PRIVACY STATEMENT – IN ONE SET
” We process the necessary personal data to advertise, advise and sell our products and services if we like it. “
Admittedly, this one sentence shortens many details of our data processing and storage, but it shows what is important to us, we want to present our products in the best possible way and offer them for purchase in a convenient manner – without collecting unnecessary data or even selling them to third parties . But some data is essential, such as a shipping address for a successful delivery.
We therefore want you to know when and how we store which data, how we use it, which protective measures we have taken and of course what rights and options you have. We have tried to explain this in a way that is generally understandable, but should we not be able to do this at all points or you should have further information on data protection at Bresser GmbH, we are available at the email address firstname.lastname@example.org for questions.
FULL PRIVACY STATEMENT
In the following, we would be happy to explain all details regarding the type, scope and purpose of the processing of personal data – hereinafter simply referred to as “data” – within Bresser GmbH and the online offers it operates (such as websites and shops, social media profiles, external online presences) Etc.)
The terms used in our data protection declaration, such as “processing” or “responsible person” are based on the definitions of the General Data Protection Regulation (GDPR) in Article 4.
“Personal data” means the GDPR all information that relates to an identified or identifiable natural person (hereinafter “data subject”); An identifiable person is a natural person who can be identified directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, the expression of the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data. This includes practically every handling of personal data.
“Responsible person” is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data.
RESPONSIBLE FOR DATA PROCESSING
Managing Director: Helmut Ebbert
Data Protection Officer : Andreas Tschirpke, email@example.com
WHAT TYPES OF DATA ARE PROCESSED?
• Inventory data (name, address etc.)
• Contact data (telephone number, e-mail address etc.)
• Content data (e.g. comments, ratings, general text input, image and video data)
• Usage data (including websites accessed, access times, interest in Content, etc.)
• Metadata (e.g. IP addresses, device information)
• Contract data ( e.g. subject matter, terms, customer classification)
• Payment data ( e.g. bank details, payment history etc.)
WHICH PERSONS ARE AFFECTED?
All visitors and users of the online offers, prospective customers, customers (hereinafter collectively referred to as “users”)
FOR WHAT PURPOSE ARE THE DATA COLLECTED?
• Provision of online offers including its content and functions
• Communication with customers, users and interested parties (including answering contact inquiries)
• Marketing, range measurement
• Troubleshooting and security measures
LEGAL BASIS OF DATA PROCESSING
The processing of personal data is generally not lawful unless it is legitimized by at least one legal basis, referred to in Art. 6 Para. 1 of the GDPR. Unless otherwise stated below, these legal bases apply according to Art. 13 GDPR:
• Art. 6 para. 1 lit. a and Art. 7 GDPR form the legal basis for obtaining consent
• Art. 6 Para. 1 lit. b GDPR serves as the legal basis for the processing to fulfill our services and the implementation of contractual measures (fulfillment of the contract) and to answer inquiries.
• The legal basis for the processing to fulfill our legal obligations is based on Art. c GDPR
• Art. 6 para. 1 lit. f GDPR is the legal basis for processing to protect our legitimate interests.
DATA DISCLOSURE AND PROCESSING BY THIRD PARTIES
In principle, we endeavor to minimize the transfer of data to third parties, but in some cases this cannot be avoided or would affect the quality of our services. If we grant third parties or contract processors access to data, transfer it or otherwise disclose it, this is done on one of the above legal bases (consent, fulfillment of contract, legal obligation or legitimate interests on our part). If we commission third parties to process data, this is regulated by an “order processing contract” according to Art. 28 GDPR, if required. For example, the use of an external web host based on our legitimate interests, your consent to the sending of a newsletter,
DATA PROCESSING OUTSIDE THE E
Processing of data outside the European Union (EU) or the European Economic Area (EEA), by us or by using third-party services, only takes place on the basis of your consent, to fulfill (pre) contractual obligations, on the basis of legal obligations or on the basis our legitimate interests. If there are legal or contractual permits, data processing in a third country, by us or third parties, is only carried out if the conditions of Art. 44 ff GDPR are met. For example, there must be suitable safeguards to secure the data, such as the EU’s recognition of a sufficient level of data protection under the “Privacy Shield” agreement with the USA or the obligation to officially recognized protective measures under so-called “standard contractual clauses”.
As data subjects, i.e. people whose data are processed, they have various rights to influence their own data themselves:
Right to information: according to Art. 15 GDPR you have the right to know whether and which of your data has been processed. You also have the right to have a copy of this data. This copy must be made in a common, processable format, which enables data to be transferred to another person responsible (data processor).
Right to correctness: According to Art. 16 GDPR, data subjects have the right to request the correction or completion of their own data.
Right to deletion: You can request that your data be deleted immediately (Art. 17 GDPR) or that further processing be restricted (Art. 18 GDPR)
Right to lodge a complaint: In accordance with Art. 77 GDPR, you can lodge a complaint with the responsible supervisory authorities at any time.
Right of withdrawal: Consent given can be revoked at any time with future effect in accordance with Art. 7 Para. 3 GDPR. Processing of your data on the basis of our legitimate interests, in accordance with Art. 6 (1) lit. f, you can object at any time for reasons arising from your particular situation. In particular, you can object to processing for direct marketing purposes at any time without giving reasons.
In order to exercise your rights vis-à-vis us, we ask you, unless otherwise specified, to contact our data protection officer.
Cookies are small files that are generated and processed when you visit a website. They can contain different information, but are primarily used to save user information (e.g. desired language) and to be able to call it up again when the page is called up again, otherwise this information would have to be made every time the page was called up. A distinction is made between temporary session cookies, i.e. those that are only saved for the duration of the website visit and are deleted when the browser is closed, and permanent or persistent cookies. The latter remain even after the browser is closed, for example to save the user’s login status. However, this also gives you the option of recognizing users and creating a profile of your page views.
To operate our online offers, we use both temporary and permanent cookies in order to be able to provide the full range of functions. We clarify this in the context of our data protection declaration.
If you do not want cookies to be stored on your device, you have the option of regulating this in the settings of your browser and possibly deleting existing cookies. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browser under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari: https://support.apple. com / kb / ph21411? locale = de_DE
Opera ™: http://help.opera.com/Windows/10.20/de/cookies.html
In addition, many browsers offer additional Extensions the possibility to restrict cookies based on various regulations or to prevent profiles from being created.
Some websites offer the possibility of a general objection to cookies for online marketing purposes (comparable to the so-called Robinson list), e.g. the EU website https://www.youronlinechoices.com/ or the US website https: //www.aboutads. info / choices / .
Without cookies, our online offers may have functional restrictions.
We delete data that we process in accordance with Art. 17 GDPR or restrict their use in accordance with Art. 18 GDPR. Unless otherwise specified, we will delete data as soon as it is no longer needed for its intended purpose and there are no legal requirements for storage. In the case of statutory retention requirements or other legally permissible purposes (e.g. commercial or tax law reasons) that prevent deletion, the processing of the data is restricted.
The retention periods in Germany are 6 years in accordance with Section 257 (1) HGB and 10 years in accordance with Section 147 (1) AO.
HOSTING SERVICES BY THIRD PARTIES
As part of processing on our behalf, a third-party provider provides the hosting and presentation services for us. This serves to safeguard our legitimate interests, which predominate in the context of a balance of interests, in a correct presentation of our offer (Art. 6 Para. 1 lit.f GDPR). All data that is collected as part of the use of this website or in the forms provided in the online shop as described below is processed on its servers. Processing on other servers only takes place within the scope explained here.
This service provider is located within a country of the European Union or the European Economic Area.
ACCESS DATA AND LOGFILES
Every access to our online offers is based on our legitimate interest in the correct delivery of our offer within the meaning of Art. 6 Para. 1 lit. f GDPR, logged in so-called log files. The following access data is incurred: location and status of the requested resource, date and time, browser type and version (including operating system), previously visited page, IP address and the requesting provider.
This data is only used to ensure trouble-free operation, avoid misuse and improve our online offerings. For security reasons (clarification of improper access), this data is stored for a maximum of 7 days and then deleted. If extracts from it are required for evidence purposes, they are only stored temporarily until the respective incident has been clarified.
PERFORMANCE OF CONTRACTUAL SERVICES
To fulfill our contractual obligations and provide services (including pre-contractual) acc. Art. 6 para. 1 lit. b GDPR, we process inventory and contract data. Mandatory fields in online forms are required for a contract, such as the specification of a delivery address for the delivery of purchased goods.
When using our online services, we save the IP address and the time of individual user actions. The storage takes place on the basis of our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. This data is not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with. Art. 6 para. 1 lit. c GDPR.
PROVIDING CONTRACTUAL SERVICES
We process usage data such as purchase history, visited pages of our online offers, interest in our products but also content data (e.g. details in the customer account or contact form) for marketing purposes in a user profile. This enables us to offer users content based on services previously used (e.g. suitable accessories, support options). This is done on the basis of our legitimate interest in the economic operation of our online offerings and the optimization of its functions in accordance with Art. f GDPR.
After expiry of statutory warranty obligations or comparable obligations, the data will be deleted. This is checked regularly, but at the latest every three years. Information in the customer account remains until it is deleted.
To fulfill your order, we use the following service providers to ensure the optimal order, payment and delivery process. Depending on the process, personal data is transmitted for this purpose. Unless explicitly mentioned, the fulfillment of the purchase contract in accordance with Art. 6 Para. 1 lit. b the legal basis for the processing and transfer of the data.
USE OF PAYMENT PROVIDERS
When paying by credit card, debit card, immediate transfer, purchase on account via Heidelpay or PayPal, payment is processed via the payment service provider “Heidelpay” from Heidelberger Payment GmbH, Vangerowstrasse 18, 69115 Heidelberg, to whom we pass on the data you have provided during the ordering process exclusively for the purpose of payment processing . The data will only be passed on to the extent that it is actually required for payment processing. Heidelpay transmits your data for the execution of the payment – if necessary – in accordance with Art. 6 Para. 1 lit. b GDPR in turn to HUELLEMANN & STRAUSS ONLINESERVICES SA, 1, Place du Marché, 6755 Grevenmacher, Luxembourg.
During the final payment processing, this data can then be forwarded to the actual payment service chosen. This is the payment method “PayPal” PayPal (Europe), S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (data protection declaration: https://www.paypal.com/de/webapps/mpp / ua / privacy-full ) and with the payment method “Sofortüberweisung” Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (data protection declaration: https://www.sofort.de/datenschutz.html )
With the payment method “purchase on account via Heidelpay”, you will be asked in the ordering process to enter your personal data (first and last name, street, house number, postcode, place, date of birth, email address and telephone number). In order to protect our legitimate interest in determining the solvency of our customers, we collect this data in accordance with Art. 6 Para. 1 lit. f GDPR for the purpose of a credit check to Heidelberger Payment GmbH, Vangerowstr. 18, 69115 Heidelberg (hereinafter referred to as “Heidelpay”). Based on the personal data you have provided and other data (such as the shopping cart, invoice amount, order history, payment history), Heidelpay checks whether the payment option you have selected can be granted with regard to payment and / or bad debt risks. According to Art. 6 Para. 1 lit. f GDPR, identity or credit information from the following credit agencies may also be included:
- SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden
- CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22763 Hamburg
- Arvato Infoscore GmbH, Rheinstrasse 99, 76532 Baden-Baden
- Deltavista GmbH, Kaiserstrasse 217, 76133 Karlsruhe
- UNIVERSUM Business GmbH, Hugo-Junkers-Strasse 3, 60386 Frankfurt am Main
- Bisnode International Group, Robert-Bosch-Strasse 11, 64293 Darmstadt
- Regis24 GmbH, Wallstrasse 58, 10179 Berlin
- Creditreform AG, Hellersbergstrasse 12, 41460 Neuss
The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is used, among other things, but not exclusively, to calculate the score values.
You can object to the processing of your data at any time by sending a message to our data protection officer or to Heidelpay. However, Heidelpay may still be entitled to process your personal data if this is necessary for contractual payment processing.
When paying via “PayPal Plus” and the variants offered there, PayPal, direct debit, credit card and – if offered – “purchase on account”, we give your payment details as part of the payment processing to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. The data will only be passed on to the extent that this is necessary for payment processing.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be authorized to process your personal data if this is necessary for the contractual payment processing.
Central order management
After successful acceptance of an order through our online shop or external shopping platforms, the order data (inventory data, contract data and payment information) can be transferred to a central platform. This is done on the basis of our legitimate interest in coordinating and optimizing the flow of goods and processing orders for our and online offers as well as external sales channels (such as eBay). This server is operated on our behalf by brickfox GmbH, Silberburgerstr. 148, 70176 Stuttgart operated in Germany.
For this we have concluded an order processing contract in accordance with Art. 28 GDPR with brickfox.
The final processing of the order data to fulfill the purchase contract takes place within our ERP system in a customer and order data management. The information provided during the order (inventory data, contract data and payment information) is saved and processed.
The order data will be deleted at the earliest after the possible objection or warranty obligations have expired, provided storage is due to commercial or tax law reasons in accordance with Art. 6 Para. 1 lit. c GDPR is not necessary. Customer data remains stored when used actively (at least once every 36 months). A customer can have their data deleted at any time by sending a message to our data protection officer, unless this contradicts legal or tax regulations or influences our rights to enforce existing claims or use in legal disputes. In this case, the use of the data is restricted to these purposes.
The need for storage is checked every three years.
Data transfer to shipping service providers
To fulfill the contract in accordance with Art. 6 Para. 1 lit. b GDPR we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.
If you have given us your express consent for this during or after your order, we will give you this in accordance with Art. 6 Para. 1 lit. a GDPR forward your email address and telephone number to the selected shipping service provider so that they can contact you before delivery for the purpose of delivery notification or coordination.
The consent can be revoked at any time by sending a message to our data protection officer or directly to the shipping service provider at the contact address listed below. After revocation, we will delete the data you have provided for this, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond that, which is permitted by law and about which we inform you in this declaration.
DHL, Deutsche Post AG, Charles-de-Gaulle-Strasse 20, 53113 Bonn ( https://www.dhl.de/de/toolbar/footer/datenschutz.html )
DPD, DPD Deutschland GmbH, Wailandtstrasse 1, 63741 Aschaffenburg ( https://www.dpd.com/de/siteutilities/data_protection )
GLS, General Logistics Systems, Germany GmbH & Co.OHG, GLS Germany-Straße 1-7, 36286 Neuenstein ( https://gls-group.eu/DE/de/datenschutz-standard )
GEL Express, GEL Express Logistik GmbH, Jakob-Kaiser-Str. 3, 47877 Willich ( http://www.gel-express.de/index.php?mainmenu=datenschutz&submenu=datenschutz&sprache=german )
Kuehne + Nagel, Kuehne + Nagel (AG & Co.) KG, Großer Grasbrook 11-13, 20457 Hamburg ( https://de.kuehne-nagel.com/de_de/footer-links/datenschutzerklarung/ )
UPS, United Parcel Service Germany S.à rl & Co.OHG, Görlitzer Straße 1, 41460 Neuss ( https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice. page? )
In addition to the aforementioned shipping service providers, we reserve the right to commission other service providers on a comparable basis in individual cases or under special order conditions (such as bulky goods, special transport services, etc.).
USER ACCOUNT / REGISTRATION
As an option to use our online shops, users can create a customer account. The required mandatory information (e.g. inventory data) is requested when registering using the online form. Optional information such as a mobile phone etc. can be made voluntarily by the user.
The data entered is used to use the online offer.
In the event of changes in the scope of the offer, information on registration or other technical circumstances, we can inform registered users by email.
Via the customer account itself, users can have their registration deleted or have the data protection officer delete it. In this case, related data will be stored, provided that it is kept for commercial or tax reasons in accordance with Art. 6 Para. 1 lit. c GDPR is not necessary, deleted. There is no entitlement to access after termination of the customer account. We also reserve the right to delete all user data irretrievably during the term of the contract.
To protect against misuse or unauthorized use, we save the IP address and the time of user registrations and logins. This is done on the basis of our legitimate interest (Art. 6. Para. 1 lit. f) to protect us and our users from misuse. Except for the pursuit of any claims or on the basis of a legal obligation according to Art. 6 Para. 1 lit. c we will not pass this data on to third parties and delete or anonymize it after a maximum of 7 days.
We offer buyers of our products, depending on the product, an extended guarantee beyond the statutory minimum warranty. To take advantage of this extended guarantee, the customer must register using an online form. First and last name, email address and the type and time of the purchased product are mandatory. This data is based on our legitimate interest in avoiding improper use of guarantee services in accordance with Art. 6 Para. 1 lit. f GDPR processed and stored for the period of the extended guarantee.
All other information such as dealers, occasions for purchase, etc. are voluntary and serve statistical purposes. We process these on the basis of consent in accordance with Art. 6 Para. 1 lit. a GDPR. This consent can be revoked at any time by contacting our data protection officer, otherwise we will also save this data for the period of the extended guarantee.
If you contact us, be it by phone, email, contact form, social media, or other communication channels, we process the transmitted information (e.g. inventory data, content data and, if applicable, metadata) in accordance with Art. 6 Para. 1 lit. b GDPR to process the request. The data can be stored and processed in a customer relationship management (CRM) system or a comparable system.
If inquiries are no longer required, they will be deleted. This is checked regularly every two years. This does not affect the statutory archiving obligations, in particular the statutory retention period in the form of an email archive according to GoBD should be mentioned here.
COMMENTS, CONTRIBUTIONS, PRODUCT RATINGS
For user-generated content such as comments, contributions, ratings, etc., the IP address is stored for 7 days in addition to the actual content data. On the basis of Art. 6 para. 1 lit. f. GDPR, we have a legitimate interest in letting the author of potentially illegal content (e.g. insults, prohibited political propaganda, etc.) be identified, since we could be held liable ourselves. In such cases, the IP address would be kept for the duration of the procedure.
Sending evaluation reminders by email
If you give us your express consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use your email address as a reminder to submit a rating of your order using the rating system we use.
This consent can be revoked at any time by sending a message to the contact option described below.
Review reminder by Trusted Shops
If you give us your express consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will send your email address to Trusted Shops GmbH, Subbelrather Str.15c, 50823 Cologne (www.trustedshops.de), so that they can send you a review reminder by email.
This consent can be revoked at any time by sending a message to the contact option described below or directly to Trusted Shops.
Interested parties have the option of our newsletter, which informs at irregular intervals about products and services and related events (campaigns, trade fairs, natural events, etc.), provides inspiration for their possible uses, or reports on our company and its activities.
We use the service provider CleverReach GmbH & Co. KG, Mühlenstr. To send the newsletter. 43, 26180 Rastede, Germany. You can find the data protection provisions here: https://www.cleverreach.com/de/datenschutz/ . The processing takes place on the basis of our legitimate interests to offer a smooth newsletter (Art. 6. Para. 1 lit. GDPR) for which an order processing contract was concluded in accordance with Art. 28 Para.
The service provider can use the recipient data in pseudonymous form, i.e. without the possibility of identifying the user, to technically optimize or statistically evaluate its services. Under no circumstances does he use the recipient’s data to pass them on to third parties or write to them himself.
The registration for the newsletter is done to confirm the consent and to verify the user data by means of a double opt-in procedure. After registration, we send a separate e-mail using the form in which you are asked to confirm your registration, in the form of an individual registration link. Your information will only be added to the e-mail distribution list when this link is activated. In order to comply with our legal documentation requirements, the time of registration and the IP address are recorded.
In addition to the e-mail address, no data is required, a name can be given voluntarily for personal contact and the possible subject areas can be narrowed down.
A transparent image file, a so-called web beacon, is linked to measure the success of the newsletter. When the newsletter is opened, this link is opened and transmits not only technical data about your system (e.g. email program or browser and operating system version), but also the time of access and your IP address. This information is stored and processed statistically, thereby determining when and what content was opened. Based on the IP address, conclusions can also be drawn about the call locations. This enables us to adapt our newsletter more precisely to the wishes of the readers. For technical reasons, this information can also be assigned to individual recipients, but this is neither our intention nor that of the newsletter service provider used.
We only send our newsletter on the basis of the consent of the recipient or a legal permission.
The recipient’s consent according to Art. 6 Para. 1 lit. a GDPR and Art. 7 GDPR in conjunction with Section 7 (2) No. 3 UWG and the legal permission from Section 7 (3) UWG form the basis for sending our newsletter. The logging of the registration is based on our legitimate interest in proving consent in connection with a user-friendly and secure newsletter system in accordance with Art. 6 Para. 1 lit.f GDPR.
Consent to receive the newsletter can be withdrawn at any time, free of charge and easily. In every newsletter there is a direct link to unsubscribe or by sending a message to our data protection officer.
In order to be able to prove a previous registration and thus to be able to defend our legitimate interest in defense against any legal claims, we can save e-mail addresses that have been removed for up to 3 years before we delete them. A direct deletion is possible if you confirm to us that there was prior consent.
In order to analyze and optimize the economic operation of our online offer, we use this legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR, the web analytics service Google Analytics. This is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google creates analyzes and evaluations on the use of our online offerings and related services based on the information collected. This creates pseudonymous user profiles.
To make it difficult to identify individual user profiles, we only use Google Analytics with active IP anonymization. The IP address of the users within the EU or the EEA is shortened so that clear assignment is no longer possible. In exceptional cases, the complete IP address can be transferred to Google, where it will only be shortened there. The transmitted IP address is not merged with other Google data.
On the following pages you will find further details on the use of data by Google as well as options to object and object:
MARKETING AND REMARKETING
Based on our legitimate interest in the analysis, optimization and economic operation of our online offers within the meaning of Art. 6 Para. 1 lit. f GDPR, we use marketing and remarketing services from third parties.
We use the marketing services to present our products and services to our and external online offers based on their potential interests. Remarketing refers to the advertising of products and services based on previous website visits. For this purpose, on our and other websites that actively use the re / marketing services, a program code is executed by the service provider which integrates so-called “web beacons” in the form of linked (invisible) files. When this file is called up, information about the called-up page including technical details such as browser and operating system including version numbers, the referring website (referrer), time of access and IP address of the user are transmitted to the server of the integrated service.
In the case of marketing services operated by Google, our Google Analytics settings shorten the user’s IP address within a member state of the EU or the European Economic Area and, in exceptional cases, transfer them completely to Google in the USA, where they are then shortened . The IP address is not merged with user data from other Google services.
An individual identification in the form of a cookie or a comparable technology is stored on the user’s device in order to assign the aforementioned data to a user and to be able to recognize him again. These cookies can be set from various domains, such as doubleclick.net, google.com, googleadservices.com, googlesyndication.com, invitemedia.com and admeld.com. This information can be combined on the part of the provider with other information sources in order to create a comprehensive interest profile of a user. On the basis of this, an attempt is again made to display ads relevant to the user.
The marketing services we use are “Google AdWords”, “Google AdWords Remarketing” and “Doubleclick” which are operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. As part of its certification under the Privacy Shield Agreement, Google offers guarantees to comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI ).
Google processes the user data in a pseudonymized form, so that interest profiles are not assigned to an individually identifiable person, for example by name or email address, but rather an abstract identification number. With a sufficient amount of information, conclusions could still be drawn about individual people. If the user has expressly allowed Google to use his data without pseudonymization, this will not be used. The collected user data of the Google marketing services are transmitted to Google and stored on servers within the United States.
The “Google AdWords” service we use assigns an individual conversion cookie for each AdWords customer in order to prevent the tracking of individual cookies beyond the websites of AdWords customers. The cookies are used to register certain user actions, so-called conversions (such as buying goods, signing up for newsletters, etc.) and recording them statistically. This means that success rates can be determined for defined goals, but it is not possible to identify individual users.
We can use the “Google Tag Manager” to use and manage the Google analysis and marketing services in our online offers.
Google itself publishes extensive information on its own data usage for its marketing services at: https://www.google.com/policies/technologies/ads
You can object to the use of interest-based advertising by Google by opting out here: http://www.google.com/ads/preferences . Or you observe the information on cookies in the context of this data protection declaration.
In parallel, we use the “remarketing” and “sponsored products” services of the online marketing provider Criteo GmbH, Gewürzmühlstr. 11, 80535 Munich. With these services, too, user data is collected using the technologies described above (see above). Criteo can also combine this data with information from other sources. The processing is pseudonymous, i.e. information that makes individual people identifiable (e.g. name) is replaced by technical IDs and IP addresses are only used in a shortened form. If Criteo data is communicated, then only in the form of encrypted hash values that do not allow identification.
To personalize the purchasing process, we use the “Retail Rocket” service from Retail Rocket Germany GmbH, Horbeller Str. 31, 50858 Cologne. With these services, too, data from the users are collected using the technologies described above (see above) and stored in cookies or the internal memory of the browser. This includes information about each page view, page view of the product category, page view of the product, shopping cart events, purchase, website search, newsletter registration, mouse clicks for product recommendation modules, mouse clicks in e-mails sent by Retail Rocket, interaction with widgets on the website by Retail Rocket. This information is stored for 24 hours.
You can find the provider’s detailed data protection regulations at: https://retailrocket.de/datenschutzerklarung/
In order to be able to communicate with our customers, interested parties and users online via our own online offerings and to be able to present our products and services, we maintain online presences within external social networks and platforms. The terms and conditions and data processing guidelines of the respective operators apply there.
We process data of users who communicate with us via these channels or provide us with content, unless otherwise specified in our data protection declaration, to the extent that users publish them to us.
In the context of our legitimate interests in the analysis, optimization and economic operation of our online offers in accordance with Art. 6 Para. 1 lit. f GDPR, we integrate content from third-party providers, such as videos or maps. For technical reasons, the IP address of the user is transferred to the respective service, since this is necessary to display the integrated content for the user. We therefore try to integrate it so that the IP address is only used to deliver the content.
Linked tracking elements, such as invisible graphics, so-called “web beacons”, allow third-party providers to transmit data, such as page views including the time of access, technical information on the browser and operating system, original website or other information on use on our online offerings. collect for statistical or marketing purposes. By storing them in cookies, this information can also be used across multiple pages or periods and linked from multiple sources:
We integrate maps via the online service Google Maps. This is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Data protection declaration: https://www.google.de/intl/de/policies/privacy/
Presentations are integrated through the online service Speaker Deck, which is operated by GitHub Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA.
Data protection declaration: https://help.github.com/articles/github-privacy-statement/
We embed videos via the online service YouTube. This is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA, which in turn belongs to Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Data protection declaration: https://www.google.de/intl/de/policies/privacy/
Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and the collected ratings and to offer Trusted Shops products to buyers after placing an order.
This serves to protect our legitimate interests in an optimal marketing of our offer, which predominate in the context of a balance of interests, in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str.15C, 50823 Cologne.
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to the site.
Further personal data will only be transferred to Trusted Shops, provided you have given your consent to this, decide to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.
DATA PROTECTION NOTES IN THE APPLICATION PROCESS
We process applicant data only in the context of the application process and taking into account the legal requirements. The processing takes place on the basis of Art. 6 Para. 1 lit. b GDPR to fulfill our (pre) contractual obligations and to Art. 6. Para. 1 lit. f GDPR if the processing of applicant data becomes necessary as part of legal procedures or legal requirements. Section 26 BDSG (new) also applies.
Basically, we rely on the applicant to provide us with his data for the application process. This usually includes personal data, inventory data and documents suitable for the application (e.g. cover letter, curriculum vitae, certificates). Applicants can also voluntarily provide us with further information. By submitting this data, applicants agree that we process the data for the purposes of the application process.
Special categories of personal data, such as health data or ethnic origin (in accordance with Art. 9 Para. 1 GDPR), which the applicant has given us voluntarily on the basis of Art. 9 Para. 2 lit. b GDPR. If we request special categories of personal data in the application process, they will be processed on the basis of Art. 9 Para. 2 lit. a GDPR.
When submitting application data by email, please note that the data is not encrypted by default. If desired, the applicant must take care of this independently (e.g. PGP file encryption). In addition, only the e-mail address published in job advertisements should be used, as other e-mail addresses can be archived in accordance with our legal requirements.
In the event of a successful application, we can further process the data for the purposes of the employment relationship. Rejected or withdrawn applications will be deleted six months after the application process. This period serves to safeguard our obligations to provide evidence from the Equal Treatment Act and to clarify any queries. Tax documents, such as invoices for reimbursement of costs, are archived in accordance with tax regulations.
On our company site (s) we use optical-electronic devices, such as video cameras, to protect our house rights according to § 4 Para. 1 No. 2 BDSG (new), such as the prevention or investigation of theft or property damage. In addition, the entrance areas are recorded in order to be able to exercise our legitimate interest in access control or logging in accordance with Section 4 (1) No. 3 BDSG (new).
Access areas (e.g. entrance doors, gates, driveways) and exhibition areas are recorded. Public areas or employee workplaces are not recorded.
There is no automated evaluation of the video data. The data can be stored for a maximum of 3 working days, after which it is deleted. Exceptions to this are sections that are required to exercise our rights, in which case they will be kept for the duration of the processing of the process.