Kostenloser Versand ab 55€
Versandkosten innerhalb Deutschlands 5,90€
Lieferung innerhalb Deutschlands i.d.R. in 1-3 Werktagen

Data transfer

Note for data transfer to the USA

In order to use the following services, data transfer to the USA is required:

  • Newsletter;
  • Google Analytics
  • Google Ads;
  • Google Maps;
  • Facebook Pixel.

 

In the following, we, the

Sawade GmbH,
Wittestraße 26e
13509, Berlin
Deutschland
Phone.: +4930430060
E-Mail: service@sawade.berlin

Inform you about the data transfer required in this context so that you can decide whether you want to consent to it. 

You can also contact our data protection officer:

Umwelt- und Unternehmensberatung Schwan GmbH
Heinrich-Mann-Allee 18-19
14473 Potsdam
E-Mail: datenschutz@uub-schwan.de
Website: www.uub-schwan.de

1. Who is responsible for data processing?

a) Newsletter

We are the controller of your personal data processed in connection with the newsletter (Art. 4 No. 7 DS-GVO).

Our commissioned processor, which processes your data in the USA (data importer), are:

Klaviyo
125 Summer Street
Floor 6
Boston, MA 02111 USA.

 

The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA.

These are also the recipient of the data in the USA.

You can find more information about the processing of this newsletter data in the privacy policy.

b) Google Analytics Cookies, Google Ads Cookies and Google Maps

We are the data controller for the personal data we process using Google Analytics, Google Ads Cookies and Google Maps services (Art. 4 No. 7 DS-GVO).

Our instructed processor who (or whose processor) processes your data in the USA is:

Google Ireland Limited (registration number: 368047)
Gordon House, Barrow Street,
Dublin 4,
Irland.

The recipient of the data in the USA (data importer) is: 

Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA.

More information about data processing in the course of Google Analytics and Google Ads services can be found in the cookie policy.

More information about data processing in the course of Google Maps services can be found in the privacy policy.

c) Facebook Pixel

We use a Facebook pixel on our website. For the data processing by means of this Facebook pixel, we are jointly responsible with 

Facebook Ireland Limited,
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Irland

responsible pursuant to Art. 4 No. 7 in conjunction with Art. 26 DS-GVO. Art. 26 DS-GVO.

The recipient of the data in the USA (data importer) is: 

Facebook Inc.
1 Hacker Way,
Menlo Park, CA 94025,
USA.

More information about data processing by the Facebook Pixel can be found in the privacy policy.

2. Why is my data transferred to the USA?

Your personal data is transferred to the USA because our service providers or their processors have the necessary infrastructure there for the processing and fulfil the purposes of the data processing there, which you can find in our data protection statement and cookie policy.

3. Why is there no adequacy decision?

For the USA, there is currently no adequacy decision of the EU Commission within the meaning of Art. 45 (1), (3) GDPR. In its ruling of 16 July 2020 (Case C-311/18, the so-called "Schrems II ruling"), the European Court of Justice (ECJ) declared the EU Commission's adequacy decision on data transfers to the USA (the so-called "Privacy Shield Agreement") invalid. This means that the EU Commission has so far not been able to effectively positively establish that the level of data protection in the USA corresponds to that of the European Union on the basis of the GDPR.

4. Are there standard contractual clauses and supplementary measures?

In order to provide you and your personal data with the most equivalent protection possible, the data importers in the USA (with the possible exception of Facebook) are bound in terms of content to the Commission's standard contractual clauses in accordance with Art. 46 (2) lit. c DS-GVO. 

For your additional protection, we anonymise or pseudonymise your data prior to transmission to the extent that this is possible for us.

5. What are the possible risks?

Possible risks that cannot currently be ruled out despite the precautions taken in section 3 are in particular: 

  • The risk that the governmental (US) authorities could direct requests for information against the (sub-)processors of the companies named in section 1 as data recipients and that the governmental (US) authorities could thus access your personal data. In principle, this also corresponds to the European legal regulations, e.g. for the purpose of security. However, the threshold of permissibility for such data processing is higher in the EU than in the USA;
  • The risk that you cannot enforce your rights under the GDPR against the (US) authorities in the event of access to your personal data, or that you can enforce them to a lesser extent.

 

6. What is the legal basis of the data transfer?

The transmission of your personal data is based on your consent. If you do not give this consent, the services listed above cannot be used. In particular, you will not be able to subscribe to our newsletter. 

You can revoke your consent at any time. A revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Should you revoke your consent for the transfer of your personal data for the newsletter dispatch, we will no longer be able to provide you with the newsletter.