Privacy Policy
In this privacy policy we explain how we deal with your personal data according to the applicable data protection law, in particular the General Data Protection Regulation (GDPR). We do not share data with third parties with the exception of the service providers and third-party providers we specify in this policy. If you have any questions feel free to contact us!
Contents
- Person responsible
- General informationen
- Website hosting
- Cookies, tracking bugs and Mobile Identifier
- Contacting us
- Newsletter
- User comments
- Account creation
- Orders and payment
- Other third-party services
- Social media profiles
- Rights of data subjects
Person responsible
Responsible for the privacy policy is
Josefine Spenke
Carl-Hertel-Straße 25
09116 Chemnitz
Carl-Hertel-Straße 25
09116 Chemnitz
General Informationen
Provision of data
As a rule, there is neither a legal nor contractual requirement to provide personal data for the use of our website. As far as providing data is necessary for the conclusion of a contract or the user is obliged to provide personal data, we share this circumstance and the consequences the non-provision would have in this privacy policy.
Data transfer to non-EU countries
It is possible that we use service providers and third party providers that are located in countries outside of the European Union and the European Economic Area. The transmission of personal data into such third countries takes place, unless the user has given their consent to the data transfer, on the basis of an adequacy decision by the European Commission (Article 45 GDPR) or we have provided appropriate guarantees to ensure data protection (Article 46 GDPR). If there is an adequacy decision of the European Commission for the transfer of data to a third country we point this out in this privacy policy. Furthermore, it is possible for users to be provided by us a copy of appropriate guarantees, unless they\'re already included in the privacy policies of the service providers or third party providers.
Automated decision-making
Should we conduct automated decision-making including profiling we will inform you about this and any logic involved as well as the scope and intended effects of such processing in this privacy policy. Otherwise, automated decision-making does not take place.
Processing for other purposes
Data is generally only processed for the purposes for which it was collected. Should it, by way of exception, be processed further for other purposes we will inform you about these other purposes before this further processing takes place and and provide all other relevant information (Article 13 Paragraph 3 GDPR).
Website hosting
Every time our website is accessed, the user\'s browser transmits various data. For the duration of your visit to the website, the following data is processed and also stored in log files beyond the end of the connection:
- Browser type and version used
- Operating system
- Pages and files accessed
- Amount of data transferred
- Date and time of transferral
- The user\'s provider
- IP address in anonymized form
- Referrer URL
The processing of this data is necessary in order to be able to deliver the website to the user and for optimizing it for their end device. The storage in log files serves to improve the security of our website (e.g. protection against DDOS attacks). IP addresses are being anonymized before they are stored in log files.
The legal basis for processing is Article 6 Paragraph 1 Subparagraph 1 Letter f) GDPR. Our legitimate interest lies in providing the website and improving website security. Log files are automatically deleted after 7 days.
Cookies, tracking bugs and Mobile Identifier
We use technologies on our website to recognize the device used. This may include cookies, tracking bugs and/or mobile identifiers.
Recognizing a device may generally be done for different purposes. It may be necessary to provide certain functions on our website, e.g. to provide a shopping cart. In addition, the mentioned technologies may be used to understand user behavior on the site, e.g. for advertising purposes. Which technologies we use and for what purposes are being declared separetely in this privacy policy.
For better understanding, below we will explain in general terms how cookies, tracking bugs and mobile identifiers work:
- Cookies are small text files that contain certain information and are stored on the user\'s device. Most of the time it is an identification number assigned to a device (cookie ID).
- A tracking bug is a transparent graphic file that is integrated on a page and that enables log file analysis.
-
A mobile identifier is a unique number (mobile ID) that is stored on a mobile device and that can be read by a website.
Cookies may be necessary for our website to function properly. Legal basis for the use of such cookies is Art. 6 Paragraph 1 Subsection 1 Letter f) GDPR. Our legitimate interest lies in providing the functions of our website.
We use for the operation of our website non-essential cookies to make it more user-friendly or to be able to comprehend the use of our website. The legal basis here depends on whether the user\'s consent must be obtained or if we can rely on a legitimate interest. Consent given by the user can be revoked at any time through the settings in their browser, among other things.
The user can prevent the processing of data and object to the processing using cookies through the appropriate settings in their browser. In the event of an objection some functions may not be available on our website. We provide information about further options for objecting to processing of personal data through cookies separately in this privacy policy. If applicable we provide links with which an objection can be declared. These are labeled as "Opt-Out".
Cookie Consent Manager CCM19
We use the service CCM19 to manage consent of our users.
Provider:
Papoo Software & Media GmbH
Auguststr. 4
53229 Bonn
Germany
Provider:
Papoo Software & Media GmbH
Auguststr. 4
53229 Bonn
Germany
CCM19 is a service with which we can obtain consent from our users for the use of cookies. CCM19 automatically stores up to two cookies on the user\'s device. Firstly, the first-party cookie “ccm_consent”, which stores the user’s consent. Secondly, only in the case of “mass consent” across certain domains, the third-party cookie “CookieConsentBulkTicket”, which stores an encrypted key that enables mass consent across multiple domains.
The user\'s consent is being logged and documented by storing the user\'s anonymized IP address, the browser used ("User Agent"), the website URL, the date and time of consent and the unique, encrypted key stored in the data center of the Cybot cloud vendor, Microsoft Ireland Operations Ltd. in Dublin, Ireland.
The legal basis for processing is Article 6 Paragraph 1 Subparagraph 1 Letter f) GDPR. Our legitimate interest is to obtain the consent of our users required for the storage of cookies and in proof that we lawfully process personal data in connection with the use of cookies.
The cookies automatically expire 12 months from the user\'s consent and must then be renewed. Otherwise, data will be deleted after three years at the end of the year.
Contacting us
If you contact us, we process the user\'s information, date and time for processing the request including any further questions.
The legal basis for data processing is Art. 6 Paragraph 1 subparagraph 1 letter f) GDPR. Our legitimate interest lies in answering the inquiries our users. Additional legal basis is Art. 6 para. 1 subparagraph 1 letter b) GDPR if the Processing is necessary for the performance of a contract or to carry out pre-contractual measures.
The data will be deleted as soon as the request, including any further queries, has been answered. We check at regular intervals, but at least every two years, whether data accrued in connection with contact are to be deleted.
Newsletter
On our website users have the opportunity to subscribe to a newsletter. We process the data entered during subscription in order to be able to send a confirmation email to the user\'s email address. After confirmation, we process the data to be able to send newsletters. For the purpose of personalization, we may also process the user\'s name if the user provided it.
Upon subscription, the date and time as well as the user\'s IP address are saved to be able to provide proof of registration. After deregistration, we will continue to process this data for verification purposes and delete it after three years at the end of the year.
The legal basis for processing is consent of the user in accordance with Art. 6 Paragraph 1 Subparagraph 1 Letter a) GDPR. Otherwise, processing takes place according to Art. 6 para. 1 subparagraph 1 letter f) GDPR. Our legitimate interests are the sending of Newsletters, the personalized approach to the user and proof that the user has signed up for the newsletter.
User comments
On our website users have the opportunity to leave their own comments. When a comment is sent to us, we process the user\'s information. Additionally, we process date, time and the user’s IP address to protect against misuse of the comment function (e.g. through spam or criminal content).
The legal basis for processing is Art. 6 para. 1 subparagraph 1 letter f) GDPR. Our legitimate interest lies in being able to offer the comment function and the protection from misuse.
Account creation
Users have the opportunity to create an account on our website. In this context we process the data data entered during registration. We confirm the email address by sending a link to the user (double opt-in) to prevent misuse of the registration function. For this purpose we also process the date, time and the user\'s IP address. For verification purposes, we also process the date, time and IP address of the user upon click on the confirmation link.
The data will be deleted after three years at the end of the year when the user account is deleted, unless there is a longer legal retention requirement.
The legal basis for the processing is Article 6 Paragraph 1 Subparagraph 1 Letter a) GDPR, insofar as we have obtained consent from the user. In case the processing is necessary for the execution of a contract or for the implementation of pre-contractual matters, it is based on Article 6 Paragraph 1 Subparagraph 1 Letter b) GDPR. Otherwise, the legal basis is Art. 6 Paragraph 1 Subsection 1 Letter f) GDPR. Our legitimate interest lies in providing users access to our offer that requires registration, to protect us from misuse of the registration function and provide proof of proper registration. Our further legitimate interest lies in defending against possible claims after the user account has been deleted.
Orders and payment
Upon placing an order in our online shop we process the data provided when ordering, such as name, bank details or payment details, to process the order. We provide payment data to our payment service providers only insofar it is necessary to process the payment.
Legal basis for processing order data is Art. 6 Paragraph 1 Subsection 1 Letter b) GDPR. In case the user enters their order details through a user account, the legal basis is Art. 6 para. 1 subparagraph 1 letter a) GDPR. Otherwise, the processing is based on Art. 6 Paragraph 1 Subsection 1 Letter f) GDPR. Our legitimate interest lies in processing refunds and the pursuit of claims.
Order and payment data will be deleted as soon as it is no longer necessary for the processing of the order including reversal of payment (e.g. due to a cancellation or a withdrawal from the contract) as well as processing of warranty cases and there are no legal retention obligations. In the event that the user enters their order details for a repeat order in their user account, the data will be deleted together with the user account if it is not required for pocessing a specific order.
Paypal
When paying via Paypal, payment is processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
Other third party services
Bootstrap CDN
We use the content delivery network (CDN) BootstrapCDN.
Provider: StackPath LLC, 2021 McKinney Ave. Suite 1100, Dallas, TX 75201, USA.
Provider: StackPath LLC, 2021 McKinney Ave. Suite 1100, Dallas, TX 75201, USA.
Content is loaded from CDN servers. In order for a connection to be established, it is a technical necessity to transmit the user\'s IP address.
The legal basis for processing is Article 6 Paragraph 1 Subparagraph 1 Letter f) GDPR. Our legitimate interest lies in improving the speed and availability of our website.
Social media profiles
We are present on social media. Specifically, on Tumblr, Facebook, Instagram. When you contact us, we process personal data as described above under Contacting us.
The providers of social media process data in accordance with their data protection regulations, which can be found here:
If a user is logged in with their account, their activities on our profile in the respective social media may be linked to them. This may be possible across devices and possibly without a login, for example using cookies or mobile identifiers. The social network providers create pseudonymized user profiles based on the collected data, which they can use in particular to display personalized advertising.
Rights of data subjects
If the user\'s personal data is processed, he is a data subject within the meaning of the GDPR. Data subjects have the following rights:
Right to information: The data subject has the right to request confirmation as to whether personal data concerning them is processed. If personal data is being processed, the data subject has the right to free information about as well as a copy of the personal data that is the subject of processing.
Right to rectification: The data subject has the right to have any incorrect personal data corrected or completed immediately upon request.
Right to deletion: The data subject has the right to have data concerning them deleted immediately in accordance with the legal provisions.
Right to restriction of processing: The data subject has the right to request restriction of processing of data concerning them in accordance with legal provisions.
Right to data portability: The data subject has the right to have the personal data concerning them be transmitted to them in a structured, common and machine-readable format or to transmit it to another person responsible.
Right to object: The data subject has the right, for reasons arising from their special situation, to object at any time to the processing of personal data concerning them on the basis of Art. 6 para. 1 subparagraph 1 letter e) or f) GDPR; this also applies to a profiling based on these terms. If personal data is processed in order to conduct direct advertising, the data subject has the right to object at any time to the processing of personal data concerning them for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
Right of withdrawal: The data subject has the right to revoke their consent at any time.
Right to complain: The data subject has the right to complain to a supervisory authority.
Update status of the data protection declaration: August 7th 2024
This privacy policy has been created based on the generator at Einfach Abmahnsicher in cooperation with PRIGGE Recht.