Data protection

Privacy statement

 

The following Privacy Statement applies to use of our online offer [www.niezgodka.de] (hereinafter called “Website”).

We attach great importance to data privacy. Your personal data are collected and processed in accordance with the applicable data privacy regulations, particularly the General Data Protection Regulation (GDPR).

 

 

1 Controller

 

The controller for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is

 

Ms. Verena Niezgodka-Seemann

Bargkoppelweg 73

22145 Hamburg

 

If you wish to object to the collection, processing and use of your data by us in accordance with this Privacy Statement, either in general or for individual measures, you can send your objection to the Controller.

 

 

2 General purpose of the processing

 

We use personal data to operate and optimise the Website.

 

 

3 What data do we use, and why

 

3.1 Hosting

 

The hosting services used by us serve the purpose of providing the following services: Infrastructure and platform services, computing capacity, disk space and database services, security services and technical maintenance services which we use to operate the Website. In this context, we or our hosting provider,

 

PG Consulting Unternehmens- und DV-Organisations-Beratung GmbH

CEO: Dieter Pfenning

Tostedt District Court: HRB 200762

VAT ID: DE12196970

An Diek 1

D-21279 Appel (Germany)

 

process inventory data, contact details, content data, use data, metadata and communication data of customers, interested parties and visitors to this Website based on our legitimate interest in the efficient, secure provision of our Website in accordance with Art 6 Para. 1 p. 1 f) GDPR in conjunction with Art. 28 GDPR.

 

 

3.2 Access data

 

We collect information about you if you use this Website. We automatically record information about your user behaviour and your interaction with us and register data relating to your computer or mobile device. We collect, save and use data about each visit to our Website (so-called server log files). The access data include:

 

– the name and URL of the called file

– the date and time of the call

– the transferred data volume

– report of successful access (HTTP response code)

– browser type and browser version

– operating system

– referrer URL (i.e. page visited previously)

– websites called by the user’s system via our Website

– the user’s internet service provider

– the IP address and requesting provider

 

We use these log data for statistical purposes only without any allocation to your person and without creating any other profile, in order to ensure the operations, security and optimisation of our Website, as well as to anonymously record the number of users of our Website (traffic) and the extent and type of use of our Website and services.

This information enables us to provide personalised and site-specific contents and to analyse traffic, find and fix bugs and improve our services.

This is also our legitimate interest as per Art 6 Para. 1 p. 1 f) GDPR.

We reserve the right to check the log data retrospectively if there is concrete evidence to raise legitimate suspicion of unlawful use. We save IP addresses in logfiles for a limited period if this is required for security purposes, for the provision of services or to invoice a service, e.g. if you use one of our offers.

 

We also save IP addresses if we have concrete suspicion of a criminal act in connection with the use of our Website. In addition, we save the date of your last visit as part of your account (e.g. for registration, log-in, clicking on links, etc.).

 

 

3.3 Cookies

 

To a limited extent, we use persistent cookies (these are also small text files stored on your end device) which remain on your end device and allow us to recognise your browser on your next visit. These cookies are saved on your hard drive and are deleted automatically after a specific time. Their lifetime ranges from 1 month to 10 years. This enables us to present you with our user-friendly, effective and secure offer and to e.g. display information tailored specifically to your interests on the page.

Our legitimate interest in using the cookies according to Art 6 Para. 1 p. 1 f) GDPR consists of making our Website more user-friendly, more effective and more secure. The following data and information is saved in the cookies:

 

– Log-in information

– Language settings

– Entered search terms

– Information about the number of visits to our Website and the use of individual functions on our Website.

 

When the cookie is activated, it is assigned an ID and your personal data are not allocated to this ID. Your name, your IP address and similar data which would make it possible to allocate the cookie to you personally are not saved in the cookie. The cookie technology merely provides us with pseudonymised information, e.g. about which pages you visited, which products you viewed, etc.

You can change your browser settings so that you are notified of cookies in advance and can decide each time whether you want to prevent cookies in specific situations or in general or whether you wish to block cookies altogether. This may restrict the functionality of the Website. We notify our Website users that we use cookies. We obtain user permission with the help of an ‘Accept’ button.

 

 

3.4 Plugins and tools

 

Google Maps

This page uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We must save your IP address for you to be able to use the Google Maps function. This information is normally sent to a Google server in the USA and saved there. The provider of this Website cannot influence this data transfer. Google Maps is used in the interest of making it easier to find the locations specified on the Website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 p. 1 f) GDPR.

For more information on how user data are used, please see the Google Privacy Statement: https://www.google.de/intl/de/policies/privacy/.

 

 

3.5 Data to perform our contractual obligations

 

We process personal data which we require to perform our contractual obligations, such as name, address, email address, requested products. Collection of these data is required to create an offer. The data are deleted after the warranty periods and statutory retention periods end. Data linked to a user account (see below) remain on these accounts in any case for the duration that the account is maintained.

The legal basis for processing these data is Art. 6 Para. 1 P. 1 b) GDPR, because these data are required for us to be able to perform our contractual obligations towards you.

 

 

3.6 User account

 

You can create a user account on our Website. If you wish to do this, we require the personal data requested during log-in. When you log in again, you will only need your email address or user name and the password chosen by you.

For new registrations, we collect master data (e.g. name, address), communication data (e.g. email address) and access data (user name and password).

 

In order to ensure your proper registration and to prevent unauthorised access by third parties, you will receive an activation link by email after you register which you must use to activate your account. We only save the data sent by you for the duration of your user account after successful registration.

 

You can request us to delete your user account at any time without incurring any costs over and above the transfer costs at basic rates. It is sufficient to notify us in text format addressed to the contact details mentioned in Section 1 (e.g. email, fax, letter). We will delete your saved personal data as a result unless we need to save them to process orders or to comply with statutory retention periods.

The legal basis for processing these data is your consent in accordance with Art. 6 Para. 1 p. 1 a) GDPR.

 

 

3.7 Contact by email

 

If you contact us (e.g. using the contact form or by email), we process your details in order to process the query and in case of follow-up questions. If the data are processed in order to perform measures prior to concluding a contract, which are performed at your request or, if you are already our customers, for contract performance, the legal basis for this data processing is Art. 6 Para. 1 p. 1 b) GDPR.

 

We only process any further personal data if you give your consent (Art. 6 Para. 1 p. 1 a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 Para. 1 p. 1 f) GDPR). A legitimate interest e.g. consists in responding to your email.

 

 

4 Storage duration

 

Unless specified otherwise, we only save personal data for the time required to perform the pursued purpose. In some cases, the legislator stipulates storage of personal data, e.g. under tax or commercial law. In these cases, we will save the data for these statutory purposes only, will not process them otherwise, and will delete them after the statutory retention period ends.

 

 

5 Your rights as the data subject

 

Under the applicable laws, you have various rights in relation to your personal data. If you wish to assert these rights, please send your query by email or post to the address stated in Section 1, providing unique personal identification.

 

Your rights are listed below.

 

 

5.1 Right to confirmation and information

 

You are entitled to receive clear information about the processing of your data.

 

In detail:

You are entitled to receive confirmation from us at any time of whether your personal data are being processed. If this is the case, you are entitled to receive information about your personal data saved by us including a copy of these data free of charge. You also have the right to the following information:

 

1. the purpose of the processing;
2. the categories of personal data being processed;
3. the recipients or categories of recipients to whom the personal data were disclosed or will be disclosed, particularly recipients in third countries or in case of international organisations;
4. if possible, the planned duration for which the personal data are saved, or, if this is not possible, the criteria for setting this duration;
5. the existence of a right to correct or delete your personal data or restrict processing by the controller or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. if the personal data are not collected from you, all available information about the source of the data;
8. the existence of an automated decision-making process including profiling as per Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the range and intended consequences of such processing for you.

 

If the personal data are sent to a third country or transferred to an international organisation, you are entitled to be notified of appropriate guarantees as per Art. 46 GDPR in connection with the Transfer.

 

 

5.2 Right to correction

 

You have the right to demand that we correct or, if applicable, complete the personal data relating to you.

In detail:

You are entitled to demand that we correct any incorrect personal data relating to you immediately. Taking into account the purpose of the processing, you have the right to demand that we complete any incomplete personal data – including by supplementary declaration.

 

 

5.3 Right to deletion (“Right to be forgotten”)

In a number of cases, we are obligated to delete your personal data.

In detail:

According to Art. 17 Para. 1 GDPR, you are entitled to demand that we delete your personal data immediately, and we are obligation to delete your data immediately, if one of the following reasons applies:

1. The personal data are no longer needed for the purposes for which they were collected or otherwise processed.
2. You revoke your consent on which the processing is based according to Art. 6 Para. 1 p. 1 a) GDPR or Art. 9 Para. 2 a) GDPR, and no other legal basis for the processing applies.
3. You object to the processing as per Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing as per Art. 21 Para. 2 GDPR.
4. The personal data were processed unlawfully.
5. The data must be deleted to comply with a legal obligation under EU law or under the law of the member states by which we are bound.

The personal data were collected in relation to offered information society services as per Art. 8 Para. 1 GDPR. If we published the personal data, and we are obligated to delete them as per Art. 17 Para. 1 GDPR, we will take reasonable measures taking into account the technology available and the implementation costs, including of a technical nature, in order to notify the controllers processing the data that you have demanded that they delete all links to these personal data, and to copies or replications of these personal data.

 

 

5.4 Right to restrict the processing

 

In a number of cases, you are entitled to demand that we restrict the processing of your personal data.

In detail:

You are entitled to demand that we restrict the processing if one of the following conditions applies:

1. you dispute the correctness of the personal data, for a duration which allows us to verify the correctness of the personal data,
2. the processing is unlawful and you have rejected deletion of the personal data and instead demanded restricted use of the personal data;
3. we no longer require the personal data for the purpose of the processing, but you require the data to assert, exercise or defend legal claims, or

you have raised an objection to the processing as per Art 21 Para. 1 GDPR, for the duration while it is uncertain whether the legitimate reasons of our company outweigh yours.

 

 

5.5 Right to data portability

 

You are entitled to receive, transfer or arrange for us to transfer your personal data in a machine-readable format.

In detail:

You are entitled to receive the personal data that you have provided to us in a structured, commonly used, machine-readable format, and you are entitled to transfer these data to a different controller without being prevented by us, to the extent that

1. the processing is based on consent as per Art. 6 Para. 1 p. 1 a) GDPR or Art. 9 Para. 2 a) GDPR, or on a contract as per Art. 6 Para. 1 p. 1 b) GDPR, and
2. processing is performed using automated processes.

When exercising your right to data portability as per Section 1, you are entitled to demand that we send the personal data directly to a different controller, to the extent that this is technically feasible.

 

 

5.6 Right to object

 

You have the right to object to lawful processing of your personal data by us if this is on grounds of your particular situation and our interests in the processing do not override this right.

In detail:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 Para. 1 p. 1 e) or f) GDPR; this also applies to profiling based on those provisions. If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims. Where we process your personal data for direct marketing purposes, you shall have the right to object at any time to processing of the personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. You have the right to object to the processing of your personal data on grounds relating to your particular situation where these data are used for scientific or historic research purposes or for statistical purposes as per Art. 89 Para. 1 GDPR, except where such processing is required to perform a task in the public interest.

 

 

5.7 Automated decisions including profiling

 

You are entitled not to be subjected to a decision based on automated processing – including profiling – which takes legal effect for you or which significantly impairs you in a similar way. We do not use automated decision-making based on your collected personal data.

 

 

5.8 Right to revoke consent given under data security law

 

You have the right to revoke your consent to process personal data at any time.

 

 

5.9 Right to lodge a complaint with a supervisory authority

 

You have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, your place of work or the site of the alleged breach, if you are of the opinion that the processing of your personal data is unlawful.

 

 

6 Data security

 

We strive to ensure the maximum security of your data under applicable data security legislation and in accordance with the technical possibilities. We transfer your data in an encrypted format. This applies to orders as well as the customer log-in. We use the encoding system SSL (Secure Socket Layer) but would like to point out that online data transmission (e.g. communication by email) can be subject to security gaps. It is not possible to protect data against third party access to the exclusion of such gaps. To protect your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we adapt regularly to ensure that it remains state-of-the-art. We also do not guarantee that our offer is available at specific times; disruptions, breakdowns and downtime cannot be excluded. We carefully protect the servers used by us.

 

 

7 Transfer of data to third parties, no data transmission to non-EU countries

 

We generally only use your personal data within our company. If and to the extent that we involve third parties in contract performance (e.g. logistics service providers), these only receive personal data to the extent required to perform the relevant service. If we outsource specific data processing components (“order processing”), we contractually oblige order processors to use personal data only in accordance with the requirements of the data security legislation and to ensure that the rights of the data subject are protected. Data are not transferred to institutions or persons outside the EU except for the case mentioned in Section 4 of this statement, and no such transfer is planned.

 

 

8 Data protection officer

 

If you have any questions or concerns regarding data security, please contact the address mentioned in Section 1.