The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other data protection provisions is:
Tel.: +49 (0) 151 12120678
We process personal data of our users in principle only if this is necessary to provide a functional website as well as the content and services. Personal data are processed regularly only with the user’s consent. An exception applies in such cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by statutory provisions.
If we obtain consent from the data subject for processing operations of personal data, Article 6 (1) (a) EU General Data Protection Regulation (GDPR) will serve as the legal basis.
When processing personal data that is necessary for the performance of a contract, to which the data subject is party, Article 6 (1) (b) GDPR will serve as the legal basis. This also applies to processing operations that are necessary to take steps prior to entering into a contract.
If processing of personal data is necessary for compliance with a legal obligation, to which our company is subject, Article 6 (1) (c) GDPR will serve as the legal basis.
In the event that vital interests of the data subject or of another natural person make processing of personal data necessary, Article 6 (1) (d) GDPR will serve as the legal basis.
If processing is necessary for the purposes of a legitimate interest pursued by our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6 (1) (f) GDPR will serve as the legal basis for the processing.
Personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Furthermore, storage can take place if this has been provided for by the European or national legislator in Union regulations, laws or other regulations, to which the controller is subject. Data will also be blocked or erased when a storage period specified by the above-mentioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Each time our website is accessed, data and information are automatically recorded by the computer system of the calling computer. The following data are collected in the process:
(1) information about the browser type and version used
(2) the user’s operating system
(3) the user’s internet service provider
(4) the user’s IP address
(5) date and time of access
(6) websites from where the user’s system accesses our website
(7) websites accessed by the user’s system via our website
(8) HTTP status code
Data are also stored in the log files of our system. Such data are not stored together with other personal data of the user
The legal basis for the temporary storage of the data and log files is Article 6 (1) (f) GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. The user’s IP address must, therefore, remain stored for the duration of the session.
Storage in log files is carried out to ensure the proper functioning of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. Data are not used for marketing purposes in this context.
These purposes also constitute our legitimate interest in the data processing according to Article 6 (1) (f) GDPR.
Data will be erased as soon as they are no longer necessary to achieve the purpose of their collection. Where data are collected for provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this is possible. In such case, the IP addresses of users will be deleted or alienated so that reference to the calling client is no longer possible.
The collection of data for provision of the website and the storage of data in log files is essential for the operation of the website. There is, therefore, no possibility of objection by the user.
A contact form is available on our website which can be used to contact us electronically. If a user exercises this option, data entered in the input mask will be transmitted to us and stored. Such data are:
Alternatively, the user can contact us via the email address provided. In such case, the user’s personal data transmitted by email will be stored.
Data will not be transferred to third parties in this context. Data will be used exclusively for processing the communication.
The legal basis for processing data where the user has given consent is Article 6 (1) (a) GDPR.
The legal basis for processing data transmitted to us in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of contacting us by email is the conclusion of a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.
Processing of personal data from the input mask serves us solely for processing the establishment of the contact. Where the contact is established by email, this also constitutes the necessary legitimate interest in the processing of data.
Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For personal data from the input mask of the contact form and data sent by email, this is the case when the respective communication with the user has ended. The communication has ended when it is apparent from the circumstances that the matter concerned has been conclusively clarified.
The user has the possibility at any time to withdraw his/her consent to the processing of personal data. If the user contacts us by email, the user can object to the storage of his/her personal data at any time. In such case, communication cannot be continued.
The user can revoke/object to the processing of his/her data by email or by post. All personal data stored in the course of establishing the contact will be erased in this case.
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes, where relevant consent of the user has been obtained, is Section 25 (1) TTDSG [German Law on Data Protection and Privacy in Telecommunications and for Telemedia] in conjunction with Article 6 (1) (a) GDPR.
Analytics cookies are used to improve the quality and content of our website. We learn through analytics cookies how the website is used and can continuously optimise our range.
The user can purchase from our Online Shop via our website. Personal data are also collected in the course of this ordering process. It is, therefore, necessary to provide personal data, which are required to process the order and without which a purchase in the Online Shop cannot be made, in order to conclude a contract. This is also the purpose of processing and concerns the following data:
In addition, we collect the payment method selected in the course of the order and, if applicable, payment data such as the credit card number. In this respect there is a possibility that the user will be redirected to the service provider’s website for the payment process. In this respect, the data protection provisions of the respective service provider apply.
Legal basis for data processing
The legal basis for the processing of data is Article 6 (1) (b) GDPR.
Purpose of data processing
By means of the disclosed data, we identify the user as customer, process the order and send the user an invoice. We reserve the right, however, to use the stored data to assert any claims against the user.
Due to commercial and tax law requirements, we are obliged to store address, payment and order data for a period of up to ten years.
For the purpose of delivering ordered goods, we cooperate with logistics service providers/transport companies. The following data can be passed on to them for the purpose of delivering the ordered goods or, if this is necessary, notifying their delivery: first name, surname, postal address, email address, telephone number (e.g. for shipping notices).
The legal basis for the processing of data is Article 6 (1) (b) GDPR.
In the event that the user fails to settle outstanding invoices / instalments despite repeated reminder notice, we can transmit the data required for the execution of collection to a collection agency for the purpose of fiduciary debt collection. Alternatively, we can sell the outstanding receivables to a collection agency (sale of receivables). The latter then becomes the owner of the receivables and asserts the claims in its own name.
The legal basis for data transfer within the scope of fiduciary debt collection is Article 6 (1) (b) GDPR. Data is transferred within the scope of the sale of receivables on the basis of Article 6 (1) (f) GDPR.
We have entrusted PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt/Main, with the processing of payments (credit card, PayPal, Giropay, Paydirekt, SOFORT Überweisung, SEPA direct debit). For this purpose, PAYONE GmbH requires inter alia the name and address, account number and bank sort code or credit card number (including validity period), invoice amount and currency as well as the transaction number of the user. PAYONE GmbH may use this information for the purpose of processing payment and pass it on to us. PAYONE is obliged to treat the information in accordance with German data protection laws. The data protection provisions of PAYONE GmbH can be viewed at https://www.payone.de/datenschutz/.
It is possible to subscribe to a free newsletter on our website. When registering, the user’s email address and the user’s first name and surname are transmitted to us.
At the time of sending the e-mail address, the following data are also stored:
Date and time of registration
The legal basis for the processing of data, where the user’s consent has been obtained, is Article 6 (1) (a) GDPR.
The user’s email address is collected for the purpose of delivering the newsletter.
Data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. The user’s email address will, therefore, be stored as long as the subscription to the newsletter is active.
Subscription to the newsletter can be terminated at any time by the user concerned. For this purpose, there is a corresponding link in every newsletter.
Our homepage can contain links to third-party websites. If the user follows a link to one of these websites, it should be noted that we cannot accept any responsibility or liability for third-party content or data protection conditions. The respectively applicable data protection conditions should be checked before personal data are transmitted to such websites.
Unfortunately, the transmission of information over the internet is not completely secure, which is why we cannot guarantee the security of data transmitted over the internet to and via our website. However, we secure our website and other systems in the best possible way by means of technical and organisational measures against loss, destruction, access, modification or distribution of data by unauthorised persons.
We take precautions to ensure the security of personal data. Data are conscientiously protected against loss, destruction, falsification, manipulation and unauthorised access or unauthorised disclosure.
The user can assert his/her rights regarding the processed personal data at any time using the contact details provided above under “1”. The data subject has the right:
– pursuant to Article 15 GDPR to obtain access to the data processed by us. In particular access can be obtained concerning the purposes of the processing, the categories of data, the categories of recipient, to whom the data have been or will be disclosed, the planned storage period, the existence of a right to request rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, information as to the source of the data, if they were not collected by us, and concerning the existence of automated decision-making, including profiling, and, if applicable, meaningful information about their details;
– pursuant to Article 16 GDPR to obtain without undue delay the rectification of inaccurate data or the completion of data stored by us;
– pursuant to Article 17 GDPR to obtain the erasure of data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
– pursuant to Article 18 GDPR to obtain the restriction of the processing of data if the accuracy of the data is disputed by the user or the processing is unlawful;
– pursuant to Article 20 GDPR to receive the data provided to us in a structured, commonly used and machine-readable format or to obtain transmission to another controller (“data portability”);
– pursuant to Article 21 GDPR to object to processing, if processing is based on Article 6 (1) sentence 1 (e) or (f) GDPR. This is in particular the case if processing is not necessary for the performance of a contract with the user. Unless it is an objection to direct marketing, we will request, when such an objection is exercised, an explanation of the reasons why we are not to process the data as carried out by us. In the event of a reasoned objection, we will examine the factual situation and will either cease or adjust the data processing or demonstrate to the user our compelling legitimate grounds, on the basis of which we continue the processing;
– pursuant to Article 7 (3) GDPR to withdraw consent once given – i.e. the freely given, informed and unambiguous wish, made understandable by a statement or other clear affirmative action, that the user agrees to the processing of the personal data concerned for one or several specific purposes – vis-à-vis ourselves at any time if the user has given such consent. The result is that we may no longer continue the data processing based on this consent in the future; and
– pursuant to Article 77 GDPR to lodge a complaint with a data supervisory authority about the processing of personal data at our company, for example with the data supervisory authority competent for us.