Privacy policy

1. Person responsible

The office named in the imprint is responsible for the data processing described below.

2. Usage data

When you visit our web pages, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our web pages. This data record consists of

• the name and address of the requested content,
• the date and time of the request,
• the amount of data transferred,
• the access status (content transferred, content not found),
• the description of the web browser and operating system used,
• the referral link, which indicates the page from which you came to ours,
• the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established. The aforementioned log data is only evaluated anonymously.

3. Cookies required

We use cookies on our websites that are necessary for the use of our websites. Cookies are small text files that are stored on your terminal device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use these necessary cookies for analysis, tracking or advertising purposes. In some cases, these cookies only contain information about certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site. We use these cookies on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our web pages may then not be displayed and some functions may no longer be technically available.

4. Google Analytics

We use the web analysis tool "Google Analytics" to design our websites in line with demand. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognise returning visitors and count them as such. Within the scope of Google Analytics, we are supported by Google Ireland Limited and Google LLC. (USA) as processors according to Art. 28 DSGVO. Data processing may therefore also take place outside the EU or EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed due to processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or having legal recourse. Please bear this in mind if you decide to give your consent to our use of Google Analytics. Data processing will be based on your consent if you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 (1) lit. a DSGVO.
You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.

5. Third-party tracking technologies for advertising purposes

We use cross-device tracking technologies so that you can be shown targeted advertising on other websites based on your visit to our websites and so that we can see how effective our advertising efforts have been. The data processing is based on your consent if you have given your consent via our banner. Your consent is voluntary and can be revoked at any time. How does tracking work? When you visit our websites, it is possible that the third-party providers mentioned below retrieve recognition features for your browser or end device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read recognition features on your end device (e.g. cookies) or gain access to individual tracking pixels. The individual features can be used by the third-party providers to recognise your terminal device on other websites. We can commission the relevant third-party providers to display advertising based on the pages visited on our site. What does cross-device tracking mean? If you log in to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked with each other. If, for example, the third-party provider has created a separate feature for the laptop, desktop PC or smartphone or tablet you use, these individual features can be assigned to each other as soon as you use a service of the third-party provider with your login data. In this way, the third-party provider can also target our advertising campaigns across different end devices. Which third-party providers do we use in this context? Below we list the third-party providers we work with for advertising purposes. If the data is processed outside the EU or EEA in this context, please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in unsafe third countries and you consent, the transfer to a third country is based on Art. 49 (1) lit. a DSGVO.

6. Newsletter registration and dispatch

You can order a newsletter on our website. Please note that we require certain data (at least your e-mail address) to register for the newsletter. The newsletter will only be sent if you have given us your express consent. After you have placed an order on our website, you will receive a confirmation e-mail at the e-mail address you have given us (so-called double opt-in). You can revoke your consent at any time. You can easily revoke your consent, for example, by clicking on the unsubscribe link in every newsletter. Within the scope of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary for us to be able to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of ordering or confirming the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is based on Art. 6 para. 1 p. 1 lit. f DSGVO and is carried out in the interest of being able to account for the legality of the newsletter dispatch.

7. Integration of other technical third-party content and functions

We use the technical functions and content of third-party providers listed below to present our web pages. When you call up our pages, the content of the third-party provider who provides these functions and content is reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context. We have no influence on the further data processing by the third-party provider. The data processing is based on your consent, provided that you have previously given your consent via our banner solution by clicking on the preview image. Please note that the use of third-party content and functions may result in your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without informing you or allowing you to seek redress. If we use providers in insecure third countries and you consent, the transfer to an insecure third country will be based on Article 49(1)(a) of the GDPR.

8. Order in the webshop

Processing of your data when placing an order

If you decide to order products, we process your data for the fulfilment and execution of the contract and, if necessary, its reversal in the context of the termination of the contract. In addition, we use your data to inform you about the status of the order. You can deactivate these notifications at any time via the account settings. The legal basis of the data processing for the fulfilment of the contract is Art. 6 para. 1 p. 1 lit. b DSGVO and for the fulfilment of legal information and storage obligations Art. 6 para. 1 lit. c DSGVO. If you order as a contact person for a company or organisation, we process your data on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO. As a contact person, you can object to this processing at any time with effect for the future pursuant to Art. 21 DSGVO.

Payment processing

Various payment methods are available in the order process (Paypal, direct debit, credit card, prepayment). Payment processing via Paypal is carried out by Paypal (Europe) S.àr.l. et Cie, S.C.A., 22-24-Boulevard Royal, L-2449 Luxembourg under its own responsibility. During the payment process, you will be redirected to Paypal pages to enter your data. Paypal does not transmit any further information to us apart from the selected payment method and the confirmation of successful payment processing. We also do not receive any payment information from Paypal such as account details, credit card data or the like. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. b DSGVO. Further information on data protection at Paypal can be found at https://www.paypal.com/myaccount/privacy/privacyhub.

Shop ratings from TrustedShops

You can rate our webshop. Your name, e-mail address and other contract/buyer data (e.g. order number) and usage data (e.g. log files of website usage) may be processed. The rating is voluntary. If you submit a rating, you agree to the associated data processing, Art. 6 para. 1 lit. a DSGVO. The rating is carried out with the support of TrustedShops GmbH, with whom we have concluded an order processing contract in accordance with Art. 28 DSGVO. Further information on data protection at TrustedShops can be found at https://business.trustedshops.de/impressum.

Duration of data storage

Your data will be stored by us for as long as it is required for the above-mentioned purposes or due to a statutory retention obligation. Your data in your customer account will be stored by us until you delete the account. Data relating to an order transaction will be stored for 3 years after completion of the order, provided that no statutory retention obligations (e.g. commercial or tax obligations according to HGB and AO) require longer storage. The period begins with the end of the calendar year in which the event triggering the period falls.

9. Your rights as a data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to be informed about this personal data and to receive the information listed in detail in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to request without undue delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete data.

Right to erasure (Art. 17 GDPR)

You have the right to request that personal data concerning you be erased without undue delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you have objected to the processing, for the duration of the review by the controller.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 DSGVO, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

Right of withdrawal (Art. 7 DSGVO)

If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 (3) DSGVO. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by this.

Right of objection (Art. 21 DSGVO)

If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO (data processing to safeguard legitimate interests) or on the basis of Art. 6 para. 1 sentence 1 lit. e DSGVO (data processing to safeguard public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right of appeal to a supervisory authority (Art. 77 DSGVO)

Pursuant to Art. 77 DSGVO, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions. The right to lodge a complaint may in particular be asserted before a supervisory authority in the member state of your habitual residence, your place of work or the place of the alleged infringement.

Assertion of your rights

Unless otherwise described above, to assert your data protection rights, please contact the office mentioned in the imprint.

10. Contact details of the data protection officer

Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de

If you contact our data protection officer, please also state the responsible office named in the imprint.