Windows 
French Doors 
Patio Doors 
Front Doors 
Roller Shutters 
Window Sills
Excellent
Number 1 for windows and doors Online
Windows manufacturer since 1872
More than 200,000 satisfied customers
As the data controller we have prepared this privacy notice to inform you in accordance with the requirements of the EU General Data Protection Regulation 2016/679 (GDPR) about the nature, scope and purpose of the processing of personal data in relation to the services we offer on our website.
'Union', 'EU' or 'Member State' means the European Union or a member state of the Union.
Neuffer Fenster + Türen GmbH
Kronprinzstraße 8
70173 Stuttgart
Germany
Telephone: +49 711 860 60 - 180
Telefax: +49 711 860 60 - 111
E-Mail: [email protected]
OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Germany
Telephone: +49 711 46 05 025-40
Telefax: +49 711 46 05 025-49
E-Mail: [email protected]
We process personal data based on at least one of the following legal bases:
In this privacy policy we refer to the respective legal basis of the individual data processing operations.
We forward personal data to recipients (data processors or other third parties) only to the extent required and only if one of the subsequent conditions are met:
The transfer of personal data to a third country or an international organisation outside the European Union (EU) or the European Economic Area (EEA) is subject to legal or contractual permission only in accordance with the provisions under Art. 44 et seq. GDPR. It means that pursuant to Art. 45 GDPR an adequacy decision of the EU commission must be present for the respective country, appropriate safeguards for data privacy under Art. 46 GDPR, or Binding Corporate Rules under Art. 47 GDPR do exist. In individual cases, a data transfer may be permitted on the basis of an exception under Art. 49 GDPR.
We may use on our website external services provided by organisations based in the USA. If these services are active, personal data is collected in connection with the provision of the relevant service and may be transferred to and stored on servers in the USA. The European Court of Justice considers the USA to have an inadequate level of data protection. When data is transferred to the US, there is a fundamental risk that the US authorities may access and use the data for surveillance and monitoring purposes without notification and without the possibility of a legal remedy.
As a data subject you have the following right:
If you wish to assert the data subject rights mentioned above, you can contact us or our data protection officer at any time using the contact details above.
Unless otherwise provided for in this privacy notice, personal data will be deleted, if these data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. In addition, we will erase the personal data processed by us in accordance with Art. 17 GDPR on your request, if the conditions provided therein are met. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR.
In case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, data must be kept for 6 years pursuant to Section 257 (1) Nos. 2 and 3 German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 German Tax Code (AO); data must be kept for 10 years pursuant to Section 257 (1) Nos. 1 and 4 HGB and Section 147 (1) No. 1, 4, 4a AO.
Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. The cookie stores information which is created in relation to the specific device you are using. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the website more user-friendly, effective and secure.
Most browsers accept cookies automatically. However, if you do not wish to accept cookies, you can configure your browser so that no cookies are stored on your device or a message is displayed before new cookies are created. Information on how to remove cookies in Internet Explorer / Edge, please refer to: support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies. Information on the removal of cookies in Firefox, please refer to: support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox. Learn how to remove cookies in Safari here: support.apple.com/en-gb/guide/safari/sfri11471/mac.
A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, such as explained at www.youronlinechoices.com or the opt-out page of the Network Advertising Initiative optout.networkadvertising.org. However, disabling cookies may mean that you may not be able to use all the features of our website.
This website uses the Consentmanager cookie banner, which sets technically necessary cookies to save your cookie preferences. The cookie banner itself does not process any personal data. The list below shows the cookies we use on our website:
You can change your preferences for the use of certain types of cookies on our website here: Data protection settings
The data processed by essential/necessary cookies are required for the aforementioned purposes to protect our legitimate interests as well as those of third parties in the provision and operation of our website under Art. 6 (1)(f) GDPR in connection with section 25 (2) No. 2 TTDSG. The legal basis for the use of cookies for advertising, market research and the integration of external media is your voluntarily given consent according to Art. 6 (1)(a) GDPR.
In order to make our website available, we use services provided by hosting companies, such as: Provision of web servers, disk space, database services, and security or maintenance services. Here we, or our hosting providers, process personal data of the website visitors based on our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 (1) lit. f GDPR.
By visiting our website or its individual pages, your device's internet browser automatically sends information to the server of our website. This information is stored in so-called log files by us or our hosting provider and will be deleted after 12 Months at the latest.
The following information is stored:
This data will be used for the following purposes:
The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest relates to the data collection purposes mentioned above. Under no circumstances will we use the personal data collected for the purpose of drawing conclusions about a person.
If you contact us using the contact details published on our website (for example, by e-mail) and in this context provide us with personal data, we will use this data to process your request on the basis of Art. 6 (1)(b) GDPR, if your request is related to the performance of a contract or is required to perform pre-contractual action. In all other cases, processing is based on your consent in accordance with Art. 6 (1)(a) GDPR and / or our legitimate interest in the effective processing of requests addressed to us pursuant to Art. 6 (1)(f) GDPR. We will store your personal data until you ask us for deletion, revoke your consent to the storage, or the data are no longer necessary for the purpose for which they were collected (for example, after completion of your request). Mandatory statutory provisions - especially retention periods - remain thereof unaffected.
If you use the contact form, you will be asked to provide your e-mail address, name, gender and any other contact details, so that we can get in touch with you. Further information can be provided voluntarily. The data processing for the purpose of contacting us and answering your request takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. All personal data collected in connection with the contact form will be deleted after your request has been processed, unless further storage is required for the documentation of other transactions (for example, subsequent conclusion of a contract).
If you are an existing customer and we have received your e-mail address in connection with the sale of goods or services, we may use your e-mail address for direct marketing purposes of our own similar goods or services. This only applies if you have not objected and we clearly and unequivocally have advised you of the possibility of objection at the time of collecting the e-mail address, and every time we use it. The legal basis of processing is our legitimate interest in direct marketing according to Art. 6 (1)(f) GDPR. We will store the personal data until you object to the processing.
If you have given us your express consent to do so during or after your order by activating a checkbox or clicking a button provided for this purpose, we will use your e-mail address for the purpose of reminding you to submit a rating of your order via the rating system used by us. The personal data is processed in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. This consent can be revoked at any time by sending us a message. The data collected in this context will be deleted after your request has been dealt with unless storage is required for the documentation of other processes.
If you would like to receive our newsletter, we need your e-mail address. The data processing for the purpose of sending the newsletter takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent by means of the so-called double-opt-in procedure. The e-mail address will be used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example by using the link at the bottom of each newsletter. You can also send your withdrawal/unsubscribe request at any time to the e-mail address given under Clause II.
We embed a so-called counting pixel into our newsletters. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow us an analysis of the reader's reading behaviour. In this context, we gather information whether and at what time a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to generate statistical evaluations of the success or failure of a marketing campaign to optimize the distribution of our newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.
We process our e-mail newsletters via MailChimp. The provider is the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA (hereafter 'MailChimp'). MailChimp is used to send and evaluate the reach of our newsletters. For this purpose, MailChimp processes your e-mail address and any other data required by MailChimp for the provision of the newsletter on our behalf. The legal basis for data processing is our legitimate interest in the use of a user-friendly and secure newsletter system in accordance with Art. 6 (1)(f) GDPR. The personal data required for processing the newsletter is stored on servers in the United States. The data transfer to MailChimp is legitimised according to Art. 46 (2)(c) GDPR based on the EU Standard Contractual Clauses. A copy of the clauses can be found at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en. For more information on how MailChimp handles your personal information, please refer to the privacy policy at: http://mailchimp.com/legal/privacy/.
You can register on our website with your personal data. Registration is optional and takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntarily given consent. What categories of personal data are used for registration can be seen on the registration form. The collected personal data will be used for the purposes of providing the services offered on our website as well as getting into contact with you in order to provide you with information about our offers and the services you registered for. When logging in to your user account you can view your personal data and make changes to this data.
We will not pass your personal data to third parties unless it is necessary for the fulfilment of contractual obligations in accordance with Art. 6 (1)(b) GDPR or for the pursuit of any claims to which we are entitled, or unless there is a legal obligation to do so in accordance with Art. 6 (1)(c) GDPR. Your data will be stored until you delete the user account or instruct us to delete your data. Insofar as we are obliged to retain your personal data on the basis of statutory retention periods, in particular tax and commercial law, the processing of your personal data will be restricted until the expiration of the relevant retention periods and then subsequently deleted.
If you register on our website or use the user account, we will store your IP address and the time of usage. The processing takes place on the basis of our legitimate interests pursuant to Art. 6 (1)(f) GDPR in order to provide our services. The data are also processed to protect you from misuse and other unauthorized use. The IP addresses will be anonymized or deleted after 7 Days at the latest.
If you are applying for a job, please send your application documents to the e-mail address jobs@fensterversand.com. The data processing for the purpose of processing your application is carried out in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. Taking into account the limitation periods of the General Equal Treatment Act (AGG), application documents will be kept for a period of 6 months after completion of the application process and then deleted, unless storage is required for the documentation of other operations (for example, subsequent recruitment).
In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations initiated through our Internet offers, which are carried out at the request of the data subject, we process personal data required for the fulfilment of a contract with the data subject. These include:
The legal basis for data processing is Art. 6 (1) lit. b GDPR.
The data will be disclosed to third parties only to the extent necessary to fulfil pre-contractual and contractual obligations, e.g. banks and payment providers credit card companies for processing the payment, to shipping service providers for the shipment of goods.
Our website uses the Userlike chat function. Provider is Userlike UG, Probsteigasse 44-46, 50670 Cologne, Germany (hereinafter 'Userlike'). The data processing is carried out for the purpose of contacting us and to answer your requests according to Art. 6 (1)(a) GDPR based on your voluntarily given consent. Userlike uses cookies. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. All personal data collected in connection with the chat conversation will be deleted after your request has been dealt with unless the storage is necessary for the documentation of other processes (e.g. subsequent conclusion of a contract). For more information on how Userlike handles your personal data, please refer to Userlike's privacy policy at: https://www.userlike.com/de/terms - privacy-policy.
If you make use of our installation service, we will forward your name, address and contact details (telephone, e-mail) to an external installation service provider selected by us in your vicinity so that we can carry out the desired installation service. All personal data transferred to the service provider in connection with the installation service will be deleted after completion of the order, unless storage is required for the documentation of other processes.
In order to invite you to participate in customer surveys and to request your customer feedback, we use your name, your email address, your survey responses and your purchased products or services. The legal basis of the processing is your voluntarily given consent under Art. 6 (1)(a) GDPR. We use an external service provider to process and evaluate the survey responses. The provider is Zenloop GmbH, Brunnenstraße 196, 10119 Berlin, Germany. Zenloop processes the survey responses collected exclusively on our instructions. For more information on how Zenloop handles personal data, please refer to the Zenloop privacy policy at: https://www.zenloop.com/en/legal/privacy/.
This website uses PayPal as a payment service. The provider is PayPal (Europe) S.à r.l. et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter 'PayPal'). PayPal acts as an online payment service provider and trustee offering buyers and sellers secure services for payments via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - purchase on account. For processing the payment transaction we will forward your name, e-mail address, purchased products, invoice amount as well as billing and delivery address to PayPal. When using the payment methods credit card via PayPal, direct debit via PayPal or - if offered - purchase on account via PayPal, PayPal will make a decision as to whether your transaction request is accepted, and, if necessary, performs a credit check of your creditworthiness to minimize the default of payments. Calculating the creditworthiness includes probability values (so-called score values) and address data. The calculation of this score is based on a scientifically recognized mathematical-statistical procedure. If the credit rating is insufficient, PayPal can reject the chosen method of payment. The legal basis of the processing is Art. 6 (1)(b) GDPR. If you object to the data transfer, or you believe that your credit rating is not suitable for the chosen method of payment, please use a different method of payment. For more information on how PayPal deals with your personal data, please refer to the privacy policy at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN.
This website allows payment by credit card. The provider for processing card payments is PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany (hereinafter 'PAYONE'). PAYONE assumes the function of an online payment service provider and carries out security checks to reduce payment defaults and to prevent fraud. When paying by credit card, your name, credit card details, purchased products, invoice amount, invoice and delivery address are transferred to PAYONE as part of the payment process and are forwarded from there to the appropriate credit card company (for example, VISA, Mastercard, ...) for performing the credit card transaction. To approve to the payment transaction, PAYONE uses automated decision making which may include the following data: Payment amount, place of payment, previous payment behaviour, merchant, payment purpose. The legal basis of the processing is the establishment and performance of a contract which was concluded at the request of the data subject under Art. 6 (1)(b) GDPR. For further information on how PAYONE handles your personal data, please refer to the relevant privacy policy at: https://www.payone.com/DE-en/gdpr.
This website uses Komfortkasse as a payment service. The provider is LTC Information Services GmbH, Business Tower, Seligenstädter Str. 107, 63073 Offenbach am Main, Germany (hereinafter 'LTC'). If Komfortkasse is selected to make a prepayment, payment on account or cash on delivery, LTC will take care of the automated processing and allocation of the payment. For this purpose, we forward your order data (name, order number, e-mail address, amount, currency, country) to LTC as part of the payment process. For cash on delivery orders we will additionally transfer the parcel number/shipping number to LTC. The data is forwarded to LTC exclusively for the purpose of payment processing. The legal basis for the processing is Art. 6 (1)(b) GDPR. For further information on how LTC handles your personal data, please refer to the relevant privacy notice at: https://www.komfortkasse.eu/datenschutz.
Our website uses Bing Conversion Tracking. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter 'Microsoft'). The personal data is processed for the purpose of advertising of our products and services, as well as analysing the clicks on advertisements, purchases, and registrations. Cookies are used for analysis and evaluation. This service records your IP address, which of our websites you have visited and, where applicable, other data required by Microsoft for the provision of conversion tracking. The information recorded about your use of this website is stored on servers in the USA. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us or Microsoft. You may refuse to use cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. The legal basis for the processing of personal data is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for the transfer of personal data to the USA is also your voluntarily given consent according to Art. 49. (1)(a) GDPR. For more information on how Microsoft handles your personal data, please refer to Microsoft's privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
We use Cloudflare to protect our website and to establish a secure, confidential, fast and reliable internet connection with any user device. The provider is Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA (hereinafter "Cloudflare"). To detect attacks against our web server and to analyse internet threats, Cloudflare collects information on the data exchange between web servers and website visitors. Among other things, Cloudflare uses cookies to collect data on the websites accessed, the browser type used, the operating system, the referrer URL, the IP address, and the requesting provider. The information collected by Cloudflare may be transferred to servers in the USA and stored there. The personal data required for processing the newsletter is stored on servers in the United States. The data transfer to Cloudflare is legitimised according to Art. 46 (2)(c) GDPR based on the EU Standard Contractual Clauses. A copy of the clauses can be found at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en. The legal basis for the use of cookies and the associated data collection is your voluntarily given consent under Art. 6 (1)(a) GDPR. The legal basis for the transfer of data to the USA is also your voluntarily given consent according to Art. 49. (1)(a) GDPR. For more information on how Cloudflare handles personal data, please refer to Cloudflare's privacy policy at: https://www.cloudflare.com/privacypolicy/.
Our website uses Microsoft Clarity. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter 'Microsoft'). Microsoft Clarity is used to analyse user behaviour on our website based on pseudonymous user IDs. For this purpose, Microsoft Clarity collects data on the use of this website, user behaviour and, information on browser type/version, operating system used, IP address, time of server request and cursor and scroll movements. This data is used for ongoing optimisation of our website and to measure the success of marketing measures. The information collected by Microsoft Clarity may be transferred to servers in the USA and stored there. The transfer of data to Microsoft is legitimised in accordance with Art. 46 (2)(c) GDPR based on the EU Standard Contractual Clauses. A copy of the EU Standard Contractual Clauses can be viewed at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en. The legal basis for the use of cookies and the associated data collection is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for the transfer of data to the USA is also your voluntarily given consent according to Art. 49. (1)(a) GDPR. For more information on how Microsoft handles personal data, please see Microsoft's privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google').
The information collected by Google in connection with the provision of the respective services may be transferred to and processed by Google servers in the USA and stored there. Please also note our information above on data transfer to third countries.
For more information about how Google handles personal data, please refer to Google's Privacy Policy: . For information on the use of data for advertising purposes by Google, settings and your right to object please refer to: https://www.google.de/policies/privacy/partners/, https://www.google.de/policies/technologies/ads/, https://adssettings.google.de/ (German).
The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR.
Our website uses Google Analytics. Google Analytics uses cookies. Google Analytics collects information about the visits of website users and analyses their behavior. This data serves the purpose of developing a user-friendly website design, the continuous optimisation of our services and offers, to measure the success of marketing activities, and to create statistical analysis. In this context, pseudonymised user profiles are created and cookies are used. Google Analytics collects information such as browser type / version, operating system, referrer URL (the previously visited page), host name of the accessing computer (IP address), and time of server request. The information generated is transferred to the US and stored on servers owned by Google. The collected user data and event data will be deleted after 26 months. Information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. Under no circumstances will your IP address be merged with any other data that is kept by Google. The IP address will be anonymised so that assignment is impossible. You can prevent the local storage of cookies by configuring your browser software accordingly. However, be advised that in this case you may not be able to use all the features of this website to the full extent possible. Additionally, in order to prevent Google from collecting and processing the data generated in relation to your use of the website you may download and install the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You can prevent Google from gathering your data by clicking on this link Deactivate Google Analytics which sets an opt-out cookie on your computer. This cookie ensures that Google Analytics will not collect and store any user data from your browser when visiting this website. Attention: If you delete your cookie cache, this will result in the opt-out cookie being deleted as well. Then you must re-activate the opt-out cookie again.
Our website uses Google AdWords and Google AdWords with Conversion Tracking. Google Conversion Tracking is used to track and evaluate the clicks on ads, purchases, signups, phone calls, app downloads, and other actions on our website. In this context Google AdWords collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for providing conversion tracking statistics. Under no circumstances will your IP address be merged with any other data that is kept by Google. This service also uses Cookies for analysis and evaluation purposes. You can prevent the storage of cookies by configuring your browser so that no Cookies will be stored on your device. However, disabling cookies may mean that you may not be able to use all the features on our website. The information generated is transferred to the US and stored on servers owned by Google. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.
Our website uses media content from the YouTube platform. Provider is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google'). The purpose is to display content of the YouTube platform that relates to the content of our website. This service collects your IP address and any additional data Google may need to provide the YouTube content. The information gathered about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. If you are logged in to your YouTube account while you are visiting our website, Google can link your visit of our website directly to your YouTube user account. If you do not want Google to be able to associate the data collected on our website with your respective user account on YouTube, you must first log out of YouTube.
Our website uses Google Sign-In to authenticate users. This technology allows you to log in to our user area without registering separately, connecting your Google profile to our service. For this, a corresponding login form is displayed by Google, where you can enter your user data. After you have successfully logged in, Google transmits this information and the following data to us: Google ID, name, profile URL and e-mail address. We use this data to identify you and to enable you to use the full range of our online services.
The legal basis for the use of the following services are our legitimate interests according to Art. 6 (1)(f) GDPR. Our legitimate interests are listed below for each service individually.
This website uses external typesets provided by Google, so-called web fonts. To do this, your browser loads the required web fonts into your browser cache when you visit the website. If your browser does not support this feature, your computer will use a standard font to display the website. This service collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for the provision of the web fonts. The generated information about your use of this website is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.
This website uses Google Tag Manager in order to manage the website through a single tag management interface. Google Tool Manager only implements tags. This means: no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain effective for all tracking tags as far as they are implemented with the Google Tag Manager. Our legitimate interests in the use of Google Tag Manager are the efficient maintenance of our website and the central administration of HTML elements.
On our website we refer with hyperlinks to social media profiles in social networks. When you actively click on a link to such a profile, your browser establishes a direct connection with servers of the respective social media network, whereby the provider obtains knowledge of your visit. If you are simultaneously logged in to the respective social network, the provider can assign the visit to the profile to your user account. In this context, personal data may be processed in the USA. For more information on the processing of personal data, please refer to the privacy policy of the respective social media network. The purpose of linking our website to social media profiles is to increase the visibility of our website. Clicking on a social media link takes place on the basis of your voluntary decision in accordance with Art. 6 (1)(a) GDPR. The legal basis for any data transfer to the USA is also your voluntarily given consent according to Art. 49. (1)(a) GDPR.