General information on the handling of your data
1. Responsible office, contact
1.1 Responsible body within the meaning of the Data Protection Act
The responsible body within the meaning of Article 4 Paragraph 7 of the EU Data Protection Basic Regulation (DSGVO) is:
represented by the Managing Director Jürgen Bretfeld
Neuer Zollhof 2
Phone: +49 (0) 221 – 87 66 91 0
Contact person: Jürgen Bretfeld
Data protection officer:
reachable through: email@example.com
a) If you have questions regarding data protection, or if you wish to exercise rights or claims regarding your personal data, you can contact us using the contact details given above (under point 1.1.).
b) In our contact form, you must provide mandatory information to answer your inquiry, which is marked with an asterisk (your e‑mail address, your name and telephone number if applicable). We need this information in order to be able to process your inquiry and contact you. You can fill in the other fields voluntarily.
c) When you contact us (for example by telephone or e‑mail), your details will be stored in accordance with Art. 6 Para. 1 lit. b) DSGVO for the purpose of processing your enquiry and in the event that follow-up questions arise. We delete the data arising in this connection after storage is no longer required or restrict processing if there are legal storage obligations (see item 14).
2 Data processed by us
2.1 Legal bases
a) Personal data may be processed during each visit to our website. Your personal data will only be processed if it is legally permitted (legal basis). This is the case in accordance with Art. 6 Para. 1 DSGVO, if you have given us your consent, or the processing is necessary for the performance of our contract with you, or, in the event of an enquiry by you, pre-contractual measures are necessary, or the processing is necessary to protect your vital interests or those of another natural person, or the processing is necessary to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, outweigh these (balancing of interests)
b) The personal data collected from you will be deleted as soon as the purpose of the collection has ceased to apply (see item 14).
2.2 What are personal data?
a) What ‘personal data’ are, is derived from Article 4 of the Basic Data Protection Regulation (DSGVO). According to this article, personal data is information that can be assigned to your person by reasonable means. Personal data are divided into four groups. These include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of employees, payment information), usage data (e.g. the web pages visited by our online offer, interest in our products) and content data (e.g. entries in the contact form). Information that cannot be attributed to a specific or identifiable person, or only with a disproportionate expenditure of time, cost and labour, is not personal data as anonymous data.
b) In addition, when you visit our website, further data is also processed for technical reasons. This is mainly technical information such as the IP address that your Internet access provider assigns to your computer when you connect to the Internet, or information about the Internet page from which you accessed our website or about the type and version of the Internet browser you are using. However, this also includes login data, your operating system, download errors, the length of visits to certain pages, and all telephone numbers from which you call our customer service number. This technical information may be personal data in individual cases. As a rule, however, we only use technical information if this is necessary for technical reasons for the operation and protection of our website against attacks and misuse in accordance with Art. 6 Para. 1 lit. f. DSGVO is required.
2.3 What is meant by “processing?
What is meant by “processing” also follows from Article 4 of the Basic Data Protection Regulation (DSGVO). This includes all processes that are part of the handling of the data. The term “processing” covers not only the collection or recording, but also the organisation or organisation, storage, adaptation or modification. But also other ways of handling, such as the actual use, or the transmission or also the passing on, fall under the generic term of “processing”. Ultimately, this also includes the restriction, deletion or destruction of data.
3. Data security
The security of your personal data has a very high priority for us. We therefore protect your data stored with us through technical and organisational measures. This ensures that the regulations of the data protection laws are observed and loss or misuse by third parties is effectively prevented. In particular, our employees who process personal data are obliged to maintain data secrecy and must comply with it.
4. SSL encryption
Our website uses secure SSL encryption when transmitting personal data or personal content of our users. Please make sure that SSL encryption is activated for corresponding activities from your side. The use of encryption is easy to recognize: The display in your browser line changes from “http://” to “https://”. Data encrypted via SSL cannot be read by third parties. Therefore, please only transmit your confidential information if SSL encryption is activated and contact us if in doubt.
5. Collection of personal data when visiting our website
a) If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO):
b) For security reasons (e.g. to clarify acts of abuse or fraud), the information mentioned under a) is stored for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes will be retained until the matter has been finally clarified.
c) In addition to the data mentioned above, cookies are stored on your computer when you use our website. You will find more detailed information on cookies under point 9.
d) The data will be processed by us on the basis of our legitimate interests as defined in Art. 6 Par. 1 letter f. DSGVO. Under no circumstances will we use the data collected for the purpose of drawing conclusions about your person. The purposes pursued by us include in particular
6. Further functions and offers of our website
In addition to the purely informative use of our website, we offer various services which you can use if you are interested. To do so, you will usually have to provide additional personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
6.1 Establishing contact (contact form or email)
When you contact us (via contact form or e‑mail), your details will be processed for the purpose of processing the contact request and its handling in accordance with Art. 6 Para. 1 lit. b) DSGVO (necessary details within the framework of pre-contractual measures) or in accordance with Art. 6 Para. 1 lit. a) DSGVO (voluntary details within the framework of your consent). If you contact us by email, we will also save the contents that you have sent us by email. As far as we ask for entries via our contact form which are not necessary for contacting you, we have always marked these as optional by means of an asterisk. This information serves us to concretise your request and to improve the processing of your request. Any communication of this optional information is voluntary and with your express consent. As far as it concerns information on communication channels (e.g. telephone number, e‑mail), you also agree that we may contact you via this communication channel in order to answer your request. The personal data you provide will be used exclusively for the purpose for which you provided us with the data when you contacted us. You can of course revoke your declarations of consent at any time for the future. To do so, please contact our data protection officer, whose contact details you will find under point 1 of this data protection declaration. Your data will then be deleted.
We delete the data received in the course of contacting you as soon as they are no longer required for the purpose of your collection. For personal data from the input mask of the contact form and those sent by e‑mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified, at the latest, however, after 1 month after the last contact.
The personal data additionally collected during the sending process, which are no longer required for further conversation with you, will be deleted after a period of seven days at the latest.
6.2 Customer data
a) If you are a customer of ours, we will store your personal data for the duration of the contractual relationship and beyond that for a further 10 years, unless legal retention periods force us to store the data for a longer period (see item 14). This storage is based on Art. 6 Para. 1 lit. f) DSGVO. Our legitimate interest is based on the duration of the limitation period for contractual claims, which is a maximum of 10 years (from the time of knowledge of the claim).
b) We process the data that you have made available to us and which we receive from other publicly accessible sources.
c) The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. b) DSGVO. We process your data to enable a smooth business relationship.
We offer open source software on our website. We link the download to the respective website where the software is offered. If you click on the download link, you will be directed to an external website. The respective provider is responsible for the processing of your personal data on the external Internet pages. You can inform yourself there about the processing of your data in the respective data protection declaration.
7. Transfer of data to third parties and third party providers
a) Data will only be passed on to third parties within the framework of the legal requirements. We therefore only pass on user data to third parties if:
b) When passing on your personal data, we always ensure the highest possible security level. For this reason, your data will only be passed on to service providers and partner companies that have been carefully selected and contractually obliged to ensure that personal data is protected in accordance with the relevant legal regulations. For this purpose, we will inform you at the respective points of the data protection declaration.
c) We draw your attention to the fact that in addition to this data protection declaration, the data protection guidelines and declarations of the locally responsible partners and their authorised institutions may also apply.
d) If we pass on your data to third parties, we will draw your attention to this in a separate data protection declaration.
We use so-called “cookies” to store settings such as the shopping cart or the current login (session cookie). The data processed by cookies is required to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO (see Section 3.1.). Due to this basic functionality, you can only use the marketplace if cookies are stored. In the case of cookies that are not required for the provision of our website, we only use the cookies if you have given us your consent in accordance with Art. 6 Para. 1 S. 1 lit. a) DSGVO. We will ask you for your consent before using the cookies.
8.1 What are “cookies”?
Nearly all websites use different cookies today, so that the respective pages function as desired and the design and functions can be displayed optimally for you.
Cookies are information files that are transferred from our web server or web servers of third parties to your web browser and stored there. They are stored there for later retrieval. The information files are specific information relating to your respective device (PC, smartphone and browser used). This does not mean, however, that we obtain direct knowledge of your identity. Cookies are primarily used for the user-friendliness of websites (e.g. they store login data or the language). Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.
8.2 What types of “cookies” do we use?
This website uses transient and persistent cookies, the scope and function of which are explained below:
a) Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This enables your computer to be recognised when you return to our website. We therefore use these cookies to identify you for subsequent visits, if you have an account with us. Otherwise you would have to log in again for each visit. The session cookies are deleted when you log out or close the browser. These are often necessary cookies, but it is also possible to use non-essential cookies, the use of which you can object to.
b) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time. These cookies include, for example, those that save the login data and status or the respective subpage that you viewed last when leaving the website. However, marketing cookies also belong to the persistent cookies. You are therefore free to choose which cookies you want to allow and which not.
Most browsers automatically accept cookies. If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. This applies to those cookies that are processed neither for contractual reasons nor within the scope of our legitimate interest, provided that the legitimate interest in processing the data prevails (for more details, please refer to section 14 Right of objection). Stored cookies can also be deleted in the system settings of the browser. However, the exclusion of cookies can lead to functional limitations of this online offer. Information on how to deactivate cookies in the most common browsers can be found under the following links:
9. Integration of third party services and content
a) We do not pass on your personal data, which you have made available to us, to third parties, unless the data is required for the processing of your contract, there are justified interests or you have expressly consented to the passing on of the data. Insofar as we are legally obliged to do so, we will pass on your data to government agencies and authorities entitled to receive information. Our legitimate interests include, for example, the interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO.
b) When passing on your personal data, we always ensure the highest possible security level. Therefore, your data will only be passed on to service providers and partner companies that have been carefully selected and contractually obliged to ensure that personal data is protected in accordance with the relevant legal regulations.
c) Insofar as our service providers or partners have their registered office in a state outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
d) We analyse your behaviour, interests or demographic information such as your gender or age as part of our online presence. For this purpose, we use your IP address, which, however, we pseudonymize beforehand, i.e. we shorten your IP address so that it cannot easily be traced back to you when it is passed on to third parties.
10. Integration of other third party content
Why do we use the analysis tools?
For example, we can use the reach analysis to see which of our offers arouse the most interest at what time and which of our web offers are called up again. This enables us to optimise our offer and remove other less interesting offers. With these analysis methods we can see, for example, whether a browser is used less frequently and whether this is due, for example, to the display of our offers in this browser, or whether in general, the call by means of a mobile phone occurs more frequently than with other devices. In the following you will find out which analysis tools and services of third parties we use.
Due to the nature of the Internet, data is inevitably processed on a large number of third party servers until your request arrives on our web server or our provider; therefore, processing is also possible in “third countries” outside the EU/EEA. We have no influence on this process. Apart from these technical necessities, we do not transmit any personal data to countries outside the scope of the EU data protection regulation or without an adequate level of data protection. Hotjar stores your data for a maximum of 365 days.
Hotjar offers each user the option of preventing the use of the Hotjar tool by means of a “Do Not Track” header, so that no data about the visit to the respective website is recorded. This is a setting that is supported by all common browsers in current versions. To do this, your browser sends a request to Hotjar to disable tracking for that user. If you use our websites with different browsers/computers, you must set up the “Do Not Track Header” separately for each of these browsers/computers.
You can object to Hotjar storing a user profile and information about your visit to our website and to Hotjar tracking cookies on other websites if you click on this opt-out link.
10.2 Google Analytics
If you have given your consent, this website uses Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”). The use includes the operating mode “Universal Analytics”. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyse the activities of a user across devices.
Purposes of the processing
On behalf of the operator (within the framework of Google’s processing regulations: https://policies.google.com/technologies/partner-sites?hl=en) of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide further services to the website operator in connection with website and Internet use.
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO.
Recipients / categories of recipients
The recipient of the collected data is Google.
Transfer to third countries
The personal data will be transferred to the US under the EU-US Privacy Shield on the basis of the adequacy finding of the European Commission. You can download the certificate here.
Duration of data storage
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
Rights of data subjects
You can revoke your consent at any time with effect for the future by preventing the storage of cookies through a corresponding setting in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent Universal Analytics from collecting data across multiple devices, you must opt-out on all systems in use. If you click here, the opt-out cookie will be set to disable Google Analytics.
10.3 Google Adwords Conversion Tracking
In order to statistically record the use of our website and evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google Adwords sets a cookie (see item 8) on your computer if you have reached our website via a Google advertisement.
Data provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com;
Data protection terms of Google: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on the Adwords client’s website and the cookie has not expired, Google and the client may recognize that the user clicked on the ad and was redirected to that page.
Every Adwords customer receives a different cookie. Cookies can therefore not be tracked through the websites of Adwords clients. The information collected using the conversion cookie is used to compile conversion statistics for Adwords customers who have opted for conversion tracking. Adwords advertisers know the total number of users who have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
We use Snipcart for online shopping. The provider of this service is Snipcart inc. 2018, Québec City, Canada.
Snipcart stores the personal information you provide during the ordering process. For more detailed information about Snipcart’s data storage, please refer to Snipcart’s Data Processing Agreement at https://cdn.snipcart.com/legal/dpa.pdf and https://snipcart.com/terms-of-service.
In order for you to make payments to us securely and reliably, we use the help of payment service companies to provide our contractual performance and service. The legal basis for this is Art. 6 para. 1 b) and f) DSGVO. The terms and conditions of the payment service companies concerned, such as the General Terms and Conditions (GTC) or their data protection declarations, also apply.
Among other things, we use Stripe to process payments. Stripe is a service of Stripe Payments Europe Ltd. in Ireland and Stripe Inc. 510 Townsend Street, San Francisco, CA 94103, USA. Name data, address data, payment data, usage data, meta/communication data, bank data and contract data are processed. This data is immediately transmitted to the payment service provider. We ourselves have no access to this data. It is possible that we receive a confirmation of payment or negative information. We would like to point out that an identity and creditworthiness check may be carried out. Further information, such as the type, scope and purpose of data processing, can be found in the Stripe data protection declaration.
The legal basis for all the above analysis services is our legitimate interests (Art. 6 (1) lit. f DSGVO), which are as follows: Monitoring and maintaining the performance, stability and security of the website, simplifying the use and analysis of usage, trends and activities in connection with our website in order to make our internet offer as a whole more user-friendly and effective.
12. Applicant data
You will find further information about our company, details of the persons authorized to represent us and also further contact possibilities in our imprint.
If you send us your application documents, we process your data in order to check your suitability for an open position in our company and to carry out the application procedure. The legal basis for the processing of your personal data is § 26 BDSG n.F. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
We process or store your data for the duration of the application procedure and store the data for a further six months after the application procedure is completed. This is done on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f) DSGVO for the purpose of asserting or defending claims.
If you expressly request it, we will transfer your data to our pool of applicants. There the data will be deleted after two years. If you are accepted into our company as part of the application process, your data will be transferred to our personnel information system.
No data will be passed on to third parties or to a service provider. Suitable applications will be forwarded internally to the department managers responsible for the respective open position. The further procedure is then agreed. Within the company, only those persons who need access to your data for the proper processing of our application procedure have access to your data.
The data is processed exclusively in computer centres in the Federal Republic of Germany.
In relation to the processing of your personal data within the application procedure, you have the following rights:
13. Your rights to your data
You have the following rights to the data processed by you:
The quickest, easiest and most convenient way to exercise your rights to correct or delete personal data is to log in to your account and directly edit the data stored there or delete your account altogether.
14. Right of objection
a) If you have given your consent to the processing of your data, you can revoke this consent at any time. Such revocation will affect the permissibility of processing your personal data after you have given it to us.
b) Insofar as we base the processing of your personal data on the balancing of interests in accordance with Art. 6 Para. 1 lit. f) DSGVO, you may object to the processing. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing. We will inform you of such compelling reasons. You have the right to complain to a supervisory authority at any time (e.g. the supervisory authority at your place of residence or at the registered office of our company).
c) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising by using the contact details given in section 1.1.
d) If you would like to exercise your right of revocation or objection, an e‑mail to the person named in section 1.1. is sufficient.
15. General information on the deletion and retention periods of your data
a) The data stored with us will be deleted as soon as they are no longer required for the intended purpose. For details, please refer to the points of this declaration, which explain the nature and purpose of the respective processing of personal data.
b) Data that we are required to store due to legal, statutory or contractual retention obligations (e.g. for tax reasons) will be blocked instead of deleted to prevent use for other purposes. This includes, for example, storage for 6 years in accordance with § 257 para. 1 HGB (for trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) or storage for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
a) This data protection declaration is currently valid and is dated April 2019.
b) Updates of this data protection information may become necessary due to changes in the law or adjustments in data processing. We therefore recommend that you regularly check this page for changes. If the change affects your consent or the regulations of the contractual relationship, these will only be made with your consent. You will be contacted separately for this purpose.