Img #1Img #1Img #1

Data protection

0 items
€ 0.00

shopping cart



There are no items in the shopping cart yet
language selection


Data Protection Policy

The saami crafts website can be used without submitting any personal data. However, if the data subject is to make use of certain services, processing of personal data may become necessary. If this is the case, and there is no legal basis for such processing, then saami crafts shall obtain the consent of the data subject.

The processing of personal data, for example the name, address, email address and telephone number of the data subject, is always conducted in accordance with the General Data Protection Regulation (GDPR) and with country-specific data protection legislation applicable to saami crafts. This data protection policy is intended to inform the general public on the nature, scope and purpose of personal data captured, used and processed by saami crafts – and to explain the corresponding rights of the data subject.

As the data controller, saami crafts has implemented a number of technological and organisational measures to ensure robust protection of the personal data processed via the saami crafts website. Nevertheless, transmission of data via the Internet is subject to vulnerabilities; therefore, absolute and total protection cannot be guaranteed. For this reason, the data subject can choose to provide personal data to saami crafts by alternative methods, for example by telephone.

Contents

1. Terminology
a. Personal data
b. Data subject
c. Processing
d. Restriction of processing
e. Profiling
f. Pseudonymisation
g. Data controller
h. Processor
i. Recipient
j. Third party
k. Consent
2. Name and address of the data controller
3. Cookies
4. Capture of general data and information
5. SSL and/or TLS encryption
6 Registration
7. Newsletter/ Use of CleverReach
8. Use of social media plug-ins
a. Facebook
b. Google Plus
c. Twitter
d. Pinterest
9. Contacting saami crafts via the website
10. Routine erasure and blocking of personal data
11. Hosting and Content Delivery Networks (CDN)
12. Rights of the data subject
a. Right to confirmation
b. Right of access by the data subject
c. Right to rectification
d. Right to erasure (right to be forgotten)
e. Right to restriction of processing
f. Right of data portability
g. Right to object
h. Automated individual decision-making, including profiling
i. Right to withdraw consent
13. eCommerce and payment service providers
14. Legal basis for data processing
15. Legitimate interests of the controller or third party regarding the processing of data
16. Period for which personal data may be stored
17. Statutory or contractual requirements to provide personal data; or as a prerequisite for conclusion of a contract; obligation on the part of the data subject to provide personal data; possible consequences of failure to provide such data
18. Automated decision-making

 

1. Terminology

saami crafts’ data protection policy is based on the terminology employed by the European legislature for its General Data Protection Regulation (GDPR). saami crafts’ data protection policy is intended to be easy to read and understand for the general public, for our customers, and our business partners. To achieve this aim, we would like to explain the terminology used in advance. The terms used in this data protection policy include, but are not limited to, the following:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Data controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Name and address of the data controller

The data controller is:
saami crafts
Inh. Sandra Doebele
MoserstraĂźe 20
70182 Stuttgart, Germany

Phone: +49 711 7676575
Fax: +49 711 7676574
Email: info@saami-crafts.com
Internet: https://www.saami-crafts.com

3. Cookies

The saami crafts website makes use of cookies. Cookies are small text files that a web browser downloads and stores on a computer.

Many cookies include a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific web browser to which the cookie was saved. This enables the visited websites and servers to distinguish the specific browser of the data subject from other browsers that contain other cookies. A specific web browser can be recognised and identified by its unique cookie ID.

By means of cookies, saami crafts can provide users of its website with services that are more user-friendly than would otherwise be possible, and can improve the website in the interests of the user. For example, the user of a website that uses cookies does not have to re-enter their login data each time they visit the website because this is stored by the website and the cookie on the user’s computer system. A further example is the cookie used by a shopping cart in an online shop. Via the cookie, the online shop remembers the items that a customer has placed in the virtual shopping cart.

The data subject can prevent cookies from being installed by adjusting the settings on their web browser software accordingly. Moreover, existing cookies can be deleted at any time via a web browser or other software. This is possible with all leading browsers. The data subject should be aware, however, that by doing so they may not be able to make full use of all the functions of our website.

4. Capture of general data and information

The saami crafts website captures a variety of general data and information each time the website is visited. This data and information is stored in server log files. This data and information may include the type and version of browser used, the operating system, the website which linked the data subject to our website (referrer URL), the individual website pages accessed, the date and time of website access, the subject’s Internet Protocol (IP) address, the Internet service provider and other similar data and information that serve cyber security purposes in the event of attacks on our IT systems.

saami crafts cannot draw any conclusions about the data subject from this data and information. Instead, this information is required to correctly deliver the content of our website, to improve the content of our website and advertising for it, to ensure the ongoing correct operation and function of our IT systems and the technology of our website, and to provide law enforcement authorities with the information needed for criminal investigation and prosecution in the event of a cyber attack. This data and information is captured anonymously; it is analysed by saami crafts for statistical purposes, and in order to improve data protection and data security within our organisation, and in order to ultimately ensure the best possible degree of protection for personal data processed by us. The anonymous data stored in server log files is stored separately from all personal data provided by the data subject.

5. SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If you are under an obligation to share your payment information (e.g. account number if you give us the authority to debit your bank account) with us after you have entered into a fee-based contract with us, this information is required to process payments.

Payment transactions using common modes of paying (Visa/MasterCard, debit to your bank account) are processed exclusively via encrypted SSL or TLS connections. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the communication with us is encrypted, third parties will not be able to read the payment information you share with us.

6. Registration

The data subject may register for our website by entering personal information. The personal data transmitted to saami crafts is apparent from the corresponding registration screen. The personal data entered by the data subject is captured and stored exclusively for internal purposes. saami crafts is entitled to make this personal data available to one or multiple processors, such as, without limitation, a parcel service, who shall also exclusively use the data for internal purposes of a kind attributable to saami crafts.

Furthermore, by registering on the saami crafts website, the IP address assigned to the data subject by the Internet service provider (ISP), and the date and time of registration, are captured. This data is stored to prevent misuse of our services and, where necessary, to investigate any criminal offences. The storage of this data is required to protect saami crafts’ legitimate interests. This data will not be passed on to third parties unless there is a legal obligation to do so on or it serves the purposes of law enforcement.

Registration by the data subject, in conjunction with the voluntary submission of personal data, helps saami crafts to offer the data subject content or services that by nature can only be offered to registered users. Registered users are at liberty to modify the personal data provided upon registration at any time or to have it erased completely from saami crafts’ data records.

Upon request, saami crafts will at any time disclose to the data subject what personal data is stored on them. Furthermore, the data will be corrected or deleted upon request or notification, insofar as there are no statutory retention duties to the contrary. The data subject may contact Ms Astrid Gregor or Ms Sandra Doebele in this regard.

7. Newsletter/ Use of CleverReach

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

CleverReach

This website uses CleverReach for the sending of newsletters. The provider is the CleverReach GmbH & Co. KG, MĂĽhlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that can be used to organize and analyse the sending of newsletters. The data you have entered for the purpose of subscribing to our newsletter (e.g. e-mail address) are stored on servers of CleverReach in Germany or in Ireland.

Newsletters we send out via CleverReach allow us to analyse the user patterns of our newsletter recipients. Among other things, in conjunction with this, it is possible how many recipients actually opened the newsletter e-mail and how often which link inside the newsletter has been clicked. With the assistance of a tool called Conversion Tracking, we can also determine whether an action that has been predefined in the newsletter actually occurred after the link was clicked (e.g. purchase of a product on this website). For more information on the data analysis services by CleverReach newsletters, please go to: https://www.cleverreach.com/en/features/reporting-tracking/.

The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

If you do not want to permit an analysis by CleverReach, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the Data Protection Provisions of CleverReach at: https://www.cleverreach.com/en/privacy-policy/.

Execution of a contract data processing agreement

We have entered into a contract data processing agreement with CleverReach and implement the strict provisions of the German data protection agencies to the fullest when using CleverReach.

8. Use of social media plug-ins

a. Facebook

This website uses Facebook social media plug-ins, provided by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). The plug-ins are recognisable by the use of the Facebook logo or the terms “Like”, “Share” and the signature Facebook colours (blue and white). Information on all Facebook plug-ins can be found via the following link:
https://developers.facebook.com/docs/plugins/

The plug-in establishes a direct link between your browser and Facebook’s servers. saami crafts has no influence over the nature and scope of data transmitted to the Facebook servers via the plug-in. Further information is available at: https://www.facebook.com/help/186325668085084

The plug-in informs Facebook that you visited the saami crafts website. It is possible that your IP address will be saved as a consequence. If you visit the website while logged on to Facebook, the information given above will be linked to that account.

If you use features of the plug-in – for instance by sharing or liking content – corresponding information will be transmitted to Facebook Inc. If you wish to prevent this information being linked to your Facebook account, you must first log out of Facebook before visiting this website.

b. Google Plus

Our website employs the “+1” button from Google+. This is operated by Google Inc., (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA). If you visit a website that includes the “+1” button, a direct connection is established between your browser and Google’s servers. The website operator has no influence over the nature and scope of data transmitted by the plug-in to Google Inc.’s servers. If you click on the “+1” button while you are logged onto Google+, then you will share the corresponding website content on your public profile.

According to Google Inc., personal data is only captured when you click on the button. It is also possible that the IP address of logged-in Google users is stored. If you wish to prevent Google Inc. from storing this data and linking it to your account, please log out of your account before you visit this website.

More information on the “+1” button is available at: https://developers.google.com/+/web/buttons-policy.

c. Twitter

This website uses Twitter buttons. These are operated by Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). If you visit a website that features one of these buttons, a direct connection is established between your browser and Twitter’s servers. saami crafts has no influence over the nature and scope of data transmitted to Twitter Inc.’s servers via the plug-in.

According to Twitter Inc., only your IP address is captured and stored. Further information on how Twitter Inc. processes personal data is available at:
https://twitter.com/privacy

d. Pinterest

This website uses the Pin it button plug-in operated by Pinterest (Pinterest Inc., 635 High Street, Palo Alto,CA, 94301, USA). When you visit this website, a direct connection is established between your browser and Pinterest’s servers. Pinterest can therefore receive information, including your IP address, indicating that you have visited this website. If you click the Pin It button while you are logged onto your Pinterest user account, you can share content from this website with your Pinterest network.

We hereby expressly inform you that as the operator of this website we have no knowledge of the content of the data transmitted to Pinterest or of its use by Pinterest. For more information on Pinterest’s privacy policy, please use the following link:
http://de.about.pinterest.com/privacy/.

Even if you do not possess a Pinterest account, you can change the settings for the storage of your data by Pinterest here:
https://help.pinterest.com/de/articles/personalization-and-data-other-websites

9. Contacting saami crafts via the website

In line with statutory requirements, the saami crafts website includes information that allows users to rapidly contact our organisation and to engage in direct communication with us. This information includes a physical address and an email address. If a data subject contacts saami crafts via email or a contact form, then personal data is automatically saved. Such voluntarily submitted data is used exclusively for the purposes of processing requests, answering queries and communicating with the data subject. This personal data is not made available to any third party.

10. Routine erasure and blocking of personal data

saami crafts only processes and stores personal data on the data subject for the duration for which this is necessary for the purpose of such storage or for as long as prescribed by the corresponding European legislature or any other legislature whose laws and regulations saami crafts is subject to.

If the purpose of storage no longer exists, or the deadline prescribed by the corresponding European legislature or other relevant legislature elapses, personal data will be routinely erased or blocked in line with statutory requirements.

11. Hosting and Content Delivery Networks (CDN)

External Hosting

This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

Execution of a contract data processing agreement

In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our host.

12. Rights of the data subject

a) Right to confirmation

Any data subject has the right granted by the European legislature to receive confirmation from saami crafts as to whether or not saami crafts processes their personal data. If a data subject wishes to make use of this right, they may contact us to this end at any time.

b) Right of access by the data subject

The data subject shall have the right at any time to receive from saami crafts information, free of charge, on personal data relating to them, and to receive a copy of such information. Furthermore, the European legislature has granted the data subject the right to the following information:

• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request from saami crafts rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• where the personal data are not collected from the data subject, any available information as to their source;
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The data subject has to right to be informed as to whether personal data is transferred to a third country or an international organisation. Where this is the case, the data subject has the right to be informed of suitable guarantees in connection with such data transfer.

If a data subject wishes to make use of this right, they may contact us to this end at any time.

c) Right to rectification

The data subject shall have the right to obtain without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to make use of this right, they may contact us to this end at any time.

d) Right to erasure (right to be forgotten)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning them without undue delay where one of the following grounds applies:

• the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
• the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal grounds for the processing;
• the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
• the personal data has been unlawfully processed;
• the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

Insofar as one of the above applies, and the data subject wishes their personal data stored by saami crafts to be erased, they may contact us to this end at any time. saami crafts will then ensure compliance with the request for erasure without delay.

If personal data were published by saami crafts, and if our company is obliged to erase the personal data in accordance with Article 17(1) of the GDPR, then we shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other data controllers who process the published personal data, that the data subject has requested the erasure of all links to such personal data and erasure of copies or replicas of such personal data by these other data controllers, insofar as the processing of this data is not necessary.

e) Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Insofar as one of the above applies, and the data subject wishes the restriction of processing of personal data stored by saami crafts, they can contact us to this end at any time.

f) Right of data portability

The data subject shall have the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit the data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1); and the processing is carried out by automated means, insofar as processing is not necessary for the performance of a task in the public interest, or in the exercise of official authority vested in the controller.

In exercising their right to data portability pursuant to Article 20(1), the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and insofar as this does not infringe on the rights or freedoms of other persons.

Insofar as the data subject wishes to exert their right to data portability, they can contact us to this end at any time.

g) Right to object

The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.

Where the data subject lodges such an objection, saami crafts shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

Where saami crafts processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing. This shall include profiling to the extent that it is related to such direct marketing.

Where the data subject lodges an objection with saami crafts to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Moreover, where personal data are processed by saami crafts for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, the data subject, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest. Where the data subject wishes to assert their right to object, they can contact us to this end at any time. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

The data subject shall have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This right shall not apply if the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller; is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or is based on the data subject’s explicit consent.

If the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller or is based on the data subject’s explicit consent, then the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

If the data subject wishes to exercise their rights with regard to automated decisions, they can contact us to this end at any time.

i) Right to withdraw consent

The data subject has the right to withdraw their consent to the processing of their personal data at any time. The data subject can contact us to this end at any time.

13. eCommerce and payment service providers

Processing of data (customer and contract data)

We collect, process and use personal data only to the extent necessary for the establishment, content organization or change of the legal relationship (data inventory). These actions are taken on the basis of Art. 6 Sect. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual actions. We collect, process and use personal data concerning the use of this website (usage data) only to the extent that this is necessary to make it possible for users to utilize the services and to bill for them.

The collected customer data shall be eradicated upon completion of the order or the termination of the business relationship. This shall be without prejudice to any statutory retention mandates.

Data transfer upon closing of contracts for online stores, retailers and the shipment of merchandise

We share personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with companies entrusted with the shipment of goods or the financial institution tasked with the processing of payments. Any further transfer of data shall not occur or shall only occur if you have expressly consented to the transfer. Any sharing of your data with third parties in the absence of your express consent, for instance for advertising purposes, shall not occur.

The basis for the processing of data is Art. 6 Sect. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual actions. Data transfer upon closing of contracts for services and digital content
We share personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with the financial institution tasked with the processing of payments.

Any further transfer of data shall not occur or shall only occur if you have expressly consented to the transfer. Any sharing of your data with third parties in the absence of your express consent, for instance for advertising purposes, shall not occur.

The basis for the processing of data is Art. 6 Sect. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual actions.

PayPal

Among other options, we offer payment via PayPal on this website. The provider of this payment processing service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
If you choose payment via PayPal, we will share the payment information you enter with PayPal.

The legal basis for the sharing of your data with PayPal is Art. 6 Sect. 1 lit. a GDPR (consent) as well as Art. 6 Sect. 1 lit. b GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.

14. Legal basis for data processing

Article 6 I lit. a GDPR serves as the legal basis for data processing activities that require consent for a particular processing purpose. If processing of personal data is necessary for the performance of a contract to whom the person concerned is a party, as is the case, for example, without limitation, for the delivery of goods, or for the provision of another service or consideration, then such processing is based on Art. 6 I lit. b GDPR. The same shall apply to processing activities necessary to performing pre-contractual tasks, for example, without limitation, responding to queries about our products or services. If our company is subject to a legal obligation that necessitates the processing of personal data, such as, without limitation, compliance with taxation obligations, then such processing is on the basis of Art. 6 I lit. c GDPR. Under rare circumstances, processing of personal data may be necessary to protect the vital interests of the person concerned or of another natural person. This might for example be the case if a visitor to our business was injured and it would be necessary to provide their name, age, health insurance or other vital details to a doctor, hospital or other third party. In this instance, processing is on the basis of Art. 6 I lit. d GDPR. Moreover, some processing activities might be based on Art. 6 I lit. f GDPR.

This latter provision is the basis for processing activities that are not covered by any of the previously mentioned provisions when processing is necessary to safeguard a legitimate interest on the part of our company or a third party insofar as this is not overridden by the interests, fundamental rights or fundamental freedoms of the data subject. Such processing activities are permitted in particular, without limitation, because they were specifically named by the European legislature. The legislature expressed the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

15. Legitimate interests of the controller or third party regarding the processing of data

If the processing of personal data is based on Article 6 I lit. f GDPR, then our legitimate interest is to conduct our business for the well-being of all our employees and our shareholders.

16. Period for which personal data may be stored

The criterion for the storage period for personal data shall be the corresponding statutory retention period. After the expiry of this period, the corresponding data will be routinely erased, provided that it is no longer necessary for the fulfilment or initiation of the contract.

17. Statutory or contractual requirements to provide personal data; or as a prerequisite for conclusion of a contract; obligation on the part of the data subject to provide personal data; possible consequences of failure to provide such data

We hereby inform you that the provision of personal data is under certain circumstances a statutory requirement (e.g. under tax law) or may result from contractual requirements (e.g. information required on the contractual partner). In some cases, it may be necessary for the conclusion of a contract for the data subject to provide us with personal data which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with them. Failure to provide personal data would mean the contract with the data subject could not be concluded. Before the data subject can provide personal data, the data subject must contact us. We inform the data subject on a case-by-case basis whether the provision of personal data is a statutory or contractual requirement for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.

18. Automated decision-making

As a responsible company, we do not deploy automated decision-making mechanisms, such as profiling.