Responsible for data processing:
1. Access data and hosting
You can visit our websites without providing personal information. Whenever you call up a website, the web server simply automatically saves a socalled server log file, which contains e.g. the name of the requested file, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call.
This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the site and improving our offer. In accordance with art. 6 para. 1 sentence 1 lit. f GDPR, this serves to protect our legitimate interests in a correct presentation of our offer, which are predominant in the context of a weighing of interests. All access data will be deleted at the latest seven days after the end of your visit to our website.
Hosting services through a third-party provider
In the context of processing on our behalf, a third party provider provides us with the services for hosting and displaying the website. All data collected in the course of using this website or in forms provided for this purpose in the online shop as described below are processed on its servers. Processing on other servers only takes place within the framework described here.
This service provider is located within a country of the European Union or the European Economic Area.
2. Data collection and use for contract processing and contacting
We collect personal data when you voluntarily provide us with this information when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, because in these cases we need the data for the processing of the contract or for the processing of your contact and you cannot send the order or contact without their indication. Which data is collected can be seen from the respective input forms. We use the data you provide us with in accordance with art. 6 para. 1 sentence 1 lit. b GDPR for contract processing.
After complete processing of the contract, your data will be restricted for further processing and deleted after expiry of the tax and commercial law retention periods, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this which is legally permitted and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or by using a function in the customer account intended for this purpose.
3. Data processing in third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of services of third parties or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Subject to express consent or transfer required by contract or by law, we process or allow the data to be processed only in third countries with a recognised level of data protection, including the US processors certified under the Privacy Shield, or on the basis of special guarantees, such as contractual obligations under so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).
4. Cookies and web analysis
In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages, provided that you have given your consent to do so in accordance with art. 6 para. 1 p. 1 lit. a GDPR.
Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser the next time you visit us (persistent cookies). You can see the duration of storage in the cookie settings of your web browser. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be limited. Every browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for each browser under the following links:
Furthermore, you can revoke your consent at any time by sending a message to the contact option described in the data protection declaration.
Use of Google (Universal) Analytics for web analysis
If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, this website uses Google (Universal) Analytics for the purpose of website analysis. The web analysis service is an offer of Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser within the framework of Google Analytics is not combined with other Google data. The data collected in this context will be deleted after the end of the purpose and use of Google Analytics by us.
As far as information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.
You can revoke your consent at any time with effect for the future by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google.
5. Online-Marketing and plugins
On this website the script code “Google Fonts” is integrated. Google Fonts is an offer of Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). This serves to safeguard our legitimate interests, which outweigh our own in the context of a balancing of interests, in a uniform presentation of the content on our website in accordance with Art. 6 para. 1 lit. f) GDPR. Within this framework, a connection is established between the browser you use and the Google servers. This enables Google to know that our website has been accessed via your IP address.
Instagram plugins and -content
6. Social Media
Use of social plugins from Facebook, Twitter, Instagram, Pinterest, Whatsapp using the Shariff solution.
Social buttons from social networks are used on our website.
This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plug-ins, but only by using an HTML link. This integration ensures that when a page of our website containing such buttons is called up, no connection is yet established with the servers of the provider of the respective social network.
If you click on one of the buttons, a new window of your browser will open and call up the page of the respective service provider, where you can (if necessary after entering your login data) press the Like or Share button, for example.
The purpose and scope of data collection and the further processing and use of data by the providers on their sites as well as a contact option and your rights and settings options for the protection of your privacy can be found in the providers’ data protection information:
Our online presence on Facebook, Twitter, Youtube, Instagram and Vimeo
Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. There we inform about our products and current special offers.
When you visit our online presence in social media, your data may be automatically collected and stored for market research and advertising purposes. So-called user profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your end device. The visitor behaviour and interests of the users are stored in these cookies. This serves according to art. 6 para. 1 lit. f. GDPR, this serves to safeguard our legitimate interests, which predominate in the context of weighing up interests, in an optimised presentation of our offer and effective communication with customers and interested parties. If you are asked by the respective social media platform operators for consent (permission) to data processing, e.g. with the help of a checkbox, the legal basis for data processing is art. 6 para. 1 lit. a GDPR.
Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: The European Commission has issued an adequacy finding for the USA. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.
For detailed information on the processing and use of data by the providers on their sites as well as a contact option and your rights and settings options for the protection of your privacy, in particular the possibility to object (opt-out), please refer to the providers’ data protection information linked below. Should you nevertheless require assistance in this regard, you can contact us.
Data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with art. 26 GDPR, which you can view here.
You can find further information on data processing when visiting a Facebook fan page (information on Insights data) here.
Google/ YouTube: https://policies.google.com/privacy?hl=de
Google/ YouTube: https://adssettings.google.com/authenticated
7. Blogs and publication media
We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers’ data are processed for the purposes of the publication medium only to the extent necessary for its presentation and for communication between authors and readers or for security reasons. In addition, we refer to the information on the processing of visitors to our publication medium in the context of this data protection notice.
Comments and contributions: If users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and contributions (insults, prohibited political propaganda, etc.) In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author.
Furthermore, based on our legitimate interests, we reserve the right to process user information for the purpose of spam detection.
The personal information provided in the comments and contributions, any contact and website information as well as the content information will be permanently stored by us until the users object.
Retrieval of WordPress emojis and smilies: Within our WordPress blog, graphic emojis (or smilies), i.e. small graphic files that express feelings, are used for the purpose of efficiently integrating content elements, obtained from external servers. The providers of the servers collect the IP addresses of the users. This is necessary so that the emoji files can be transmitted to the users’ browsers.
Profile pictures of Gravatar: We use the service Gravatar within our online offer and especially in our blog.
Gravatar is a service where users can register and post profile pictures and their email addresses. If users leave posts or comments on other websites (especially blogs) using their e-mail address, their profile pictures can be displayed next to the posts or comments. For this purpose, the e-mail address provided by the user is transmitted in encrypted form to Gravatar for the purpose of checking whether a profile is stored for it. This is the only purpose of transmitting the e-mail address. It will not be used for other purposes, but will be deleted afterwards.
The use of Gravatar is based on our legitimate interests, as Gravatar allows us to offer the authors of contributions and comments the possibility to personalise their contributions with a profile picture.
By displaying the images, Gravatar can find out the IP address of the user, as this is necessary for communication between a browser and an online service.
If users do not want a user picture linked to their email address to appear in their comments on Gravatar, they should use an email address that is not stored with Gravatar. We would also like to point out that it is also possible to use an anonymous e-mail address or no e-mail address at all, if users do not want their own e-mail address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system.
- Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contract data (e.g. subject of contract, duration, customer category).
- Persons concerned: Users (e.g. website visitors, users of online services).
- Purposes of processing: Contractual performance and service, feedback (e.g. collection of feedback via online form), security measures, administration and answering of inquiries, provision of our online offer and user-friendliness.
- Legal bases: Fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR), consent (Art. 6 para. 1 sentence 1 lit. a GDPR), protection of vital interests (Art. 6 para. 1 sentence 1 lit. d. GDPR)
Used services and service providers:
8. Contact details and your rights
As an affected person you have the following rights:
- in accordance with art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
- according to art. 16 GDPR the right to demand the immediate correction of incorrect or completion of your personal data stored with us;
- pursuant to art. 17 GDPR the right to demand the deletion of your personal data stored by us, unless further processing of the data
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation;
- for reasons of public interest, or
- is necessary for the assertion, exercise or defence of legal claims
- according to art. 18 GDPR, the right to demand the restriction of the processing of your personal data, provided that
- the correctness of the data is disputed by you;
- the processing is unlawful, but you object to its deletion
- we no longer need the data, but you need it to assert, exercise or defend legal claims or
- you have lodged an objection to the processing pursuant to art. 21 GDPR
- in accordance with art. 20 GDPR, the right to receive the personal data you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party
- pursuant to art. 77 GDPR the right to complain to a supervisory authority. As a rule, you can turn to the supervising authority of your regular place of residence or work or to the supervisory authority of our registered office.
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consents granted or objection to a specific use of data, please contact us directly via the contact data in our imprint.
Right of objection
Insofar as we process personal data as explained above in order to safeguard our legitimate interests, which are predominant when weighing up the interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. If processing is carried out for other purposes, you only have the right to object if there are reasons arising from your particular situation.
After exercising your right of objection, we will not further process your personal data for these purposes, unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims
This does not apply if the processing is for direct marketing purposes. In this case we will not process your personal data further for this purpose.