We attribute considerable importance to data protection. Your personal data is collected and processed in compliance with the regulations applicable under privacy law, especially the EU General Data Protection Regulation (GDPR).
Controller for the collection, processing and use of your personal data in terms of Art. 4(7) of the GDPR is
Zum Walkmüller 6
2 General Processing Purposes
We use personal data to operate the website and to establish contact for application purposes and for enquiries.
3 What Data We Use and Why
The hosting services of which we make use serve to render the following services: infrastructure and platform services, computing capacity, disk space and database services, security services and technical maintenance services used by us to operate the website.
In this respect, we or our hosting provider process(es) inventory data, contact data, content data, contractual data, usage data, meta and communication data of customers, interested parties and visitors of this website based on our legitimate interests in an efficient and secure provision of our website purs. to the first sentence of point (f) of Art. 6(1) of the GDPR i.c.w. Art. 28 of the GDPR.
3.2 Access Data
We collect information about your when you use this website. We automatically gather information about your usage behaviour and your interaction with us and register data concerning your computer or mobile device. We collect, retain and use data about every access to our website (log files). The access data includes
- name and URL of the accessed file;
- access data and time;
- data volume transferred;
- notification of successful access (HTTP response code);
- browser type and version;
- operating system;
- referrer URL (i.e. the previously visited page);
- websites viewed from the user’s system through our website;
- Internet service provider of the user;
- IP address and requesting provider.
We use this log data, without allocating it to your person or creating any other profile, for statistical evaluations to operate, secure and optimise our website, but also to anonymously record the number of visitors on our website (traffic) and to analyse the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalised and localised contents and analyse data traffic, to locate and eliminate errors and to improve our services.
This is also our legitimate interest according to the first sentence of point (f) of Art. 6(1) of the GDPR.
We reserve the right to inspect the log data retrospectively where there is a justified suspicion of unlawful use due to specific indications. We retain IP addresses in the log files for a limited period if this is necessary for security purposes or required to provide services or to bill a service, e.g. if you use one of our offers. Following a cancellation of the order process or after receipt of payment, we erase the IP address, provided that it is no longer required for security purposes. We also retain IP addresses if we have definitive suspicion of a crime in connection with the use of our website. Furthermore, we retain the date of your last visit as part of your account (e.g. upon registration, log-in, clicking on links, etc.).
We use ‘session cookies’ to optimise our website. A session cookie is a small text file which is transmitted by the respective servers when you visit a web page and is temporarily stored on your hard disk. This specific file contains what is known as a session ID, with which various requests from your browser can be assigned to the shared session. This will allow your computer to be recognised if you return to our website. These cookies will be deleted after you close your browser. They serve the purpose of allowing you to continue using the shopping basket function on several web pages.
We also make limited use of persistent cookies (which are also small text files that are stored on your end device) which remain on your end device and allow us to recognise your browser when you next visit our website. These cookies will be saved on your hard disk and are automatically deleted after a set period of time. Their lifetime lasts for 1 month to 10 years. In this way we can present our offering on a more user-friendly, effective and secure basis and also show information that has been coordinated to your interests on our website.
Pursuant to the first sentence of point (f) of Art. 6(1) of the GDPR, our legitimate interest in using cookies is to make our website more user-friendly, effective and secure.
The following data and information, for example, is retained in the cookies:
- log-in information;
- language settings;
- entered search terms;
- information about the number of views of our website and the use of individual functions of our online presence.
When the cookie is activated, it will be allocated an identification number, but your personal data will not be assigned to this identification number. Your name, IP address or similar data that would allow the cookie to be assigned to you are not integrated in the cookie. Based on the cookie technology, we only obtain pseudonymised information, e.g. what pages of our shop were visited, what products were viewed, etc.
You can set your browser in such a way that you will be informed of the setting of cookies beforehand, enabling you to decide whether you exclude acceptance of cookies for specific cases or in general or prevent the saving of cookies altogether. This may limit the functionality of the website.
3.4 Data Used to Meet Our Contractual Duties
We process personal data we need to meet our contractual duties, e.g. name, address, e-mail address, ordered products, invoice and payment data. Collection of such data is necessary to conclude the contract.
The data will be erased after the end of the warranty periods and statutory retention periods. Data linked to a user account (see below) will be retained in any case as long as the account is kept.
The legal basis for processing such data is the first sentence of point (b) of Art. 6(1) of the GDPR, since we need such data to meet out contractual duties vis-à-vis you.
3.5 User Account
You can create a user account on our website. If you wish to do so, we need the personal data requested when you log in. During any later log-in only your e-mail address or user name and the password chosen by you will be required.
For a new registration, we collect master data (e.g. name, address), communication data (e.g. e-mail address) and payment data (bank details) as well as access data (user name & password).
To ensure your proper registration and to avoid unauthorised registrations by third parties, you will receive an activation link by e-mail after your registration to activate your account. We will permanently retain the data transmitted by you in our system only after the registration was successful.
You may have us delete a created user account at any time, without incurring any costs other than the transmission costs pursuant to the base rates. To do so, a notification in text form to the contact data stated under clause 1 (e.g. e-mail, fax, letter) is sufficient. In this case, we will erase your stored personal data, unless we still need to retain it in order to process orders or due to statutory retention periods.
The legal basis for processing such data is your consent pursuant to the first sentence of point (a) of Art. 6(1) of the GDPR.
Subscription to the newsletter requires the data requested during the registration process. The newsletter subscription is logged. Following registration, a message will be sent to the e-mail address specified by you, asking you to confirm the subscription (‘double opt-in’). This is necessary to ensure that third parties cannot register using your e-mail address.
You can withdraw your consent to receive and thus unsubscribe from the newsletter at any time.
We retain the registration data for as long as it is required for sending the newsletter. We retain the registration logging and the dispatch address for as long as an interest in demonstrating the originally given consent exists, usually for the limitation periods for civil-law claims, i.e. for a maximum of three years.
The legal basis for dispatching the newsletter is your consent purs. to the first sentence of point (a) of Art. 6(1) i.c.w. Art. 7 of the GDPR i.c.w. Section 7(2)(3) of the UWG (German Act Against Unfair Competition). The legal basis for logging the registration is our legitimate interest in demonstrating that dispatch was effected with your consent.
You can also cancel the registration at any time without incurring any costs other than the transmission costs according to the base rates. To do so, a notification in text form to the contact data stated under clause 1 (e.g. e-mail, fax, letter) is sufficient. Of course, you can also find an ‘unsubscribe’ link in each newsletter.
3.7 Product Recommendations
Irrespective of the newsletter, we will send you product recommendations by e-mail on a regular basis. In this way, we provide you with information about products from our offering which might be of interest to you on the basis of your most recent purchases of goods or services from our company. In doing so, we strictly comply with the legal regulations. You may withdraw your consent to such receipt at any time without incurring any costs other than the transmission costs according to the base rates. To do so, a notification in text form to the contact data stated under clause 1 (e.g. e-mail, fax, letter) is sufficient. Of course, you can also find an ‘unsubscribe’ link in each e-mail.
The legal basis here is the statutory permission pursuant to the first sentence of point (f) of Art. 6(1) of the GDPR i.c.w. Section 7(3) of the UWG.
3.8 E-Mail Contact
If you contact us (e.g. via the contact form or e-mail), we process your information in order to process the enquiry and in the case of further questions.
If the data is processed to take steps at your request prior to entering into a contract or, if you are already our customer, to implement the contract, the legal basis for such data processing is the first sentence of point (b) of Art. 6(1) of the GDPR.
We process further personal data only if you consent to this (first sentence of point (a) of Art. 6(1) of the GDPR) or if we have a legitimate interest in processing your data (first sentence of point (f) of Art. 6(1) of the GDPR). A legitimate interest is, for ex., responding to your e-mail.
4 Google Analytics
This is also our legitimate interest according to the first sentence of point (f) of Art. 6(1) of the GDPR.
Google is certified according to and has agreed to be subject to the Privacy Shield Agreement that has been concluded between the European Union and the USA. On this basis, Google undertakes to comply with the standards and provisions of European data protection law. Further information can be found in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We have enabled IP anonymisation on this website (anonymizeIp). This means, however, that your IP address will first be shortened by Google within EU member states or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. Google will use this information on our behalf to analyse your use of the website, to compile reports on the website activities and to provide us with further services associated with the use of this website and of the Internet.
The IP address transferred by your browser in the context of Google Analytics will not be combined with any other data from Google. You can prevent cookies from being stored by setting your browser accordingly; however, please note that you may not have full access to all website functions in this case.
You can also prevent the data generated by the cookie and relating to your use of the website (incl. your IP address) from being transferred to and processed by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
As an alternative to the browser plug-in or within browsers on mobile devices, you can click on the following link to place an opt-out cookie which will prevent the collection of data by Google Analytics on this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete the cookies in your browser, you must click this link again): [Deactivate Google Analytics]
5 Retention Period
Unless expressly stated otherwise, we will retain personal data only as long as this is necessary to achieve the pursued purposes.
In some cases, the legislator provides for the retention of personal data, e.g. in tax or commercial legislation. In such cases, we will solely continue to retain the data for these legal purposes, but will not process it otherwise and will erase it after the end of the statutory retention period.
6 Your Rights as Data Subject
According to applicable law, you have various rights concerning your personal data. If you would like to assert these rights, please direct your enquiry by e-mail or mail to the address stated in clause 1, clearly identifying yourself.
Please find an overview of your rights below.
6.1 Right to Obtain Confirmation and Access
You have the right to obtain access to clear information regarding the processing of your personal data.
You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed. Where that is the case, you have the right to obtain from us free access to the stored personal data about you along with a copy of such data. Furthermore, you have a right to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data is not collected from you, any available information as to its source;
- the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
If personal data is transferred to a third country or an international organisation, you have the right to be informed of the appropriate guarantees according to Art. 46 of the GDPR in connection with the transfer of such data.
6.2 Right to Rectification
You have the right to obtain from us the rectification of inaccurate and, where appropriate, also completion of incomplete personal data concerning you.
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
6.3 Right to Erasure (“Right to be Forgotten”)
In a number of cases, we are obliged to erase personal data concerning you.
According to Art. 17(1) of the GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- You withdraw consent on which the processing was based according to point (a) of Art. 6(1) of the GDPR or point (a) of Art. 9(2) of the GDPR, and where there is no other legal ground for the processing.
- You object to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
- The personal data has been unlawfully processed.
- The erasure of personal data is required for compliance with a legal obligation in Union or Member State law to which we are subject.
- The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.
Where we have made the personal data public and are obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
6.4 Right to Restriction of Processing
In a number of cases, you have the right to obtain from us restriction of processing of your personal data.
You have the right to obtain from us restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
- you have objected to processing pursuant to Art. 21(1) of the GDPR pending the verification whether our legitimate grounds override yours.
6.5 Right to Data Portability
You have the right to receive, transmit or have us transmitted personal data concerning you in a machine-readable format.
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us, where
- processing is based on consent pursuant to point (a) of Art. 6(1) of the GDPR or point (a) of Art. 9(2) of the GDPR or on a contract pursuant to the first sentence of point (b) of Art. 6(1) of the GDPR; and
- the processing is carried out by automated means.
In exercising your right to data portability pursuant to (1), you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
6.6 Right to Object
You have the right to object to lawful processing of your personal data by us if this is justified by your particular situation or our interests in the processing do not override.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on the first sentence of point (e) or (f) of Art. 6(1) of the GDPR, including profiling based on those provisions. We will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data is processed by us for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) of the GDPR, you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
6.7 Automated Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
There will be no automated decision-making based on the collected personal data.
6.8 Right to Withdraw Consent Given Under Data Protection Law
You have the right to withdraw any consent to personal data processing at any time.
6.9 Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of personal data relating to you is unlawful.
7 Data Security
We do our utmost to protect your data under applicable data protection law and in accordance with technical possibilities.
We transmit your personal data in encrypted form. This applies to your orders and also to the customer log in. We use the SSL (Secure Socket Layer) coding system, but point out that security gaps may exist when transferring data on the Internet (e.g. when communicating by e-mail). It is impossible to fully protect the data against access by third parties.
To secure your data, we use technical and organisational security measures according to Art. 32 of the GDPR, which we continuously update according to the state of the art.
Furthermore, we do not guarantee that our offering is available at certain times; disruptions, interruptions or failures cannot be excluded. The servers we use are secured carefully on a regular basis.
8 Disclosure of Data to Third Parties, no Data Transfer to Non-EU Countries
Generally, we use your personal data only within our company.
If and insofar as we involve third parties to fulfil contracts (e.g. logistics service providers), these will receive personal data only to the extent to which such transfer is necessary for the relevant service.
Where we outsource certain parts of data processing (“contract data processing”), we will contractually oblige contract data processor to use personal data only in line with the provisions of privacy legislation and to guarantee the protection of the rights of the data subject.
A transfer of data to entities or persons outside the EU other than in the case specified in clause 4 of this policy will and is not intended to take place.
9 Data Protection Officer
If you have any further questions or concerns regarding privacy, please contact our data protection officer, Grad. Eng. Uwe Freikamp, at firstname.lastname@example.org or by phone at +49 203 60878 0.