1) Information on the collection of personal data and contact details of the controller
1.1 Thank you for visiting our website and for your interest. In the following, we will explain to you how we handle your personal data when you use our website. Personal data are all data which may be used to identify you as a person.
1.2 The data processing controller for this website within the meaning of the General Data Protection Regulation (GDPR) is Auerswald GmbH & Co. KG, Vor den Grashöfen 1, 38162 Cremlingen, Germany, Tel.: +49 (53 06) 92 00-0, Fax: +49 (53 06) 92 00-99, e-mail: firstname.lastname@example.org. The personal data processing controller is the natural or legal person who alone or jointly with others determines purposes and means of processing personal data.
1.3 The controller has appointed a data protection officer, who can be contacted as follows: "Data protection officer, Vor den Grashöfen 1, 38162 Cremlingen, +49 (0) 53 06 92 00-0, email@example.com"
1.4 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries with the controller), this website uses SSL or TLS encryption. An encrypted connection is identified by using the string "https://" and the lock symbol in your browser bar.
2) Data collection when visiting our website
If you use our website for informational purposes only, i.e. if you do not register or otherwise transmit information, we collect only the data sent by your browser to our server (so-called "server log files"). When you visit our website, we collect the following data, which are technically required to display the website:
- our website visited
- date and time of access
- data quantity sent in bytes
- source/reference from which you reached the page
- browser used
- operating system used
- IP address used (possibly rendered anonymous)
Processing is carried out in accordance with point (f) of Article 6(1) GDPR on the basis of our legitimate interest in improving stability and functionality of our website. The data are not disclosed or used in any other way. However, we retain the right to subsequently check the server log files in the event concrete indications of unlawful use.
To attractively design visits to our website and to allow for using certain functions, on various pages, we use so-called cookies. These are small text files that are stored on your end device. Some of these cookies will be deleted again once your browser session has ended, thus after you have closed your browser (so-called session cookies). Other cookies will remain on your end device and enable us to recognize your browser the next time you visit (so-called persistent cookies). Placed cookies collect and process certain user information to an individual extent, including browser and location data as well as IP addresses. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage is indicated in the overview of the cookie settings in your web browser.
Cookies are in parts used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal data are also processed by individual cookies used by us, such processing is carried out pursuant to point (b) of Article 6(1) GDPR to either execute the contract, pursuant to point (a) of Article 6(1) GDPR in case of consent given, or pursuant to point (f) of Article 6(1) GDPR, to protect our legitimate interests in the best possible functionality of the website as well as in a customer-friendly and effective design of visits to our website.
Please note that you can set your browser in such a way that you are notified about the placing of cookies and can decide individually whether to accept them or to exclude acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. For the respective browsers, you can find these under the following links:
Please note that if your do not accept cookies, the functionality of our website may be limited.
When you contact us (e.g. via contact form or e-mail), personal data will be collected. The data collected when using a contact form are indicated in the respective contact form. Such data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing such data is our legitimate interest in answering your request pursuant to point (f) of Article 6(1) GDPR. If you contact us with the intention to conclude a contract, an additional legal basis of processing is point (b) of Article 6(1) GDPR. Your data will be deleted once processing of your request has been completed. This is the case if the circumstances indicate that the matter concerned has been clarified conclusively and as long as no statutory retention obligations apply to the contrary.
5) Data processing when opening a customer account and for contract implementation
Pursuant to point (b) of Article 6(1) GDPR, we will continue to collect and process personal data if you provide us with such data for the performance of a contract or when opening a customer account. The type of data collected are indicated in the respective input forms. Your customer account may be deleted at any time. This may be done by sending a message to the controller's address mentioned above. We store and use the data provided by you for contract implementation. After full implementation of the contract or deletion of your customer account, your data will be blocked, taking into account retention periods under tax and commercial law and will be deleted once such periods have expired, unless you have explicitly consented to further use of your data or if we have retained the right to further legally permitted use of such data.
6) Data processing for order handling
6.1 To handle your order, we collaborate with the following service provider(s), who support us completely or in parts in the performance of concluded contracts. Certain personal data are transmitted to such service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract implementation if this is necessary to deliver the goods. In the context of payment processing, we will disclose your payment data to the commissioned credit institute if this is necessary for the payment processing. If payment service providers are involved, we will explicitly inform you about this in the following. The legal basis for the transfer of data is point (b) of Article 6(1) GDPR.
6.2 Use of payment service providers (payment services).
In case of credit card payments via Unzer, payment will be processed by the payment service provider Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany (hereinafter: "Unzer"), to whom we will disclose your data provided during the ordering process exclusively for the purpose of processing payments pursuant to point (b) of Article 6(1) GDPR. The data will be disclosed to the extent actually required for payment processing. Unzer will in turn transmit your data to HUELLEMANN & STRAUSS ONLINESERVICES S.A., 1, Place du Marché, 6755 Grevenmacher, Luxembourg, for the purpose of making the payment, if necessary, pursuant to point (b) of Article 6(1) GDPR.
When selecting the payment method "purchase on account via Unzer" or "direct debit via Unzer", you will be asked during the ordering process to provide your personal information (first and last name, street name and number, post code, city, date of birth, e-mail address and telephone number). In order to safeguard our legitimate interest in determining our customers' financial solvency, we will pass on such data pursuant to point (f) of Article 6(1) GDPR for the purpose of a credit check by Unzer GmbH, Vangerowstr. 18, 69115 Heidelberg (hereinafter "Unzer"). Based on the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experiences), Unzer will check whether the payment option selected by you can be approved given payment and/or bad debt risks. According to point (f) of Article 6(1) GDPR, identity or creditworthiness information from the following credit agencies may also be used to decide on the establishment or performance of a contract:
- SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
- CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22763 Hamburg, Germany
- Arvato Infoscore GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany
- Deltavista GmbH, Kaiserstraße 217, 76133 Karlsruhe, Germany
- UNIVERSUM Business GmbH, Hugo-Junkers-Straße 3, 60386 Frankfurt am Main, Germany
- Bisnode International Group, Robert-Bosch-Straße 11, 64293 Darmstadt, Germany
- Regis24 GmbH, Wallstraße 58, 10179 Berlin, Germany
- Creditreform AG, Hellersbergstraße 12, 41460 Neuss, Germany
The credit check may contain probability values (so-called score values). Where score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
You may object to such processing of your data at any time by sending a message to the controller responsible for data processing or to Unzer. However, Unzer may continue to be entitled to process your personal data if this is necessary for payment processing pursuant to the contract.
7) Web analysis services
7.1 Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called "cookies". Cookies are text files that are stored on your end device and allow for analysing your use of the website. The information generated by the cookie about your use of this website (including the abbreviated IP address) usually is transmitted to a Google server, where it is stored. It may also be transmitted to the servers of Google LLC. in the USA.
This website uses Google (Universal) Analytics exclusively with the extension "_anonymizeIp()", which ensures that IP addresses are truncated, thus ruling out any direct personal reference. Google uses the extension to truncate your IP address within Member States of the European Union or in other states that are parties to the Agreement on the European Economic Area before. In exceptional cases only will the full IP address be transferred to a server of Google LLC in the USA and truncated there. Google will use this information on our behalf to analyse your use of the website, to compile reports on website activities and to provide us with further services associated to the website and internet use. The IP address transmitted by your browser in the context of Google (Universal) Analytics is not merged with any other Google data. All processing described above, in particular placing Google Analytics cookies for reading information on the end device used, will be carried out only if you have given us your express consent to do so pursuant to point (a) of Article 6(1) GDPR. If you do not give your consent, Google Analytics will not be used during your visit.
You may withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please disable this service in the "Cookie Content Tool" provided on the website. We have concluded a processing contract with Google for the use of Google Analytics, under which Google is obliged to protect the data of our site visitors and not to disclose them to third parties.
For the transmission of data from the EU to the USA, Google relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.
For further information on Google (Universal) Analytics visit: https://policies.google.com/privacy?hl=de&gl=de
7.2 - Matomo (formerly Piwik)
This website uses the web analysis service software Matomo (www.matomo.org), a service of provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand ("Matomo") to collect and store data based on our legitimate interest in the statistical analysis of user behaviour for optimization and marketing purposes pursuant to point (f) of Article 6(1) GDPR. These data may be used to create and analyse pseudonymous user profiles for the same purpose. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. Among other things, the cookies enable the recognition of the Internet browser. The data collected using Matomo technology (including your pseudonymous IP address) are processed on our servers.
The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not combined with personal data about the user of the pseudonym. If you do not agree with storage and analysis of such data from your visit, you may object to such storage and use for the future at any time with a mouse click. In this case, a so-called opt-out cookie is placed in your browser, with the consequence that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and you may need to enable it again. To the extent required by law, we have obtained your consent to the aforementioned processing of your data pursuant to point (a) of Article 6(1) GDPR. You may withdraw your consent at any time with effect for the future. In order to exercise your right of withdrawal, please follow the procedure described above for lodging an objection.
8) Tools and micellaneous
Cookie Consent Tool of Shopware
To enable the Cookie Content Tool to uniquely assign page views to individual users and to individually record, log and store the consent settings made by the user for the duration of a session, the Cookie Content Tool collects certain user information (including the IP address) when our website is accessed, transmits it to Shopware servers, where it is stored. Such data processing is carried out pursuant to point (f) of Article 6(1) GDPR based on our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and hence in a legally compliant design of our website.
For further information on data use by Shopware go to: https://www.shopware.com/de/datenschutz/
9) Data subject rights
9.1 Applicable data protection law gives you comprehensive data subject rights (access and intervention rights) vis-à-vis the controller responsible for processing your personal data. In the following, we will inform about these rights:
- Right of access pursuant to Article 15 GDPR: In particular, you have a right of access to your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, to object to processing, to lodge a complaint with a supervisory authority, the source of your data if it has not been collected from you by us, the existence of automated decision-making, including profiling and, as the case may be, meaningful information on the logic involved as well as the significance and the envisaged consequences of such processing for you, as well as your right to be informed of the safeguards provided under Article 46 GDPR when your data are transferred to a third country;
- Right to rectification pursuant to Article 16 GDPR: You have a right to obtain without undue delay the rectification of inaccurate personal data and/or completion of incomplete personal data stored by us;
- Right to erasure pursuant to Article 17 GDPR: You have the right to obtain the erasure of your personal data if the grounds of Article 17(1) GDPR apply. However, this right does not apply in particular if the processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- Right to restriction of processing pursuant to Article 18 GDPR: You have the right to obtain a restriction of processing of your personal data if the accuracy of your data is contested by you and it is verified, if you oppose the erasure of your data due to unlawful processing and request the restriction of their use instead, if you require your data for the establishment, exercise or defence of legal claims, after we no longer need these data for the purposes of processing, or if you have objected for reasons relating to your particular situation, pending the verification whether our legitimate grounds override yours.
- Right to notification pursuant to Article 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate the rectification, erasure or restriction of processing to each recipient to whom your personal data you have been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about those recipients.
- Right to data portability pursuant to Article 20 GDPR: You have the right to receive the personal data concerning which you have provided to us in a structured, commonly used and machine-readable format or you have the right to request that the data be transmitted to another controller where technically feasible;
- Right to withdraw consent pursuant to Article 7(3) GDPR: You have the right to withdraw your consent to the processing of data at any time, with effect for the future. In the event of withdrawal, we will erase the data concerned without undue delay, unless further processing can be based on a legal basis for processing not requiring consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint pursuant to Article 77 GDPR: If you consider that the processing of personal data relating to you infringes the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
9.2RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFEND LEGAL CLAIMS.
WHERE YOUR PERSONAL DATA ARE PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
10) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and additionally - if relevant - by the respective legal retention period (e.g. retention periods under commercial and tax law).
When personal data are processed based on explicit consent pursuant point (a) of Article 6(1) GDPR, such data are stored until the data subject withdraws his or her consent.
If statutory retention periods apply for data processed within the scope of transactional or similar obligations based on point (b) of Article 6(1) GDPR, such data are routinely erased after expiry of the retention periods, unless they are still required for contract fulfilment or initiation and/or is we have a legitimate interest in their further storage.
Where personal data are processed based on point (f) of Article 6(1) GDPR, such data are stored until the data subject exercises his or her right to object under Article 21(1) GDPR, unless compelling legitimate grounds for the processing are demonstrated which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
When personal data are processed for the purpose of direct marketing based on the point (f) of Article 6(1) GDPR, such data are stored until the data subject exercises his or her right of objection under Article 21(2) GDPR.
Moreover, unless indicated otherwise by the other information in this Policy on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.