The protection of the personal data of our users and customers is a priority for us. The use of our website is possible without providing personal data; however, in order to provide our services, the processing of personal data is necessary. In this case, we will obtain the data subject’s consent.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to us. By means of this data protection policy, we would like to inform the general public about the nature, scope, and purpose of the personal data we collect, use, and process. In addition, data subjects are informed, by means of this data protection declaration, of their rights to which they are entitled.
As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can, in principle, have security gaps, so that absolute protection may not be guaranteed.
VAT NUMBER: B58294547
Telephone: 93 786 06 47
This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be readable and understandable for the general public as well as for our customers and business partners. To ensure this, we would first like to explain the terminology used.
In this data protection declaration, we use the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.
b) Data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.
d.) Restriction of processing
Restriction of processing is the marking of stored personal data for the purpose of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s job performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
(g) Controller or controller responsible for processing
The controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for in Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body, to whom the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular investigation in accordance with Union or Member State law shall not be considered as recipients. The processing of such data by those public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing.
(j) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
The data subject’s consent is a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which, by a clear affirmative statement or action, he or she signifies his or her consent to the processing of personal data relating to him or her.
By means of a cookie, the information and offers on our website can be optimised with the user in mind. Cookies enable us, as mentioned above, to recognise users of our website. The purpose of this recognition is to make it easier for users to use our website. The user of the website using cookies, for example, does not have to enter login data each time he or she accesses the website, because the website takes care of this and the cookie is therefore stored on the user’s computer system. Another example is a cookie from a shopping cart in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.
The data subject can, at any time, prevent the setting of cookies via our website through the corresponding settings on the Internet browser used, and can therefore permanently refuse the setting of cookies. In addition, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the cookie settings in the Internet browser used, not all functions of our website may be fully usable.
For more information about cookies and how to deactivate cookies, please visit http://www.allaboutcookies.org.
DATA COLLECTION AND GENERAL INFORMATION
Our website collects a range of general data and information when a data subject or automated system calls up the website. This general data and information is stored in the server log files. Collected may be:
(1) the browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which a system accesses our website (so-called referrers),
(5) the date and time of access to the Internet site,
(6) an Internet Protocol address (IP address),
(7) the Internet service provider of the accessing system, and
(8) any other similar data and information that may be used in the event of attacks on our information technology systems.
By using these general data and information, we do not draw any conclusions on the subject matter of the data. Rather, this information is necessary to:
(1) deliver the content of our website correctly,
(2) optimise the content of our website and its advertising,
(3) ensure the long-term viability of our information technology systems and website technology; and
(4) to provide law enforcement authorities with information necessary for criminal prosecution in the event of a cyber-attack.
We therefore analyse anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. Anonymised data from server log files is stored separately from all personal data provided by a data subject.
PERSONAL INFORMATION WE COLLECT
When you visit our website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone and some of the cookies that are set on your device. In addition, as you browse the Site, we collect information about the individual web pages or products you view, the websites or search terms that referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “Device Information”.
We collect information from your device using the following technologies:
– “cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies and how to disable cookies, visit http://www.allaboutcookies.org.
– Log files” track actions that occur on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages and date/time stamps.
– Web beacons, tags and pixels are electronic files that are used to record information about how you navigate the Site.
In addition, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), e-mail address and telephone number. We refer to this information as “Order Information”.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information we collect in general to fulfil orders placed through our Website (including processing your payment information, arranging for shipment and delivering invoices and/or order confirmations). In addition, we use this order information to:
– Communicate with buyers
– Screen orders for potential risk or fraud; and
– When in line with the preferences you have shared with us, provide you with information or advertising related to our products or services.
We use the device information we collect to help us detect potential risks and fraud (in particular, your IP address) and generally to improve and optimise our site (for example, by generating analytics about how our customers browse and interact with the Site, and to evaluate the success of our marketing and advertising campaigns).
We share your personal information with third parties to help us use your personal information, as described above.
For example, we use WordPress to power our online shop.
We also use Google Analytics to help us understand how our customers use the Site; you can learn more about how Google uses your Personal Information here: https://www.google.com/intl/es/policies/privacy/.
You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information that we receive, or to otherwise protect our rights.
DATA SUBJECT RIGHTS
a) Right of confirmation
Each data subject shall have the right granted by the European legislator to obtain confirmation from the controller whether or not personal data concerning him or her is being processed. If a data subject wishes to make use of this right of confirmation, he or she may, at any time, contact any employee of the controller.
b) Right of access
Each data subject shall have the right granted by the European legislator to obtain from the controller free of charge information about his or her stored personal data at any time and a copy of this information. In addition, European directives and regulations grant the data subject access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the expected period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period;
- the existence of the right to request the controller to rectify or erase personal data, or to restrict or object to the processing of personal data relating to the data subject;
- the existence of the right to lodge a complaint with a supervisory authority;
- where personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the data subject.
In addition, the data subject shall have the right to obtain information on whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards related to the transfer.
If a data subject wishes to make use of this right of access, he or she may, at any time, contact any employee of the controller.
c) Right to rectification
Every data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data supplemented, including by providing a supplementary statement.
If a data subject wishes to exercise the right to rectification, he or she may, at any time, contact any employee of the controller.
d) Right to erasure (Right to be forgotten)
Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall be obliged to erase personal data without undue delay where one of the following grounds applies, provided that the processing is not necessary:
- The personal data are no longer necessary in relation to the purposes for which they were collected or processed.
- The data subject withdraws the consent on which the processing is based pursuant to point (a) of Article 6 (1) of the GDPR, or point (a) of Article 9 (2) of the GDPR, and where there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no compelling legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.
- The personal data has been unlawfully processed.
- The personal data must be erased in order to comply with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in connection with the provision of information society services referred to in Article 8 (1) of the GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by us, he or she may, at any time, contact any employee of the controller. An employee shall promptly ensure that the erasure request is complied with immediately.
Where the controller has made the personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller shall, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform the other Controllers processing the personal data that the data subject has requested that such Controllers erase any links to or copies or reproductions of such personal data, insofar as processing is not required. An employee shall organise the necessary measures in individual cases.
e) Right of restriction of processing
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following occurs:
- The accuracy of the personal data is challenged by the data subject, for a period that allows the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject objects to the deletion of the personal data and instead requests the restriction of their use.
- The controller no longer needs the personal data for processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to the processing pursuant to Article 21 (1) GDPR pending verification of whether the controller’s legitimate grounds outweigh those of the data subject.
- If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by us, he or she may at any time contact any employee of the controller. The employee will arrange the restriction of the processing.
f) Right to data portability
Each data subject shall have the right granted by the European legislator to receive personal data relating to him/her, which were provided to a controller, in a structured, commonly used and machine-readable format. You will have the right to transmit those data to another controller without hindrance from the controller to whom the personal data were provided, provided that the processing is based on consent in accordance with Article 6(1)(a) GDPR or point (a) of Article 9(2) GDPR, or a contract in accordance with Article 6(1)(b) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In addition, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have his or her personal data transmitted directly from one controller to another, where technically feasible and, where it does so, it does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time contact any employee.
g) Right to object
Each data subject shall have the right granted by the European legislator to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, which is based on point (e) or (f ) of Article 6 (1) of the GDPR. This also applies to profiles based on these provisions.
We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to the profiles insofar as they relate to such direct marketing. If the data subject objects to the data subject to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may contact any employee. In addition, the data subject is free, in the context of the use of information society services, and without prejudice to Directive 2002/58/EC, to exercise the right to object by automated means using technical specifications.
h) Automated individual decision-making, including profiling
Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly affects him or her, provided that the decision (1) is not necessary for entering into a contract between the data subject and a controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also provides for appropriate measures to be taken to safeguard the rights, freedoms and legitimate interests of data subjects, or (3) is not based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the conclusion of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
If the data subject wishes to exercise the rights concerning individual decision-making, he or she may, at any time, contact any employee.
i) Right to withdraw data protection consent
Each data subject shall have the right granted by the European legislator to withdraw the consent to processing of personal data concerning him or her at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee.
LEGAL BASIS FOR PROCESSING
Art. 6 (1) lit. a of the GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, where the processing operations are necessary for the supply of goods or to provide any other services, the processing is based on Article 6 (1) lit. b of the GDPR.
The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, e.g. for the fulfilment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR.
In exceptional cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor was injured in our company and his or her name, age, health insurance data or other vital information would have to be transmitted to a doctor, hospital or other third party. Then the processing would be based on Art. 6 (1) lit. d of the GDPR.
Finally, processing operations could be based on Article 6 (1) lit. f of the GDPR. This legal basis is used for processing operations which are not covered by any of the aforementioned legal bases, if the processing is necessary for the legitimate interests pursued by our enterprise or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. It considered that a legitimate interest could be implied by the fact that the data subject is a customer of the controller (recital 47, sentence 2, GDPR).
ROUTINE ERASURE AND BLOCKING OF PERSONAL DATA
The controller shall process and store the data subject’s personal data only for the period necessary to achieve the storage purpose, or to the extent authorised by the legislator or other legislators in laws or regulations to which the controller is subject.
If the storage purpose does not apply, or if a storage period prescribed by the European or other competent legislator expires, personal data are routinely blocked or erased in accordance with legal requirements.
Legitimate interests pursued by the controller or a third party
Where the processing of personal data is based on Article 6 (1) lit. f of the GDPRn our legitimate interest is to conduct our business in the best interests of all our employees and stakeholders.
Period for which personal data will be stored
The criterion used to determine the period of storage of personal data is the respective legal retention period. After the expiry of this period, the respective data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of a contract.
Provision of personal data as a legal or contractual requirement; Requirement necessary to enter into a contract; Obligation of the interested party to provide personal data; possible consequences of failure to provide such information.
We clarify that the provision of personal data is partially required by law (eg tax regulations) or may also be the result of contractual provisions (eg information about the contractual partner).
Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which we must subsequently process. The data subject is obliged, for example, to provide us with personal data when our company signs a contract with him or her. The non-provision of personal data will have the consequence that the contract with the interested party could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee.
The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the staff . data.
REGISTRATION ON OUR WEBSITE
The data subject has the possibility to register on the website of the controller with the indication of personal data. The personal data that is transmitted to the controller is determined by the corresponding input mask used for registration. The personal data entered by the data subject is collected and stored exclusively for the internal use of the controller and for its own purposes. The controller may request the transfer to one or more processors (for example, a parcel service) that also use personal data for an internal purpose that is attributable to the controller.
When registering on the website of the controller, the IP addresses assigned by the Internet service provider (ISP) and used by the data subject date and time of registration are also stored. The storage of this data takes place in the context that this is the only way to prevent misuse of our services and, if necessary, to allow the investigation of crimes committed. To the extent, the storage of this information is necessary to secure the controller. These data are not passed on to third parties unless there is a legal obligation to pass on the data, or if the transfer fulfills the purpose of criminal prosecution.
The registration of the data subject, with the voluntary indication of personal data, is intended to allow the controller to offer the contents or services of the data subject that can only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during registration at any time, or to completely delete them from the data stock of the controller.
The controller shall, at any time, provide information, upon request, to each data subject about the personal data stored about the data subject. In addition, the data controller will correct or delete the personal data at the request or indication of the data subject, insofar as there is no legal storage obligation. All employees of the controller are available to the data subject in this regard as contact persons.
SUBSCRIPTION TO OUR NEWSLETTER
On our website, users have the opportunity to subscribe to our company newsletter. The input form used for this purpose determines which personal data is transmitted, as well as when the newsletter is ordered from the controller.
We regularly inform our customers by means of a newsletter about commercial offers. Our newsletter can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter dispatch. A confirmation email will be sent to the email address registered by a data subject for the first time for sending newsletters, for legal reasons, in the double opt-in procedure. This confirmation email is used to check whether the owner of the email address as data subject is authorized to receive the newsletter.
During registration for the newsletter, we also store the IP address of the computer system assigned by the Internet Service Provider (ISP) and used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to understand the (possible) misuse of a data subject’s email address at a later date, and thus serves the purpose of the legal protection of the controller.
Personal data collected as part of a newsletter registration will only be used to send our newsletter.
In addition, newsletter subscribers can be informed by e-mail, insofar as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of changes to the newsletter offer, or in the event of a change in technical circumstances. No personal data collected by the newsletter service will be transferred to third parties. The subscription to our newsletter can be canceled by the interested party at any time. The consent to the storage of personal data, which the data subject has provided for the sending of the newsletter, can be revoked at any time. For the purpose of revoking consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.
FOLLOW UP OF OUR NEWSLETTER
Our newsletters contain tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format, to enable log file recording and analysis. This allows a statistical analysis of the success or failure of marketing campaigns. Based on the embedded tracking pixel, we can see if and when an email was opened by a data subject, and which links in the email were activated by data subjects.
Said personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the sending of the newsletter, as well as to adapt the content of future newsletters to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects have the right to revoke their declaration of consent to receive newsletters at any time. After a revocation, the controller will delete this personal data.
POSSIBILITY OF CONTACT THROUGH OUR WEBSITE
Our website contains information that allows quick electronic contact with our company, as well as direct communication with us through an email address. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data voluntarily transmitted by a data subject to the data controller is stored for the purpose of processing or contacting the data subject.
There is no transfer of this personal data to third parties.
COMMENTS FUNCTION ON OUR BLOG
We offer users the ability to leave individual comments on each of the articles on our blog, which is located on the controller’s website. A blog is a publicly accessible web-based service through which one or more people called bloggers or bloggers can publish articles on different topics. Blog posts are often commented on by third parties.
If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information on the date of the comment and on the user (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet Service Provider (ISP) to the data subject is also recorded. This storage of the IP address takes place for security reasons, in the event that the data subject violates the rights of third parties, or posts illegal content via a given comment. The storage of this personal data is therefore in the interest of the data controller, so that he can exculpate himself in the event of a breach.
This personal information collected will not be transmitted to third parties, unless such transfer is required by law or serves the purpose of the defense of the data controller.