Privacy policy

Generally

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.

User rights

You can request information about the personal data stored about you at any time and free of charge. Your rights also include confirmation, correction, restriction, blocking and deletion of such data and the provision of a copy of the data in a form suitable for transmission, as well as the revocation of consent given and objection. Statutory retention obligations remain unaffected.

Your rights arise in particular from the following standards of the GDPR:

  • Article 7 Paragraph 3 – Right to revoke data protection consent
  • Article 12 – Transparent information, communication and modalities for exercising the rights of the data subject
  • Article 13 – Obligation to provide information when collecting personal data from the data subject
  • Article 14 – Obligation to provide information if the personal data have not been collected from the data subject
  • Article 15 – Right of access of the data subject, right to confirmation and provision of a copy of personal data
  • Article 16 – Right to rectification
  • Article 17 – Right to erasure (“right to be forgotten”)
  • Article 18 – Right to restriction of processing
  • Article 19 – Obligation to notify in connection with the rectification or deletion of personal data or the restriction of processing
  • Article 20 – Right to data portability
  • Article 21 – Right to object
  • Article 22 – Right not to be subject to a decision based solely on automated processing, including profiling
  • Article 77 – Right to lodge a complaint with a supervisory authority

To exercise your rights (with the exception of Art. 77 GDPR), please contact the office named under “Responsible person within the meaning of the GDPR” (e.g. by email).

Note on the responsible body

The responsible body for data processing on this website is:

menstruflow GmbH

Wexstr. 28

10715 Berlin

Telephone: 0176 61049100

Email: hello@menstruflow.de

The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal email. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If data processing is carried out on the basis of Article 6 Paragraph 1 Letter e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

Right to lodge a complaint with the responsible supervisory authority

In the event of data protection violations, the person affected has the right to lodge a complaint with the responsible supervisory authority. The responsible supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: bfdi .

Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL or. TLS encryption. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, blocking, deletion

Within the framework of the applicable legal provisions, you have the right to free information at any time about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correct, block or delete this data. You can contact us at any time at the address given in the legal notice for this purpose or for further questions on the subject of personal data.

Objection to advertising emails

The use of contact details published as part of the imprint obligation to send unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, such as spam emails.

Cookies

Some of the websites use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offering more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and that your browser saves.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.
Cookies that are necessary to carry out the electronic communication process or to provide certain functions you require (e.g. shopping cart function) are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies in order to provide its services in a technically error-free and optimized manner. If other cookies (e.g. cookies to analyze your surfing behavior) are stored, they will be treated separately in this data protection declaration.

Configuration and elimination of cookies in the web browser of your device

You have the option of configuring the setting of cookies on your device at any time. You can restrict the setting of cookies or prevent them entirely in your browser settings. You can also have cookies automatically deleted when you close the browser window. You can find out how to delete cookies in the most common web browsers and change the cookie settings here:

You can also configure the settings for the cookies used on our website (with the exception of the technically necessary cookies) on our website (“cookie settings”). You can find out more about this below under (2) (configuration of cookies) and (3) (categories of cookies).

Note: The settings you make on your device only refer to the web browser of the device used.

Configure and delete cookies in the cookie settings on our website

With the exception of the technically necessary cookies, you can decide for yourself whether you allow additional cookies. On our websites you will be informed about our cookie categories via a cookie layer and asked whether you want to give us your consent for the performance cookies mentioned.

You have the following options via our cookie tool or the cookie settings: If you click on the “STRICTLY NECESSARY” or “REJECT ALL” symbol, only technically necessary cookies will be saved. You can also click on performance cookies using the “PERFORMANCE” symbol; If you then click on the “SAVE & CLOSE” button, you consent to the setting of performance cookies and the associated data processing. You can also give your consent by clicking on the “AGREE ALL” button or via the cookie settings by activating the performance cookies and then clicking the “SAVE & CLOSE” button.

On our website you can change your settings for the use of cookies at any time under “Cookie Settings” or revoke your consent completely by restricting the selection of cookies accordingly (“REJECT ALL”).

For further details on the cookies used, please see the sections below.

Categories of cookies and legal basis

Cookies are used on this website. Cookies are small text files that your browser automatically creates and which are stored on your device (laptop, tablet, smartphone, etc.). The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we receive direct knowledge of your identity. Some of the cookies we use are deleted at the end of the browser session (so-called session cookies).

The details of the cookies we use can be found in our cookie settings under “COOKIE STATEMENT” and “INFORMATION ABOUT COOKIES”.

Strictly Necessary Cookies

The use of strictly necessary cookies is necessary to ensure the proper and secure operation of our websites and their functionalities and to make our website available as a whole. These cookies are set, for example, to enable basic functions of the website, to save your cookie preferences, to provide secure authentication that allows you to log into your customer account, and to enable you to fill out forms. A necessity exists, for example, with regard to ensuring the following functionalities / achieving the following purposes:

- Correct resolution,
- Ensuring system security

The legal basis for this data processing is Article 6 Paragraph 1 Letter b (initiation of contract, conclusion of contract) GDPR, Section 25 Paragraph 2 No. 2 TTDSG.

You have no right to object to the data processing necessary for the operation of the website.

Performance/analytics cookies

According to legal requirements, storing information on end devices (desktops, cell phones, tablets, etc.) - for example by setting cookies that are not technically necessary - and retrieving information from end devices for tracking purposes is generally only permitted if you do so have previously given consent. We obtain this via our cookie consent tool or the cookie settings.

The legal basis for this data processing is Article 6 Paragraph 1 Letter a (consent) GDPR, Section 25 Paragraph 1 TTDSG.

Right of withdrawal: You have the right to withdraw your consent to the use of personal data obtained through performance cookies in the future. To do this, you can change the cookie settings ("REJECT ALL") or change them at any time or change the settings in your browser.

The revocation of your consent means that no more data will be transmitted to our website about the device you used when you lodged your objection.

Hosting

We use Webflow, a modular website system, for our website. The service provider is the American company Webflow, Inc. 398 11th St., Floor 2, San Francisco, CA 94103, USA.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfer there, Webflow uses so-called standard contractual clauses (=Article 46, Paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Webflow undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the resolution at the following link .

The Webflow CDN makes duplicates of a website's data available on various Webflow servers distributed worldwide. This results in faster loading times for the website, greater reliability, protection against brute force attacks and increased protection against data loss. A majority of the elements and source code of this website are obtained from the Webflow CDN when the page is accessed. Through this retrieval, your IP address will be transmitted anonymously to Webflow servers in other EU countries and stored there for 24 hours. This anonymized storage for 24 hours serves to protect against brute force attacks. There is no tracking or other processing of this data. The use of the Webflow CDN is in the interest of greater reliability of the website, increased protection against data loss, protection against brute force attacks and a better loading speed of this website. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR.
Webflow Inc., based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU.
You can find Webflow's current privacy policy here .

Cloudflare

We use the Content Delivery Network (CDN) from Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 Para. 1 lit. f GDPR). A CDN is a network of servers distributed worldwide that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in Cloudflare server log files. Please compare the information under “Hosting”.

Cloudflare is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Article 6 Paragraph 1 Sentence 1 Letter f GDPR not to operate a content delivery network ourselves.

You have the right to object to processing. Whether the objection is successful must be determined by weighing up interests.

The processing of the data provided under this section is not required by law or contract. The functionality of the website cannot be guaranteed without the processing.

Your personal data will be retained by Cloudflare for as long as necessary for the purposes described.

Further information about objection and removal options against Cloudflare can be found at: Cloudflare DPA

Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information can be found at: Link

Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tag Manager itself does not set cookies, only tags and does not collect any personal data. The service triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will remain in effect for all tracking tags implemented with Google Tag Manager.

Transfer to recipients outside the EU/EEA in third countries

If data is transferred to entities whose headquarters or place of data processing is not in a member state of the European Union or in another contracting state to the Agreement on the European Economic Area, we ensure before passing on that, outside of exceptional cases permitted by law, the recipient either there is an adequate level of data protection (e.g. through an adequacy decision by the European Commission, through appropriate guarantees or the agreement of so-called EU Standard Contractual Clauses of the European Union (SSCs) with the recipient) or you give your consent to the data transfer.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Browser plugin

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection against data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: deactivate Google Analytics.
You can find more information about how Google Analytics handles user data in Google's privacy policy: Link .

Order data processing

We have concluded a data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics in Google Analytics
This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be created that contain information about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will first shorten your IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; However, please note that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: link .
The lawfulness of the processing for the purposes of collecting statistics results from Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.
The anonymization function of Google Analytics is used.
A contract for order processing has been concluded with Google Inc.

YouTube

Our website uses plugins from the YouTube site operated by Google. The website is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube's servers is established. The YouTube server is informed which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR.
Further information on how to handle user data can be found in YouTube's privacy policy at: Link .

Social media links

We have our own social media pages for third-party providers that can be reached via links from this website. By using the links, you can access the respective third-party websites (e.g. Facebook, Twitter, Instagram, YouTube) and also share our content. There is no data transfer when you access our website. As soon as you have accessed the third-party website, you are responsible for the respective third-party provider, so that their data protection declaration and their statements on data use also apply. We have no influence on this, but in order to avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider before using a corresponding link so that usage profiles cannot be created by the third-party provider simply by using the link.

Contact form

When you use the contact form offered on these pages, the information you enter will be transferred and stored for the purpose of answering your request. The data will not be passed on to third parties. The legality of using the form results from Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.

Social media links :

We have our own social media pages for third-party providers that can be reached via links from this website. By using the links, you can access the respective third-party websites (e.g. Facebook, Twitter, Instagram, YouTube) and also share our content. There is no data transfer when you access our website. As soon as you have accessed the third-party website, you are responsible for the respective third-party provider, so that their data protection declaration and their statements on data use also apply. We have no influence on this, but in order to avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider before using a corresponding link so that usage profiles cannot be created by the third-party provider simply by using the link.

Mastercard

We use the payment service provider Mastercard on our website. The service provider is the American company Mastercard Inc. The company Mastercard Europe SA (Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium) is responsible for the European area.

Mastercard also processes data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can pose various risks to the lawfulness and security of data processing.

As a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, in particular in the USA) or for data transfer there, Mastercard uses standard contractual clauses approved by the EU Commission (= Art. 46 Paragraph 2 and 3 GDPR). These clauses oblige Mastercard to comply with the EU data protection level when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the resolution and the clauses here, among others.

You can find out more about the data processed through the use of Mastercard in the Privacy Policy on Link.

PayPal

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company is responsible for the European region

PayPal Europe (S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible.

PayPal also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can pose various risks to the lawfulness and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfer there, PayPal uses so-called standard contractual clauses (= Article 46, Paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there.

Through these clauses, PayPal undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the resolution and the corresponding standard contractual clauses here, among others.

You can find out more information about the standard contractual clauses and the data processed through the use of PayPal in the data protection declaration on link .

Visas

We use Visa, a global payment provider, on our website.

The service provider is the American company Visa Inc. The company Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, Great Britain) is responsible for the European area. Visa also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can pose various risks to the lawfulness and security of data processing.

Visa uses so-called standard contractual clauses = Art.

46 Paragraphs 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Visa undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the resolution and the corresponding standard contractual clauses here, among others.

You can find out more about the data processed through the use of Visa in the Privacy Policy at link . ‍

Supervisory authority:

The State Commissioner for Data Protection and Freedom of Information
Old Moabit 59-61
10555 Berlin
Entrance: Alt-Moabit 60

Tel.: +49 30 13889-0
Fax: +49 30 2155050
mailbox@datenschutz-berlin.de