With the following information, we would like to provide you, as the “data subject”, with an overview of the processing of your personal data by us and your rights from the data protection legislation. The use of our website is generally possible without providing personal data. However, if you wish to take advantage of special services via our website, it may be necessary to process personal data for this purpose. If it is necessary to process personal data and if there is no legal basis for such processing, we will generally obtain your consent.
In our capacity as data controller, we have taken numerous technical and organisational measures to ensure the best possible protection of the personal data that are processed via this website. Despite this, however, security loopholes are always possible during internet-based transfers of data, meaning that an absolute level of protection cannot be guaranteed. You are therefore free to send us your personal data using alternative methods, for example by telephone or by post.
The controller in accordance with the GDPR is:
Herforder Straße 80, 32120 Hiddenhausen, Germany
Responsible data controllers: Frank Zucht, David Peter
3. Data protection officer
You can contact the data protection officer as follows:
For all queries and suggestions concerning data protection, you can consult our data protection officer directly.
- Personal data
Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified either directly or indirectly, in particular through the assignation of an identifier such as a name, an identification number, location data, online ID, or one or several other characteristics which form the expression of a person’s physical, physiological, genetic, psychological, economic, cultural or social identity.
- Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company) that is responsible for the processing.
Processing is defined as any activity performed with or without help of automated processes or each such sequence of activities related to personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, the alignment or combination, restriction, erasure or destruction.
- Restriction of processing
The restriction of processing is the highlighting of stored personal data with the objective of limiting its future processing.
Profiling is any type of automated processing of personal data characterised by such personal data being used to assess certain personal aspects relating to a natural person, in particular to analyse and forecast aspects of work performance, economic situation, health, personal preferences, interests, reliability, behaviour, position or change of location of such a natural person.
Pseudonymisation is the processing of personal data in such a way that the personal data cannot be associated with a specific data subject without the assistance of additional information, provided that this additional information is stored separately and is subject to the corresponding technical and organisational measures which ensure that the personal data cannot be associated with an identified or identifiable natural person.
The processor is a natural or legal person, public authority, agency or other body which, alone or jointly with others, processes the personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, regardless of whether they are a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.
- Third party
A third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent means any voluntary, informed and unambiguous expression by the data subject of their will in the particular case, in the form of a statement or another unequivocal confirmatory act, indicating that they consent to the processing of their personal data.
5. Legal basis of the processing
Point (a) of Art. 6(1) GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the fulfilment of a contract of which you are a contractual party, as is the case with processing operations which are necessary for the delivery of goods or the provision of another service or return service, the processing is based on point (b) of Art. 6(1) GDPR. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract, in cases of inquiries regarding our products or services, for example.
If our company is subject to a legal obligation through which processing of personal data is required, such as the fulfilment of statutory obligations, processing is based on point (c) of Art. 6(1) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and it would be necessary to provide their name, their age, the details of their health insurance provider or other vital information to a doctor, a hospital or another third party. Processing would then be based on point (d) of Art. 6 (1) GDPR.
Otherwise, processing operations can also be based on point (f) of Art. 6(1) GDPR. Processing operations to which none of the aforementioned legal bases apply will take this legal basis if processing is necessary for the purposes of any legitimate interest pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to undertake such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, the European legislator takes the opinion that a justified interest could be assumed if you are a customer of our company (recital 47, (2) GDPR).
6.1 SSL/TLS encryption
To ensure the security of data processing and in order to protect the transfer of confidential content such as orders, log-in data or contact inquiries you send to us as an operator, this website uses SSL and/or TLS encryption. You can recognise an encrypted connection, as the address line in the browser then contains “https://” instead of “http://”, as well as the lock symbol in the browser line.
If SSL and/or TLS encryption is enabled, the data you transfer to us cannot be accessed by third parties.
6.2 Collection of data when visiting our website
In the case of a merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we will only collect the data that your browser transmits to our server (in what are known as “Server log files”). Each time a web page is accessed, our website collects a variety of general data and information using an automated system. This general data and information is saved in the server log files. The following can be collected
- browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system visits our website (known as the referrer),
- the sub-websites which are accessed on our website by an accessing system,
- the date and time of the access to the website,
- an abbreviated internet protocol address (anonymised IP address),
- the internet service provider of the accessing system.
When using this general data and information, we do not draw conclusions regarding your person. On the contrary, this information is required in order to
- provide the contents of our website correctly,
- optimise the contents of our website and the advertising for it,
- ensure the sustained functional capability of our IT systems and the technology of our website, and
- provide prosecution authorities with the information necessary for prosecution in the case of a cyber attack.
Therefore, such data and information to be collected will, on the one hand, be evaluated by us anonymously for statistical purposes and also with the objective of improving data protection and data security in our company in order to provide an optimum level of protection for the personal data that we process. The anonymous data from the server log files will be stored separately from all the personal data submitted by a data subject.
The legal basis for the data processing is point (f) of Art. 6(1) para. 1 GDPR. Our legitimate interest follows from the purposes of data processing that are listed above.
7. Forwarding of data to third parties
Your personal data are not disclosed to third parties for any purposes other than the purposes listed below.
We will only pass on your personal data to third parties, if:
- You have given your express consent in accordance with point (a) of Art. 6(1) para. 1 GDPR,
- The disclosure is necessary in accordance with point (f) of Art. 6(1) para. 1 GDPR for the safeguarding of our legitimate interests and there is no reason to assume that you have an overriding interest in the non-disclosure of your data worthy of protection,
- In the case of a legal obligation for disclosure in accordance with point (c) of Art. 6(1) para. 1 GDPR, and
- This is legally permissible and, pursuant to point (b) of Art. 6(1) para. 1 GDPR, necessary for the execution of contractual relationships with you.
8.1 General points regarding cookies
Information which arises in connection with the specific end device which is used is saved in the cookie. However, this does not mean that we gain direct knowledge of your identity as a result.
On the one hand, cookies are used to make the use of our services more convenient for you. For example, we use session cookies to determine whether you have already visited individual pages of our website. These cookies are automatically erased after you leave our website.
Furthermore, we also use temporary cookies which are stored on your end device for a defined period of time for the purpose of optimising user-friendliness. If you visit our site again in order to use our services, the website will automatically recognise that you have visited us in the past and which entries and settings you made, so that you do not have to make them again.
The data processed by cookies are necessary for the above purposes so as to safeguard our and third parties’ legitimate interests in accordance with point (f) of Art. 6(1) para. 1 GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that you receive a notification before a new cookie is stored. Full deactivation of cookies may however mean that you are unable to use all the functions of our website.
9. Contents of our website
9.1 Data processing for the processing of orders
The personal data that we collect will be forwarded to the transportation company commissioned with the delivery within the scope of the implementation of the contract, insofar as this is necessary for the delivery of the goods. We will only forward your payment data to the commissioned credit institute insofar as this is necessary for the processing of the payment. Insofar as providers of payment services are used, we will inform you of such explicitly in the following. In this respect, the legal basis for the forwarding of the data is point (b) of Art. 6(1) GDPR.
9.2 Making contact / contact form
Personal data will be collected within the context of making contact with us (e.g. by contact form or email). The data to be gathered in the case of a contact from is clear from the respective contact form. These data will only be saved and used for the purpose of responding to your inquiry and/or for making contact with you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in handling your inquiry in accordance with point (f) of Art. 6(1) GDPR. If the contact that you make is aimed at concluding a contract, point (b) of Art. 6(1) GDPR is an additional legal basis for processing. After the processing of your inquiry is complete, your data will be erased, this is the case if the circumstances make it clear that the respective matter has finally been resolved and as long as no statutory retention periods apply to the contrary.
10. Sending of newsletters
10.1 Sending of newsletters to existing customers
If you have provided us with your email address when buying goods and/or services, we reserve the right to send you regular offers by email concerning goods and/or services from our range that are similar to those you have bought. To do so, we are not required to obtain any particular consent from you in accordance with Art. 7(3) UWG (Unfair Competition Act). In this context, the processing of the data is based solely on our legitimate interest in personalised direct advertising in accordance with point (f) of Art. 6(1) GDPR. If you initially objected to the use of your email address for this purpose, no emails will be sent on our part. You have the right to object to the use of your email address for the aforementioned advertising purpose at any time with future effect by sending a notification to the controller referred to at the start. In this respect, you are only subject to the costs of transfer according to the basic rates. After the receipt of your objection, the use of your email address for advertising purposes will be stopped without delay.
10.2 Advertising newsletter
On our website, you are given the opportunity to subscribe to our company newsletter. The input field that is used for this purpose tells you which personal data is transferred when you order our newsletter.
With the use of a newsletter, we inform our customers and business associates of news from our company on a regular basis. Our company newsletter can generally only be received by you if
- You have a valid email address and
- You have registered to receive the newsletter.
For legal reasons, a confirmation email for the double opt-in procedure will be sent to the email address that was initially registered for the delivery of the newsletter. The purpose of this confirmation email is to check whether, as the owner of the email address, you have authorised receipt of the newsletter.
Upon your registration for the newsletter, we shall also save the IP address assigned by your internet service provider (ISP) to the IT system that you used when you registered as well as the date and time of the registration. The collection of this data is necessary so that we are able to trace the (possible) misuse of your email address at a later point in time and therefore serves the purpose of our legal protection.
The personal data collected in connection with registration for the newsletter will only be used for the delivery of our newsletter. Furthermore, subscribers to the newsletter may also be informed by email insofar as this is necessary for the operation of the newsletter service or a corresponding registration, as may be the case in the event of changes to the newsletter offering or changes to the technical circumstances. No personal data collected in connection with the newsletter service will be transferred to third parties. The subscription to our newsletter can be cancelled by you at any time. You are able to withdraw your consent to the saving of personal data with which you provided us for the sending of newsletters at any time. Each newsletter contains a corresponding link for the purpose of the withdrawal of consent. It is also possible to cancel your registration for the sending of the newsletter on our website at any time or to notify us accordingly in another way.
The legal basis for data processing for the purpose of the sending of the newsletter is point (a) of Art. 6(1) GDPR.
11. Plugins and other services
11.1 Google Maps
On our website, we use Google Maps (API) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive maps for the visual presentation of geographic information. By using this service, you can view our location, for example, which makes it easier for you to find us.
As soon as you access the sub-pages into which the map from Google Maps is integrated, information regarding your use of our website (such as your IP address) will be transferred to the Google servers in the USA and stored there. This happens regardless of whether Google provides a user account which you are logged into or whether no user account exists. If you are logged into Google, your data will be associated directly with your account. If you do not want the data to be associated with your Google profile, you must log out of your Google user account. Google will save your data (including for users who are not logged in) as a user profile and evaluate it. In particular, an evaluation of this kind takes place in accordance with point (f) of Art. 6(1) GDPR on the basis of the legitimate interests of Google in the superimposing of personalised advertising, market research and/or the use-oriented configuration of its website. You have the right to object to the creation of such user profiles; if you intend to exercise this right, please contact Google.
Google LLC, which is based in the USA, is certified for the US-European “Privacy Shield” data protection agreement, which ensures compliance with the degree of data protection which applies in the EU.
Google Maps is used to ensure an appealing presentation of our online offers and to make the places specified by us on the website easy to find. This is a legitimate interest within the meaning of point (f) of Art. 6(1) GDPR.
11.2 Google WebFonts
Our website uses what are known as Web Fonts for a uniform presentation of fonts; these web fonts are provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When accessing a website, your browser will load the necessary web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must establish a connection to the Google servers. As a result, Google becomes aware that our website was accessed by your IP address. Google web fonts are used to ensure the uniform and appealing presentation of our website.
This is a legitimate interest within the meaning of point (f) of Art. 6(1) GDPR.
Google LLC, which is based in the USA, is certified for the US-European “Privacy Shield” data protection agreement, which ensures compliance with the degree of data protection which applies in the EU.
12. Your rights as a data subject
12.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data concerning your person is processed.
12.2 Right to access, Art. 15 GDPR
You have the right to receive information from us regarding the personal data retained concerning your identity and to receive a copy of such data free of charge at any time.
12.3 Right to rectification, Art. 16 GDPR
You have the right to request the rectification of incorrect personal data concerning your person. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of processing.
12.4 Erasure, Art. 17 GDPR
You have the right to request that we erase your personal data without undue delay as long as one of the reasons stipulated by law applies and insofar as processing is not necessary.
12.5 Restriction of processing, Art 18 GDPR
You have the right to request the restriction of processing from us if any of the statutory conditions apply.
12.6 Data portability, Art. 20 GDPR
You have the right to receive the personal data concerning your person which you have provided us with in a structured, commonly used and machine-readable format. You also have the right to transfer such data to other controllers without hindrance by us, provided that such processing is based on consent in accordance with point (a) of Art. 6(1) GDPR or point (a) of Art 9(2) GDPR or on a contract in accordance with point (b) of Art. 6(1) GDPR and the processing is carried out by automated means, unless processing is required to perform any task which is carried out in the public interest or in the exercising of official authority that is vested in us.
Furthermore, when exercising your right to data portability in accordance with Art. 20(1) GDPR, you have the right to have the personal data transmitted directly by one controller to another controller, where this is technically feasible and will not adversely affect the rights and freedoms of others.
12.7 Right to object, Art. 21 GDPR
You have the right to submit an objection, on grounds relating to your particular situation, to the processing of personal data concerning your person based on point (e) of Art. 6(1) (processing of data in the public interest) or point (f) GDPR (processing of data on the basis of a balancing of interests) at any time.
This also applies to profiling which is based on one of these provisions within the meaning of Art. 4(4) GDPR.
If you submit an objection, we will no longer process your personal data unless we are able to demonstrate compelling legitimate reasons for processing which override your interests, rights and freedoms or if processing serves the establishing, exercising or defense of legal claims.
In individual cases, we will process personal data for the purpose of direct advertising. You can submit an objection to the processing of personal data for the purposes of such advertising at any time. Insofar as it is associated with such direct advertising, this also applies to profiling. If you object to processing for the purposes of direct advertising, we will no longer process your personal data for such purposes.
You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning your person for scientific or historical research purposes or for statistical purposes in our organisation in accordance with Art. 89(1) GDPR, unless such processing is required for carrying out a task that is in the public interest.
Within the context of the use of information society services, and Directive 2002/58/EC notwithstanding, you are free to exercise your right to object by automated means with the use of technical specifications.
12.8 Withdrawal of consent according to data protection law
You have the right to withdraw your consent to the processing of personal data with future effect at any time.
12.9 Lodging of a complaint with a supervisory authority
You have the right to lodge a complaint about our processing of your personal data with a supervisory authority with responsibility for data protection.
13. Duration of storage of personal data
The criterion for the duration of storage of personal data is the appropriate statutory retention period. After expiry of the period, the respective data will be routinely erased unless it is still required for the fulfillment of the contract or for entering into new contracts.
14. Further information on the processing of other data
As a company, we just process personal data not only on our website, but also in many other processes. In order to be able to provide you, as the data subject, with information which is as detailed as possible for such processing purposes, for your information, we have summarised the following processing activities here and therefore fulfill the statutory information obligations in accordance with Art. 12-14 GDPR:
- Data protection information regarding the handling of applicants’ data
- Data protection information regarding the handling of contacts and communication partners
- Data protection information regarding relations with customers and suppliers