Person in charge: Bos Lazaro, Gabriel Cristian
Wilhelm Klein 451427, Bergisch Gladbach, Germany
Types of data processed:
– Inventory data (for example, names, addresses).
– contact information (for example, email, telephone numbers).
– Content data (for example, text entry, photographs, videos).
– usage data (for example, websites visited, interest in content, access times).
– Meta / communication data (for example, device information, IP addresses).
Categories of people affected
– Visitors and users of the online offer (hereinafter, we refer to the people affected as “users”).
Purpose of processing:
– Provision of the online offer, its functions and contents.
– Respond to contact requests and communicate with users.
– Security measures.
– Scope measurement / commercialization
“Personal data” means any information related to an identified or identifiable natural person (hereinafter, the “subject of the data”); as an identifiable natural person is one that can be identified, directly or indirectly, in particular by means of the assignment to an identifier such as a name, an identification number, location data, an online identification (for example, cookies) or one or more special characteristics, which expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“Processing” means any process performed with or without the aid of automated procedures or any process related to personal data.
The term goes further and includes virtually every data handling.
“Pseudonyms”: The processing of personal data so that personal data can not be assigned to a specific topic without the help of additional information, provided that this additional information will be kept separate and technical and organizational measures are in place to ensure that Personal data not assigned to an identified or identifiable natural person.
“Profiles” any type of automated processing of personal data, which is that these personal data are used to evaluate certain aspects of the personality of a natural person, in particular aspects related to work performance, the economic situation, health, personal, analyze or predict the preferences, interests, reliability, behavior, whereabouts or relocation of that individual. As “controller” is the physical or legal person, public authority, service or any other body that, alone or jointly with others determines the purposes and means of processing personal data, is referred to.
“Processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Relevant Legal Bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing.
We are in compliance with Art. 32 DSGVO in consideration of the prior art, the cost of the implementation and the nature, scope, circumstances and purposes of the treatment and the different probability of occurrence and severity of the risks for the rights and freedoms of natural persons, technical measures and organizational measures to guarantee a level of protection appropriate to the risk.
Among the measures include the protection of confidentiality, integrity and availability of data through the control of physical access to data, as well as access to the concern, input, transmission, which guarantees availability and their separation. We have also established procedures to guarantee the enjoyment of the rights of the interested parties, the elimination of data and the vulnerability of the data. We also take into account the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection to design and privacy by design using the default configuration (Article 25 DSGVO) .
Cooperation with order processors and third parties
Unless (order processors or third parties) disclose as part of the data process to other parties, who send it to them or otherwise give them access to the data, this is done only on the basis of a legal permit (for example, when a transfer of data to third parties, as required by the payment service, acc.Art. 6 par.1, letter b DSGVO to fulfill the contract), you have accepted a legal obligation provided or based on our interests legitimate (for example, when using Supervisor, web hosting, etc.).
Unless in the treatment of data called third parties based on. Delegate “contract for processing tasks”, this is done on the basis of Art. 28 DSGVO.
Transfers in third countries
Unless ((that is, outside the European Union) or the European Economic Area (EEA)) data to a third country process or this happens in the context of the use of third party services or disclosure, or the transfer of data to third parties, only that this occurs when it happens to fulfill our contractual obligations (before) based on your consent, because of a legal obligation or based on our legitimate interests. Subject to legal or contractual licenses, process or let the data in a third country only in the presence of the special requirements of art. 44 et seq. DSGVO process. that processing is carried out, for example, on the basis of specific guarantees, such as the officially recognized finding of the appropriate level of EU data protection (for example, for the United States through the “Privacy Shield” ) or the observance of officially recognized special contractual obligations (the so-called “standard contractual clauses”).
Rights of data subjects
You have the right to request a confirmation about whether the data in question is being processed and to obtain information about this data, as well as to obtain more information and a copy of the data in accordance with Art. 15 GDPR.
You have accordingly. Art. 16 DSGVO the right to demand the realization of the data concerning him or the correction of incorrect data concerning him.
In accordance with Art. 17 GDPR, they have the right to demand that the relevant data be eliminated immediately or, alternatively, require a restriction of data processing in accordance with Art. 18 GDPR.
You have the right to demand that the data related to you, that you have provided to us, be obtained in accordance with Art. 20 GDPR and request its transmission to other responsible persons.
By Art. 77 DSGVO has the right to file a complaint with the competent supervisory authority.
Right of Revocation
You have the right to grant consent in accordance with. Art. 7, paragraph 3 DSGVO with effect for the future.
Right of Opposition
You may object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection can be made, in particular, against processing for direct marketing purposes.
Cookies and right to object in direct mail
“Cookies” are small files that are stored on users’ computers. Different information can be stored inside the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after your visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes their browser. In said cookie, p. The contents of a shopping cart in an online store or a login status are saved. The term “permanent” or “persistent” refers to cookies that remain stored even after the browser has been closed. Therefore, p. The login status will be saved if users visit after several days. Similarly, in a cookie of this type you can store the interests of users, which are used for measurement or marketing purposes. A “third-party cookie” refers to the cookies offered by the providers that are not the person who manages the online offer (otherwise, if they are only their cookies, this is called “originating cookies”).
If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies may result in functional restrictions of this online offer.
After the legal requirements in Germany, storage in special for 10 years 1 257 paragraph 1 in accordance with §§ 147 para. AO. Nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting documents, accounting books, relevant to tax documents, etc.) and 6 years under § 257 para. 1 no. 2 and 3, para. 4 HGB (business letters).
According to the legal regulations in Austria store in particular 7 J made by 132 §. 1 BAO (accounting documents, receipts / invoices, accounts, vouchers, commercial documents, statement of income and expenses, etc.), for 22 years in relation to land and for 10 years for documents relating to the electronic services provided, telecommunications, radio and television services provided to non-businessmen in the EU Member States and for the mini single window is claimed (MOSS).
Processing related to the business
In addition, we process contract data (for example, subject, term, customer category).
– payment data (for example, bank details, payment history) of our customers, potential customers and business partners for the provision of contracted services, customer service and support, marketing, advertising and market studies.
Processing of orders in the online store and customer account
We process the data of our clients as part of the order process in our online store so that they can select and order the selected products and services, as well as their payment, delivery or execution.
The processed data includes inventory data, communication data, contract data, payment data and the people affected by the processing belong to our customers, prospects and other business partners. The processing is intended to provide contractual services in the context of the operation of an online store, billing, delivery and customer service. Here we use session cookies for storage of shopping cart content and permanent cookies for storage of the login status.
The prosecution is based on Art. 6, paragraph 1 lit. b (execution of order transactions) and c (legally required file) DSGVO. The information required for the establishment and fulfillment of the contract is required. We disclose the data to third parties only in the context of extradition, payment or in the context of legal permits and obligations for legal advisors and authorities. The data will be processed in third countries only if necessary for the fulfillment of the contract (for example, at the request of the client at the time of delivery or payment).
Users can optionally create a user account, in particular, by being able to view their orders. As part of the registration, the necessary mandatory information will be communicated to the users. User accounts are not public and can not be indexed by search engines. If users have terminated their user account, their data will be deleted with respect to the user account, subject to their retention for commercial reasons or tax law in accordance with Art. 6 paragraph 1 lit. c DSGVO necessary. The information in the client’s account remains until it is deleted and later archived in case of a legal obligation. It is the users’ responsibility to protect their data at the end of the contract before it ends.
As part of the registration and re-registration and use of our online services, we store the IP address and time of the respective user’s action. The storage is based on our legitimate interests, as well as the protection of the user against misuse and other unauthorized use. There is no transfer of this data to third parties, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 paragraph 1 lit. c DSGVO.
The elimination takes place after the expiration of the legal guarantee and the comparable obligations, the need to maintain the data is verified every three years; in the case of obligations of legal file, the elimination occurs after its expiration (end of the commercial law (6 years) and tax law (10 years) retention obligation).
External payment service providers
We use the external payment service through its platforms can make users and perform payment transactions (for example, each with a link to the privacy statement, PayPal (https://www.paypal.com/de/webapps / mpp / ua / privacy-full) Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), direct (https : //www.giropay.de/legal / privacy-AGB /), Visa (https://www.visa.de/datenschutz), MasterCard (https://www.mastercard.de/de-de/datenschutz. html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)
As part of the fulfillment of the contracts we set ourselves the provider of payment services on the basis of Art. 6 para. 1 lit. b. DSGVO. By the way, we use external payment service providers based on our legitimate interests. Art. 6 paragraph 1 lit. F. DSGVO to offer our users effective and secure payment options.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks and organization of our business, financial accounting and compliance with legal obligations, such as filing. In doing so, we process the same data that we process during the provision of our contractual services. The processing principles are Art. 6 paragraph 1 lit. c. DSGVO, Art. 6, paragraph 1 lit. F. DSGVO. The processing affects customers, prospects, business partners and website visitors. The purpose and our interest in processing is in the administration, financial accounting, office administration, data archiving, so the tasks are used to maintain our operations, perform tasks and perform our services. The suppression of data in terms of contractual services and contracting communication complies with the information indicated in these processing activities.
We disclose here or transmit data to tax authorities, consultants, such as, accountant or auditor and other offices of charges and payment service providers.
In addition, based on our commercial interests, we store information about suppliers, promoters and other business partners, p. for a later contact. In general, we store this majority of the data related to the company permanently.
Created with: RA Datenschutz-Generator.de Dr. Thomas Schwenk