A. Responsible person
In accordance with Art. 4 para. 7 DSGVO and other national data protection laws of the European Union, the responsible party is
B. General information on data processing
1.1 Scope of processing personal data
We process your personal data only to the extent necessary to provide our website, content and services. We collect and use your personal data only after your consent, or if the processing of the data is permitted by law.
1.2 Legal basis of the processing of your personal data
Basically, data protection results in a prohibition subject to permission. This means that the processing of personal data is generally illegal, unless the data subject has given his or her consent or a legal reason for consent legitimizes it.
Therefore we are obliged to inform you about the legal basis of the data processing.
- Art. 6 para. 1 lit. a DSGVO is the legal basis for the processing of personal data which we obtain on the basis of your consent
- Art. 6 para. 1 letter b DSGVO is the basis for processing operations which are necessary on the basis of concluded contracts or for the implementation of pre-contractual measures
- Art. 6 para. 1 lit. c DSGVO is the basis for the fulfilment of legal obligations to which we are subject. For example, legal storage and retention obligations.
- Art. 6 para. 1 lit. d DSGVO is necessary to protect vital interests of the person concerned or another natural person;
- Art. 6 para. 1 lit. e DSGVO which is in the public interest or is performed in the exercise of official authority delegated to the person responsible;
- Art. 6 para. 1 lit. f DSGVO is necessary to protect the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data outweigh these, in particular if the data subject is a child
1.3 Transfer of your personal data to third parties and processors
Without your express consent, we do not normally pass on personal data to third parties. If a transfer does take place, this is only done on the basis of the legal basis mentioned under 1.2. Data that we transfer is then, for example, data to payment service providers, shipping service providers, etc., insofar as this is necessary for the contractual performance. On the basis of Art. 28 DSGVO we partly transfer your data within the scope of a so-called order processing. The so-called order processors are selected by us and are obliged to protect your data in accordance with the DSGVO and the BSDG-neu obligated service providers.
1.4 Deletion of your data and storage period
Your data will be deleted or blocked as soon as the purpose of storage is revealed. A storage beyond that can take place, however, if appropriate laws, ordinances or regulations, to which we are subject, provide for this. This can, for example, concern data that must be stored for tax or commercial law reasons, for example, sales contracts, offers or other invoice data.
C. Rights of data subjects
If your personal data is stored or processed by us, you are a data subject within the meaning of the DSGVO. This is accompanied by rights against us as the responsible party, about which we will inform you in the following:
2.1 Right to withdraw a declaration of consent under data protection law
If the processing of your data is based on your consent (Article 6 paragraph 1 letter a DSGVO), you have the right to revoke that consent at any time. This does not affect the lawfulness of the processing of your data up to the time of the revocation.
2.2 Right of information
You have the right to obtain information about whether we process personal data concerning you. If this is the case, you can still obtain information about the following:
- Processing purposes
- Category of personal data processed
- Recipients or categories of recipients to whom the personal data has been or will be disclosed.
- if possible, the planned duration of data storage or, if this is not possible, the criteria for this duration
- the existence of the right to delete or rectify the personal data concerning you and the right to request that we limit or object to the processing
- the existence of a right of appeal to a supervisory authority
- if the data was not collected from you, detailed information on how the origin of the data came about
- whether there is an existence of automated forms of decision making including profiling according to Art. 22 para. 1 and 4 of the DSGVO and, if so, whether meaningful information on the logic involved exists
Following a request for information from you, we will provide you within 30 days with a copy of your personal data that is the subject of processing.
2.3 Right of rectification
You have the right to request the completion of incomplete data included in the data processing, also by means of an additional declaration. You also have the right to ask us to correct your personal data immediately if they are incorrect.
2.4 “Right to be forgotten” – Right to deletion
You have the right to ask us to delete any personal data concerning you immediately, and we are obliged to delete personal data immediately if one of the following reasons applies
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
(b) the data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing.
(c) the data subject lodges an objection to the processing pursuant to Article 21(1) and there are no legitimate legitimate legitimate grounds overriding the processing, or the data subject lodges an objection to the processing pursuant to Article 21(2).
(d) the personal data have been processed unlawfully.
(e) erasure of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject
(f) the personal data have been collected in relation to information society services offered in accordance with Article 8(1)
If we have made the personal data public and we are obliged to delete it pursuant to paragraph 1, we shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to this personal data or to make copies or replications of your personal data.
The right to be forgotten does not apply to the extent that the processing is necessary
(a) to exercise the right to freedom of expression and information
(b) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) on grounds of public interest relating to public health, in accordance with Article 9(2)(h) and (i) and Article 9(3);
(d) for archiving, scientific or historical research purposes in the public interest or for statistical purposes, as referred to in Article 89(1), in so far as the right referred to in paragraph 1 is likely to make it impossible or seriously prejudicial to the purposes of such processing; or
e) to assert, exercise or defend legal claims.
2.5 Right to limit processing
You have the right to request the controller to limit the processing if one of the following conditions is met:
(a) the accuracy of the personal data is disputed by the data subject, for a period of time sufficient to enable the controller to verify the accuracy of the personal data
(b) the processing is unlawful and the data subject refuses to have the personal data deleted and requests instead that the use of the personal data be restricted;
(c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to exercise or defend his rights; or
(d) the data subject has lodged an objection to the processing pursuant to Article 21(1), pending the determination as to whether the legitimate reasons on the part of the controller outweigh those of the data subject.
Where processing has been restricted in accordance with paragraph 1, such personal data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If you have obtained a restriction on processing in accordance with paragraph 1, as notified by us before the restriction is lifted
2.6 Right to data transferability
You have the right to receive the personal data concerning you which you have provided us with in a structured, common and machine-readable format and you have the right to transfer such data to another responsible party, without hindrance from us, to whom the personal data has been provided, provided that
(a) processing is based on an authorisation as referred to in Article 6(1)(a) or Article 9(2)(a) or on a contract as referred to in Article 6(1)(b); and
(b) processing is carried out by means of automated procedures.
When exercising your right to data transfer as per paragraph 1, you have the right to obtain that the personal data be transferred directly from us to another controller, insofar as this is technically feasible.
The exercise of the right referred to in paragraph 1 of this article is without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
2.7 Right of objection
They shall have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data relating to them carried out pursuant to Article 6(1)(e) or (f), including profiling based on those provisions. We shall no longer process personal data unless we can demonstrate compelling legitimate reasons for processing which outweigh the interests, rights and freedoms of your person, or unless the processing is for the purpose of asserting, exercising or defending legal claims. Where personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing. In connection with the use of information society services, you may exercise your right of objection by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
D. Use of our online offer
The use of our online offer is basically possible without revealing your identity. In the following, we explain how, when and in what context the website processes data, which third-party services we have implemented, how this works and what happens to your data.
3.1 Your data when you visit our website:
If you use our website for information purposes only, we only collect information that your web browser transfers to our server. The data is collected for reasons of the representability of the website, the security and stability of the website.
- IP address of the user
- Date and time of the request
- Access Status / HTTP Code
- Website from where the retrieval is done
- Your operating system
- Language and version of your browser
- Date and time of the request
This data is stored for a maximum of 7 days in so-called log files. A storage of the data with other data from you is not carried out. The storage takes place on the basis of Art. 6 para. 1 lit. F DSGVO.
3.2 Usage of cookies
3.3 Contact forms and e-mail contact
On our website you will find the possibility to contact us via contact form or e-mail. Herewith we fulfill the duty to enable a fast electronic communication with us. E-mail will be processed and stored by us for the purpose of processing your inquiry in accordance with Art. 6 para. 1 lit. c DSGVO. We delete the inquiries as soon as they are no longer required and there is no legal retention period. We would like to point out that e-mail cannot currently be regarded as a secure communication medium.
3.4 Customer data
In order to fulfill our contracts, we use your data for legally compliant processing. This concerns:
First name, surname, e-mail, address, telephone number, age
This data will not be used for any other purpose. The legal basis for the collection regulates: Art. 6 paragraph 1 letter b