Privacy Policy
I. Data controller
The data controller responsible for compliance with the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States, as well as other data protection regulations, is:
Beyond Matters GmbH, represented by its managing director Griseldis Ellis,
St. Markus Straße 12 | 67346 Speyer | Germany
Phone: +49 (0) 6232 79893
Email: mail@beyondmatters.com | Website: https://www.beyondmatters.com
II. General information on how we protect your data as we process it
2.1. The extent to which we process your personal data
We collect and utilize your personal data only insofar as this is necessary to provide an operating site, our content, and our services. We regularly collect and use your personal data, but only with your consent. An exception applies in those cases where circumstances prevent us from obtaining your prior consent and the processing of your data is permitted by law.
2.2 Legal basis for the processing of personal data
Insofar as we obtain consent to process your processing personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) is the legal basis for its processing. If we have to process your personal data in order to fulfill a contract with you, Art. 6 para. 1 lit. b GDPR is the legal basis. This also applies to any processing that may be necessary in the process leading to establishment of a contractual relationship.
If we have to process your personal data to fulfill one of our legal obligations, Art. 6 para. 1 lit. c GDPR is the legal basis. In the event that your vital interest or that of another natural person necessitates the processing of your personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.
If we have to process your data in order to safeguard our legitimate interest or that of a third party and if your interests, fundamental rights, and freedoms do not outweigh said interest, Art. 6 para. 1 lit. f GDPR is the legal basis
2.3 Access data and hosting
You may visit our website without revealing any personal information. With every visit on the website, the web server stores automatically only a so-called server log file which contains e.g. the name of the requested file, your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. These access data are analysed exclusively for the purpose of ensuring the smooth operation of the website and improving our offer. This serves according to Art. 6 (1) 1 lit. f GDPR the protection of our legitimate interests in the proper presentation of our offer that are overriding in the process of balancing of interests.
All access data are deleted no later than seven days after the end of your visit on our website.
2.4 Hosting
The services for hosting and displaying the website are partly provided by our service providers on the basis of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms provided for this pupose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
Our service providers are located and/or use servers in the USA and in other countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.
Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: Canada
III. Data collection and use for processing the contract
3.1 establishing contact and for opening a customer account
We collect personal data that you voluntarily submit to us when you place an order or contact us (e.g. via contact form or by email). Mandatory fields are marked as such because we absolutely need those data to perform the contract or process your contact request and you would otherwise not be able to complete your order or send the contact request. It is evident in each input form what data are collected. We use the data that you disclose to us to perform the contract and process your enquiries according to Art. 6 (1) (b) GDPR.
As far as you have given your consent according to Art. 6 (1) (a) GDPR by creating Your customer account, we use Your data for the purpose of opening the customer account. You will find further information on the processing of your data, in particular on forwarding the data to our service providers for the purpose of order and shipping processing, in the following sections of this privacy policy. Upon contract completion, any further processing of your data will be restricted, and your data will be deleted upon expiry of any retention period applicable under relevant regulations according to Art. 6 (1) lit. c) GDPR, unless you expressly agree to the further use of your data according to Art. 6 (1) lit. a) GDPR or we reserve the right to otherwise use your personal data in the scope and manner permitted by law, of which we inform you in this privacy policy. Your customer account can be deleted at any time. For this purpose you can either send a message to the contact option specified in this privacy policy or use the relevant function available in the customer account.
IV. Provision of the website and creation of log files
4.1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from your computer system.
The following data is collected:
a) your browser type and version
b) your operating system
c) your internet service provider
d) your IP address
e) the date and time of your access
f) any website(s) from which you have accessed our website (referrals)
g) any websites that you access from links on our website.
This data will be stored in the log files of our system. This data is not stored together with any other personal data we may have collected about you.
4.2. Legal basis for this data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
4.3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. Therefore, your IP address must remain stored for the duration of the session. The data is stored in log files to ensure the website’s functionality. The data is also used to optimize the website and to ensure the security of our information technology systems. We do not evaluate this data for any marketing purposes. The data is evaluated exclusively to improve our offer and to increase data protection and data security and does not allow any personal conclusions to be drawn about you.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
4.4 Duration of the storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collected in order to provide the website, this occurs once the respective session has ended. Should any data be stored in log files, these will be deleted within seven days at the latest. Further storage is possible. In this case, your IP address will be deleted or distorted, so that we can no longer identify the accessing client.
4.5. Options for revoking your consent and requesting the removal of your data
Collection of the data for making the website available and storage of the data in log files is essential for the operation of the website. Consequently, there is no option for you to object to its collection and retention.
V. Data processing for the purpose of shipment
We forward your data to the shipping company within the scope required for the delivery of the ordered goods according to Art. 6 (1) (b) GDPR.
5.1 Data processing for the purpose of payment
As part of the payment process in our online shop, we work together with these partners: technical service provider, credit institution, payment service provider.
VI. Use of cookies
6.1 Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored by your internet browser on your computer. If you visit a website, a cookie may be stored on your operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that your browser be identifiable as you move on to another page within the site. We also use cookies on our website to analyze user behavior.
The following data can be transmitted in this way:
a) search terms entered
b) how often certain pages are viewed
c) what website features you use
When accessing our website, you will be informed of the use of cookies for analytical purposes and we will obtain your consent for the processing of the personal data used in this context. We will at that time also make reference to this privacy policy.
6.2 Legal basis for data processing
The legal basis for processing personal data via technically necessary cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for processing personal data by using cookies for analytical purposes if we have obtained your consent is Art. 6 para. 1 lit. a GDPR.
6.3 Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website will not be available if the use of cookies is disallowed. In such cases, it will be necessary for the browser to be recognized even after changing pages.
We require cookies for the following applications: (Examples)
a) shopping cart
b) applying language settings
c) remembering search terms
The user data collected by technically necessary cookies is not used to create user profiles. The analytical cookies are used to improve the quality of our website and its content. Using analytical cookies, we learn how the site is used so that we can constantly optimize our service.
6.4 Duration of storage, objection and removal options
Cookies are stored on the user’s computer and transmitted from there to our website. Therefore, as a user, you have full control of the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it is possible that you will no longer be able to use all of its features.
6.5 General information on revoking your consent or disallowing cookies (“opting-out”)
You can configure your browser settings as desired and refuse to accept our cookies or those of any third party. To find out more about managing and deleting cookies, go to the help menu for your browser. However, please note that you may not be able to use all functions of this website.
You can also object to the use of cookies from various providers by going to https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, we will inform you separately about your options to object to cookies placed by individual providers here.
6.6 Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies stored on your computer to allow for analyzing how you use the website. As a rule, the cookie-generated data regarding your use of this website is forwarded to a Google server in the USA and stored there. However, if IP anonymization is enabled on this website, your IP address will first be abbreviated by Google within the member states of the European Union or other parties to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide us with further services associated with the use of the website and the internet. The IP address provided by your browser in the framework of Google Analytics will not be combined with other data from Google.
You can prevent the storage of cookies by selecting the corresponding settings on your browser; however, we would like to point out that if you do this, you may not be able to fully use all of the functions provided on this website. You can also prevent the data generated by cookies regarding your website use (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are only processed in truncated form in order to prevent Google from identifying specific individuals. If the data collected about you is personally identifiable, it will be blocked immediately and the personal data deleted as soon as possible.
We use Google Analytics to analyze and regularly improve the function of our website. With the statistics thus gained, we can improve our site and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 clause 1 lit. f GDPR. For the exceptional cases in which personal information is transferred to the US, Google has submitted to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms and conditions: http://www.google.com/analytics/terms/de.html, Data protection details: http://www.google.com/intl/de/analytics/learn /privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy.
6.7 Social Media
We currently use the following social media plug-ins: Facebook and Instagram. Our company relies on the two-click solution. This means that if you visit our site, initially no personal data will be sent to these platforms. You can recognize the social media platforms by their appropriately labeled link or logo. We offer you the option of communicating directly with these platforms via the respective buttons. Only if you click on the labeled button to activate will the social media platform be informed that you accessed our website. In addition, the provisions set out above under §III above will be displayed. According to these platforms, the IP address is anonymized in Germany immediately after collection. By activating the link, personal data is transmitted from you to these platforms and may also be stored outside the EU, including in the USA. Since the platforms collect data using cookies in particular, we recommend that you delete all cookies before clicking on the link in your browser’s security settings.
We have no influence on the data collected and the platforms’ data processing nor are we aware of the full extent of data collection, the purposes of such processing, or for how long they will store your data. We also have no information on how Facebook or Instagram will delete the data once collected.
These platforms store the data collected about you as usage profiles and use them for the purposes of advertising, market research, and/or to design their sites to meet your needs. Such evaluation is also made for users who are not logged in, to display customized advertising, and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles by contacting the respective social platform. The links allow us to interact with social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the links is Art. 6 para. 1 clause 1 lit. f GDPR.
The data is passed on regardless of whether you have an account with the respective platform or are logged into said platform. If you are logged in, the data collected from us will be assigned directly to your existing account. When activating the activated button and linking the page, the platform will store this information in your user account and communicate this to your contacts or publicly, depending on your settings on that platform. We recommend that you log out regularly after using a social network, especially before activating the button; this will prevent your website activity from being associated with your social media profile.
We are also present on the Facebook and Instagram social networks. If you contact us on these channels, submit posts, or interact with our posts, we will process the data mentioned there to answer your inquiries or to inform you about our services and offers. If we collect further data from you, we will inform you separately about the scope and use of the same. The legal basis is Art. 6 para. 1 clause 1 lit. b and f GDPR, unless we obtain separate consent from you for said data processing.
In these cases, too, we have no influence on the data collected and the platforms’ data processing nor are we aware of the full extent of data collection, the purposes of such processing, or for how long they will store your data. We also have no information on how Facebook or Instagram will delete the data once collected. For more information on the purpose and extent of the data collection and its processing by the platforms, please refer to their respective privacy statements linked below. There you will also find further information about your rights and options for protecting your privacy. Address and URL with privacy policies:
The Instagram service is a Facebook product provided by Facebook Ireland Limited: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook Ireland Limited is a company registered under Irish law. Commercial Register Number: 462932, impressum@support.instagram.com, Fax: +1 650 543 5340.https://help.instagram.com/519522125107875. Instagram privacy policy: http://instagram.com/about/legal/privacy/.
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information concerning its data collection practices: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo as well as the joint agreement concerning personal data provided by Facebook there.
Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
VII. Registration
7.1 Description and scope of data processing
On our website, we offer users the opportunity to register during which you will be asked to provide personal information. The data is entered into an input form and transmitted to us and stored. It can then be passed on to one or more processors, in particular parcel service providers, in particular to fulfill our contractual relationship with you.
The following data is collected during the registration process:
a) your name
b) your address
c) your email address
The following data will be stored upon registration:
a) your IP address
b) the date and time of your registration
Your consent to process this data will be obtained during the registration process.
7.2 Legal basis for data processing
The legal basis for processing the data if your consent has been obtained is Art. 6 para. 1 lit. a GDPR. If you need to register to fulfill a contractual relationship with us or to be considered for the same, the collection and processing of your personal data is also on the basis of Art. 6 para. 1 lit. b GDPR.
7.3 Purpose of the data processing
You have to register in order for us to fulfill or enter into a contractual relationship with you.
7.4 Duration of the storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This applies to data collected during the registration process in order to fulfill or establish a contractual relationship with us once the data is no longer necessary for said purpose. Even after the contract has been established, we may need to continue storing your personal data in order to fulfill our contractual or legal obligations, in particular to comply with retention periods under the Tax and Commercial Codes.
7.5 Options for objecting to the collection of your data and requesting its deletion
As a user, you have the option to delete your customer account at any time. You may at any time change the data we have stored about you. All you need to do is send a message to the contact address described in section 1. Alternatively, you can delete or change it using the function provided in your customer account. If the data is required to fulfill or establish a contractual relationship with you, your data may not be deleted if contractual or legal obligations require its continued retention.
VIII. Email contact
8.1 Description and scope of data processing
On our website, there is an option to contact us electronically via email. If you use this option, your personal data will be transmitted along with the email, both of which will be stored. Such data will not be disclosed to third parties in this context. This data will be used exclusively to respond to your inquiry.
8.2 Legal basis for data processing
The legal basis for processing the data transmitted in your email is Art. 6 para. 1 lit. f GDPR. If you send us an email indicating your intention to enter into a contract with us, this creates an additional legal basis for its processing per Art. 6 para. 1 lit. b GDPR.
8.3 Purpose of the data processing
We use the personal data provided on contact forms only to reply to the request for contact. If contact is made via email, this is also because of our required legitimate interest in processing the data.
8.4 Duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For any personal data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation is terminated when the circumstances indicate that the matter in question has been finally resolved.
Personal data that was additionally collected during the transmission procedure will be deleted within seven days at the latest.
8.5 Options for objecting to the collection of your data and requesting its deletion
If you contact us by email, you may object to the storage of your personal data at any time. If you exercise this right, it will not be possible to continue the conversation. Otherwise, you may revoke your consent by sending a message to the email address given in section 1.
In such cases, all personal data that was stored when you made contact with us will be deleted.
IX. Newsletter
9.1 Description and scope of data processing
We offer you the opportunity on our website to subscribe to a free newsletter with which we will inform you by email on average every 4 weeks about new products, special promotions, and other information of interest about our company. The data from the contact form is transmitted to us when you subscribe to the newsletter. This data includes:
a) your name (so that we can address the newsletter to you personally)
b) your email address
The following data will also be collected when you sign up:
a) the IP address of your computer
b) the date and time you submitted the form
During the subscription process, your consent to process your data is obtained with reference to this privacy policy. We send our newsletter with the help of the service provider MailChimp in order to guarantee an optimized delivery and presentation of our newsletter. This is an email marketing service provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. MailChimp uses the data of our newsletter recipients in pseudonymous form to improve its own service. Further information on the purpose and scope of MailChimp’s collection of data and its processing can be found in its privacy policy:
https://mailchimp.com/legal/privacy/. MailChimp processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, https://www. privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active. The legal basis for our use of MailChimp is Art. 6 para. 1 clause 1 lit. f GDPR.
No data is disclosed to third parties in connection with the processing of your data in order to send our newsletter.
9.2 Legal basis for data processing
If you have given your consent when subscribing to our newsletter, the legal basis for processing your data is Art. 6 para. 1 lit. a GDPR. We use the so-called double opt-in procedure to obtain your consent. With this procedure, we will only send you a newsletter by email if you have expressly confirmed to us beforehand that we should activate the newsletter service. For this purpose, we will first send you a confirmation email in which we ask you to click on the link contained therein to confirm your subscription. A record of subscriptions to the newsletter is kept in order to account for the subscription process in accordance with legal requirements. The record contains the time of subscription and confirmation as well as the relevant IP address. The only information we require to send the newsletter is your name and email address. Your email address is used to deliver the newsletter. The collection of other personal data as part of the subscription process ensures the prevention of misuse of the services or of the email address. The legal basis is therefore Art. 6 para. 1 clause 1 lit. f GDPR.
9.3 Purpose of the data processing
Your email address is collected in order to deliver the newsletter. The collection of other personal data as part of the subscription process ensures the prevention of misuse of the services or of the email address.
9.4 Duration of the storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Your email address will be stored for as long as your subscription to the newsletter is active. The other personal data collected during the subscription process will generally be deleted after a period of seven days.
9.5 Options for objecting to the collection of your data and requesting its deletion
You may cancel your subscription to the newsletter at any time. A relevant link for this purpose is provide in every newsletter. You can also unsubscribe from the newsletter via the contact specified in section 1.
X. Orders via our web shop
10.1 Description and scope of data processing
You can place orders with us as a guest without registering or you can register when placing an order. Registration has the advantage that you will only have to enter your email address and password when placing future orders.
The data is entered into an input form and transmitted to us and stored. When you place an order on our website, the following data is transmitted to us:
a) your name
b) your email address
c) your address
The following data will also be collected when you sign up:
a) the IP address of your computer
b) the date and time you submitted the form
10.2 Legal basis for data processing
The legal basis for processing the data after placing your order is Art. 6 para. 1 lit. b GDPR. Since we also obtain your consent to the processing of the data as part of the ordering process, another legal basis is Art. 6 lit. a GDPR.
10.3 Purpose of the data processing
The processing of personal data from the input mask only serves to process your order and for the mutual fulfillment of the obligations arising from the purchase contract. If contact is made via email, this is also because of our required legitimate interest in processing the data. This data is collected in particular for the purpose of being able to identify you as our customer, to process, fulfill and process your order, to be able to enter into correspondence with you, for invoicing, for processing any liability claims, for asserting any claims against you, to ensure the technical administration of our website, and to manage our customer data.
10.4 Duration of the storage
The personal data collected by us for the processing of your order will be stored until the expiration of the statutory retention obligation and will then be deleted, unless, in accordance with Art. 6 para. 1 lit. c. GDPR, must retain it due to storage and documentation obligations under the German Commercial or Tax Codes or you have given your consent to its longer-term retention in accordance with Art. 6 para. 1 lit. a GDPR.
Personal data that was additionally collected during the transmission procedure will be deleted within seven days at the latest.
10.5 Options for objecting to the collection of your data and requesting its deletion
If you place an order in our shop, you have no right to object to the collection of your personal data.
XI. Payments through our website: PayPal, Stripe and SOFORT Überweisung
11.1 Payment processing via PayPal
To process your payment on our site, you may use the services of the payment service provider PayPal (Europe) S.à rl et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). You will be redirected to the PayPal website after placing your order. You will be informed that you are leaving our website and accessing external content. The collection, use, and storage of your data there is solely the responsibility of PayPal as the site operator. For details, please read PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
11.2 Payment processing via Stripe
To process your payment on our site, you may use the services of the payment service provider Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA (“Stripe”). Depending on the payment options provided, your payment method (e.g. your credit card or debit card number, your bank details, the payment amount, payment date, and possibly also your email address, name, billing and delivery address) will be transmitted to Stripe. This information is required to execute the selected transactions. The collection, use, and storage of your data there is solely the responsibility of Stripe as the site operator. For details, please read Stripe’s privacy policy at https://stripe.com/de/privacy. Stripe also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
11.3 Payment processing via SOFORT Überweisung
To process your payment on this website, you have the option to use SOFORT Überweisung, a TÜV-certified online payment system based on online banking with PIN/TAN entry for the secure and fast processing of your online purchases. The service is provided by SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany. You will need a German account number, bank code, PIN, and TAN to use the service. After submitting your order, you will be automatically redirected to the secure payment form provided by SOFORT GmbH. Once the transfer of funds is successful, you will then receive a transaction confirmation. This occurs when your transfer is credited to our account. In principle, all online users can make payments via instant bank transfer as long as they have an activated online banking account with PIN/TAN features. Please check in advance whether your bank supports this service. You can find information at https://www.sofort.com/ger-DE/general/fuer-kaeufer/fragen-und-antworten/.
The data is entered into an input form and transmitted to us and stored. When you place an order on our website, the following data is transmitted to us:
a) your name
b) your email address
c) your address
The following data will also be collected when you sign up:
a) the IP address of your computer
b) the date and time you submitted the form
11.4 Legal basis for data processing
The legal basis for processing the data after placing your order is Art. 6 para. 1 lit. b GDPR. Since we also obtain your consent to the processing of the data as part of the ordering process, another legal basis is Art. 6 lit. a GDPR.
11.5 Purpose of the data processing
The processing of personal data from the input mask only serves to process your order and for the mutual fulfillment of the obligations arising from the purchase contract. If contact is made via email, this is also because of our required legitimate interest in processing the data. This data is collected in particular for the purpose of being able to identify you as our customer, to process, fulfill and process your order, to be able to enter into correspondence with you, for invoicing, for processing any liability claims, for asserting any claims against you, to ensure the technical administration of our website, and to manage our customer data.
11.6 Duration of the storage
The personal data collected by us for the processing of your order will be stored until the expiration of the statutory retention obligation and will then be deleted, unless, in accordance with Art. 6 para. 1 lit. c. GDPR, must retain it due to storage and documentation obligations under the German Commercial or Tax Codes or you have given your consent to its longer-term retention in accordance with Art. 6 para. 1 lit. a GDPR. Personal data that was additionally collected during the transmission procedure will be deleted within seven days at the latest.
11.7 Options for objecting to the collection of your data and requesting its deletion.
If you place an order in our shop, you have no right to object to the collection of your personal data.
XII. Data processing as part of customer relationship management
Furthermore, we process various data of our existing and future customers as well as participating service providers, suppliers, and third parties (in particular specified contact details, bank details and order-related data) in accordance with Art. 6 para. 1 lit. b. GDPR to provide our contractual or pre-contractual services to them, unless we have separately indicated other uses for the data as well. The scope, nature, and duration of the processing depends on the purpose of the underlying contractual relationship. We will only transfer your data to third parties if this is necessary for fulfilling a contractual obligation or if we are obliged to do so by law, e.g. by government or regulatory authorities.
Unless otherwise agreed, we will delete the data collected in this context after its storage is no longer required, or otherwise limit its further processing if we are required by law to continue retaining it. To prevent unauthorized third-party access to your personal data, we encrypt our website using TLS technology.
XIII. Your rights as a data subject
If your personal data is processed, you are a data subject as defined by GDPR and you have the following rights against us as the controller of your data:
13.1 Right to information
You may demand a confirmation from us whether we are processing or have processed personal data concerning you.
If this is the case, you can request the following information from us:
a) the purposes for which personal data is being processed;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data has been or will be disclosed;
d) the planned duration of its storage or, where specific information is not possible, criteria for determining said duration;
e) your right to have your personal data corrected or deleted or to restrict our processing of it or to object to such processing;
f) your right to appeal to a supervisory authority;
g) your right to be provided all available information on the source of the data we have concerning you if not collected from you directly;
h) the existence of automated decision-making systems, including profiling, as defined in Art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to be informed whether your personal information will be transmitted to a third-party country or an international organization. In this respect, you can request the appropriate guarantees under Art. 46 GDPR.
13.2 Right to have data corrected
You have a right to correct and/or add to the personal data held by the data controller if it is incorrect or incomplete. We are required to make the correction immediately.
13.3 Right to restrict processing
You may ask for the processing of your personal data to be restricted under the following conditions:
(1) if you contest the accuracy of your personal data, for as long as it takes the data controller to verify its accuracy;
(2) if the processing is unlawful and you refuse to have the data deleted and instead wish to restrict its use;
(3) the data controller no longer needs the personal data for its purposes, but you need it to be retained in order establish, exercise, or defend legal claims; or
(4) you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether our legitimate reasons for processing your data outweigh your right to object.
If the processing of personal data concerning you has been restricted, then, apart from its storage, this data may only be processed with your consent or for the purpose of asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State. If the limitation of the processing has been restricted for any of the grounds listed above, we will notify you before lifting the restriction.
13.4. Right to deletion
a) Obligation to erase
You have the right to demand that we delete your personal data and we must do so without delay if any of the following reasons applies:
(1) Your personal data is no longer necessary for the purposes for which it was originally collected or otherwise processed;
(2) You revoke your consent upon which its processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for its continued processing;
(3) You object to its processing in accordance with Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for its continued processing, or you submit an objection to its processing in accordance with Art. 21 para. 2 GDPR;
(4) Your personal data has been processed unlawfully;
(5) The deletion of personal data relating to you is required in order to comply with legal obligations according to EU law or national law of the Member States to which we are subject;
(6) Your personal data has been collected in connection with services offered by an information company per Art. 8 para. 1 GDPR.
b) Transfer of personal data to third parties
(7) If we have made your personal data public and are required to delete it under Art. 17 para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you have requested the deletion of all links to the same as well as any copies thereof.
b) Exceptions
The right to deletion does not exist if processing is necessary:
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation that requires processing under the law of the Union or of the Member States to which we are subject or for the performance of a task in the public interest or in the exercise of official authority conferred to us;
(3) for reasons of public interest with regard to public health per Art. 9 para. 2 lit. h and i, as well as Art. 9 para. 3 GDPR;
(4) for archiving, scientific, or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 para. 1 GDPR, to the extent that the right referred to in Section a) is likely to render impossible or seriously inhibit the achievement of the purposes of such processing; or
(5) to assert, exercise, or defend legal claims.
13.5 Right to information
If you have asserted the right to have your data corrected or deleted or have restricted its further processing, we are obliged to notify all recipients to whom your personal data has been disclosed of the same unless this proves to be impossible or involves disproportionate effort. You have the right to be informed about who these recipients are.
13.6 Right to data portability
You have the right to obtain a copy of the personal data we have on file about you in a structured, commonly used, machine-readable format. Moreover, you have the right to transmit this data to another party without any obstruction from us, if
(1) the processing is based on consent given in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 a GDPR or on the basis of a contract in accordance with Art. 6 para. 1 lit. b GDPR and
(2) such processing is carried out using automated methods.
In exercising this right, you also have the right to have us transfer the personal data we have on file about you directly to another party if this is technically feasible. This action must not affect the freedoms and rights of other persons. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on us.
13.7 Right to object
You have the right, for reasons arising from your specific situation, to object to the processing of your personal data per Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions. We will no longer process the personal data relating to you unless we can prove a compelling legitimate reason for the same which outweighs your interests, rights, and freedoms, or unless the processing serves to assert, exercise, or defend our legal claims.
If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to your data being processed for direct marketing purposes, your personal data will no longer be processed for such purposes. If we use information services, Directive 2002/58/EC notwithstanding, you may exercise your right to object using an automated process.
13.8 Right to revoke consent
You have the right to revoke your consent at any time. This revocation will not affect the lawfulness of any processing done beforehand.
13.9 Automated decision in individual cases including profiling (only if only automated processing is used)
You have the right not to be subject to decision-making or profiling based exclusively on automated processing that can have a legal effect against you or significantly impair you in a similar manner. This shall not apply if the decision
(1) is necessary for us to establish or fulfill a contract with you;
(2) is authorized by EU or national law to which we are subject provided said law also sets forth suitable measures for safeguarding your rights, and freedoms, and legitimate interests; or
(3) is based on your express consent.
However, these decisions may not be based on special categories of personal data as defined in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR apply and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.
In the cases referred to in (1) and (3), we shall take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including, at a minimum, the right to obtain the intervention of a person on our part to state our position and to challenge the decision.
13.10 The right to file a legal complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.
The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.
XIV. Existence of automated decision-making
We take data protection seriously. Therefore, we generally do not use automatic decision-making or profiling.
XV. Updates and amendments to this privacy policy
This data protection policy was last updated in March 2020.
It may, from time to time, be necessary to change this privacy policy as a result of the further development of our website and services or due to changes in statutory or regulatory requirements. You can access and print out the current privacy policy at any time on our website under the Data Protection menu item. Our newsletter is our way of informing you by email on average every 4 weeks about new products, special promotions, and other information of interest about our company. Simply enter your name and email address, click submit, and you will be registered. You will receive an email asking you to confirm your registration. Your consent to the newsletter is revocable at any time. For detailed information on your options for revoking your consent, cancelling your newsletter subscription, as well as the use and storage of your data, please refer to our privacy policy.