Neuer ROX Online-Shop jetzt unter rox-shop.com
Seit 1890
Kostenloser Versand in DE (ab 150 €)
Made in Germany
Telefon 08196 750

Privacy Policy

1. An overview of data protection

General

As the operator of this website and as a company, we come into contact with your personal data. This means all data that says something about you and with which you can be identified. In this privacy policy we would like to explain to you how, for what purpose and on what legal basis we process your data.

The person responsible for data processing on this website and in our company is:

ROX Hamann GmbH

Hagenheimer Strasse 20

86928 Hofstetten

Germany

Telephone: 08196 75-0

E-mail: e.henter-besting@rox.de

General information

SSL or TLS encryption

When you enter your data on websites, place online orders or send emails over the Internet, you must always expect that unauthorized third parties will access your data. There is no complete protection against such access. However, we do everything we can to protect your data as best as possible and to close security gaps as far as we can.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data that you send to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.

Encrypted payment transactions

Payment data, such as account or credit card numbers, are particularly in need of protection. That is why payment transactions with common payment methods are carried out exclusively via an encrypted SSL or TLS connection.

How long do we store your data?

At some points in this privacy policy we inform you how long we or the companies that process your data on our behalf store your data. If such information is missing, we will store your data until the purpose of the data processing no longer applies, you object to the data processing or you revoke your consent to the data processing.

In the event of an objection or revocation, however, we may continue to process your data if at least one of the following conditions is met:

  • We have compelling legitimate reasons for continuing the data processing that outweigh your interests, rights and freedoms (only if you object to data processing; if the objection is directed against direct advertising, we cannot provide legitimate reasons).
  • The data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct advertising).
  • We are legally obliged to retain your data.

In this case, we will delete your data as soon as the condition(s) no longer apply.

Data transfer in the USA

We also use tools from companies on our website that transfer your data to the USA and store it there and, if necessary, process it further. The European Commission has adopted an adequacy decision for the EU-US data protection framework. This determines that the USA ensures an adequate level of protection for personal data from the EU that is transferred to US companies. This decision is based on new guarantees and measures introduced by the USA to meet data protection requirements. The adequacy decision includes, among other things, restrictions and guarantees regarding the access of the US intelligence services to the data. Binding guarantees have been introduced to limit the access of the US intelligence services to the necessary and proportionate extent to protect national security. In addition, increased supervision of the activities of the US intelligence services has been established to ensure that the restrictions on surveillance activities are adhered to. An independent redress procedure has also been set up to process and resolve complaints from European citizens about access to their data. The EU-US data protection framework thus enables European companies to transfer data to certified US companies without having to introduce additional data protection guarantees. A list of all certified companies can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

A change in the European Commission's decision cannot be ruled out.

Data protection officer

We have appointed a data protection officer for our company.

DataGAP GmbH

Markus Altenburg

Bessemerstrasse 82

12103 Berlin

E-mail address: datenschutz@rox.de

Telephone number: +49 30 577 10 513

Your rights

Objection to data processing

IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS IN PROCESSING YOUR DATA AND THEREFORE BASE THIS ON ART. 6 PARAGRAPH 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING IN ACCORDANCE WITH ART. 21 GDPR, YOU HAVE THE RIGHT TO OBJECT TO THIS. THIS ALSO APPLIES TO PROFILING THAT IS CARRIED OUT ON THE BASIS OF THE ABOVE-MENTIONED PROVISION. THE CONDITION IS THAT YOU GIVE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. A REASONS IS NOT REQUIRED IF THE OBJECTION IS DIRECTED TO THE USE OF YOUR DATA FOR DIRECT MARKETING.

THE CONSEQUENCE OF THE OBJECTION IS THAT WE ARE NO LONGER PERMITTED TO PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS APPLIES:

  • WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS.
  • THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTLY TO DIRECT MARKETING OR TO PROFILING THAT IS RELATED TO IT.

Other rights

Revocation of your consent to data processing

Many data processing operations are based on your consent. You give this, for example, by checking the appropriate box on online forms before sending the form or by allowing certain cookies when you visit our website. You can revoke your consent at any time without giving reasons (Art. 7 Para. 3 GDPR). From the time of revocation, we are no longer allowed to process your data. The only exception: We are legally obliged to store the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.

Right to complain to the competent supervisory authority

If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority under Art. 77 GDPR. You can contact a supervisory authority in the member state of your residence, your place of work or the place where the alleged violation occurred. The right to lodge a complaint exists alongside administrative or judicial remedies.

Right to data portability

Data that we process automatically on the basis of your consent or in fulfillment of a contract must be handed over to you or to a third party in a common machine-readable format if you request this. We can only transfer the data to another responsible party if this is technically possible.

Right to data information, deletion and correction

According to Art. 15 GDPR, you have the right to receive information free of charge about which personal data we have stored about you, where the data comes from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have a right to rectification (Art. 16 GDPR); under the conditions of Art. 17 GDPR, you can request that we delete the data.

Right to restriction of processing

In certain situations, according to Art. 18 GDPR, you can request that we restrict the processing of your data. The data may then - apart from storage - only be processed as follows:

  • with your consent
  • to assert, exercise or defend legal claims
  • to protect the rights of another natural or legal person
  • for reasons of important public interest of the European Union or a member state

The right to restriction of processing exists in the following situations:

  • You have disputed the accuracy of your personal data stored by us and we need time to check this. The right exists for the duration of the review.
  • The processing of your personal data is unlawful or was unlawful in the past. In this case, the alternative is to have the data deleted.
  • We no longer need your personal data, but you need it to exercise, defend or assert legal claims. In this case, the alternative is to have the data deleted.
  • You have lodged an objection in accordance with Art. 21 Para. 1 GDPR and now your interests and ours must be weighed against each other. The right exists here as long as the result of the balancing of interests is not yet known.

Hosting and Content Delivery Networks (CDN)

External hosting

Our website is located on a server of the following provider of Internet services (hosters):

Host Europe GmbH
Hansestraße 111
51149 Cologne

 
 
 

Has a contract for order processing been concluded with the hoster or are standard contractual clauses (SCC) used?

Yes

How do we process your data?

The Hoster stores all data from our website. This also includes all personal data that is recorded automatically or through your input. This can include in particular: your IP address, pages accessed, names, contact details and requests as well as meta and communication data. When processing data, our hoster follows our instructions and only processes the data to the extent that this is necessary to fulfill the service obligation towards us.

On what legal basis do we process your data?

Since we address potential customers via our website and maintain contact with existing customers, the data processing by our hoster serves to initiate and fulfill contracts and is therefore based on Art. 6 Para. 1 lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 Paragraph 1 Letter f) GDPR.

Data collection on this website

Use of cookies

Our website places cookies on your device. These are small text files that are used for different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are required in order to be able to carry out certain actions or functions on the site (functional cookies). For example, without cookies it would not be possible to use the advantages of a shopping cart in an online shop. Other cookies are used to analyze user behavior or optimize advertising measures. When we use third-party services on our website, e.g. B. to process payment transactions, these companies can also leave cookies on your device when you visit the website (so-called third-party cookies).

How do we process your data?

Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear automatically. Permanent cookies, on the other hand, remain on your device if you do not delete them yourself. This can, for example, lead to your user behavior being permanently analyzed. You can influence how your browser handles cookies using the settings in your browser:

  • Do you want to be informed when cookies are set?
  • Do you want to exclude cookies in general or for certain cases?
  • Do you want cookies to be automatically deleted when you close your browser?

If you deactivate or do not allow cookies, the functionality of the website may be restricted.

If we use cookies from other companies or for analysis purposes, we will inform you about this in this privacy policy. We also ask for your consent in this regard when you visit our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online offerings can be used by visitors without technical problems and that all the functions they require are available to them. Necessary and functional cookies are therefore stored on your device on the basis of Art. 6 Para. 1 lit. f) GDPR. We use all other cookies on the basis of Art. 6 Paragraph 1 Letter a) of GDPR, provided that you give us your consent. You can revoke this at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when asked for your consent, these cookies will also be stored exclusively on the basis of your consent.

Server log files

Server log files log all requests and accesses to our website and record error messages. They also contain personal data, in particular your IP address. However, this is anonymized by the provider after a short time, so that we cannot assign the data to you personally. The data is automatically stored by yourrem browser to our provider.

How do we process your data?

Our provider saves the server log files in order to be able to track the activities on our website and to identify errors. The files contain the following data:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address (possibly anonymized)

We do not combine this data with other data, but only use it for statistical evaluation and to improve our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs error-free. It is also our legitimate interest to obtain an anonymized overview of access to our website. Data processing is therefore lawful in accordance with Art. 6 Paragraph 1 Letter f) GDPR.

Contact form

You can send us a message using the contact form on this website.

How do we process your data?

We save your message and the information from the form in order to be able to process your request, including follow-up questions. This also applies to the contact details provided. We will not pass the data on to other people without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • Your request has been finally processed.
  • You ask us to delete the data.
  • You revoke your consent to storage.

This only does not apply if we are legally obliged to store the data.

On what legal basis do we process your data?

If your request is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process requests addressed to us. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Paragraph 1 Letter a) of GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Inquiry by email, telephone or fax

You can send us a message by email or fax or call us.

How do we process your data?

We save your message as well as your self-provided contact details or the telephone number you provided in order to be able to process your inquiry, including follow-up questions. We will not pass the data on to other people without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • Your request has been finally processed.
  • You ask us to delete the data.
  • You revoke your consent to storage.

This only does not apply if we are legally obliged to store the data.

On what legal basis do we process your data?

If your request is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process requests addressed to us. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Paragraph 1 Letter a) of GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Analysis tools and advertising

We use the following tools to analyze the behavior of our website visitors and to show you advertising.

Google Tag Manager

What is Google Tag Manager?

Tag management system for integrating tracking codes and conversion pixels from Google Ireland. Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google Tag Manager?

https://policies.google.com/privacy

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use the Google Tag Manager. The tool helps us to integrate tracking codes and conversion pixels into our website, to manage them and to display them. The Google Tag Manager does not create user profiles itself, does not place cookies on your device and does not analyze your behavior as a user. However, it does record your IP address and transmit it to Google servers in the USA.

On what legal basis do we process your data?

We have a legitimate interest in the quick and uncomplicated integration and management of various tools on our website. The use of the Google Tag Manager is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR. If you have consented to the transmission of your IP address, we will process your data exclusively on the basis of Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Google Analytics

What is Google Analytics?

Tool for analyzing user behavior from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google Analytics?

https://support.google.com/analytics/answer/6004245?hl=de

On what basis do we transfer your data to the USA?

On the basis the adequacy decision of the European Commission and the corresponding certification of the company.

How can you prevent data collection?

Among other things, with a browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de

How do we process your data?

We are always interested in optimizing our web offering for visitors to our website and placing advertising in the best possible way. Google Analytics helps us with this, a tool that analyzes user behavior and thus provides us with the necessary data basis for adjustments. The tool provides us with information about the origin of our visitors, their page views and the length of time they spend on the pages, as well as the operating system they use.

Standard processing

To collect the data, Google Analytics uses cookies, device fingerprinting or other technologies to recognize users. The data is transmitted to Google servers in the USA and, using the IP address that is also recorded, is compiled into a profile that can be assigned to you or your device.

You can prevent Google from processing your data by installing a browser plug-in that Google itself provides: https://tools.google.com/dlpage/gaoptout?hl=de.

IP anonymization

We have activated the "IP anonymization" function within Google Analytics. For you, this means that Google shortens your IP address (from the EU or EEA) before transmitting it to the USA. Only in exceptional cases does Google transmit the full IP address to servers in the USA and only shorten it there.

Demographic characteristics

We use the "demographic characteristics" function of Google Analytics to be able to show visitors to our website suitable advertisements within the Google advertising network. As a result, reports can be created that contain information about the age, gender and interests of our site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third parties. It is not possible to assign the collected data to specific people.

You can deactivate the function in the settings of your Google account.

E-commerce tracking

We use the "e-commerce tracking" function of Google Analytics. This enables us to analyze the purchasing behavior of our website visitors and improve our online marketing campaigns. E-commerce tracking records, for example, your orders, average order values, shipping costs and the time from viewing to purchasing a product. Google can summarize the data under a transaction ID and assign it to you or your device.

How long do we store your data?

According to Google, data stored at user and event level that is linked to cookies, user IDs (e.g. user IDs) or advertising IDs is deleted or anonymized after 14 months. (cf. https://support.google.com/analytics/answer/7667196?hl=de).

On what legal basis do we process your data?

As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. Data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR. In the event that you have, for example, consented to the storage of cookies or otherwise consented to data processing by Google Analytics, Art. 6 Para. 1 lit. a) GDPR is the sole legal basis. You can revoke your consent at any time with effect for the future.

Google Ads

What is Google Ads?

Online advertising program from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Has a contract for order processing been concluded with Google Ads?

Yes

Where can you find more information about data protection at Google Ads?

https://policies.google.com/privacy?hl=de&gl=de

On what basis do we transfer your data to the USA?

On the basis of the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use Google Ads. Google's advertising program enables us to display advertisements in the Google search engine or on third-party websites when visitors to our website enter certain search terms on Google (keyword targeting). We can also place targeted advertisements based on the user data available to Google (e.g. location data and interests) (target group targeting). We evaluate the collected data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

On what legal basis do we process your data?

As a website operator, we have a legitimate interest in the placement and evaluation of advertisements. The data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR. In the event that you have, for example, consented to the storage of cookies or otherwise consented to data processing by Google, Art. 6 Para. 1 lit. a) GDPR is the sole legal basis. You can revoke your consent at any time with effect for the future.

Google Conversion Tracking

What is Google Conversion Tracking?

Tool for analyzing user behavior from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Has a contract for order processing been concluded with Google Conversion Tracking?

Yes

Where can you find more information about data protection with Google Conversion Tracking?

https://www.google.de/intl/de/policies/privacy/

On what basis do we transfer your data to the USA?

On the basis of the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We are always interested in optimizing our website for users and placing advertising in the best possible way. For this purpose, we also use Google's conversion tracking. With its help, we can record whether and how often visitors to our website have clicked on certain buttons and which products were viewed and purchased particularly frequently (conversion statistics). In the course of data collection and storage, we do not receive any information with which we can personally identify individual visitors. Google itself uses cookies or similar recognition technologies for identification.

On what legal basis do we process your data?

As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. The data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR. In the event that you have, for example, consented to the storage of cookies or otherwise consented to data processing by Google Conversion Tracking, Art. 6 Para. 1 lit. a) GDPR is the sole legal basis for processing your data. hts basis. You can revoke your consent at any time with effect for the future.

 

Google Fonts (local hosting)

We use fonts from the US company Google on our website. We have installed the fonts locally, so there is no connection to Google's servers when you visit our website.

For more information about Google Fonts, see https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

jQuery

What is jQuery?

Service that provides access to a JavaScript library for use on this website enables

Who processes your data?

The OpenJS Foundation, 548 Market St, PMB 57274, San Francisco, California, USA

Where can you find more information about data protection at jQuery?

https://openjsf.org/privacy

On what basis do we transfer your data to the USA?

jQuery adheres to the standard contractual clauses of the European Commission (cf. https://openjsf.org/privacy)

How do we process your data?

We use jQuery services on our website. jQuery is a JavaScript library. It simplifies JavaScript programming by providing an easy-to-use interface for many common tasks. jQuery enables users to make their websites faster and more interactive. When you visit our website, a direct connection is established between your browser and jQuery's servers. This tells jQuery that our website was accessed via your IP address.

On what legal basis do we process your data?

jQuery fonts ensure a uniform typeface on our websites. As a company, we have a legitimate interest in this. The data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR.

If you have consented to data processing, we will process your data exclusively on the basis of Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent at any time. From the time of revocation, we are no longer permitted to process your data.

Data processing on social media

What is social media?

By social media we mean the social networks on which we have created publicly accessible profiles. You can read about which social networks these are below.

Who processes your data?

The respective operating companies of the social networks. You can find the individual operators below for the respective networks.

How is your data processed?

The operators of social networks are generally able to collect and evaluate comprehensive data on the behavior of visitors and users of the network. It is not possible for us to track all processing operations in the social networks we use, which is why additional processing operations that are not listed here may be carried out by the operators of the social networks. You can find further information on this in the terms of use and privacy policies of the respective social networks.

The processing of your data can be triggered by visiting the website of the social network or our profile page there. Even if you visit a website that uses certain content of the network, e.g. like or share buttons, data can already be transferred to the operators of the social network. If you are a user of the social network yourself and are logged into your user account, your visit to our profile page can be assigned to your account by the operator of the social network. Even if you have not registered a user account yourself or are not logged in, the operator of the network may still collect your personal data, e.g. by recording your IP address or setting cookies. With this data, the operators can create user profiles tailored to your behavior and interests and show you interest-based advertising within and outside the network. If you are a registered If you are a user of the network, interest-based advertising can also be displayed on all devices on which you are or were logged in.

On what legal basis are your data processed?

Our profiles on social networks are intended to ensure that our company has the most comprehensive presence possible on the Internet. As a company, we have a legitimate interest in this. Data processing is therefore lawful according to Art. 6 (1) lit. f GDPR.

The data processing operations and analyses carried out by the operators of the social networks themselves may be based on other legal bases. These must be specified by the operators of the social networks.

Who is responsible for processing your data and how can you assert your rights?

If you visit one of our profiles on social networks, we and the operator of the respective network are jointly responsible for the data processing operations triggered during this visit. In principle, you can assert your rights against both us and the operator of the respective network.

Despite the joint responsibility with the operators of the social networks, our influence on the data processing procedures of the respective operator is limited and is primarily based on the operator's specifications.

How long will your data be stored?

If we collect data via our profiles on social networks, it will be deleted from our systems as soon as the purpose for storing it no longer applies, you ask us to delete it or you revoke your consent to storage. Stored cookies remain on your device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on how long the operators of the social networks store your data, which the operators collect for their own purposes. You can obtain information about this directly from the operator of the respective social network, e.g. in the respective data protection declaration.

Which social media do we use?

Facebook

What is Facebook?
A social network

Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Is your data transferred to third countries?
Yes, to the USA and also to other third countries

Where can you find more information about data protection at Facebook?
https://www.facebook.com/about/privacy/

Where can you adjust your advertising settings as a Facebook user?
As a registered Facebook user, you can adjust your advertising settings in your user account. To do this, click on the following link and log in:
https://www.facebook.com/settings?tab=ads.

Instagram

What is Instagram?
A social network specializing in photos and videos

Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Is your data transferred to third countries?
Yes

Where can you find more information about data protection on Instagram?
https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Richtlinien%20und%20Meldungen

Where can you as a user adjust your privacy settings?
As a registered Instagram user, you can adjust your privacy settings in your user account. To do this, click on the following link and log in:
https://www.instagram.com/accounts/privacy_and_security/

LinkedIn

What is LinkedIn?

A social network for business contacts

Who processes your data?

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Is your data transferred to third countries?

Yes

Where can you find more information about data protection at LinkedIn?

https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Where can you as a user adjust your data protection settings?

As a registered LinkedIn user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in:
https://www.linkedin.com/psettings/

YouTube

What is YouTube?
A social network in the form of an online video portal

Who processes your data?
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Is your data transferred to third countries?
Yes

Where can you find more information about data protection at YouTube?
https://policies.google.com/privacy?hl=de

Where can you as a user adjust your data protection settings?
https://policies.google.com/privacy?hl=de#infochoices