1.  Responsible for data processing

 The person responsible within the meaning of the Basic Data Protection Regulation (DSGVO) and other national data protection laws
 of the member states as well as other data protection regulations is the operator of this site:
 GILDE HANDWERK Macrander GmbH & Co. KG

 The contact details are:
 GILDE HANDWERK Macrander GmbH & Co. KG

 Dingdener Str. 199
 -GILDE PLATZ-
 D-46395 Bocholt

 Tel: +49-(0)2871-188-0
 Fax: +49-(0)2871-188-223
 E-Mail: verkauf@gildehandwerk.com

 Alternatively, you can also find the contact details in the Impressum or send an email directly to E-Mail: verkauf@gildehandwerk.com.

 

2.  Data Protection Officer

 You can reach the data protection officer at E-Mail: datenschutz@gildehandwerk.de.

 The data protection officer within the meaning of Article 37 of the GDPR is David Schnelting.

 

3.  General information on data processing

3.1  Scope of the processing of personal data
 As a matter of principle, we process personal data only insofar as this is necessary for the provision of a functional website
 and our content and services. Personal data is only processed after the user has given his or her consent
 or in cases where obtaining consent in advance is not possible for actual reasons and the processing of the data is permitted by legal regulations.

3.2  Legal basis for the processing of personal data
 Insofar as we obtain the consent of the data subject for processing operations involving personal data,
 Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

 When processing personal data that is necessary for the performance of a contract to which the data subject is a party,
 Art. 6 (1) (b) of the DSGVO serves as the legal basis. This also applies to processing operations that are necessary
 for the performance of pre-contractual measures.

 If processing of personal data is necessary for compliance with a legal obligation to which our company is subject,
 Art. 6 (1) c DSGVO serves as the legal basis. 

 If processing is necessary to protect a legitimate interest of our company or a third party and if the interests,
 fundamental rights and freedoms of the data subject do not override this interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

3.3  Data deletion and storage period
 The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. 

 Storage beyond this may take place if this has been provided for by the European or national legislator in Union regulations,
 laws or other provisions to which the controller is subject. 

 Data will also be blocked or deleted if a storage period prescribed by these standards expires,
 unless there is a need to continue storing the data for the conclusion or performance of a contract.

3.4 Definitions
 Personal data means any information relating to an identified or identifiable natural person.

 A natural person is regarded as identifiable (directly or indirectly) if he or she can be identified, in particular by reference to an identifier such
 as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic,
 economic, cultural or social identity of that natural person.

 A natural person or physical person is any individual human being (cf. Section 13 BGBm Section 1897 (1) German Civil Code (BGB).)
 Companies, regardless of their form, do not fall under the concept of natural person and consequently their general data
 do not fall under the special protection for personal data under the GDPR.

 

4. Provision of the website and creation of log files.

4.1 Description, scope and purpose of data processing
 Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
 The following data is collected:

 - Browser type and version,
 - the user's operating systemInternet service provider, 
 - the IP address,
 
date and time of access,
 - Websites from which the user's system accesses our website,
 - websites accessed by the user's system via our website.

 The data is stored in log files of our system. Not affected by this are the IP addresses of the user or other data that enable the data to be assigned to a user.
 This data is not stored together with other user data.

 The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer.
 For this purpose, the user's IP address must remain stored for the duration of the session.

 The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website
 and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

 Our legitimate interest in data processing also lies in these purposes.

4.2  Duration of storage
 The data is deleted when the respective session is ended.

 The data in log files are deleted after seven days at the latest. Storage beyond this period is possible.
 In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the client called up.

4.3  Opposition and elimination possibility
 The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website.
 Consequently, there is no possibility for the user to object.

 The legal basis for data processing can be found here.

 

5.  Use of cookies

5.1  Description, scope and purpose of data processing.
 Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system.
 When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters
 that enables the browser to be uniquely identified when the website is called up again.

 We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified
 even after a page load. These are, for example, the access data for closed areas of our website that require a log-in.

 We also use cookies on our site that enable an analysis of the user's surfing behaviour. The user data collected in this way is pseudonymised
 by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together
 with other personal data of the users.

 The purpose of using technically necessary cookies is to simplify the use of websites for users.
 Without the use of cookies, not all functions can be offered.

 The data collected through technically unnecessary cookies is not used to create user profiles. This type of cookie is also used to improve
 the quality of our website and content. In this way, we learn how the website is used and can thus constantly optimise our offer.

 These purposes also constitute our legitimate interest in processing the personal data in accordance with Art. 6 Para. 1 lit. f DSGVO.

5.2  Duration of storage, possibility of objection and removal
 Cookies are stored on the user's computer and transmitted from it to our site. Therefore, users also have full control over the use of cookies.
 By changing the settings in the Internet browser, users can deactivate or restrict the transmission of cookies.
 Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website,
 it may no longer be possible to use all functions of the website to their full extent.

 The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the setting of the Flash player.

 The legal basis for data processing can be found here.

 

6.  E-mail advertising & newsletter

6.1  Description, scope and purpose of data processing
 On our website, you have the option of subscribing to a free newsletter.
 When registering, the data from the input mask is transmitted to us, at least the following details:

    • First and last name,
    • e-mail address.

 The following data is also stored at the time the message is sent:

    • IP address of the user,
    • date and time of registration.

 The consent of the user is obtained for the processing as part of the registration process and reference is made to this data protection declaration.

 No data is passed on to third parties in connection with the processing of data for the dispatch of newsletters.
 The data is used exclusively for sending the newsletter.

 The collection of the user's data serves to deliver the newsletter. The other personal data processed during the sending process serve to
 prevent misuse of the contact form and to ensure the security of our information technology systems.

6.2  Duration of storage
 The data will be deleted as soon as the user cancels the subscription to the newsletter.

6.3  Opposition and removal possibility
 The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

 This also enables revocation of consent to the storage of personal data collected during the registration process.

 The legal basis for data processing can be found here.

 

7.  Registration

7.1  Description, scope and purpose of data processing
 On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored.
 The data is not passed on to third parties. The following data may be collected during the registration process:

    • (first) and last name,
    • address,
    • e-mail address,
    • telephone number,
    • country,
    • date of birth,
    • password.

 The following data is also stored at the time of registration:

    • IP address of the user,
    •  date and time of registration.

 The user's consent to the processing of this data is obtained as part of the registration process.

 Registration of the user is necessary for the provision of certain content and services on our website, as well as the fulfilment of a contract with the user
 or for the implementation of pre-contractual measures.

7.2  Duration of storage
 The data is deleted when the registration on our website is cancelled or modified.

 This is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures
 when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal
 data of the contractual partner in order to comply with contractual or legal obligations.

7.3  Possibility of objection and removal
 As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time.

 If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible
 insofar as contractual or legal obligations do not prevent deletion.

 The legal basis for data processing can be found here.

 

8. New Customer Form

8.1 Description, scope and purpose of data processing
 As part of the registration (registration process) as a new B2B customer, the following data is collected and stored in a form:

    • Company name,
    • legal form,
    • Contact person (first and last name),
    • Address (street, no., postcode, town),
    • telephone / mobile phone,
    • fax,
    • e-mail address,
    • branch,
    • opening hours.

The user's consent is obtained for the processing as part of the registration process and reference is made to this data protection declaration. In connection with the entire data processing, as well as for the sending of e-mails and / or newsletters, the data will not be passed on to third parties. 

The purpose of collecting the data is to fulfil future contracts with the customer and to send e-mails and/or newsletters. Furthermore, the processing of personal data serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

If a customer has filled in this form and disclosed an e-mail address when purchasing goods or services, this e-mail address will be used for direct advertising for our own similar goods or services within the meaning of Section 7 (3) of the German Unfair Competition Act (UWG).

8.2  Duration of storage
 The data, with the exception of data that we are legally obliged to retain, will be deleted as soon as the business relationship has been terminated and the data
 is used exclusively for sending e-mails and/or newsletters.

8.3  Opposition and elimination possibility
 The use of e-mails as a means of communication and invoice delivery, as well as the subscription to the newsletter, may be terminated by the user concerned at any time.
 A simple message is sufficient for this purpose, or a corresponding unsubscribe link can be found in every newsletter.

This does not enable the revocation of consent to the storage of personal data collected during the registration process. This data can only be deleted upon termination of the business relationship and after the statutory retention periods.

 The legal basis for data processing can be found here.

 

9.  Contact form and e-mail contact

9.1  Description, scope and purpose of data processing
 Our website contains contact forms that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask
 is transmitted to us and stored. These data are at least:

    • First and last name,
    •  e-mail address.

 The following data is also stored at the time the message is sent:

    • IP address of the user,
    •  date and time of registration.

 The user's consent is obtained for the processing as part of the registration process and reference is made to this data protection declaration,
 which also contains the specific consent text below.

 Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

 In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

 The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes
 the necessary legitimate interest in processing the data.

 The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security
 of our information technology systems.

9.2  Duration of storage
 The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask
 of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended.
 The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

 The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

9.3  Possibility of objection and elimination
 The user has the possibility to revoke his/her consent to the processing of personal data at any time. If the user contacts us by e-mail,
 he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

 E-Mail: datenschutz@gildehandwerk.de

 All personal data stored in the course of contacting us will be deleted in this case.

 The legal basis for data processing can be found here.

 

10.  Web analytics through Google Analytics

10.1  Scope of the processing of personal data
 We use Google Analytics on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies, see above).
 If individual pages of our website are called up, the following data is stored:

    • Two bytes of the IP address of the user's calling system,
    •  the website called up, The website from which the user accessed the accessed website (referrer),
    •  the sub-pages accessed from the accessed website,
    •  the time spent on the website,
    •  the frequency with which the web page is accessed.

10.2  Google uses cookies. 
 The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.
 Google is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law. We only use
 Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the
 European Union or in other contracting states of the Agreement on the European Economic Area.
 The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting
 their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer
 to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link.
 For more information about Google's use of data, settings and opt-out options, please visit the Google websites

 "Use of data by Google when you use our partners' websites or apps",
 "Use of data for advertising purposes",
 "Manage the information Google uses to serve you ads". 

 Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website
 operators and providing other services relating to website activity and internet usage. In this context, pseudonymous user profiles can be
 created from the processed data.

10.3 Legal basis for the processing of personal data
 The legal basis for the processing of the users' personal data is Art. 6 para. 1 lit. f DSGVO.

10.4  Purpose of the data processing
 The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained,
 we are able to compile information on the use of the individual components of our website. This helps us to continuously improve
 our website and its user-friendliness.

 These purposes are also our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f DSGVO.
 By anonymising the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

10.5  Duration of storage
 Sessions and campaigns are terminated after a certain period of time. By default, sessions are terminated after 30 minutes of no activity
 and campaigns are terminated after six months. The time limit for campaigns can be a maximum of two years.
 For more information on terms of use and data protection, users can visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/.

10.6  Opposition and removal options
 Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, users also have full control over the use of cookies.
 By changing the settings in their internet browser, they can deactivate or restrict the transmission of cookies. Cookies that have already been stored
 can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions
 of the website to their full extent.

 Users can also prevent the collection of data generated by the cookie and related to the use of the website (incl. IP address) to Google as well as
 the processing of this data by Google by downloading and installing this browser add-on.

 Opt-out cookies prevent the future collection of user data when visiting this website. In order to prevent the collection by Universal Analytics
 across different devices, users must perform the opt-out on all systems used.

 

11.  Google Marketing and Remarketing

11.1  Scope of the processing of personal data
 We use the marketing and remarketing services (in short "Google marketing services") of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
 Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law. 

 Google's marketing services allow us to target advertisements for and on our website in order to present users only with ads that potentially match their interests.
 For example, if a user is shown ads for products he or she has been interested in on other websites, this is referred to as "remarketing". 

 For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google
 and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website.
 With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies).
 The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com.
 This file records which websites the user has visited, which content he or she is interested in and which offers he or she has clicked on,
 as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. 

 The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union
 or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transmitted in full to a Google server
 in the USA and shortened there. The IP address will not be merged with user data within other Google offerings. 

 The aforementioned information may also be combined by Google with such information from other sources. If the user subsequently visits other websites,
 he or she may be shown ads tailored to his or her interests. The user's data is processed pseudonymously as part of Google's marketing services.
 This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data in a cookie-related
 manner within pseudonymous user profiles. I.e. from Google's perspective, the ads are not managed and displayed for a specifically identified person,
 but for the cookie holder, regardless of who this cookie holder is. 

 This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected about users by
 Google marketing services is transmitted to Google and stored on Google's servers in the USA.
 The Google marketing services we use include the online advertising programme "Google AdWords".
 In the case of Google AdWords, each AdWords customer receives a different "conversion cookie".
 Cookies can therefore not be tracked via the websites of AdWords customers. 

 The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking.
 The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag.
 However, they do not receive any information that can be used to personally identify users. 

 We may integrate third-party advertisements based on the Google marketing service "DoubleClick". DoubleClick uses cookies to enable Google
 and its partner websites to serve ads based on users' visits to this website or other websites on the Internet. 

 We may integrate third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies to enable Google and its partner
 websites to display ads based on users' visits to this website or other websites on the internet. 

 We may also use the "Google Optimizer" service. Google Optimizer allows us to track the effects of various changes to a website
 (e.g. changes to the input fields, design, etc.) as part of so-called "A/B testing". For these testing purposes, cookies are placed on the users' devices.
 Furthermore, we may use the "Google Tag Manager" to integrate and manage the Google analysis and marketing services on our website. 

 Further information on the use of data for marketing purposes by Google, readable on the overview page, Google's privacy policy.

11.2  Legal basis for the processing of personal data
 The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

11.3  Purpose of the data processing
 The Google marketing services give us the opportunity to display advertisements for us and on our website in a more targeted manner in order to
 only present users with ads that potentially match their interests.

 These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 (1) lit. f DSGVO.

11.4  Duration of storage
 According to its own information, the log data collected by Google is anonymised by deleting part of the IP address and cookie information
 after 9 and 18 months respectively. Users can find more information here.

11.5  Opposition and removal options
 Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, users also have full control over the use of cookies.
 By changing the settings in their  internet browser, they can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted
 at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use
 all functions of the website to their full extent.

 If users wish to object to interest-based advertising by Google marketing services, they can use the settings and opt-out options provided by Google.

 

12.  Google Maps

12.1  Description and scope of data processing
 On our website, we use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). 

 Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information.
 By using this service, users are shown our location or that of our partners, for example, and any journey is made easier.

 Already when calling up those sub-pages in which the Google Maps map is integrated, information about the use of our website (such as the IP address)
 is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account via which users are
 logged in or whether no user account exists. If users are logged in to Google, their data will be directly assigned to their account.
 If users do not wish to have their data associated with their Google profile, they must log out before activating the button.
 Google stores the data (even for users who are not logged in) as usage profiles and evaluates them.

12.2  Legal basis for the processing of personal data
 The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

12.3  Purpose of the data processing
 Our purpose is to integrate a dynamic map into our website. These purposes are also our legitimate interest in processing the data
 according to Art. 6 para. 1 lit. f DSGVO.

12.4  Duration of storage
 According to its own information, Facebook stores the date and time of the visit, the specific Internet address on which the social plugin is located,
 and other technical data such as the IP address, browser type and operating system for a period of 90 days in order to further optimise Facebook's services.
 After 90 days, the data is anonymised so that it cannot be further linked to users.

12.5  Opposition and removal options
 If users do not consent to the transmission of their data to Google in the context of the use of Google Maps, they have the option of completely
 deactivating the Google Maps web service by switching off the JavaScript application in their browser.
 Google Maps and thus also the map display on this website can then not be used.

 

13.  Facebook social plugins

13.1  Scope of the processing of personal data
 We use social plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd,
 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). 

 The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognisable by one of the Facebook logos
 (white "f" on a blue tile, the terms "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin".
 The list and appearance of Facebook social plugins can be viewed here. 

 The plugins are only activated when you click on the corresponding button. If they are greyed out, the plugins are inactive.
 It is possible to activate the plugins once or permanently. 

 Facebook is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law. 

 The "2-click procedure" is used on this website to ensure this. Only when a user activates the function of the Facebook button on this online offer by clicking on it,
 does his or her device establish a direct connection with Facebook's servers. The content of the plugin is transmitted by Facebook directly to the user's device
 and integrated into the online offer by the latter. In the process, user profiles can be created from the processed data. We therefore have no influence on the scope
 of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

 By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. 

 If the user is logged in to Facebook, Facebook can assign the visit to his or her Facebook account. If users interact with the plugins,
 for example by clicking the Like button or posting a comment, the corresponding information is transmitted from their device directly to Facebook
 and stored there. 

 If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store his or her IP address. According to Facebook,
 only an anonymised IP address is stored in Germany. 

 The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and setting options
 for protecting the privacy of the users, can be found in Facebook's privacy policy.

13.2  Legal basis for the processing of personal data
 The legal basis for the processing of the users' personal data is Art. 6 para. 1 lit. f DSGVO.

13.3 Purpose of the data processing
  The Facebook social plugins show us the interests of visitors in order to display them more specifically on our website, to present users only with posts
 that potentially match their interests.

 These purposes are also our legitimate interest in processing the data according to Art. 6 (1) lit. f DSGVO.

13.4  Duration of storage
 According to its own information, Facebook stores the date and time of the visit, the specific Internet address on which the social plugin is located,
 and other technical data such as the IP address, browser type and operating system for a period of 90 days in order to further optimise Facebook's services.
 After 90 days, the data is anonymised so that it cannot be further linked to users.

13.5  Opposition and removal options
 If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data
 stored with Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. 

 Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings or via the US side or the EU side.
 The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

 

14. Facebook Marketing Services

14.1 Scope of data processing
 We use the so-called "Facebook Pixel", as well as the remarketing function "Custom Audiences" of the social network Facebook - Facebook Inc.,
 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd,
 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

 Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law. 

 With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display
 of advertisements (so-called "Facebook ads"). The Facebook pixel is directly integrated by Facebook when our website is called up and can
 save a so-called cookie, i.e. a small file, on the user's device. 

 The remarketing function serves the purpose of targeting visitors to the website with interest-based advertising on the Facebook social network.
 For this purpose, the Facebook remarketing tag has been implemented on the website.
 This tag establishes a direct connection to the Facebook servers when the website is visited. This transmits to the Facebook server which of our pages
 was visited. Facebook assigns this information to the respective personal Facebook user account.

 If users subsequently log in to Facebook or visit Facebook while logged in, the visit to our online offering is noted in their profile. Furthermore,
 personalised, interest-related Facebook ads are displayed.

 The data collected about users is anonymous for us, so it does not allow us to draw any conclusions about the identity of the users. However, the data
 is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own
 market research and advertising purposes. 

 If we transmit data to Facebook for matching purposes, this data is encrypted locally on the browser and only then sent to Facebook via a
 secure https connection. This is done solely for the purpose of matching the data with the data that is also encrypted by Facebook.
 The processing of the data by Facebook takes place within the framework of Facebook's data usage policy.
 Accordingly, general information on the display of Facebook ads, in Facebook's data usage policy

 Users can find specific information and details on the Facebook Pixel and how it works in Facebook's help section.

14.2 Legal basis for data processing
 The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

14.3  Purpose of data processing
 We use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our
 online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited)
 that we transmit to Facebook (so-called "Custom Audiences"). 

 With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and
 do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical
 and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

14.4 Duration of storage
 According to its own information, Facebook stores the date and time of the visit, the specific internet address on which the social plugin is located,
 and other technical data such as the IP address, browser type and operating system for a period of 90 days in order to further optimise
 Facebook's services. After 90 days, the data is anonymised so that it can no longer be linked to you.

14.5  Revocation and removal options
 Users can opt-out of the Facebook Pixel's collection and use of data to serve Facebook ads. To adjust which types of ads are displayed within Facebook,
 users can go to the page set up by Facebook and follow the instructions there on usage-based advertising settings.
 The settings are platform independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. 

 Users can also opt-out of the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page
 and additionally the US website or the European website.

 

15.  Provision of the App

15.1  Description, scope and purpose of data processing
 When using our app, our system automatically collects data. The following data is collected:

    • Browser type and version,
    •  the operating system used,
    •  the user's internet service provider,
    •  the IP address and port,
    •  date and time of access,
    •  IMEI, UDID, IMSI, MAC address and MSISDN, IDFA, name of the smartphone depending on the smartphone,
    •  name of the user,
    •  payment information,
    •  POS system,
    •  Websites or app from which the user's system accesses the lower website,
    •  Websites or app accessed by the user's system via our website.

 The data is also stored in log files of our system. Not affected by this are the IP addresses of the user or other data that enable the data
 to be assigned to a user. This data is not stored together with other user data.

 The storage by the system is necessary to enable delivery of the app to the user's terminal device. For this purpose,
 the user's IP address must remain stored for the duration of the session.

  Storage in log files takes place to ensure functionality. In addition, we use the data to optimise the app and to ensure the security of our information
 technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing
 also lies in these purposes.

15.2  Duration of storage
 The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data
 for the provision of the app, this is the case when the respective session has ended.

 In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible.
 In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the client called up.

15.3 Possibility of objection and elimination
 The collection of data for the provision of the app and the storage of the data in log files is absolutely necessary for the operation of the app.
 Consequently, there is no possibility of objection on the part of the user.

  The legal basis for data processing can be found here.

 

16.  SSL or TLS encryption

 For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator,
 this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from

 "http://" to "https://" and by the lock symbol in your browser line.

 If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

17.  hotjar

We use Hotjar to better understand the needs of our users and to optimise the offer and optimise the experience on this website.

Using Hotjar's technology, we get a better understanding of our users' experience (e.g. how much time users spend on which pages, which links they click on, what they like and don't like etc.) and this helps us to tailor our offering to our users' feedback.

Hotjar uses cookies and other technologies to collect data about our users' behaviour and their devices, in particular:

    • device IP address (collected and stored only in anonymised form during your website use),
    • screen size,
    • device type (unique device identifiers),
    • information about the browser used,
    • location (country only),
    • language used to view our website preferred language.

 Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

 For more information, please see the 'about Hotjar' section of Hotjar's help page.

 

18.  Rights of the data subject

 We adhere to the requirements of the DSGVO!

 If personal data of users are processed, they are data subjects within the meaning of the GDPR and are entitled to the following rights
 vis-à-vis the controller, whereby the following list includes all their rights, not only the rights that arise when using our services:

 Right of access

Users may request confirmation from the data controller as to whether personal data concerning them is being processed by us. If such processing is taking place, users may request information from the controller about the following:

    1. The purposes for which the personal data are processed;
    2.  the categories of personal data which are processed;
    3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
    4. the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
    5. the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing;
    6. the existence of a right of appeal to a supervisory authority;
    7. any available information on the origin of the data if the personal data is not collected from the data subject;
    8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Users have the right to obtain information on whether personal data concerning them are transferred to a third country or to an international organisation. In this context, they may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

Right to rectification

Users have a right to rectification and/or completion vis-à-vis the data controller if the personal data processed concerning them are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

Right to restriction of processing

Users may request the restriction of the processing of personal data concerning them under the following conditions:

      1. where users contest the accuracy of the personal data concerning them for a period enabling the controller to verify the accuracy of the personal data;
      2. the processing is unlawful and users object to the erasure of the personal data and request instead the restriction of the use of the personal data;
      3. the controller no longer needs the personal data for the purposes of the processing but users need it for the establishment, exercise or defence of legal claims;
        or
      4. if users have objected to the processing pursuant to Article 21(1) DSGVO and it is not yet clear whether the legitimate grounds of the controller override their grounds.

Where the processing of personal data relating to users has been restricted, such data may be processed, except for storage, only with their consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.

Where the restriction of processing has been restricted in accordance with the above conditions, users shall be informed by the controller before the restriction is lifted.

Right to erasure

Obligation to erase
Users may request the controller to erase the personal data concerning them without delay, and the controller is obliged to erase such data without delay if one of the following reasons applies:

      1. The personal data concerning users are no longer necessary for the purposes for which they were collected or otherwise processed.
      2. Users withdraw their consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR and there is no other legal basis for the processing.
      3. Users object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or they object to the processing pursuant to Article 21(2) of the GDPR.
      4. The personal data concerning the user have been processed unlawfully.
      5. The erasure of the users' personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
      6. The personal data concerning users have been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.Information to third parties.

If the controller has made the personal data concerning users public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data.

Exceptions
The right to erasure does not apply to the extent that the processing is necessary

      1. For the exercise of the right to freedom of expression and information;
      2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
      3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
      4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or for the establishment, exercise or defence of legal claims.

Right to information

Where users have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning users have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

Users shall have the right to be informed of these recipients by the controller.

Right to data portability

Users have the right to receive the personal data concerning them that they have provided to the controller in a structured, commonly used and machine-readable format. In addition, users have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

      1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO 
        and
      2. the processing is carried out with the aid of automated procedures.

In exercising this right, users also have the right to have the personal data concerning them transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of objection

Users have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning users unless it can demonstrate compelling legitimate grounds for the processing which override their interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If personal data concerning users are processed for the purposes of direct marketing, users have the right to object at any time to the processing of personal data concerning them for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If users object to the processing for direct marketing purposes, the personal data concerned will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, users have the possibility to exercise the right to object in the context of the use of information society services by means of automated procedures using technical specifications.

Right to revoke the declaration of consent under data protection law

Users have the right to revoke their declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Automated decision in individual cases including profiling

Users have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision

      1. is necessary for the conclusion or performance of a contract between them and the controller,
      2. is permitted under Union or Member State legislation to which the controller is subject and that legislation contains adequate measures to safeguard their rights and freedoms and their legitimate interests,
        or
      3. is done with their explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as their legitimate interests, which include at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, users shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or the place of the alleged infringement, if they consider that the processing of personal data concerning them infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.