Icon - icon_benefits_made-in-europe_blau_weiss

Made in Europe

DE EN |
DE EN |
Login

Location & language

Your location

Germany

Language

English

Privacy policy

Data Protection Statement for Websites and Social Media Channels of the FRITZ! Group of Companies

I. Preamble
FRITZ GmbH, FRITZ.com GmbH and FRITZ! Service GmbH belong to the FRITZ group of companies (subsequently also referred to collectively as 'we') and are responsible for the web presence at fritz.com, avm.de, and the associated subdomains (e.g. business.avm.de, fritzfinder.avm.de, content.avm.de, download.avm.de) as well as on the FRITZ social media channels.
In the following we would like to inform you about how personal data is processed during the use of our websites and/or online services.

II. Responsible Authorities / Data Protection Officer / Responsible Supervisory Authority

Responsible Authority
The parties responsible for data protection at our group of companies are:

FRITZ! GmbH for operation of the fritz.com website; FRITZ.com GmbH for operation of the FRITZ! web shop including the sales of FRITZ! products there; and FRITZ! Service GmbH for providing service and support for FRITZ! products

The address for all of these companies is: Alt-Moabit 95 10559 Berlin, Germany, Tel. +49 30 399-76 0, email: info@avm.de

Data Protection Officer of the FRITZ! group of companies
FRITZ! GmbH
Data Protection Officer
Alt-Moabit 95
D-10559 Berlin
Germany
Phone: +49 (0)30 / 399 76-0
Email: datenschutz@fritz.com

Responsible Supervisory Authority
Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit)
Alt-Moabit 59-61
D-10555 Berlin
Germany
Phone: +49-30-13889-0
Fax: +49-30-2155050
Email: mailbox@datenschutz-berlin.de
Website: datenschutz-berlin.de

III. Registration / Creating a User Account
Registration and/or creation of a personal user account are required for certain services provided via our website and online platforms. In the framework of registration and creating a user account – depending on the given service, we collect and store the following personal data (‘mandatory information’). This data is not transmitted to third parties:

  • Username
  • User's (business) email address
  • Password
  • Title, first name, last name
  • Company (where relevant)
  • Address (for delivery)
  • Country, state, and city where company is located

Mandatory information entries required for the purpose of registration are marked in the relevant input mask with an asterisk to designate them as required fields. Registration cannot be completed without complete and valid entries in the mandatory fields. Application for registration is not completed until after you provide entries for all of the mandatory fields AND confirm the password link we send you by email.

Also stored upon registration are (i) the user's IP address and (ii) the date and time of registration.
The user may provide voluntary details in addition to this mandatory information. These details may include data such as phone number, fax number, mobile phone number, or details about the company such as number of employees, sector, floor space. Voluntary information may be used for the purpose of improving our sales and marketing services.

1. Purpose and Legal Basis
Registration of the user serves to restrict and/or control access to certain contents and services that we offer only to registered users and/or certain groups of persons (e.g., commercial dealers) on our websites and/or online platforms. Such a registration can further serve the purpose of providing certain contents and services for registered users as part of contract performance and/or for the implementation of pre-contractual measures.

The legal basis for processing data for the purpose of registration with the user's consent is Article 6(1a) of the GDPR. If registration serves the performance of a contract to which the user is party, or the implementation of pre-contractual measures, the legal basis for processing is Article 6(1b) of the GDPR. Insofar as registration serves the purpose of access restriction and/or control, the protection of legitimate interest is the legal basis as stipulated in Article 6(1f) of the GDPR; in this case the legitimate interest is in the restriction of access to protect the contents and information we developed.

2. Data Erasure and Storage Period
We store your personal data to the extent and for the period that is necessary for the given purpose. Personal data is then deleted unless we are legally required to store it for a longer period (e.g., to fulfil legal record-keeping requirements by tax law).

3. Opt-out and Elimination Options
The data about you that is stored in registered areas can be modified at any time. Such a change to the data you provided can be made in the registered area, or after contacting us with your request. If the data is (still) required for the performance of a contract or the implementation of pre-contractual measures, it can be erased only if no contractual or legal obligations prevent its erasure.

IV. Data Processing to Prepare the Websites / Collection of Log Files
Every time our websites are opened, our system automatically collects data and information from the requesting user's computer system. The following data is collected (hereinafter ‘log data’):

  • information about the type and version of the browser used
  • information about the user's operating system
  • the user's IP address
  • date and time of access
  • file size of the object accessed

The log data mentioned above – with the exception of the IP address – does not make it possible to identify the person of the user; personal identification is possible only by allocating or linking the log data to a certain IP address.

1. Purpose and Legal Basis
The collection and processing of log data, especially the IP address, takes place for the purpose of providing to the user the contents contained on our website, that is, for the purpose of communication between the user and our web or online services. Temporary storage of the IP address is necessary for the duration of the given communication process. This is required for addressing the communication traffic between the user and our web or online presence, or necessary in order to utilize our web and/or online services. The legal basis for this data processing – which applies for the duration of your visit to our websites – is Article 6 (1.1b) of the GDPR, or Sections 9, 25 of the TDDDG (Telecommunications Digital Services Data Protection Act).

Any processing and storage of the IP address in log files that goes above and beyond a given communication process is undertaken in order to ensure the functionality of our web and online content, for the purpose of optimizing these contents, and to guarantee the security of our information technology systems. The legal basis for storage of the IP address for these purposes above and beyond a given communication process is Article 6 (1.1f) of the GDPR (protection of legitimate interests) or Section19(4) of the TDDDG.

2. Data Erasure and Storage Period
Data is erased as soon as it is no longer required to achieve the purpose of its collection. In the case of data collection for the preparation of the web pages, this is the case whenever the given session – the visit to the website – has ended. Any storage of log data above and beyond this, including saving the IP address for the purpose of system security, will last for a period of no longer than seven days from the time the user leaves the web page. Any processing and/or storage of log data above and beyond this is possible and permissible, as long as the IP addresses of the users are erased or altered after the above mentioned storage period of seven days such that it is no longer possible to match the log data to an IP address.

3. Opt-out and Elimination Options
The collection of log data for the preparation of websites, including its storage in log files as limited in the above paragraph, is absolutely necessary for operation of the websites. There is thus no possibility for the user to opt out.

V. Use of Cookies and Other Data Processing – Where Applicable
In the following we inform you about the use of cookies and the processing of other data on our websites. Whenever we use cookies, we will notify you about their use via a ‘Consent Banner’ before your visit to our website. Further, you can adjust the selection of cookies at any time using the corresponding link at the end of the website.

1. Necessary for Technical Reasons
We use cookies that are necessary for technical reasons and other technologies to guarantee the smooth operation of our web presence and/or online offers; thus these cannot be disabled. Some of the functions on our websites cannot be offered without the use of cookies and other technologies. For this it is necessary that the browser also be recognized even after switching pages. The data processed by our strictly necessary cookies / other technologies is used for the following purposes:

  • language settings
  • anti-spam protection
  • Provision of Chat Support (Botario / Zendesk)
  • provision of general web shop functionalities (incl. last products viewed, last visit, shopping basket, login, etc.)
  • remembering search terms and filter settings
  • volume settings

The legal basis is Article 6 (1.1b) of the GDPR, Section 25(2.2) of the TDDDG, insofar as the cookies / other technologies are used to provide chat support. Further, the legal basis is Article 6 (1.1f) of the GDPR, Section 25(2.2) of the TDDDG, since the use of cookies serves to ensure the protection of our legitimate interests and the smooth use and essential basic functions of the websites.

2. Functional Cookies
Functional cookies (and similar technologies) are required for certain functions on the website. These can be disabled.
Technologies deployed:

2.1 Google Maps (https://policies.google.com/privacy?)
Before viewing a map from Google Maps you are requested to consent to the display of the map, and to allowing Google to set cookies in your browser. Information about which data is processed by Google and for what purposes they are used is presented in the Data Privacy Statement from Google LLC.
The provider Google Ireland Limited is separately responsible for processing data in accordance with the GDPR.

We have no influence over the kind and scope of the data processed by Google, nor the kind of processing and use or the forwarding of this data to third parties. To this extent we have no effective means of control. In particular, Google can use the data for any purposes of its own, for instance, to generate profiles and to link these with data already stored by Google, including your Google account data.
In any case Google also receives information about the contents you viewed, even if you did not create an account. Such information, known as ‘log data’, can include the IP address, the type of browser, the operating system, information on the website previously viewed and the pages you opened, your location, your mobile network operator, the terminal device you are using (including device ID and application ID), the search terms you used, and cookie information.

2.1.1 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing
You can consent to the processing of your data by Google Maps using our Consent Manager or directly at the given map, prevent the recording of your data, or revoke consent previously given. To revoke your consent, open the cookie settings at the bottom of our website to change them.
The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data and the cookies set in your browser along with the associated data processing takes place only if you consented to this voluntarily and revocably. Google Maps uses cookies. These cookies have a service life of up to 2 years.

2.1.2 Responsible Authority
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

It cannot be ruled out that Google Ireland may transmit the information processed by you to a server belonging to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for further processing.
With regard to the level of data privacy protection in the USA, the EU Commission on the EU-U.S. Data Privacy Framework (DPF) issued an adequacy decision which certifies to certain US companies a suitable level of data privacy protection in accordance with Article 45 of the GDPR. In particular, security measures were undertaken that restrict the access of US authorities or authorities from other countries. This adequacy decision refers to certified companies which are listed in this DPF. Google is listed in the registry of the Data Privacy Framework program of the U.S. Department of Commerce (as of 01/04/2025).

2.2 YouTube (https://www.youtube.com/howyoutubeworks/user-settings/privacy/)

2.2.1 Purpose of Data Processing
For our marketing and instructional clips we use several YouTube channels belonging to Google Ireland Limited. Our videos published on YouTube are integrated on our website via frames, in order to offer you smooth access without any need to switch web pages.

The provider Google Ireland Limited is separately responsible for processing data in accordance with the GDPR.

2.2.2 Processed Data
Upon opening the video Google processes your personal data (at least the IP address, browser data, settings).
Before viewing the video you are requested to consent to the video display, and to allowing Google to set cookies in your browser. Information about which data is processed by Google and for what purposes they are used is presented in the Data Privacy Statement from Google LLC.

We have no influence over the kind and scope of the data processed by Google, nor the kind of processing and use or the forwarding of this data to third parties. To this extent we have no effective means of control. In particular, Google can use the data for any purposes of its own, for instance, to generate profiles and to link these with data already stored by Google, including your Google account data.
In any case Google also receives information about the contents you viewed, even if you did not create an account. Such information, known as ‘log data’, can include the IP address, the type of browser, the operating system, information on the website previously viewed and the pages you opened, your location, your mobile network operator, the terminal device you are using (including device ID and application ID), the search terms you used, and cookie information.

2.2.3 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing
You can consent to the processing of your data by YouTube using our Consent Manager or directly at the given map, prevent the recording of your data, or revoke consent previously given. To revoke your consent, open the cookie settings at the bottom of our website to change them.
The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data and the cookies set in your browser along with the associated data processing takes place only if you consented to this voluntarily and revocably before viewing our videos. YouTube uses cookies. These cookies have a service life of up to 2 years.

2.2.4 Responsible Authority
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

It cannot be ruled out that Google Ireland may transmit the information processed by you to a server belonging to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for further processing.
With regard to the level of data privacy protection in the USA, the EU Commission on the EU-U.S. Data Privacy Framework (DPF) issued an adequacy decision which certifies to certain US companies a suitable level of data privacy protection in accordance with Article 45 of the GDPR. In particular, security measures were undertaken that restrict the access of US authorities or authorities from other countries. This adequacy decision refers to certified companies which are listed in this DPF. Google is listed in the registry of the Data Privacy Framework program of the U.S. Department of Commerce (as of 01/04/2025).

2.3 Vimeo (https://help.vimeo.com/hc/en-us/sections/12402580421393-Privacy-settings)

2.3.1 Purpose of Data Processing
For our marketing and instructional clips we use a Vimeo channel belonging to Vimeo Inc. Our videos published on Vimeo are integrated on our website via frames, in order to offer you smooth access without any need to switch web pages.
The provider Vimeo is separately responsible for processing data in accordance with the GDPR.

2.3.2 Processed Data
Upon opening the video Vimeo processes your personal data (at least the IP address, browser data, settings).
Before viewing the video you are requested to consent to the video display, and to allowing Vimeo to set cookies in your browser. Information about which data is processed by Vimeo and for what purposes they are used is presented in the Data Privacy Statement from Vimeo Inc.

We have no influence over the kind and scope of the data processed by Vimeo, nor the kind of processing and use or the forwarding of this data to third parties. To this extent we have no effective means of control. In particular, Vimeo can use the data for any purposes of its own, for instance, to generate profiles and to link these with data already stored by Vimeo.

In any case Vimeo also receives information about the contents you viewed, even if you did not create an account. Such information, known as ‘log data’, can include the IP address, the type of browser, the operating system, information on the website previously viewed and the pages you opened, your location, your mobile network operator, the terminal device you are using (including device ID and application ID), the search terms you used, and cookie information.

2.3.3 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing
You can consent to the processing of your data by Vimeo using our Consent Manager or directly at the given video, prevent the recording of your data, or revoke consent previously given. To revoke your consent, open the cookie settings at the bottom of our website to change them.
The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data and the cookies set in your browser along with the associated data processing takes place only if you consented to this voluntarily and revocably before viewing our videos. Vimeo uses cookies. These cookies have a service life of up to 2 years.

2.3.4 Responsible Authority
Vimeo Inc.
555 West 18th Street New York
New York 10011, USA
Email: Privacy@vimeo.com
Vimeo's headquarters are located in the USA, but its services are offered globally. For this the company uses computer systems, databases, and servers in the USA and in other countries. Thus your data can be transmitted to the USA and processed there. Vimeo bases these activities on legitimate business interests and standard data protection clauses. More information on this can be viewed in Vimeo’s Data Privacy Statement.

With regard to the level of data privacy protection in the USA, the EU Commission on the EU-U.S. Data Privacy Framework (DPF) issued an adequacy decision which certifies to certain US companies a suitable level of data privacy protection in accordance with Article 45 of the GDPR. In particular, security measures were undertaken that restrict the access of US authorities or authorities from other countries. This adequacy decision refers to certified companies which are listed in this DPF. Vimeo is listed in the registry of the Data Privacy Framework program of the U.S. Department of Commerce (as of 01/04/2025).

2.4 Google Analytics

2.4.1 Purpose of Data Processing
This website uses functions of the web analytics service Google Analytics in the context of job processing in accordance with Article 28 of the GDPR. This software is provided for users in the EU, the EEA and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the assistance of Google Analytics we analyse your user behaviour, on the basis of which we make decisions about optimizing products and marketing.
At Google Analytics the ‘IP anonymization’ feature is enabled by default. Through this your IP address is shortened by Google before transmission within the member states of the EU or to other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and shortened there.
On our behalf Google will use this information to analyse your use of the website, to compile reports about website activities, and to deliver to us additional services connected with the use of the website and the internet. According to Google, the IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google.

2.4.2 Processed Data
The following categories of data are processed:

  • Time of query
  • IP addresses (in shortened form)
  • Online IDs (including cookie identifiers)
  • Device IDs
  • Technical properties of users (e.g. type and version of browser, device type, operating system)
  • Measurement of use behaviour (e.g. individual pages / contents opened, contents in various areas opened, length of session / stay, bounce rate)
  • Reference URL (site visited previously)

2.4.3 Contractor Employed in Accordance with Art. 28 GDPR
Google Analytics is deployed in the framework of job processing in accordance with Art. 28 GDPR. Data is stored primarily on servers within the European Union (e.g., Ireland); however, it is possible that data is transferred to third countries.

With regard to the level of data privacy protection in the USA, the EU Commission on the EU-U.S. Data Privacy Framework (DPF) issued an adequacy decision which certifies to certain US companies a suitable level of data privacy protection in accordance with Article 45 of the GDPR. In particular, security measures were undertaken that restrict the access of US authorities or authorities from other countries. This adequacy decision refers to certified companies which are listed in this DPF. Google is listed in the registry of the Data Privacy Framework program of the U.S. Department of Commerce (as of 01/04/2025).

2.4.4 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing
You can consent to the processing of your data by Google Analytics using our Consent Manager, prevent the recording of your data, or revoke consent previously given. To revoke your consent, open the cookie settings at the bottom of our website to change them.

The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data by Google Analytics along with the associated data processing takes place only if you granted us your voluntary and revocable consent. Google Analytics uses cookies. These cookies have a service life of up to 2 years.

2.5 Amazon Ads

2.5.1 Purpose of Data Processing
This website uses functions of the web analytics service Amazon Ads in the context of job processing in accordance with Article 28 of the GDPR. The provider is Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l, both located at 38 avenue John F. Kennedy, L-1855 Luxembourg
and Amazon Media EU S.à.r.l. as well as Amazon Digital Germany, Domagkstr. 28, 80807 Munich.

With the help of Amazon Ads we can offer personalized advertising in order to display ads based on your interests and to measure your interaction with our advertising.
On our behalf Amazon will use this information to analyse your use of the website, to compile reports about advertising activities, and to deliver to the operator of the website additional services connected with the use of the website and the internet.

2.5.2 Processed Data
The following categories of data are processed:

  • Time of query
  • IP addresses (in shortened form)
  • Online IDs (including cookie identifiers)
  • Device IDs
  • Technical properties of the user’s device (e.g. type and version of browser, device type, operating system)
  • Measurement of use behaviour (e.g. individual pages / contents opened, contents in various areas opened, length of session / stay, bounce rate)
  • Reference URL (site visited previously)
  • Tag-specific data: This includes the tag ID and Amazon display cookie (ad ID)
  • Data defined by the advertiser: For instance, the name of the advertiser, the ID of the advertiser, the time stamp of the last website activity, the name of the event, the attribute name, and values.

2.5.3 Contractor Employed in Accordance with Art. 28 GDPR
Amazon Ads is deployed in the framework of job processing in accordance with Art. 28 GDPR. The information processed by Amazon about your use of this website is generally not transmitted to an Amazon server in the USA nor processed there. According to Amazon the data is stored on EU servers.

2.5.4 Legal Basis for Data Processing, Purpose of Data Processing, Duration of Data Processing
You can consent to the processing of your data by Amazon Ads using our Consent Manager, prevent the recording of your data, or revoke consent previously given. To revoke your consent, open the cookie settings at the bottom of our website to change them.

The legal basis is consent (Article 6 (1.1.a GDPR): The storage of the above data by Amazon ads along with the associated data processing takes place only if you granted us your voluntary and revocable consent. Amazon Ads uses cookies. These cookies have a service life of up to 13 months.

3. Data Erasure and Storage Period
Cookies are saved on the user's terminal device (smart device/PC) and transmitted from there to our websites. The system differentiates between ‘permanent cookies’ and ‘session cookies’. Session cookies are saved for the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the browser session is closed, but saved on the user's terminal device for a longer period. Cookies for provision of chat support are deleted no more than 8 hours after the session has concluded.

VI. FRITZ! Online Shop
In the following we inform you about data processing in the framework of our FRITZ! Online Shop. In order to make ordering and payment as convenient as possible in the FRITZ! Online Shop of Fritz.com GmbH, you can create a user account. When you do so, the personal data described below is processed. Alternatively, you can order as a guest user. In that case your personal data is used only for the given order.
To process the payment process and delivery, we transmit your payment information to the contracted payment service and shipping provider, or this information is collected by the payment service provider. Please note the section on methods of payment in this data protection statement.

In the framework of our FRITZ! Online Shop, which is operated via the Shopify Plus platform (Shopify International Ltd., 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland), we handle personal data to process orders, payments, and shipping as well as for customer communication.

1. Processing of Personal Data
The categories of data processed in the framework of our FRITZ! Online Shop include in particular:

  • contact information (e.g. first name, last name, email address, phone number)
  • invoicing and shipping information
  • payment information (e.g. credit card information, payment service provider)
  • ordering information (e.g. invoice number, transaction information, order details)
    The legal basis for this is Article 6 (1b) of the GDPR.
  • usage data (e.g. IP address, last visit, bounce website)
    The legal basis for the processing of these categories of data is – depending on the application – Sofort GmbH

For the processing of personal data which are required to fulfil a contract, Article 6(1.1b) of the GDPR serves as the legal basis. If the processing of personal data is required to fulfil a legal obligation (e.g. fulfilment of information obligations for consumer contracts or retention periods stipulated by tax law), Article 6 (1.1c) of the GDPR is the legal basis of data processing. In this case Shopify acts as the job processor in accordance with Article 28 of the GDPR.

Data may be transferred to third countries (especially Canada and the USA). Shopify guarantees an adequate data protection level, through, among others, standard contractual clauses and adequacy decisions by the European Commission.

2. Transmission of Data to Third Parties

2.1 Shipping Services
We contract DHL Home Delivery GmbH, Heinemannstr. 11-13, 53175 Bonn with the delivery of our products and logistics activities in accordance with Article 28 of the GDPR. Orders are delivered by shipping services such as DHL and DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn and DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn.

These service providers receive the personal data necessary to fulfil the given order. This data includes in particular

  • Last name, first name
  • Delivery address
  • Post number (insofar as you would like the order to be delivered to a DHL Packstation)
  • Email address (for the purpose of shipment notification and delivery status)
  • Phone number (e.g. for shipping notices)

The last name, first name, delivery address, and (where applicable) post number are transferred for the purpose of fulfilling a contract to which the person in question is a party, in accordance with Article 6 (1.1b) of the GDPR. The transmission of the email address and, where necessary, the phone number, takes place on the basis of a legitimate interest in accordance with Article 6 (1.1f) of the GDPR, in order to be able to offer you a notification service and thus to make shipping as customer-friendly as possible.

2.2 Payment Services
We offer various payment services, including advance payment, payment by credit card, and payment via PayPal. For the processing of payments we forward to the payment service you selected your payment information, as well as information provided in the context of the ordering procedure including information about your order (name, address, account number, bank routing number, any credit card number provided, invoice amount, currency and transaction number) on the basis of Article 6 (1.1.b) of the GDRP. We see merely which method of payment you selected, whether payment was successful, and in some cases, the last numerals of the card used.

Google Pay: We enable payment transactions via the payment provider Google Pay (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), which is separately responsible in terms of data protection law. For the purpose of payment processing, the information provided in the context of the ordering process is transmitted to Google along with the information about your order. Google reserves the right to collect, store, and evaluate certain process-specific information on every transaction effected via Google Pay. Further, in its data protection statement Google reserves the right to forward collected data to third-party providers and subsidiaries. For more information please see the data protection information for Google Pay as well as the relevant conditions of use and guidelines accessible at https://support.google.com/googlepay/answer/9039712?hl=deundhttps://business.safety.google/privacy/.

Shopify Payments: We use the payment provider ‘Shopify Payments’, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2, Ireland, which is separately responsible in terms of data protection law. If you decide on a payment method offered by the payment service provider Shopify Payments, especially payment with a credit or debit card, the payment will be processed by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we forward your information provided in the context of the ordering process. Your data is forwarded for the exclusive purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary therefor. More detailed information on the data protection of Shopify Payments is available at the following internet address: https://www.shopify.com/legal/privacy. Data protection information on Stripe Payments Europe Ltd. is presented here: https://stripe.com/de/privacy.

Klarna – Pay now or later:In cooperation with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, which is separately responsible in terms of data protection law, we offer several payment options.
Insofar as you decide on Pay in full as the payment method, you pay via online banking using a PIN and TAN without any additional registration necessary. The entry of this information takes place after completion of the order on the pages of Sofort GmbH, part of the Klarna Group. For the transfer we send the following personal information on your order to Klarna: order number, payment amount, and country.
If you opt for ‘Pay in 3’ or ‘Pay in 30 days’ instead, for payment processing we require the following information for processing of your purchase and an identity and credit check by Klarna: First and last name, address, date of birth, email address, as well as information related to the order such as invoice amount, item, delivery method. Klarna collects and also uses information on previous payment behaviour as well as probability values on this behaviour in the future.
Please also consider Klarna's Terms and Conditions and Privacy information, accessible at https://www.klarna.com/international/terms-and-conditions/ and https://www.klarna.com/international/privacy-policy/.

PayPal: For payment via PayPal your payment information is transmitted in the context of payment processing to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, which is separately responsible in terms of data protection law. Insofar as you decided on PayPal, you will be routed directly to the PayPal website. Independently of this, for processing of the order we send the following information to PayPal: Last name and first name, delivery address (if different from the address stored, also the name of third parties you entered such as a neighbour), order number, payment amount.
For the payment methods credit card via PayPal, debit via PayPal, or – if offered – 'Pay Later’ via PayPal, PayPal reserves the right to perform a credit check. PayPal uses the result of the credit check with reference to the statistical probability of default for the purpose of deciding whether to make the given payment method available.
Further information on data protection, including the credit agencies consulted, is provided in the PayPal privacy principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

2.3 IT Service Providers
We work with technical service providers in order to render our services to you. These service providers include, for instance, external IT service providers who enable the technical provision of our website and our shops (e.g. Shopify) as well as providers of software as a service (e.g. Reviews.io). The essential service providers and suppliers are:

2.3.1 Website / FRITZ! Online Shop:
Our website, including the provision of the online shop, is operated by Shopify as the processor in accordance with Article 28 of the GDPR. Shopify offers a comprehensive e-commerce platform with which vendors can create an online shop and streamline their commercial activities. Shopify is also deployed for marketing activities (e.g. personalized messages) and for customer management and customer care (e.g. back-in-stock emails, reactivation emails, web push notifications).

The service provider for Europe is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, with the VAT ID number IE 3347697KH.

Your personal data (e.g. name, invoice address, delivery address, email address, phone number, and payment information as well as information about how you access our websites, your account and our platform) is processed by Shopify International Limited, the Shopify company in Ireland. In the context of rendering services, this personal data can be transmitted to other countries, among them Canada. Your personal data is protected during transmission to Canada. According to EU Commission decision 2002/2/EC of 20 December 2001, Canada provides adequate protection for personal data and electronic documents. Therefore this data processing is permitted by the GDPR. Should Shopify send this personal data to a country outside Canada (e.g. to subcontracted processors), it does so only on the basis of relevant guarantees in accordance with Article 46 of the GDPR.

In the management of the FRITZ! online shop we also use the Klaviyo service of Klaviyo Inc., 225 Franklin St, Floor 10, Boston, MA 02110, USA as the processor in accordance with Article 28 of the GDPR. The data processed when registering for the shop may also be processed in the USA. With regard to the level of data privacy protection in the USA, the EU Commission on the EU-U.S. Data Privacy Framework (DPF) issued an adequacy decision which certifies to certain US companies a suitable level of data privacy protection in accordance with Article 45 of the GDPR, as exists in the European Union. In particular, security measures were undertaken that restrict the access of US authorities or authorities from other countries. This adequacy decision refers to certified companies which are listed in this DPF. Klaviyo Inc. is listed in the registry of the Data Privacy Framework program of the U.S. Department of Commerce (as of 01/01/2026).

2.3.2 Reviews
To receive your experiences and reviews, we use the REVIEWS.io service as the processor in accordance with Article 28 of the GDPR. When a review is generated on the product pages or on the website sent to you by email, your data is collected by REVIEWS.io 2020 GmbH, Skalitzer Straße 104, 10997 Berlin, Germany, and transferred to us. Your review will then be published on our website. It will not be forwarded to any third countries.

2.3.3 Product Returns
We use the 8Returns service offered by 8Returns GmbH, Pappelallee 78/79,
10437 Berlin, Germany, to facilitate the simple, efficient processing of returns. In the context of using this services, certain personal data is processed to manage and improve the returns process. The data processed by 8Returns includes:

  • Ordering information (e.g. order number, product information)
  • customer information (e.g. name, email address, delivery address)
  • return information (e.g. reason for return, condition of article)

This information is used by 8Returns for the exclusive purpose of executing and improving the return process, and is not processed for any other purposes.

VIII. Further Data Processing

1. Newsletter / Competitions / Surveys

1.1. Newsletter
We process the data provided during your registration for the newsletter (e.g. first name, last name, email). For registration we use ‘double opt-in’. The email address provided must therefore be confirmed by clicking on the registration link sent to this email address.

In addition to the data supplied while registering for the newsletter, the following data can be processed:

  • Information about the deliverability of the newsletter, opening rate, and clicks on links in the newsletter,
  • Analysis of behaviour in the shop after clicking on links (for instance, which products were viewed or placed in the shopping basket), or ‘conversion tracking’,
  • Technical information (e.g. time opened, IP address, browser type and operating system)

Your data is processed for the purpose of mailing the newsletter you requested, including surveys included within, in order to improve our services and the shopping experience on fritz.com, to organize competitions, and for addressing you personally based on your use behaviour.
The legal basis for this processing is consent in accordance with Article 6 (1.1a) of the GDPR. You can withdraw your consent to receive the newsletter and the data processing like the analysis it entails at any time. For this you can use, for instance, the ‘Unsubscribe’ link in every newsletter. After unsubscribing, your email address may be saved in a list of blocked websites, if this is required to prevent future mailings. Storage takes place on the basis of a legitimate interest in accordance with Article 6 (1.1f) of the GDPR.

For sending our emails (newsletter) we use the Klaviyo service of Klaviyo Inc., 225 Franklin St, Floor 10, Boston, MA 02110, USA as the processor in accordance with Article 28 of the GDPR. The data processed when registering for the newsletter may also be processed in the USA. With regard to the level of data privacy protection in the USA, the EU Commission on the EU-U.S. Data Privacy Framework (DPF) issued an adequacy decision which certifies to certain US companies a suitable level of data privacy protection in accordance with Article 45 of the GDPR, as exists in the European Union. In particular, security measures were undertaken that restrict the access of US authorities or authorities from other countries. This adequacy decision refers to certified companies which are listed in this DPF. Klaviyo Inc. is listed in the registry of the Data Privacy Framework program of the U.S. Department of Commerce (as of 2025-04-01).

1.2. Competitions
Unless otherwise specified for a competition, the following applies: If you win in the context of a competition, we will contact you at the email address provided to determine the mailing address for sending the prize. Your postal address is used only for the purpose of sending the prize. We store the data supplied in the context of the competition until the competition is completed (generally deletion takes place no more than eight weeks after the deadline for participating in the competition), unless we have other statutory retention obligations (e.g. relating to tax law).
For competitions – unless otherwise indicated – we use software from the provider Alchemer. Alchemer is operated by Alchemer LLC, 168 Centennial Pkwy, Louisville, CO 80027, USA.

1.3. Surveys
We use the provider Alchemer to integrate surveys on our websites. Alchemer is operated by Alchemer LLC, 168 Centennial Pkwy, Louisville, CO 80027, USA.
The data recorded is processed for surveys, to improve our services, and to organize competitions. Your personal data will be deleted from the tool no later than 8 weeks after conclusion of the given campaign. Insofar as this involves the processing of personal data, Article 6(1b) of the GDPR is the legal basis.
Data is processed exclusively within the EU.

2. Advertising and Marketing Messages / Customer Satisfaction Surveys
Your personal data is used for the purpose of advertising and/or marketing and for the purpose of performing customer satisfaction surveys only when corresponding permission has been granted, or when there is another legal basis that permits advertising or marketing messages even without express consent (e.g., in accordance with the Act Against Unfair Competition).

The legal foundation for advertising and/or marketing measures on the basis of express consent is Article 6 (1. 1a of the GDPR. For advertising and/or marketing measures via email for the purpose of direct advertising for similar wares or services of our own, the legal basis is Section 7(3) of the German Fair Trade Practices Act (UWG); this is subject to the condition that (i) we received your email address in connection with the sale of a good or service, (ii) you did not refuse to allow your email address to be used for the purpose of direct advertising and (iii) upon the collection of your email address and every time we use it, we clearly point out that you may refuse at any time to have your email address used in this way.
Your personal data will be stored and used for advertising purposes indefinitely, depending on the respective legal basis for the advertising measure (consent or legitimate interest), until you object to the use of your data for advertising purposes or until you revoke your corresponding consent. You can revoke consent to a processing of personal data at any time, with effect for the future. You may object to processing on the basis of legitimate interests at any time. In the event of revocation and/or objection, the personal data will no longer be processed for the purposes concerned; with the exception of processing of data which is still required for the purpose of fulfilling the contract (Art. 6 1 (1b) of the GDPR) including statutory storage obligations and/or if the data is still required within the framework of legitimate interests (Art. 6 1 (1b) GDPR) (e.g. in the event of an advertising objection, processing of data in a so-called block list in order to prevent future advertising approaches).

3. Social Networks
On our web pages we use social network plug-ins in accordance with the information from the providers listed below, so that you can enjoy the interactive potentials of the social networks you use on our web pages as well. With these plug-ins we embed video contents into the websites. This makes various functions available, the object and extent of which are determined by the operators of the social networks. Keep in mind that the IP address of your browser session may be linked to your own profile with the given social network if you are currently logged in to that network. Similarly, your visit to our web pages can be linked to your profile with the social network if it recognizes you from a cookie that was set during a previous session with the social network and is still stored on your computer.
Please note that we are not the provider of the social networks and thus have no influence on data processing by the given provider. For more information on data handling, see the websites of the respective social network operators.

If you contact us and interact with us on one of the social networks we use (Facebook, X, Bluesky, LinkedIn, Instagram, Xing, YouTube, TikTok (requests, like button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, as well as software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA, each of which is a separate processor in accordance with Article 28 of the GDPR. for the purpose of processing the user data generated in order to process these requests. Insofar as this involves the processing of personal data, Article 6(1b) of the GDPR is the legal basis.

4. Instant-Messenger
If you follow our channels on the messaging apps WhatsApp and Telegram, the public username and ID you use there are displayed to us. This data is processed exclusively for the purpose of providing with information about the latest news from AVM, as requested by you. The legal basis for this processing is Article 6 (1a) of the GDPR. You can unsubscribe from the news service at any time. More information is provided in the data protection statement of the respective service provider (WhatsApp: https://www.whatsapp.com/legal/privacy-policy/ and Telegram https://telegram.org/privacy/).

5. Zack Speed Test
When using our Zack speed test you have the opportunity to determine the upload and download speeds and the ping time of your broadband connection. This test uses a PHP script via the provider GeoIPLookup.io to retrieve the IP address of your connection along with the approximate geo-data as well as your internet provider and type of browser. If you use a FRITZ!Box, depending on the browser, the FRITZ!Box model and FRITZ!OS version will also be displayed. No data processing takes place on our servers. No IP address is saved.

6. Usercentrics
We use the Usercentrics privacy compliance service, belonging to Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, in the context of processing in accordance with Article 28 of the GDPR. This allows us to obtain and manage our website users' consent to data processing. This processing is required to fulfil the legal obligation to which we are subject (Article 6 (1.1.c) of the GDPR). For this the following data is processed:

  • date and time of access
  • browser information
  • device information
  • geographic location
  • cookie preferences
  • URL of the site visited

The functionality of the website cannot be guaranteed without this processing. Processing takes place in the European Union.

IX. Contact Form, Feedback, Email Contact, Support, and Chat Support

1. Contact Forms
On our websites there are various contact forms (web forms) or contact options for different topics, which the user can use to establish contact with us electronically (for instance, for product and sales consultation, product suggestions, support requests, chat support). If the user takes advantage of any of these opportunities, the data entered in the input mask by the user or data on the phone contact is transmitted to us and stored. Depending on the form used or the type of contact, this data can include:

  • Company*
  • First name*
  • Last name*
  • Phone number*
  • Email*
  • Type of query* (private or business customer / vendor)
  • Postal code*
  • Country
  • When you can be reached
  • Any relevant documents/materials/support information/logs
  • Internet service provider

* Mandatory information (depending on the web form or type of contact used), which are required for the purpose of registration/contact are marked with an asterisk (in the input mask as well) to designate them as required fields.

2. Feedback
On our websites users are able to send us feedback, e.g. in the FRITZ! Lab.
If the user makes use of this, the data entered in the input mask is transmitted to us and stored. This data includes:

  • First name
  • Last name
  • Email address

When the message is sent, the following data is also processed:

  • the user's IP address
  • date and time when message was dispatched

To process your feedback we use software from Alchemer LLC, 168 Centennial Pkwy, Louisville, CO 80027, USA, in the context of processing in accordance with Article 28 of the GDPR. Data is processed exclusively within the EU.

3. Email Contact
Alternatively, you can contact us using the email addresses listed on the web pages. In this case the personal data of the user transmitted with the email will be stored. We process email queries using software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA, in the context of processing in accordance with Article 28 of the GDPR. Insofar as this involves the processing of personal data, Article 6 (1.1b) of the GDPR is the legal basis.

4. Chat
On our websites you also have the opportunity to enter into a chat with our support staff, and with an AI-supported chatbot (whichever is available), for instance, to receive information on our products (‘chat function’).
When the chat is used, the following (personal) data is processed:

  • Name
  • Title
  • Language
  • Date and time
  • IP Address
  • Email address
  • Content of your communication
  • Information on the web browser used (language settings, software version, etc.)
  • Country, city / approximate location

FRITZ! processes personal data provided by a user through a chat only insofar as it is necessary to respond to your personal query in the chat. You decide whether the data listed above is stored for the purposes listed under 6.
For provision of the AI-supported chatbot we use software from botario GmbH, Konsul-Smidt-Straße 8p, 28217 Bremen as the processor in accordance with Article 28 of the GDPR.

If the query cannot be answered in the chat, your query may be transferred to our FRITZ! Support desk. The text you entered within the chat (including any personal data you provided in this context) will be forwarded there.

5. Support and Consulting Queries
We process support and consultation requests (by email or phone) as well as queries via chat support using software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA - see also at - as well as software telegra GmbH, Oskar-Jäger-Straße 125, 50825 Cologne, Germany, in the context of processing in accordance with Article 28 of the GDPR. We further use SugarCRM software from Insignio CRM GmbH, Ludwig-Erhard-Str. 14, 34131 Kassel, Germany, to organize and store the data, also in the context of processing in accordance with Article 28 of the GDPR. In the case of phone contact, we reserve the right – also in the interest of further inquiries – to process your phone number in addition to your name and the associated support query. Insofar as this involves the processing of personal data, Article 6 (1.1b) of the GDPR is the legal basis.

In addition to the chat function, users can receive information from FRITZ by phone or via the contact form on the company's Product and Sales consultation pages. For more information on these options, go to https://fritz.com/products/sales-consultation/.

6. Purpose and Legal Basis
This data is processed exclusively for the purpose of responding to the given request or suggestion. The other data collected during transmission of the message serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
Insofar as data is processed for the purpose of fulfilling a customer order or responding to a customer request, the legal basis for data processing is Article 6 (1.1b) of the GDPR, regardless of whether contact was made via a contact form, by email, or by phone. The legal basis for processing the user's feedback is Article 6 (1.1f) of the GDPR. We are interested in improving our products and services for our users. The legal basis for processing the data with the user's consent is Article 6 (1.1a) of the GDPR. The legal basis for collecting additional data during sending is Article 6 (1.1f) of the GDPR; the legitimate interest here is in the prevention of misuse and ensuring system security (cf. [V.1]).

7. Data Erasure and Storage Period
In general, data is erased as soon as it is no longer required to achieve the purpose of its collection. For the personal data from the input mask of the contact form and that that was sent by email, this is the case when the given communication with the user has ended and/or the user's request was responded to conclusively. The communication is concluded, or a conclusive response is provided, when the circumstances allow the conclusion that the matter concerned has been resolved; in the case of support and chat support, no more than 2 years after the last communication, as long as not stipulated for legal reasons, or after no more than 3 years if we offered you a replacement under warranty and/or your problem requires interaction with our Development department. In the case of warranty processing performed, we delete the associated communication required no later than after 5 years. In general: Instead of being deleted, data will be stored and locked if further storage of the data is required for legal reasons.

8. Opt-out and Elimination Options
The user has the possibility to terminate communication with us and/or rescind their request at any time, and to object to the corresponding use of their data. In such a case the communication cannot be continued. In this case, all personal data stored in the course of making contact is erased, unless the further storage of data is required for legal reasons.

X. Rights of the Data Subjects
According to the GDPR, the user is entitled in particular to the following data subject rights:

1. Right to information (Article 15 of the GDPR)
You have the right to request information about whether or not we process personal data pertaining to you. If personal data pertaining to you is processed by our company, you are entitled to information about

  • the purposes of processing;
  • the categories of personal data (kinds of data) that are processed;
  • the recipients or categories of recipients to whom your data was disclosed or is to be disclosed; this is the case especially when data was disclosed or is to be disclosed to recipients in third countries outside the purview of the GDPR;
  • the planned duration of storage, to the extent this is possible; if the duration of storage cannot be given, in any case the criteria for determining the duration of storage (e.g. legal retention periods or the like) must be communicated;
  • your right to rectification and erasure of the data pertaining to you, including the right to restrict processing and/or the right to revoke consent (on this, see also the subsequent clauses);
  • the existence of the right to lodge an appeal with a supervisory authority
  • the source of the data, if the personal data was not collected from you directly.

Further, you are entitled to information about whether your personal data is the object of automated decisions in the sense of Article 22 of the GDPR, and, if this is the case, which decision criteria are the basis for such an automated decision (logic) or what the effects and consequences the automated decision can have for you.

If personal data is transmitted to a third country outside the purview of the GDPR, you are entitled to information about whether, and if so, on the basis of which guarantees, an adequate level of protection is ensured by the data recipient in the third country in accordance with Articles 45 and 46 of the GDPR.
You have the right to request a copy of your personal data. We always provide copies of data in electronic form unless you request otherwise. The first copy is free of charge; for additional copies, reasonable compensation can be requested. The copy is provided as long as the rights and freedoms of other persons are not compromised through the transmission of the copied data.

2. Right to Rectification (Article 16 of the GDPR)
You have the right to request that we rectify your data, should it be incorrect, inaccurate and/or incomplete; the right to rectification includes the right to complete your data by adding supplementary clarifications or information. A rectification and/or supplement must take place immediately – that is, without undue delay.

3. Right to Erasure (Article 17 of the GDPR)
You have the right to request that we erase your personal data, insofar as

  • the personal data is no longer required for the purposes for which it was collected and processed;
  • data processing takes place on the basis of consent you granted and you have rescinded your consent, insofar as there is no other legal basis for data processing;
  • you entered an objection to data processing in accordance with Article 21 of the GDPR and there are no overriding reasons for further processing;
  • you entered an objection to data processing for the purpose of direct advertising in accordance with Article 21(2) of the GDPR;
  • your personal data was processed illegally;
  • the data in question concerns a child, and was collected in relation to information society services in accordance with Article 8(1) of the GDPR.

There is no right to the erasure of personal data insofar as

  • the rights to freedom of expression and to knowledge are in conflict with the request for erasure;
  • the processing of personal data (i) in order to fulfil a legal obligation (e.g. legal retention periods), (ii) in order to fulfil public duties and interests in accordance with EU law and/or the law of the member states (this also includes interests in the area of public health) or (iii) for the purposes of archiving or research;
  • the personal data is required for the assertion, exercise or defence of legal claims.

The erasure must take place immediately – that is, without undue delay. If personal data has been made public by us (e.g. in the internet), we are responsible, in the framework of what is technically possible and reasonable, for informing third-party processors about the erasure request, including the deletion of links, copies and or replicates.

4. Right to Restriction of Processing (Article 18 of the GDPR)
You have the right to have the processing of your personal data restricted in the following cases:

  • If you have contested the accuracy of your personal data, you can request that your data not be used for other purposes for the duration of the accuracy check and insofar restricted.
  • In the case of illegal data processing you can request the restriction of data use in accordance with Article 18 of the GDPR rather than data erasure according to Article 17 (1d) of the GDPR.
  • If you need your personal data for the assertion, exercise or defence of legal claims, but your personal data is otherwise no longer required, you can request that we restrict processing to the above-mentioned purpose of legal proceedings.
  • If you entered an objection to data processing in accordance with Article 21(1) of the GDPR and it has not yet been decided whether our interests in processing override your interests, you can request that your data not be used for other purposes for the duration of the review and insofar be restricted.

5. Right to Data Portability (Article 20 of the GDPR)
Subject to the following provisions, you have the right to receive the data pertaining to you in a commonly used, machine-readable format. The right to data portability includes the right to transmission of the data to another controller; upon request we will thus – insofar as it is technically possible – transmit data directly to a controller you specify or will specify in the future. The right to data portability applies only for the data provided by you and assumes that the data is processed on the basis of consent or for performance of a contract, and is executed using automated methods. The right to data portability in accordance with Article 20 of the GDPR does not affect the right to data erasure in accordance with Article 17 of the GDPR. The data is transmitted only if the rights and freedoms of other persons cannot be compromised through the data transmission.

6. Right to Object (Article 21 of the GDPR)
In the case of processing of personal data in order to fulfil a task carried out in the public interest (Article 6[1e] of the GDPR) or for the purpose of pursuing legitimate interests (Article 6[1f] of the GDPR), you can object prospectively to the processing of personal data pertaining to you at any time. In the case of an objection we have to refrain from any further processing of your data for the above mentioned reasons, unless

  • there are compelling and legitimate reasons for processing which override your interests, rights and freedoms, or
  • the processing is required for the assertion, exercise or defence of legal claims.

You can object prospectively to the use of your data for the purpose of direct advertising at any time; this is also true for any profiling associated with the direct advertising. In the case of an objection we have to refrain from any further processing of your data for the purpose of direct advertising.

7. Legal Protections / Right to Petition a Supervisory Authority
In the case of complaints, you can contact a supervisory authority of the EU or the member states at any time. The supervisory authority named in (II) is responsible for our company.

(Last revised: January 2026)

  • PayPal
  • Klarna
  • Visa
  • Mastercard
  • American Express
  • Google Pay
  • Apple Pay
© 2026 FRITZ! GmbH
We ship with:We ship with:We ship with: