Customer Service



In the following you will find a detailed explanation of how we collect personal data when our website is used. Personal data refers to data that is personal to you, such as your name, address, email addresses and behaviour as a user.

As operator of the website the Data Controller responsible according to Art. 4 (7) EU General Data Protection Regulation (GDPR) is:


Silberstraße 1

91207 Lauf


Phone: +49 (0)91 23-97 15 0

FAX: +49 (0)91 23-97 15 20


Our data protection officer can be reached at:



Silberstraße 1

91207 Lauf


Phone: +49 (0)91 23-97 15 0 

FAX: +49 (0)91 23-97 15 20



This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data or sensitive content, such as orders or enquiries to the data controller. You can recognise an encrypted connection by the "https://" and padlock icon in your browser bar.


In accordance with Art. 13 GDPR, we inform you here about the legal bases for the data processing we perform. The following applies unless the legal basis is explicitly stated below in the Privacy Policy: The legal basis for obtaining consent is formed by Art. 6 (1)(a) and Art. 7 GDPR. The legal basis for processing in order to fulfil our services and implement contractual measures is formed by Art. 6 (1) (b) GDPR. The legal basis for processing in order to fulfil our legal obligations is formed by Art. 6 (1) (c) GDPR and the legal basis for safeguarding our legitimate interests is formed by Art. 6 (1) (f) GDPR.


If you merely use our website for informative reasons, i.e. you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you what to view our website, we collect the following information as a technical requirement for us to be able to display our website to you and guarantee stability and security (legal basis formed by Art. 6. (1) (1) (f) GDPR:

  • IP address
  • Date and time of access
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of your request (specific page)
  • Access status/HTTP status code
  • Volume of data transferred in each case
  • Website from where the request came
  • Browser
  • Operating system and its interface 
  • Language and version of the browser software 

In addition to the aforementioned data, cookies are stored on your computer. Cookies are small text files that are stored on your computer specific to the browser you are using and provide the party setting the cookie (in this case, us) with certain information. Cookies cannot run programs or transmit viruses to your computer. We use cookies to make our offering more user-friendly and effective as a whole.

Temporary, session or transient cookies are cookies which are deleted after a user leaves the online offering and closes their browser. Permanent or persistent are cookies that remain stored on the user's computer even after the browser is closed. This allows the login status to be saved, for instance, for when the user revisits the websites after a period of several days. Likewise, the interests of users can be stored in a cookie of this type, which is then used, for instance, to measure reach or for marketing purposes.

We use both temporary and permanent cookies so that we can identify you on subsequent visits if you have an account with us. Otherwise you would have to log in again every time you visit our website.

You can configure your browser settings based on your preferences and, for example, refuse to accept third-party cookies (from providers other than the party responsible for operating the website) or all cookies in general. We would like to point out that eventually you may not be able to use all the features of this website as a result.


In addition to the purely informational use of our website, we offer various services that you can use if you are interested. This usually means that you will have to provide additional details about yourself which we use to provide the relevant service and to which the aforementioned data processing principles apply.

If we use contracted service providers for individual functions of our offering or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes.

Some of our applications use what is referred to as geolocation, i.e. the assignment of a user process to the call location. This takes place exclusively on the basis of the anonymised IP address and only up to geographical level. In no way can conclusions be drawn about a user's actual place of residence from the geographical information obtained in this way.

Establishing Contact

When establishing contact with us (e.g. over our contact form, by email, telephone or social media), the information you provide is processed exclusively for the purpose of processing the contact request. The legal basis for processing the data is our legitimate interest in answering your enquiry in accordance with Art. 6 (1) (f) GDPR.

Your data will be deleted once we have finally processed your enquiry. This will be the case if it can be inferred from the circumstances that the matter in question has been finally clarified, provided that no statutory retention requirements stand in conflict.

Using our web shop

If you would like to place an order in our webshop, we need your master and communication data for us to able to process your order. By master data we mean your name and address. By communication data, we mean your email address and, if provided voluntarily, your telephone number. We will only use your telephone number for queries from our Customer Service Dept. when processing the contract and not for marketing purposes. Processing here is based on Art. 6 (1) (1) (b) GDPR (contract fulfilment). If you place an order in our online shop, the collection of your email address is legally necessary in order to be able to send you an electronic order confirmation and is therefore required in accordance with Art. 6 (1) (1) (c) GDPR.

We process the data you provide in order to process your order. To do so we may pass on your payment data to our payment service providers. The legal basis for this is formed by Art. 6 (1) (1) (b) GDPR.

We can also process the data you provide in order to inform you about other interesting products from our range or to send you emails containing technical details.

You also have the option to create a password-protected customer account on a voluntary basis through which we can save your data for future purchases. When you create an account under "My Account", the data you provide is stored revocably. You can manage and change your data yourself here and also view your order history.

Commercial and tax law requirements oblige us to store your address, payment and order data for a period of 10 years. However, we restrict processing after a period of two years. That means that your data will only be used in order to comply with legal obligations.

In order to prevent unauthorised access to your personal data by third parties, in particular financial data, the order process is encrypted using TLS technology.

Newsletter and news services

With your consent and independent of a contract settlement, you can subscribe to our newsletter which informs you about current and interesting offers at our company.

We use the double Opt-in procedure for subscribing to our newsletter. This means that after you subscribe, we send an email to the email address your provide and ask you to confirm that you wish to receive the newsletter. If we do not receive confirmation of your subscription within 48 hours, your information is automatically deleted. We also store your IP addresses and the times when you subscribed and confirmed your subscription. The purpose of this procedure is to prove that you subscribed and, if necessary, to clarify any possible misuse of your personal data.

The only requirement for sending the newsletter is an indication of your email address. and, in order to be able to address you personally, your first and surname as well. The use of a real name is not compulsory and pseudonymous use is possible. Once you have confirmed your subscription, we save the data you provide for the purpose of sending you the newsletter. The legal basis is formed by Art. 6 (1) (1) (a) GDPR.

You can revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can declare this by clicking on the link provided in each newsletter you receive, by sending an email to or by sending a message to the contact details provided in the Legal Notice.

To send the newsletter, THOMAS SABO uses the Salesforce Marketing Cloud service, which is operated by Inc, Salesforce Tower @ 415 Mission Street, 3rd Floor, San Francisco, California, CA 94105, USA.

In order to make our newsletter even more interesting for you in the future, we use standard market technologies such as cookies or tracking pixels in our newsletter. We evaluate the clicks you make in newsletters using what are referred to tracking pixels, i.e. invisible image files and also personalised links and embedded links (link wrapping). They are assigned to your email address and are linked to their own ID so that clicks in the newsletter can be clearly assigned to you. The user profile is used to tailor the offering and our services to your interests. The legal basis for this is formed by Art. 6 (1) (1) (a) GDPR. We take your cookie settings into account.

We also use certain data (e.g. gender, postcode, VIP status) to segment or personalise our newsletter accordingly. The legal basis for this is our legitimate interest according to Art. 6 (1) (1) (f) GDPR.


If you participate in a competition we run, we will process your data insofar as it is necessary for staging the competition. If required, we will obtain separate consent from you for the additional processing of your data within the framework of the competition.

The data collected for the purpose of participation will be deleted after the competition has ended, unless you have consented to its further processing.

The legal basis for processing personal data here is Art. 6 (I) (a) (separate consent) and Art. 6 (I) (b) EU GDPR.

Job Applications

You can apply online for a position of employment at THOMAS SABO over our application portal. Your online application is forwarded directly to our HR department over an encrypted connection and is treated confidentially in all cases. We will only use your details to process your application and will not disclose them to third parties outside the Group.

Please refer to the Privacy Policy of our application portal for further information on data processing as a part of the application process. If you have applied for a specific position and it has already been filled or if we consider you equally or even more suitable for another position, we will be more than happy to forward your application within the company. Please let us know if you do not agree to this. Your personal data will be deleted immediately after the application process has been completed, or after a maximum of 6 months, unless you have given us your express consent to store your data for longer.

Please note that we only offer the applicant portal for the purpose of job applications. If you choose to apply to us by email nevertheless, we explicitly point out that email attachments are not encrypted.

You can, of course, also send in your application by post.


When we ship goods, we use the service provider parcelLab to send 

shipping notifications to our customers and provide them with the shipping status and 

tracking number of their shipment. The personal data required for the shipment information (name, address, 

order number, etc.) is forwarded to parcelLab for this purpose therefore. Please refer to the Privacy Policy from by parcelLab for more information:


We disclose your data to third parties if we are obliged to do so compulsorily due to legal provisions or legal processes (e.g. a request from an investigating authority) or if you have expressly consented to a transfer to third parties.

Insofar as we disclose personal data from you in all other cases, we do so exclusively to service providers or partner companies that support us in processing orders, providing customers with information and/or providing services based on instructions (commissioned data processing pursuant to Art. 28 GDPR). These concern, for example, web hosts, delivery service providers, payment service providers, fraud management providers and credit rating agencies. These companies are obliged to comply with data protection regulations for their part. Particularly strict data protection requirements apply to commissioned data processing pursuant to Art. 28 GDPR. In particular, such companies may only use the data to fulfil the tasks they have been commissioned with on our behalf.

Insofar as we process data in a third country (i.e. outside the European Union (EU) or European Economic Area (EEA)), or within the context of use by third-party services or the disclosure or transfer of data to third parties, it only takes place if it is required to fulfil our (pre-)contractual obligations, subject to your consent, subject to a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country when the special conditions of Art. 44 et seq GDPR exist. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognised level of data protection or compliance with officially recognised special contractual obligations (what are known as 'standard contractual clauses').

Below is a list of data recipients that process your personal data:

  • DHL – DHL Paket GmbH, Germany – Product Delivery
  • Facebook – Facebook Ireland Limited, Ireland – Social Media Platform
  • Facebook Remarketing/Retargeting – Facebook Ireland Limited, Ireland – Personalised Advertisement
  • Google Ads – Google Ireland Limited, Ireland – Advertisement
  • Google Analytics – Google Ireland Limited, Ireland – Analytics
  • Google Maps – Google LCC USA – Mapping Service
  • Google reCAPTCHA – Google LCC, USA – Captcha Service
  • Ingenico – Ingenico ePayments, Netherlands – Payment Service Provider
  • Instagram – Facebook Ireland Limited, Ireland – Social Media Platform
  • Loqate Capture – GB Group Plc, GB – Email Validation
  • parcelLab – parcelLab GmbH, Germany – Shipping Status Communication
  • PayPal – PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg – Payment Service Provider
  • Salesforce Commerce Cloud – Inc., USA – Website Hosting
  • Salesforce Marketing Cloud – Inc., USA – Newsletter & SMS Marketing
  • Tealium AudienceStream – Tealium Inc., USA – Customer Data Platform
  • Tealium Tag Manager – Tealium Inc., USA – Tag Management
  • Trbo – trbo GmbH, Germany, Onsite Personalization
  • UPS – United Parcel Service Deutschland S.à.r.l. & Co. OHG, Germany – Product Delivery

This list is subject to change if required.


We use cookies to be able to track your activities anonymously and, based on this, provide you with an optimal experience on our website and deliver personalised advertising. THOMAS SABO can disclose this data to third parties, such as advertising partners like Google, Facebook or Instagram. Please note that the settings you make may affect whether the features of the website are available in full.

We have integrated the consent management tool "consentmanager" ( from consentmanager AB (Håltgelvågen 1b, 72348 Västerås, Sweden, on our website to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed by consentmanager. In addition, the processed information may also be stored on your device.

The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, consentmanager helps us (according to GDPR this is the responsible party) to fulfill our legal obligations (e.g. obligation to provide evidence). Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active. After two years after making the user settings, the consent will be asked again. The user settings made are then saved again for this period.

You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an email to


We use software services over the internet and running on servers from their providers ("cloud services", also referred to as "software as a service") for the following purposes: Document storage and management, calendar management, emailing, spreadsheets and presentations, sharing documents, content and information involving specific recipients or publishing web pages, forms or other content and information, and chatting and participating in audio and video conferences.

In this context, personal data can be processed and stored on the providers' servers insofar as it forms part of the communication processes with us or we otherwise process it as set out in the context of this privacy policy. In particular, this data can include master data and user contact details, transaction data, contracts and other processes and their content. The cloud service providers also process user data and metadata, which they use for security purposes and service optimisation.

If we use cloud services to make forms or other documents and content available to other users or publicly accessible websites, said providers may store cookies on user devices for the web analytics purposes or to remember users' settings (e.g. in the case of media control).

If we ask for consent to use cloud services, the legal basis for processing is consent (Art. 6 (1) (1) (a) GDPR). Furthermore, their use form a component of our (pre-)contractual services, provided that the use of the cloud services has been agreed in this context (Art. 6 (1) (1) (b) GDPR). Apart from that, user data is processed on the basis of our legitimate interests (i.e. our interest in an efficient and secure administrative processes and office organisation) (Art. 6 (1) (1) (f) GDPR).

Services and service providers deployed:

  • Salesforce Commerce Cloud
  • Salesforce Marketing Cloud
  • Salesforce Service Cloud


THOMAS SABO regularly analyses user behaviour in order to optimise their website.

Using what is referred to as the web tracking method, we evaluate, for example, how often our websites are visited and which content the user finds particularly valuable. Anonymised data is collected and stored and user profiles created from this data using pseudonyms for this purpose. Technically speaking, we use cookies that make it possible to recognise a web browser. 

The tracking and associated analysis is performed 

  • to safeguard the security of our website and hence your data (legal basis: Art. 6 (1) (f) GDPR) 
  • To provide our service and hence fulfil our contractual obligations (legal basis: Art. 6 (1) (b) GDPR) 
  • To make the success of advertising campaigns measurable and to optimise the display of advertising (legal basis: Art. 6 (1) (f) GDPR. 
  • Calculation of statistical parameters concerning the use of our offerings (legal basis: Art. 6 (1) (f) GDPR. 

You can object to your data being tracked and used for analytical evaluations at any time by configuring your browser settings based on your preferences and, for example, refusing to accept third-party cookies (from providers other than the party responsible for operating the website) or all cookies in general. or you can follow the recommendations for the individual services used.

This website uses Tag Management System (TMS), a service from Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121, USA (Tealium), to dynamically adapt parts of the website. A cookie called utag_main is created to enable this functionality. The TMS is required for providing the service and therefore cannot be disabled.

Google Analytics

Google Analytics is a web analysis service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), which in this respect acts as our order processor (Article 28 GDPR).

Google Analytics uses cookies, which enable an analysis to be made for statistical purposes of your use of this website. The behaviour and features of the browser (page views, clicks on links, applications, settings of the browser) are constantly measured. Entries made by you in forms or other concrete content cannot be captured. We will use this information to compile reports on the use of the website, which serve the purpose of audience measurement and also enable personalised advertisements.

If you own a Google account and have activated “personalised advertising” or logged into our website with your customer account, we analyse your use of this website with Google Analytics cross-device tracking. In this way, for example, it is possible to record whether an action has been taken on another end device (tablet) in response to an advertisement on a laptop. In the same way, advertisements can be shown on a device if you have previously shown interest in them on another device. The reports we produce (including cross-device) contain only compiled data and do not contain any data about individual users.

In the Google account “personalised advertising” can be deactivated at any time.

If you have a Google account and have activated the “web and app activities” function, you can also see the use of this website in aggregated form to get the option of managing your data yourself.

The information produced by your use of this website can also be transferred to a Google server in the US and stored there. However, as part of the IP anonymisation activated for this website, your IP address is shortened by Google before storage. The information sent can no longer be allocated to an individual person via the IP address.

To guarantee the privacy level when processing data in third countries (especially the US) our service provider, Google Ireland Ltd., has agreed with its subcontractors (especially Google LLC) standard contractual clauses, which are based on Module 3 of the European Commission adopted on 4/6/2021 for the transfer of personal data in third countries (

The data processed and linked to cookies by Google Analytics are automatically deleted after a maximum of 50 months.

The legal basis for the data processing is your consent pursuant to point a Article 6(1) GDPR and Section 25 (1) Telecommunications Telemedia Data Protection Act (TTDSG).

Tealium AudienceStream

We use Tealium AudienceStream, a service from Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121, USA, which collects and stores data on our website, from which user profiles can be created using pseudonyms. 

The following including other information is collected for this purpose:

  • User/click behaviour (pages visited, products purchased, services used, etc.) 
  • Time measurements (time and duration of the website visit, etc.) 
  • Device properties (resolution, operating system, browser version, etc.) 
  • Interests (product, service, service interests, etc.) 

In order to improve your user experience, we combine the data collected from all devices which you are logged in on.

We use this information to adapt parts of our website to your needs and by doing so automate your use of the website in real time as required.

The pseudonymised user profiles are not merged with personal data concerning the bearer of the pseudonym without separately declared consent being granted. The IP address transmitted by your browser is not merged with the user profiles either. 

Cookies or similar technologies for mobile devices are used to create the user profiles. The information generated by the cookie about your use of the website is stored exclusively in Germany.


Retargeting is the term used to describe a process in which visitors to a website are identified in order to target them with specific messages on other websites. This method loads measurement pixels onto Internet pages, which in turn are stored in cookies.

The information collected and shared over what are known as third-party cookies is anonymous and not personally identifiable. It contains neither your address, telephone number or email address. The cookies are small text files which are stored on your computer.

This technology used is also referred to as "usage-based online advertising" or "online behavioural advertising" (OBA). You can read more about this technology here: Usage-based online advertising:

Processing here takes place based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 (1) (f) GDPR.

You can find out how to turn off or prevent the use of this technology used by Google and other service providers here: Managing your preferences. 

The service providers named there have committed to complying with this procedure.

Salesforce Marketing Cloud

In order to optimise our marketing activities, we use the Marketing Cloud from, 

Inc, Salesforce Tower @ 415 Mission Street, 3rd Floor, San Francisco, USA. In this context, data from you (activity data outgoing from emails through our online channels, e.g. data on the page accessed, the page history, the device used, the approximate location and data for pseudonymised identification of the user profile) is collected, stored and used in order to adapt our offering (products, website, newsletter) to you. Since Salesforce is an international company with headquarters in the USA, it cannot be ruled out that your data will be transferred to the USA. By using our website, you consent to the use of your data in this way.

You can, of course, object to the collection, storage and use of your data in the Salesforce Marketing Cloud at any time for the future.

Google Ads/Remarketing and DoubleClick

Our website uses Google Ads Remarketing, which we use to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). For this purpose, Google places a cookie in the browser on your end device, which automatically enables interest-based advertising with the help of a pseudonymous cookie ID and based on the pages you have visited. Processing here takes place based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 (1) (f) GDPR.

Any further data processing will only take place if you have given Google permission to link your Internet and app browser history to your Google account and to use information from your Google account to personalise advertisements which you view on the Internet. In this case, if you are logged in to Google when you visit a page on our website, Google will use your data in combination with Google Analytics data to collate and define target group lists for cross-device remarketing. Google temporarily links your personal data with Google Analytics data for this purpose in order to form target groups.

In addition, when DoubleClick is used, cookie IDs are used to record what are known as conversions that relate to ad enquiries. This is the case, for example, when a user sees a DoubleClick ad and visits the advertiser's website later using the same browser and buys something there. Google states that DoubleClick cookies do not contain any personal information. The marketing tools used cause your browser to automatically establish a direct connection to the Google server. We have no control over the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By embedding DoubleClick, Google receives information that you have called up the corresponding part of our website or clicked on one of our advertisements. As soon as you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or are not logged in, the provider may still will obtain and store your IP address. 

You can permanently disable cookies being set for advertising preferences by downloading and installing the browser plug-in available from the following link:

Alternatively, you can obtain information about setting cookies from the Digital Advertising Alliance at and make settings for this. Finally can set your browser to inform you when cookies are being set. You can also decide whether you wish to accept them individually and whether you wish to prevent the acceptance of cookies in certain cases or in general. If you choose to disallow cookies, it may limit your ability to use our website in full. You can view additional information and the privacy policies concerning advertising and Google here:

Facebook Remarketing / Retargeting (Custom Audiences)

We use "Facebook Pixel" on our website from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). This serves the purpose of presenting interest-based advertisements to visitors to our website when they visit the social media network Facebook. A Facebook pixel has been implemented on our website for this purpose. A direct connection to the Facebook servers is established over this pixel when you visit our website. Doing so transmits to the Facebook server that you have visited our website and Facebook assigns this information to your personal Facebook user account. We would like to point out that, as the provider of this website, we have no knowledge or information about how Facebook uses this data. For more information about how Facebook collects and uses this data, as well as your rights in this regard and options for protecting your privacy, please refer to the Facebook Privacy Policy at We ourselves do not disclose customer data to Facebook.


Personalised information and offering from trbo GmbH, Leopoldstr. 41, 80802 Munich (

We want to design our website in the best possible way and in order to do so we work with external service providers whose tracking tools we use to manage and improve our online services, in particular to measure the use of our online services and the effectiveness of our online advertising. This helps us to understand which pages are particularly attractive to the users of our services, which products our customers are most interested in and which individual offerings we should make to our website users.

The data collected and used in this context is only ever stored under a pseudonym (e.g. a random identification number) and is not merged with personal data about you (e.g. name, address, etc.) Where external service providers have access to the data, this is takes place exclusively on our behalf and under our control.

In technically terms, the tracking tools used use what are known as "cookies" and "web beacons" to collect the following information: Which pages are visited when, how often and in what order, which products are searched for, which links or offerings are clicked on and which orders are placed:

If you do not want us to collect and use information about how you use of our website in this way, you can object to this by clicking on the following link (what is known as "opt-out"):

You can set a corresponding opt-out cookie to this end, which does not contain any data suitable for tracking, but merely facilitates the recognition of your objection to data collection so that it is no longer takes place.


We embed functional and content elements into our online offering which are obtained from the servers belonging to their respective providers (hereinafter referred to as "third-party providers"). For example, this can comprise graphics, videos or city maps (hereinafter uniformly referred to as "content").

This embedding always presupposes that the third-party providers of this content process the IP addresses of users, since they would not be able to send their content to users' browsers without the IP address. This means the IP address is needed to display this content or functions. We make every attempt to use the type of content where the supplier only uses the IP address to deliver the content. Third parties may also use what are known as pixel tags (invisible graphics, also referred to as 'web beacons') for statistical or marketing purposes. These 'pixel tags' can be used to analyse information, such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but not limited to, technical information about the browser and operating system, referring websites, time of the visit and other information regarding the use of our online offering.

If we ask users for their consent to use third parties, the legal basis for processing data is consent (Art. 6 (1) (1) (a) GDPR). Apart from that, user data is processed on the basis of our legitimate interests (i.e. our interest in efficient, economic and recipient-friendly services) (Art. 6 (1) (1) (f) GDPR). In this context, we would like to draw your attention to the information on the use of cookies in this Privacy Policy.

Google Maps

We embed the maps from the “Google Maps” service provided by Google. The data to be processed may include IP addresses and location data in particular, which however is not collected without your consent (usually by making the appropriate device settings: the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website:; privacy policy:; opt-out): opt-out plugin:, settings for displaying advertisements:


We embed the "reCAPTCHA" function in order to be able to recognise whether entries (e.g. in online forms) are made by people and not by automatically operating machines (what are known as "bots"). The data processed may include IP addresses, information on the operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with reCAPTCHA on other websites, possibly cookies and the results of manual recognition processes (e.g. answering questions asked or selecting objects in pictures). The service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website:; privacy policy:; opt-out: opt-out plugin:, settings for displaying advertisements:


We maintain an online presence on social networks and platforms in order to communicate with customers, prospective customers, interested parties and users who are active there and to inform them about our services. When accessing these networks and platforms, the terms and conditions and data privacy statements of the respective operators apply.

When you visit our website, no personal data is initially disclosed to the plug-in providers. You can identify the plug-in provider from the marking on the box above the initial letter or the logo. We open up the chance for you to communicate directly with the plug-in provider over the button. The plug-in provider only receives information about you accessing the corresponding website online offering if you click on the marked field and by doing so activate it. With Facebook and Xing, according to statements by the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, your personal data is transferred to the respective plug-in provider and stored there. Since the plug-in provider collects data by specifically using cookies, we recommend that you delete all cookies over the security settings in your browser.

We have no control over the data collected and the data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing and the storage periods. We also have no information concerning the deletion of the data collected by the plug-in provider.

The plug-in provider saves the data collected about you as a user profile and uses it for advertising, market research and/or the needs-based design of their website. Such an evaluation is in particular carried out (also for users who are not logged in) for showing needs-based advertising and to inform other users of the social network about the activities you undertake on our website. You have a right object to the creation of these user profiles, and should contact the respective plug-in provider to exercise your right if you wish to do so. We offer you the chance over the plug-ins to interact with the social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for using the plug-ins is formed by Art. 6 (1) (1) (f) GDPR.

The data is disclosed regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you press the activated button and link the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social media network, in particular before activating the button, since doing so allows you to avoid being assigned to your profile with the plug-in provider.

Further information about the purpose and scope of data collection and the processing of data by the plug-in provider can found in the privacy policies from said providers as given below. The privacy policy also contains further information about your rights in this relation and setting options for protecting your privacy.

The addresses of the respective plug-in providers and URL of their data protection information:  

We use the following plug-ins and apps on our website:


The plug-in and app we use are from, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") You can find the link to the Facebook privacy policy here:


The plug-in we use is from Instagram, which is operated by Facebook Ireland Limited, 4 Grand Square, Dublin 2, Ireland ("Instagram") You can find the link to the Instagram privacy policy here:


We maintain fan pages on several social media platforms. We provide information about our company on these platforms and customers, interested parties and users who are active there can communicate with us directly.

User data is usually also processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the interests of the users that result from this. In turn the user profiles can be used, for instance, to place advertisements on and outside the platforms, which presumably correspond to the interests of the users. Cookies are usually stored on users' computers for these purposes, which store the behaviour and interests of the users. What is more, data may also be stored in the user profiles irrespective of the devices the users use (especially if they are members of the respective platforms and are logged in to them).

As a rule, profiles are created there from the users' behaviour and data, which is primarily used to place advertisements on and outside the platforms that correspond to their presumed interests. This takes place by setting cookies on the devices used or independently of them if the users are members of the respective platforms and logged in to them. The legal basis for this form of data collection is formed by Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimising our service with regard to effective communication and information as well as marketing our offerings. If the respective platform providers ask users for explicit active consent to data processing, the legal basis for this is formed by Art. 6 (1) (a) and Art. 7 GDPR.

When using the platforms, the integration of external tracking services may, in individual cases, result in data being transferred to recipients outside the European Union, which can result in risks for the user, especially with regard to the enforcement of users' rights.

For a detailed description of the respective processing instanced and options available for objecting (opt-out), please refer to the information from the providers linked below.

In the case of requests for information and the assertion of user rights, we would like to point out that these can most effectively be made directly to the platform providers. Only these have access to the data from users and can take appropriate measures and provide information. You are welcome to contact us, of course, if you still require any further assistance.


You are entitled to receive information about personal data that concerns you. You can contact for information about this at any time. (Art. 15 GDPR)

In the even that you make a request for information other than in writing, please understand that we may ask you to prove that you are the person who you claim to be.

Insofar as you are legally entitled to do so, you also have the right to have your data corrected or deleted, or have its processing restricted. (Art. 16, Art. 17 and Art. 18 GDPR) 

You also have the right to object to its processing in accordance with the legal requirements. The same applies to a right to data portability. (Art. 21 GDPR)

If we process your personal data based on consent, you are entitled to revoke the consent at any time for the future without affecting the legality of any processing performed based on the consent given up to the time of revocation. (Art. 7 (3) GDPR)

You have the right to request to receive the relevant data you have provided us with in accordance with Art. 20 GDPR and request that it is transferred to others.

You have the right to appeal to a data protection supervisory authority concerning our processing of your personal data. (Art. 77 GDPR)


The data we process is deleted or limited in its processing pursuant to Art. 17 et seq. GDPR. Unless explicitly stated in this Privacy Policy, the data we store is deleted as soon as it is no longer required for its purpose and its deletion does not contravene any statutory storage obligations. Processing will be restricted if the data is not deleted because it is required for other and legitimate purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that has to be retained for business or tax reasons.


The website and this Privacy Policy contain links to external websites over whose content THOMAS SABO has no influence. For this reason, THOMAS SABO cannot accept any liability for the content, quality, nature or reliability of said external websites. Setting a link does not signify any support or approval for the information or services offered on the respective pages. The respective provider or operator of any linked website is the sole party responsible for its contents.


We reserve the right to change or amend this Privacy Policy as necessary. We will publish the change here. You should therefore visit this website regularly to find out about the current status of this Privacy Policy.

Last updated: 04/03/2024