We attach great importance to data protection. Your personal data are collected and processed in accordance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you the aforementioned portal. This declaration describes how and why your data are recorded and used and what options you have with regard to your personal data.
1 Data Controller
The Data Controller for collecting, processing and using of your personal data within the meaning of the GDPR isKarin Koberling-Whiteman
T +49 – (0)30- 313 67 11
If you wish to object to the collection, processing or use of your data by us on the basis of all of these data protection provisions in full or with regard to individual measures, you may send your objection to the aforementioned Data Controller.
2 General Information on Data Processing
2.1 Scope of Processing of Personal Data
We process the personal data of our users in principle only where necessary to provide a functioning website, as well as our contents and services. Our users' personal data are regularly only processed with the consent of the users. An exception will apply in cases where it is not possible to obtain approval for factual reasons and the processing of the data is permitted by statutory provisions.
2.2 Legal Basis for the Processing of Personal Data
If we obtain consent for processing procedures regarding personal data of the data subject, Art. 6(1)(a) General Data Protection Regulation (GDPR) will serve as the legal basis.
In case of processing of personal data that is necessary for the fulfillment of a contract to which the data subject is a party, Art. 6(1)(b) GDPR will serve as a legal basis. This also applies to processing necessary for the performance of pre-contractual measures.
If the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR will serve as the legal basis.
If the vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6(1)(d) GDPR will be the legal basis.
If the processing is necessary in order to protect justified interests of our company or of a third party and the interests, basic rights and basic freedoms of the data subject do not outweigh the aforementioned interests, Art. 6(1)(f) GDPR will serve as the legal basis for the processing.
2.3 Erasure of Data and Duration of Storage
The personal data of the data subject will be erased or blocked as soon as the purpose of the storage no longer exists. Data may also be stored if this is provided for by European or national legislators in directives, statutes or other regulations under European Union laws, to which the controller is subject. The blocking or erasure of data will also take place if the storage period prescribed by one of the aforementioned regulations expires, unless it is necessary for the data to be stored further to conclude or fulfil a contract or we are obligated to store the data for a longer period on the basis of storage and documentation obligations under taxation and commercial law (German Commercial Code, Penal Code or Fiscal Code).
2.4 Cooperation with Processors and Third Parties
Where we transmit data to other persons and companies (processors or third parties) within our processing or grant access to the data in other ways, this will only take place on the basis of a legal authorization, if you have consented, if a legal obligation provides for this, for the processing of contractual relationships with you or in cases where we have justified interests in the transmission of data (such as in case of the use of agents, web hosts, etc.). If we commission third parties to perform the processing of data on the basis of an "order processing agreement", this will take place on the basis of Art. 28 GDPR.
2.5 Data Security
As part of the website, we apply the widely used SSL procedure (secure socket layer) in connection with the relevant highest level of encoding that is supported by your browser. In general, this involves 256-bit encoding. If your browser does not support 256-bit encoding, we will use 128-bit v3 technology. You will be able to tell whether an individual page of our website is transmitted in an encoded manner based on the representation of the key and lock symbol in the status bar of your browser. We also use suitable technical and organizational security measures to protect your data from accidental or intentional manipulation, complete or partial loss, destruction or unauthorized access by third parties. Our security measures will be improved in accordance with the state of the art on a continual basis.
3 General Use of the Website
3.1 Access Data
We collect information about you if you use this website. We record information automatically about your use behavior and your interaction with us and register data about your computer or mobile device. We record, store and use data each time our website is accessed (server log files). The access data include name and URL of the file accessed, date and time of access, quantity of data transferred, reporting of successful access (HTTP response code), browser type and browser version, operating system, referrer URL (i.e., the page that was visited previously), IP address, and the enquiring provider.
We use these protocol data without allocating it to you personally and without otherwise creating a profile for statistical evaluations for the purposes of the operation, security and optimization of our website, but also for the anonymous recording of the number of visitors to our website (traffic), as well as of the scope and nature of the use of our website and services, and also for invoicing purposes in order to measure the number of clicks received by cooperation partners. Based on this information, we may make available personalized and location-based content and analyze data traffic, search for and correct errors, and improve our services. We reserve the right to check the protocol data subsequently if there is a justified suspicion of illegal use based on concrete evidence. We store IP addresses for a limited period in the log files, if this is necessary for security purposes or for the performance of services or for invoicing of services, e.g., if you take advantage of one of our offers. After the discontinuation of the order procedure or after receipt of payment, we delete the IP address, if it is no longer necessary for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website. In addition, we store the date of the last visit as part of your account (e.g., in case of registration, login, clicking on links, etc.).
3.2 Email Contact
If you get in touch with us (e.g., by contact forms or email), we store your information in order to handle the enquiry and also in case there are follow-up questions. We store additional personal data and only use them if you give your consent or if this is legally permitted without separate consent.
3.3 Legal Basis and Duration of Storage
The legal basis for data processing in accordance with the aforementioned items is Art. 6(1)(f) GDPR. Our interests in the data processing relate in particular to the safeguarding of the operation and security of the website, the examination of the nature of the use of the website by users, and the simplification of the use of the website.
Unless specifically stated, we will store your personal data only for as long as is necessary for the fulfillment of the intended purposes.
4 Your Rights as Data Subjects of the Data Processing
In accordance with the applicable laws, you have significant rights with regard to your personal data. If you want to assert these rights, please send your enquiry by email or mail to the address stated in item 1, clearly identifying yourself.
The following provides an overview of your rights.
4.1 Right to Confirmation and Information
You have the right at any time to receive a confirmation from us regarding whether personal data relating to you are being processed. If this is the case, you have the right to request information free of charge from us about your stored personal data in addition to a copy of such data. In addition, you have a right to the following information:
- 1. The purposes of processing;
- 2. The categories of personal data being processed;
- 3. The recipients or categories of recipients to which the personal data have been or will be made available, in particular recipients in third-party countries or in international organizations;
- 4. If possible, the planned duration for which the personal data will be saved, or, where this is not possible, the criteria for the setting of this period;
- 5. The right to rectification or erasure of the personal data relating to you or to restriction of the processing by the controller or of a right to object to such processing;
- 6. The right to complain to a supervisory body;
- 7. If personal data are not collected from you personally, all available information on the origin of the data;
- 8. The existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logistics involved, as well as the scope and the intended effects of processing of this kind on you.
If personal data are transmitted to a third-party country or to an international organization, you have the right to be informed of guarantees in accordance with Article 46 GDPR in connection with the transmission.
4.2 Right to Rectification
You have the right to request from us to rectify incorrect personal data relating to you without undue delay. Taking into account the purposes, you have the right to complete incomplete personal data – including by means of a supplementary declaration.
4.3 Right to Erasure ("Right to Be Forgotten")
You have the right to request that we delete your personal data without undue delay, and we are obligated to erase personal data without undue delay if one of the following reasons applies:
- 1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- 2. You withdraw your consent for the processing on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
- 3. You submit an objection in accordance with Article 21(1) GDPR against the processing and there are no higher-priority justified reasons for the processing, or you make an objection to the processing in accordance with Article 21(2) GDPR.
- 4. The personal data are processed unlawfully.
- 5. The erasure of the personal data is necessary for compliance with a legal obligation in accordance with European Union law or the law of a Member State.
- 6. The personal data were recorded with reference to services offered by the information company in accordance with Article 8(1) GDPR.
If we have made the personal data public and are obligated to erase them in accordance with Art. 17 GDPR, we will take appropriate measures taking into account the available technology and the implementation costs, including costs of a technical nature, to notify the controllers processing the personal data that you have requested that they delete all links to such personal data or copies or replications of such personal data.
4.4 Right to Restriction of Processing
You have the right to request that we restrict processing if one of the following requirements is in place:
- 1. You dispute the accuracy of the personal data, for a duration that makes it possible for us to check the accuracy of the personal data,
- 2. The processing is unlawful and you reject the erasure of the personal data and instead request the restriction of the use of the personal data;
- 3. We no longer require the personal data for the purposes of the processing, however, you require the data for the asserting, exercising or defense of legal claims; or
- 4. You have filed an objection to the processing in accordance with Article 21(1) GDPR, for as long as it has not been determined whether the justified interests of the company outweigh your justified interests.
4.4 Right to Data Portability
You have the right to receive the personal data relating to you that you have provided us with in a structured, current, machine-readable format, and you have the right to transmit such data to another controller without us preventing you from doing so, if:
- 1. The processing relates to consent in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or to a contract in accordance with Article 6(1)(b) GDPR and
- 2. The processing takes place with the aid of an automated process.
When exercising your right to data portability in accordance with paragraph 1, you have the right to request that the personal data should be transmitted directly from us to another controller if this is technically feasible.
4.6 Right of Objection
You have the right to file an objection at any time to the processing of personal data relating to you performed in accordance with Article 6(1)(e) or (f) GDPR for reasons that arise from your particular situation; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can prove that there are mandatory reasons for the processing that are worthy of protection and that take precedence over your interests, rights and freedoms, or if the processing serves the purpose of the asserting, exercising or defending of legal claims.
If we process personal data in order to perform direct advertising, you have the right to file an objection at any time to the processing of the data relating to you for the purpose of advertising of this kind; this also applies to profiling insofar as it is connected with direct advertising of this kind.
You have the right to file an objection to the processing of personal data relating to you that is performed for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR for reasons that arise from your particular situation, unless the processing is necessary for the fulfillment of a task that is in the public interest.
4.7 Automated Decisions including Profiling
You have the right not to be subject to a decision relating exclusively to automated processing, including profiling, that has a legal effect on you or represents a significant disadvantage to you in a similar manner.
4.8 Right to Revocation of Consent under Data Protection Law
You have the right to revoke consent for the processing of personal data at any time.
4.9 Right to File a Complaint with a Supervisory Body
You have the right to file a complaint with a supervisory body, in particular in the Member State where your residence or workplace is located or where the alleged breach occurred if you are of the opinion that the processing of your personal data is unlawful.
5 Data Security
We make every effort to guarantee the security of your data within the applicable data protection legislation and the technical possibilities.
We will transmit your personal data in an encrypted manner. This applies to orders and to your customer login. We use the SSL (secure socket layer) encoding system. Please note, however, that there may be gaps in security in case of online data transfer (e.g., in case of communication by email). Complete protection of data against attacks by third parties is not possible.
In order to secure your data, we maintain organizational security measures that we are constantly bringing into line with the state of the art.
In addition, we do not guarantee that our website will be available at certain times; the possibility of malfunctions, interruptions or failures cannot be excluded. The servers we use are carefully secured on a regular basis.
6 Automated Decision-Making
No automated decision-making based on the personal data collected takes place.
7 Passing on to Third Parties, No Data Transmission to Countries outside of the EU
In principle we only use your personal data within our company.
If and when we involve third parties in the fulfillment of contracts (such as logistics service providers), they will receive personal data only to the extent necessary for the performance of the service in question.
In cases in which we outsource certain parts of data processing ("contract processing"), we wiki ensure that the contract processor enters into a contractual obligation only to use personal data in accordance with the requirements of data protection legislation and to guarantee the protection of the rights of the data subject.
Last updated: May 18, 2018