Last updated: Date: 28/07/2018
In der Hinterzelg 2
Type of data processed:
- Inventory data
- Contact details
- Content data
- Contract data
- Payment details
- Use data
- Meta data/communications data
Categories of data subjects:
- Website visitors and users
We will hereinafter also refer to data subjects collectively as ‘users’.
Purpose of processing:
- To make the website, its content and functions available.
- To fulfil contractual performance, provide services and for customer care.
- To respond to contact requests and communication with users.
- For marketing, advertising and market research.
Taking into account the state of technological knowledge, implementation costs and the type, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk; these measures particularly include securing the confidentiality, integrity and availability of data through controls for physical access to data, as well as access, input, sharing, securing availability and separation that relate to it. We have also established a procedure that ensures that data subject rights are observed, data is deleted and threats to data are responded to. Furthermore, we already observe the protection of personal data in the development and/or selection of hardware, software and processes, taken into consideration in accordance with the principle of data protection using technology design and data protection by default.
Security measures particularly include the encrypted transmission of data between your browser and our server.
Working with contract processors and third parties
If, within the context of processing, we disclose data to other persons or companies (contract processors or third parties), send such data to these parties or otherwise grant them access to data, this is exclusively based on a statutory permission (e.g. if the data must be shared with third parties in order to fulfil a contract, for example a payment service provider), if you have provided your consent, if a legal obligation provides for this, or if this is based on our legitimate interests (e.g. when using contractors, web hosts, etc.).
Data subject rights
You have the right to free information about personal data stored by us relating to you and the right to correct, block or delete this data. For this and for further questions about personal data you can contact us at any time using the address above.
Providing contractual services
We process inventory data (e.g. names and addresses, user contact details), contract data (e.g. services used, names of contact persons, payment information) for the purposes of fulfilling our contractual obligations and services. Information marked as mandatory in online forms is required in order to conclude the contract.
When placing orders via our online shop, a user account is automatically set up, which in particular allows you to see your orders. The required mandatory information is shown to users when registering. User accounts are not public and cannot be indexed by search engines. If a user deletes its user account, data that corresponds to the user account is deleted, subject to a retention requirement for reasons pertaining to commercial law or tax law. Users are obligated to secure their data if termination occurs before the end of the contract. We are entitled to irretrievably delete all of the data saved about the user for the contractual term.
The IP address and the time of each user action is saved as part of registration and re-registration, as well as the use of our online services. Storage is based on our legitimate interests, as well as protecting the user from misuse and other unauthorised use. Data is not generally shared with third parties unless this is required in order to enforce claims, or if there is a legal obligation to do so.
We process user data (e.g. the website visited, interest in our products) and content data (e.g. contact form or user profile content) in a user profile for advertising purposes, in order to display information such as product instructions based on the services used.
Data is deleted once guarantee obligations and comparable obligations come to an end, where the requirement of retaining the data is reviewed every three years; with respect to statutory archiving obligations, data is deleted once they come to an end, and information in the customer account remains intact until it is deleted.
Collecting access data and log files
Based on our legitimate interests, we collect data that relates to each time the server, on which this service is located, is accessed (‘server log files’). Access data includes the name of website accessed, the file, date and time of access, the volume of data transferred, notification of successful access, browser type including version, user operating system, referrer URL (the site previously visited), IP address and requesting provider.
For security reasons (e.g. to clarify any misuse or fraud proceedings), log file information is stored for a maximum of seven days and is then deleted. Data that must be stored for the purpose of providing evidence must be excluded from erasure until each incident has been resolved.
Cookies & reach measurement
Cookies concern information that is sent from our web server or third-party web servers to users’ browsers that is stored there to be used at a later date. Cookies can be small files or other information storage types.
We use ‘session cookies’, which are only stored for the duration of the current visit to our website (e.g. to save your login status or shopping cart function and thus to facilitate any website use). A randomly generated unique ID number – a ‘session ID’ may be stored in a session cookie. A cookie also receives information about the origin and storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our website and, for example, log out or close the browser.
If users don’t want cookies to be stored on their machine, they have the option of deactivating cookies in their browser system settings. Stored cookies can be deleted in the browser’s system settings. Deactivating cookies can restrict the functions on this website.
Google is certified under the Privacy Shield Agreement, which provides an additional guarantee of complying with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google uses this information on our behalf to evaluate how users use our website, to compile reports about the activities within our website and to provide other services associated with the use of this website and internet use. In doing so, pseudonym user profiles may be created based on the processed data.
We use Google Analytics to only display adverts from Google and its partners through advertising services to users who have also shown an interest in our website or who have certain characteristics (e.g. interest in certain topics or products, determined based on the websites visited) that we send to Google (‘remarketing’, or ‘Google Analytics audiences’). By using remarketing audiences, we can also ensure that our adverts correspond with users’ potential interests and are not harassing.
We only use Google Analytics if IP anonymisation activated. This means that users’ IP addresses are truncated by Google within the European Union Member States or in other signatory states to the Agreement on the European Economic Area. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases.
The IP address sent from the user’s browser will not be merged with other Google data. The user can prevent cookies from being saved by changing the respective browser settings; the user can also prevent the data generated by the cookie relating to its use of the website from being captured and processed by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You can find more information about how Google uses data, settings and how to object on Google’s web pages: https://policies.google.com/technologies/partner-sites (‘How Google uses information from sites or apps that use our services’), https://policies.google.com/technologies/ads ‘Advertising’), https://adssettings.google.com/authenticated (‘Control the information Google uses to show you ads’).
Integrating third-party services and content
We use content and service offerings from third-party providers on our website to integrate their content and services, such as videos or fonts (hereinafter referred to collectively as ‘content’). This presupposes that the third-party providers of this content use the users’ IP address, as it would not be possible to send content to their browsers without an IP address. The IP address is therefore required in order to display this content. We endeavour to use only use such content where the respective providers solely use the IP address to supply content. Third-party providers may also use ‘pixel tags’ (hidden images, also known as ‘web beacons’) for statistical or marketing purposes. Information such as the visitor traffic for this website’s pages can be evaluated using ‘Pixel tags’. Pseudonym information can also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring web pages, the time of the visit and other information about the use of the website, etc., and be linked to such information from other sources.