We appreciate your trust and handle your data conscientiously. It is therefore a matter of course for us to inform you in detail about the scope of the processing and use of your data.
DATA PROTECTION
Date updated: July 2nd, 2023
1. Basic information on data processing and legal bases
1.1. This data protection declaration explains to you the type, scope and purpose of the processing of personal data within our online offer and the associated websites, functions and content (hereinafter collectively referred to as “online offer” or “website”). The data protection declaration applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used on which the online offer is carried out.
1.2. The terms used, such as “Personal data” or their “processing” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
1.3. The personal data of users processed in the context of this online offer include inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the websites of our online offer visited, interest on our products) and content data (e.g., entries in the contact form).
1.4. The term “user” includes all categories of persons affected by data processing. They include our business partners, customers, interested parties and other visitors to our online offer. The terms used, such as “Users” are to be understood as gender-neutral.
1.5. We only process personal data of users in compliance with the relevant data protection regulations. This means that user data is only processed if there is legal permission. This means, in particular, if the data processing is necessary or required by law to provide our contractual services (e.g. processing of orders) and online services, the user has given consent, as well as due to our legitimate interests (i.e. interest in analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 Para. 1 lit.f) GDPR, especially when measuring reach, creating profiles for advertising and marketing purposes and collecting access data and using the services of third-party providers.)
1.6. We would like to point out that the legal basis for the consent is Art. 6 Para. 1 lit. a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures Art. 6 Para. 1 lit. b) GDPR, the legal basis for processing in order to fulfill our legal obligations Art. 6 Para. 1 lit. c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 Para. 1 lit. f) GDPR.
2. Data security
2.1 We use the popular SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol in the lower status bar of your browser.
2.2 We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
3. Transfer of data to third parties and third-party providers
3.1. A transfer of data to third parties takes place only within the framework of the legal requirements. In particular, we only pass on user data to third parties if they have given their consent within the meaning of Art. 6 Para. 1 lit. a) GDPR, the disclosure on the basis of Art. 6 Para. 1 lit. b) GDPR is required for contractual purposes or based on legitimate interests in accordance with. Art. 6 para. 1 lit. f) GDPR is justified in the economic and effective operation of our business operations.
3.2. If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
3.3. If, within the scope of this data protection declaration, content, tools or other means are used by other providers (hereinafter jointly referred to as “third-party providers”) and whose registered office is in a third country, it can be assumed that data will be transferred to the third-party providers’ home states. Third countries are countries in which the GDPR is not a directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either when there is an adequate level of data protection, the consent of the user or other legal permission.
4. Provision of contractual services
4.1. We process usage data (e.g., usage of this website, pages visited) and content data (e.g., entries in the contact form) for advertising purposes.
4.2 We use the WordPress platform to run our website.
4.3 We use EasyWP for hosting the website.
4.4 The use of WordPress and EasyWP can lead to personal data of EU citizens being transferred to the USA. The transfer of data to the USA is exceptionally permissible on the basis of Art. 49 Paragraph 1 Clause 1 lit b) if the transfer is necessary for the fulfillment of contractual obligations.
The USA is an insecure third country in which there is no level of data protection comparable to EU standards. Shopify does not offer any other guarantee to make up for this deficit. There is therefore the risk that government agencies will access your personal data through the transmission without you having any effective legal protection options.
5. Contact
5.1. When contacting us (using the contact form or email), the information provided by the user is used to process the contact request and to process it in accordance with. Art. 6 para. 1 lit. b) GDPR processed.
5.2. User information is stored in our customer relationship management system (“CRM system”) or a comparable request organization.
6. Collection of access data and log files
6.1. On the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f) GDPR data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider .
7. Cookies
So-called cookies are used on our website. Cookies are small text files that are stored locally in the cache of the website visitor’s Internet browser. The cookies enable the internet browser to recognize you, e.g. Recognise when using the login area. These are used to make surfing as easy and comfortable as possible for you. If you want to rule out the use of cookies in general, you can do this by making a setting in your browser. In this case, however, this may result in a functional impairment when using our website.
If you consent to the use of cookies, the legal basis for processing is the declared consent in accordance with Section 6 Paragraph 1 Clause 1 lit. a) GDPR.
Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in a business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations, both according to § 6 paragraph 1 sentence 1 lit. f) GDPR.
A list of the cookies we use, descriptions of the purposes of the cookies and further information on the respective cookies can be found in our cookie consent banner.
8. Newsletter
8.1 The following information explains the contents of our newsletter and the registration, dispatch and statistical evaluation procedures and your rights to withdraw – by subscribing to our newsletter, you agree to receive it and to the procedures described. You can subscribe to the newsletter as part of the ordering process or separately via our online shop page.
8.2 Only your email address is required for receiving the newsletter. The provision of further separately marked personal data (first name, surname) is voluntary and will be used to address you personally in our communications if necessary. After your confirmation, we store your email address to send you the newsletter.
8.3 Content of the newsletter: We send emails and other electronic notifications with promotional information (“newsletter”) only with the recipients’ consent or legal permission.
The legal basis for this is your consent as per Art. 6 Para. 1 Sentence 1 lit. a), Art. 7 DSGVO as well as § 7 para. 2 no. 3 UWG.
8.4 Subscriptions to the newsletter are logged to be able to prove the subscription process as per legal requirements.
This includes the storage of the registration and confirmation time and the IP address. The legal basis for collecting and storing this data is Art. 6 para. 1 sentence 1 lit f) DSGVO. The data processing is carried out to prove existing consent. This is the necessary legitimate interest.
8.5 Statistical collection and analyses – The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened (see 8.7.). Within the scope of this retrieval, technical information, such as information on the browser and your system, your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. This information can be assigned to individual newsletter recipients for technical reasons. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The analyses serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The statistical surveys and analyses are carried out based on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) DSGVO. Our interest is to use a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users.
8.6 Revocation – You can revoke your consent at any time with permanent effect. Each newsletter contains an unsubscribe link for this purpose. If you use the unsubscribe link, we will unsubscribe your email address immediately. In addition, you can revoke your consent at any time by writing us via the contact form to cancel receipt of the newsletter for the future. You can withdraw your consent in whole or in part.
This transmission occurs in accordance with Art. 6 Para. 1 Sentence 1 lit. b) DSGVO and serves to initiate or execute a contract. For voluntarily disclosed contact data, the data processing is based on the user’s consent pursuant to Art. 6 Sentence 1 lit. a) DSGVO.
You can also modify or revoke your consent to the use of cookies via the Cookie Consent banner.
9. Integration of other services and content from third parties
In order to be able to provide and continuously improve our services, we rely on the services of the following third-party providers, through which personal data can also be processed. We have selected these third-party providers carefully and in accordance with the provisions of the GDPR.
9.1 A list of the cookies we use, descriptions of the purposes of the cookies and further information on the respective cookies can be found in our cookie consent banner.
9.2 The social network LinkedIn is integrated on our website as a link to the corresponding services. After clicking on the integrated text/image link, you will be redirected to the website of the provider. User information is only transmitted to the respective provider after it has been forwarded. For information on how your personal data is handled when you use this website, please refer to the respective data protection provisions of the providers you use.
10. Rights of data subjects
You have the right to information about the processing of your personal data (Art. 15 GDPR),
for correction (Art. 16 GDPR),
for deletion (Art. 17 GDPR),
if applicable, the right to restricted processing (Art. 18 GDPR),
the right to communication (Art. 19 GDPR),
as well as the right to data portability (Art. 20 GDPR).
The more detailed requirements of the aforementioned claims result from the GDPR and the BDSG.
11. Right to Object
If you want to object to the collection, processing or use of your data by us in accordance with these data protection provisions as a whole or for individual measures, you can send your objection via the contact form.
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. f) GDPR takes place, to lodge an objection (Art. 21 GDPR).
These are cases in which the processing is based on the legitimate interests of the person responsible and the assumption that your legitimate interests in excluding processing do not outweigh them. When exercising such an objection, we ask you to explain the reasons arising from your particular situation. In the event of your objection, we will examine the situation and either stop or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue processing.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you are of the opinion that your personal data is not being processed lawfully. The right of appeal exists without prejudice to any other administrative or judicial remedy.
12. Deletion of data
The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies e.g. for user data that must be kept for commercial or tax law reasons.
According to legal requirements, the storage takes place for 6 years according to § 257 Abs. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years according to § 147 Abs. 1 AO (books, records, management reports, Accounting documents, commercial and business letters, documents relevant for taxation, etc.).
13. Changes to the privacy policy
We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or to changes in the service and data processing. However, this only applies to declarations on data processing. If the consent of the user is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes are only made with the consent of the users. The users are asked to inform themselves regularly about the content of the data protection declaration.