1) Information on the collection of personal data and contact details of the data controller
1.1 We welcome you to our website and thank you for your interest. The following information is provided to let you know how we handle your personal data when you use our website. Personal data here means all information by which you can be personally identified.
1.2 The controller for the processing of data on this website within the meaning of the General Data Protection Regulation (GDPR) is Patrick Posner, Patrick Posner – Softwareentwicklung und Systemadministration, Friedrich-Engels-Allee 8, 16547 Birkenwerder, Germany, Tel.: +49 (0) 33015018909, Email: firstname.lastname@example.org. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means for and by which personal data is processed.
1.3 For security reasons and to protect the transfer of personal data and other confidential information (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the address prefix “https://” and the padlock symbol in your browser address line.
2) Data collection when visiting our website
If you just use our website for information, i.e. if you do not register or otherwise transfer information to us, then we only collect such data as your browser transmits to our servers (known as “server log files”). When you access our website we collect the following data, which is technically required by us to be able to display the website for you:
- the webpage you visited
- the date and time of access
- the amount of data sent in bytes
- the source/link from which you accessed the website
- the operating system used
– the IP address used (in anonymised form)
- browser used
Data processing is done in line with Article 6 (1) (f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. No data is passed on to third parties or otherwise used. We do however reserve the right to check our server log files retrospectively if there are specific indications of illegal use.
3) Hosting & content delivery network
On our website we use ”Bunny”, a content delivery network (“CDN”) of BUNNYWAY d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slowenia (“Bunny”). A content delivery network is an online service by which especially large data files (such as graphics, page content or scripts) are delivered via a network of geographically distributed servers interconnected via the Internet. Using the Bunny content delivery network helps us to optimise the loading speed of our website. Bunny never interacts with visitors to our website and does not process any personal data of visitors.
If in isolated cases data is processed, this is done in line with Article 6 (1) (f) of the GDPR on the basis of our legitimate interest in the secure and efficient provision of information, and in improving the stability and functionality of our website. Further information can be found in the privacy statement of Bunny at: https://bunny.net/privacy
4) Establishing contact
4.1 Help Scout
We use the CRM system of the provider Help Scout Inc., 131 Tremont St, Boston, MA 02111-1338, USA to enable us to process enquiries from users faster and more efficiently (legitimate interest in line with Article 6 (1) (f) GDPR).
Help Scout is certified under the Privacy Shield Framework and thus provides an additional guarantee of compliance with European data protection legislation if data is processed in the USA
Help Scout only uses the data of users for the technical processing of enquiries and does not pass data on to third parties. Using Help Scout requires at least the provision of a valid email address. A pseudonym may be used. In the course of processing service enquiries it may be necessary to collect additional data (name, address).
If users do not consent to data collection via and storage in the external system of Help Scout, we offer alternative options to contact us for your service enquiries via email, telephone, fax or post.
Further information for users can be found in the privacy statement of Help Scout: https://www.helpscout.net/company/legal/privacy/.
4.2 In the course of making contact with us (e.g. by contact form or email) personal data is processed – purely for the purpose of processing and responding to your enquiry and only to the extent necessary.
The legal basis for the processing of this data is our legitimate interest in responding to your enquiry in line with Article 6 (1) (f) of the GDPR. If you are making contact with a view to concluding a contract then the additional legal basis for the processing is Article 6 (1) (b) of the GDPR.
Your data is deleted when circumstances show that the relevant matter has been dealt with definitively and provided there are no statutory data retention duties that prevent this.
5) Data processing upon opening a customer account
In line with Article 6 (1) (b) of the GDPR personal data can still be collected and processed to the extent necessary in the specific case if you provide the data to us in order to open a customer account. The data required to open a customer account can be seen from the input screen of the relevant form on our website.
Deletion of your customer account is possible at any time and can be done by sending a message to the abovementioned address of the controller. After deletion of your customer account your data is deleted, provided all contracts concluded via this account are fully settled, there are no statutory data retention duties that prevent this and we have no further legitimate interest in continued storage of the data.
6) Data processing for order settlement
6.1 To the extent necessary for the settlement of contracts for delivery and payment purposes, the personal data collected by us is passed on in line with Article 6 (1) (b) of the GDPR to the instructed transport company and instructed credit institute.
To the extent that we are obliged under a corresponding contract to provide you with updates for goods with digital elements or for digital products, then we process the contact data submitted by you when placing the order (name, address, email address), in order to inform you personally under our statutory duty to provide information on pending updates in line with Article 6 (1) (c) of the GDPR by a suitable communication method (such as by post or email) within the legally stipulated period.
Your contact details are used strictly for the purpose of sending notifications on updates we are required to provide and are processed by us for this purpose only to the extent that this is necessary for the relevant information.
To complete your order we also work with the following service provider(s), who support us fully or partly in completing the contracts concluded. Certain personal data is transmitted to these service providers in line with the following information.
6.2 Use of payment service providers (payment services)
If you decide to use a payment method offered by the payment service provider Stripe, settlement is done via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we pass on the information you give in the course of placing your order along with the information on your order (name, address, account number, bank sort code, if appl. credit card number, invoice amount, currency and transaction number) in line with Article 6 (1) (b) of the GDPR. Further information on data protection at Stripe can be found under URL https://stripe.com/de/privacy#translation.
Stripe retains the right to carry out credit checks on the basis of mathematical statistical procedures, in order to safeguard its justified interest in establishing the user’s ability to pay. Stripe may pass on to selected credit agencies the personal data obtained in the course of payment settlement which is needed for the credit checks. Stripe will disclose these to users upon request.
The credit check can contain probability values (known as scores). If scores are included in the results of a credit check these are based on a scientifically recognised mathematical statistical procedure. Elements considered in calculating the scores include, but are not limited to, address data. Stripe uses the results of the credit check in relation to the statistical payment default probability to decide on authorising the user for the selected payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.
However Stripe may remain entitled to process your personal data if this is necessary to settle payments in line with the contract.
7) Web analysis services
7.1 Fathom Analytics
Protecting your data is important to us. That’s why we use Fathom Analytics. Fathom does not use “cookies” and does not store any personal data relating to you. Further details can be found here.
Should you also wish to deactivate anonymised tracking for your device, instructions can be found here.
8) Rights of the data subjects
8.1 The data protection legislation in force grants you as the data subject the following rights against the controller with regard to the processing of your personal data (right of access and right to obtain human intervention), whereby reference is made to the legal basis given below for the relevant preconditions for exercising these rights:
- right of access in accordance with Article 15 GDPR
- right to rectification in accordance with Article 16 GDPR
- right to erasure in accordance with Article 17 GDPR
- right to the restriction of processing in accordance with Article 18 GDPR
- right to notification in accordance with Article 19 GDPR
- right to data portability in accordance with Article 20 GDPR
- right to withdraw consent in accordance with Article 7 (3) GDPR
- Right of lodge a complaint in accordance with Article 77 GDPR
8.2 RIGHT TO OBJECT
IF IN THE COURSE OF A BALANCING OF INTERESTS WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING JUSTIFIED INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME, FOR REASONS RESULTING FROM YOUR SPECIFIC SITUATION.
IF YOU ASSERT YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING OF THE AFFECTED DATA. HOWEVER WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN SHOW COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA RELATING TO YOU FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT WE WILL CEASE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING.
9) Retention period of personal data
The retention period of personal data is measured on the basis of the relevant legal basis, the purpose of the processing and – if relevant – also the period of the relevant statutory retention duty (e.g. commercial and tax law retention periods).
In the processing of your personal data on the basis of explicit consent in accordance with Article 6 (1) (a) GDPR this data is stored until the data subject withdraws consent.
If there are statutory retention periods for data processed in the course of duties arising from legal transactions or quasi-legal transactions on the basis of Article 6 (1) (b) GDPR, this data is routinely deleted after expiry of the retention periods, if the data is no longer needed for contractual fulfilment or contract initiation and/or there is no further justified interest for the continued retention on our part.
In the processing of personal data on the basis of Article 6 (1) (f) GDPR this data is kept until the data subject exercises their right to object in accordance with Article 21 (1) GDPR, unless we can show compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.
When personal data is processed for the purposes of direct marketing on the basis of Article 6 (1) (f) GDPR this data is retained until the data subject exercises their right to object in accordance with Article 21 (2) GDPR.
Unless otherwise provided for in other information within this leaflet in specific processing situations, the personal data retained is otherwise deleted when it is no longer needed for the purposes for which it was collected or otherwise processed.