Data protection
The following data protection declaration applies to the use of our online offering "www.go4values.lu" (hereinafter the "website"). We attach great importance to data protection. The collection and processing of your personal data are performed in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
Data controller
The data controller responsible for the collection, processing and use of your personal data in the sense of Art. 4.7 GDPR is Go4Values Sàrl, Wilfried Schöpges, Am Hock4, L-9991 Weiswampach.
Should you object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or in respect of individual actions, please address your objection to the data controller. You can save and print this data protection declaration at any time.
General processing purposes
We use personal data for the purpose of operating the website.
What data do we use and why?
Hosting
The hosting services used by us are for the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services used by us for the purpose of operating the website.
In doing so, we, or our hosting provider, process data on existing customers, contact data, content data, contract data, usage data, meta data and communication data from customers, interested parties and visitors to this website on the basis of our legitimate interests in operating an efficient and secure website pursuant to Art. 6.1.1.f GDPR in conjunction with Art. 28 GDPR.
Access data
We collect information about you when you use this website. We automatically store information on your usage behaviour and your interaction with us and record data regarding your computer or mobile device. We collect, store and use data about every access to our website (so-called server log files). Access data include:
The name and URL of the file retrieved
The date and time of retrieval
The volume of data transferred
HTTP code for successful retrieval
Browser type and version
Operating system
Referrer URL (i.e. the previously visited page)
Websites consulted by the user's system via our website
Internet service provider of the user
IP address and the requesting provider
Not assigning it to you personally or otherwise profiling it for statistical evaluations, we use this log data for the purpose of operating, securing and optimising our website, but also for anonymously recording the number of visitors to our website (traffic) as well as the extent and type of use of our website and services. We also use it for accounting purposes to measure the number of clicks received from cooperation partners. This information allows us to provide personalised and location-based content and to analyse traffic, perform troubleshooting and improve our services.
This is also our legitimate interest pursuant to Art. 6.1.1.f GDPR. We reserve the right to check the log data retrospectively if there is a justified suspicion of any unlawful use on the basis of concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or if it is required for the provision of services or the invoicing of a service, for example if you use one of our offerings. After cancellation of the order process or after receipt of payment, we delete the IP address insofar as it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit within your account (e.g. on registering, logging in, clicking on links etc.).
Cookies
We use so-called session cookies to optimise our website. A session cookie is a small text file sent by the respective servers when you visit a website. It is stored temporarily on your hard drive. This file contains a so-called session ID, with which various inquiries from your browser can be assigned to the common session. This allows your computer to be re-recognised when you return to our website. These cookies are deleted when you close your browser. For example, they enable you to use the shopping cart function across several pages.
To a lesser extent, we also use persistent cookies (again, small text files stored on your device). These also remain on your device and enable us to re-recognise your browser on your next visit. Stored on your hard drive, these cookies delete themselves after the specified time (between 1 month and 10 years). They enable us to present our offering to you in a more user-friendly, effective and secure manner and, for example, to display information specifically tailored to your interests.
Our legitimate interest in the use of cookies pursuant to Art 6.1.1.f GDPR is to make our website more user-friendly, effective and secure.
The following data and information are stored in the cookies:
Log-in information
Language settings
Search terms entered
Information on the number of visits to our website and the use of its individual functions.
Upon activation, the cookie is assigned an identification number. Your personal data is not assigned to this identification number. Your name, IP address or similar data that would enable the cookie to be assigned to you are not stored in the cookie. The use of cookie technology only enables us to receive pseudonymised information, for example about which pages of our shop have been visited, which products have been viewed, etc.
You can configure your browser in such a way that you are informed in advance about the use of cookies, allowing you to decide on a case-by-case basis whether you want to prevent acceptance of cookies in certain cases or in general, or to completely reject cookies. This may however limit website functionality.
Data used to fulfil our contractual obligations
We process personal data needed to fulfil our contractual obligations, such as name, address, e-mail address, ordered products, invoicing and payment data. This data needs to be collected in order to conclude the contract.
It is deleted after expiration of the warranty periods and legal retention periods. Data linked to a user account (see below) will always be retained for the duration of the management of that account.
The legal basis for the processing of this data is Art. 6.1.1.b GDPR, as this data is required to fulfil our contractual obligations towards you.
User account
You can create a user account on our website. Should you wish to do so, we will need the personal data requested during login. When logging in again, only your email or username and the password you have chosen will be required. On registering for the first time, we collect base data (e.g. name, address), communication data (e.g. e-mail address) and payment data (bank details) as well as access data (user name and password).
To ensure your proper registration and to prevent any unauthorised logins by third parties, following registration you will receive an activation link by e-mail to activate your account. We wait for successful activation before storing the data transmitted by you permanently in our system.
You can have us delete your user account at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the contact address mentioned under point 1 (e.g. e-mail, fax, post) is sufficient for this purpose. We will then delete your stored personal data, insofar as we do not still need to store it for order processing purposes or due to legal retention requirements. The legal basis for the processing of this data is your consent in accordance with Art. 6.1.1.a GDPR.
Newsletter
To register for the newsletter, the data requested in the registration process is required. Registration for the newsletter is logged. Following registration you will receive a message at the given email address, asking you to confirm registration ("double opt-in"). This is necessary to prevent third parties from registering with your email address.
You can revoke your consent to receive the newsletter at any time ("unsubscribe").
We store the registration data as long as it is needed for sending the newsletter. We store the registration log data and the email address for the newsletter as long as there may be interest in proving that consent was originally given – usually the limitation period for civil claims, i.e. a maximum of three years.
The legal basis for sending the newsletter is your consent in accordance with Art. 6.1.1.a in conjunction with Art. 7 GDPR in conjunction with §7.2.3 UWG. The legal basis for logging the registration is our legitimate interest in proving that newsletters were sent with your consent.
You can unsubscribe from the newsletter at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the contact address mentioned under point 1 (e.g. e-mail, fax, post) is sufficient for this purpose. You will also find an unsubscribe link in every newsletter.
Product recommendations
We will send you product recommendations by e-mail on a regular basis, independently of the newsletter, informing you about products from our offering that you may be interested in based on your recent purchases of goods or services from us. In doing so, we strictly comply with legal requirements. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the contact address mentioned under point 1 (e.g. e-mail, fax, post) is sufficient for this purpose. You will also find an unsubscribe link in every email.
The legal basis for this is the legal consent pursuant to Art. 6.1.1.f GDPR in conjunction with §7.3 UWG.
E-mail contact
When you contact us (e.g. by contact form or e-mail), we will process your data for the purpose of handling your enquiry and any follow-up questions.
If the data is processed as a pre-contractual measure resulting from your enquiry, or, if you are already one of our customers, for performing the contract, the legal basis for this data processing is Art. 6.1.1.b GDPR.
We only process further personal data if you consent to such (Art. 6.1.1.a GDPR) or we have a legitimate interest in processing your data (Art. 6.1.1.f GDPR). A legitimate interest is, for example, to respond to your email.
Google Analytics
We use Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses so-called "cookies", text files stored on your computer and enabling your use of the website to be analysed. The information generated by the cookie about visitors' use of this website is usually transmitted to a Google server in the USA and stored there.
This is also our legitimate interest pursuant to Art. 6.1.1.f GDPR.
Google has declared itself subject to the Privacy Shield agreement concluded between the European Union and the USA and has certified itself. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. More information is available via the link below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We have activated IP anonymisation on this website (anonymizeIp). This means that your IP address will be shortened beforehand by Google within EU Member States or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
The IP address transmitted by your browser for Google Analytics will not be merged with other Google data. You can prevent the storage of cookies through setting the corresponding option in your browser software. However, we point out that in this case users may not be able to use all features of this website .
You can also prevent the transmission of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plug-in or within browsers on mobile devices, you can click on the following link to set an opt-out cookie preventing the collection of data by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click on this link again: [Deactivate Google Analytics] Storage period
Unless specifically stated, we store personal data only for as long as is necessary to fulfil the purposes pursued.
In certain cases, the legislator provides for the retention of personal data, for example under tax or commercial law. In such cases, the data will only be further stored by us for these legal purposes, but will not be processed in any other way and will be deleted after the legal retention period has expired.
Your rights as a person affected by data processing (a "data subject" under the GDPR) Under the applicable laws, you have various rights regarding your personal data. Should you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address given in point 1. Below you will find an overview of your rights.
Right to confirmation and information
You have the right to receive clear information about the processing of your personal data.
Specifically:
You have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request from us free information about the personal data stored about you, together with a copy of this data. Moreover, you are entitled to the following information:
the processing purposes;
the categories of personal data processed;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
the existence of a right to the rectification or erasure of personal data concerning you or to the restriction of processing by the controller or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
in the event of us not collecting the personal data from you, all available information on the origin of the data;
the existence of automated decision-making, including profiling, pursuant to Article 22.1 and 22.4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for you.
In the event of personal data being transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
Right of rectification
You have the right to demand that we rectify and, if necessary, complete your personal data.
Specifically:
You have the right to obtain the rectification of any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure ("right to be forgotten")
In a number of cases, we are obliged to erase personal data relating to you.
Specifically:
Pursuant to Article 17.1 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:
the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
you withdraw your consent on which the processing is based according to Article 6.1.a or Article 9.2.a GDPR, and where there is no other legal ground for the processing;
you object to the processing pursuant to Article 21.1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21.2 GDPR;
the personal data has been unlawfully processed;
the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
the personal data has been collected in relation to the offer of information society services referred to in Article 8.1 GDPR.
Where we have made the personal data public and are obliged pursuant to Article 17.1 GDPR to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
Right to restriction of processing
In a number of cases, you are entitled to request that we restrict the processing of personal data relating to you.
Specifically:
You have the right to obtain from us a restriction of processing where one of the following applies:
the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims;
you have objected to processing pursuant to Article 21.1 GDPR pending the verification whether the legitimate grounds of our company override yours.
Right to data portability
You have the right to receive personal data concerning you in machine-readable form, to transmit it or to have it transmitted by us.
Specifically:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us where:
the processing is based on consent pursuant to Article 6.1.a or Article 9.2.a GDPR or on a contract pursuant to Article 6.1.b; and the processing is carried out by automated means.
In exercising your right to data portability pursuant to Article 20.1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible
Right to object
You also have the right to object to lawful processing of your personal data by us if this is based on your particular situation and our interests in the processing do not outweigh yours.
Specifically:
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6.1.e or 6.1.f GDPR, including profiling based on those provisions. We no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data is processed by us for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89.1 GDPR, you, on grounds relating to your particular situation, have the right to object to processing of you personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you her or similarly significantly affects you. There is no automated decision-making based on the personal data collected.
Right to withdraw your consent
You have the right to withdraw your consent to the processing of personal data at any time.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data is transmitted in encrypted form. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, though we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. It is impossible to rule out your data being read by third parties.
To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.
We offer no guarantee that our offer will be available at certain times; malfunctions, interruptions or failures cannot be ruled out. The servers used by us are backed up on a regular basis.
Transfer of data to third parties, no data transfer to non-EU countries
Generally speaking, we only use your personal data within our company.
If and to the extent that we involve third parties in performing contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing ("contract processing"), we contractually oblige our contractors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
A data transfer to bodies or persons outside the EU – apart from the case mentioned in point 4 of this declaration – does not take place and is not planned.
Data protection officer
If you still have questions or concerns about data protection, please contact our data protection officer.
Data controller
The data controller responsible for the collection, processing and use of your personal data in the sense of Art. 4.7 GDPR is Go4Values Sàrl, Wilfried Schöpges, Am Hock4, L-9991 Weiswampach.
Should you object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or in respect of individual actions, please address your objection to the data controller. You can save and print this data protection declaration at any time.
General processing purposes
We use personal data for the purpose of operating the website.
What data do we use and why?
Hosting
The hosting services used by us are for the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services used by us for the purpose of operating the website.
In doing so, we, or our hosting provider, process data on existing customers, contact data, content data, contract data, usage data, meta data and communication data from customers, interested parties and visitors to this website on the basis of our legitimate interests in operating an efficient and secure website pursuant to Art. 6.1.1.f GDPR in conjunction with Art. 28 GDPR.
Access data
We collect information about you when you use this website. We automatically store information on your usage behaviour and your interaction with us and record data regarding your computer or mobile device. We collect, store and use data about every access to our website (so-called server log files). Access data include:
The name and URL of the file retrieved
The date and time of retrieval
The volume of data transferred
HTTP code for successful retrieval
Browser type and version
Operating system
Referrer URL (i.e. the previously visited page)
Websites consulted by the user's system via our website
Internet service provider of the user
IP address and the requesting provider
Not assigning it to you personally or otherwise profiling it for statistical evaluations, we use this log data for the purpose of operating, securing and optimising our website, but also for anonymously recording the number of visitors to our website (traffic) as well as the extent and type of use of our website and services. We also use it for accounting purposes to measure the number of clicks received from cooperation partners. This information allows us to provide personalised and location-based content and to analyse traffic, perform troubleshooting and improve our services.
This is also our legitimate interest pursuant to Art. 6.1.1.f GDPR. We reserve the right to check the log data retrospectively if there is a justified suspicion of any unlawful use on the basis of concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or if it is required for the provision of services or the invoicing of a service, for example if you use one of our offerings. After cancellation of the order process or after receipt of payment, we delete the IP address insofar as it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit within your account (e.g. on registering, logging in, clicking on links etc.).
Cookies
We use so-called session cookies to optimise our website. A session cookie is a small text file sent by the respective servers when you visit a website. It is stored temporarily on your hard drive. This file contains a so-called session ID, with which various inquiries from your browser can be assigned to the common session. This allows your computer to be re-recognised when you return to our website. These cookies are deleted when you close your browser. For example, they enable you to use the shopping cart function across several pages.
To a lesser extent, we also use persistent cookies (again, small text files stored on your device). These also remain on your device and enable us to re-recognise your browser on your next visit. Stored on your hard drive, these cookies delete themselves after the specified time (between 1 month and 10 years). They enable us to present our offering to you in a more user-friendly, effective and secure manner and, for example, to display information specifically tailored to your interests.
Our legitimate interest in the use of cookies pursuant to Art 6.1.1.f GDPR is to make our website more user-friendly, effective and secure.
The following data and information are stored in the cookies:
Log-in information
Language settings
Search terms entered
Information on the number of visits to our website and the use of its individual functions.
Upon activation, the cookie is assigned an identification number. Your personal data is not assigned to this identification number. Your name, IP address or similar data that would enable the cookie to be assigned to you are not stored in the cookie. The use of cookie technology only enables us to receive pseudonymised information, for example about which pages of our shop have been visited, which products have been viewed, etc.
You can configure your browser in such a way that you are informed in advance about the use of cookies, allowing you to decide on a case-by-case basis whether you want to prevent acceptance of cookies in certain cases or in general, or to completely reject cookies. This may however limit website functionality.
Data used to fulfil our contractual obligations
We process personal data needed to fulfil our contractual obligations, such as name, address, e-mail address, ordered products, invoicing and payment data. This data needs to be collected in order to conclude the contract.
It is deleted after expiration of the warranty periods and legal retention periods. Data linked to a user account (see below) will always be retained for the duration of the management of that account.
The legal basis for the processing of this data is Art. 6.1.1.b GDPR, as this data is required to fulfil our contractual obligations towards you.
User account
You can create a user account on our website. Should you wish to do so, we will need the personal data requested during login. When logging in again, only your email or username and the password you have chosen will be required. On registering for the first time, we collect base data (e.g. name, address), communication data (e.g. e-mail address) and payment data (bank details) as well as access data (user name and password).
To ensure your proper registration and to prevent any unauthorised logins by third parties, following registration you will receive an activation link by e-mail to activate your account. We wait for successful activation before storing the data transmitted by you permanently in our system.
You can have us delete your user account at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the contact address mentioned under point 1 (e.g. e-mail, fax, post) is sufficient for this purpose. We will then delete your stored personal data, insofar as we do not still need to store it for order processing purposes or due to legal retention requirements. The legal basis for the processing of this data is your consent in accordance with Art. 6.1.1.a GDPR.
Newsletter
To register for the newsletter, the data requested in the registration process is required. Registration for the newsletter is logged. Following registration you will receive a message at the given email address, asking you to confirm registration ("double opt-in"). This is necessary to prevent third parties from registering with your email address.
You can revoke your consent to receive the newsletter at any time ("unsubscribe").
We store the registration data as long as it is needed for sending the newsletter. We store the registration log data and the email address for the newsletter as long as there may be interest in proving that consent was originally given – usually the limitation period for civil claims, i.e. a maximum of three years.
The legal basis for sending the newsletter is your consent in accordance with Art. 6.1.1.a in conjunction with Art. 7 GDPR in conjunction with §7.2.3 UWG. The legal basis for logging the registration is our legitimate interest in proving that newsletters were sent with your consent.
You can unsubscribe from the newsletter at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the contact address mentioned under point 1 (e.g. e-mail, fax, post) is sufficient for this purpose. You will also find an unsubscribe link in every newsletter.
Product recommendations
We will send you product recommendations by e-mail on a regular basis, independently of the newsletter, informing you about products from our offering that you may be interested in based on your recent purchases of goods or services from us. In doing so, we strictly comply with legal requirements. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the contact address mentioned under point 1 (e.g. e-mail, fax, post) is sufficient for this purpose. You will also find an unsubscribe link in every email.
The legal basis for this is the legal consent pursuant to Art. 6.1.1.f GDPR in conjunction with §7.3 UWG.
E-mail contact
When you contact us (e.g. by contact form or e-mail), we will process your data for the purpose of handling your enquiry and any follow-up questions.
If the data is processed as a pre-contractual measure resulting from your enquiry, or, if you are already one of our customers, for performing the contract, the legal basis for this data processing is Art. 6.1.1.b GDPR.
We only process further personal data if you consent to such (Art. 6.1.1.a GDPR) or we have a legitimate interest in processing your data (Art. 6.1.1.f GDPR). A legitimate interest is, for example, to respond to your email.
Google Analytics
We use Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses so-called "cookies", text files stored on your computer and enabling your use of the website to be analysed. The information generated by the cookie about visitors' use of this website is usually transmitted to a Google server in the USA and stored there.
This is also our legitimate interest pursuant to Art. 6.1.1.f GDPR.
Google has declared itself subject to the Privacy Shield agreement concluded between the European Union and the USA and has certified itself. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. More information is available via the link below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We have activated IP anonymisation on this website (anonymizeIp). This means that your IP address will be shortened beforehand by Google within EU Member States or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
The IP address transmitted by your browser for Google Analytics will not be merged with other Google data. You can prevent the storage of cookies through setting the corresponding option in your browser software. However, we point out that in this case users may not be able to use all features of this website .
You can also prevent the transmission of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plug-in or within browsers on mobile devices, you can click on the following link to set an opt-out cookie preventing the collection of data by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click on this link again: [Deactivate Google Analytics] Storage period
Unless specifically stated, we store personal data only for as long as is necessary to fulfil the purposes pursued.
In certain cases, the legislator provides for the retention of personal data, for example under tax or commercial law. In such cases, the data will only be further stored by us for these legal purposes, but will not be processed in any other way and will be deleted after the legal retention period has expired.
Your rights as a person affected by data processing (a "data subject" under the GDPR) Under the applicable laws, you have various rights regarding your personal data. Should you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address given in point 1. Below you will find an overview of your rights.
Right to confirmation and information
You have the right to receive clear information about the processing of your personal data.
Specifically:
You have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request from us free information about the personal data stored about you, together with a copy of this data. Moreover, you are entitled to the following information:
the processing purposes;
the categories of personal data processed;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
the existence of a right to the rectification or erasure of personal data concerning you or to the restriction of processing by the controller or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
in the event of us not collecting the personal data from you, all available information on the origin of the data;
the existence of automated decision-making, including profiling, pursuant to Article 22.1 and 22.4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for you.
In the event of personal data being transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
Right of rectification
You have the right to demand that we rectify and, if necessary, complete your personal data.
Specifically:
You have the right to obtain the rectification of any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure ("right to be forgotten")
In a number of cases, we are obliged to erase personal data relating to you.
Specifically:
Pursuant to Article 17.1 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:
the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
you withdraw your consent on which the processing is based according to Article 6.1.a or Article 9.2.a GDPR, and where there is no other legal ground for the processing;
you object to the processing pursuant to Article 21.1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21.2 GDPR;
the personal data has been unlawfully processed;
the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
the personal data has been collected in relation to the offer of information society services referred to in Article 8.1 GDPR.
Where we have made the personal data public and are obliged pursuant to Article 17.1 GDPR to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
Right to restriction of processing
In a number of cases, you are entitled to request that we restrict the processing of personal data relating to you.
Specifically:
You have the right to obtain from us a restriction of processing where one of the following applies:
the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims;
you have objected to processing pursuant to Article 21.1 GDPR pending the verification whether the legitimate grounds of our company override yours.
Right to data portability
You have the right to receive personal data concerning you in machine-readable form, to transmit it or to have it transmitted by us.
Specifically:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us where:
the processing is based on consent pursuant to Article 6.1.a or Article 9.2.a GDPR or on a contract pursuant to Article 6.1.b; and the processing is carried out by automated means.
In exercising your right to data portability pursuant to Article 20.1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible
Right to object
You also have the right to object to lawful processing of your personal data by us if this is based on your particular situation and our interests in the processing do not outweigh yours.
Specifically:
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6.1.e or 6.1.f GDPR, including profiling based on those provisions. We no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data is processed by us for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89.1 GDPR, you, on grounds relating to your particular situation, have the right to object to processing of you personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you her or similarly significantly affects you. There is no automated decision-making based on the personal data collected.
Right to withdraw your consent
You have the right to withdraw your consent to the processing of personal data at any time.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data is transmitted in encrypted form. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, though we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. It is impossible to rule out your data being read by third parties.
To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.
We offer no guarantee that our offer will be available at certain times; malfunctions, interruptions or failures cannot be ruled out. The servers used by us are backed up on a regular basis.
Transfer of data to third parties, no data transfer to non-EU countries
Generally speaking, we only use your personal data within our company.
If and to the extent that we involve third parties in performing contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing ("contract processing"), we contractually oblige our contractors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
A data transfer to bodies or persons outside the EU – apart from the case mentioned in point 4 of this declaration – does not take place and is not planned.
Data protection officer
If you still have questions or concerns about data protection, please contact our data protection officer.