In the version as of: 04th February 2021
1. Controller for the Processing of Your Personal Data
1.1. With this data protection information, we seek to inform you what personal data we collect and process from you and the purposes for which we do so. We process your personal information only insofar as you have given your consent herefor or the statutory provisions permit us to do so. The following references to Articles refer to the EU General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR).
1.2. "Controller" for the processing of your personal data as defined in Art. 4 (7) GDPR is
2. Personal Data
Personal data means, inter alia, your personal details (e.g. your name, date of birth, address, nationality), your legitimation details (e.g. your identity card data), your contract and order data including your e-mail address, your technical connection data such as, e.g. your IP address, depending upon the type of payment, your account and payment data, advertising and sales data as well as other comparable data.
3. Collection of Your Personal Data
Within the framework of the processing of your personal data, we differentiate between data which we collect directly from you and data which we obtain from other sources.
3.1. Personal data that we collect from you:
3.1.1. When you are our customer, we process the personal data which you provide to us within the framework of your contact to us (e.g. via contact form, per e-mail or through your customer account). This includes e.g. your name and e-mail address. This takes place according to Art. 6 (1) (b) GDPR for the purpose of performance of the contract concluded with you.
3.1.2. With use of our online shop using your customer account and the contract concluded in connection therewith, we process your notified personal information which is necessary for initiation of this contract through our online shop and for its performance as well as, where applicable, for the rendering of warranty or rescission of the contract, Art. 6 (1) (b) GDPR. This processed data includes, inter alia, your address, date of birth and your account/payment data. Moreover, with the electronic ordering process, your technical connection data shall be collected in addition. You can delete your customer account at any time by sending a message to this effect to email@example.com.
We can also process the data provided by you in order to inform you regarding additional interesting products from our portfolio. The legal basis herefor is Art. 6 (1) (f) GDPR.
3.1.3. Insofar as you access and use our website purely for informational purposes, we only collect such data which is automatically transmitted by your Internet browser. This includes e.g. the date and time of the inquiry to the website, the respective quantity of data transmitted, the website from which the access took place, browser type, browser settings and your IP address. This access data shall be evaluated exclusively for the purpose of ensuring a trouble-free operation of the site as well as improvement of our offering. This takes place according to Art. 6 (1) (f) GDPR on the basis of our legitimate interests in a correct presentation of our offering.
3.1.4. If you are a legal representative or employee of one of our customers, your personal data can be collected insofar as you act in the name of or on behalf of our customer in the business relationship existing with us. This occurs for the purpose of the initiation or, respectively, performance of the contract concluded with you, Art. 6 (1) (b) GDPR.
3.2. Personal data which we obtain from external sources
We can also refer to personal data which is legally collected by another controller and which are also legally transmitted to us such as e.g. publicly accessible information. This includes, inter alia, records of debtors, public registries such as e.g. insolvency notifications or information from the commercial registry as well as from the press or Internet.
4. Transmission of Your Personal Data to Third Parties
We transfer your personal data to processors engaged for this purpose domestically and abroad insofar as this is necessary for commercial or technical reasons. For this purpose, we carefully select the respective processor with which a contract is agreed for processing data on behalf of the controller according to Art. 28 GDPR as well as monitor it carefully. For the purpose of outsourcing of certain business processes, we have a legitimate interest in the conclusion of contracts for processing of data on behalf of the controller with the respective processor in accordance with Art. 6 (1) (f) GDPR.
4.1. We transfer your data for purposes of performance of a contract according to Art. 6 (1) (b) GDPR e.g. to the shipping company entrusted with the delivery of your goods.
4.2. Depending upon which payment service provider you choose during your ordering process, we transfer your payment data for purposes of processing of the payments to the bank commissioned with the payment or the payment service provider (PayPal (Europe) 22-24 Boulevard Royal, L-2449 Luxembourg). This also occurs for purposes of performance of the contract concluded with you according to Art. 6 (1) (b) GDPR. In some cases, the selected payment service provider also collects this data from you itself insofar as you open an account with it. In this case, in the ordering process, you must register via your access data with the payment service provider. In this respect, the data protection declaration of the respective payment service provider applies.
4.3. Your personal data collected through the customer database will be stored on the server of Strato AG, Pascalstraße 10, 10587 Berlin and transferred to it for this purpose. This takes place on the basis of a contract for data processing on behalf of the controller according to Art. 28 GDPR concluded with Strato AG to which we have a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
4.4. For purposes of performance of a contract according to Art. 6 (1) (b) GDPR, we can transmit your personal data in addition to all parties to whom we have assigned rights which result from the contract relationship with you.
5. Transfer of Your Personal Data to a Third Country
Should your data be transferred to a third country, we ensure that the transmission occurs only in such countries which have a level of protection respective to that as defined in Art. 45 (1) GDPR or the controller located in the respective third country has ensured appropriate data protection guarantees. These guarantees can, e.g. be comprised of:
5.1. binding, internal data protection provisions according to Art. 47 GDPR or
5.2. standard protection clauses which were issued by the European Commission according to the examination procedure according to Art. 93 (2) GDPR.
6.1. In addition, cookies are stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive in a way referring to the browser you are using and which provide certain information to the party placing the cookie (in this case: to us). Cookies cannot execute programs or transmit viruses to your computer. They are used to make the Internet more user-friendly and more efficient as a whole.
6.2. This website uses transient as well as persistent cookies. The scope and functionality of these cookies are explained in the following:
6.2.1. Transient cookies are automatically erased when you close your browser. These include, in particular, session cookies which store a so-called session ID that can be used to assign different requests from your browser to the same session. This enables your computer to be recognised when you return to our website. Session cookies are erased when you log off or close your browser.
6.2.2. Persistent cookies are automatically erased after a defined time which may vary depending upon the cookie. You can erase the cookies at any time in the security settings of your browser.
6.3. You can configure your browser settings as desired and, e.g., reject acceptance of third party cookies or all cookies. However, we must point out that this action could have the consequence that you may not be able to use all the functions of this website.
7.1. We have integrated YouTube videos into our online offerings that are stored on http://www.YouTube.com and can be played directly from our website. These are integrated in "Extended Data Protection Mode", meaning that no data about you as a user is transmitted to YouTube if you do not play the videos. The data described in Clause 7.2 will be transmitted only when you play the videos. We have no influence on this data transmission.
7.2. Through your visit to the website, YouTube will be informed that you pulled up the corresponding subpage of our website. The data mentioned above under Clause 3.1.3. of this Declaration are also transmitted. This will occur regardless of whether YouTube makes a user account available through which you are logged in or if there is no user account at all. If you are logged into Google, your data will be directly assigned to your account. If you don't want the information assigned directly to your profile with YouTube, you will have to log out before activating the button. YouTube stores your data as a usage profile and uses it for advertising, market research, and/or user-friendly configuration of its website. Such usage serves particularly (also for users who are not logged in) the purpose of providing customised needs-based advertising and in order to inform other users of the social network of your activities on our website. You have the right to deny permission for such a user profile to be formed, but in order to assert this right you must contact YouTube.
7.3. Further information on the purpose and scope of data collection and its processing through YouTube can be found in the Data Protection Declaration. There you will also receive further information on your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has agreed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
8. Storage Periods and Criteria for the Storage of Your Personal Data
All processed personal data shall only be stored no longer and to the extent than is necessary for us to perform our contractual and statutory obligations. Among other things, data storage is necessary for the performance and execution of the contract including the defence and enforcement of civil law claims within the relevant statute of limitations time periods. According to §§ 195 et seq. German Civil Code (Bürgerliches Gesetzbuch, BGB), this statute of limitations period can be up to 30 years, whereby the general statute of limitations period is three years. Storage obligations and storage time periods resulting therefrom exist also on the basis of tax law, money laundering law, commercial law, tax law and other statutory provisions. The time periods foreseen there for storage/documentation are six to 10 years. In order not to violate the statutory regulations or to lose the possibility of enforcing a claim or to defend ourselves against such a claim, we reserve the right to first erase the data after expiry of the last time period which legitimizes the data storage. All technical access data for purely information visits shall be erased at the latest seven days after the end of your visit to the page.
9. Your Rights
9.1. You have the following rights in dealings with us with regard to your personal data:
You have the right to lodge an objection at any time insofar as reasons exist relating to your particular situation against the processing of your personal data by us which occurs on the basis of Art. 6 (1) (f) GDPR (data processing due to a legitimate interest). If you lodge an objection, we shall no longer process your personal data unless we can prove compelling legitimate grounds requiring protection in favour of processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
Furthermore, you have the right to lodge an objection at any time against the processing of your personal data for direct marketing purposes, Art. 21 (2) GDPR. If you lodge an objection to processing for purposes of direct marketing, we shall no longer process your personal data for such purposes.
9.2. In order to exercise the rights named in Clause 9.1 above, please send an e-mail to firstname.lastname@example.org or to the address stated above under Clause 1.2 above.
9.3. In addition, you have the right to lodge a complaint with the responsible data protection supervisory authority regarding the processing of your personal data by us.