeks after the deadline for participating in the competition), unless we have other statutory retention obligations (e.g. relating to tax law).

For competitions – unless otherwise indicated – we use software from the provider Alchemer. Alchemer is operated by Alchemer LLC, 168 Centennial Pkwy, Louisville, CO 80027, USA.

1.3. Surveys

We use the provider Alchemer to integrate surveys on our websites. Alchemer is operated by Alchemer LLC, 168 Centennial Pkwy, Louisville, CO 80027, USA.

The data recorded is processed for surveys, to improve our services, and to organize competitions. Your personalized data will be deleted from the tool no later than 8 weeks after conclusion of the given campaign. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

Data is processed exclusively within the EU. Further information on data processing and data protection by Alchemer is available at https://www.alchemer.com/privacy.

2. Advertising and Marketing Messages / Customer Satisfaction Surveys

Your personalized data is used for the purpose of advertising and/or marketing and for the purpose of performing customer satisfaction surveys only when corresponding permission has been granted, or when there is another legal basis that permits advertising or marketing messages even without express consent (e.g., in accordance with the Act Against Unfair Competition).

The legal foundation for advertising and/or marketing measures on the basis of express consent is Article 6 (1a) of the GDPR; correspondingly, the remarks on consent in (III) apply. The legal basis for the use of personal data for the purpose of direct marketing by post is Art. 6 (1f) of the GDPR (legitimate interest); the legitimate interest here consists in addressing potential customers for the purpose of direct advertising for our products and services. For advertising and/or marketing measures via email for the purpose of direct advertising for similar wares or services of our own, the legal basis is Section 7(3) of the German Fair Trade Practices Act (UWG); this is subject to the condition that (i) we received your email address in connection with the sale of a good or service, (ii) you did not refuse to allow your email address to be used for the purpose of direct advertising and (iii) upon the collection of your email address and every time we use it, we clearly point out that you may refuse at any time to have your email address used in this way (on the right to refuse, see [X.6]).

Your personal data will be stored and used for advertising purposes indefinitely, depending on the respective legal basis for the advertising measure (consent or legitimate interest), until you object to the use of your data for advertising purposes or until you revoke your corresponding consent. You can revoke consent to a processing of personal data at any time, with effect for the future. You may object to processing on the basis of legitimate interests at any time. In the event of revocation and/or objection, the personal data will no longer be processed for the purposes concerned; with the exception of processing of data which is still required for the purpose of fulfilling the contract (Art. 6 (1b) of the GDPR) including statutory storage obligations and/or if the data is still required within the framework of legitimate interests (Art. 6 (1b) GDPR) (e.g. in the event of an advertising objection, processing of data in a so-called blacklist in order to prevent future advertising approaches).

3. Google Maps

We use map materials from Google Maps on our website. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

On some pages (e.g., the retailer search) we use a Google Maps plug-in. When you open a page equipped with such a plug-in, no connection to Google Maps is established automatically. A connection to Google Maps is established only when you consent to the display of contents. Further information on data processing and data protection by Google Maps (Google) is available at https://policies.google.com/privacy.

4. Social Networks

On our web pages we use social network plug-ins in accordance with the information from the providers listed below, so that you can enjoy the interactive potentials of the social networks you use on our web pages as well. With these plug-ins we embed video contents into the websites. This makes various functions available, the object and extent of which are determined by the operators of the social networks. Keep in mind that the IP address of your browser session may be linked to your own profile with the given social network if you are currently logged in to that network. Similarly, your visit to our web pages can be linked to your profile with the social network if it recognizes you from a cookie that was set during a previous session with the social network and is still stored on your computer.

Please note that we are not the provider of the social networks and thus have no influence on data processing by the given provider. For more information on data handling, see the websites of the respective social network operators.

4.1. Facebook

Our websites do not include any plug-ins from the social network Facebook belonging to Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. There is merely a passive link to our contents on Facebook.

If you contact us and interact with us on Facebook (requests, ‘like’ button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, as well as software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA to process the user data generated by Facebook in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.2. X (formerly Twitter)

Our pages have not embedded any functions from the social network ‘X’ belonging to Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. There is merely a passive link to our contents on X.

If you contact us and interact with us on X (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, as well as software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA to process the user data generated by X in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.3. LinkedIn

Our pages have not embedded any functions from the social network ‘LinkedIn’ belonging to LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. There is merely a passive link to our contents on LinkedIn.

If you contact us and interact with us on LinkedIn (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by LinkedIn in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.4. XING

Our pages have not embedded any functions from the ‘XING’ service belonging to New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

If you contact us and interact with us on XING (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by XING in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.5. YouTube

We use the provider YouTube to integrate videos (‘Ask FRITZ!’, etc.) YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

On some pages we also use a YouTube plug-in. When you open a page equipped with such a plug-in, no connection to YouTube servers is established automatically. A connection to YouTube is established only when you consent to the display of contents. Further information on data processing and data protection by YouTube is available at https://policies.google.com/privacy.

If you contact us and interact with us on YouTube (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by YouTube in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.6. Instagram

No plug-ins from the social network Instagram, belonging to Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, are integrated on our websites. There is merely a passive link to our contents on Instagram.

If you contact us and interact with us on Instagram (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by Instagram in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.7. Bluesky

No plug-ins from the social short message service ‘Bluesky’, belonging to the company Bluesky Social, PBLLC 113 Cherry St, Seattle, WA 98104, USA, are integrated on our websites. There is merely a passive link to our contents on Bluesky.

If you contact us and interact with us on Bluesky (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by Bluesky in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.8 TikTok

Our pages have not embedded any functions from the social network ‘TikTok’ belonging to TikTok Technology Limited, The Sorting Office, Ropemaker Place, Dublin D02 HD23, Ireland. There is merely a passive link to our contents on TikTok.

If you contact us and interact with us on TikTok (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by TikTok in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

5. Instant-Messenger

If you follow our channels on the messaging apps WhatsApp and Telegram, the public username and ID you use there are displayed to us. Your data (username) is processed exclusively for the purpose of providing with information about the news service to which you subscribed. The legal basis for this processing is Article 6 (1a) of the GDPR. You can unsubscribe from the news service at any time. More information is provided in the data protection statement of the respective service provider (WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea?lang=en and Telegram https://telegram.org/privacy/de)).

6. Zack Speed Test

When using our Zack speed test you have the opportunity to determine the upload and download speeds and the ping time of your broadband connection. This test uses a PHP script via the provider GeoIPLookup.io to retrieve the IP address of your connection along with the approximate geo-data as well as your internet provider and type of browser. If you use a FRITZ!Box, depending on the browser, the FRITZ!Box model and FRITZ!OS version will also be displayed. No data processing takes place on our servers. No IP address is saved.

7. Usercentrics

We use the Usercentrics privacy compliance service, belonging to Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics). This allows us to obtain and manage our website users' consent to data processing. This processing is required to fulfil the legal obligation to which we are subject (Article 6 (1.1.c) of the GDPR). For this the following data is processed:

date and time of access
browser information
device information
geographic location
cookie preferences
URL of the site visited

The functionality of the website cannot be guaranteed without this processing.

Usercentrics is the recipient of your personalized data and works for us as a processor in accordance with Article 28 of the GDPR.

Processing takes place in the European Union. More information is presented in the Usercentrics Privacy Policy: usercentrics.com/privacy-policy/

IX. Contact Form, Feedback, Email Contact, Support, and Chat Support

1. Contact Forms

On our websites there are various contact forms (web forms) or contact options for different topics, which the user can use to establish contact with us electronically (for instance, for product and sales consultation, product suggestions, support requests, chat support). If the user takes advantage of any of these opportunities, the data entered in the input mask by the user or data on the telephone contact are transmitted to us and stored. Depending on the form used or the type of contact, these data can include:

Company*
First name*
Last name*
Phone number*
Email*
Type of query* (private or business customer / vendor)
Postal code*
Country
When you can be reached
any relevant documents/materials/support information/logs
Internet provider*
* Mandatory information (depending on the web form or type of contact used), which are required for the purpose of registration/contact are marked with an asterisk (in the input mask as well) to designate them as required fields.

2. Feedback

On our websites users are able to send us feedback e.g. in the FRITZ! Lab.

If the user makes use of this, the data entered in the input mask are transmitted to us and stored. These data include:

First name
Last name
Email Address

When the message is sent, the following data are also processed:

the user's IP address
date and time when message was dispatched

To process your feedback we use software from Alchemer LLC, 168 Centennial Pkwy, Louisville, CO 80027, USA. Data is processed exclusively within the EU. Further information on data processing and data protection by Alchemer is available at www.alchemer.com/privacy..

3. Email Contact

Alternatively, you can contact us using the email addresses listed on the web pages. In this case the personalized data of the user transmitted with the email will be stored. We process email queries using software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA - see also at https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4. Chat

On our websites you also have the opportunity to enter into a chat with our support staff, and outside the hours of availability of our support staff with an AI-supported chatbot, for instance, to receive information on our products (‘chat function’).

When the chat is used, the following (personalized) data are processed:

Name
Title
Language
Date and Time
IP address
Email Address
Contents of your communications
Information on the web browser used (language settings, software version, etc.)
Country, city / approximate location

FRITZ! processes personalized data provided by a user through a chat only insofar as they are necessary to respond to your personal query in the chat. You decide whether the data listed above are stored for the purposes listed under 6.

Insofar as you enter into a chat with an AI-supported chatbot, it will be processed using software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA - see also at https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/. For this Zendesk Inc.. as a supplier of AI functions, uses the company OpenAI, whose EU headquarters are OpenAI Ireland Limited, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland – see also at https://openai.com/policies/privacy-policy/. If the chat was started in our FRITZ! Online Shop, it uses software supplied by botario GmbH, Konsul-Smidt-Straße 8p, 28217 Bremen; see also botario.com/de/datenschutz/.

If the query cannot be answered conclusively in the chat, your query may be transferred by our staff to our FRITZ! Support desk. The text you entered within the chat (including any personalized data you provided in this context) will be forwarded there.

5. Support and Consulting Queries

We process support requests and consulting queries (by email or phone) as well as queries via chat support using software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA - see also at https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/ - as well as software telegra GmbH, Oskar-Jäger-Straße 125, 50825 Cologne, Germany - see also at https://www.telegra.com/en/privacy-policy/. We further use SugarCRM software from Insignio CRM GmbH, Ludwig-Erhard-Str. 14, 34131 Kassel, Germany, to organize and store the data. In the case of phone contact, we reserve the right - also in the interest of further inquiries - to process your phone number in addition to your name and the associated support query. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

In addition to the chat function, users can receive information from FRITZ by phone or via the contact form on the company's Product and Sales consultation pages. For more information on these options, go to https://en.fritz.com/products/sales-consultation/.

6. Purpose and Legal Basis

This data is processed exclusively for the purpose of responding to the given request or suggestion. The other data collected during transmission of the message serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Insofar as data is processed for the purpose of fulfilling a customer order or responding to a customer request, the legal basis for data processing is Article 6 (1b) of the GDPR, regardless of whether contact was made via a contact form, by email, or by telephone. The legal basis for processing the user's feedback is Article 6 (1f) of the GDPR. We are interested in improving our products and services for our users. The legal basis for processing the data with the user's consent is Article 6 (1a) of the GDPR. The legal basis for collecting additional data during sending is Article 6 (1f) of the GDPR; the legitimate interest here is in the prevention of misuse and ensuring system security (cf. [V.1]).

7. Data Erasure and Storage Period

In general, data is erased as soon as it is no longer required to achieve the purpose of its collection. For the personalized data from the input mask of the contact form and that that was sent by email, this is the case when the given communication with the user has ended and/or the user's request was responded to conclusively.. The communication is concluded, or a conclusive response is provided, when the circumstances allow the conclusion that the matter concerned has been resolved; in the case of support and chat support, no more than 2 years after the last communication, with the exception of the cases listed in (III.7), or after no more than 3 years if we offered you a replacement under warranty and/or your problem requires interaction with our development department. In the case of warranty processing performed, we delete the associated communication required no later than after 5 years. In general: Instead of being deleted, data will be stored and locked if further storage of the data is required for the reasons listed in (III.7).

8. Opt-out and Elimination Options

The user has the possibility to terminate communication with us and/or rescind their request at any time, and to object to the corresponding use of their data. In such a case the communication cannot be continued. In this case, all personalized data stored in the course of making contact is erased, unless the further storage of data is required for the reasons listed in (III.7 and IX.7).

X. Rights of the Data Subjects

According to the GDPR, the user is entitled in particular to the following data subject rights:

1. Right to information (Article 15 of the GDPR)

You have the right to request information about whether or not we process personalized data pertaining to you. If personalized data pertaining to you is processed by our company, you are entitled to information about

the purposes of processing;
the categories of personalized data (kinds of data) that are processed;
the recipients or categories of recipients to whom your data were disclosed or are to be disclosed; this is the case especially when data was disclosed or is to be disclosed to recipients in third countries outside the purview of the GDPR;
the planned duration of storage, to the extent this is possible; if the duration of storage cannot be given, in any case the criteria for determining the duration of storage (e.g. legal retention periods or the like) must be communicated;
Your right to rectification and erasure of the data pertaining to you, including the right to restrict processing and/or the right to revoke consent (on this, see also the subsequent clauses);
the existence of the right to lodge an appeal with a supervisory authority
the source of the data, if the personalized data were not collected from you directly.

Further, you are entitled to information about whether your personalized data is the object of automated decisions in the sense of Article 22 of the GDPR, and, if this is the case, which decision criteria are the basis for such an automated decision (logic) or what the effects and consequences the automated decision can have for you.

If personalized data is transmitted to a third country outside the purview of the GDPR, you are entitled to information about whether, and if so, on the basis of which guarantees, an adequate level of protection is ensured by the data recipient in the third country in accordance with Articles 45 and 46 of the GDPR.

You have the right to request a copy of your personalized data. We always provide copies of data in electronic form unless you request otherwise. The first copy is free of charge; for additional copies, reasonable compensation can be requested. The copy is provided as long as the rights and freedoms of other persons are not compromised through the transmission of the copied data.

2. Right to Rectification (Article 16 of the GDPR)

You have the right to request that we rectify your data, should it be incorrect, inaccurate and/or incomplete; the right to rectification includes the right to complete your data by adding supplementary clarifications or information. A rectification and/or supplement must take place immediately – that is, without undue delay.

3. Right to Erasure (Article 17 of the GDPR)

You have the right to request that we erase your personalized data, insofar as

the personalized data is no longer required for the purposes for which it was collected and processed;
data processing takes place on the basis of consent you granted and you have rescinded your consent, insofar as there is no other legal basis for data processing;
You entered an objection to data processing in accordance with Article 21 of the GDPR and there are no overriding reasons for further processing;
You entered an objection to data processing for the purpose of direct advertising in accordance with Article 21(2) of the GDPR;
Your personalized data was processed illegally;
the data in question concerns a child, and was collected in relation to information society services in accordance with Article 8(1) of the GDPR.

There is no right to the erasure of personalized data insofar as

the rights to freedom of expression and to knowledge are in conflict with the request for erasure;
the processing of personalized data (i) in order to fulfil a legal obligation (e.g. legal retention periods), (ii) in order to fulfil public duties and interests in accordance with EU law and/or the law of the member states (this also includes interests in the area of public health) or (iii) for the purposes of archiving or research;
the personalized data is required for the assertion, exercise or defence of legal claims.

The erasure must take place immediately – that is, without undue delay. If personalized data has been made public by us (e.g. in the internet), we are responsible, in the framework of what is technically possible and reasonable, for informing third-party processors about the erasure request, including the deletion of links, copies and or replicates.

4. Right to Restriction of Processing (Article 18 of the GDPR)

You have the right to have the processing of your personalized data restricted in the following cases:

If you have contested the accuracy of your personalized data, you can request that your data not be used for other purposes for the duration of the accuracy check and insofar restricted.
In the case of illegal data processing you can request the restriction of data use in accordance with Article 18 of the GDPR rather than data erasure according to Article 17 (1d) of the GDPR.
If you need your personalized data for the assertion, exercise or defence of legal claims, but your personalized data is otherwise no longer required, you can request that we restrict processing to the above mentioned purpose of legal proceedings.
If you entered an objection to data processing in accordance with Article 21(1) of the GDPR and it has not yet been decided whether our interests in processing override your interests, you can request that your data not be used for other purposes for the duration of the review and insofar be restricted.

5. Right to Data Portability (Article 20 of the GDPR)

Subject to the following provisions, you have the right to receive the data pertaining to you in a commonly used, machine-readable format. The right to data portability includes the right to transmission of the data to another controller; upon request we will thus – insofar as it is technically possible – transmit data directly to a controller you specify or will specify in the future. The right to data portability applies only for the data provided by you and assumes that the data is processed on the basis of consent or for performance of a contract, and is executed using automated methods. The right to data portability in accordance with Article 20 of the GDPR does not affect the right to data erasure in accordance with Article 17 of the GDPR. The data is transmitted only if the rights and freedoms of other persons cannot be compromised through the data transmission.

6. Right to Object (Article 21 of the GDPR)

In the case of processing of personalized data in order to fulfil a task carried out in the public interest (Article 6[1e] of the GDPR) or for the purpose of pursuing legitimate interests (Article 6[1f] of the GDPR), you can object prospectively to the processing of personalized data pertaining to you at any time. In the case of an objection we have to refrain from any further processing of your data for the above mentioned reasons, unless

there are compelling and legitimate reasons for processing which override your interests, rights and freedoms, or
the processing is required for the assertion, exercise or defence of legal claims.

You can object prospectively to the use of your data for the purpose of direct advertising at any time; this is also true for any profiling associated with the direct advertising. In the case of an objection we have to refrain from any further processing of your data for the purpose of direct advertising.

7. Legal Protections / Right to Petition a Supervisory Authority

In the case of complaints, you can contact a supervisory authority of the EU or the member states at any time. The supervisory authority named in (II) is responsible for our company.

(Last updated: July 2025)

B. Legal Notice

Legal notice

Liability

FRITZ! GmbH continually checks and updates the information provided on these web pages. Despite our most diligent efforts it can occur that data presented here have changed in the meantime. Therefore FRITZ! cannot guarantee that the information made available here is accurate, complete or up to date. No liability is assumed for damages that arise directly or indirectly from the use of these web pages, unless they are attributable to intent or gross negligence, or if liability is stipulated by compulsory statutory regulations.

Copyrights

Texts, images, graphics, sounds, animations or videos, and their arrangement on these web pages, are subject to worldwide copyright laws and other protective legislation. Unauthorized use, reproduction or transmission of individual contents or complete pages can be prosecuted by under both civil and criminal law. FRITZ! emphasizes that some of the images included on these web pages are copyrighted by third parties. All addresses on FRITZ!'s web pages are published for the exclusive purpose of providing information. No commercial use by third parties is permitted.

Trademarks

Unless otherwise indicated, all trademarks mentioned on these web pages are legally protected trademarks owned by FRITZ! GmbH, especially product names and logos. Microsoft, Windows and the Windows logo are trademarks owned by Microsoft Corporation in the USA and/or other countries. Android is a trademark of Google, Inc. Bluetooth is a trademark of Bluetooth SIG, Incorporated and licenced to FRITZ! GmbH. WireGuard is a registered trademark belonging to Jason A. Donenfeld in the US and/or other countries (wireguard.com). All other products and company names are trademarks of their respective owners.

Note on technical IP rights with standard relevance

To the extent that our products are directly or indirectly using technical IP rights, the teaching of which is a mandatory or optional part of international technical standards – e.g. in the field of telecommunication – we herewith explicitly declare our willingness to accept a license offer based on fair, reasonable and non-discriminatory conditions, unless the acts of use committed by us and/or our customers are already covered by a license agreement of one of our suppliers or other provider and no rights were exhausted.

External links

According to general law, as the content provider for its own contents, FRITZ! is responsible for the contents provided for use. These contents are to be distinguished from the links to contents made available by other providers. The link is a way for FRITZ! to make "foreign contents" available for use. FRITZ! is responsible for these contents only if FRITZ! has positive knowledge of them (i.e. and of any unlawful or criminal content) and if it is technically possible and reasonable to expect FRITZ! to prevent their use.

The links, however, always constitute "living" (dynamic) references. FRITZ! checked the foreign content the first time it was linked, in order to clear the company of any possible civil or criminal liability. However, according to law FRITZ! is not obligated to constantly check the contents to which it provides links on its web pages for changes that could provide a new basis for liability. Should FRITZ! discover, or be informed by others, that a concrete web page to which FRITZ! provided a link entails civil or criminal liability, then it will remove the link, insofar as it is technically possible and reasonable to do so.

FRITZ! reserves the right at any time to change the information provided, in part or in full, or to add to it or remove it.

FRITZ! Netiquette

On our social media channels, users can communicate with each other and ask FRITZ! questions about our products and other services. We encourage and enjoy lively discussions within the community and try to answer questions as quickly as possible. As a rule, questions that come to us in the evening after regular business hours, on holidays or weekends are dealt with on the next business day.

It is important to us that the communication is equitable. We communicate respectfully and fairly and endeavour to maintain polite and objective interaction with our users. We expect other users to behave in the same way when dealing with each other and with FRITZ!. Comments made on our social media channels are public.

The following are not permitted:

insults, threats and slurs of all types
slander and defamatory statements about FRITZ! and other users
incitement to violence
advertising or publicity for elections and political parties
radical ideas, racism and hate propaganda
pornography and obscenities
violating the rights of third parties
posting personal correspondence and disclosing personal information (addresses, email addresses, phone numbers)
calls to campaigns, rallies and appeals for donations
misuse of the comments function for commercial purposes

FRITZ! reserves the right to erase comments and block users who repeatedly violate this Netiquette. Each user is solely responsible for any postings or comments they make. FRITZ! assumes no liability for users’ content.

FRITZ! reserves the right at any time to change the information provided, in part or in full, or to add to it or remove it.