Data protection statement (privacy policy)
The controller as defined by the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions relating to data protection is Friedrich Hahne Schneidartikel, Hillesheim 47, 53804 Much, Deutschland, proprietor: Alexander Heuschen (hereinafter referred to as “controller” or “we” or “us”).General information about data processing
Personal data
Personal data is individual items of information about personal or material circumstances of a particular or identifiable natural person. This includes information such as name, address, telephone number and e-mail address, but also the IP address assigned to a connection. Information not directly associated with a person – for example favourite internet sites or the number of users of a site – are not personal data.
Scope of processing of personal data
As a matter of principle we collect and use personal data of our users only insofar as is necessary for provision of a functionalwebsite and for our content and services. Collection and use of our users’ personal data normally takes place onlyafter consent from the user. An exception is made in cases where it is not possible to obtain consent in advance for objectivereasons and processing of the data is permitted by statutory regulations.
The legal basis for processing personal data
Insofar as we obtain consent from the data subject for processing operations for personal data, Art. 6 (1) a of the General Data Protection Regulation (GDPR) is the legal basis for processing personal data.
Where it is necessary to process personal data for fulfilment of a contract, the contracting party for which is the data subject, Art. 6 (1) b GDPR is the legal basis. This also applies for processing operations required to carry out pre-contractual measures.
If processing is necessary to safeguard a justified interest of our company or of a third party and the interests, basic rights and fundamental freedoms of the data subject do not outweigh the aforementioned justified interest, Art. 6 (1) f of the GDPR is the legal basis for processing.
Erasure of data and duration of storage
Personal data of the data subject is erased or blocked as soon as the purpose of storage no longer applies. Storage beyondthis may take place if this is provided for by the European or national legislator in EU regulations, laws or other rulesto which we are subject. Blocking or erasure of data is also carried out if a storage period prescribed by the above-mentionedstandards expires, unless further storage of the data is necessary for conclusion of a contract or fulfilment of a contract.
Provision of the website
Each time our website is accessed, we record data and information by means of an automated system.
The following data is collected in this process:
- Information about the browser type and version used
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Time and date of acces
- Websites from which the user’s system has come to our website (referrer)
- Websites accessed by the user’s system via our website
Legal basis for data processing
The legal basis for collection of data is Art. 6 (1) f of the GDPR.
Purpose of data processing
Temporary storage of the IP address by the system is necessary to facilitate provision of the website for the user’s computer. For this purpose the user’s IP address must be stored for the duration of the session.
Duration of storage
The data is erased as soon as it is no longer required to achieve the purpose for which it was obtained. When data is recorded for provision of the website this is the case when the respective session ends.
Option for objection and elimination
Recording of data for provision of the website is necessary for operation of the website. Therefore, the user has no right of objection.
Making contact by e-mail
You can make contact via the e-mail address provided on our website. When contact is made by e-mail, your e-mail address and your message are transferred to us and stored by us.
Legal basis for data processing
The legal basis for processing data transferred when an e-mail is sent is Art. 6 (1) f of the GDPR. If e-mail contact is made for the purpose of concluding a contract, the additional legal basis for the processing is Art. 6 (1) b of the GDPR.
Purpose of data processing
The purpose of processing personal data from the contact form by e-mail is to process the enquiry or purchase order there. This is also the necessary justified interest in processing the data.
Duration of storage
The data is deleted after the periods in which we are required to preserve it for commercial and tax purposes.
Option for objection and elimination
The user has the option at any time to object to the storage of his personal data. In such a case the conversation cannot be continued. The objection may be lodged by sending an e-mail or by making contact with us by telephone or by mail. All personal data stored when contact is made is erased in this case.
Use of the analytical tool Matomo
Our website uses “Matomo”, a piece of open-source software for statistical evaluation of user access. “Matomo” creates detailed statistics about the users of a website. The “Matomo” analysis software determines and stores information about the search engine you use, search terms used, the languages used, the origin of the visitors according to countries, the browsers used and their plug-ins, the referrer, duration of the visit, entry pages and exit pages of visitors, drop-out rates and the duration of the visit on our website.
With this process the IP address is anonymised immediately after processing and before storage.
In the context of visitor recognition “Matomo” uses a heuristic which tries to identify a user from a previous visit by taking into account particular data. This is in particular the IP address, resolution, browsers, plug-ins used and the operating system. This data is combined and made into a hash value.
This heuristic uses the full IP address internally. However, the IP address is not processed and stored in isolation. Inthis process the IP address is not even used for analysis of user habits but only for creation of a pseudonym. The anonymised IP address goes into a hashvalue in connection with other data.
We have configured Matomo in such a way that no cookies are placed and the IP address is anonymised directly so that no processing of personal data is carried out by Matomo.
Legal basis for data processing
The legal basis for processing of data is Art. 6 (1) f of the GDPR. The justified interest is the analysis of the visitor volume.
Purpose of data processing
Data is only processed for the purpose of optimising our advertising strategies and content.
Duration of storage
The collected personal data is anonymised immediately and is not collected separately. Instead, Matomo accesses the IP address that is registered on the server anyway and anonymises it before it is stored.
Option for objection and elimination
Recording of the IP address is necessary in order to deliver the page to your browser. In this respect there is no right of objection. Since the IP address is anonymised by Matomo directly on the server and is not separately collected or stored, there is no processing of personal data by Matomo.
Other disclosure of data to third parties
In order to execute a purchase order we need to collect and store the data entered with the purchase order such as your name,address and contact information, and usually a telephone number and an e-mail address. In order to deliver the goods wehave to transfer to the relevant parcel service provider the name of the ordering party as well as the address consistingof the street and city. The transfer is necessary in order to deliver the order. The transfer of data is restricted to thebare minimum here. The legal basis for this is Art. 6 (1) b of the GDPR.
Therefore, by placing a purchase order you confirm your agreement that the above-mentioned data will be collected and storedfor order processing and transferred to our parcel service provider in order to deliver the goods. With regard to your rights,the provisions in this section and the following sections apply correspondingly.
Rights of the data subject
When your personal data is processed, you are the data subject as defined by the GDPR and you have the following rights in relation to us (“the controller”):
Right to information
You may demand a confirmation as to whether personal data relating to you is processed by us.
If there is such processing, you may demand the following information from us:
- the purposes for which personal data is processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom personal data relating to you has been or will be disclosed;
- the planned duration of storage of your personal data or, if it is not possible to provide any concrete information about this, criteria for determining the duration of storage.
- the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by us or a right to object to this processing;
- the existence of the right to lodge a complaint with a regulatory authority;
- all available information about the origin of the data if personal data is not obtained from the data subject;
- the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) of the GDPR and – at least in these cases – conclusive information about the logic involved as well as the implications and the intended effects of such processing for the data subject.
You have the right to demand information concerning whether personal data relating to you is transferred to a third country or an international organisation. In this context you may demand to be informed about suitable guarantees in accordance with Art. 46 of the GDPR in connection with the transfer.
Right to correction
You have the right to rectification and/or completion insofar as personal data relating to you is incorrect or incomplete. The rectification must be carried out by us without undue delay.
Right to deletion
-
You may demand from us that personal data relating to you be erased immediately, whereupon we are required to delete this data without undue delay insofar as one of the following reasons applies:
- The personal data relating to you is no longer needed for the purposes for which it was obtained or otherwise processed.
- You revoke your consent on which the processing was based in accordance with Art. 6 (1) a of the GDPR or Art. 9 (2) a of the GDPR, and there is no other legal basis for the processing.
- You lodge an objection in accordance with Art. 21 (1) of the GDPR against the processing and there are no overriding justified grounds for the processing, or you lodge an objection against the processing in accordance with Art. 21 (2) of the GDPR.
- The personal data relating to you has been processed illegally.
- Erasure of the personal data relating to you is required for fulfilment of a legal obligation in accordance with EU law or the law of the Federal Republic of Germany.
- The personal data relating to you was obtained in relation to the services offered by the information society in accordance with Art. 8 (1) of the GDPR.
-
The right to deletion does not exist insofar as the processing is necessary
- to exercise the right to freedom of expression and information
- to fulfil a legal obligation that requires the processing under the law of the European Union or the Federal Republic of Germany or to carry out a task that is in the public interest;
- for reasons of public interest in the sphere of public health in accordance with Art. 9 (2) h and i as well as Art. 9 (3) of the GDPR
- for archiving purposes in the public interest, scientific or historic research purposes or for statistical purposes in accordance with Art. 89 (1) of the GDPR insofar as the right stated in (1) is expected to make realisation of these objectives impossible or seriously impede them or
- for assertion, exercise or defence of legal claims.
Right to restriction of processing
Under the following conditions you may demand restriction of processing of personal data relating to you:
- if you dispute the correctness of the personal data relating to you for a duration that allows us to check the correctness of the personal data;
- the processing is illegal and you reject deletion of the personal data and instead demand restriction of use of the personal data.
- we no longer need the personal data for the purposes of processing but you nevertheless require it for assertion, exercise or defence of legal claims or
- if you have lodged an objection against processing in accordance with Art. 21 (1) of the GDPR and it is not yet established whether our justified interests outweigh your reasons.
If processing of the personal data relating to you has been restricted, this data may – apart from storage – be processed only with your consent or for assertion, exercise or defence of legal claims or for the protection of rights of another natural person or legal entity or for reasons of an important public interest of the European Union or of a Member State.
If processing has been restricted in accordance with the above conditions, you will be informed by us before the restrictions are lifted.
Right to be informed
If you have asserted the right to correction, deletion or restriction of processing, we are required to notify all recipients, to whom the personal data relating to you has been disclosed, about this correction or deletion of data or restriction of processing unless it proves to be impossible or entails inordinate expenditure.
You also have the right to be informed about these recipients.
Right to data portability
You have the right to receive the personal data relating to you, which you have provided to us, in a structured, common, machine-readable format. You also have the right to transfer this data to another controller without obstruction by us insofar as
- the processing is based on consent in accordance with Art. 6 (1) a GDPR or Art. 9 (2) a of the GDPR or on a contract in accordance with Art. 6 (1) b of the GDPR and
- the processing is carried out by an automated process.
When exercising this right you also have the right to arrange to receive the personal data relating to you directly from another controller insofar as this is technically feasible. Rights and freedoms of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data required to carry out a task in the public interest.
Right of objection
You have the right, for reasons arising from your particular situation, to lodge an objection at any time to processing of personal data relating to you which takes place on the basis of Art. 6 (1) e or f of the GDPR.
After an objection we will no longer process the personal data relating to you unless we can prove compelling reasons for the processing that warrant protection that outweigh your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or defending legal claims.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation.
Right to lodge a complaint with a regulatory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a regulatory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.