We appreciate your interest in our website. The security of your personal data is of utmost importance to us. Therefore, we would like to inform you below which data of your visit we use for which purposes.
Last amended on: 19/05/2018
69121 Heidelberg, Germany
Types of the data processed:
- Inventory data (e.g., names, addresses)
- Contact information (e.g., e-mail, phone numbers)
- Content data (e.g. text input, photographs, videos).
- Contract data (e.g. subject matter of the contract, term, customer category)
- Payment data (e.g. bank details, payment history)
- User data (e.g., websites visited, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Hereinafter, unless further described, referred to as “data”.
Processing of special categories of data (Art. 9 (1) GDPR):
In principle, no special categories of data are processed unless they are sent by the users for the processing, e.g., entered in online forms.
Categories of data subjects:
- Customers/prospective customers/suppliers.
- Visitors and users of the online offer.
In the following, we also refer to the data subjects as “users”.
Restriction of processing
- Provision of the online offer, its content and features.
- Provision of contractual services, servicing and customer support.
- Responding to contact inquiries and communicating with users
- Marketing, advertising and market research.
Applicable legal bases
- We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with Article 32 GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing, as well as probability and severity of the risk to the rights and freedoms of natural persons; the measures shall include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. Furthermore, we have established procedures that guarantee the exercise of data subject rights, deletion of data and responding to data risks. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the the general principles relating to personal data processing, the principles of data protection by design and by default. (Art. 25 GDPR).
- These security measures include, in particular, the encrypted transmission of data between your browser and our server.
Cooperation with contract processors and third parties
- If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, pass on the data to them or otherwise grant them access to the data, this shall only take place on the basis of a legal authorisation (e.g., if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 (1) (b) GDPR is required for contract fulfilment), your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g., if agents, web hosts, etc. are commissioned).
- If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this takes place on the basis of Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this shall only take place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we only process the data in a third country or have the data processed in a third country if the specific requirements of Art. 44 (ff) GDPR are met. This means, for example, that the processing is carried out on the basis of specific safeguards, such as the officially recognised determination of a data protection level corresponding to the EU (e.g., for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of the data subject
- You are entitled to request confirmation as to whether the data concerned are being processed and to request information about the data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
- Pursuant to Art. 16 GDPR, you are entitled to request the completion or rectification of your personal data.
- In accordance with Art. 17 GDPR, you are entitled to request that the relevant data be erased without undue delay or, alternatively, demand a restriction on the processing of the data in accordance with Art. 18 GDPR.
- You are entitled to request that the personal data you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other controllers.
- In accordance with Art. 77 GDPR you are entitled to lodge a complaint with the competent supervisory authority.
Right of revocation:
You have the right to revoke consent once granted in accordance with Art. 7 (3) GDPR at any time with effect for the future.
Right to object
You can choose to opt out of the future processing of your personal data at any time in accordance with Art. 21 GDPR. This right to object applies in particular to the processing of data for the purposes of direct advertising.
Cookies and right to object in direct advertising
Deletion of data
- According to statutory regulations, documents must be retained for six years as per Section 257 (1) of the German Commercial Code (HGB) (accounting ledgers, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and for 10 years as per Section 147 (1) of the German Fiscal Code (AO) (accounts and records, situation reports, accounting records, trade and business letters, other documents of relevance for taxation, etc.).
Provision of contractual services
- We process inventory data (e.g., names and addresses as well as contact information of users), contract data (e.g., services used, names of contacts, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 (1) (b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
- Users can optionally create a user account, in particular by viewing their orders. During the registration process, the required information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data with regard to the user account will be deleted, subject to their retention, for commercial or tax reasons, in accordance with Art. 6 (1) (c) GDPR . It is the responsibility of the users to back-up their data in the event of termination taking place before the end of the agreement. We are entitled to irretrievably delete all user data stored during the term of the contract.
- As part of the registration and repeated logins and the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as those of users, to protect against abuse and other unauthorised use. Distribution of this data to third parties does not take place as a matter of principle, unless it is required to pursue our claims or a legal obligation for this exists in accordance with Art. 6 (1) c of the GDPR.
- We process user data (e.g., the visited websites of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for marketing purposes in a user profile in order to show the user product information based on their previously used services, for example.
- The deletion takes place after the expiry of statutory warranty and similar obligations, the necessity of the retention of the data is reviewed every three years; in the case of statutory archiving obligations the deletion takes place after their expiry (termination of the retention obligation under commercial law (6 years) and tax law (10 years)); user account information remains until deleted.
- When you contact us (via contact form or e-mail), the information provided by the user to process the contact inquiry and its processing will be managed in accordance with Art. 6 (1) (b) GDPR.
- The inquiries that are no longer necessary are deleted. We review the requirement every two years; requests from customers who have a customer account are stored permanently and are linked to the customer account details for deletion. In the case of statutory archiving obligations, the deletion takes place after their expiry (termination of the retention obligation under commercial law (6 years) and tax law (10 years)).
- If users leave comments or other reviews, their IP addresses are stored on the basis of our legitimate interests as defined in Art. 6 (1) (f) GDPR.
- This takes place for our safety, if someone leaves illegal contents in comments and contributions (insults, forbidden political propaganda, etc.). In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author.
Collection of access data and log files
- For the purposes of our legitimate interests, in accordance with Art. 6 (1) point f GDPR, we collect data every time the server on which the service is located is accessed (so-called server log files). These access logs include the name of the webpage and/or file accessed by the user, the date and time of access, the amount of data transferred, notification of successful retrieval, details of the web browser used (including the version), the User’s operating system, the referrer URL (of the previous page linking to our website), the IP address and the requesting provider.
- Log file information is retained for security reasons (e.g. to detect improper use or fraud) for a maximum of seven days before being deleted. Data that is to be retained as evidence shall be excluded from deletion until the relevant case has been finalised.
Online presence in social media
- We maintain online presence based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR within social networks and platforms in order to communicate with active customers, prospective customers and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
Cookies & reach measurement
- Cookies are data packets that are transferred from our web server or third parties’ web servers to the user’s web browser and stored there for later retrieval. Cookies may comprise small files or any other kinds of information storage.
- We use “session cookies”, which are only stored on our website throughout your current visit (e.g., to enable the storage of your login status or the the shopping cart function and thus the use of our website). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close your browser, for example. Similarly, we use “Persistent cookies”. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
- If the user does not wish cookies to be stored on their computer, we hereby request that they disable the relevant option in their browser settings. Stored cookies can be deleted in the browser settings at any time. Disabling cookies may prevent you from enjoying the full functionality of these websites.
- You can block cookies that are used for tracking and online advertising by visiting the opt-out page of the network advertising initiative (http://optout.networkadvertising.org/) and also by managing your preferences on the U.S. website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
- Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google will use this information on our behalf for the purpose of evaluating use of our Websites by the User, compiling reports on activity on the Websites, and providing us with other services relating to the use of the Websites and use of the Internet. This process may involve creating pseudonymised usage profiles of users from the processed data.
- We use Google Analytics to display the Google add and its affiliate advertising services, only to those users who have shown an interest in our online offering or who have certain features (e.g., interests in certain topics or products that are determined by the websites visited) that we transmit to Google (so-called “Remarketing” or “Google Analytics Audiences”). With Remarketing Audiences, we also want to make sure that our ads are in line with the potential interest of users and are not annoying.
- We only use Google Analytics with IP anonymisation enabled. This means that Google truncates the user’s IP address within Member States of the European Union and in other countries that are party to the Agreement on the European Economic Area. The complete IP address will be transferred to a Google server in USA and truncated there only in exceptional cases.
- For more information on how Google uses data and how to opt out, please refer to Google’s websites: https://www.google.com/intl/de/policies/privacy/partners(“How Google uses data when you use our partners’ sites or apps”), https://policies.google.com/technologies/ads (“How Google uses data in advertising”), https://adssettings.google.com/authenticated (“Control the information Google uses to show you ads”).
Amazon affiliate program
Integration of third-party services and content