We take the security of your personal data very seriously and therefore strictly abide by the rules of the Data Protection Act.
In the document below, we will provide you with detailed information on how we handle the processing of your personal data pursuant to Article 13 of the General Data Protection Regulation (GDPR). Should you have any questions or comments about this data protection information, please feel free to contact our data protection officer at email@example.com or contact the data processing controller,
Dehmer Straße 66
32549 Bad Oeynhausen
Telefon: (05731) 753-300
Fax: (05731) 753-95-300
The processing of your personal data is divided into two categories:
1. We process all data necessary for the purposes of contract execution and for advertising purposes, such as sending out newsletters or mailings. External service providers involved in the execution of the contract, such as logistics companies or payment service providers, receive your data to the extent necessary in each case.
2. When accessing our website, various information is automatically shared between your device and our server. This may include personal data. The information collected in this respect is used by us to optimise our website or display advertising on your device’s browser.In this section, you can learn more about the purposes for which personal data are processed, the legal basis for processing, the legitimate interests pursued by us or a third party and the categories of recipients,
In this section, you can learn more about the purposes for which personal data are processed, the legal basis for processing, the legitimate interests pursued by us or a third party and the categories of recipients,
Collecting and using data for contract execution and when opening a customer account
We process personal data for the purposes of executing contracts and opening a customer account if you voluntarily provide us with this information as part of your order, when contacting us as a customer (e.g. using our contact form or by email) or when opening a customer account. The data collected is shown in each input form.
This primarily involves the following data:
Billing and delivery address
Billing and payment details
Date of birth, where applicable
Telephone number, where applicable
The legal basis for processing personal data for contract execution purposes is Article 6 Paragraph 1(b) GDPR. In order to be able to use your email address, we will send you a confirmation email on the basis of Article 6 Paragraph 1(c) GDPR. If we do not use your contact details for advertising purposes, we are permitted to store the data collected for the execution of the contract until such time as the statutory or any contractual warranty or guarantee rights expire. Upon the expiry of this period, we shall retain the contractual information required under commercial and tax law for the periods stipulated by law. These data are only reprocessed during this period (usually ten (10) years from the conclusion of the contract) in the event of an audit by the financial authorities.
Creating a customer account is done on a voluntary basis and subject to your consent pursuant to Article 6 Paragraph 1(a) GDPR. You may view and amend the data stored about yourself in your customer account at any time.
The following additional data processing is required to execute the purchase contract:
Disclosure of data for contract fulfilment, determining identity and creditworthiness
In order to fulfil the contract, we send your email address and, where applicable, your telephone number, to the logistics company we have contracted if and insofar as this is necessary to delivered the goods that have been ordered. In order to process payments, we provide the payment details necessary for this process to the bank instructed for the payment and, where applicable, payment service providers we have contracted and/or to any payment service you have selected during the order process.
Where necessary, we verify your identity on the legal basis of Article 6 Paragraph 1(b) and (f) GDPR by obtaining additional information from service providers. We are entitled to do this to protect your identity and avoid attempted fraud at our expense. The circumstance and results of our request shall be added to your customer account or guest account and stored there for the duration of the contractual relationship.
Credit check and scoring
Where we provide goods and services in advance, e.g. in the event of purchases made on account, we reserve the right to safeguard our legitimate interests by obtaining information about your identity and creditworthiness from service providers specialising in such services (credit agencies). For this purpose, we send the personal data relating to you that is necessary for a credit check to the following company or companies:
Creditreform Boniversum GmbH
Creditsafe Deutschland GmbH
Schreiberhauer Straße 30
The information on creditworthiness may contain probability (score) values, which are calculated on the basis of scientifically accepted statistical mathematical methods, where address data may be used in the calculation process. We use the information obtained about the statistical likelihood of a failure to pay to make a carefully weighed decision as to the justification, execution or termination of the contractual relationship. Your legitimate interests are taken into account in accordance with the statutory provisions.
The legal basis for this information being sent is Article 6 Paragraph 1(b) and Article 6 Paragraph 1(f) GDPR. Information may only be sent on the basis of these provisions if and insofar as this is necessary to protect the legitimate interests of our company or third parties and where this is not outweighed by the interests or fundamental rights and freedoms of the data subjects which require protection of personal data.
Data processing for advertising purposes
There is a legitimate interest for the controller when processing data for advertising purposes pursuant to Article 6 Paragraph 1(f) GDPR. The duration of data storage for personal data for advertising purposes is determined on the basis of the principle of whether said storage is necessary for promotional contact. We follow the principle of erasing data no more than two (2) years after they are no longer needed for advertising purposes.
Internal advertising purposes and third-party advertising purposes
If and insofar as you have concluded a contract with us or have asked us to send you promotional material, we shall treat you as an existing or potential customer. In these cases, we process your postal contact details in order to provide you with information about new products and services in this way. We reserve the right to send your postal contact details to contractual partners carefully selected by us in the shipping and telecommunications sectors and providers of similar products within the scope of our legitimate interests so that they may also provide you with information about their products.
To ensure that you only receive advertising information that is in your supposed interest, we categorise and supplement your customer profile with additional information. To do so, we use both statistical information as well as personal information (e.g. the basic data on your customer profile). The aim is to provide you with advertising material that is solely based on your actual or supposed interests and not inconvenience you with advertising that is not useful.
Right to object
You have the right to object to your data being processed for the purposes mentioned above at any time free of charge, and may do so for specific methods of communication with future effect. An email or letter sent by post to the contact details specified under Section 2 is sufficient for this purpose.
If and insofar as you lodge an objection, the contact address in question shall be blocked for any further processing for advertising purposes. We would like to point out that, in exceptional cases, you may still receive advertising material on a temporary basis, even after your objection has been received. This is due to technical reasons involving the lead time necessary for advertising material and does not mean that we are not complying with your objection.
Use of data when subscribing to the email newsletter
If you subscribe to our newsletter through the double opt-in procedure, we will use the data necessary for this purpose or the data you provide separately to regularly send you our email newsletter. For the double opt-in procedure, we send you a confirmation link once you have entered your email address in the subscription field. By clicking the confirmation link, your email will be included in our email distribution list. Your email address will be processed subject to your consent pursuant to Article 6 Paragraph 1(a) GDPR. You may revoke your consent at any time with future effect. You may unsubscribe from the newsletter at any time and may do so either by sending a message to the contact details specified in the legal notice or by clicking the link provided for that purpose at the end of each newsletter.
Use of data for email advertising without newsletter subscription and your right to object
If we receive your email address in connection with the sale of a product or service and you have not objected to the use of your email address, we reserve the right to regularly send you offers via email regarding products from our range that are similar to those already purchased within the scope of our legitimate interests. Your email address is then processed pursuant to Article 6 Paragraph 1(f) GDPR. You may object to the use of your email in this regard at any time and may do so either by sending a message to the contact details specified in the legal notice or by clicking the link provided for that purpose at the end of the newsletter.
Once you object, an opt-out cookie is placed on your device. If you delete your cookies, you will need to click this link again.
Reminder to leave ratings by Trusted Shops
If you have granted us your express consent during or after your order by ticking the corresponding box or clicking the button provided for this purpose (Rate Later), we will send your email address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany so they are able to send you a reminder to leave a rating for your order. You may revoke this consent at any time by sending an email to the contact details specified below or by contacting Trusted Shops directly.
In order to design our website appropriately and to continually optimise our website, we use Google Analytics, a web analysis service provided by Google, Inc. (hereinafter referred to as “Google”), on the basis of Article 6 Paragraph 1(f) GDPR. In this context, pseudonymised usage profiles are compiled and cookies are used. The information generated by cookies about your use of this website, such as
operating system used
referrer URL (the page visited prior to visiting our website)
host name of the accessing computer (IP address)
time of server request
is transferred to a Google server in the US and stored there. This information is used to evaluate your use of this website, to compile reports on the website activities, and to perform further services linked to website and internet use for market research purposes and to tailor the design of this website. This information may also be transferred to third parties if this is legally required or if third parties process this data on behalf of Google. Under no circumstances will your IP address be associated with any other data from Google. IP addresses are anonymised so that it is not possible to link them to individuals (known as IP masking).
You may refuse to allow cookies to be installed by selecting the appropriate settings on your browser; however, we would point out that this may result in you not being able to use all of the features of this website. You can also prevent the data generated by the cookie about your use of the website (including your IP address) from being sent to and processed by Google by downloading and installing the available browser add-on. Alternatively, in particular with respect to browsers on mobile devices, you may also prevent Google Analytics from collecting data by clicking on this link. This stores an opt-out cookie that prevents the future collection of your data when visiting this website. The opt-out cookie is only valid on this browser and only for our website and is stored on your device. If you delete the cookies stored for this browser, you will need to reset the opt-out cookie. Additional information on data protection with respect to Google Analytics is available on the Google Analytics website.
Use of econda for web analysis
Data is automatically collected and stored on this website for web analysis purposes using technology provided by econda GmbH. These data are pseudonymised and used to create user profiles. This serves to safeguard our overriding legitimate interests in optimising how we present our products and services. Cookies may be used for this purpose. Pseudonymised user profiles are not linked to personal data relating to the bearer of the pseudonym without express consent being granted separately. You may revoke your consent to your data being collected and stored at any time with future effect by clicking on this link.
Once you object, an opt-out cookie is placed on your device. If you delete your cookies, you will need to click on this link again.
The targeting measures listed below that we use are implemented on the basis of Article 6 Paragraph 1(f) GDPR. Our aim with the use of these targeting measures is to ensure that you are only shown advertising on your devices that relates to your actual or supposed interests. It is in both your interests as well as in ours not to inconvenience you with advertising that does not interest you.
We also use re-targeting technology provided by Google AdWords. This enables us to tailor the design of our website so that it is more interesting to you. To do so, a cookie is stored to collect data on your interests using pseudonyms. This information is used to show you advertisements for our products and services relating to your interest on our partners’ websites. No direct personal data are stored and no usage profiles are linked to your personal data. The cookie is stored for a period of 30 days and is then automatically deleted.
Option to object/opt out
In addition to the deactivation methods described above, you can generally disable the targeting technologies explained here by adjusting the cookie settings in your browser. You can also deactivate preference-based advertising using the preference manager available here.
Social media plugins
We use social plugins for the social media networks Facebook, Google+, XING, YouTube and Twitter on our website on the basis of Article 6 Paragraph 1(f) GDPR in order to raise the profile of our company. The promotional purpose behind this is deemed to be a legitimate interest as defined by the GDPR. The respective provider of each network is responsible for guaranteeing that it operates in compliance with data protection legislation. Our use of these plugins is done on the basis of what is known as the two-click method in order to protect visitors to our website as far as possible.
Our website uses plugins from the social network Facebook, which is operated by Facebook, Inc. The Facebook plugin is identifiable through the Facebook logo or the phrase “Like” or “Share”. For an overview of Facebook plugins and their appearance, please click on the following link. When you activate this kind of plugin (first click), your browser makes a direct connection to the Facebook servers. The content of the plugin is transferred from Facebook directly to your browser, which then embeds it into the website. Through this integrated plugin, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the US and stored there. If you are logged into Facebook, Facebook can link your visit to our website directly to your Facebook profile. If you interact with the plugins, by pressing the “Like” button, for example, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
Please see Facebook’s privacy policies for the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and settings options for protecting your privacy. If you do not want Facebook to link any information collected from your visit to our website with your Facebook profile, you should log out of Facebook before you visit our website.
Our website uses plugins from the social network Google Plus, which is operated by Google, Inc. These plugins are recognisable by buttons with the “+1” icon on a white or colour background. For an overview of Google plugins and their appearance, please visit here.
When you activate the plugin (first click), your browser makes a direct connection to the Google servers. The content of the plugin is transferred from Google directly to your browser, which then embeds it into the website. Through the integrated plugin, Google receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Google Plus profile or are not currently logged into Google Plus. This information (including your IP address) is transmitted by your browser directly to a Google server in the US and stored there. If you are logged into Google Plus, Google can link your visit to our website directly to your Google Plus profile. If you interact with the plugins, by pressing the “+1” button, for example, the corresponding information is also transmitted directly to a Google server and stored there. The information is also published to Google Plus and displayed to your contacts there.
Please see Google’s privacy policies available here for the purpose and scope of data collection and the further processing and use of data by Google, as well as your rights and settings options for protecting your privacy.
If you do not want Google to link any information collected from your visit to our website to your profile on Google Plus, you should log out of Google Plus before you visit our website. You can also completely avoid loading the Google plugin with add-ons for your browser, for example, using the script blocker “NoScript”.
Plugins from the Twitter, Inc. network are integrated into our website. These Twitter plugins (“Tweet” button) are recognisable by the Twitter logo (a white bird on a blue background) and the phrase “Tweet”. When you visit a page of our website that contains this kind of social plugin, a direct connection is made between your browser and the Twitter servers. Through this connection Twitter receives the information that you have visited our site from your IP address. If you click on the “Tweet” button while you are logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to link your visit to our site to your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Twitter or how Twitter uses these data. You can find more information here. If you do not want Twitter to be able to link your visit to our pages to your Twitter account, please log out of your Twitter account.
YouTube video plugins
Content from third-party providers is incorporated into our website. This content is provided by Google, Inc. (hereinafter referred to as the “Provider”).
YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).
Extended data protection settings are activated in respect to YouTube videos incorporated into our website. This means that no information is collected from website visitors by YouTube and stored by them unless visitors play the video.
Please see Google’s privacy policies for the purpose and scope of data collection and the further processing and use of data by the provider,
as well as your rights and settings options for protecting your privacy.
Recipients outside the EU
With the exception of the processing stipulated in the sections on internet technology and social media plugins, we do not disclose your data to recipients whose registered office is located outside of the European Union or the European Economic Area. The processing set out above involves data being transferred to servers run by the providers of tracking and targeting technology we have commissioned to work for us. These servers are located in the US. Data are transferred in accordance with the principles of the privacy shield, as well as on the basis of the EU Commission’s standard contractual clauses.
In addition to your right to revoke any consent you have granted us, you are entitled to the following rights if the respective legal conditions apply:
Right of access to your personal data stored with us pursuant to Article 15 GDPR; in particular, you are entitled to access information about the purpose of the processing, categories of personal data, categories of recipients to whom personal data have been disclosed or are to be disclosed, the planned storage period and the origin of your data, provided these data were not collected from you directly;
Right to rectification of incorrect or incomplete data pursuant to Article 16 GDPR;
Right to erasure of the data we have stored about you pursuant to Article 17 GDPR unless we are required to comply with any statutory or contractual retention periods or other statutory requirements or rights regarding further storage;
Right to restriction of the processing of your data pursuant to Article 18 GDPR where the accuracy of the data is contested by you, its processing is unlawful, but you object to its erasure; the controller no longer needs the data but you need them to assert claims, or exercise or defend claims, or you have lodged an objection against these data being processed pursuant to Article 21 GDPR;
Right to data portability pursuant to Article 20 GDPR, i.e. the right to receive the data we have stored about you in a commonly used, machine-readable format or to request that these data be sent to another controller;
Right to lodge a complaint with a supervisory authority. In general, you may contact the supervisory authority in your usual place of work or residence or in the location of our company headquarters for this purpose.
Right to object
Under the provisions of Article 21 Paragraph 1 GDPR, objections may be asserted against data processing for reasons based on the data subject’s particular situation.
The above general right to object shall apply to any and all processing purposes stipulated in this information on data protection where processing is undertaken on the basis of Article 6 Paragraph 1(f) GDPR. Unlike the specific right to object to data being processed for advertising purposes, under the GDPR we are only required to comply with a general objection if you specify the reasons behind this, where these reasons must demonstrate an overriding interest (e.g. possible risk to life or health). Furthermore, you have the option to contact the competent supervisory authority responsible for us or to contact our data protection officer.
Any and all data send by you personally, including your payment details, shall be transmitted using the secure SSL (secure socket layer) standard that is commonly used. SSL is a secure, proven standard that is used in online banking, for example. You can recognise a secure SSL connection by the s attached to the end of http (i.e. …) in your browser’s address bar, or by the lock symbol in the lower part of your browser.
In addition to this, we use appropriate technical and organisational security measures to protect the personal data we have stored about you against manipulation, partial or total loss, and unauthorised access by third parties. We continually work to improve our security measures in line with technological developments.