LEGAL NOTICE & PRIVACY
Responsible for content in accordance with Section 55 (2) MDStV (German National Media Services Agreement):
André Greipel GmbH
Am Abtshof 7
50354 Hürth, Germany
Manager Olaf Albrecht
Email: firstname.lastname@example.org & email@example.com
The European Commission provides a platform for online dispute resolution: https://ec.europa.eu/consumers/odr.
You can find our email address above in the legal notice. We are not prepared or obliged to participate in dispute resolution proceedings in front of a consumer arbitration service.
Privacy and data security for our customers and users is a top priority for us. We comply with the privacy provisions, especially the EU General Data Protection Regulation (“GDPR”), the German Federal Data Protection Act (“BDSG”) and the German Telemedia Act (“TMG”).
This privacy statement provides an explanation of the information that we process (including personal data) during your visit and use of our aforementioned internet offer (“website”).
- Who is responsible for the data processing?
The controller for processing personal data and the service provider within the meaning of the TMG is André Greipel GmbH, Am Abtshof 7, 50354 Hürth, Germany, email: firstname.lastname@example.org. Where the term “we” or “us” is used in this privacy statement, this always refers to the aforementioned company.
- What principles do we observe?
In compliance with the privacy provisions, we only process your personal data if this is permitted by law or if you have provided your consent. This also applies when processing personal data for advertising and marketing purposes.
On this website, we may also collect information that, taken in isolation, cannot be traced back to you personally. However, in certain cases, especially in combination with other data, this information can still be considered “personal information” under data protection law. Moreover, on this website we may also collect information which we cannot use to identify you, either directly or indirectly; e.g. this is the case for pooled information about all users of this website.
III. What data do we process?
You can access our website without providing any direct personal data (such as your name, your postal address or your email address). Even in this case, we need to collect and store certain information to enable you to access our website.
- Log files:
When you visit this website, our webserver automatically stores the domain name and the IP address of the requesting computer (generally your internet access provider), including the date, time and duration of your visit, the subsites/URLs that you visit as well as information on the applications and terminals that you used to view our website.
- Website analysis by Google Analytics:
- Facebook Social Plugin
We have integrated a button for the Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA – www.facebook.com) social network on our website. The Facebook buttons can be recognised by the Facebook logo or the “Like Button”.
To prevent the automatic transmission of information to Facebook as soon as you access our website, we have implemented the so-called “two-click solution”: the Facebook button is joined by another button that looks like a switch. Information (such as our website’s address and your user ID) are only transmitted to Facebook when you click this switch and then click on the Facebook button once again.
- Newsletter registration
If you would like to receive our newsletter, we need you to provide a valid email address. To check whether you are the owner of the email address provided or the owner consents to the receipt of the newsletter, we send an automated email to the indicated email address after the first registration step. Only after confirming the newsletter registration via a link in the confirmation email do we add the indicated email address to our mailing list. We do not collect any additional information besides the email address and the information on the confirmation of the registration. You can revoke your consent to the storage of data, the email address as well as its use to send the newsletter at any time with effect for the future.
- Registration/customer account
When registering as a registered user, especially when creating a customer account, we collect personal data in the registration form on our website. We may request the provision of the same data already collected during the registration (especially to identify you) and collect additional personal data, if you want to use certain contents on our website or would like to submit an order.
To ensure communication with our customers and end users, we process all information that you provided when establishing contact or which we requested from you (e.g. your name, your address and other contact details); we also store the reason for which you established contact.
- For what reasons and on what legal basis do we process your data?
- The personal data that may be contained in the log files are processed to enable you to use the website; this takes place based on Section 15 (1) TMG.
- The data and the pseudonymised user profiles collected via cookies (including the web analysis services etracker and Google Analytics) are processed for the purposes of advertising, market research and customising the design of our website based on Section 15 (3) TMG.
- The newsletter data are processed for the purposes of registering for the newsletter and its dispatch within the scope of your consent based on Article 6 (1) c) GDPR. Please note that you can revoke your consent at any time with effect for the future, e.g. by clicking on the relevant link in each of our newsletters or by notifying us by post, fax or email using one of the contact paths indicated on the first page of this privacy statement.
- If you submit an order using our website or register as a user or for a customer account on our website, we process the data collected in this respect to execute the associated contracts based on Article 6 (1) b) GDPR.
- We can also process the data stored in connection with the use of our website and data stored for the purposes of customer and consumer communication to satisfy legal obligations to which we are subject; this takes place based on Article 6 (1) c) GDPR.
- If necessary, we can also process your data beyond the aforementioned purposes to protect our legitimate interests or the interests of third parties; this takes place based on Article 6 (1) f) GDPR. Our legitimate interests particularly include
- a) the assertion of legal claims and for defence in the event of legal disputes;
b) ensuring user-friendly communication in cases of III.9;
c) the prevention and investigation of offences;
d) the management and further development of our business activities, including risk management.
- Am I obliged to provide data?
The information necessary to register for our newsletter, to execute online orders, to ensure user-friendly communication or to register as a user and create a customer account is marked as mandatory information in the relevant area of the website (e.g. an online form); if the mandatory information is not provided, we cannot enable the use of the relevant functionality. To ensure user-friendly communication, we require at least your name and your email address.
If we collect additional personal data from you, we will let you know whether the provision of this information is legally or contractually prescribed or necessary to conclude a contract when we are collecting the data. We generally highlight the information that is provided voluntarily and is not based on one of the aforementioned obligations or which is not required to conclude a contract.
- Who receives my data?
Your personal data are essentially processed within our company. Depending on the type of personal data, only certain departments/organisational units have access to your personal data. This particularly includes the departments involved in providing our digital offers (e.g. websites) and our IT department. A roles and authorisation concept means that access within our company is restricted to the functions and scope required for the relevant purpose of the processing.
We may also transmit your personal data to third parties outside our company to the extent that this is permitted by law. These external recipients may particularly include
- affiliated companies to which we transmit personal data for internal administration purposes;
- service providers that we have appointed, which provide services on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers that are engaged with our consent;
- private and public bodies, provided that we are legally obliged to transmit your personal data.
VII. Is automated decision-making used?
We essentially do not use any automated decision-making (including profiling) within the meaning of Art. 22 GDPR in connection with the operation of our website. If we use these kinds of processes in specific individual cases, we will inform you separately as required by law.
VIII. Are data transmitted to countries outside the EU/EEA?
Your personal data is essentially processed within the EU or the European Economic Area.
The transmission of information to recipients in “third countries” can only occur in connection with the appointment of service providers to provide web analysis services. “Third countries” are countries outside the European Union or the Agreement on the European Economic Area in which a level of privacy similar to that in the European Union cannot simply be assumed.
If the transmitted information also includes personal information, we will ensure that the required adequate level of privacy is ensured in the relevant third country or by the recipient in the third country before such a transmission. This may particularly arise from an “adequacy decision” by the European Commission, which specifies the adequacy of the privacy level for a certain third country. Alternatively, we may also base the data transmission on the “EU standard contract clauses” agreed with a recipient or, in case of recipients in the USA, on compliance with the principles of the “EU-US Privacy Shield”. We would be pleased to provide further information on appropriate and adequate guarantees of compliance with an adequate privacy level; the contact details are provided at the start of this privacy statement. Information on the participants in the EU-US Privacy Shield can be found at www.privacyshield.gov/list.
- For how long is my data stored?
We essentially store your personal data for as long as we have a legitimate interest in this storage and this interest is not overridden by your interests in the discontinuation of the storage.
We may also continue to store the data without a legitimate interest, if we are obliged to do so by law (for instance, to satisfy retention obligations). We will delete your personal data, even without you having to take any action, as soon as knowledge of the personal data is no longer necessary to satisfy the purpose of the processing or the storage is unlawful in any other manner.
- log data are erased within seven days, provided that further storage is not necessary for legal purposes, such as the exposure of misuse and the detection and elimination of technical faults;
- the data processed in connection with an order or user communication are erased no later than after the statutory retention periods; and
- the data processed in connection with a registration as a user or a customer account are erased after the cancellation of the registration or the closure of the customer account. The personal data that we need to store to fulfil retention obligations will be stored until the end of the relevant retention obligation. If we store personal data exclusively to fulfil retention obligations, they are generally blocked so that they can only be accessed if this is necessary with regard to the purpose of the retention obligation.
- What are my rights?
As a data subject you have the right
- to access the personal data concerning you, Art. 15 GDPR;
- to correct incorrect or incomplete data, Art. 16 GDPR;
- to erase personal data, Art. 17 GDPR;
- to restrict the processing, Art. 18 GDPR; ¬ to data portability, Art. 20 GDPR and
- to object to the processing of the personal data concerning you, Art. 21 GDPR.
You can contact us to exercise these rights at any time, e.g. using the contact paths specified at the start of this privacy statement.
You are also entitled to lodge a complaint with a competent supervisory authority for data protection, Art. 77 GDPR.