Thank you for your interest in our website. As a member of the association of secure and reputable internet shop operators e. V., the protection of your personal data is a serious concern to us. Below we inform you, in a transparent and understandable language, among other things about the data collection and its scope, what your data is used for and what your rights are.
Your data will be collected, stored and processed in compliance with the relevant statutory provisions. Personal information is any type of data that identifies you as a person.
1.) Who is responsible for data processing?
For the purposes of the General Data Protection Regulation (GDPR) and other national data protection laws of member states as well as other data protection regulations, the responsible body is a natural or legal person, alone or together with others about the purposes and means of processing personal data (names, contact details etc.) decides.
Responsible for the data processing on this website is:
2.) What data is collected and processed on our website?
2.1.1 Automated collection of data:
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer, in so-called server log files. These data are partly technically necessary to show you our website. There is no merge with data from other sources. The following data is collected:
• The pages visited
• Used browser types and versions
• The operating system used by the accessing system
• The website from which an accessing system comes to our site
• The date and time of access to the page
• The Internet service provider of the accessing computer
• The used internet protocol address (IP address)
The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the event of a legitimate interest. Our legitimate interest in this case is the reliable and error-free operation of our website. Other processing of this data does not take place.
2.2 Collection of personal data
2.2.1 Data collection and processing using our email address or contact function
For emails or messages via the contact form, we store your data until the completion of the processing of your message. The mandatory information in the form of the contact form can be recognized by the correspondingly marked input fields. The data will be used exclusively for the processing of your request, after completion of the processing your data will be deleted. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the event of a legitimate interest. Our legitimate interest in this case is to answer your message or to process your request.
For emails or messages via the contact form (if available), which are aimed at the initiation of a contract, the commercial and fiscal retention periods of 10 years from the end of the calendar year in which the data was collected shall apply. After expiration of the deadlines, the data will be deleted regularly, unless they are still required for initiation or fulfillment of the contract or we have a legitimate interest in the continuation of storage. The legal basis for data processing in this case is the Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the performance of a pre-contractual measure.
2.2.2 Newsletter function, data processing and possibility of objection.
3.) What are cookies and what data is processed?
3.1 Cookies that are set through our website
If we store other cookies (for example from partner companies or to analyze your surfing behavior) on your device, we will inform you in detail below.
You can set your browser so that you are informed about the setting of cookies and then allow these cookies only in individual cases. Likewise, you can generally exclude the acceptance of cookies or accept them only for certain cases. In addition, you can set your browser to delete set cookies after closing the browser window. Please note that if you do not accept cookies, the functionality of our website may be limited.
3.2 Commentary functions on our website
This feature will save your comment, (if provided) your username (nickname), the time you created your comment, your IP address and your email address. Your data will be stored until the content you have commented on has been completely deleted (or deleted for legal reasons). We reserve the right to delete comments that have been objected to by third parties as being unlawful.
The legal basis for the storage and processing of your comment, the username and the time of writing the commentary is Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which allows us to process the data if you give us your consent. You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
The legal basis for the data processing of your IP address and your email address is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the event of a legitimate interest. Our legitimate interest in this case is to be able to proceed against you in the case of infringements such as insults or propaganda. We need the email address to get in contact with you, if your comment should be objected to by third parties as unlawful.
4.) How is the data saved?
The transfer of personal data takes place exclusively encrypted via an SSL or a TLS connection. This applies to messages about our contact function as well as your order and payment data. By encrypting your sensitive personal data can not be intercepted and viewed by unauthorized third parties. An encrypted connection can be recognized by the fact that the address line of the browser starts with „https: //“ (and the lock icon in the browser line).
The data stored in the systems of our website are secured by passwords and unrecognizable by unauthorized third parties.
Data transmission on the Internet, for example when sending an email, is not 100% secure and may in some cases have security vulnerabilities.
5.) How long is the personal data stored?
How long your personal data is stored with us, depends sometimes on the respective legal retention period. In the case of messages via our contact function and / or via our email address, your data will be deleted after completion of the processing, unless we have a legitimate interest in the continuation of storage.
The commercial and fiscal retention periods are 10 years from the end of the calendar year in which the data were collected. After expiration of the deadlines, the data will be deleted regularly, unless they are still required for initiation or fulfillment of the contract or we have a legitimate interest in the continuation of storage.
6.) What rights do you have vis-à-vis the person responsible for data processing?
6.1 Your right to information according to Art. 15 General Data Protection Regulation (GDPR)
You may request information from the data controller as to whether personal data is being processed by you. If such processing is available, you may also request information about the following for which purposes this personal data is being processed; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed; the planned storage period of your personal data or, if no specific information is available, the criteria for determining the duration of storage; the existence of a right to rectification or erasure of personal data concerning you, the existence of a right to restriction of processing by the person responsible for processing or a right to object to such processing; the existence of a right of appeal to a supervisory authority (responsible is the state data protection officer of the federal state, in which we have our seat – addresses and links can be found here); all available information on the source of the data if the personal data are not collected from the data subject (ie you); the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether the personal data relating to you are transferred to a third country or to an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 General Data Protection Regulation (GDPR) in connection with the transfer.
6.2 Your right to rectification pursuant to Art. 16 General Data Protection Regulation (GDPR)
You have the right to immediate rectification and / or completion to the Data Controller if the personal data you process is inaccurate or incomplete.
6.3 Your right to cancellation pursuant to Art. 17 General Data Protection Regulation (GDPR)
You may require the data controller to delete the personal data concerning you without delay, and the latter is obliged to delete this personal data immediately if one of the reasons stated in Article 17 (1) GDPR is applicable.
The right of cancellation does not exist if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal rights.
6.4 Your right to restriction of processing according to Art. 18 General Data Protection Regulation (GDPR)
You have the right to require the data controller to restrict the processing, as long as the accuracy of the personal information you check is checked, you refuse the deletion of personal data and instead demand the restriction of the use of personal data, the person responsible for the personal data is no longer needed for the purposes of processing, but you need them for asserting, exercising or defending legal claims, or if you have objected to the processing under Article 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.
6.5 Your Right to Information According to Art. 19 General Data Protection Regulation (GDPR)
If you have asserted the right of rectification, erasure or restriction of the processing to the controller of the data processing, it is obliged to notify all recipients to whom the personal data you have disclosed this rectification or deletion of the data or restriction of processing because, this proves to be impossible or is associated with a disproportionate effort.
You have a right to the person responsible to be informed about these recipients.
6.6 Your right to data portability according to Art. 20 General Data Protection Regulation (GDPR)
You have the right to receive in a structured, common and machine-readable format personal data relating to you provided to the Data Controller, and you have the right to transfer this data to another person responsible without interference by the Data Controller; provided that the personal data has been provided, as far as technically feasible.
This right to transfer data shall not apply to any processing necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller of the data.
The right to data portability should not affect the rights and freedoms of others.
6.7 Your right to revoke granted consent according to Art. 77 General Data Protection Regulation (GDPR)
You have the right to revoke your privacy declaration at any time with effect for the future. In the case of a revocation, the data concerned will be deleted immediately, as long as further processing is precluded by a legal basis for processing which does not accept consent. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
6.8 The Automated Decision on a case-by-case basis including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This shall not apply if the decision to conclude or to execute a contract between you and the controller is required by law of the European Union or of the Member States to which the controller is subject and if such legislation is adequate to safeguard your rights and obligations Freedoms and your legitimate interests or with your express consent.
However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With respect to the cases mentioned in 6.8.1 and 6.8.3, the data controller shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller Position and contesting the decision.
6.9 Your right to complain to a supervisory authority pursuant to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you is against the GDPR violates.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the General Data Protection Regulation (GDPR).
6.10 Oposition right
You have the right at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f GDPR takes action to file an objection with effect for the future; this also applies to profiling based on these provisions.
The data controller no longer processes the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications.