1. Name and contact details of the data controller and the company data protection officer
This data protection information applies to data processing by:
Data Controller: bc GmbH & Co. KG (hereinafter: bc), Carlo-Schmid-Strasse 12, 52146 Würselen, Germany Email: firstname.lastname@example.org Phone: +49 (0) 2405 / 450045 Fax: +49 (0) 2405 / 450046
Trade Register Aachen HRA6179 VAT no. DE191317292
General Partner: bc Verwaltungs GmbH Headquarters: Würselen Trade Register Aachen HRB21024 Management: Marcus Wenkel, Klaus Hoenig, Philipp Simon
The company data protection officer for bc is Mr Stefan Sippel. He can be contacted at the above address, F.A.O. Mr Stefan Sippel, or at email@example.com.
2. Collection and storage of personal data as well as the nature and purpose of its use when visiting our website
When you visit our website www.bike-components.de, the browser used on your device automatically sends information to our website server. This information is stored temporarily in a log file. The following information is collected without any action on your part and stored until it is automatically deleted:
IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
The website from which access takes place (referrer URL)
The browser used and, if applicable, the operating system of your computer as well as the name of your access provider
We process the aforementioned data for the following purposes:
To guarantee a smooth connection to the website
To guarantee comfortable use of our website
To evaluate system security and stability
For other administrative purposes
The legal basis for the data processing is Art. 6(1)(1)(f) GDPR (General Data Protection Regulation). Our legitimate interest is derived from the purposes listed above for the collection of data. We will not use the data collected to draw conclusions about you under any circumstances.
3. Collection and storage of personal data as well as the nature and purpose of its use upon registration
Upon registration, we will save the information that we have listed under 2. in addition to
Date and time of registration
First name, last name
Our General Terms and Conditions valid at this time will also be stored. Our registration form is encrypted to ensure that the data entered in it cannot be viewed by third parties. You have the option to change your registration data at any time.
We store this data in order to give you the possibility to place orders and to access your order data at any time. The ordering data includes: your orders, your account data, your address book, your password, your newsletter subscription, your user data and your reviews.
The data is processed at your request and is required for the purposes stated for the appropriate processing of your orders and subscriptions and for the mutual fulfilment of obligations under the order agreements in accordance with Art. 6(1)(1)(b) GDPR.
If you have entered into a contract with us for the order of goods, the length of time for which your data is stored depends on the explanations below for 4. - Online order. If you have not placed an order, we will store your registration data for a reasonable period of time within which an order can be expected after registration, but no longer than three months.
4. Collection and storage of personal data as well as the nature and purpose of its use when ordering online
You can place an online order only once you have completed the registration process. We therefore store the information listed under 2. and 3. Our order form is encrypted to ensure that the data entered in it cannot be viewed by third parties. When you place an order, we collect the following additional information:
Title, first name, last name
Phone number (if specified)
Date and time of order
We also store the wording of the contract and our General Terms and Conditions applicable at the time of conclusion of the contract.
This data is collected:
To identify you as our customer
To deliver the ordered goods to you and to fulfil the contract
To settle the payment claims and assert any other claims against you
For correspondence with you
The data is processed at your request and is required for the purposes stated for the mutual fulfilment of obligations under the purchase contract in accordance with Art. 6(1)(1)(b) GDPR.
The personal data collected by us for the settlement of the purchase contract shall be stored until the statutory period of limitation expires (3 years after the end of the calendar year in which the claim arose and the creditor has become aware of the circumstances substantiating the claim and the person of the debtor or has had to obtain knowledge of it without gross negligence, Section 199(1) of the German Civil Code, (BGB)) and subsequently deleted, unless we are obligated to store it for longer in accordance with Art. 6(1)(1)(c) GDPR due to statutory and commercial legal storage and documentation obligations (from the German Commercial Code (HGB), the German Criminal Code (StGB) or General Fiscal Law (AO)) or you have consented for it to be stored for longer in accordance with Art. 6(1)(1)(a) GDPR.
5. Collection and storage of personal data as well as the nature and purpose of its use when registering for our newsletter
Provided you have given express consent in accordance with Art. 6(1)(1)(a) GDPR, we will use your email address to send you our newsletter regularly. An email address is sufficient to receive the newsletter. You can unsubscribe at any time, for example using a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe by email to firstname.lastname@example.org.
6. Collection and storage of personal data as well as the nature and purpose of its use when using our contact form
If you have any questions, we give you the option to contact us via a form provided on the website. A valid email address is required to tell us who the request is from and to enable us to respond to it. Further information may be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6(1)(1)(a) GDPR based on your voluntary consent. The personal data collected by us for the use of the contact form will be automatically deleted after completion of the inquiry you have made. Our contact form is encrypted to ensure that the data entered in it cannot be viewed by third parties.
7. Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only transfer your personal data to third parties, if:
This is permitted by law and is required for the execution of contractual relations with you in accordance with Art. 6(1)(b) GDPR. We use the data you provide:
To fulfil and process your order
For transfer to the shipping company contracted with delivery to the extent necessary to deliver the goods
To process payments. If necessary, we will share your payment details with our bank;
The transfer in accordance with Art. 6(1)(1)(f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that you have an overriding vested interest in the non-disclosure of your data, in the event that there is a legal obligation to the transfer in accordance with Art. 6(1)(1)(c) GDPR, and
You have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
· You select the payment type PAYPAL. In this case, we will forward your data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal (Europe) S.à r.l. et Cie, S.C.A. is operated as a bank throughout the EU. The supervisory authority is the Luxembourg banking supervisory authority CSSF (Commission de Surveillance du Secteur Financier). If you choose PayPal as your payment method, your data required for the payment process is automatically transmitted to PayPal. This regularly involves first and last name, street, house number, postcode, city, telephone number as well as the data in connection with your order within the scope of what is legally permissible.
If you use the services of the payment service provider PAYPAL, PAYPAL collects the following data from you, among other things:
· Information about registration and usage. Depending on the services you select, you may be required to provide your name, address, telephone number, email address and other identifying information in order to create an account.
· Information about transactions and experiences such as the amount sent or requested, the amount paid for products or services, merchant information including information about payment sources used for the transaction, device information, technical usage data and location data.
· Personal data of transaction participants, that is personal data that you provide PAYPAL about other participants in connection with the transaction.
You select the payment method Amazon Pay. As part of the process for handling your payment, we will transfer your payment information to Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg. The data processors of data transferred to Amazon Payments Europe S.C.A. are Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three of which are located at 38 avenue J.F. Kennedy, L-1855 Luxembourg. We will transfer your data solely for the purpose of processing your payment with the payment service provider Amazon Payments and only to the extent required for this purpose. Your data is transferred to Amazon Payments on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of a contract). You are able to withdraw your consent to data processing at any time. Withdrawing your consent does not affect the validity of prior data processing operations. Details on making payments through Amazon Pay and its privacy notice can be found online at: https://pay.amazon.com/uk/help/201751600.
You select to pay with a credit card. In this case, the payment service provider is SIX Payment Services (Europe) S.A., 10 rue Gabriel Lippmann, L-5365 Munsbach, Luxembourg, (hereinafter referred to as: "SIX"). If you have opted for this payment method, you will be forwarded to the SIX payment page. Your personal data, email address or postal address, total payment amount, date and time of the order and order number / invoice number will be transferred to SIX. Your data is transferred on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of a contract). As part of the risk assessment process, the transferred data is stored, processed and used to the extent that is legally permissible. SIX makes a decision based on the result of the risk assessment as to whether or not the 3DSecure process must be carried out. Please note the SIX data protection declaration ((https:www.six-payment-services.com/en/services/legal/privacy-statement.html). You are able to withdraw your consent at any time. Withdrawing your consent does not affect the validity of prior data processing operations.
If you have chosen Klarna as your payment service provider, we will pass on the data listed below to Klarna AB, Sveavägen 46,111 34 Stockholm, Sweden ("Klarna"). Klarna is a provider of Internet-based payment methods. These payment methods are invoice - 14 days, direct debit and immediate purchase. If you decide to pay with Klarna, the so-called Klarna checkout solution, we will provide Klarna with the personal data that Klarna needs in order to offer the services. These are your first and last name, your given address, your email address, your IP address, your telephone number, bank data as well as the data necessary for the processing of the invoice purchase such as product number, invoice amount and number of products such as VAT invoices if applicable. You also communicate your personal data directly or indirectly to Klarna, for example if you choose one of Klarna's payment methods, contact Klarna or use Klarna's customer portal. Depending on which Klarna service you use, you can release the following data to Klarna:
- Address and contact information: Name, date of birth, title, invoice and delivery address, e-mail address, mobile phone number - Payment information: Debit and credit card data (card number, expiry date and CCV code) billing data, account number.
Depending on which Klarna services you choose, the following data may be collected:
- Personal data and contact information such as name, date of birth, title, billing and delivery address, e-mail address, mobile phone number information about goods/services - Financial information such as information about your income, possible credit obligations and negative payment characteristics - Historical information such as information about your previous purchases with Klarna, payment history around credit acceptance - Information about the interaction between you and Klarna - Information about the interaction between you and us - Device-related information such as IP address, browser settings - Location-related information such as geographic location
The transfer of data is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract) The transfer of data is used in particular for identity verification, payment administration, fraud prevention and credit assessment. Klarna obtains information from credit agencies for the purpose of identity checking - in credit checks.
In Germany, these can be the following credit agencies: - SCHUFA Holding AG, Kormoranweg 5.65201 Wiesbaden; - Kreditreform Boniversum GmbH Hellersbergstraße 11.41460 Neuss; - Deutsche Post Direkt GmbH, Junkersring 57.53844 Troisdorf; - Infoscore Consumer Data GmbH, Rheinstraße 99.76532 Baden-Baden; - Regis 24 GmbH, Wallstraße 58.10719 Berlin; - CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 München.
As part of the decision on the establishment, execution and termination of the contractual relationship, Klarna also collects and uses information on the buyer's past payment behaviour and probability values for this behaviour in the future. The credit risk is assessed on the basis of mathematical and statistical procedures carried out by the credit agency. For this purpose, the personal data necessary for the credit assessment, such as name, address, bank data, are transferred to the credit agencies. The collection, storage and transfer is therefore carried out for the purpose of credit assessment to avoid default and on the basis of Art. 6(1)(1)(b) GDPR and Art. 6(1)(1)(f) GDPR. On the basis of this information, a statistical probability of a loan default and thus your solvency is calculated. If the credit check is positive, an order is possible. If the credit check is negative, Klarna will inform you immediately, your creditworthiness is then not given.
You are able to withdraw your consent to data processing at any time. Withdrawing your consent does not affect the validity of prior data processing operations. Klarna has a data protection officer and a data protection department. You can contact Klarna’s data protection team at any time by email at email@example.com.
Your personal data will not be transferred to other third parties for any other purposes nor will it be used for advertising purposes other than for sending newsletters to which you have opted in. Where we transfer your data to third parties as stated above, these third parties have been carefully selected and commissioned by us, are bound by our instructions and are checked on a regular basis.
If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the offer. We will only transfer your data to a service provider or partner outside the EEA if the delivery location you have indicated in your order is outside the EEA. We will transfer your data to service providers or partners outside the EEA if an adequacy decision for the respective country has been adopted by the Commission. In the event that data is transferred according to Art. 46, Art. 47 or Art. 49(1)(2) we will inform you about the consequences of this fact in the offer. Adequacy decisions have been adopted by the Commission for the following countries: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, USA (restricted to the Privacy Shield framework). Information from the Commission regarding the adequacy decisions can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en Information and explanations regarding the EU- US Privacy Shield can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en
We use the following types of cookies, the scope and functionality of which are explained below:
Transient cookies (see a)
Persistent cookies (see b)
a) Transient cookies are automatically deleted when you close the browser. This includes session cookies in particular. These store a session ID with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
You can configure your browser settings in accordance with your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website if you do so.
Facebook is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European Data Protection Law.
The Facebook pixel allows us to improve our website and make it more interesting for you as a user. The legal basis for its use is Art. 6(1)(1)(f) GDPR. When you visit our website, the Facebook pixel is integrated directly by Facebook and can store a cookie on your device. If you subsequently log in to Facebook or log in to our site, the visit to our website will be noted in your profile. The Facebook pixel captures the following types of data:
HTTP headers – Everything contained in HTTP headers. HTTP headers are a standard web protocol that is sent between the browser request and server on the Internet. HTTP headers contain IP addresses, information on the web browser, site location, document, referrer and the visitors to the website.
Pixel-specific data – This includes the pixel ID and the Facebook cookie.
Button-click data – This includes any buttons clicked by the website visitor, the labels on these buttons and any pages accessed as a result of clicking on the button.
Optional values – Conversion values, page types
Form field names – These include the names of website fields, such as "Address" and "Quantity" that are filled out when you purchase a product or service. The pixel does not capture field values.
We also use the "advanced matching" access function. This feature allows customer data such as first name, last name, email address, telephone number or Facebook IDs to be transmitted to Facebook and enhanced using existing tracking data. If you are registered with a service from Facebook, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that your IP address and other identifying features will be learned and stored. You can find further information on advanced matching at: https://www.facebook.com/business/help/611774685654668.
We have no influence on the extent and further use of the data collected by Facebook and therefore inform you in accordance with our knowledge.
You can object to collection by the Facebook pixel. You can also choose which types of ads you see within Facebook. To do this, you must go to the page set up by Facebook for this purpose and follow the instructions for setting usage-based advertising: https://www.facebook.com/settings?tab=ads. You can also object to its use by following the opt-out procedure:
The data processed by cookies is required for the purposes stated for the protection of our legitimate interests as well as of third parties in accordance with Art. 6(1)(1)(f) GDPR.
9. Analysis tools
The tracking measures listed below and used by us are performed on the basis of Art. 6(1)(1)(f) GDPR. By using these tracking measures, we intend to ensure that our website is designed appropriately and that it is continuously optimised. We also use the tracking measures to record statistics pertaining to the use of our website and to evaluate these in order to optimise our website for you. These interests are considered legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
(1) Google Analytics
For the purpose of designing and continuously optimising our pages as required, we use Google Analytics, a web analysis service provided by Google Inc. (https://about.google/intl/en/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). In this context, pseudonymised user profiles are created and cookies (see section 8) are used. The information generated by the cookie about your use of this website, such as
User-ID (unique and cross-device for analysis of visitor flows)
Operating system used
Referrer URL (the page visited previously)
Host name of the accessing computer (IP address)
Time of the server request
is transferred to a Google server in the United States and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website use and Internet use for market research purposes and to design these Internet pages appropriately. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymised so that an assignment is not possible (IP masking). You can prevent the installation of cookies by
setting your browser software accordingly; we would, however, like to point out that in this case, you may not be able to use all functions of this website in full.
In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (incl. your IP address) as well as from processing this data by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this checkbox.
This sets an opt-out cookie to prevent future collection of your data when you visit this website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again. For more information about data protection in relation to Google Analytics, see the Google Analytics Help page (https://support.google.com/analytics/answer/6004245?hl=en).
(2) Google Adwords Conversion Tracking
(3) Google AdWords Remarketing
Our website uses Google Adwords Remarketing Tags. Google Adwords Remarketing is a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). For this purpose, cookies are stored on your computer and are used by Google to analyse the use of the website. The information generated by the cookie (including your IP address) is transmitted to and stored by Google on a server in the United States. Google then truncates the last three digits of the IP address. This means that a unique assignment of the IP address is no longer possible. Google will use this information to evaluate your use of the website, to compile reports on website activities for website operators and to provide other services related to website use and Internet use. In addition, Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Third parties, including Google, place ads on websites on the Internet.
However, we would like to point out that in this case you may not be able to use all functions of this website in full. By using this website, you agree to the processing of the data collected about you in the manner described above by Google and for the purpose stated above.
(4) YouTube plugin, links to social media
(a) We do not use any Twitter or Instagram media plugins on our website. The icons shown are links to these social media sites only. Consequently, no data will be transferred to the servers of the above-mentioned providers unless you actively click on one of these links.
(b) We have embedded YouTube videos in our online site. These are stored at http://www.youtube.com and can be played directly from our website. All of these are embedded in "privacy-enhanced mode", which means that no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data stated in Paragraph 2 be transferred. We have no influence on this data transfer.
(c) By visiting the website, YouTube will be informed that you have accessed the corresponding subpage of our website. In addition, the data stated under Point 2 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles, which it uses for advertising, market research and/or the design of its website. This kind of evaluation shall be carried out in particular (even for users who are not logged in) for the provision of appropriate advertising and in order to inform other users of the social network about your activities on our website. You are entitled to object to the formation of these user profiles. You must contact YouTube to exercise this right.
We use a tracking pixel from the company Commerce Connector GmbH, Eberhardstrasse 69-71, 70173 Stuttgart on our website.
The tracking pixel is a 1 x 1 pixel-sized graphic that is virtually invisible and has no relevant impact on loading times. The tracking pixel is activated only for customers who access our website via the link of a manufacturer who has integrated this pixel. Via the manufacturer, you can open the website of Commerce Connector GmbH, www.commerce.connector.com. For this purpose, the manufacturer uses the Commerce Connector buy now online software-based service in order to show visitors which online retailers stock a certain product for purchase. One of these online retailers is www.bike-components.de. If you have clicked on the manufacturer's link, Commerce Connector GmbH will store a cookie on your device for a limited period of time, which is usually seven days. If you make a purchase with us within this period, Commerce Connector GmbH can access the cookie to obtain information about your purchase from us as soon as you access our confirmation page.
The tracking pixel is used to communicate the following to the manufacturer via Commerce Connector: information about the shop ID, the EAN for each article, the quantity ordered, the net price (optional), the time of the order, the number of orders and the IP address of the customer or other user data or customer data. The tracking pixel is located on the website of Commerce Connector GmbH using only an HTML embed image tag. Anonymised sales statistics regarding individual products are generated using the purchase information.
To disable this, please follow the instructions at the Commerce Connector URL specified.
(6) Hotjar (hotjar Ltd.)
This website uses the web analysis service Hotjar from Hotjar Ltd.. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel: +1 (855) 464-6788).
You may opt out of Hotjar's storage of a user profile and information about your visit to our website and Hotjar's use of tracking cookies on other websites by clicking this opt-out link https://www.hotjar.com/legal/compliance/opt-out. If you use our website with different browsers/computers, you must set up the "Hotjar Opt Out" separately for each of these browsers/computers.
To request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of complaint with a supervisory authority, the origin of your data, if it has not been collected by us and the existence of automated decision-making processes including profiling in accordance with Art. 22(1) and (4) GDPR and meaningful information on the logic involved as well as the scope and intended impact of such processing on the data subject. You have the right to request information on whether the personal data concerning you has been transferred to a third country or to an international organisation. In this context, you may request that the appropriate guarantees be provided in accordance with Art. 46 GDPR in the context of the transfer;
To demand the immediate correction of inaccurate personal data or completion of personal data stored by us in accordance with Art. 16 GDPR;
To request the deletion of your personal data stored by us in accordance with Art. 17 GDPR in the following cases:
The personal data pertaining to you is no longer necessary for the purposes for which it was collected or otherwise processed.
You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
You object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21(2) GDPR.
Your personal data has been processed unlawfully.
The deletion of personal data pertaining to you is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject.
The personal data pertaining to you has been collected in relation to the information society services offered in accordance with Art. 8(1) GDPR;
If the data controller has made the personal data pertaining to you public and if it is obligated to delete it in accordance with Art. 17(1) GDPR, it shall take appropriate action, including technical measures, taking into account available technology and implementation costs, to inform data controllers that process the personal data that you, as the data subject, have requested that they delete all links to this personal data or any copies or replications of this personal data.
The right to deletion does not exist if processing is necessary
For the exercise of the right to freedom of expression and information;
For the fulfilment of a legal obligation that requires processing under the law of the Union or of the Member States to which the data controller is subject, or for the performance of a task that is in the public interest or in the exercise of public authority entrusted to the data controller;
For reasons of public interest in the field of public health, in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
For archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, insofar as the law referred to in Para. 1 is expected to make realising the objectives of this processing impossible or seriously impair it, or
For the assertion, exercise or defence of legal claims.
You can request that the processing of your personal data is restricted in accordance with Art. 18 GDPR, if
You contest the accuracy of the personal data pertaining to you for a period of time that enables the data controller to verify the accuracy of the personal data;
The processing is unlawful and you reject the deletion of the personal data and instead request the restriction of its use;
The data controller no longer requires the personal data for the purposes of processing, however, you require it for the assertion, exercise or defence of legal claims, or
You have objected to processing in accordance with Art. 21(1) GDPR and it is has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of personal data pertaining to you has been restricted, such data – with the exception of its storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction on processing has been limited in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted;
To receive the personal data that you have provided us with in a structured, accessible and machine-readable format or to request its transfer to another data controller in accordance with Art. 20 GDPR. Furthermore, you have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data has been provided, as long as
Processing is based on consent pursuant to Art. 6(1)(A) GDPR or Art. 9(2)(a) GDPR or a contract pursuant to Art. 6(1)(b) GDPR and
Processing is carried out using automated methods.
By exercising this right, you also have the right to have personal data pertaining to you transferred directly by one data controller to another data controller insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task that is in the public interest or in the exercise of public authority that has been entrusted to the data controller;
To withdraw any consent you have given us at any time in accordance with Art. 7(3) GDPR. If you do so, this means that in future we will no longer continue to process the data based on this consent.
To lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Usually, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
11. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1)(1)(f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are reasons for this which arise from your particular situation or if the objection is directed at direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation. If you would like to exercise your right of withdrawal or objection, it is sufficient to send an email to firstname.lastname@example.org.
You can of course object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us of your objection to advertising via the email address above.
12. Data security
We use the commonly used SSL procedure (Secure Socket Layer) as part of visits to our website in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether a single page of our website is transmitted in encrypted form by the closed key or padlock icon in the lower status bar of your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
at any time.
Our TÜV certified data protection officer
1. We employ our own TÜV certified data protection officer, who monitors compliance with the regulations. Our data protection officer will be pleased to answer any questions you may have at any time on email@example.com
2. We process all data in house and thus do not operate any external call centre.
3. Never at any time do we contact you without your request.
4. We do not transfer or sell customer data.
5. The shipping company, which delivers your order, receives from us only the shipping address, which you supplied to us.