Name and contact info for the controller as per Article 4 (7) GDPR
Phone: +49 1515 6383797
Security and protection for your personal data
We consider it our most important task to ensure that the personal data you provided remains confidential and protected from unauthorized access. For this reason, we take utmost care and adopt the latest security standards to guarantee maximum protection for your personal data.
As a company under private law, we are subject to the provisions in the European General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG) regulations. We have adopted technical and organisational measures to ensure that both we and our external service providers meet data privacy regulations.
Definition of terms
- Personal data
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter: “data subject”); an identifiable natural person is regarded as one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more features specific to the physical, physiological, genetic, mental, economic, cultural or social identity of said natural person.
“Processing” refers to any procedure or set of procedures which is performed on personal data or on sets of personal data, whether or not by automated means. These include measures such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, erasure or destruction.
- Restriction of processing
“Restriction of processing” refers to the marking of saved personal data with the aim of limiting their processing in the future.
“Profiling” refers to any type of automated processing of personal data, where the personal data is used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
“Pseudonymisation” refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be associated with an identified or identifiable natural person.
- File system
“File system” refers to any structured set of personal data which is accessible according to specific criteria, irrespective of whether this set is managed in a centralised or decentralised system or dispersed on a functional or geographical basis
“Controller” refers to a natural or legal person, public authority, agency or other body which, solely or jointly with others, determines the purposes and means of processing personal data; if Union or Member State law determines the purposes and means of such processing, Union or Member State law may designate the controller or the specific criteria for their nomination.
“Processor” is a natural or legal person, public authority, agency or other body which processes personal data on the controller’s behalf.
“Recipient” refers to a natural or legal person, public authority, agency or other body to whom/which the personal data is disclosed, whether they are a third party or not. However, public authorities which possibly receive personal data within the bounds of a particular inquiry as per Union or Member State law are not regarded as recipients; the processing of such data by such public authorities shall be in compliance with the applicable data privacy rules according to the purposes of the processing.
- Third party
“Third party” refers to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
The data subject’s “consent” refers to any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of their personal data with a statement or through a clear, affirmative action.
Lawfulness of processing
Processing of personal data is only lawful if there is a legal basis for processing. According to Article 6 (1) lit. a–f GDPR, the legal basis for processing may be the following in particular:
- The data subject has given their consent to the processing of their personal data for one or more specific purposes;
- Processing is required to perform a contract to which the data subject is party or to take steps at the data subject’s request prior to entering into a contract;
- Processing is required to comply with a legal obligation to which the controller is subject;
- Processing is required to protect the data subject’s or another natural person’s vital interests;
- Processing is required to perform a task carried out in the public interest or to exercise official authority vested in the controller;
- Processing is required for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the data subject’s interests or fundamental rights and freedoms which require protection of personal data, in particular if the data subject is a child.
Information on the collection of personal data
(1) You will find information on how we collect personal data when you use our website below. Personal data includes information such as name, address, e-mail address, and user behaviour.
(2) If you contact us by e-mail or using a contact form, we save and store the information that you provide (your email address and possibly your name and telephone number) to answer your questions. We erase the data that you provide in this way when we no longer need to store it or we limit its processing if there is a statutory obligation to retain it.
Collection of personal data from visits to our website
If you are using this website solely to obtain information, i.e. if you have not logged in, registered, or otherwise provided us with information, we will not collect any data except for the data that your browser forwarded to us. If you wish to view our website, we collect the data listed below. We require it for technical purposes, so we can display our website to you and ensure it is stable and secure (legal basis: Art. 6 (1) Sentence 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status /HTTP status code
- Volume of data transmitted
- Website making the request
- Operating system and its interface
- Language and version of browser software
(1) Cookies are also saved to your computer when you use our website in addition to the aforementioned data being collected. Cookies are small text files which are saved to your hard drive and are correlated to the browser you are using. They provide certain information to the party placing the cookie. Cookies are not able to execute programs or transmit viruses to your computer. They are used to make the website more user-friendly and more efficient as a whole.
(2) This website uses the following types of cookies. Their scope and mode of operation are explained below:
- Transient cookies (see a.)
- Persistent cookies (see b.).
a. Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. Session cookies store what is known as a session identifier that can be used to correlate different requests from your browser during the shared session. This allows your computer to be recognised when it returns to the website. Session cookies are deleted when you log out or you close your browser.
b. Persistent cookies are automatically deleted after a specific time period, which may vary, depending on the cookie. You can delete cookies in your browser’s security settings at any time.
c. You can configure your browser settings as required and decline to accept third-party cookies or all cookies, for example. “Third party cookies” are cookies which are placed by a third party and not by the website which you are currently visiting. We point out that you may not be able to use all functions on this website if you disable cookies.
Other functions and offerings of our website
(1) In addition to using our website for purely information purposes, you can also use the different services that we offer. To do so, you generally need to give us further personal data, which we will use to provide the service concerned and to which the aforementioned basic principles on data processing apply.
(2) We also make use of external service providers to process your data at times. We have carefully selected these service providers. They are obliged to comply with our instructions and undergo inspection on a regular basis.
(3) We may also pass on your personal data to third parties when we offer promotional campaigns, competitions, contracts or similar services in conjunction with partners. You can receive more information in this respect if you provide your personal data or see the description of the offer below.
(4) If our service provider or partner has its headquarters in a state outside the European Economic Area (EEA), we will inform of the consequences in a description of the offer.
Our range is generally intended for adults. Persons under 18 years should not transmit any personal data to us without their parents’ or legal guardian’s consent.
Rights of the data subject
(1) Withdrawal of consent
You have the right to withdraw your consent at any time if your personal data is processed as a result of you agreeing to its use. This withdrawal of consent has no impact on the legality of data processing activity up to the point in time when consent was withdrawn.
You can exercise your right to cancellation by contacting us at any time.
(2) Right of confirmation
You have the right to require confirmation from the controller whether we process the personal data concerned or not. You can request confirmation using the aforementioned contact details at any time.
(3) Right to information
You have the right to obtain information about personal data and the following information if your personal data is being processed:
a. The purposes of processing;
b. The categories of personal data which is processed;
c. The recipients or categories of recipient to whom the personal data has been or will be disclosed, particularly recipients in third countries or in international organisations;
d. Wherever possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the period of time;
e. The existence of the right to request that the controller rectify or erase of personal data or restrict processing of your personal data, or of the right to object to such processing;
f. The right to file a complaint with a supervisory authority;
g. Any available information as to its source if the personal data is not collected from the data subject;
h. the existence of an automated decision-making process, including profiling, referred to in Article 22 (1) and (4) GDPR and, as a minimum in such cases, meaningful information about the logic involved, and the significance and envisaged consequences of such processing for the data subject.
If personal data is transferred to a third country or an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer as per Article 46 GDPR. We will provide a copy of the personal data which is subject to processing. The controller may charge a reasonable fee based on administrative costs for any further copies that you request. If you make the request by electronic means, the information will be provided in a commonly used electronic format unless you request otherwise. The right to obtain a copy as per Paragraph 3 must not adversely affect the rights and freedoms of others.
(4) Right to rectification
You have the right to obtain rectification of inaccurate your personal data from us without undue delay. You have the right to have incomplete personal data completed, including by means of a supplementary statement, while bearing in mind the purposes of the processing.
(5) Right to erasure (“right to be forgotten”)
You have the right to obtain from the controller the erasure of your personal data without undue delay. The controller is obliged to erase personal data without undue delay when one of the following reasons applies:
a. The personal data is no longer needed in relation to the purposes for which they were collected or otherwise processed.
b. The data subject withdraws consent on which processing is based according to Article 6 (1) lit. a, or Article 9 (2) lit. a GDPR, and where there is no other legal ground for the processing.
c. The data subject files an objection to processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for processing, or the data subject files an objection to processing in accordance with Article 21 (2) GDPR.
d. The personal data has been processed unlawfully.
e. The personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.
f. The personal data has been collected in relation to offered information society services specified in Article 8 (1) GDPR.
If the controller has made the personal data public and is obliged to erase the personal data as per Paragraph 1, the controller will take reasonable measures based on the available technology and the cost of implementation. These will include technical measures to inform controllers who are processing the personal data that the data subject has requested such controllers erase any copies or replications of the personal data concerned and any links to said data.
The right to erasure (“the right to be forgotten”) does not exist where processing is required to:
- Exercise the right of freedom of expression and information;
- Comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest, or to exercise of official authority vested in the controller;
- Safeguard public interest in the area of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;
- Fulfil archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR if the right referred to in Paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
- Establish, exercise or defend legal claims.
(6) Right to restriction of processing
You are entitled to require us to restrict processing of your personal data if one of the following applies:
a. The data subject contests the accuracy of the personal data. Processing is restricted for a period to allow the controller to verify the accuracy of the personal data;
b. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
c. The controller no longer needs the personal data for processing purposes, but the data subject requires it to establish, assert, or defend legal claims; or
d. The data subject has objected to processing in line with Article 21 (1) GDPR, pending verification as to whether the legitimate grounds of the controller override those of the data subject.
If processing has been restricted as per the aforementioned requirements, irrespective of whether they are stored or not, such personal data will only be processed with the data subject’s consent or to establish, assert, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest in the Union or a Member State.
The data subject may contact us at any time using the aforementioned contact details to assert the right to restrict processing.
(7) Right to data portability
You have the right to receive your personal data which you have provided to a controller in a structured, commonly used and machine-readable format. You have the right to transmit such data to another controller without hindrance from the controller to whom the personal data has been provided if:
a. Its processing is based on consent as per Article 6 (1) lit. a or Article 9 (2) lit. a or on a contract as per Article 6 (1) lit. b GDPR; and
b. Processing is carried out using automated means.
When exercising your right to data portability as per Paragraph 1, you have the right to have the personal data transmitted directly from one controller to another if this is technically feasible. Exercising the right to data portability is without prejudice to the right to erasure (“right to be forgotten”). This right does not apply to processing which is required to perform a task carried out in the public interest or to exercise official authority vested in the controller.
(8) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for processing which override the data subject’s interests, rights and freedoms, or processing serves to establish, assert, or defend legal claims.
If personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing at any time. This also includes profiling if it is related to such marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
You may exercise your right to object by automated means using technical specifications in conjunction with the use of information society services, and notwithstanding Directive 2002/58/EC.
If personal data is processed for scientific or historical research purposes or statistical purposes as per Article 89 (1), you have the right to object to processing of your personal data on grounds related to your particular situation unless processing is necessary to perform a task carried out for reasons of public interest.
You may exercise your right to object at any time by contacting the controller concerned.
(9) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or affects you significantly in a similar way. This does not apply if the decision:
a. Is required to enter into or fulfil a contract between the data subject and a data controller;
b. Is authorized by Union or Member State law to which the controller is subject and which also specifies suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
c. Is based on the data subject’s explicit consent.
The controller will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, which include, as a minimum, the right to obtain human intervention on the part of the controller’s behalf, to express their point of view, and to contest the decision.
The data subject may exercise this right at any time by contacting the controller concerned.
(10) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you also have the right to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that processing your personal data breaches this regulation.
(11) Right to an effective judicial remedy
Without prejudice to any other administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority as per Article 77 GDPR, you have the right to an effective judicial remedy if you consider that your rights under this regulation have been infringed as a result of your personal data being processed in breach of this regulation.
We use external service providers (processors). Separate processing of order-related data has been agreed with the service provider to safeguard the privacy of your personal data. We work with the following service providers: