Privacy Policy

As of: September 3, 2025

1) Information about the Collection of Personal Data and Contact Details of the Controller

1.1 General Information

Below we inform you about how we handle your personal data when you use our website. Personal data refers to all data that can be used to personally identify you.

1.2 Controller Details

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Reinhard Eckstein, Bertha-Bosch-Weg 1, 88213 Ravensburg, Germany, Phone: +49 (751) 96087, Email: info@buywithme.shop. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 Security Measures

For security reasons and to protect the transmission of personal data and other confidential content, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser bar.

2) Data Collection When Visiting Our Website

Article 6(1)(f) GDPR

When you use our website without knowingly providing us with information, we only collect data that your browser automatically transmits to our server. This data is stored in so-called "log files" on our server. When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• The website we visit (the display in your browser's address bar)
• Date and time of access
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• IP address used (possibly in anonymized form)

Processing is carried out in accordance with Article 6 (1) (f) of the General Data Protection Regulation (GDPR) based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for any other purpose. However, we reserve the right to subsequently review the log files if there are concrete indications of illegal use.

3) Cookies

This website does not use cookies. Embedded videos from YouTube are accessed via the URL "https://www.youtube-nocookie.com/" to prevent cookies from being set by third parties. With the exception of YouTube videos, all other content, such as fonts, images, JavaScript, etc., is hosted on our own domain to prevent data from being accidentally transmitted to third parties. For this reason, we do not use a CDN (Content Delivery Network) and do not use analytics tools such as Google Analytics.

4) Browser Storage

When the website is accessed for the first time, an ID is generated by the server and stored in the browser's temporary memory. If the user logs in to the customer area and has activated the "Stay logged in" option, this ID is moved to the browser's permanent memory and remains there until the user logs out manually or the memory is deleted using the browser's delete function. The ID is sent to the server with every request. It serves to return the correct data to the user and prevent misuse of the site. If the browser's memory is full, defective, or otherwise unavailable, the site cannot be used or can only be used to a limited extent.

• Data stored in the browser's temporary memory and automatically deleted after closing the page:
  • Unique ID (=session number)
  • Indicator whether the user is logged in
• Data stored in the browser's permanent memory and not deleted after closing the page:
  • Unique ID (=session number)
  • Indicator whether the user is logged in
  • Flag whether the user should remain logged in
  • First 3 digits of a document number in the document export module

5) Quality Assurance / Troubleshooting

For quality assurance and troubleshooting purposes, permanent or temporary copies of all emails sent by the system may be sent to both the site operator and the site's technical administrator. The corresponding email addresses are entered in the email as blind carbon copy (Bcc). The emails will be deleted after review or error correction, will not be passed on to third parties, and will not be archived.

6) Customer Area

Existing customers can log into their customer area using the "Login" link. The following data is loaded from the server:

• Company name and email address for displaying the logged-in customer
• Company name, creditor ID, IBAN, and BIC to export documents as an XML file
• Company name, email address, and telephone number for easy and quick contact via the contact form

After logging out, this data is deleted from the browser.

7) Contact

Article 6(1)(b) and (f) GDPR

When you contact us (for example, via the contact form or by email), personal data is collected. The data collected when you use the contact form is indicated in the fields within the contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) of the General Data Protection Regulation. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6 (1) (b) of the General Data Protection Regulation. Your data will be deleted after your request has been finally processed. This is the case if the circumstances indicate that the matter in question has been finally clarified and provided that there are no statutory retention periods to the contrary.

8) Rights of the Data Subject

8.1 General Rights

The applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

• Right to information pursuant to Article 15 GDPR: In particular, you have the right to information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to information about the guarantees pursuant to Article 46 GDPR when your data is transferred to third countries;
• Right to rectification in accordance with Article 16 GDPR: You have the right to have inaccurate data concerning you rectified without delay and/or to have incomplete data stored by us completed;
• Right to erasure pursuant to Article 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Article 17 (1) GDPR are met. However, this right does not apply if processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.
• Right to restriction of processing pursuant to Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you contest, is being verified, if you refuse to delete your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise, or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons related to your particular situation, as long as it has not yet been determined whether our legitimate reasons outweigh yours;
• Right to information pursuant to Article 19 GDPR: If you have asserted your right to rectification, erasure, or restriction of processing vis-à-vis the controller, the controller is obligated to inform all recipients to whom the personal data concerning you was disclosed of this rectification, erasure, or restriction of processing, unless doing so proves impossible or involves disproportionate effort. You have the right to be informed of these recipients.
• Right to data portability pursuant to Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request that it be transmitted to another controller, where technically feasible;
• Right to revoke consent granted in accordance with Article 7 (3) GDPR: You have the right to revoke your consent to the processing of data at any time with future effect. In the event of revocation, we will delete the data in question immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
• Right to lodge a complaint pursuant to Article 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

8.2 Right of Objection

If we process your personal data based on our overriding legitimate interest within the framework of a balancing of interests, you have the right to object to this processing at any time with future effect for reasons arising from your particular situation. If you exercise your right of objection, we will stop processing the data in question. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such advertising purposes. You can exercise your objection as described above. If you exercise your right of objection, we will stop processing the data concerned for direct marketing purposes.

9) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective statutory retention period (e.g., retention periods under commercial and tax law). After expiration of this period, the corresponding data will be routinely deleted unless it is no longer required for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in continued storage.