Privacy policy
We are very pleased that you are interested in our company. Data protection is of great importance for the management of KUNERT FASHION GMBH. You can generally use KUNERT FASHION GMBH websites without submitting any personal data whatsoever. However, if the data subject wishes to take advantage of special services via our website, it may be necessary to process personal data for this purpose. If it is necessary to process personal data and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, for example the name, the address, email address or telephone number of a data subject, takes place exclusively in accordance with the General Data Protection Regulation and pursuant to country-specific data protection regulations governing KUNERT FASHION GMBH. By means of this privacy policy, our company wants to inform the public about type, scope and purpose of the personal data collected, used and processed by us. In addition, this privacy policy informs data subjects about the rights they have.
As the controller responsible for the processing, KUNERT FASHION GMBH has taken numerous technical and organisational measures to offer the best possible protection of personal data processed via this website. In spite of this, however, security loopholes are always possible in Internet-based transfers of data, so that we cannot guarantee total protection of the same. For this reason, every data subject is free to transfer personal data to us using alternative means, for example by phone.
1. Definitions
The privacy policy of KUNERT FASHION GMBH is based on the terms which have been used by the European body issuing directives and regulations when issuing the General Data Protection Regulation (GDPR). We want our privacy policy to be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this privacy policy, we use – amongst others – the following terms:
• a) Personal data
Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• b) Data subject
Data subject means any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.
• c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
• e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
• f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
• g) Controller or controller responsible for the processing
Controller or controller responsible for the processing means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
• h) Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
• j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• k) Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• l) Cookies
KUNERT may make use of third-party media companies to place advertisements for KUNERT products or services at the websites of other companies. If you have called up a website showing KUNERT advertisements, the online media company concerned may store a cookie or web beacon on your computer. This allows the online media company to recognize the computer if it is used to call up the website once again or it allows to determine how the users like advertising campaigns. This data is anonymous and not linked to personal data on the user’s computer or with a KUNERT database. KUNERT does not have any access to data that has been gathered by the online media company. To prevent online media companies from storing cookies on your computer, you have to visit the websites of the individual media companies and delete the cookies according to the instruction or set the cookie filter of your browser accordingly.
A “cookie” is a small data file that is transferred by a website to the hard disk of your computer. KUNERT sends cookies when you surf our website, make purchases, request or personalise information and/or register for certain services. If you accept the cookies on our website, we do not have access to your personal information; however, the cookies give us the opportunity to identify your computer. You generally distinguish between “session” and “permanent” cookies.
“Session” cookies do not remain on your computer when you leave our website or close your browser. By means of the gathered information, we are able to analyse usage patterns and structures of our website. This allows us to permanently optimise our website by improving the content or the personalization and simplifying the use.
“Permanent” cookies are cookies which remain on your computer. They are used to simplify shopping, personalisation and registration services. Cookies may, for example, specify what you chose for purchase while you continue shopping. On websites which require log-in, you moreover only have to enter your password once. “Permanent” cookies can be deleted by the user manually.
Most browsers accept cookies by default. You can, however, normally reject cookies or accept certain cookies selectively by adjusting the browser settings accordingly. If you disable cookies, it may be the case that certain features on our website are not available to you and some websites may not be displayed properly.
2. Name and address of the controller responsible for the processing
The controller in accordance with the General Data Protection Regulation, other data protection laws which apply in the member states of the European Union and any other statutory data protection regulations is:
KUNERT FASHION GMBH
Julius-Kunert-Straße 49
87509 Immenstadt
Germany
Phone: +49 (0) 8323-12-0
Email: service@kunert.de
Website: http://www.kunert.de
3. Name and address of the data protection officer
The data protection officer of the controller responsible for the processing is:
Andreas Gutsell
PCK IT Solutions GmbH
Edisonstraße 1
87437 Kempten
Germany
Phone: 0831 / 56400-402
Email: andreas.gutsell@pck-it.de
Website: http://www.pck-it.de
Any data subject who has queries and suggestions concerning data protection may consult our data protection officer directly.
4. Recording of general data and information
Every time a data subject or an automated system calls up the website, the KUNERT FASHION GMBH website collects a number of general data and information. Said general data and information are stored in the server log files. We may collect (1) the type of browser and versions used, (2) the operating system used by the accessing system, (3) the website from where an accessing system has come across our website (so-called referrers), (4) the subpages accessed on our website via the accessing system, (5) the date and time of access to the website, (6) an Internet Protocol Address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information utilised to fend off danger in the case of attacks on our information technology systems.
When using this general data and information, KUNERT FASHION GMBH does not draw conclusions on the identity of the data subject. This information is in fact required (1) to correctly display the content of our website, (2) to optimise the content as well as the advertising relating to the website, (3) to guarantee the long-term functionality of our IT systems and the technology of our website and (4) to provide prosecution authorities with the information necessary for the prosecution in case of a cyber attack. This data and information is collected anonymously by KUNERT FASHION GMBH for statistical purposes and also processed in order to improve data protection and security in our company with the aim of providing an ideal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from all personal data submitted by a data subject.
5. Routine erasure and blocking of personal data
The controller processes and stores personal data of the data subject only for the period that is necessary to achieve the purpose of the storage or if this has been provided for by the European body issuing directives and regulations or any other legislator in laws or regulations which are applicable to the controller responsible for the processing.
If the purpose of the storage no longer exists or if a storage period specified by the European body issuing directives and regulations or any other competent legislator expires, the personal data will be blocked or erased routinely according to the legal regulations.
6. Rights of data subjects
• a) Right of confirmation
Every data subject has the right granted by the European body issuing directives and regulations to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wants to make use of this confirmation right, they may contact an employee of the controller at any time.
• b) Right of access
Any data subject the personal data of which are being processed has the right granted by the European body issuing directives and regulations to receive from the controller free information regarding the personal data stored about them as well as a copy of this information. In addition, the European body issuing directives and regulations has granted the data subject the right of access to the following information:
o the purposes of the processing
o the categories of personal data concerned
o the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
o where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
o the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
o the right to lodge a complaint with a supervisory authority
o where the personal data are not collected from the data subject: Any available information as to their source
o the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has a right to be provided with information as to whether any personal data was transmitted to a third country or to an international organisation. If this is the case, the data subject also has a right to be provided with information about adequate guarantees in connection with such transmission.
If a data subject wants to make use of this right of access, they may contact an employee of the controller at any time.
• c) Right to rectification
Each person affected by the processing of personal data has the right granted by the European body issuing directives and regulations to demand the immediate correction of incorrect personal data relating to them. Furthermore, the data subject has the right to request completion of incomplete personal data, also by a complementary declaration, taking into account the purposes of processing.
If a data subject wants to make use of this right to rectification, they may contact an employee of the controller at any time.
• d) Right to erasure (Right to be forgotten)
Any data subject the personal data of which are being processed has the right granted by the European body issuing directives and regulations to request from the controller the immediate erasure of the personal data concerned if one of the following reasons applies or if the processing is not necessary:
o The personal data was collected for any purposes or processed in any other manner for which it is no longer required.
o The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing.
o The data subject lodges an objection to the processing according to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject lodges an objection to the processing according to Art. 21(2) GDPR.
o The personal data has been unlawfully processed.
o The personal data is to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
o The personal data was collected in relation to information society services offered according to Art. 8(1) GDPR.
If any one of the reasons specified above applies and a data subject wants to initiate erasure of personal data stored with KUNERT FASHION GMBH, they may contact an employee of the controller at any time. The employee of KUNERT FASHION GMBH will make sure that the request for erasure will be immediately complied with.
Where KUNERT FASHION GMBH has made any personal data public and our company, as controller pursuant to Art. 17(1) GDPR, is obliged to erase the personal data, KUNERT FASHION GMBH, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, unless processing is required. The employee of KUNERT FASHION GMBH will initiate the necessary steps in the individual case.
• e) Right to restriction of processing
Any data subject the personal data of which are being processed shall have the right to obtain from the controller restriction of processing where one of the following applies:
o The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
o The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
o The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
o The data subject has objected to the processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If any one of the prerequisites specified above applies and a data subject wants to request restriction of personal data stored with KUNERT FASHION GMBH, they may contact an employee of the controller at any time. The employee of KUNERT FASHION GMBH will initiate the restriction of the processing.
• f) Right to data portability
Each person affected by the processing of personal data has the right granted by the European body issuing directives and regulations to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. They moreover have the right to transmit such data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless such processing is required to perform any task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising their right to data portability according to Art. 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where this is technically feasible and will not impair the rights and freedoms of others.
To assert the right to data portability, the data subject may contact an employee of KUNERT FASHION GMBH at any time.
• g) Right to object
Each person affected by the processing of personal data shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
In case of objection, KUNERT FASHION GMBH shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where KUNERT FASHION GMBH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects vis-à-vis KUNERT FASHION GMBH to processing for direct marketing purposes, KUNERT FASHION GMBH shall no longer process the personal data for such purposes.
The data subject moreover shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning their person at KUNERT FASHION GMBH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is required for carrying out a task that is in the public interest.
To exercise the right to objection, the data subject may directly contact any employee of KUNERT FASHION GMBH or any other employee. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may moreover exercise their right to object by automated means using technical specifications.
• h) Automated individual decision-making, including profiling
Each person affected by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her if the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and a data controller or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) if it is based on the data subject’s explicit consent.
If the decision (1) is necessary for the entering into, or performance of, a contract between the data subject and a data controller or (2) if it is based on the data subject’s explicit consent, KUNERT FASHION GMBH will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wants to assert rights with regard to automated decision-making, they may contact an employee of the controller at any time.
• i) Right to withdraw a consent given under data protection law
Each person affected by the processing of personal data has the right granted by the European body issuing directives and regulations to withdraw a consent to the processing of personal data at any time.
If the data subject wants to assert their right to withdraw a consent, they may contact an employee of the controller at any time.
7. Data protection provisions on the application and use of affilinet
The controller who is responsible for the processing has integrated components of the company affilinet into this website. Affilinet is a German affiliate network offering affiliate marketing.
Affiliate marketing is an Internet-based sales form allowing commercial operators of websites, the so-called merchants or advertisers, to show advertisement which is in most cases remunerated in the form of click or sale commissions on third-party websites, i.e. at sales partners which are also referred to as affiliates or publishers. The merchant makes advertisements, i.e. a banner or other suitable means of Internet advertisement, available via the affiliate network, which is then integrated by an affiliate into own websites or advertised using other channels, e.g. keyword-advertising or email marketing.
The operating company of affilinet is affilinet GmbH, Sapporobogen 6-8, 80637 Munich, Germany.
Affilinet places cookies into the data subject’s IT system. The meaning of cookies has already been explained above. Affilinet’s tracking cookie does not save any personal data. Only the identification number of the affiliate, i.e. that of the partner procuring the potential customer, as well as the location mark of the visitor of a website and the clicked advertisement are stored. These data are stored to process commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. Affilinet.
The data subject can prevent the placement of cookies by correspondingly setting the Internet browser as already explained above, thus permanently objecting to the placement of cookies. This setting of the Internet browser in use also prevents Affilinet from placing a cookie into the data subject’s IT system. Furthermore, cookies which have already been placed by Affilinet can be erased at any time via an Internet browser or other software programmes.
Affilinet’s data protection regulations can be accessed at https://www.affili.net/de/footeritem/datenschutz.
8. Data protection provisions on the application and use of Facebook
The Controller who is responsible for the processing has integrated components of the company Facebook into this website. Facebook is a social network.
A social network is a place for social meetings on the internet; an online community which generally allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the internet community to provide personal or business-related information. Facebook allows the users of its social network to create private profiles, to upload photos, and to network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside of the United States or Canada, the Controller who is responsible for the processing of the personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Through each visit to one of the individual pages of this website which is operated by the Controller who is responsible for the processing and into which a Facebook component (Facebook plug-ins) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted to download a display of the corresponding Facebook component of Facebook through the Facebook component. An overview of all the Facebook plug-ins can be accessed under https://developers.facebook.com/docs/plugins/?locale=de_DE. During the course of this technical procedure, Facebook is made aware of the specific sub-page of our website that was visited by the data subject.
If the data subject is logged into Facebook at the same time, every time the data subject accesses our website and for the entire duration of their stay on our website, Facebook is able to see which specific sub-pages of our website the data subject visits. This information will be collected by the Facebook component and assigned to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons that has integrated in our website such as the “Like” button, or if the data subject submits a comment, Facebook will match this information with the personal Facebook user account of the data subject and store this personal data.
Through the Facebook component, Facebook will always receive notification of any visit made to our website by the data subject if the data subject is simultaneously logged into Facebook when they accessed our website; this will occur regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want such a transfer of information to Facebook to take place, he or she may prevent this transfer by logging out of their Facebook account before they access our website.
The data protection guidelines published by Facebook, which are available at https://de-de.facebook.com/about/privacy/, provide information about the collection, processing and use of personal data by Facebook. They also provide information on the setting options that Facebook offers to protect the privacy of the data subject. In addition, different configuration options are available that can prevent data from being transferred to Facebook. These applications can be used by the data subject to prevent data from being transferred to Facebook.
9. Data protection provisions on the application and use of Google Analytics (including anonymisation function)
The controller who is responsible for the processing has integrated components of the company Google Analytics (including anonymisation function) into this website. Google Analytics is a web analysis service. Web analysis means the collection, compilation and evaluation of data concerning the behaviour of visitors of websites. A web analysis service collects, among other things, data which discloses which website a data subject comes from (so-called referrers), which subpages of the website have been accessed, and how often and for how long a subpage has been viewed. Web analysis is carried out mainly to optimise a website and to optimise the cost-benefit analysis of Internet advertising.
The operating company of Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For the web analysis via Google Analytics, the controller responsible for the processing uses the add-on “_gat._anonymizeIp”. This allows Google to shorten and anonymise the IP address of the user’s Internet connection when our websites are accessed from a member state of the European Union or from a signatory state of the Agreement on the European Economic Area.
The purpose of the Google Analytics components is to analyse the stream of visitors to our website. Google uses the data and information it has gained, for example, to assess your use of the website, to compile online reports for us about activity on our website, and to provide further services connected with the use of our website.
Google Analytics places cookies into the data subject’s IT system. The meaning of cookies has already been explained above. The placement of cookies allows Google to analyse the use of our website. Every time an individual page on the website operated by the controller responsible for the processing and which includes a Google Analytics component is accessed, the Internet browser is called on by the particular Google Analytics components to automatically transfer data from the data subject’s IT system to Google for the purpose of online analysis. In connection with this technical procedure, Google receives information about personal data, such as the IP address of the data subject, allowing Google to determine the origin of the visitor and the clicks and, in the process, have access to commission settlements.
With the help of the cookie, personal data is stored, including the period of access, the place from where access took place and how often a data subject has visited our website. With every access to our websites, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the USA. This personal data is stored by Google in the USA. Occasionally, Google transfers this personal data, which has been collected with the help of a technical operation, to third parties.
The data subject can prevent the placement of cookies by correspondingly setting the Internet browser as already explained above, thus permanently objecting to the placement of cookies. This setting of the Internet browser in use also prevents Google from placing a cookie into the data subject’s IT system. You may also at any time delete a cookie which has already been placed by Google Analytics via the Internet browser or another software programme.
Beyond this, the data subject may withdraw the consent to the collection of the data, generated by Google Analytics, in relation to the use of this website, to the processing of this data by Google, and to prevent this from taking place. To do this, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics via JavaScript that no data or information on visits to the websites may be transferred to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If the data subject’s IT system is at a later stage deleted, formatted or reinstalled, the data subject must again install the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within his sphere of influence, reinstallation or reactivation of the browser add-on is possible.
Further information as well as Google’s data protection regulations can be accessed under https://policies.google.com/privacy and under https://www.google.com/analytics/terms/. Google Analytics is explained further under https://www.google.com/intl/en_en/analytics/.
10. Data protection provisions on the application and use of Google Remarketing
The controller who is responsible for the processing has integrated Google Remarketing services into this website. Google Remarketing is a function of Google-AdWords allowing a company to show advertisement to those Internet users who have visited the company’s website before. So the integration of Google Remarketing allows a company to create user-related advertisement and to thus show the Internet user interest-relevant advertisement.
The operating company of the Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google Remarketing is the display of interest-relevant advertisement. Google Remarketing allows us to display advertisements via the Google advertisement network or on other websites which are adjusted to the individual needs and interests of Internet users.
Google Remarketing places a cookie into the data subject’s IT system. The meaning of cookies has already been explained above. The placement of cookies allows Google to recognize the visitors of our website if afterwards, they call up websites also belonging to the Google advertisement network. Every time a website is called up into which the Google Remarketing service has been integrated, the Internet browser of the data subject automatically identifies with Google. In connection with this technical procedure, Google receives information about personal data, such as the IP address or the surfing behaviour of the user, which is used by Google, for example for the display of interest-relevant advertisement.
With the help of the cookie, personal data is stored, for example the websites visited by the data subject. So with every access to our websites, personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the USA. This personal data is stored by Google in the USA. Occasionally, Google transfers this personal data, which has been collected with the help of a technical operation, to third parties.
The data subject can prevent the placement of cookies by correspondingly setting the Internet browser as already explained above, thus permanently objecting to the placement of cookies. This setting of the Internet browser in use also prevents Google from placing a cookie into the data subject’s IT system. You may also at any time delete a cookie which has already been placed by Google Analytics via the Internet browser or another software programme.
The data subject moreover has the possibility to object to the interest-related advertisement by Google. To do so, the data subject has to call up the link http://www.google.de/settings/ads from any of the Internet browsers used by them and make the desired settings there.
Further information as well as Google’s data protection regulations can be accessed at https://www.google.de/intl/de/policies/privacy/.
11. Data protection provisions on the application and use of Google-AdWords
The controller who is responsible for the processing has integrated Google AdWords into this website. Google AdWords is an Internet advertisement service allowing advertisers to place ads in both the Google search engine results and in the Google advertisement network. Google AdWords allows an advertiser to define certain keywords in advance by means of which an advertisement will only be displayed in the Google search engine results if the users calls up a keyword-relevant search result by means of the search engine. In the Google advertisement network, the advertisements are distributed to topic-relevant websites by means of an automatic algorithm and considering the keywords defined in advance.
The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is the promotion of our website by the display of interest-relevant advertisement on the websites of third companies and in the search engine results of the Google search engine and the display of third-party advertisement on our website.
If a data subject comes to our website via a Google ad, Google places a so-called conversion cookie into the data subject’s IT system. The meaning of cookies has already been explained above. A conversion cookie will lose its validity after thirty days and does not serve the identification of the data subject. If it is not expired yet, the conversion cookie is used to track whether certain subpages, e.g. the shopping cart of an online shop system, have been called up on our website. The conversion cookie allows us and Google to track whether a data subject who came to our website via an AdWords advertisement generated sales, i.e. completed or cancelled a shopping cart.
The data and information gathered by the use of the conversion cookie are used by Google to prepare visit statistics for our website. We use these visit statistics again to determine the overall number of users which have been transferred to use via AdWords advertisements, i.e. to determine the success or failure of the relevant AdWords advertisements and to optimise our AdWords advertisements for the future. Google will not forward information, neither to our company nor to other Google AdWords advertisement customers, which would allow for the identification of the data subject.
With the help of the conversion cookie, personal data is stored, for example the websites visited by the data subject. So with every access to our websites, personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the USA. This personal data is stored by Google in the USA. Occasionally, Google transfers this personal data, which has been collected with the help of a technical operation, to third parties.
The data subject can prevent the placement of cookies by correspondingly setting the Internet browser as already explained above, thus permanently objecting to the placement of cookies. This setting of the Internet browser in use also prevents Google from placing a conversion cookie into the data subject’s IT system. You may also at any time delete a cookie which has already been placed by Google AdWords via the Internet browser or another software programme.
The data subject moreover has the possibility to object to the interest-related advertisement by Google. To do so, the data subject has to call up the link http://www.google.de/settings/ads from any of the Internet browsers used by them and make the desired settings there.
Further information as well as Google’s data protection regulations can be accessed at https://www.google.de/intl/de/policies/privacy/.
Use of the Remarketing or “Similar target groups” function of Google Inc.
On the website, the supplier uses the Remarketing or “Similar target groups” function of Google Inc. (“Google”). This function allows the provider to address advertisement to the visitors of the website in a targeted manner by placing personalised, interest-related ads for visitors of the provider’s website when they visit other websites of the Google Display network. To complete the analysis of the website usage, which is the basis for the creation of the interest-related ads, Google makes use of so-called cookies. To do so, Google stores a small file with a numerical sequence in the browsers of the website visitors. By means of this number, the website visits as well as anonymised data regarding the website usage are recorded. Personal data of the website visitors are not stored. If afterwards, you visit another website in the Google Display network, you will be shown advertisements which are most likely to consider the product and information areas you called up before. You can permanently disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://www.google.com/settings/ads/plugin. Alternatively, you can disable the use of cookies by third-party providers by going to the opt-out site of the Network Advertising Initiative at http://www.networkadvertising.org/choices/ and realizing the opt-out information specified there. You can see further information about Google Remarketing and the Google privacy notice at: http://www.google.com/privacy/ads/.
12. Data protection provisions on the application and use of Instagram
The controller who is responsible for the processing has integrated components of the Instagram service into this website. Instagram is a service that is to be qualified as audio/visual platform and allows the users to share photos and videos and moreover the dissemination of such data in other social networks.
The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Through each visit to one of the individual pages of this website which is operated by the Controller who is responsible for the processing and into which an Instagram component (Insta button) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted to download a display of the corresponding Instagram component through the Instagram component. During the course of this technical procedure, Instagram is made aware of the specific sub-page of our website that was visited by the data subject.
If the data subject is logged into Instagram at the same time, every time the data subject accesses our website and for the entire duration of their stay on our website, Instagram is able to see which specific sub-page the data subject visits. This information will be collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject presses one of the Instagram buttons integrated into our website, the data and information transmitted in this way will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.
Through the Instagram component, Instagram will always receive notification of any visit made to our website by the data subject if the data subject is simultaneously logged into Instagram when they accessed our website; this will occur regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want such a transfer of information to Instagram to take place, he or she may prevent this transfer by logging out of their Instagram account before they access our website.
Further information as well as Instagram’s data protection regulations can be accessed at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
13. Data protection provisions on the application and use of YouTube
The controller who is responsible for the processing has integrated YouTube components into this website. YouTube is an Internet video portal allowing video publishers to upload video clips free of charge and allowing other users to watch, evaluate and comment those clips also free of charge. YouTube allows the publication of all types of videos; thus, you can call up both complete films and TV shows, but also music videos, trailers or videos produced by users themselves via the Internet portal.
The operating company of YouTube is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Through each visit to one of the individual pages of this website which is operated by the Controller who is responsible for the processing and into which a YouTube component (YouTube video) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted to download a display of the corresponding YouTube component from YouTube through the YouTube component. Further information on YouTube is available at https://www.youtube.com/yt/about/de/. During the course of this technical procedure, YouTube and Google are made aware of the specific sub-page of our website that was visited by the data subject.
If the data subject is logged into YouTube at the same time, every time a sub-page is called up, which contains a YouTube video, YouTube is able to see which specific sub-page of our website the data subject visits. This information will be collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
Through the YouTube component, YouTube and Google will always receive notification of any visit made to our website by the data subject if the data subject is simultaneously logged into YouTube when they accessed our website; this will occur regardless of whether the data subject clicks a YouTube video or not. If the data subject does not want such a transfer of information to YouTube and Google to take place, he or she may prevent this transfer by logging out of their YouTube account before they access our website.
The data protection guidelines published by YouTube, which are available at https://www.google.de/intl/de/policies/privacy/ provide information about the collection, processing and use of personal data by YouTube and Google.
14. Trusted Shops
In order to display our Trusted Shops Seal of Approval and if necessary the compiled evaluations as well as the offer of Trusted Shops products to customers after a purchase, the Trusted Shops Trustbadge is included on this website.
This serves to safeguard our predominantly legitimate interests within the framework of a balancing of interests in marketing our offer in an optimal manner pursuant to point (f) of Art. 6(1) GDPR. The Trustbadge and the services promoted along with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the Trustbadge is accessed, the web server automatically stores a so-called server logfile, which stores details such as your IP address, the date and time of access, the volume of data transferred, and the requesting provider (access data) and registers your visit. This access data is not analysed and is overwritten automatically seven days after the end of your visit to the site at the latest.
Further personal data is merely transferred to Trusted Shops insofar as you have given your consent, have consented to the application of Trusted Shops after conclusion of the order, or have already registered for the same. In this case, the contractual agreement reached at between you and Trusted Shops applies.
15. Payment type: Data protection provisions regarding Klarna as payment type
The controller who is responsible for the processing has integrated Klarna components into this website. Klarna is an online payment service provider allowing for purchases on account or flexible instalments. Apart from that, Klarna offers more services such as buyer protection or an identity and creditworthiness check.
The operating company of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
If during the order process in our online shop, the data subject selects “Buy it now” as payment option, data of the data subject will automatically be transmitted to Klarna. By selecting this payment option, the data subject consents to this transmission of personal data which is necessary to process the “buy it now” transaction or for the identity and creditworthiness check.
The personal data transmitted to Klarna usually comprise first name, last name, address, date of birth, sex, email address, IP address, telephone number, mobile phone number and other data that is necessary to process the “buy it now” transaction. Personal data relating to the relevant order are also necessary to process the purchase contract. The parties may in particular mutually exchange payment information such as bank connection, card number, validity date and CVC code, number of articles, article number, data regarding goods and services, prices and fiscal information, information on the previous purchasing behaviour or other information regarding the financial situation of the data subject.
The purpose of the data transfer is in particular the identity check, payment administration and fraud prevention. The controller responsible for the processing will particularly transmit personal data to Klarna if there is a legitimate interest for the transfer. The personal data exchanged between Klarna and the controller responsible for the processing will be transferred by Klarna to credit agencies. This transfer serves the identity and creditworthiness check.
Klarna will also forward the personal data to related companies (Klarna group) and service providers or subcontractors if this is necessary for the performance of the contractual obligations or the data is to be processed on order.
Klarna collects and uses data and information on the previous payment behaviour of the data subject as well as probability values for their behaviour in the future (so-called scoring) for the decision-making regarding the justification, performance or termination of a contractual relationship. The scoring is calculated on the basis of scientifically approved mathematical/statistical procedures.
The data subject has the possibility to withdraw the consent to the handling of personal data vis-à-vis Klarna at any time. The revocation will not affect the personal data that must imperatively be processed, used or transferred for the (contractual) payment processing.
For the applicable data protection regulations of Klarna please refer to https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.
16. Payment type: Data protection provisions regarding PayPal as payment type
The controller who is responsible for the processing has integrated PayPal components into this website. PayPal is an online payment service provider. Payments are processed using so-called PayPal accounts which are virtual private or business accounts. PayPal moreover offers the possibility to process virtual payments via credit cards if the user does not have a PayPal account. PayPal accounts are managed using an email address; thus, there is no typical account number. PayPal allows you to initiate online payments to third parties and to also receive payments. PayPal moreover performs trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If during the order process in our online shop, the data subject selects “PayPal” as payment option, data of the data subject will automatically be transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data which is necessary to process the payment.
The personal data transmitted to PayPal usually comprise first name, last name, address, email address, IP address, telephone number, mobile phone number and other data that is necessary to process the payment. Personal data relating to the relevant order are also necessary to process the purchase contract.
The purpose of the data transfer is the payment processing and fraud prevention. The controller responsible for the processing will particularly transmit personal data to PayPal if there is a legitimate interest for the transfer. The personal data exchanged between PayPal and the controller responsible for the processing may be transferred by PayPal to credit agencies. This transfer serves the identity and creditworthiness check.
PayPal may forward the personal data to related companies and service providers or subcontractors if this is necessary for the performance of the contractual obligations or the data is to be processed on order.
The data subject has the possibility to withdraw the consent to the handling of personal data vis-à-vis PayPal at any time. The revocation will not affect the personal data that must imperatively be processed, used or transferred for the (contractual) payment processing.
For the applicable data protection regulations of PayPal please refer to https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
17. Payment type: Data protection provisions regarding Sofortüberweisung (immediate transfer) as payment type
The controller who is responsible for the processing has integrated Sofortüberweisung components into this website. Sofortüberweisung is a payment service allowing for a cashless payment of products and services on the Internet. Sofortüberweisung maps a technical procedure by means of which the online dealer immediately receives a payment confirmation. This enables the dealer to deliver goods, services or downloads to the customer immediately after the order.
The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.
If during the order process in our online shop, the data subject selects “Sofortüberweisung” as payment option, data of the data subject will automatically be transmitted to Sofortüberweisung. By selecting this payment option, the data subject consents to the transmission of personal data which is necessary to process the payment.
In the processing of the purchase using Sofortüberweisung, the buyer transmits the PIN and TAN to Sofort GmbH. After technical verification of the account balance and retrieval of more data to check the account cover, Sofortüberweisung will the complete a transfer to the online dealer. The online dealer will then be automatically informed about the completion of the financial transaction.
The personal data exchanged with Sofortüberweisung comprise first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that is necessary to process the payment. The purpose of the data transfer is the payment processing and fraud prevention. The controller responsible for the processing will particularly transmit other personal data to Sofortüberweisung if there is a legitimate interest for the transfer. The personal data exchanged between Sofortüberweisung and the controller responsible for the processing may be transferred by Sofortüberweisung to credit agencies. This transfer serves the identity and creditworthiness check.
Sofortüberweisung may forward the personal data to related companies and service providers or subcontractors if this is necessary for the performance of the contractual obligations or the data is to be processed on order.
The data subject has the possibility to withdraw the consent to the handling of personal data vis-à-vis Sofortüberweisung at any time. The revocation will not affect the personal data that must imperatively be processed, used or transferred for the (contractual) payment processing.
For the applicable data protection regulations of Sofortüberweisung please refer to https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.
18. Legal basis of the processing
Art. 6(1) point (a) GDPR serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract to which the data subject is party as this is for example the case in processing operations that are necessary for a delivery of goods or the rendering of other services or consideration, the processing is based on Art. 6(1) point (b) GDPR. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract, e.g. in the case of enquiries regarding our products or services. If our company is subject to a legal obligation making a processing of personal data necessary, for example for the performance of fiscal obligations, the processing is based on Art. 6(1) point (c) GDPR. In rare cases, the processing of personal data could become necessary in order to protect the vital interests of the data subject or of another natural person. This would for example be the case if a visitor was injured in our company and consequently, their name, age, health insurance data or other vital information had to be forwarded to a physician, hospital or other third parties. In this case, the processing would be based on Art. 6(1) point (d) GDPR. Finally, the processing operations could be based on Art. 6(1) point (f) GDPR. Processing operations that are not covered by any of the legal bases specified above are based on this legal basis if processing is necessary for the purposes of any legitimate interest pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly allowed as they have been especially mentioned by the European legislative authority. The latter was of the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
19. Legitimate interests in the processing which are pursued by the controller or a third party
If the processing of personal data is based on Article 6(1) point (f) GDPR, our legitimate interest is the completion of our business activity for the benefit of all our employees and our shareholders.
20. Duration for which the personal data are saved
The criterion for the period of storage of personal data is the relevant legal retention period. After expiry of the period, the corresponding data will be routinely erased unless they are still required for the contract performance or contract initiation.
21. Legal or contractual obligations to provide the personal data; necessity for the contract conclusion; obligation of the data subject to provide the personal data; possible consequences of non-provisioning
We inform you that the provisioning of personal data is sometimes legally prescribed (e.g. fiscal regulations) or may also result from contractual provisions (e.g. information on the contractual partner). It may sometimes be necessary for the contract conclusion that a data subject provides us with personal data which must be processed by us afterwards. The data subject is for example obliged to provide us with personal data if our company concludes a contract with them. Any non-provisioning of the personal data would result in us not being able to conclude the contract with the data subject. Before any provisioning of personal data by the data subject, the data subject has to contact one of our employees. Our employee will inform the data subject in the individual case whether the provision of the personal data is legally or contractually required or is necessary for the conclusion of a contract, whether the data subject is obliged to provide the personal data, and about the consequences of failure to provide the personal data.
22. Existence of automated decision-making
As responsible company, we renounce any automatic decision-making or profiling.
This privacy policy has been prepared by the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH carrying out data protection audits in cooperation with RC GmbH making IT remarketing and the media law office WILDE BEUGER SOLMECKE.