Status as of 09.03.2020
General scope of data processing
Data protection is a high priority in our society. We comply with the Basic Data Protection Regulation (DSGVO), which regulates the processing of personal data uniformly for the entire European Union, and other national data protection laws of the member states as well as other data protection regulations. We collect, process and use personal data only to the extent necessary to provide a functional website and to present our offers and services. As a user, you can visit our website without providing any personal information. Personal data is only collected and used to the extent necessary to provide a functional website and to present our content and services. The collection and use of your personal data is only carried out with your consent. An exception is made in cases where prior consent cannot be obtained for factual reasons or where the collection and processing of data is permitted by legal regulations.
For security reasons we use an SSL certificate on our website to provide secure connections by encrypting all incoming and outgoing data traffic. You can recognise the encryption by the lock symbol in your browser line and by the fact that "https://" is displayed there.
Name and address of the person responsible for data processing
The person responsible in the sense of the DSGVO is:
Owner: Matthias Falkenberg registered association.
Thesdorfer Weg 112
Phone 04101 858770
fax +49 4101 8055504
The terms used in this data protection declaration correspond to those in Article 4 DSGVO. For the purposes of this Regulation
"personal data" shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, a geographical location, an on-line identification, or one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity
"data subject" means any identified or identifiable natural person whose personal data are processed by the controller.
"processing" - any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Restriction of processing" - the marking of stored personal data with the aim of limiting their processing in the future;
"profiling" - any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that natural person
"controller" shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or national law, provision may be made for the controller or for the specific criteria for his or her designation in accordance with Union or national law
"recipient" shall mean any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union or national law shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing;
"third party" means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process personal data
"consent" - to the data subject's freely given specific, informed and unequivocal indication of his or her wishes in the form of a declaration or any other unequivocal affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
General legal bases for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Regulation (DSGVO) is the legal basis for the processing of personal data.
In the case of processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) lit. b of the DPA is the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c DSGVO is the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d DSGVO is the legal basis.
If the processing required serves to safeguard our legitimate interests or those of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former, Article 6 (1) lit. f FADP is the legal basis for the processing.
Data erasure and storage period
Your personal data stored by us will be deleted or blocked as soon as the purpose for which it was stored no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which we are subject, e.g. on the basis of tax and commercial law storage and documentation obligations. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Collection of technical access data, server log files
Whenever you visit our website, our web server automatically collects data and information from the computer system of the computer you are using. The following data is collected:
Browser name and version used
the operating system used and its resolution
Date and time of access
Quantity of data sent
Web site from which you access our site (referrer URL)
Name and URL of files accessed via our website
Error information for error analysis
The data is temporarily stored in the log files of the web server we use. The data is automatically deleted after 14 days. A storage of this data together with other of your personal data does not take place. Your data cannot be assigned by us to any particular person. We use this technical log data only for statistical purposes and to optimise our website and its security. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.
Temporary storage of the IP address by our web server is necessary to enable delivery of the web pages accessed to your computer. For this purpose, the IP address of the calling computer must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO.
The stored data will be deleted as soon as they are no longer required for the purpose of their collection. The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection or removal on your part.
Setting options for the most common browsers can be found under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent. The transmission of flash cookies cannot be prevented by the browser settings, but by changing the settings of the flash player.
If you have the opportunity on our website to create a customer account and register by providing your personal data, the following applies: The data will be entered into an input mask, transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process: Your first and last name, your postal address, your e-mail address, your telephone number, your personal login password. Within the scope of the registration process, your consent to the processing of this data is expressly obtained. At the time of registration, the following data is also stored: The IP address of the calling computer, date and time of registration. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f DSGVO
Your registration is required for the fulfilment of a contract with you or for the implementation of pre-contractual measures. By registering, we can quickly and conveniently provide you with the data you entered once again without you having to enter it again. The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO, if you have given your consent. If the registration serves the fulfilment of a contract between you and us or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.
Your data will be deleted as soon as they are no longer required for the purpose of their collection. This is the case for the data collected during the registration process for the performance of a contract or the implementation of pre-contractual measures if the data is no longer necessary for the performance of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.
As a user you have the possibility to cancel the registration at any time. You can have the data stored about you changed at any time. To change or delete your data, simply contact us using the contact details provided in the imprint. Ideally you should send us an e-mail. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible if there are no contractual or legal obligations that prevent a deletion.
Contact form and e-mail contact
If there is a contact form on our website that you can use for electronic contact, the following applies: If you use this option, the data entered in the input mask will be transmitted to us and stored. These data are for the processing of the establishment of contact: Your first and last name, your postal address, your e-mail address, your telephone number. Minimum mandatory data are marked with an asterisk. At the time the message is sent, the IP address of the calling computer; date and time of registration are also stored to prevent misuse of the contact form and to ensure the security of our information technology systems. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO.
For the processing of the data we obtain your consent before sending it and at the same time refer to this data protection declaration.
Alternatively, you can also contact us by e-mail. In this case, only the personal data transmitted by you with the e-mail will be stored for processing the contact. Under no circumstances will your data be passed on to third parties. Your data will be used exclusively for the purpose of communication. The legal basis for the processing of data with your consent is Art. 6 para. 1 lit. a DSGVO. The legal basis for the processing of personal data that you have sent us by e-mail is Art. 6 para. 1 lit. f DSGVO. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO.
The data is deleted as soon as it is no longer necessary for the purpose of its collection. For personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective communication with you has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has been finally clarified.
You have the possibility to revoke your consent to the processing of your personal data at any time. If you have contacted us by e-mail, you can object to the storage of your personal data at any time. The revocation can be made e.g. by sending a revocation e-mail or by letter to our contact addresses as shown in the imprint. All personal data stored in the course of contacting us will then be deleted.
Data transfer to service partners
We only pass on your personal data to service partners who are involved in the contract processing, such as the shipping company commissioned with the delivery and the credit institute commissioned with payment matters. The extent of the data transfer to third parties is limited to the necessary minimum, namely your first and last name and your delivery address. The legal basis is Art. 6 para. 1 lit. b DSGVO.
In the event that you have expressly given us or, at your request, the service partner your consent to do so, we will also pass on your e-mail address, your telephone number or your date of birth for the purpose of coordinating a delivery date of the shipping company or a necessary identity and creditworthiness check of the payment service provider. If you do not give us your consent in this respect, prior coordination of a delivery date or a delivery announcement or a "purchase on account" or "purchase by direct debit" or "instalment purchase" is not possible. The legal basis for this is Art. 6 para. 1 lit. a DSGVO. You may of course revoke your consent at any time with future effect vis-à-vis us or the respective shipping or payment service provider.
Dispatch service provider:
DHL - In the event that the shipment is made via DHL, we will forward your respective data to Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany.
DPD - In the case of shipping via DPD, we will forward your respective data to DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg.
Payment service provider with credit check
In the event of payment via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we will pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), within the framework of the payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal. The result of the credit assessment with regard to the statistical probability of non-payment shall be used by PayPal for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values. You can find further information on data protection law in the PayPal data protection principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
"IMMEDIATE" bank transfer
The data controller has integrated components from Novalnet AG on this website. The Novalnet AG is a full payment service provider, which among other things takes over the payment processing.
If the person concerned selects a payment method during the ordering process in the online shop, data of the person concerned will be automatically transmitted to Novalnet AG. With the selection of a payment option, the person concerned consents to the transmission of personal data for the processing of the payment.
The personal data transmitted to Novalnet is usually first name, surname, address, date of birth, gender, email address, IP address, telephone number, mobile phone number as well as other data necessary for the processing of a payment. For the processing of the sales contract, such personal data are also necessary, which are in connection with the respective order. In particular, there may be a mutual exchange of payment information, such as bank details, card number, expiry date and CVC code, data on goods and services, prices.
The transmission of data is intended in particular for identity verification, payment administration and fraud prevention. The person responsible for the processing will transmit personal data to Novalnet AG in particular if there is a justified interest for the transmission. The personal data exchanged between Novalnet AG and the person responsible for processing will be transferred to credit agencies by Novalnet AG if necessary. The purpose of this transmission is to check identity and creditworthiness.
Novalnet AG also passes on the personal data to service providers or subcontractors, as far as this is necessary to fulfil the contractual obligations or the data is to be processed.
The person concerned has the possibility to revoke his or her consent to Novalnet AG to process personal data at any time. A revocation does not affect personal data, which must be processed, used or transmitted for the (contractual) payment processing. The data protection declaration of Novalnet AG can be found under the following link: https://www.novalnet.de/datenschutz
Responsible for the data processing: Novalnet AG - Gutenbergstraße 2 - 85737 Ismaning
Phone: +49 89 9230683-29 Fax: +4989923068311 E-Mail: firstname.lastname@example.org
If you wish to receive information about the use of personal data concerning you, you can contact email@example.com at any time. The provision of the data is necessary for the conclusion of the contract with the payment method you have chosen. Failure to provide the data will mean that the contract cannot be concluded with the payment method you have requested.
Tools for web analysis
We use various web analysis tools on our website to analyse usage data in order to be able to design our online offers and our website in an optimal and demand-oriented manner with regard to user-friendliness and optimisation. The web analysis tools generally use "cookies" (for a definition see section 7.1). Data processing is always based on the legal provisions of Art. 6 Para. 1 lit f DSGVO (legitimate interest).
In order to respect your privacy, the data that may allow a reference to your person, such as IP address, login or device IDs, will be anonymised or pseudonymised as soon as possible. There will be no other use, combination with other data or transfer to third parties. In detail, the following tools are involved:
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies" which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the anonymous, i.e. shortened IP address) is usually transferred to a Google server in the USA and stored there.
The IP-anonymisation "_anonymizeIp()" is activated on our website. This option causes your IP address to be shortened by Google within member states of the European Union or in other states which are parties to the Agreement on the European Economic Area before. This makes it impossible to personalize your IP address. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activities and to provide us with further services related to website and Internet use. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.
You can prevent the installation of cookies by adjusting your browser software accordingly. In this case, however, you must expect that you will no longer be able to use all functions of our website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting the data by clicking on the above link. An opt-out cookie will be set to prevent the future collection of your data when you visit our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found under the following link in the Google Analytics help: https://support.google.com/analytics/answer/6004245?hl=de
Google Adwords Conversion Tracking
We use the Google Conversion Tracking of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Adwords sets a "cookie" on your computer if you have reached our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of our website while the cookie is still valid, Google and we can recognize via our Adword account that you have clicked on a Google ad we have placed and have been redirected to that page.
Each Adwords customer receives a different cookie. This means that cookies cannot be tracked on the websites of Adwords customers. The information collected using the conversion cookie is used to compile conversion statistics for Adwords customers who have opted in to conversion tracking. Adwords advertisers know the total number of users who have clicked on your ad and been redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.
Rights of the data subject
If personal data is processed by you, you are a data subject within the meaning of the DSGVO and you are entitled to the following rights in relation to the person responsible:
Right to information (Art. 15 DSGVO) - You can request from us, as the person responsible, confirmation as to whether personal data concerning you is being processed by us.
In the event of processing, you may request the following information from us: the purposes for which the personal data are processed; the categories of personal data which are processed; the recipients or the categories of recipients to whom the personal data relating to you have been or will be disclosed; the planned duration of storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage; the existence of a right of rectification or erasure of personal data relating to you, a right to have the processing limited by the controller or a right to object to such processing; the existence of a right of appeal to a supervisory authority; all available information on the origin of the data when the personal data are not collected from the data subject; the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) DPA and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing on the data subject. You also have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 DPA in connection with the transfer.
Right of rectification (Art. 16 DPA) - You have the right to obtain from the controller the rectification and/or integration without delay if the personal data processed concerning you is inaccurate or incomplete.
Right to deletion (Art. 17 DSGVO) - You have the right to request from us, as the controller, that the personal data concerning you be deleted immediately.
In this case we are obliged to delete these data immediately if one of the following reasons applies: (1) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;(2) you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a FADP and there is no other legal basis for the processing. (3) You submit an objection to the processing pursuant to Art. 21 Para. 1 DSGVO and there are no overriding legitimate reasons for the processing, or you submit an objection to the processing pursuant to Art. 21 Para. 2 DSGVO. (4) The personal data concerning you have been processed unlawfully. (5) The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data concerning you have been collected in relation to information society services offered, in accordance with Article 8(1) of the DPA.
If we have made the personal data relating to you public and are obliged to delete them pursuant to Article 17(1) of the DPA, we shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested us to delete all links to these personal data or copies or replications of these personal data.
The right to erasure shall not apply insofar as the processing is necessary (1) for the exercise of the right to freedom of expression and information; (2) to comply with a legal obligation to which the processing is subject under Union or national law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest relating to public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 DSGVO; (4) for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or (5) to assert, exercise or defend legal claims.
Right to restrict processing (Art. 18 DPA) - Under the following conditions, you may request the restriction of the processing of personal data concerning you:
if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data; if the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; if the controller no longer needs the personal data for the purposes of the processing but you need them for the purpose of asserting, exercising or defending legal claims; or if you have lodged an objection to the processing pursuant to Art. 21 (1) DPA and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data relating to you has been restricted, such data - apart from being stored - may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of major public interest of the Union or a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Right of information (Art. 19 DPA) - If you have asserted the right to rectify, erase or restrict processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.
Right to data transferability (Art. 29 DPA) - You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer these data to another controller without hindrance from the controller to whom the personal data have been made available, provided that (1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and (2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one responsible party to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected. The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 paragraph 1 letter e or f of the DPA; this also applies to profiling based on these provisions.
If you exercise your right of objection, we will no longer process the personal data concerning you unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
Where your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, insofar as it is related to such direct marketing. If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.
You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures using technical specifications.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly affects you in a similar way. This shall not apply (1) where the decision is necessary for the conclusion or performance of a contract between you and the controller, (2) where the decision is authorised by Union or national law to which the controller is subject and such law contains adequate measures to safeguard your rights and freedoms and legitimate interests, or (3) with your explicit consent.
However, such decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DPA, unless Art. 9 para. 2 lit. a or g applies and adequate measures have been taken to protect your rights and freedoms and your legitimate interests. With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the controller, to express his or her point of view and to contest the decision.
Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are domiciled, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you is in breach of the DPA. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.
Further data protection information