We manage our web sites in accordance with the principles set out below:
We undertake to comply with statutory data protection regulations and endeavouralways to take into account the principles of data avoidance and data minimisation.
a) The controller, within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other statutory data protection regulations, is:
Represented by the Managing Director Marius Wolf
Phone.: +49 89 414 175 80
Fax: +49 89 414 175 899
b) The Date Protection Officer of the controller is
Unterdürrbacher Str. 8
We have designed our PrivacyStatement in accordance with the principles of clarity and transparency. However, should there be any ambiguity regarding the use of various terms, the corresponding definitions can be found here.
We process yourpersonal data - such as your last name, first name, e-mail address, IP address,etc. - only if there is a legal basis for doing so. Three specific rules comeinto consideration here, in accordance with the General Data ProtectionRegulation (GDPR):
a) You have given us your consent to the processing of your personal data for oneor more purposes. See Art. 6 (1) (1) (a) GDPR. In this context, we will inform you in detail of the purposes of the processing and document your express consent.
b) Processing of your personal data is necessary for the performance of a contract or to take steps prior to entering into a contract with you. See Art.6 (1) (1) (b) GDPR.
c) Processing of the personal data is necessary to protect our legitimate interests, except where such interests are overridden by your own or by your fundamental rights and freedoms. See Art 6 (1) (1) (f) GDPR.
However, we will always inform you at the appropriate points of the legal basis on which your personal data is being processed.
Your personaldata will not be transferred to third parties for purposes other than thosereferenced below. We will only transfer your personal data to third parties if:
a) You have given your express consent in accordance with Art. 6 (1) (1) (a) GDPR,
b) The transfer is necessary in accordance with Art. 6 (1) (1) (f) GDPR for thepurpose of asserting, exercising or defending legal claims, and there is no reason to assume that you have an overriding interest worthy of protectionin your data not being transferred.
c) There is a legal obligation to transfer the data in accordance with Art. 6(1) (1) (c) GDPR, and
d) this is legally permissible and necessary for managing contractual relationships with you, in accordance with Art. 6 (1) (1) (b) GDPR.
Westore all personal data which you provide to us only for as long as they arerequired for the purposes for which they were transferred to us, or for as longas required by law. Once the purpose has been achieved, or upon expiry of thestatutory storage periods, we will erase or restrict the data.
This site uses SSL encryption for security reasons and to safeguard the transfer of confidential content, such as any requests you send to us as the operators of the site. An encrypted connection may be identified by the change in the address from “http://” to “https://” and by the padlock symbol in your browser’s address bar.
With SSL encryption activated, the data which you transfer to us cannot be read by third parties.
a) When visiting the Website
When you access our website, information is automatically sent to our web server by the browser being used on your client device. This information is stored temporarily in what is known as a log file. The following information is recorded without any action on your part and stored until it is automatically erased:
• The IP address of the computer making the request
• The date and time of access
• The name and URL of the requested file
• The website from which the site is accessed (referrer URL)
• the browser used and, if applicable, your computer’s operating system and the name of your access provider
The above-referenced data are processed by us for the following purposes:
• To ensure a smooth connection to the website
• To ensure that our website is convenient to use
• Evaluation of system security and stability, and
Data which permit your identification as a person, such as the IP address, will be deleted after 7 days at the latest. Any data stored by us beyond this period will be pseudonymised, so that they can no longer be associated with you. The legal basis for the data processing is Art. 6 (1)(1) (f) GDPR. Our legitimate interest derives from the data collection purposes referenced above. Under no circumstances do we use the data collected for the purpose of identifying you as a person.
b) Contractual relationship
aa) Formation of contract
In establishing the contractual relationship, and pursuant to Art. 6 (1) (1) (b) GDPR, the only mandatory data (indicated by an asterisk) is that personal data which is essential for the performance of the contract.
Any additional data you may choose to provide will only be processed on the basis of the consent you have given in accordance with Art. 6 (1) (1) (a) GDPR. We use this optional data for the purpose of providing (and continuously improving) a customer-friendly service.
For the purpose of dispatching goods, we pass on the necessary data (name, address, e-mail address, telephone number, where these are required for shipping) to the appropriate shipping provider for notification/coordination of shipping and delivery of the goods.
bb) Customer account
You have the option of creating a customer account with us. If you should choose to do so, we will process the following data concerning you:
- Your name
- Your e-mail address
- Your password (encrypted)
- An ID used to refer to you in our system
We process these data to enable you to log in to our site and in order to assign you as a user. This data processing is therefore carried out for the performance of the contract and/or to implement pre-contractual measures in response to your request. The legal basis for the data processing is thus Art. 6 (1) (1) (b) GDPR. If you have placed an order with us, we will also process:
- Your order data
- Your VAT identification number
- Your company name
- The data you submitted, such as presentation data, logos and information resulting from the chat with us.
- If provided:
-- Your website address
-- Your telephone number
We require these data in order to process your order and to optimise our communication with you. The data processing is therefore also based on Art. 6 (1) (1) (b) GDPR.
Please note that any data resulting from the content of your presentation will also be shared with us and thus also processed. We treat all data transferred to us as absolutely confidential, but we would like to recommend that before you forward data from third parties to us, you adequately inform the third parties involved about such disclosure.
You have the option to amend or delete the data in your customer account at any time, or to delete your account altogether. If you make use of this facility, your customer account and all the data contained within it will be deleted immediately.
The data collected by us will be erased after expiry of the limitation period for claims arising from the contract with us, unless there is a legal retention obligation pursuant to Art. 6 (1) (1) (c)GDPR. The standard limitation period is 3 years from the end of the calendar year in which the claim was established and you obtained knowledge thereof, pursuant to Sections 195 and 199 of the German Civil Code [German acronym:BGB]. Thus, for a claim arising in 2018, the limitation period would run from the end of 2018 and expire on 31/12/2021. In this example, we would also delete the data on that date.
cc) Transfer of data when using online payment service providers
If, in the course of the order process, you opt for payment via one of the online service providers we offer, your contact data will be transferred to that service provider in connection with the order in question. The lawfulness of the data transfer derives from Art. 6 (1) (1) (b) GDPR, for the purpose of processing the payment method you selected, as well as from our legitimate interest pursuant to Art. 6(1) (1) (f) GDPR in facilitating user-friendly and uncomplicated payment processes.
Personal data transferred to the online payment service provider usually include first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data relating to the order, such as the number of articles, part numbers, invoice amount, taxes as percentages, invoice information, etc.
This transfer is required to process your order using the payment method you selected, and in particular to confirm your identity and administer your payment, and for purposes of customer relations.
However, please note: Personal data may also be passed on by the online payment service provider to other service providers, subcontractors or affiliated companies, where this is necessary to perform the contractual obligations arising from your order, or where the personal data are to be processed on its behalf.
Depending on the payment method selected via PayPal - for example, invoice or direct debit - the personal data transferred to PayPal are passed on by PayPal to credit agencies. These data are used to verify your identity and check your credit with regard to the order you have placed. You can find out which credit agencies are involved, and what data are generally collected, processed, stored and transferred by the provider in question, in the respective providers’ privacy statements:
PayPal (Europe)S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg,
Adyen B.V. German Branch
Adyen nv, Simon Carmiggeltstraat 6-50 1011 DJ Amsterdam, Niederlande. Adyen
Content of the newsletter and registration data
We will only send you a newsletter if you have ordered this from us and provided your consent in accordance with Art. 6 (1)(1) (a) GDPR. The contents of the newsletter are specifically described during registration. To register for a newsletter, it is sufficient to give your e-mail address. If you choose to provide additional data, such as your name and/or sex, these will be used solely to personalise the newsletter we send you.
Withdrawal of consent
If you no longer wish to receive the newsletter, you may withdraw your consent at any time with future effect. To do this, you can click on the unsubscribe link at the end of each newsletter, or send us an e-mail at the following e-mail address: firstname.lastname@example.org.
The withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.
Use of “MailChimp”
We send our newsletter via the “MailChimp” newsletter service,provided by the Rocket Science Group, LLC (675 Ponce De Leon Ave NE #5000,Atlanta, GA 30308, USA).
The e-mail addresses of our newsletter recipients, as well as their other data described within the scope of this notice, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp may also use these data, based on its own information, to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and presentation of the newsletter or for business purposes, in order to determine which countries the recipients are from. However, MailChimp does not use the data from our newsletter recipients to write to them directly, nor does it forward the data to third parties.
Statistical surveys and analysis
Newsletters sent via MailChimp contain what is known as a “web beacon”, i.e. a pixel-sized file which is retrieved by MailChimp’s server when the newsletter is opened. As part of the retrieval process, the following technical information is initially collected:
- Information about the browser
- Information about your system
- Your IP address
- Time of access
This information is used to improve the services with the aid of the technical data, the target groups and their reading habits, their access locations (identifiable via the IP addresses) and access times.
The statistical data collected also include whether newsletters are opened and when, and which links readers click on in the newsletter. This information may be associated with individual newsletter recipients for technical purposes, but it is not our intention, nor that of MailChimp, to monitor individual users. Rather, the analysis is used to identify patterns in our user’ reading habits and to adapt our content to them, or to send out differing content based on our user‘ interests. Use of the MailChimp newsletter service, conducting statistical surveys and analyses and logging the registration process is based on our legitimate interests pursuant to Art.6(1) (1) (f) GDPR.
Our main focus is on using a user-friendly and secure newsletter system that both serves our business interests and meets our users’ expectations.
Use of “Hubspot"
We also send our newsletter via the “Hubspot” newsletter service, 25First Street, 2nd Floor, Cambridge, MA 02141, USA. Hubspot operates a branch office in Germany at Unter den Linden 26, 10117 Berlin.
Use of the Hubspot newsletter service is based on our legitimate interests pursuant to Art. 6 (1) (1) (f) GDPR. Our main focus is on using a user-friendly and secure newsletter system that both serves our business interests and meets our users’ expectations.
Use of “MixMax
We also use the MixMax service from MixMaxInc, 512 2nd St, San Francisco, CA 94107, USA for sending newsletters.
Use of the MixMax newsletter service is based on our legitimate interests pursuant to Art. 6 (1) (1) (f) GDPR. Our main focus is on using a user-friendly and secure newsletter system that both serves our business interests and meets our users’ expectations.
d) Chat window
We provide a chat window on our website for you to communicate directly with us. The personal data you enter during the chat is used by us in order to correspond with you. The chat history is stored in our database for future correspondence purposes.
If no contractual relationship is established with you, we will pseudonymise all personal data after 3 months. We will evaluate and process the data remaining in order to improve our service and performance. In the event that a contract is concluded, we will store the complete chat history for further performance of the contract.
The legal basis for the data processing is Art. 6 (1) (1) (b) and (f) GDPR, for the implementation of pre-contractual measures in response to your request or to exercise our legitimate interest, i.e. in the performance of our business activities.
e) Contact form / E-mail contact
We provide a form on our website for you to contact us at any time. In order to use the contact form, you are required to enter a name (so that we may address you in person) and a valid e-mail address which we can use to contact you, so that we know whois making the request and we are able to process it.
If you use the contact form to send us requests, your data from the request form will be processed, including the contact details you provided in it and your IP address, pursuant to Art. 6 (1) (1) (b) and (f) GDPR, for the implementation of pre-contractual measures in response to your request or to exercise our legitimate interest, i.e. in the performance of our business activities.
You are also welcome to send us an e-mail using the e-mail address provided on our website. In this case, we will store and process your e-mail address and the data provided by you in the e-mail, pursuant to Art. 6 (1) (1) (b) and (f) GDPR, in order to process your message.
Requests and the data associated with them will be erased no later than 3 months after receipt,unless they are required for further contractual relationship purposes.
f) Callback form
We provide a form on our website for you to request a callback.
In order to use the contact form, you are required to enter a name (so that we may address you in person), a valid e-mail address and a number to call you back on, so that we know who is making there quest and we are able to call you back or arrange a callback appointment.
If you use the form to send us a callback request, your data from the request form will be processed, including the contact details you provided in it and your IP address, pursuant to Art. 6 (1) (1) (b) and (f) GDPR, for the implementation of pre-contractual measures in response to your request or to exercise our legitimate interest, i.e. in the performance of our business activities.
Requests and the data associated with them will be erased no later than 3 months after receipt, unless they are required for further contractual relationship purposes.
g) Google Fonts
We use Google Fonts on our website. This allows us to display fonts there. Google Fonts is a service of Google Inc. (1600 Amphitheatre Parkway, MountainView, California, 94043). Integration of these web fonts into our website is done by accessing a server, usually a Google server in the United States. This may result in the following being transferred to that server and stored by Google:
- Name and version of the browser used
- Website that triggered the request(referrer URL)
- Operating system of your computer
- Screen resolution of your computer
- IP address of the requesting computer
- Language settings of the browser or operating system used by the user
The use of Google Fonts is intended to make it easier to read and view our website and achieve more pleasing graphic design, and is thus based on our legitimate interests under Art. 6 (1)(f) GDPR.
h) Use of Google Maps
Our website uses the Google Maps API. Through the use of Google Maps, information about your use of this website (including your IP address) may be transferred to and stored on a Google server (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043) in the United States.
Google may transfer the information obtained from Maps to third parties if required by law or if third parties process this data on behalf of Google. Your IP address will not under any circumstances be combined with other Google data. However, we must point out that it would technically be possible for Google to identify individual users based on the data received.
We provide you with Google Maps as a service, so that you can accurately identify our location and, if necessary, better plan your visit to us. The use of Google Maps is therefore based on our legitimate interests pursuant to Art. 6 (1) (1) (f) GDPR.
Data processed via cookies are required for the aforementioned purposes for the protection of our legitimate interests and those of third parties, in accordance with Art. 6(1) (1) (f) GDPR.
Most browsers automatically accept cookies based on their settings. However, you can configure your browser either so that no cookies are stored on your client device, or at least so that a message is displayed before a new cookie is stored. If you completely deactivate the cookie feature in your browser, you may not be able to use all the features of our website.
Details of the various types of cookies that we use are as follows:
a) Session Cookies
In order to make your use of our range of services more enjoyable, we use what are known as “session cookies”, to recognise that you have already visited individual pages on our website.
These session cookies are automatically deleted after you have left our site.
b) Temporary Cookies
These temporary cookies are stored on your client device for a specified period of time.
c) Cookies for marketing and optimisation purposes
These cookies are automatically deleted after a specified period of time.
On our website, we use the analysis and tracking tools listed below. The purpose of these is to ensure ongoing optimisation of our website and to tailor it to the needs of customers.
These interests are lawful within the meaning ofArt. 6 (1)(1)(f) GDPR. The purposes of the data processing and thecategories of data are stated in the corresponding tools.
a) Google Analytics
On our website we use Google Analytics (https://www.google.de/ intl/de/about/), a web analytics service from Google Inc. (1600 Amphitheatre Parkway, Mountain View,CA 94043, USA; referred to below as “Google”).
- the name and version of the browser used
-your computer’s operating system
- the website from which the page was accessed (Referrer URL)
- the IP address of the computer submitting the request
- the time of the server request
Is normally transferred to a Google server in the United States and stored there.
However, because we have activated anonymisation on our website, Google performs prior truncation of your IP address within European Union Member States or other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and truncated there.
Google will use this information on our behalf for the purpose of evaluating your use of the website, in order to reports on website activity and to provide other services relating to website and internet usage to us. The IP address transferred by your browser via Google Analytics will not be combined with other Google data.
You can prevent the storage of cookies by using the appropriate settings in your browser software. However, please note that if you do this, you may not be able to make full use of all the features of this website.
You can also prevent the collection of data generated by the cookie and relating to your use of the website(including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
You can prevent the collection of data by Google Analytics by clicking on the following link. Doing this sets an opt-out cookie that prevents collection of your data during future visits to our website: Deactivate Google Analytics
b) Google Remarketing
We use Google Analytics’ remarketing feature to target advertising campaigns (including Google AdWords campaigns) to users who visit our website.
Remarketing presents ads to you which are relevant to you when you visit other websites associated with the Google Display Network, based on information you have accessed during your previous visits to our website.
The DoubleClick cookie enables Google (as well as us and other external advertisers) to target advertising to you that matches your interests, based on your previous visits to our website and/or to other websites. That advertising may be displayed on Google’s websites or on the websites of other Google Display Network operators. We also use the Google Analytics advertising features to analyse the effectiveness of our own advertising campaigns.
You can make personalised adjustments to your Google Adwords settings and you may object to interest-based advertising by Google. In that case, the cookie ID of the DoubleClick cookie (which is individually issued for each cookie) will be overwritten and can no longer be associated with a particular browser.
If you delete all of the cookies from your device, a new DoubleClick cookie may be set. In that case, you will possibly need to renew your objection settings. You can permanently deactive DoubleClick cookies by downloading and installing the appropriate browser plugin via this link: http://www.google.com/settings/ads/plugin. You can deactive the use of third-party cookies for online advertising on the American website http://www.aboutads.info/choices/ or the European one http://www.youronlinechoices.com/.
If you have given consent via your Google account to Google’s association of your web and app browsing with your Google account and to Google’s use of information from your Google account to personalise ads, Google will use your data in combination with Google Analytics dat to create audience lists for cross-device remarketing. For this purpose, Google Analytics will first collect Google-authenticated IDs associated with your Google account for you as a user on our website. Subsequently,Google Analytics will temporarily associate these IDs with Google Analytics data in order to optimise our audiences.
Please click here for an overview of Google’s data privacy and security policies.
c) Google AdWords
We use Google AdWords on our website, an online advertising program from Google Inc. As part of Google AdWords, we also use the conversion tracking feature. With this tool, Google AdWords sets a cookie on your client device when you visit our website via a Google ad.
The cookie will expire after 30 days. The cookie does not create any personal traceability. If you visit our website as a user and the cookie is still working, we and Google will recognise that you clicked on the ad and were redirected to our site. Each Google AdWords customer is assigned a different cookie. Cookies are thus not traceable via the websites of the advertisers.
The data obtained using conversion cookies is used to generate conversion statistics for AdWords customers. From these statistics, as an AdWords customer, we can see the total number of users who reacted to our ad and were redirected to a website with a conversion tracking tag. We do not receive any information by this process which could be used to personally identify you as a user.
Should you wish to decline the tracking process, you can disable the Google conversion tracking cookie via your internet browser.
d) Google AdSense
We use the Google AdSense service from Google Inc. (1600 Amphitheatre Parkway, MountainView, CA 94043, USA) to integrate advertisements into our website.
The information received via cookies and web beacons, your IP address and the delivery of advertising formats, are transferred to a Google server located in the USA and stored there. Google may forward this collected information to third parties where this is required by law or where Google has commissioned third parties to process data on its behalf. However, Google will not combine your IP address with the other stored data.
e) Facebook Conversion Pixel
We use the “Conversion Pixel” (visitor behaviour tracking pixel) from Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). When this pixel is accessed from your browser, Facebook can detect whether a Facebook advert was successful; for example, whether it resulted in an online purchase.
You can change your Facebook settings at https://www.facebook.com/settings?tab=ads,or you can click here if you wish to withdraw your consent to use the Conversion Pixel.
We use the Mouseflow ApS web analysis service (Flaesketorvet 68,1711 Copenhagen, Denmark) on our website.
Mouseflow records the mouse movements and click behaviour of randomly selected visitors to our website. This logging enables us to analyse and gain a better understanding of the behaviour of visitors to our website and thus to come up with ways of improving our site.
You shall have the following rights:
a) Right of access
Pursuant to Art.15 GDPR, you shall have the right to request information about your personal data being processed by us. This right of access includes the following information:
- The purposes of the processing
- The categories of the personal data concerned
- The recipients or categories of recipient to whom your data have been or will be disclosed
- The envisaged data storage period, or at least the criteria used to determine that period
- The existence of the right to rectification, erasure, restriction of processing or objection
- The existence of the right to lodge a complaint with a supervisory authority
- The source of your personal data, where they were not collected by us
- The existence of automated decision-making, including profiling, and, where appropriate, meaningful information about the logic involved.
b) Right to rectification
In accordance with Art. 16 GDPR, you shall have the right to request the prompt rectification of inaccurate or incomplete personal data stored by us.
c) Right to erasure
In accordance with Art. 17 GDPR, you shall have the right to request prompt erasure of your personal data stored by us, unless further processing is required for one oft he following reasons:
- To exercise the right of freedom of expression and information;
- For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
- For reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR.
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1)GDPR, to the extent that the right referenced in a) is likely to render impossible or seriously impair the achievement of the objectives of that data processing, or
- For the establishment, exercise or defence of legal claims.
d) Right to restriction of processing
Pursuant to Art. 18 GDPR, you may request the restriction of processing of your personal data, for one of the following reasons:
- You contest the accuracy of your personal data.
- The processing is unlawful andyou oppose the erasure of your personal data.
- We no longer require the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims.
- You object to processing pursuant to Art. 21 (1) GDPR.
e) Notification obligation
If you have requested rectification or erasure of your personal data or restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18, we will notify all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You may request that we inform you about those recipients.
f) Right to data portability
You shall have the right to obtain the personal data which you have provided to us in a structured, commonly used and machine-readable format.
You shall also have the right to request the transfer of these data to a third party, provided that processing was carried out by automated means and based on your consent pursuant to Art. 6 (1) (1) (a) or Art. 9 (2) (a) or for the performance of a contract pursuant to Art. 6 (1) (1) (b) GDPR.
g) Right to withdraw consent
Pursuant to Art. 7 (3) GDPR, you shall have the right at any time to withdraw consent previously granted to us by you. The withdrawal of consent shall not affect the lawfulness of processing carried out based on that consent before its withdrawal.We may carry out no further processing based on the withdrawal of your consent.
h) Right to lodge a complaint
Pursuant to Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.
i) Right to object
Where your personal data are processed based on legitimate interests pursuant to Art. 6(1) (1) (f) GDPR, you shall have the right pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes. In the latter case, you shall have a general right of objection which we shall implement without the need for your particular situation to be specified. You may exercise your right to object or to withdraw consent simply by sending an e-mail to email@example.com.
j) Automatic individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right shall not apply if the decision:
i: is necessary for entering into, or performance of, a contractbetween you and us,
ii. is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
iii. is based on your explicit consent.
However, such decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in a) and c), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.
If we amend the Privacy Statement, this will be indicated on the homepage and registered customers will be informed by e-mail.
Version of 28.06.2018