Controller/data protection officer contact information
You may contact us at:
Legal basis for processing
Insofar we have obtained the consent of the data subject for processing personal data, the legal basis is Article 6(1)(a) GDPR.
When processing personal data necessary for fulfilment of a contract with the data subject, the legal basis is Article 6(1)(b) GDPR.This also applies to processing operations required to carry out pre-contractual measures.
Where processing personal data is necessary for compliance with a legal obligation our company is subject to, the legal basis is Article 6(1)(c) GDPR.
In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Article 6(1)(d) GDPR.
In the event processing is necessary for the performance of a task in the public interest or which takes place in exercising official authority which was delegated to the controller, the legal basis is Article 6(1)(e) GDPR.
If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not prevail over the former interest, the legal basis for processing is Article 6(1)(f) GDPR. The legitimate interest of our company is conducting our business.
Processing of access data and log files
Our website is designed to only request personal data where absolutely necessary. You may end use of our website at any time by closing the browser or visiting another website.
When using our website we collect and use access data/log files such as
- name of your internet service provider,
- the page visited before visiting our website or the name of the file requested,
- date and time of the request,
- data volume transferred,
- information whether the fetch was successful,
- the IP address,
- referrer URLs,
- browser types used,
- operating systems used
This data is processed for the purpose of enabling use of the website (establishing a connection), system security, technical administration of the network infrastructure, and to optimise the website, thus based on our legitimate interests as defined by Article 6(1)(f) GDPR, and to protect users and prevent other unauthorised use. This data is not shared with third parties or otherwise analysed. A personal user profile is not created.
Processing personal data in line with our contracted services, other purposes
Personal data is particularly processed when provided by you during registration, placing an order, opening a customer account, subscribing to our newsletter, submitting an inquiry via contact form/e-mail chat, when using our blow and our forum, or when used for company advertising purposes.
When registering or placing an order we collect the personal data provided by you such as IP address, name, gender, address, contact information (e-mail, telephone numbers), cart, order and delivery information, appointment set by you, payment information, delivery and location data to fulfil a legal transaction/contract. You can also determine exactly which of your data is collected in the respective input screens. We collect the data provided and use it to process the legal transaction. We only use the data provided by you without your specific consent to fulfil and implement the services offered for the purpose of compliance with our contractual obligations and service according to Article 6(1)(b) GDPR. Upon completing the services your data is blocked from further processing and erased following expiration of the file retention periods under tax and commercial law unless you have explicitly consented to further use of your data or otherwise justified by law.
For orders not placed through our website, such as by phone, in writing or verbally, we also collect the personal data provided by you such as name, gender, address, contact information (e-mail, telephone numbers), order information, appointment selected by you, payment information, delivery and location data to fulfil a legal transaction/contract. You can also determine exactly which of your data is collected whilst ordering. We collect the data provided and use it to process the legal transaction. We only use the data provided by you without your specific consent to fulfil and implement the services offered for the purpose of compliance with our contractual obligations and service according to Article 6(1)(b) GDPR. Upon completing the services your data is blocked from further processing and erased following expiration of the file retention periods under tax and commercial law unless you have explicitly consented to further use of your data or otherwise justified by law.
When submitting an inquiry via contact form, e-mail, chat, personal data is collected to process the contact request/inquiries in accordance with Article 6(1)(b)) GDPR. The data collected when using the contact form can be determined from the contact form, or varies depending on your e-mail message. This data is solely stored and used to respond to your inquiry or for contact purposes and the related technical administration. Upon closing your request your data is erased if requested, unless required by virtue of file retention statutes.
Personal data processed is further processed when subscribing our newsletter. The data provided by you when subscribing the newsletter (such as name and e-mail address) is used by us with your express consent for our own advertising purposes and for further electronic messages containing advertising information related to our products, offers, specials and our company related to our newsletter.
You may unsubscribe the newsletter at any time, thus withdrawing your consent, using the link in the newsletter e-mail, or by notifying us. After unsubscribing, your e-mail address is promptly removed from our newsletter distribution list unless required by virtue of file retention statutes.
Based on our legitimate interests according to Article 6(1)(f) GDPR we use a service provider to ensure more user-friendly and secure delivery of the newsletter and conduct statistical surveys and analysis as well as logging the subscription process. The newsletter sent by us contains a so-called pixel tag which, upon the customer opening the newsletter, collects technical information such as IP address, browser, operating system, fetch, time fetched, and links clicked. This information is used to make technical improvements and to better tailor our newsletter service to customers.
The newsletter is sent and processed through Newsletter2toGo GmbH, Köpenicker Str. 126, 10179 Berlin. For more about Newsletter2Go and data security at Newsletter2Go please visit:
For advertising purposes and to provide a customer-oriented website we provide a forum enabling registered users to post or add comments, based on our legitimate interests as defined by Article 6(1)(f) GDPR. The forum is a public portal. Questions/articles and posts can be added and others can comment on these. If a data subject posts an article or comment in the forum, in addition to the comments added by the data subject, information about the time the comment was added and the user name selected by the data subject are collected and published, and the IP address logged, based on our legitimate interest under Article 6(1)(f) GDPR, for safety reasons in the event illegal contents or comments are added, or to detect spam. This personal data collected is not shared with third parties unless required by law or serves the controller as legal defence. Third parties can generally subscribe to the comments published in the forum with their consent according to Article 6(1)(a) GDPR. For documentation purposes we store the time the consent was given including IP address and delete this information when deregistering. The option to subscribe to comments can be terminated at any time by withdrawing your consent. Deregistered e-mail addresses can be stored up to 3 years based on our legitimate interest in documentation purposes and defence against/enforcing possible claims.
You can apply for vacancies at our company through our website or by e-mail. This allows you to provide us with your name, address, date of birth and e-mail address, and to send us your application documents or upload these in an application form. We process the data transmitted to us to implement the application process.
After implementing the application process your applicant data is erased unless we have obtained your specific consent to further data storage (for example to be added to an applicant pool for future vacancies). Applicant data is erased at the latest six months after the position has been filled or the letter of rejection has been sent provided we have not received a complaint or enforcement related to proceedings under the General Act on Equal Treatment (AGG) at said time.
The legal basis for processing applicant data is Article 6(1)(b) GDPR or Article 26(1) BDSG (new). In cases where you have consented to long-term storage of applicant data, the legal basis is Article 6(1)(a) GDPR. The legal basis for internal transmission for implementing the application process is Article 6(1)(b) GDPR.
Like all involved in economic events, we are also subject to a number of legal obligations. These are mainly legal requirements (such commercial and tax laws), as well as possibly regulations of supervisory authorities and other authorities. The purposes of processing include, where applicable, compliance with monitoring and reporting obligations under tax law as well as archiving data for the purpose of data protection and data security, and for audits by fiscal and other authorities. Disclosure of personal data may further be necessary in line with regulatory/legal measures for the purpose of taking evidence, prosecution or to enforce civil claims. The legal basis for purposes of compliance with statutory provisions is Article 6(1)(c) GDPR or, in the case of public interest, Article 6(1)(e) GDPR.
When registering for the respective service the user is clearly informed of the scope of the consent which may be required and this consent documented. The user may access the contents of the consents obtained from the user from our service. Please note, if you do not consent we may not be able to use the respective service.
The personal data entered by the data subject is collected and stored solely for internal purposes of the controller. Within our company your data is shared with the internal departments or divisions involved in compliance with our contractual and legal obligations or requiring these in line with processing and exercising our legitimate interest. The controller can commission subcontractors to provide and perform his services, or request transfer to one or multiple processors also using the personal data solely for internal purposes related to the controller such as in the context of performance of contract; for compliance with statutory provisions under which we are obliged to provide information, report or disclose data, or if data is being disclosed in the interest of the public; when using external service providers as processors or agents to process data on our behalf (such as support/maintenance for EDP/IT applications, archiving, data destruction, purchasing/procurement, CRM, letter shops, website management, audit services, financial institutions, printers or data purging companies, courier services, logistics companies); based on our legitimate interest or the legitimate interest of the third party (such as authorities, credit agencies, collection companies, solicitors, courts, experts, affiliated companies and supervisory bodies).
Based on our legitimate interest of providing an appealing website and to enable the use of certain functions we use so-called cookies on some of our pages. These are small text files which are added to your device. The cookies can be transmitted to it when opening a page, thus enabling reference to a user. Cookies help to facilitate websites for users. Some of the cookies used by us are deleted at the end of the browser session, so after closing your browser. Other cookies remain on your device and allow us or other partner companies to recognise your browser on your next visit.
You can configure your browser to notify you of cookies and decide whether to accept the cookie, or to block specific or all cookies. Cookies can be deleted at any time. Blocking cookies may limit the functionality of our website, particularly ordering products.
Information about web analysis services/marketing tools
Based on our legitimate interests as defined by Article 6(1)(f) GDPR we use the following web analysis services and marketing tools to analyse and optimise our services:
1.) Google Analytics
We use Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA ('Google'). Google Analytics uses so-called 'cookies', text files which are stored on your computer and enable analysis of your use of the website. The information generated by the cookie on your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, your IP address is first truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. The complete IP address is only transmitted to a Google sever in the USA and stored there in exceptional cases. On behalf of the operator of this website, Google will use this information, to analyse your use of the website, to compile reports on the website activities and to provide the website operator with other services associated with the use of the website and the Internet. The IP address transmitted by your browser in line with Google Analytics is not consolidated with other data from Google. You can configure your browser to block the cookies; however, you should be aware that in this case you may not be able to make full use of all website functions. You can further prevent Google from collecting the data related to your use of the website generated by the cookie (including your IP address) and Google processing this data by downloading and installing the browser plugin available under the following link.
Alternatively to the browser plugin or when using browsers on mobile devices please click the following link to add an opt-out cookie which prevents future collection by Google Analytics on this website (this opt-out cookie only works with this browser and only for this domain; after deleting your cookies in this browser you need to click this link again): Disabling Google Analytics
2.) Google Tag Manager
We further use 'Google Tag Manager’, a web service provided by Google LLC 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. ('Google’) which enables managing analysis and tracking tags through an interface. The Tag Manager detects loading pages. Based on the configuration, loading the website will trigger a Google Analytics tag. The data from this tag is then returned to the Google Analytics servers for pseudonymised analysis of user behaviour. Google Tag Manager does not add cookies or collect personal data.
3.) Google AdWords
We use the online advertising program 'Google AdWords' and along with this also conversion tracking, a web service provided by Google LLC 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA ('Google').
The cookie for conversion tracking is added when a user clicks on an ad placed by Google. These cookies expire after 30 days and do not enable identifying a person. When the user visits certain pages on our website and the cookie is still valid, it allows Google and us to recognise that the user clicked the advertisement and was redirected to this page. Each Google AdWords customer is assigned a different cookie. Cookies can therefore not be tracked through the websites of AdWords customers. The information collected by the conversion cookie is used to compile conversion statistics for AdWords customers who decided to use Conversion Tracking. Customers receive the total number of users who clicked their advertisement and were redirected to a page with a conversion tracking tag. However, they do not receive any information, which reveals the personal identity of users. Users who do not wish to be tracked can easily disable the Google conversion tracking cookie in the settings of their internet browser. These users are excluded from conversion tracking statistics.
You can further prevent Google from collecting the data related to your use of the website generated by the cookie (including your IP address) and Google processing this data by installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=gb.
4.) Google DoubleClick
5.) Google Dynamic Remarketing
6.) YouTube videos
We use YouTube videos, a service provided by Google LLC 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. ('Google'), on our website which are stored on www.YouTube.com and can be played directly on our website. When visiting the website YouTube receives information you visited the respective subpage on our website. Furthermore, access data and log files are transmitted. This occurs whether or not you have a YouTube user account you are logged into. If you are logged into Google, your data is matched with your account. If you do not wish these videos to be associated with your YouTube account, please log out of your account before using the button. YouTube saves your data as usage profiles and uses it for the purpose of advertising, market research, and/or to customise the website design. This type of analysis (even for users not logged in) is particularly aimed at providing custom advertising and to provide other members of the social network with information about your activity on our website. You have the right to object to this user profile being created by contacting YouTube.
7.) Google Maps
This website uses 'Google Maps’, a web service provided by Google LLC 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA ('Google'). This allows us to show interactive maps directly on the website and enables convenient use of the map function. When visiting the website, Google receives information you visited the respective subpage on our website. The data processed in particular may also include the user’s IP address and location data, which are not collected without the consent (typically in the settings of your mobile device). This occurs whether or not you have a Google user account you are logged into. If you are logged into Google, your data is matched with your account.
We have embedded the 'ReCaptcha’ function, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to detect bots, for example in online forms.
Google also processes your personal data in the USA and has committed to adhering to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Our website uses social plugins ('Plugins”) of the social media network facebook.com, a service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ('Facebook”). The plugins can be recognised by one of the Facebook logos (white “f” on a blue tile or a ‘thumbs up’ sign) or are marked with the addition ‘Facebook social plugin’. For the list and pictures of Facebook social plugins, please visit: http://developers.facebook.com/plugins
When visiting one of our websites with this type of plugin, your browser connects directly to the Facebook servers. The content of the plugin is directly transmitted to your browser by Facebook and is incorporated into the website by the browser. We therefore have no control over the scope of data Facebook collects using this plugin and are therefore disclosing this based on our knowledge.
If you have a Facebook account and do not wish for Facebook to collect data about you through our website and match it with your data stored in Facebook, please log out of Facebook before visiting our website.
Third-party services and content
Based on our legitimate interests as defined by Article 6(1)(f) GDPR we use third-party services for analysis, optimisation and economic provision of our offerings. In these cases, third-party providers can obtain the IP address of the user of third-party contents or knowledge thereof is required for the third-party service to be carried out. The third parties used can further analyse information about website traffic using so-called pixel tags and use this for marketing purposes. This information can further be saved to cookies and on user devices. These cookies can then contain technical information about the browser and operating system used, the time visited, and other information about the use of our website and merge this with information from other sources. We currently use the following third-party services and contents:
1.) Payment services
Our website uses so-called social media plugins ('Plugins') of the social media network 'ShareThis', a service provided by ShareThis, Inc., 4005 Miranda Avenue Suite 100, Palo Alto, CA 94304-1227 USA ('ShareThis'). These plugins are buttons with a white arrow against a green background. For a list and images of ShareThis plugins please visit: http://www.sharethis.com/get-sharing-tools/.
You can also prevent all ShareThis plugins using browser add-ons through for example the script blocker 'NoScript' (http://noscript.net/).
Credit check and scoring
When advancing funds or with your express consent we may obtain a credit report based on mathematical and statistical methods from Bürgel Wirtschaftsinformationen GmbH & Co. KG, Gasstraße 18, 22761 Hamburg or from Bertelsmann SE & Co. KGaA, Carl-Bertelsmann-Straße 270, 33311 Gütersloh. In the process we transmit the personal data required for a credit check to Bürgel Wirtschaftsinformationen GmbH & Co. KG and use the information obtained regarding the statistical probability of payment default for a carefully considered decision regarding justification, performance or termination of the contractual relationship. You may withdraw this consent at any time with future effect. The credit report can include probability values (credit score) which are computed based on scientifically recognised mathematical and statistical methods and which among other things including address data under which a customer will be satisfying his contractual payment obligations. These credit scores therefore help us for example assess the credit worthiness, the decision-making related to product conclusions and are included in our risk management. The calculation is based on mathematically and statistically recognised and proven methods and is solely based on your data, particularly current obligations, occupation/profession, as well as the history related to prior business relationships. Your sensitive interests will be taken into account according to the law.
For detailed information about the methods used by Bürgel Wirtschaftsinformationen GmbH & Co. KG, please visit https://www.buergel.de.
For detailed information about the methods used by Bertelsmann SE & Co. KGaA, please visit https://www.arvato.com.
Sharing personal data
Routine erasure and blocking of personal data, duration of storage
We process and store your personal data as long as this is required to fulfil our contractual and legal obligations. Personal data is therefore stored for the respective retention period stipulated by law. When the data is no longer required to comply with contractual or legal obligations it is erased on a regular basis unless (temporary) further processing is required for the following purposes:
Compliance with retention periods under commercial and tax laws: Notably the German Commercial Code (HGB) and the general tax code (AO). The periods specified in these cases for retention or documentation are two to ten years. For the purpose of retaining evidence with respect to statutes of limitations under §§195ff. of the German Civil Code (BGB), these statutes of limitations can be up to 30 years, with the average statute of limitations being 3 years. Further storage may take place where stipulated by European or national legislative authorities under EU regulations, laws or other regulations to which the controller is subject.
Rights of the data subject
Every data subject has the right of access in accordance with article 15 of the GDPR, the right to rectification in accordance with article 16 of the GDPR, the right to erasure in accordance with article 17 of the GDPR, the right to restriction of processing in accordance with article 18 of the GDPR, the right to object resulting from article 21 of the GDPR as well as the right to data portability resulting from article 20 of the GDPR. The restrictions pursuant to Articles 34 and 35 of the new German Data Protection Act (BDSG-neu) apply to the right of access and right to erasure. Furthermore, there is the right to lodge a complaint with a responsible supervisory authority (Article 77 of the GDPR in conjunction with Article 19 of the German Data Protection Act - BDSG).
You can revoke the consent given to us to process personal data at any time. This also applies to withdrawing consent obtained by us prior to the General Data Protection Regulation coming into force, so before 25 May 2018. Please observe that the revocation has effect for the future. This does not apply to processing prior to withdrawing consent.
Right to object under Article 21 GDPR
You have the right, for reasons resulting from your particular situation, to object to the processing of your personal data at any time, which takes place based on article 6(1)(e) of the GDPR (data processing in the public interest) and article 6(1)(f) of the GDPR (data processing based on a balancing of interests). If you object, we will no longer process your personal data, unless we can verify compelling reasons for this processing worthy of protection, which override your interests, rights and freedoms or the processing serves to assert, exert or defend legal claims. In some cases we will process your personal data for direct advertising. You have the right to at any time object to the personal data concerning you being processed for this type of advertising.
To prevent unauthorised access or unauthorised disclosure, ensure the data is correct and ensure authorised use of the data, we have implemented organisational measures to safeguard and protect the data requested from you online. During the ordering process your personal data is transmitted over the internet in encrypted form using SSL encryption. Credit card data is not stored but collected and processed by our payment service providers directly. We use technical and organisational measures to protect our website and other systems against loss, corruption, unauthorised access, modification or breach of your data by unauthorised persons. Your customer account can only be accessed by entering your personal password. You should always keep your login information confidential and close the browser window after ending your communication with us, particularly when sharing the computer with others.
Questions and information
If you have further questions about data protection on our website, please feel free to contact us using our e-mail address. We will then attempt to answer your questions and resolve any concerns you may have.
Date: May 2018