Data Protection Declaration
The collection and processing of your personal data takes place in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR), which will be the relevant legal basis from 25.05.2018. We collect and process your personal data in order to be able to offer you the above-mentioned website in conjunction with shopping in the online shop there. This declaration describes how, for how long and for what purpose your data is collected and used and which options (see Chapter 10.) you have in connection with personal data.
Explanation of terms: "Personal data" is all information relating to an identified or identifiable natural person (hereinafter referred to as "person concerned" or "user"), e.g. name, address, e-mail address or telephone number. According to the May 2017 ruling of the German Federal Court of Justice, IP addresses are also personal data. "Person Responsible" is the natural or legal person, agency, body or other entity that alone or jointly with others determines the purposes and means of processing personal data. "Processing" means any operation carried out with or without the aid of automated processes or any such series of operations relating to personal data
You will find exhaustive explanation of terms in the Regulation.
2. Name and Address of the Person Responsible
Person Responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is:
Managing Director: Fritz Niggeloh
Phone: 02195 92992-0
Contact details of the company data protection officer:
Data Protection Officer
3. General information on data processing
3.1. Scope of processing of personal data
We process personal data of our users only to the extent necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the users.
3.2. storage period and legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a of EU General Data Protection Regulation (GDPR) serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as a legal basis with the processing of personal data, which are necessary for the fulfilment of a contract, whose contracting party is the person concerned. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR shall serve as the legal basis for the processing.
If we commission third parties with the processing of data on the basis of a so-called "order processing contract", e.g. the web host who operates the server for this website, this is done on the basis of Art. 28 GDPR.
Unless specifically stated, we will only store personal data for as long as is necessary to fulfill the purposes for which it was collected or as required by law.
4. Provision of the website and creation of log files
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. The data is stored in log files in order to maintain the functionality of the website and to ensure the security of our information technology systems.
The following data is collected:
- Information about the browser type and the used version
- The operating system of the user
- Special actions, such as sending form entries
- The IP address of the user and the Internet service provider of the user
- Date and time of access
- Websites from which the user's system accesses our website (referrer URL)
- Websites that are accessed by the user's system through our Web site
These data are not stored together with other personal data of the user. We use this protocol data for statistical evaluations for the purpose of operation, security and optimisation of our online offer, but also for anonymous recording of the number of visitors to our website (traffic) and for determining the use of our website and services.
For security reasons (e.g. to investigate hacker attacks) we store these server log files for a maximum of 30 days, after which these log files are deleted. However, if there are concrete suspicions that require further storage for the purpose of preserving evidence, such data will be excluded from deletion until final clarification.
The legal basis for the temporary storage of log files is Art. 6 para. 1 lit. f GDPR. The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
5.1. Description and scope of data processing
Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. Only Cookies necessary for operating the website are set. These cookies are necessary to make the basic functions of the website available to you and they are deleted at the end of the session.
When calling up our website, the user is informed by an infobanner about the use of technically necessary cookies.
5.2 Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 para. 1 lit. a GDPR.
5.3. Duration of storage
As already stated, cookies set by this site are temporary and will only be stored in the memory of your browser while it’s open. When it’s closed, the cookie will be removed from your browser’s history.
Use the following links to find out how to manage cookies in the most important browsers (including deactivating them):
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
6. Contact form and e-mail contact
6.1. Description and scope of data processing
A contact form is available on our website, which can be used for electronic contacting. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us by e-mail and stored. These data are:
- Name of user
- Phone Number when indicated
- E-Mail Address
The processing of personal data from the input mask serves us solely to process the establishment of contact and, if necessary, the processing of further conversation. In the case of contacting us by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. In this case, the personal data of the user transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties.
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR.
if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
6.2. Duration of storage
The data are deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been conclusively clarified.
6.3. possibility of opposition and elimination
The user has the possibility to revoke his consent to the processing and storage of personal data at any time by e-mail, via the contact form or any other means of communication. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of establishing contact will be deleted.
7. Use of YouTube
On our website we use the function for embedding YouTube videos of YouTube LLC. (901 Cherry Ave., San Bruno, CA 94066, USA; "YouTube").
YouTube is a service provided with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
The function displays videos stored on YouTube in an iFrame on the website. The "Advanced Privacy Mode" option is enabled. This prevents YouTube from storing information about website visitors. Only when you watch a video will information about it be sent to YouTube and saved there.
8. Rights of the person concerned
If personal data is processed by you, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
8.1. Right to information
You are entitled to request information about the personal data processed by us. We will provide you with information about the source of the data, processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data will be disclosed, the planned retention period and the criteria for determining the retention period. You are also entitled to information on the existence of automated decision making, including profiling, and to information on what guarantees exist pursuant to Art. 46 GDPR for the transfer of your data to third countries.
8.2. Right of rectification
You have a right of rectification and/or completion vis-à-vis the person responsible if the personal data processed concerning you are inaccurate or incomplete. The data controller must rectify this immediately.
8.3. Right to restrict the processing or blocking of your data
You have the right to request the limitation of the processing of personal data concerning you. Thereafter, such data may be processed only with your consent or for the purpose of asserting, exercising or defending legal rights or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
8.4 Right to deletion (right to be forgotten)
You may request the responsible person to delete your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
8.5. Right to information
If you have exercised your right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of such recipients by the data controller.
8.6. Right to data transferability
You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another person responsible.
8.7. Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke your consent.
8.8. Right of appeal
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.
If you wish to make use of your right of withdrawal or objection, simply send an e-mail to email@example.com
The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
8.9. Links to the supervisory authorities
Links to all state data protection officers can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
9. Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data will be transmitted encrypted. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is unfortunately not technically possible.
We maintain technical and organizational security measures to secure your data and maintain their confidentiality, which we continually adapt to the state of the art.
However, we do not guarantee that our online service will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers used by us are regularly carefully backed up.