top of page

Data protection

PRIVACY POLICY 

 

 

 

This privacy policy applies to the website

 

Responsible person:

 

Marvin Piecuch

Gartenstrasse 6

47167 Duisburg

[E-mail]

 

Data protection officer:

 

            [Surname]

            [Address]

            [E-mail]

 

 

  1. Processing of personal data 

 

We process your personal data on the website as follows, among other things (for further data processing on the website, please see the following sections of this data protection declaration):

 

Log files when visiting the website

 

When you use our website, our hosting provider logs so-called “log file” data every time the server is accessed, such as the name of the website accessed, the previously visited page (“referrer” URL), product and version information of the browser used, etc the operating system, requesting provider, date and time of access, search engines used, country of access, amount of data transferred, names of downloaded files and IP address.

 

The legal basis for processing is Article 6 Paragraph 1 f) GDPR. Our legitimate interest in storing log file data lies in ensuring system security, including the investigation of misuse. The log file data will be deleted or anonymized after a maximum of 30 days, unless they are needed longer due to a security-relevant incident, for example for clarification or evidence purposes.

 

Contact :

 

For contact inquiries, we process your personal data such as name, address, email address, telephone number, etc., which we need to answer your request.

 

The legal basis for the processing of your personal data in the context of contact inquiries is Art. 6 Para. 1 b) GDPR, if your request is aimed at concluding a contract, otherwise Art. 6 Para. 1 f) GDPR, whereby our legitimate interest is in the Answering inquiries lies.

 

As part of contact requests, we store your personal data for as long as is necessary to process your request or in view of legal retention requirements.

 

Registration/orders:

 

When you register or place an order, we process your personal data such as name, address, email address, telephone number, date of birth, self-selected user name, payment data, etc., which we use to fulfill the contractual relationship with you or to carry out pre-contractual measures, which are made at your request.

 

We store your personal data collected during registration or orders for as long as is necessary to fulfill the contractual relationship (including, if applicable, the provision of the customer account) and/or to carry out pre-contractual measures at your request and/or with regard to due to warranty, guarantee or comparable obligations and/or with regard to legal retention periods.

 

The legal basis for the processing of your personal data collected during registration or orders is Art. 6 Para. 1 b) GDPR (“fulfillment of the contract”).

 

The provision of this personal data is not required by law or contract. However, it is necessary for the conclusion of the contract, i.e. the implementation of the registration or order, insofar as the relevant information is mandatory (instead of only voluntary) in our registration/order process.

 

Newsletter:


If you register for our newsletter, we process the data collected such as your email address, salutation, etc. for the purpose of sending the newsletter.

 

To the extent that data processing for the purposes described above takes place with your consent, the legal basis is Article 6 Paragraph 1 a) GDPR (consent). Otherwise, data processing is carried out on the basis of Article 6 Paragraph 1 f) GDPR (“legitimate interests”), whereby the legitimate interests lie in the purposes mentioned above.


We store the personal data that we need to send the newsletter for as long as we need it for this purpose or until you revoke your consent to receive the newsletter. Any legitimate continued storage for other purposes (e.g. customer communication) remains unaffected.

 

 

  1.  

 

Cookies are small text files that are stored on the user's computer and enable the user's use of the website to be analyzed.

 

Cookies can be used, for example, to make the use of the website easier and more convenient for the visitor or to enable certain functions in the first place, or, for example, to analyze visitor flows.

 

If personal data is also processed through individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 b) GDPR for the execution of the contract, in accordance with Art. 6 Para. 1 a) GDPR in the case of consent given or in accordance with Art. 6 Para. 1 f) GDPR to protect our legitimate interests in the commercial operation of our online offering and in a user-friendly and effective design of the site visit.

 

The storage period of the cookies can be limited to the duration of the respective browser session, i.e. the cookies are deleted after the browser is closed (temporary cookies); or the storage period can be longer in order to recognize the user on the next visit and then, for example, show him preferred content (persistent cookies). Unless we provide different information in this data protection declaration or as part of our cookie management services or other separate information about cookies, you should assume that cookies are persistent and that the storage period is up to two years. 

 

You have the option at any time to revoke your consent to the setting of cookies or to object to data processing through cookies by deleting the cookies in your browser settings.

 

You can also set your browser so that cookies are only accepted if you agree to this.

 

You can find an option to revoke, object and/or manage your cookies here: 

 

[insert button/link to cookie settings of your cookie tool here if necessary]

 

As for ad cookies, you can block and/or manage many of them through the following services:

 

            www.aboutads.info/choices/
          
www.youronlinechoices.com/uk/your-ad-choices/

www.networkadvertising.org/managing/opt_out.asp

However, if you reject cookies, you may not be able to use certain website features, services, applications or tools.

  1. Google Analytics


This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google bases this data transfer on the EU standard contractual clauses.

However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. To the extent that cookies are not only set on the website if you have given your consent, you can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

 

The data processed as part of the use of Google Analytics is according to …….…...  automatically deleted.

 

If the data processing takes place with your consent, the legal basis is Article 6 Paragraph 1 a) GDPR (consent). Otherwise, data processing is carried out on the basis of Article 6 Paragraph 1 f) GDPR (“legitimate interests”), whereby the legitimate interests lie in the purposes stated below.

You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link :

            https://tools.google.com/dlpage/gaoptout?hl=de

 

In accordance with Article 15 of the General Data Protection Regulation, you have the right to request information about the processing of your personal data (“right of access of the data subject”).

 

In accordance with Article 16 of the General Data Protection Regulation, you have the right to request the correction and deletion of inaccurate personal data concerning you (“right to rectification”).

 

According to Article 17 of the General Data Protection Regulation, you can request the deletion of personal data concerning you if one of the reasons listed there applies (“right to be forgotten”).

 

Likewise, in accordance with Article 18 of the General Data Protection Regulation, you have the right to request that the processing of personal data concerning you be restricted if one of the conditions listed there applies (“right to restrict processing”).

 

In accordance with Article 20 of the General Data Protection Regulation, you have the right to be provided with personal data concerning you and to have this data transmitted to another person responsible (“right to data portability”).

 

Revocation of consent: See section “Right of revocation” in this data protection declaration.

 

Right to object: See the “Right to object” section in this data protection declaration.

 

You have the right to complain to the responsible supervisory authority.

 

 

You can revoke any consent you may have given to the processing of your personal data at any time, for example by sending an email to the email address provided at the beginning. This does not affect the lawfulness of the processing carried out based on consent until its revocation.

 

 

 

To the extent that our data processing is based on Article 6 Paragraph 1 f) GDPR (“legitimate interests”), you have the right to object to the processing of your personal data in accordance with Article 21 GDPR.

 

 

  1. Sharing your data

 

Unless already stated elsewhere in this data protection declaration, we pass on your personal data to the following other recipients or categories of recipients

 

  • Suppliers for dropshipping/drop shipping

  •  

 

Unless already stated elsewhere in this data protection declaration, we intend to transmit your personal data to the following third country or international organization.

 

 

 

This Privacy Policy should be accessible from each individual page of the Site via a “Privacy Policy” link.

 

You should remove information listed in this privacy policy, such as the third-party tool Google Analytics if you do not use these tools, so that the explanatory value of this privacy policy is not diluted. Conversely, information would have to be added about third-party tools that you use but which are not covered in this data protection declaration.

 

 The person responsible is usually the operator of the website, i.e. your company.

 Contact details of the data protection officer only need to be provided if a data protection officer is required or has been appointed voluntarily. The name of the data protection officer does not need to be stated. If a data protection officer is neither required nor appointed voluntarily, the item “Data protection officer” should be removed.

A data protection officer is necessary if at least 20 people in your company are constantly involved in the automated processing of personal data (i.e. constantly work on the PC with personal data - for example of employees or customers).
For details and other cases in which a data protection officer needs to be appointed, see here: https://www.lda.bayern.de/media/dsk_kpnr_12_datenschutzanwalt.pdf

 The transport of personal data, including the collection of personal data via a contact form, should be encrypted. A recognized encryption method is required.

 For contact forms, please note that information that is not required to process the contact request should only be collected as voluntary information.

 It should be noted that cookies that are not absolutely necessary to use a website, in particular cookies that are used for tracking and advertising purposes, may only be set if the user has actively given informed consent.

 If you use a cookie tool on the website and this tool provides a button/link to the cookie settings, then you should include this button/link here. Otherwise, you should delete this sentence.

  

In the opinion of the data protection authorities, Google Analytics may only be used with the consent of the visitors, in particular because, in the opinion of the data protection authorities, Google also uses the data of website visitors for its own purposes (i.e. that go beyond order processing). Regardless of this, consent is required due to the EU Cookie Directive, namely for the setting of technically unnecessary cookies, such as those that are regularly used in tracking tools. According to the ECJ, this consent must be given actively, so continuing to surf the website is not sufficient to grant consent.

 

To obtain consent, it is recommended to integrate a cookie tool on the website. There should be a clear reference to this data protection declaration in the focus of the checkbox with which cookie consent is granted.

 

However, even if consent is obtained, there remains a residual risk that the consent will be invalid, in particular because the information provided by Google about data processing may not be sufficient to properly inform the visitor.

 

If you want to avoid the data protection risk associated with the use of Google Analytics, you would have to avoid using it completely.

 

When using Google Analytics, the order processing contract provided by Google for online conclusion in your account should also be concluded.

 

 Google bases the transfer of data to the USA on the EU standard contractual clauses. However, in the opinion of the data protection authorities, these are generally not sufficient for data transfers to the USA without additional measures, seehere. However, it has not yet been clarified which specific additional measures could help. Apart from that, measures taken by the user alone would certainly not be enough. Accordingly, use of the service (as well as many other services that transmit personal services to the USA) in accordance with data protection law is currently not possible. If you want to avoid the associated data protection risk, you would have to refrain from using the service.

 A data protection-compliant use of Google Analytics is only possible if the users' IP addresses are anonymized. Anonymization takes place via the code extension “anonymizelp” (https://developers.google.com/analytics/devguides/collection/analyticsjs/ip-anonymization

 

If user profiles have already been created by Google Analytics without anonymization, these must be deleted. You can delete it in the Google Analytics administration by moving the so-called properties to the trash

 According to Art. 13 Para. 2 a) GDPR, you as a processor must specify how long the data will be stored or, if this is not possible, specify criteria for determining the duration of storage.

 

You can find out how you can set the duration of storage in the Google Analytics administration here:

 

https://support.google.com/analytics/answer/7667196?hl=de

 

It is not yet clear what period of time is appropriate for data retention. According to our assessment, the 26 months provided by Google Analytics as the “default” setting are still appropriate. 

 Please list here, if necessary, those recipients (including processors) to whom you disclose personal data, e.g. shipping service providers, credit rating service providers, payment service providers, marketing service providers, etc. In practice, it is widespread that the relevant recipients are not specifically identified. but only by type, for example “shipping service provider” or “payment service provider”. If you want to be legally certain, you would have to provide the recipients with their name/company and address, as far as possible.

 

If there are no such recipients, then the first paragraph (“Unless […] -from recipients”) should be deleted.

 If you intend to transmit the data to a recipient in a third country (third countries are countries outside the EU and the EEA states) or an international organization, you must expressly inform the person concerned of this.

If there are no such recipients, then the second paragraph ("Unless transmitted to an international organization") should be deleted.

 

Transfer to such recipients is permitted if there is an adequacy decision by the Commission that allows data transfer to the country in question in accordance with Article 45 (1) GDPR (adequate level of data protection).


You can find a list of the countries for which such an adequacy decision existshere see.

 

The person concerned may also need to be informed whether such an adequacy decision exists or not.

 

If there is no such decision – as is the case in the USA, for example – please let us know. The transfer can then, for example, be based on suitable guarantees in accordance with Article 46 (including the so-called EU standard contractual clauses) or Article 49 Paragraph 1 Sentence 2 (including the consent of the person concerned or the transfer is necessary to fulfill the contract ) be permissible.

bottom of page