Privacy Policy
The protection of your personal data is very important to us. We would therefore like to inform you in the following pages about the data collected during your visit and the purposes it is used for. Should you still have any queries about the handling of your personal data, please contact our.
BASIC INFORMATION ON DATA HANDLING
1.1 Extent of the personal data processing
We fundamentally collect and use the personal data of our users only insofar as this is required for the provision of a functional website and of our contents and services as well as for the implementation of our business purpose. As a rule we collect and use the personal data of our users only after the user has given his/her consent. Exceptions apply in such cases where it was not possible to obtain prior consent for factual reasons and where the processing of the data is permitted because of statutory requirements.
1.2 Purposes and legal basis for the processing of personal data
We process personal data only to fulfil our contractual obligations or to preserve our overriding legitimate interests. Our legitimate interests are the implementation of our business purpose.
Insofar as we obtain consent from the data subject for processing operations of personal data, Article 6, paragraph 1, sentence 1 lit. a EU General Data Protection Regulation (EU-GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data required to perform a contract of which the contractual party is the data subject, Art. 6 paragraph 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is required to fulfil a legal requirement that our company is subject to, Art. 6 paragraph 1 sentence 1 lit. c GDPR serves as the legal basis.
In the case that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 paragraph 1 sentence 1 lit. d GDPR serves as the legal basis.
If processing is required to protect a legitimate interest of our company or of a third party and the interests do not override the interests, fundamental rights and freedoms of the data subject of the first-named interest, Art. 6 paragraph 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
1.3 Categories of recipients and personal data, origin of the same; data transmission
We forward personal data to our business partners and service providers for the implementation of the business purpose. To implement our business purpose we use typical contact and address data of our customer and business partners. We typically receive the personal data direct from the data subject or with the consent of the data subject and also in exceptional cases from third parties.
Insofar as nothing to the contrary is stated in the following sections, no forwarding of your data to third parties takes place, unless we are legally obliged to do so, or the data transmission is required to perform the contractual relationship or you have previously given your explicit consent to the forwarding of your data. External service providers and partner companies, such as, for example, online payment providers or the shipping company tasked with the delivery, only receive your data insofar as it is necessary for the execution of your order. However, in these cases the extent of the transmitted data is restricted to the minimum required. Insofar as our service providers come into contact with your personal data, we assure that the regulations of the data protection laws are observed in the same manner. Please also observe the data protection notices of the individual providers. The individual service provider is responsible for the contents of third party services, whereby we verify as far as can be reasonably expected that the services observe statutory requirements.
1.4 Transmission to third countries
Essentially we do not forward personal data to recipients in third countries (i.e. countries outside of the EU). Should data be forwarded to recipients in third countries, we assure not only that we will obtain the permission required for the forwarding, but that the third country recipient also assures an adequate level of data protection (or derogations for specific situations pursuant to Art 49 paragraph 1 GDPR applies).
In specific case we forward personal data to recipients in third countries (i.e. countries outside of the EU).
- United States of America
In these specific cases we give the following guarantees as described in Art. 44 GDPR:
- EU standard contractual clauses
1.5 Data security
We have taken extensive technical and organisational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly checked and revised to take into account technological progress.
1.6 Data deletion and storage periods
The personal data of the data subject is deleted or blocked, as soon as the purpose for which it was stored no longer applies. Storage can also be effected if this was required by the European or national legislators in European Union regulations, laws or other stipulations that the person responsible is subject to. The data is also blocked or deleted if a statutory storage period prescribed by the cited standards expires, unless there is a need for continued data storage for the purposes of a conclusion or performance of a contract.
Duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case for the data collected during the registration process if the registration on our internet site is cancelled or modified.
Insofar as the data collected during the registration process is required to perform a contract or to take steps prior to entering into a contract, this is only the case when the data is no longer required to perform the contract. Even after conclusion of the contract it may still be necessary to store personal data in order to fulfil contractual or statutory obligations.
Personal data is stored as a measure to prevent fraud.
The deletion deadline for the purposes of fraud prevention is 6 months, for actual attempts of fraud 6 months.