I. Information on the collection of personal data
1. We would like to inform you by the following about the personal data we collect while you are using our website. Personal data are all data which refer to you personally such as your name, address, email address, user conduct.
2. If you contact us by email or via a contact form, we will store the data you transfer to us (your email address, possibly your name and telephone number) to be able to answer your questions. We will delete the data collected on that occasion as soon as their storage is no longer necessary, or we will restrict the processing of these data if we are obliged by law to retain the data.
3. In case we use the services of subcontracted service providers to provide certain features or functions or if we want to use your data for advertising purposes, we are going to inform you in the sections below about the relevant processes. We also inform you about the criteria which were defined for the duration of storage.
II. Your rights
1. You are entitled to the following rights with respect to our processing of the personal data concerning you:
– Right of access/ right to information (Art. 15 GDPR),
– Right to rectification or erasure (Art. 16 and Art. 17 GDPR),
– Right to restriction of processing (Art. 18 GDPR),
– Right to object to the processing (Art. 19 GDPR)
– Right to data portability (Art. 20 GDPR).
2. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 subs. 1 e) GDPR (data processing for reasons of public interest) or Art. 6 subs. 1 f) (data processing based on a weighing of interests); this shall also apply to any profiling based on those provisions (Art. 21 GDPR). If you object to the processing, we will only continue the processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the data are processed for the purpose of establishing, exercising or defending legal claims.
3. If you have consented to our processing of your personal data, you have the right to withdraw the consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal shall further be without prejudice to the continuation of data processing on any other legal basis such as for the fulfilment of legal obligations.
4. Finally, you have the right to lodge a complaint with a supervisory authority relating to our processing of your personal data.
5. We kindly ask you to send your requests or declarations to the address set out in sec. I. 2., if possible.
III. Collection of personal data during your visit to our website
1. If you use our website for mere information purposes, i.e. if you do not register or otherwise transfer information to us, we will only collect the personal data which your browser transfers to our server. If you want to view our website, we will collect the following data which are necessary for us in technical respect to display our website and ensure stability and security (the legal basis for this is Art. 6 subs. 1 sentence 1 f) GDPR):
– IP address
– Date and time of the request
– Time zone difference compared to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– State of access / HTTP status code
– Data volume transferred from time to time
– Website from which the request is made
– Operating system and its surface
– Language and version of the browser software.
2. In addition to the aforesaid data, cookies are stored on your computer when you use our website. Cookies are small text files which are allocated to the browser you use and stored on your hard drive and which provide the party that sets the cookies (in the present case us) with certain information. Cookies cannot execute programs or infect your computer with viruses. They help render the presentation of services on the Internet as a whole more user- friendly and more efficient.
a) This website uses the following types of cookies the scope and functionality of which is described hereinafter:
– Transient cookies (see b.)
– Persistent cookies (see c.).
b) Transient cookies are deleted automatically when you close the browser. They include but are not limited to session cookies; session cookies store a so-called session ID which enables different requests from your browser to be allocated to a specific session. This enables us to recognize your computer when you come back to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are deleted automatically after expiry of a pre-defined period of time which may vary, depending on the type of cookie used. You can delete the cookies in the security settings of your browser at any time.
d) You can set your browser as you think appropriate and, for instance, refuse acceptance of all cookies or of third-party cookies. Please be aware that when you deactivate cookies you might be prevented from using all functions and features of this website.
IV. Use of our web shop
1. If you want to place a purchase order in our web shop, you must enter those of your personal data for contract conclusion which we require for the execution of your purchase order. All required fields which you must necessarily fill in are marked, the disclosure of any further information is voluntary. We will process the data you transfer to us for executing your purchase order. For such purpose, we may transfer your payment data to our main bank. The legal basis for this is Art. 6 subs. 1 sentence 1 b) GDPR. Moreover, you may decide in your discretion to create a customer account which enables us to store your data for any subsequent purchase orders. If you create an account under the menu item “My account”, the data you have entered there will be stored revocably. You may delete all other data including your user account in the customer area at any time.
We may also process the data you have disclosed to us for informing you about other interesting products from our portfolio and send you emails with technical information.
2. We are obliged by commercial law and tax law provisions to retain your address data, payment data and order data for a period of ten years. We will however restrict the processing of these data after the expiry of two years which means that, from that time on, we will use your data for the sole purpose of complying with our legal obligations.
3. The purchase order process is encrypted by TLS technology to prevent unauthorized access to your personal data, in particular financial data.
1. You can subscribe to our newsletter by giving your consent to the newsletter transmission and we will then send you the newsletter to inform you about our current interesting offers. The goods and services advertised in the newsletter are specified in the declaration of consent.
2. To enable subscription to our newsletter, we use the so-called double opt-in procedure; this means that, after you have subscribed, we will send you an email to the email address you have entered in the subscription in which we will ask you to confirm that you want us to send you the newsletter. If you do not confirm your subscription within 24 hours, the data you have entered will be blocked and deleted automatically after one month. In addition, we also store the IP addresses you use from time to time as well as the time of subscription and confirmation. The purpose of this procedure is to evidence your subscription and, where required, clarify any potential misuse of your personal data.
3. The only required field which you must necessarily fill in to receive the newsletter is your email address. The entry of any other specifically marked data is voluntary and we use such data to be able to address you personally. After you have confirmed the subscription, we will store your email address for sending you the newsletter. The legal basis for this is Art. 6 subs. 1 sentence 1 a) GDPR.
4. You may at any time revoke your consent to the transmission of the newsletter and unsubscribe. You can revoke your consent by clicking the link which is contained in every newsletter email or via the appropriate form on the website or by sending an email to [Newsletter@example.com] or by sending an appropriate message to the contact data stated in the legal notice on our website.
VI. Integration of YouTube videos
1. We have embedded YouTube videos in our online presentation which are stored on http://www.YouTube.com; the videos can be started and played back directly from our website. All videos are embedded in an “enhanced data protection mode” which means that no data concerning you as the user are transferred to YouTube if you do not play back the videos. Only when you play back the videos, the data mentioned in the following subs. 2 will be transferred to YouTube. We cannot influence this data transfer.
VII. Security measures
1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood of risk realization and the varying severity of the risks for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures in accordance with Art. 32 GDPR to ensure a level of security appropriate to the risk.
2. These measures include in particular but are not limited to measures to ensure the confidentiality, integrity and availability of data by controlling physical access to the data as well as logical access and actual data access, data entry, transfer, as well as data availability and data separation. In addition, we have established procedures to ensure the protection of the rights of data subjects, the deletion of data and reactions to any endangerment of the data. Moreover, we consider the protection of personal data already in the development and/or selection of hardware, software and processes, according to the principle of data protection by design and by default (Art. 25 GDPR).
VIII. Cooperation with processors and third parties
1. Where we disclose, transfer or otherwise grant access to, data to other persons and companies (processors or third parties) in the context of our data processing, this is in all cases done on the basis of statutory authorisation (e.g. where the transfer of data to third parties such as payment services providers is necessary for contract performance according to Art. 6 subs. 1 b) GDPR), or when you have given your consent to the processing, or the processing is necessary for compliance with a legal obligation or the processing is carried out for the purposes of our legitimate interests, e.g. where we engage agents, web hosting companies etc.).
2. When we engage third parties to process data under a so-called contract for data processing on behalf, this is done on the basis of Art. 28 GDPR.
IX. Transfer to third countries
When we process data in a third country, i.e. a country outside the European Union (EU) or the European Economic Area (EEA) or such data processing in a third country occurs in the context of services provided by third parties engaged by us or in the context of the disclosure or transfer of data to third parties, this is done only for the purpose of fulfilling our (pre-) contractual duties or based on your consent or for complying with a legal obligation or for the purposes of our legitimate interests. Subject to any existing statutory or contractual authorisation, we only process data, or cause data to be processed, in a third country if the special requirements under Art. 44 et seqq. GDPR are satisfied. This means that the processing is based, for instance, on special safeguards such as the official recognition of a data protection level that satisfies EU standards (which is for instance the case with the “Privacy Shield” for the USA) or compliance with special officially recognized contractual obligations (so-called standard contractual clauses).