Safety and Privacy
Privacy and security are especially important to us . Through constant optimisation of all technical security fundamentals, we are continuously improving the protection of your data.
If you voluntarily provide us with personal data, e.g. via our contact form, by e-mail or as part of the use of our online shop, the processing is carried out in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Data Protection Officer
Mister Arthur Bell, Email: firstname.lastname@example.org
Transfer of data
Your data is in good hands. We promise you that: We will not sell your personal data to third parties, nor lease it to other companies for advertising purposes.
We only share your personal information with third parties if:
- you have given us explicit consent to do so in accordance with Art. 6 para. 1 lit. a GDPR
- to the extent permitted by law and in accordance with Art. 6 para. 1 lit. b GDPR necessary for the settlement of contractual relationships with you, your personal data will be passed on to third parties. This includes credit institutions, postal and courier services and logistics companies.
- External service companies process data on our behalf as a processor. Your data is subject to the same privacy standards as ours. The recipient of the data may only use the data for the purposes for which the data was transmitted to them. The external service providers include data centres and companies that support us in the maintenance of computer equipment and IT applications.
- in the event that disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR there is a legal obligation.
- disclosure pursuant to Art. 6 para. 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data.
For further details on the transfer of personal data, please refer to the explanations below.
Personal data on this website are transmitted only in an encrypted form, using the TLS encryption method (Transport Layer Security, also known as SSL, Secure Sockets Layer). The TLS v1.2 method used is at this time one of the safest ways to encrypt data.
Through the application of the SSL encryption, your data will be mutated so that a third party could not reconstruct it before it is transmitted to the our server. This encryption procedure also ensures that your data will be sent exclusively to the server from which it was requested. Once the data is received by the our server, it is verified in regards to completeness and immutability.
Pursuant to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Personal data is therefore any data that is personally available to you, e.g. name, address, e-mail address, phone number or IP address.
Collection and storage of personal data and the nature and purpose of its use
When visiting the website
When you visit our website, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer (shortened in the logfile),
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- the browser used and, if applicable, the operating system of your computer and the name of your access provider.
The mentioned data will be processed by us for the following purposes:
- Ensuring a smooth connection of the website,
- Ensuring comfortable use of our website,
- evaluation of system security and stability as well as
- for other administrative purposes. The Companyuses the IP address to protect the customer and to prevent misuse of the website or to detect misuse. We point out that the IP address is only used in a shortened version and further processed in order to exclude a direct reference to a person.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
Orders in the online shop
We collect personal data when you voluntarily provide it to us for the purpose of carrying out a contract or opening a customer account. This can include, e.g. name, address and e-mail address. This data is used and stored by us for the execution of the contract and the delivery of your order (Art. 6 (1) (1) (b) GDPR for the execution of contractual relationships).
Processing of orders
In order for us to be able to process and deliver your online shop orders, we pass on the necessary data to the logistics company responsible for the delivery, e.g. name and delivery address (Art. 6 (1) (1) (b) GDPR for the execution of contractual relationships). You will then receive an e-mail to use the tracking service and to know when your package will arrive. The data transmitted in this way may only be used by the recipient for the purpose of performing his task. Any other use of the information is not permitted.
We use so-called cookies on some internet sites in order to enable web-based applications to manage the status of an online visit and to provide smooth navigation between the separate services and contents on the website as well as to provide the internet user with permanent settings on the our website.
A cookie is a small file that is transferred by us onto the user’s computer when he or she visits the our website. A cookie only contains information that we ourselfs transmit to the user’s computer – private files cannot be read by a cookie.
We use „session-based“ cookies that are not stored permanently on the visitor’s computer. These temporary cookies will be deleted after leaving the website. Using the gathered information, we are able to analyse usage patterns and structures of the website. This enables further continuous optimisation of the website by improving the content and the usage.
We also use “persistent“ cookies. These cookies remain on the customer’s computer,simplifying shopping and registration services during their next visit. For example, the cookies are able to remember which articles the customer has chosen for purchase while he or she continues to shop. Furthermore, the customer only has to enter passwords once on sites that require registration.
Permanent cookies can be removed manually by the user. The permanent cookies used by us will be stored for up to 1000 days on your hard disk. Afterwards, they are automatically deleted. Most of the standard browsers accept cookies by default. Temporary or stored cookies can be enabled or disabled independently in the browser’s security settings. If cookies are disabled, certain features on our webpages may not be available and some websites may not be displayed correctly.
In order to use the shopping cart and the checkout, session-related cookies have to be allowed!
The data processed by cookies are for the purpose of safeguarding our legitimate interests as well as the interests of third parties according to Art. 6. para. 1 sentence 1 lit. f GDRP or according to Art 6. para. 1 lit b GDRP. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message appears before a new cookie is created. Disabling cookies may result in not being able to use all of the features on our website.
Deletion and blocking of personal data
We only process and store personal data for the period of time required to achieve the purpose of storage (e.g. due business transaction) or which corresponds to a legal storage / retention period. If the purpose of the storage is omitted or if a legal storage / retention period expires, the personal data will be deleted. If legal storage / storage obligations should continue to exist, e.g. after proper business transaction or having answered your inquiry, we will restrict the processing, e.g. by blocking your data. If retention periods relating to commercial or tax law must be observed, the storage time for particular data may equal up to 10 years.
Rights of the affected person
As an affected person(s), you have the right:
- to demand information about your personal data processed by The Company in accordance with Art. 15 GDPR. In particular, you have the right to information regarding processing purposes, the recipients or categories of recipients to whom the personal data have been disclosed, the planned duration for which the personal data is stored, the right of rectification, deletion, limitation of the processing or the right to object to such processing, all available information on the source of the information, and the existence of an automated decision-making process;
- to request the immediate correction or completion of incomplete personal data in accordance with Art. 16 GDPR;
- to demand, in accordance with Art. 17 GDPR, the immediate deletion of your personal data, unless the processing is necessary for the fulfilment of a legal obligation by The Companyor for the performance of a public interest task or in the exercise of public authority delegated to The Companyand /or assertion, exercise, or defence of legal claims;
- to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, as far as the accuracy of the personal data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data, but you require them to assert exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- to receive personally identifiable information provided to The Companyin accordance with Art. 20 GDPR, in a structured, common and machine-readable format, and to transfer that data to another responsible person;
- to revoke your once given consent to us at any time pursuant to Art. 7 para. 3 GDPR. As a result, we are not allowed to continue the data processing based on this consent for the future and
- to lodge a complaint to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
Right to withdraw
If your personal data is based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation.
If you exercise your right of objection, we will stop the processing of the data concerned. However, we can continue to process your personal data, despite your objections, if in the case of processing based on legitimate interests or on the performance of a task in the public interest/exercise of official authority, we can prove that we have compelling legitimate grounds that override your interests, rights and freedoms.
If you would like to make use of your rights, please send us an e-mail at email@example.com.