EU General Data Protection Regulation
Unless otherwise stipulated, the provision of your personal data is whether by law nor contractually prescribed and not mandatory for the conclusion of contracts.
In particular, you are not obliged to provide your personal data.
Whereas this only applies, if not explicitly ulterior declarations are made to the following processing operations.
Applicable are the EU General Data Protection Regulations (GDPR).
Besides the provisions of the regulations that are explicitly specified in the following text, is additionally of high relevance for -the acquisition of consent- Art. 6 (1)(a)
and Art. 7 GDPR.
The legal basis for the purpose of processing our services, implementation of contractual measures and responding to queries is Art. 6 (1)(b) GDPR; the legal basis for the processing of fulfilling our legal obligations is Art. 6 (1)(c) GDPR and the legal basis for the processing of the protection of our legitimate interests is Art. 6 (1)(f) GDPR.
“Personal data” is all information that relates to identified or identifiable natural persons.
“Processing” of data is every, with or without support of automatic implemented methods of executing a process or any such operational sequence in connection with personal data, such as surveying, entering, organising, structuring, storing, adjusting or changing, reading-out, retrieving, using, disclosure through transmission, distribution or a different form of provision, matching or linking, restricting, deleting or elimination.
You may visit our websites without having to supply any personal details. With every access to our website usage data is transmitted through your internet browser and saved in protocol files (server-logfiles). This (then saved) user data contains, in particular, the name of the accessed page, date, time of access/visit, the transmitted data volume and the requesting provider. This data acquisition is assessed on the basis of our legitimate interest’s subject to Art.6 (1)(f) and serves to ensure that our online services can operate trouble-free and the improvement of our offers and our services. We are not able to associate theses data with a specific person.
As soon as you contact us or request an offer (for example over a contact form, e-mail, telephone, fax or over social media sites) or you place an order, we will raise, store, process and use your personal data as part of the execution of the ordering process but only so far as this is necessary for the fulfilment, handling and execution of your order or for the purpose of facilitating communication with you as well as the necessity to answer your inquiries/requests.
Surveying, processing and using personal data by contract conclusion
To conclude a contract the provision of data is mandatory. Failure or refusal to supply data has the result that contracts cannot be concluded. The processing is based on Art.6 (1)(b) GDPR and is mandatory for the conclusion of a contract with you and for the implementation of pre-contractual measures. Belonging to processing data is communication data, item and continuance data, contract data and data necessary for payment purposes. This applies to our customers and other individuals who send us inquiries. Purpose of the data processing is that we can answer to inquiries as well as to provide contractual services, especially settlements, delivery and customer service.
We will not disclose your personal data to third parties without your explicit permission to do so. Excepted from this are only our partner service companies, whom we need for the execution of the contractual relationship or service providers needed to conclude the job processing based on Art.28 GDPR. Apart from the in this data protection declaration explicitly declared recipients are these particular recipients of the following categories: transport carriers / dispatch service providers, merchandise management service providers, service providers for order processing / handling, web hosters, IT service providers and
drop-shipping distributors. Furthermore, data will be transferred, within the frame of juridical permissions and mandatory obligations, to tax and legal advisors as well as to public authorities. In third countries data will only be processed, based on Art.44ff GDPR, if necessary for the fulfilment of contracts. In all cases we strictly comply with the statutory requirements. The scope of forwarded data is limited to the necessary minimum required.
Usage of so-called “cookies”
We may utilise temporary or permanent cookies and clarify about this as follows:
Referred to as cookies are small data files that are saved on the user’s computer. Within the cookies various details can be stored. A cookie mainly serves the purpose to save the details of the user (or rather those of the device upon which the cookies are saved) during and also after the visit within the online offer. Referred to as temporary cookies, also known as “session cookies” or “transient cookies” are cookies which are deleted when the user leaves the online offer and closes the browser. Such a cookie saves for example the contents of an online shopping cart or a login-status. Referred to as “permanent” or “persistant” cookies are those which stay saved also after the browser has been closed. That way for example the login-status can be saved so that the user is still registered when going online on that site after many days past. Just as well can in such a cookie the interests of the user be saved, which are used for range measurement or for marketing purposes. Cookies referred to as “third-party-cookies” are those offered by providers other than the responsible provider who operates the online offer (so-called “first-party-cookies” are those offered by the responsible provider her-/himself).
If you do not wish to save cookies on your devices, then you can deactivate the relevant option in the system settings of your browser. Saved cookies can be deleted in the system settings of your browser.
A general objection to the purpose of data saved by usage of cookies can be implemented by a variety of services, especially in the case of tracking, over the US-American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/
The exclusion of cookies can possibly lead to functional limitation of online offers.
Surveying of access data and log files
We collect data based on our justified interests subject to Art.6 (1)(f) DGPR with access to our servers on which this service is running (so-called server-log-files). Belonging to access data is the name of the requested website, data file, date and time of access, transmitted data volume, notification of successful access, browser type as well as version, the operating system of the user, referrer URL (the previously visited site), IP address and the requesting provider.
Log-files information is, out of security reasons (e.g.: investigation of criminal offence related to abusive acts or acts of fraud) saved for a period of maximum 7 days and is deleted after that. Data that needs to be stored for investigation purposes until the respective incident is cleared in final is exempted from deletion.
Online presence in social media
We host online presence within social media networks and platforms, so that one may communicate with and inform active customers, prospective buyers and users of our services and achievements. When accessing the respective networks and platforms the general terms and conditions as well as the data processing policies of the respective provider prevail.
Unless otherwise declared in the framework of this data protection regulation, we will process the user’s data, provided they communicate with us over social networks and platforms, for example: publication of articles on our online presences or by sending us messages.
Embedded services and third-party contents
Within our online offers we use the service and/or content offers of third-parties, for example: incorporation of videos or fonts (subsequently consistently declared as “contents”) based on our justified interests (which are interest in the analysis, optimisation and economical operation of our online offers subject to Art.6 (1)(f) GDPR).
This always requires that the third-party providers register the contents of the IP addresses of the users, as without the IP address they cannot send the contents to the user’s browser.
The IP address is therefore necessary for the presentation of the contents. We endeavour to only use the contents of the respective provider of the IP addresses merely to deliver the contents. Third-party providers can also use so-called “pixel-tags” (hidden graphics, also known as “web beacons”) for statistical or marketing purposes. In using “pixel-tags” information such as visitor traffic on the pages of the website can be analysed. The pseudonymous information can also be saved in cookies on the devices of the users and amongst other contain, as also linkage data from different sources, technical information about the browser and the operating system, referring websites, visiting time as well other details for usage of our online offers.
Newsletter
With the following indications we will inform you of the contents of our newsletters, including the registration, transit and statistical evaluation procedures as well as your right of objection. By subscribing our newsletters, you declare your acknowledgement of receipt and the described procedure.
Content of newsletters: we send newsletters, e-mails and further electronic notifications containing promotional information (hereinafter “newsletter”) only with the consent of the recipients or with legal consent. In conjunction with the registration for newsletters which contents of are concretely outlined is this for the consent of the user significant. Other than that, our newsletters contain information concerning our services and about us.
Double-Opt-In and logging: The registration to our newsletters must be confirmed in a so-called Double-Opt-In process. That means that you will receive an e-mail after your newsletter registration in which you will be requested to confirm your registration. This confirmation is necessary, so that no one has the possibility of registering with e-mail addresses that are not their own. The registrations for newsletters are logged so that the registration can be legally proven. This includes saving the registration and the time and date of registration as well as the IP address. The changes of your saved data will also be registered and logged by mailing providers.
Registration data: to register for our newsletters it is sufficient to transmit your e-mail address. Optionally we request your name to be able to address you individually by name in our newsletters.
The dispatch of our newsletters and the therewith connected measurement of success is based on the confirmation of the recipient according to Art.6 (1)(a), Art.7 GDPR in connection with § 7 (2) no. 3 AAUC or, if a confirmation is not necessary then based on our legitimate interest in direct marketing according to Art.6 (1)(f) GDPR in connection with § 7 (3) AAUC.
The logging of the registration is based on our legitimate interests according to Art.6 (1)(f) GDPR. Our intentions and interests are to provide a user-friendly and safe newsletter system, that does not only serve our company interests but also meets the expectations of our users and the registration of confirmations.
Termination / Withdrawal: you can terminate the receipt of our newsletters at any time, that means, withdraw your confirmation of registration. You will find a link to terminate the receipt of our newsletters at the end of every newsletter. Based on our legitimate interests, we can save the signed-out e-mail addresses for a period of 3 years before we delete these so as to be able to prove a previously given approval. The storage of this data is restricted to the purpose of feasible defence against demands. An individual deletion request is possible at any time, as long as parallel the previous existence of a confirmation is confirmed.
Within our online offer there can be integrated functions and content of Twitter, offered by the Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
In connection there can be for example found: pictures, videos or text and buttons integrated with which users can express their pleasure concerning the content or subscribe to the drafter of the content or our contributions. If the users are members of the platform Twitter, then Twitter can assign the reaction of the above-mentioned contents and functions to the user. Twitter is certified under the privacy-shield-treaty and therefore guaranties to comply with the European data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
https://twitter.com/personalization
Facebook social plugins
Based on our legitimate interests (that means, interest in the analysis, optimisation and economical operation of our online offers subject to Art.6 (1)(f) GDPR) we use social plugins (“Plugins”) of the social network platform facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can contain interactive elements or contents (e.g.: videos, graphics, or articles) and are recognised by one of the Facebook logos (white “f” on blue tiles, the term “like” or a “thumb up” symbol) or these are marked with the addition “Facebook Social Plugin”. The list and the optic of the Facebook social plugins can be seen here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the privacy-shield-treaty and therefore guaranties to comply with the European data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
When a user activates one of these online functions in clicking on one of the above-mentioned symbols, that contain plugins, then the device of the user will connect with the Facebook servers. The content of the plugin is sent directly from Facebook to the device of the user and from there contented with the online offer. As of that point, the processed data can be used to build up a user profile. Therefore, we have no influence over the extent of the data which Facebook obtains with the help of plugins and we therefore inform you according to our information status.
Through the integration of plugins, Facebook receives the information that a user has connected with the specific site of the online offer. When the user is logged in at Facebook, then Facebook can assign the sitting to the Facebook account. When users interact with the plugins, for example in confirming the “like” symbol or add a comment, then this is information is sent from the user’s device directly to Facebook and is stored there.
Even if a user is not a registered Facebook member, there is still a possibility that Facebook registers the users IP address and that this is then stored/saved. According to Facebook, regarding German users, they only store anonymous IP addresses.
The purpose and scope of the data collection and the ongoing processing and use of the data by Facebook as well as your rights and setting options related to this to protect your private sphere are shown in the Facebook data protection information: https://www.facebook.com./about/privacy/.
If a user is a Facebook member and does not want Facebook to collect and store his/her data and assign the actions of the stored and saved data to their Facebook account, the user must be logged out of Facebook and delete the cookies before using our online offers. Further settings and objections to the use of data for advertising and marketing purposes can be undertaken in your Facebook profile: https://www.facebook.com/settings?tab=ads Or over the US-American site: http://www.aboutads.info/choices/ or over the EU-site http://www.youronlinechoices.com/. The settings are platform-independent, that means they will be saved on all devices, such as desktop computers or mobile devices.
Within our online offer there can be integrated functions and content of the platform Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
In connection there can be for example found: pictures, videos or text and buttons integrated with which users can express their pleasure concerning the content or subscribe to the drafter of the content or our contributions. If the users are members of the platform Instagram, then Instagram can assign the reaction of the above-mentioned contents and functions to the user. Instagram`s data protection information:
Http://instagram.com/about/legal/privacy/.
Vimeo
We can integrate videos using the platform “Vimeo” offered by Vimeo Inc., Attention: Legal department, 555 West 18th Street New York, New York 10011, USA.
Vimeo`s data protection information: https://vimeo.com/privacy.
We herewith point out that Vimeo can apply Google Analytics and herewith refer to the data protection information: https://www.google.com/policies/privacy as well as the opt-out-possibilities for Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de or the setting of Google for the usage of data for marketing purposes: https://adssettings.google.com/.
YouTube
We integrate videos using the platform “YouTube” offered by: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection information: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated
Security measures
We apply suitable technical and organisational measures to guarantee an appropriate risk protection level subject to Art.32 GDPR under the consideration of the current technological status, the implementation costs and the method, scope, circumstances, the purpose of processing as well as the various occurrence possibilities and the severity of the risks, for the rights and freedom of natural individuals.
Belonging to the measures we take are especially the securing of confidentiality, integrity and availability of data by controlling the physical access to the data, as well as the concerned access of the data, the input, disclosure, securing the availability and the separation. Furthermore, we have implemented procedures to ensure awareness of the rights of persons concerned, the deletion of data and the applicable reaction to threatened data. Furthermore, we already consider the security of personal data by the development and/or selection of hardware, software as well as methods of implementation, according to the principle of data protection through technology development and implementation and through data protection friendly default settings (Art.25 GDPR).
Duration of data storage
In the case of an inquiry, we will store your data after having reacted to your inquiry and will however delete your data at the very latest with expiry of the next calendar year provided you have not given us your consent to the further processing and usage of your data.
In the case of a concluded contract, we will store your data after full contract conclusion initially for the period of the warranty and possible guarantee deadlines after that we will store your data under the consideration of the legal, especially tax and commercial law retention periods, to be deleted by us upon expiry of these periods.
Rights of the concerned individuals
In the case of the availability of the legal conditions, you have the following rights according to Art.15 to 20 GDPR:
– The right to demand a confirmation if respective data is being processed and disclosure of the respective data as well as further information and a copy of your data (Art.15 GDPR);
– The right of completion and the right of correction of the respective data concerning your person (Art.16 GDPR);
– The right of deletion of your respective data (Art.17 GDPR)
– The right of limitation of the processing of your respective data (Art.18 GDPR)
– The right to receive the respective data provided by yourself concerning your person (Art.20 GDPR)
Furthermore, you have the right of objection according to Art.21 (1) GDPR against the processing of your data that occurs based on Art.6 (1)(f), as well as against the data processing that is used for the purpose of direct advertising. Should this be the case, please contact us in using the contact form or contact us directly via our contact information which you will find in our imprint.
Revocation right
You have the right to revoke issued consent with future effect according to Art.7 (3) GDPR.
Right of objection
You may object to future usage of respective data concerning your person at any given time subject to Art.21 GDPR. The objection may especially be against the processing of data used for purpose of direct advertising.
Right of appeal before the supervisory authorities
According to Art.77 GDPR you have the right to complain to the supervisory authorities, if it is your opinion that the processing of your respective data has not been treated legitimately.