Privacy Policy

We greatly appreciate your interest in our company. Data protection is of particular importance to the management of Dunk Dream Labs GmbH. The use of the Dunk Dream Labs GmbH website is generally possible without providing any personal data. However, if an individual wishes to make use of special services offered by our company via our website, the processing of personal data may become necessary. If such processing is required and there is no legal basis for it, we will generally obtain the consent of the individual concerned. The processing of personal data—such as a person's name, address, email address, or phone number—is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Dunk Dream Labs GmbH. With this Privacy Policy, we aim to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, this Privacy Policy serves to inform affected individuals of their rights regarding data protection. As the data controller, Dunk Dream Labs GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed via this website. However, internet-based data transmissions may generally have security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, every individual has the option to transmit personal data to us via alternative means, such as by telephone.

1. Definitions
The Privacy Policy of Dunk Dream Labs GmbH is based on the terminology used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our goal is to ensure that this Privacy Policy is easily readable and understandable for both the public, our customers, and our business partners.

To achieve this, we would like to first explain the key terms used in this policy:

a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is considered identifiable if they can be directly or indirectly identified, particularly through an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristics specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing
Processing refers to any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction.

d) Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting its future processing.

e) Profiling
Profiling refers to any form of automated processing of personal data, which involves using that personal data to evaluate certain personal aspects relating to a natural person. This includes analyzing or predicting aspects such as job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that it can no longer be attributed to a specific data subject without additional information, provided that such additional information is stored separately and is subject to technical and organizational measures ensuring that the personal data is not linked to an identified or identifiable person.

g) Controller or Data Controller
The controller or data controller is the natural or legal person, public authority, agency, or other entity that alone or jointly determines the purposes and means of the processing of personal data. If the purposes and means of processing are determined by European Union law or the laws of its member states, the controller may be designated under that law.

h) Processor
A processor is a natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the controller.

i) Recipient
A recipient is a natural or legal person, public authority, agency, or other entity to whom personal data is disclosed, whether or not they are a third party. However, public authorities that may receive personal data in the framework of a specific investigative mandate under EU law or national law are not considered recipients.

j) Third Party
A third party is any natural or legal person, public authority, agency, or other entity, except for the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data..

k) Consent
Consent refers to any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, expressed by a statement or clear affirmative action, signifying their agreement to the processing of their personal data.

2. Name and Address of the Data Controller
The data controller, as defined by the General Data Protection Regulation (GDPR), as well as other applicable data protection laws in the European Union and related data privacy regulations, is:
Dunk Dream Labs GmbH
Technikerstraße 6/8
15366 Hoppegarten
Germany
Email: info@urbnhoop.com
Website: www.urbnhoop.com

3. Collection of General Data and Information
Each time a data subject or an automated system accesses the Dunk Dream Labs GmbH website, a series of general data and information is collected. This data is stored in the server log files and may include:
(1) The browser types and versions used,
(2) The operating system of the accessing device,
(3) The referring website from which the system accessed our website,
(4) The subpages accessed on our website,
(5) The date and time of access,
(6) The IP address,
(7) The internet service provider of the accessing system, and
(8) Other similar data and information used to protect against cyberattacks on our IT systems.
When processing this general data and information, Dunk Dream Labs GmbH does not draw any conclusions about the individual user. Instead, this information is necessary to:
(1) Deliver the website content correctly,
(2) Optimize website content and advertising,
(3) Ensure the long-term functionality of our IT systems and website technology, and
(4) Provide law enforcement authorities with necessary information in the event of a cyberattack.
These anonymously collected data and information are statistically analyzed and used to enhance data protection and security within our company, ensuring an optimal level of protection for the personal data we process.
The anonymous data from server log files is stored separately from any personal data provided by a data subject.

4. Subscription to Our Newsletter
The Dunk Dream Labs GmbH website offers users the opportunity to subscribe to our company newsletter. The personal data collected when subscribing to the newsletter is determined by the input form used for registration.
Dunk Dream Labs GmbH regularly informs its customers and business partners via newsletter about company offers. The newsletter can only be received by a data subject if:
(1) The data subject provides a valid email address, and
(2) The data subject registers for the newsletter.
For legal reasons, a confirmation email is sent to the newly registered email address as part of a double opt-in process. This confirmation email ensures that the owner of the email address has authorized the subscription.
Additionally, when subscribing to the newsletter, we store:
The IP address assigned by the Internet Service Provider (ISP) to the system used at the time of registration,
The date and time of registration.
This data collection is necessary to trace potential misuse of an email address at a later date and serves as a legal safeguard for the data controller.
The personal data collected during newsletter registration is used exclusively for sending our newsletter. Newsletter subscribers may also receive emails regarding operational updates necessary for the newsletter service, such as changes to the newsletter offering or technical updates.
Personal data collected for the newsletter will not be shared with third parties.
The newsletter subscription can be canceled at any time by the data subject. Consent to the storage and processing of personal data for the newsletter can also be revoked at any time.
Each newsletter contains an unsubscribe link for withdrawal of consent. Additionally, users can unsubscribe directly on the website or inform the data controller through other means.

5. Newsletter Tracking
The newsletters of Dunk Dream Labs GmbH contain tracking pixels. A tracking pixel is a small graphic embedded in HTML-formatted emails, enabling log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns.
Through these embedded tracking pixels, Dunk Dream Labs GmbH can determine:
If and when an email was opened by a data subject, and Which links within the email were clicked.
The personal data collected via newsletter tracking pixels is stored and analyzed by the data controller to optimize newsletter distribution and to tailor future content more precisely to the interests of the data subject.
These personal data are not shared with third parties.
Data subjects have the right to revoke their consent—provided through the double opt-in process—at any time. Upon revocation, these personal data will be deleted by the data controller.
Unsubscribing from the newsletter is automatically considered a withdrawal of consent by Dunk Dream Labs GmbH.

6. Contact Options via the Website
The Dunk Dream Labs GmbH website includes, as required by law, contact information that allows for quick electronic communication with our company. This includes a general email address for inquiries.
If a data subject contacts the data controller via email or a contact form, the personal data transmitted by the data subject is automatically stored.
These voluntarily provided personal data are stored solely for the purpose of processing the inquiry or responding to the data subject.
No personal data collected through this process will be shared with third parties.

7. Routine Deletion and Blocking of Personal Data
The data controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or as required by the European legislator or other applicable laws and regulations governing the data controller.
If the storage purpose no longer applies or if a legally mandated retention period set by the European legislator or another relevant authority expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

8. Rights of the Data Subject
a) Right to Confirmation
Every data subject has the right, granted by the European legislator, to request confirmation from the data controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right, they may contact an employee of the data controller at any time.

b) Right to Access
Every data subject has the right, granted by the European legislator, to obtain free information from the data controller about the personal data stored about them at any time, as well as a copy of this information. Additionally, the European legislator grants the data subject the right to receive the following details:
The purposes of processing,
The categories of personal data processed,
The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly in third countries or international organizations,
If possible, the planned storage period or, if not possible, the criteria for determining this period,
The existence of the right to rectification or deletion of personal data, the right to restrict processing, or the right to object to processing,
The existence of the right to lodge a complaint with a supervisory authority,
If personal data was not collected from the data subject: Any available information about the source of the data,
The existence of automated decision-making, including profiling, as per Article 22(1) and (4) GDPR, and, where applicable, meaningful information about the logic involved and the significance and potential consequences for the data subject.
The data subject also has the right to know whether personal data has been transferred to a third country or an international organization. If this is the case, the data subject has the right to be informed about the appropriate safeguards related to the transfer.
If a data subject wishes to exercise their right to access, they may contact an employee of the data controller at any time.

c) Right to Rectification
Every data subject has the right, granted by the European legislator, to request the immediate correction of inaccurate personal data concerning them. Additionally, the data subject has the right to request completion of incomplete personal data, including by means of a supplementary statement, considering the purposes of processing.
If a data subject wishes to exercise their right to rectification, they may contact an employee of the data controller at any time.

d) Right to Erasure (“Right to be Forgotten”)
Every data subject has the right, granted by the European legislator, to request that the data controller delete their personal data without undue delay, provided that one of the following conditions applies and processing is not required:
The personal data is no longer necessary for the purposes for which it was collected or processed.
The data subject withdraws consent on which processing was based under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and no other legal basis exists for processing.
The data subject objects to processing under Article 21(1) GDPR, and there are no overriding legitimate reasons for processing, or the data subject objects under Article 21(2) GDPR to direct marketing processing.
The personal data has been processed unlawfully.
The deletion of personal data is necessary to comply with a legal obligation under European Union or Member State law to which the data controller is subject.
The personal data was collected in relation to offered information society services under Article 8(1) GDPR.
If one of these conditions applies and a data subject requests deletion of personal data stored by Dunk Dream Labs GmbH, they may contact an employee of the data controller at any time. The employee will ensure that the deletion request is fulfilled immediately.
If Dunk Dream Labs GmbH has made personal data public and is required under Article 17(1) GDPR to delete it, Dunk Dream Labs GmbH will take reasonable steps, including technical measures, considering available technology and implementation costs, to inform other data controllers processing the published personal data that the data subject has requested the deletion of all links, copies, or replications of the personal data, unless processing is required.

e) Right to Restriction of Processing
Every data subject has the right, granted by the European legislator, to request that the data controller restrict processing, under one of the following conditions:
The accuracy of the personal data is contested by the data subject, allowing the controller time to verify its accuracy.
Processing is unlawful, but the data subject opposes deletion and instead requests restriction of use.
The controller no longer needs the personal data for processing, but the data subject requires it for legal claims.
The data subject has objected to processing under Article 21(1) GDPR, and verification is pending on whether the controller’s legitimate interests override those of the data subject.
If any of the above conditions apply, the data subject may contact an employee of Dunk Dream Labs GmbH at any time. The employee will arrange for processing to be restricted accordingly.n.

f) Right to Data Portability
Every data subject has the right, granted by the European legislator, to receive the personal data they have provided to a controller in a structured, commonly used, and machine-readable format.
They also have the right to transmit this data to another controller without hindrance from the original controller, where:
Processing is based on consent under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract under Article 6(1)(b) GDPR.
Processing is carried out by automated means.
The data subject also has the right to have personal data transferred directly from one controller to another, where technically feasible and without infringing the rights of others.
To exercise this right, the data subject may contact an employee of Dunk Dream Labs GmbH at any time.

g) Right to Object
Every data subject has the right, granted by the European legislator, to object at any time, on grounds relating to their particular situation, to the processing of their personal data under Article 6(1)(e) or (f) GDPR, including profiling.
Dunk Dream Labs GmbH will no longer process personal data unless it can demonstrate compelling legitimate grounds that outweigh the interests, rights, and freedoms of the data subject or if processing is necessary for legal claims.
If Dunk Dream Labs GmbH processes personal data for direct marketing, the data subject has the right to object at any time. If they object, Dunk Dream Labs GmbH will immediately stop processing for this purpose.
To exercise this right, the data subject may contact any employee of Dunk Dream Labs GmbH.

h) Automated Decision-Making, Including Profiling
Every data subject has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects them, unless:
It is necessary for contract performance,
It is authorized by EU or Member State law, or
It is based on explicit consent.
To exercise rights related to automated decision-making, the data subject may contact an employee of Dunk Dream Labs GmbH at any time.

i) Right to Withdraw Consent
Every data subject has the right, granted by the European legislator, to withdraw their consent for the processing of personal data at any time.
To withdraw consent, the data subject may contact an employee of Dunk Dream Labs GmbH at any time.

9. Data Protection Regulations for the Use of Facebook
The data controller has integrated components of Facebook on this website. Facebook is a social network.
A social network is an online community that allows users to communicate and interact in a virtual space. It serves as a platform for exchanging opinions and experiences, as well as sharing personal or business-related information. Facebook enables users to create private profiles, upload photos, and connect with others via friend requests.
The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject resides outside the USA or Canada, the responsible data controller for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time a data subject accesses a page of this website containing a Facebook component (Facebook plug-in), the browser on the data subject's IT system is automatically prompted to download a display of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at:
https://developers.facebook.com/docs/plugins/?locale=de_DE.
Through this technical process, Facebook receives information about which specific subpage of our website the data subject is visiting.
If the data subject is logged into Facebook at the same time, Facebook detects each visit to our website, as well as the entire duration of the visit. Facebook collects this information through the Facebook component and associates it with the data subject’s Facebook account.
If the data subject clicks a Facebook button embedded on our website—such as the "Like" button—or leaves a comment, Facebook assigns this information to the data subject’s personal Facebook account and stores this personal data.
Facebook receives this information whenever the data subject visits our website while logged into Facebook—regardless of whether they click the Facebook component or not.
If a data subject does not want this data to be transmitted to Facebook, they can prevent it by logging out of their Facebook account before accessing our website.
The data policy published by Facebook, available at:
https://de-de.facebook.com/about/privacy/,
provides detailed information about Facebook’s collection, processing, and use of personal data. It also explains privacy settings available on Facebook to protect the data subject’s personal information.
Additionally, various applications are available that allow users to block data transmission to Facebook. Data subjects can use such applications to prevent Facebook from collecting and processing their data.

10. Data Protection Regulations for the Use of YouTube
The data controller has integrated components of YouTube on this website. YouTube is an online video platform that allows video publishers to upload video clips for free and enables other users to watch, rate, and comment on them at no cost. YouTube hosts all types of video content, including full-length movies and TV shows, music videos, trailers, and user-generated videos.
The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc., located at 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time a data subject accesses a page on this website containing a YouTube component (YouTube video), the browser on the data subject’s IT system is automatically instructed to download a display of the YouTube component from YouTube. Additional information about YouTube can be found at:
https://www.youtube.com/yt/about/de/.
Through this technical process, YouTube and Google receive information about which specific subpage of our website has been visited by the data subject.
If the data subject is logged into YouTube at the same time, YouTube detects which specific subpage containing a YouTube video has been accessed. YouTube and Google collect this information and associate it with the data subject’s YouTube account.
YouTube and Google receive this information whenever the data subject visits our website while logged into YouTube, regardless of whether they click on a YouTube video or not.
If a data subject does not want this information to be transmitted to YouTube and Google, they can prevent this by logging out of their YouTube account before accessing our website.
The YouTube privacy policy, available at:
https://www.google.de/intl/de/policies/privacy/,
provides detailed information on how YouTube and Google collect, process, and use personal data.

11. Legal Basis for Processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the fulfillment of a contract in which the data subject is a party, such as processing necessary for the delivery of goods or the provision of a service, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations required for pre-contractual measures, such as inquiries about our products or services.
If our company is subject to a legal obligation requiring the processing of personal data, such as for tax compliance, the processing is based on Article 6(1)(c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This could occur, for example, if a visitor at our facility were injured, and their name, age, health insurance data, or other vital information needed to be provided to a doctor, hospital, or other third party. In such cases, processing would be based on Article 6(1)(d) GDPR.
Finally, processing operations may be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal grounds, if processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override this interest.
These processing operations are specifically permitted by the European legislator, as stated in Recital 47, Sentence 2 of the GDPR, which suggests that a legitimate interest may exist if the data subject is a customer of the data controller.

12. Legitimate Interests in Processing Pursued by the Controller or a Third Party
If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest lies in conducting our business operations for the benefit of our employees and shareholders.

13. Duration of Storage of Personal Data
The storage duration of personal data is determined by the applicable legal retention periods. Once these retention periods expire, the corresponding data is routinely deleted, provided it is no longer required for contract fulfillment or contract initiation.

14. Legal or Contractual Requirements for Providing Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Provision
We inform you that the provision of personal data may be legally required (e.g., tax regulations) or may result from contractual obligations (e.g., contract partner details).
In some cases, it may be necessary for contract conclusion for a data subject to provide us with personal data, which we then process accordingly. For example, a data subject is required to provide personal data when entering into a contract with our company.
Failure to provide personal data may result in our inability to enter into a contract with the data subject.
Before providing personal data, the data subject should contact one of our employees. Our employee will clarify, on a case-by-case basis, whether the provision of personal data is:
Legally or contractually required,
Necessary for contract conclusion,
Obligatory, and
What the consequences of not providing the personal data would be.

15. Existence of Automated Decision-Making
As a responsible company, we do not use automated decision-making or profiling.
This Privacy Policy was created using the Privacy Policy Generator from DGD Deutsche Gesellschaft für Datenschutz GmbH, which serves as an External Data Protection Officer in Würzburg, in cooperation with IT and Data Protection Lawyer Christian Solmecke.

16. Use of Cookies
To ensure that our website functions correctly, we use cookies.
To obtain your valid consent for the use and storage of cookies in your browser when accessing our website and to properly document this, we use a Consent Management Platform: CookieFirst.
This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, Netherlands. Website: https://cookiefirst.com, hereinafter referred to as CookieFirst.
When you access our website, a connection is established with CookieFirst’s server, allowing us to obtain valid consent for the use of certain cookies. CookieFirst then stores a cookie in your browser, enabling only the cookies you have consented to and properly documenting this process.
The processed data is stored until the predefined retention period expires or until you request deletion of the data. However, certain legal retention periods may apply.
CookieFirst is used to obtain legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Important Notices!
All content on this website, including images, graphics, icons, and text, is protected by copyright. Unless otherwise stated, copyright belongs to Dunk Dream Labs GmbH.
Any copying, reproduction, or use of data from the URBN HOOP website is strictly prohibited without explicit written permission from Dunk Dream Labs GmbH.
This also applies to storage and/or reproduction in databases and on data carriers.

Dunk Dream Labs GmbH does not guarantee the accuracy or completeness of the information provided. If incorrect data is accidentally published, we kindly ask visitors to inform us of any errors.
We cannot guarantee the constant availability or regular updates of this website.
Any legal or compensation claims due to incorrect representations are excluded.
We assume no liability for the content of external links. The operators of the linked websites are solely responsible for their content.