Privacy
Privacy policy
Status as of 21.02.2023
General scope of data processing
Data protection is a high priority in our society. We comply with the Basic Data Protection Regulation (DSGVO), which regulates the processing of personal data uniformly for the entire European Union, and other national data protection laws of the member states as well as other data protection regulations. We collect, process and use personal data only to the extent necessary to provide a functional website and to present our offers and services. As a user, you can visit our website without providing any personal information. Personal data is only collected and used to the extent necessary to provide a functional website and to present our content and services. The collection and use of your personal data is only carried out with your consent. An exception is made in cases where prior consent cannot be obtained for factual reasons or where the collection and processing of data is permitted by legal regulations.
For security reasons we use an SSL certificate on our website to provide secure connections by encrypting all incoming and outgoing data traffic. You can recognise the encryption by the lock symbol in your browser line and by the fact that "https://" is displayed there.
Name and address of the person responsible for data processing
The person responsible in the sense of the DSGVO is:
Heiz24
Owner: Matthias Falkenberg registered association.
Thesdorfer Weg 112
25421 Pinneberg
e-mail [email protected]
Phone 04101 858770
fax +49 4101 8055504
Website: www.heiz24.de
Definitions
The terms used in this data protection declaration correspond to those in Article 4 DSGVO. For the purposes of this Regulation
"personal data" shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, a geographical location, an on-line identification, or one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity
"data subject" means any identified or identifiable natural person whose personal data are processed by the controller.
"processing" - any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Restriction of processing" - the marking of stored personal data with the aim of limiting their processing in the future;
"profiling" - any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that natural person
"controller" shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or national law, provision may be made for the controller or for the specific criteria for his or her designation in accordance with Union or national law
"recipient" shall mean any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union or national law shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing;
"third party" means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process personal data
"consent" - to the data subject's freely given specific, informed and unequivocal indication of his or her wishes in the form of a declaration or any other unequivocal affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
General legal bases for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Regulation (DSGVO) is the legal basis for the processing of personal data.
In the case of processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) lit. b of the DPA is the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c DSGVO is the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d DSGVO is the legal basis.
If the processing required serves to safeguard our legitimate interests or those of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former, Article 6 (1) lit. f FADP is the legal basis for the processing.
Data erasure and storage period
Your personal data stored by us will be deleted or blocked as soon as the purpose for which it was stored no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which we are subject, e.g. on the basis of tax and commercial law storage and documentation obligations. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Collection of technical access data, server log files
Whenever you visit our website, our web server automatically collects data and information from the computer system of the computer you are using. The following data is collected:
Browser name and version used
the operating system used and its resolution
IP address
Date and time of access
Quantity of data sent
Web site from which you access our site (referrer URL)
Name and URL of files accessed via our website
Error information for error analysis
The data is temporarily stored in the log files of the web server we use. The data is automatically deleted after 14 days. A storage of this data together with other of your personal data does not take place. Your data cannot be assigned by us to any particular person. We use this technical log data only for statistical purposes and to optimise our website and its security. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.
Temporary storage of the IP address by our web server is necessary to enable delivery of the web pages accessed to your computer. For this purpose, the IP address of the calling computer must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO.
The stored data will be deleted as soon as they are no longer required for the purpose of their collection. The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection or removal on your part.
Use of cookies
We use "cookies" on our website. Cookies" are text files that are stored in the Internet browser or by the Internet browser on the calling computer system. If you call up a website, a cookie may be stored on the operating system of the computer you are using. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when you return to the website. The purpose of using cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change, e.g. log-in information, contents of the shopping cart, adoption of language settings, memorizing search terms. The user data collected through technically necessary cookies is not used to create user profiles. The data processed by cookies is required for the above-mentioned purposes to safeguard our legitimate interests in a customer-friendly website design in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. Cookies are stored on your computer and transmitted from there to our website. As a user, you therefore also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. Depending on your browser, this can also be done automatically if necessary.
Setting options for the most common browsers can be found under the following links:
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Firefox:https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent. The transmission of flash cookies cannot be prevented by the browser settings, but by changing the settings of the flash player.
Customer registration
If you have the opportunity on our website to create a customer account and register by providing your personal data, the following applies: The data will be entered into an input mask, transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process: Your first and last name, your postal address, your e-mail address, your telephone number, your personal login password. Within the scope of the registration process, your consent to the processing of this data is expressly obtained. At the time of registration, the following data is also stored: The IP address of the calling computer, date and time of registration. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f DSGVO
Your registration is required for the fulfilment of a contract with you or for the implementation of pre-contractual measures. By registering, we can quickly and conveniently provide you with the data you entered once again without you having to enter it again. The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO, if you have given your consent. If the registration serves the fulfilment of a contract between you and us or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.
Your data will be deleted as soon as they are no longer required for the purpose of their collection. This is the case for the data collected during the registration process for the performance of a contract or the implementation of pre-contractual measures if the data is no longer necessary for the performance of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.
As a user you have the possibility to cancel the registration at any time. You can have the data stored about you changed at any time. To change or delete your data, simply contact us using the contact details provided in the imprint. Ideally you should send us an e-mail. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible if there are no contractual or legal obligations that prevent a deletion.
Contact form and e-mail contact
If there is a contact form on our website that you can use for electronic contact, the following applies: If you use this option, the data entered in the input mask will be transmitted to us and stored. These data are for the processing of the establishment of contact: Your first and last name, your postal address, your e-mail address, your telephone number. Minimum mandatory data are marked with an asterisk. At the time the message is sent, the IP address of the calling computer; date and time of registration are also stored to prevent misuse of the contact form and to ensure the security of our information technology systems. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO.
For the processing of the data we obtain your consent before sending it and at the same time refer to this data protection declaration.
Alternatively, you can also contact us by e-mail. In this case, only the personal data transmitted by you with the e-mail will be stored for processing the contact. Under no circumstances will your data be passed on to third parties. Your data will be used exclusively for the purpose of communication. The legal basis for the processing of data with your consent is Art. 6 para. 1 lit. a DSGVO. The legal basis for the processing of personal data that you have sent us by e-mail is Art. 6 para. 1 lit. f DSGVO. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO.
The data is deleted as soon as it is no longer necessary for the purpose of its collection. For personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective communication with you has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has been finally clarified.
You have the possibility to revoke your consent to the processing of your personal data at any time. If you have contacted us by e-mail, you can object to the storage of your personal data at any time. The revocation can be made e.g. by sending a revocation e-mail or by letter to our contact addresses as shown in the imprint. All personal data stored in the course of contacting us will then be deleted.
Goods availability notification by e-mail
If we offer the possibility in our online shop to inform you by e-mail about the time of availability for selected, temporarily unavailable articles, you can subscribe to our e-mail notification service for the availability of goods. If you subscribe to our email availability notification service, we will send you a one-time email notification of the availability of the item you have selected. Only your e-mail address is required for sending this notification. The provision of further data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure for sending this notification. This means that we will only send you a corresponding notification once you have expressly confirmed that you consent to receiving such a message. We will then send you a confirmation e-mail asking you to confirm that you wish to receive such a notification by clicking on a corresponding link.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a DSGVO. When you register for our e-mail notification service on the availability of goods, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data we collect when you register for our goods availability e-mail notification service is used solely for the purpose of informing you about the availability of a particular item in our online shop. You can unsubscribe from the goods availability e-mail notification service at any time by sending a message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted immediately from our distribution list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
Data transfer to service partners
We only pass on your personal data to service partners who are involved in the contract processing, such as the shipping company commissioned with the delivery and the credit institute commissioned with payment matters. The extent of the data transfer to third parties is limited to the necessary minimum, namely your first and last name and your delivery address. The legal basis is Art. 6 para. 1 lit. b DSGVO.
In the event that you have expressly given us or, at your request, the service partner your consent to do so, we will also pass on your e-mail address, your telephone number or your date of birth for the purpose of coordinating a delivery date of the shipping company or a necessary identity and creditworthiness check of the payment service provider. If you do not give us your consent in this respect, prior coordination of a delivery date or a delivery announcement or a "purchase on account" or "purchase by direct debit" or "instalment purchase" is not possible. The legal basis for this is Art. 6 para. 1 lit. a DSGVO. You may of course revoke your consent at any time with future effect vis-à-vis us or the respective shipping or payment service provider.
Dispatch service provider:
DHL - In the event that the shipment is made via DHL, we will forward your respective data to Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany.
DPD - In the case of shipping via DPD, we will forward your respective data to DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg.
Payment service provider with credit check
PayPal
In the event of payment via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we will pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), within the framework of the payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal. The result of the credit assessment with regard to the statistical probability of non-payment shall be used by PayPal for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values. You can find further information on data protection law in the PayPal data protection principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
"IMMEDIATE" bank transfer
If you choose the payment method "IMMEDIATE bank transfer", the payment will be processed by Sofort GmbH (Klarna Group), Theresienhöhe 12, 80339 Munich, Germany under the terms of the respective terms of use, which can be viewed at https://www.klarna.com/sofort/. In the course of this, we pass on your information provided during the ordering process, along with the information about your order, to Sofort GmbH. At the following Internet address you will receive further information about the data protection regulations of Sofort: https://www.klarna.com/sofort/datenschutz
Sofort GmbH is part of the Klarna Group. Therefore, other Group companies, in particular Klarna Bank AB (publ), ("Klarna") may also be included in the credit assessment. Klarna Bank AB (publ) is a company under Swedish law, registered in the Swedish Business Register under number 556737-0431 with its main place of business at Sveavägen 46, 111 34 Stockholm, Sweden. On the one hand, the inclusion allows Klarna to share, to a limited extent, the results of a credit assessment with Klarna for the purpose of improving the results and to process these results for Klarna's own future credit assessments. On the other hand, the credit assessment and decisions based on the results for further contract implementation can in some cases be carried out entirely by Klarna. In this case, the relevant positive and negative payment experiences are first transmitted to Klarna and then deleted after the transaction is completed. Klarna's privacy policy can be found under the following link: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.
Novalnet
The data controller has integrated components from Novalnet AG on this website. The Novalnet AG is a full payment service provider, which among other things takes over the payment processing.
If the person concerned selects a payment method during the ordering process in the online shop, data of the person concerned will be automatically transmitted to Novalnet AG. With the selection of a payment option, the person concerned consents to the transmission of personal data for the processing of the payment.
The personal data transmitted to Novalnet is usually first name, surname, address, date of birth, gender, email address, IP address, telephone number, mobile phone number as well as other data necessary for the processing of a payment. For the processing of the sales contract, such personal data are also necessary, which are in connection with the respective order. In particular, there may be a mutual exchange of payment information, such as bank details, card number, expiry date and CVC code, data on goods and services, prices.
The transmission of data is intended in particular for identity verification, payment administration and fraud prevention. The person responsible for the processing will transmit personal data to Novalnet AG in particular if there is a justified interest for the transmission. The personal data exchanged between Novalnet AG and the person responsible for processing will be transferred to credit agencies by Novalnet AG if necessary. The purpose of this transmission is to check identity and creditworthiness.
Novalnet AG also passes on the personal data to service providers or subcontractors, as far as this is necessary to fulfil the contractual obligations or the data is to be processed.
The person concerned has the possibility to revoke his or her consent to Novalnet AG to process personal data at any time. A revocation does not affect personal data, which must be processed, used or transmitted for the (contractual) payment processing. The data protection declaration of Novalnet AG can be found under the following link: https://www.novalnet.de/datenschutz
Responsible for the data processing: Novalnet AG - Gutenbergstraße 2 - 85737 Ismaning
Phone: +49 89 9230683-29 Fax: +4989923068311 E-Mail: [email protected]
In case of payment via the payment methods "purchase on account", "direct debit", (depending on which payment method(s) are offered) the purchase price claim is assigned via Novalnet AG as payment institution to Financial Management Solutions GmbH (under the brand InfinitePay), (hereinafter referred to as "InfinitePay"). The data required for the payment processing will be transmitted to InfinitePay. One of the purposes of the data transfer is to enable InfinitePay to check your identity and creditworthiness in order to process your purchase with the desired payment method. The processing is based on Art. 6 para. 1 lit. f DSGVO from the legitimate interest in an offer of different payment methods and the legitimate interest in protection against non-payment. For reasons arising from your particular situation, you have the right to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. f DSGVO by notifying us. The privacy policy of InfinitePay can be found here: https://www.infinitepay.de/datenschutzhinweise
If you wish to receive information about the use of personal data concerning you, you can contact [email protected] at any time. The provision of the data is necessary for the conclusion of the contract with the payment method you have chosen. Failure to provide the data will mean that the contract cannot be concluded with the payment method you have requested.
Tools for web analysis
We use various web analysis tools on our website to analyse usage data in order to be able to design our online offers and our website in an optimal and demand-oriented manner with regard to user-friendliness and optimisation. The web analysis tools generally use "cookies" (for a definition see section 7.1). Data processing is always based on the legal provisions of Art. 6 Para. 1 lit f DSGVO (legitimate interest).
In order to respect your privacy, the data that may allow a reference to your person, such as IP address, login or device IDs, will be anonymised or pseudonymised as soon as possible. There will be no other use, combination with other data or transfer to third parties. In detail, the following tools are involved:
Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies" which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the anonymous, i.e. shortened IP address) is usually transferred to a Google server in the USA and stored there.
The IP-anonymisation "_anonymizeIp()" is activated on our website. This option causes your IP address to be shortened by Google within member states of the European Union or in other states which are parties to the Agreement on the European Economic Area before. This makes it impossible to personalize your IP address. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activities and to provide us with further services related to website and Internet use. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.
You can prevent the installation of cookies by adjusting your browser software accordingly. In this case, however, you must expect that you will no longer be able to use all functions of our website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting the data by clicking on the above link. An opt-out cookie will be set to prevent the future collection of your data when you visit our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found under the following link in the Google Analytics help: https://support.google.com/analytics/answer/6004245?hl=de
Google Adwords Conversion Tracking
We use the Google Conversion Tracking of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Adwords sets a "cookie" on your computer if you have reached our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of our website while the cookie is still valid, Google and we can recognize via our Adword account that you have clicked on a Google ad we have placed and have been redirected to that page.
Each Adwords customer receives a different cookie. This means that cookies cannot be tracked on the websites of Adwords customers. The information collected using the conversion cookie is used to compile conversion statistics for Adwords customers who have opted in to conversion tracking. Adwords advertisers know the total number of users who have clicked on your ad and been redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.
If you do not wish to participate in the tracking process, you may refuse to accept cookies, for example, by changing your browser setting to disable automatic cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". Google's privacy policy on conversion tracking can be found under the following link: https://services.google.com/sitestats/de.html
Rights of the data subject
If personal data is processed by you, you are a data subject within the meaning of the DSGVO and you are entitled to the following rights in relation to the person responsible:
Right to information (Art. 15 DSGVO) - You can request from us, as the person responsible, confirmation as to whether personal data concerning you is being processed by us.
In the event of processing, you may request the following information from us: the purposes for which the personal data are processed; the categories of personal data which are processed; the recipients or the categories of recipients to whom the personal data relating to you have been or will be disclosed; the planned duration of storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage; the existence of a right of rectification or erasure of personal data relating to you, a right to have the processing limited by the controller or a right to object to such processing; the existence of a right of appeal to a supervisory authority; all available information on the origin of the data when the personal data are not collected from the data subject; the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) DPA and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing on the data subject. You also have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 DPA in connection with the transfer.
Right of rectification (Art. 16 DPA) - You have the right to obtain from the controller the rectification and/or integration without delay if the personal data processed concerning you is inaccurate or incomplete.
Right to deletion (Art. 17 DSGVO) - You have the right to request from us, as the controller, that the personal data concerning you be deleted immediately.
In this case we are obliged to delete these data immediately if one of the following reasons applies: (1) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;(2) you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a FADP and there is no other legal basis for the processing. (3) You submit an objection to the processing pursuant to Art. 21 Para. 1 DSGVO and there are no overriding legitimate reasons for the processing, or you submit an objection to the processing pursuant to Art. 21 Para. 2 DSGVO. (4) The personal data concerning you have been processed unlawfully. (5) The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data concerning you have been collected in relation to information society services offered, in accordance with Article 8(1) of the DPA.
If we have made the personal data relating to you public and are obliged to delete them pursuant to Article 17(1) of the DPA, we shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested us to delete all links to these personal data or copies or replications of these personal data.
The right to erasure shall not apply insofar as the processing is necessary (1) for the exercise of the right to freedom of expression and information; (2) to comply with a legal obligation to which the processing is subject under Union or national law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest relating to public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 DSGVO; (4) for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or (5) to assert, exercise or defend legal claims.
Right to restrict processing (Art. 18 DPA) - Under the following conditions, you may request the restriction of the processing of personal data concerning you:
if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data; if the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; if the controller no longer needs the personal data for the purposes of the processing but you need them for the purpose of asserting, exercising or defending legal claims; or if you have lodged an objection to the processing pursuant to Art. 21 (1) DPA and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data relating to you has been restricted, such data - apart from being stored - may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of major public interest of the Union or a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Right of information (Art. 19 DPA) - If you have asserted the right to rectify, erase or restrict processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.
Right to data transferability (Art. 29 DPA) - You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer these data to another controller without hindrance from the controller to whom the personal data have been made available, provided that (1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and (2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one responsible party to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected. The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 paragraph 1 letter e or f of the DPA; this also applies to profiling based on these provisions.
If you exercise your right of objection, we will no longer process the personal data concerning you unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
Where your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, insofar as it is related to such direct marketing. If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.
You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures using technical specifications.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly affects you in a similar way. This shall not apply (1) where the decision is necessary for the conclusion or performance of a contract between you and the controller, (2) where the decision is authorised by Union or national law to which the controller is subject and such law contains adequate measures to safeguard your rights and freedoms and legitimate interests, or (3) with your explicit consent.
However, such decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DPA, unless Art. 9 para. 2 lit. a or g applies and adequate measures have been taken to protect your rights and freedoms and your legitimate interests. With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the controller, to express his or her point of view and to contest the decision.
Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are domiciled, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you is in breach of the DPA. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.
Further data protection information
If you have further questions regarding data protection, please feel free to contact us. You can find our contact details under point 2. of this privacy policy or in our imprint.
230120HZ
As of July 4, 2023
General scope of data processing
Data protection has a high priority in our society. We comply with the General Data Protection Regulation (GDPR), which regulates the processing of personal data uniformly for the entire European Union and other national data protection laws of the member states as well as other data protection regulations. As a general rule, we only collect, process and use personal data to the extent that this is necessary to provide a functional website and to present our offers and provide our services. As a user, you can generally visit our websites without providing any personal information. Personal data is only collected and used to the extent necessary to provide a functional website and our content and services. The collection and use of your personal data generally only takes place with your consent. An exception applies in cases in which prior obtaining consent is not possible for actual reasons or the collection and processing of data is permitted by legal regulations.
For security reasons, we use an SSL certificate on our website to provide secure connections by encrypting all incoming and outgoing traffic. You can recognize the encryption by the lock symbol in your browser line and by the fact that "https://" is displayed there.
Name and address of the person responsible for data processing
The person responsible within the meaning of the GDPR is:
Heiz24Inhaber Matthias Falkenberg e.K.
Thesdorfer Weg 112
25421 Pinneberg
Telephone 04101 858770
Fax +49 4101 8055504
Website: www.heiz24.de
DefinitionsThe terms used in this data protection declaration correspond to those in Article 4 GDPR. For the purposes of this Regulation, the term
means
- "personal data" - any information relating to an identified or identifiable natural person; A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person;
- "data subject" - any identified or identifiable natural person whose personal data are processed by the data controller.
- "Processing" - any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data, such as the collection, recording, organization, structuring, storage, adaptation or modification, reading, etc Query, use, disclosure by transmission, distribution or other form of delivery, alignment or combination, restriction, deletion or destruction;
- "Restriction of processing" - the marking of stored personal data with the aim of restricting their future processing;
- "Profiling" - any type of automated processing of personal data, which consists in using these personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation , analyze or predict the health, personal preferences, interests, reliability, behavior, location or movements of that natural person;
- "Controller" - the natural or legal person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means of processing personal data; If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- "Recipient" - a natural or legal person, public authority, agency or other body to which personal data is a third party or not. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be deemed to be recipients; the processing of these data by the said authorities will be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;
- "Third party" - a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor, the personal data to process;
- "Consent" - the data subject's voluntary, informed and unequivocal expression of will in the specific case, in the form of a statement or other unequivocal confirmatory act, by which the data subject indicates that he or she agrees to the processing of the data agrees to the personal data concerning you.
To the extent that we obtain the consent of the data subject for processing personal data, Article 6 Paragraph 1 Letter a of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data.
When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR is the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 Para. 1 lit. c GDPR is the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 lit. d GDPR is the legal basis.
If the necessary processing serves to protect our legitimate interests or those of a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR is the legal basis for the processing.
Data deletion and storage period
Your personal data stored by us will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by European or national legislators in Union regulations, laws or other regulations to which we are subject, e.g. due to tax and commercial law retention and documentation obligations. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data to conclude or fulfill a contract.
Collection of technical access data, server log files
Every time our website is accessed, our web server automatically collects data and information from the computer system of the computer you are using. The following data is collected:
- Browser name and version used
- operating system used and its resolution
- IP address
- Date and time of access
- Amount of data sent
- Website from which you access our website (referrer URL)
- Name and URL of the files accessed via our website
- Error information for error analysis
The data is temporarily stored in the log files of the web server we use. The data will be automatically deleted after 14 days. This data will not be stored together with other of your personal data. We cannot assign your data to specific persons. We only use this technical log data for statistical purposes and to optimize our website and its security. The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. f GDPR.
The temporary storage of the IP address by our web server is necessary to enable the web pages accessed to be delivered to your computer. To do this, the IP address of the accessing computer must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and ensure securityis disclosed, regardless of whether it iswith our information technology systems. The data will not be evaluated for marketing purposes in this context. The above purposes also include our legitimate interest in data processing in accordance with Article 6 Paragraph 1 Letter f of the GDPR.
The stored data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection or removal on your part.
Use of cookies
We use “cookies” on our website. “Cookies” are text files that are stored in the Internet browser or by the Internet browser on the accessing computer system. If you visit a website, a cookie may be stored on the operating system of the computer you are using. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again. The purpose of using cookies is to make it easier for you to use websites. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change, e.g. log-in information, contents of the shopping cart, adoption of language settings, remembering search terms. The user data collected through technically necessary cookies is not used to create user profiles. The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests in customer-friendly website design in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Cookies are stored on your computer and transmitted from it to our website. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. Depending on the browser, this can also be done automatically.
Setting options for the most common browsers can be found under the following links:
Chrome: http://support.google.com/chrome/ bin/answer.py?hl=de&hlrm=en&answer=95647
Firefox:https://support.mozilla.org/de/kb/cookies-allow-und- reject
Internet Explorer: http://windows.microsoft.com/de-DE/windows -vista/Block-or-allow-cookies
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website. The transmission of Flash cookies cannot be prevented via the browser settings, but can be prevented by changing the Flash Player settings.
Customer registration
If you have the opportunity to set up a customer account on our website and register by providing your personal data, the following applies: The data will be entered into an input mask and transmitted to us and stored. A transfer of data to third parties does not take place. The following data is collected as part of the registration process: your first and last name, your postal address, your email address, your telephone number, your personal login password. As part of the registration process, your consent to the processing of this data will be expressly obtained. At the time of registration, the following data is also stored: the IP address of the accessing computer, date and time of registration. The above purposes also include our legitimate interest in data processing in accordance with Article 6 Paragraph 1 Letter f of the GDPR
Your registration is necessary to fulfill a contract with you or to carry out pre-contractual measures. By registering, we can make the data you have entered available to you quickly and conveniently again, without you having to enter it again. If you have given your consent, the legal basis for processing the data is Article 6 (1) (a) GDPR. Does the registration serve to fulfill a contract between you and us or the provider?If pre-contractual measures are taken, the additional legal basis for processing the data is Art. 6 Para. 1 lit. b GDPR.
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case during the registration process to fulfill a contract or to carry out pre-contractual measures if the data is no longer required to carry out the contract. Even after the contract has been concluded, it may be necessary to store the contractual partner's personal data in order to comply with contractual or legal obligations.
As a user, you have the option to cancel your registration at any time. You can change the data stored about you at any time. To change or delete your data, simply contact us using the contact details shown in the legal notice. Ideally, you should send us an email. If the data is necessary to fulfill a contract or to carry out pre-contractual measures, early deletion of the data is only possible if contractual or legal obligations do not conflict with deletion.
Contact form and email contact
If there is a contact form on our website that you can use to contact us electronically, the following applies: If you use this option, the data entered in the input mask will be transmitted to us and stored. This data is used to process contact: your first and last name, your postal address, your email address, your telephone number. Minimum mandatory information is marked with an asterisk. At the time the message is sent, the IP address of the accessing computer is also recorded; The date and time of registration are saved to prevent misuse of the contact form and to ensure the security of our information technology systems. The above purposes also include our legitimate interest in data processing in accordance with Article 6 Paragraph 1 Letter f of the GDPR.
We obtain your consent to process the data before sending it and at the same time refer you to this data protection declaration.
Alternatively, you can also contact us by email. In this case, only the personal data you provided in the email will be stored in order to process the contact. Under no circumstances will your data be passed on to third parties. Your data will only be used for the intended communication. The legal basis for processing the data if you have given your consent is Article 6 (1) (a) GDPR. The legal basis for the processing of personal data that you have sent to us by email is Article 6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective communication with you has ended. The conversation is ended when it can be seen from the circumstances that the matter in question has been finally clarified.
You have the option to revoke your consent to the processing of personal data at any time. If you have contacted us by email, you can object to the storage of your personal data at any time. The revocation can be done, for example, by sending a revocation email or by letter to our contact addresses shown in the legal notice. All personal data that was stored in the course of contacting us will then be deleted.
Goods availability notification via email
If we offer the option of informing you by email about the time of availability for selected, temporarily unavailable items in our online shop, you can register for our email notification service for product availability. If you register for our email notification service for product availability, we will send you a one-time email message about the availability of the item you have selected. The only mandatory information for sending this notification is your email address. Providing further data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure to send this notification.This means that we will only send you a corresponding notification if you have expressly confirmed to us that you consent to receive such a message. We will then send you a confirmation email asking you to confirm that you wish to receive such notification by clicking on a link.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When you register for our email notification service about product availability, we store your IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration to prevent possible misuse of your email address at a later date to be able to understand. The data we collect when you register for our email notification service about product availability is used solely for the purpose of informing you about the availability of a specific item in our online shop. You can unsubscribe from the e-mail notification service about product availability at any time by sending a message to the person responsible mentioned at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration .
Data transfer to service partners
We only pass on your personal data to service partners who are involved in contract processing, such as the shipping company responsible for delivery and the credit institution responsible for payment matters. The scope of data transfer to third parties is limited to the necessary minimum, namely your first and last name and your delivery address. The legal basis is Article 6 Paragraph 1 Letter b GDPR.
In the event that you have given us or, at your request, the service partner your express consent, we will also provide your email address, your telephone number or your date of birth for the purpose of coordinating a delivery date with the shipping company or a necessary identity and creditworthiness query of the payment service provider. If you do not give us your consent, prior coordination of a delivery date or a delivery announcement or a “purchase on account” or “purchase by direct debit” or “purchase in installments” is not possible. The legal basis for this is Article 6 Paragraph 1 Letter a GDPR. You can of course revoke your consent at any time with future effect from us or from the respective shipping or payment service provider.
Shipping service provider:
DHL - If shipping takes place via DHL, we will pass on your respective data to Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn.
DPD - If shipping takes place via DPD, we will pass on your respective data to DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg.
Payment service provider with credit check
PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we pass on your payment details to PayPal (Europe) S.à r.l. as part of the payment processing. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). PayPal reserves the right to carry out a credit check for payment methods such as credit card via PayPal, direct debit via PayPal or “purchase on account” via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. Further data protection information can be found in the PayPal data protection principles: https://www. paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
"IMMEDIATELY" transfer
If you choose the "SOFORT transfer" payment method, payment will be processed via Sofort GmbH (Klarna Group), Theresienhöhe 12, 80339 Munich, Germany under the jrespective terms of use, which can be viewed at https://www.klarna.com/sofort/. In the course of this, we pass on the information you provided during the ordering process, along with the information about your order, to Sofort GmbH. You can find further information about SOFORT's data protection regulations at the following internet address: https://www.klarna.com/sofort/datenschutz
Sofort GmbH is part of the Klarna Group. Therefore, other group companies, in particular Klarna Bank AB (publ), (“Klarna”), can also be included in the credit check. Klarna Bank AB (publ) is a company incorporated under Swedish law, registered in the Swedish Companies Register under number 556737-0431 with its principal place of business at Sveavägen 46, 111 34 Stockholm, Sweden. On the one hand, the inclusion allows the results of a credit check to be shared with Klarna to a limited extent in order to improve the results and processed by Klarna for its own future credit checks. Conversely, the credit check and the decisions based on the result for the further execution of the contract can in some cases also be carried out entirely by Klarna. In this case, the relevant positive and negative payment experiences will first be transmitted to Klarna and deleted after the transaction has been completed. The Klarna data protection declaration can be found under the following link: https://cdn.klarna. com/1.0/shared/content/legal/terms/0/de_de/privacy.
Novalnet
The person responsible for processing has integrated components from Novalnet AG on this website. Novalnet AG is a full payment service provider that, among other things, handles payment processing.
If the data subject selects a payment method during the ordering process in the online shop, the data of the data subject is automatically transmitted to Novalnet AG. By selecting a payment option, the data subject consents to the transmission of personal data in order to process the payment.
The personal data transmitted to Novalnet generally includes first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number and other data necessary to process a payment . In order to process the purchase contract, personal data that is related to the respective order is also necessary. In particular, there may be a mutual exchange of payment information, such as bank details, card number, validity date and CVC code, data on goods and services, prices.
The purpose of transmitting the data is, in particular, identity verification, payment administration and fraud prevention. The person responsible for processing will transmit personal data to Novalnet AG in particular if there is a legitimate interest in the transmission. The personal data exchanged between Novalnet AG and the person responsible for processing may be transmitted by Novalnet AG to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness.
Novalnet AG also passes on personal data to service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or the data is to be processed.
The data subject has the opportunity to revoke their consent to the handling of personal data at any time from Novalnet AG. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing. Novalnet AG's data protection declaration can be found at the following link: https://www.novalnet.de/datenschutz
Responsible for data processing is: Novalnet AG - Gutenbergstraße 2 - 85737 Ismaning
Tel.: +49 89 9230683-29 Fax: +4989923068311 Email: [email protected]
When paying via the payment methods “purchase on account”, “direct debit”, (depending on which payment method(s) are offered), the purchase price claim is sent via Novalnet AG as the payment institution to Financial Management Solutions GmbH (under the InfinitePay brand). , (hereinafter referred to as “InfinitePay”) assigned. The data required for payment processing is transmitted to InfinitePay. The DData transmission serves, among other things, the purpose of allowing InfinitePay to carry out an identity and creditworthiness check in order to process your purchase using your desired payment method. Processing is carried out on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to the legitimate interest in offering different payment methods and the legitimate interest in protecting against payment default. For reasons arising from your particular situation, you have the right to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR by notifying us. You can find InfinitePay's data protection declaration here: https://www.infinitepay.de/datenschutzscheine
If you would like to receive information about the use of your personal data, you can contact [email protected] at any time. The provision of the data is necessary for the conclusion of the contract with the payment method you require. Failure to provide this means that the contract cannot be concluded with the payment method you requested.
Tools for web analysisWe use various web analysis tools on our website to analyze usage data in order to be able to design our online offerings and our website optimally and in line with needs with a view to user-friendliness and optimization. The web analysis tools generally use “cookies” (for definition see section 7.1). Data processing is carried out on the basis of the legal provisions of Art. 6 Para. 1 lit f GDPR (legitimate interest).
In order to respect your privacy, the data that may be related to you personally, such as IP address, login or device identifiers, will be anonymized or pseudonymized as soon as possible. There will be no other use, combination with other data or transfer to third parties. Specifically, these are the following tools:
Google Analytics 4 without cookies
We use Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), to analyze the use of our websites.
When you access our website, by default no cookies (text files that are stored on your device and that enable analysis of your use of the website) are used as part of the so-called consent mode (beta version) of Google Analytics 4. Unless you expressly agree to the setting of cookies and the reading of information from cookies when using our cookie consent tool. Until you give your consent and - if you expressly refuse this upon our request - no cookies will be set or read by Google Analytics 4 when you continue to use this website. Instead, certain information about your usage behavior is collected and processed using so-called “pings”.
In this case, the information collected through so-called pings about your use of the website (including the IP address transmitted by your device, shortened by the last digits, see below) is usually transmitted to a Google server and stored and further processed there . This can also result in information being transferred to the servers of Google LLC based in the USA and being further processed there. If you expressly agree to the use of cookies, this also applies to the information collected by cookies about your use of the website.
When using Google Analytics 4, the IP address transmitted by your device when using the website is automatically and automatically collected and processed only in anonymized form. This means that any direct personal reference to the information collected is excluded. This automatic anonymization is carried out by Google shortening the IP address transmitted by your device by the last digits within member states of the European Union (EU) or in other contracting states to the Agreement on the European Economic Area (EEA).
On our behalf, Google will use this and other information to evaluate your use of the website, to compile reports on your website activities or usage behavior and to provide us with other services related to website and Internet usage. The shortened IP address transmitted in this context by your device as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for 2 months and then deleted.
Google Analytics 4 also allows the creation of Statistics with statements about the age, gender and interests of website users based on an analysis of interest-based advertising and incorporating third-party information via a special function called “demographic characteristics”. This makes it possible to determine and differentiate between user groups on the website for the purpose of targeting marketing measures. However, the data collected via “demographic characteristics” cannot be assigned to a specific person and therefore cannot be assigned to you personally. Data collected via the “Demographic Characteristics” function is stored for two months and then deleted.
All the processing described above, including data transfers via “pings” and
The possible setting of Google Analytics cookies to store and possibly read information on the device you use to use the website will only take place if you have given us your express consent in accordance with Article 6 (1) (a) GDPR have granted. Without your consent, your use of the website will not be evaluated. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service using the "cookie consent tool" provided on the website.
The “Google Signals” service can also be used on our website as an extension of Google Analytics 4. With Google Signals, Google can create cross-device reports (so-called “cross-device tracking”). If you have activated "personalized ads" in the settings of your Google account and linked your internet-enabled devices to your Google account, Google can analyze user behavior across devices and create database models based on this, provided you have given your consent to the use of Google Analytics in accordance with Art 6 Paragraph 1 Letter a GDPR via our cookie consent tool. The logins and device types of all site visitors who were logged into a Google account and carried out a conversion are taken into account. The data shows, among other things, on which device you first clicked on an ad and on which device the associated conversion took place. If Google Signals is used, we do not receive any personal data from Google, but only statistics that are created on the basis of Google Signals. You have the option to deactivate the “Personalized Ads” function in the settings of your Google account and thus switch off cross-device analysis. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de
Further information can be found here: https://support.google.com/analytics/answer/7532985?hl=de
Google Analytics 4 can also use the “UserIDs” function as an extension on this website. By assigning individual UserIDs, we can have Google create cross-device reports (so-called “cross-device tracking”). This means that your usage behavior can also be analyzed across devices if you have given your consent to the use of Google Analytics in accordance with Article 6 (1) (a) GDPR when you have set up a personal account by registering on this website and are logged into your personal account on different devices using your respective access data. The data collected in this way shows, among other things, on which device you clicked on an ad for the first time and on which device the corresponding conversion took place.
Because of the use of Google Analytics 4, we have concluded a so-called data processing contract with Google. This means that Google is obliged to protect the data of our website users and not to pass it on to third parties.
In order to ensure compliance with the European level of data protection, including any transfer of data from the EU or EEA to the USA and possible further processing there, Google refers to the so-called standard contractual clauses of the European Commission. We have contractually agreed this with Google.
Further legal information about Google Analytics 4, including a copy of the aforementioned Standard Contractual Clauses, can be found at the following link: https://policies.google.com/privacy?hl=en
Details about the processing triggered by Google Analytics 4 and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
Google Adwords Conversion Tracking
We use Google Conversion Tracking from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Adwords places a “cookie” on your Computer if you came to our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. If you visit certain pages on our website while the cookie has not yet expired, Google and we can recognize via our Adword account that you clicked on a Google ad we placed and were redirected to this page.
Every Adwords customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who clicked on your ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.
If you do not want to take part in the tracking process, you can also refuse the necessary setting of a cookie - for example by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". Google's data protection policy on conversion tracking can be found under the following link: https://services.google.com/sitestats/de.html
Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights towards the person responsible:
Right to information (Art. 15 GDPR) - You can request confirmation from us as the person responsible as to whether personal data concerning you is being processed by us.
In the case of processing, you can request the following information from us: the purposes for which the personal data is processed; the categories of personal data that are processed; the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period; the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller or a right to object to this processing; the existence of a right to lodge a complaint with a supervisory authority; all available information about the origin of the data if the personal data is not collected from the data subject; the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject. You also have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
Right to rectification (Art. 16 GDPR) - You have the right to immediate rectification and/or completion from the person responsible if the processed personal data concerning you is incorrect or incomplete.
Right to deletion (Art. 17 GDPR) - You can request that we, as the person responsible, delete the personal data concerning you immediately.
In this case, we are obliged to delete this data immediately if one of the following reasons applies: (1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed. (2 ) You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing. (3) You object to the processing in accordance with Article 21 Paragraph 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 Paragraph 2 of the GDPR. (4) The personal data concerning youare processed unlawfully. (5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
If we have made the personal data concerning you public and we are obliged to delete it in accordance with Article 17 Para. 1 GDPR, we will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to ensure that those responsible for data processing, to inform those processing the personal data that you, as the data subject, have requested that we delete all links to this personal data or copies or replications of this personal data.
The right to deletion does not exist if the processing is necessary (1) to exercise the right to freedom of expression and information; (2) to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller became; (3) for reasons of public interest in the area of public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR; (4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the law referred to in section a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or (5) to assert, exercise or defend legal claims.
Right to restriction of processing (Art. 18 GDPR) - Under the following conditions, you can request the restriction of the processing of personal data concerning you:
if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data; the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or if you have objected to the processing in accordance with Art. 21 Para. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.
Right to information (Art. 19 GDPR) - If you have asserted the right to rectification, deletion or restriction of processing against the person responsible, the person responsible is obliged to inform all recipients to whom the personal data concerning you have been disclosed, this rectification or deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients by the person responsible.
Right to data portability (Art. 29 GDPR) - You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that (1) the processing is based on consent in accordance with Article 6 Paragraph 1 Letter a of the GDPR or Article 9 paragraph 2 lit
In exercising this right, you also have the right token that the personal data concerning you will be transmitted directly from one person responsible to another person responsible, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions.
If you exercise your right to object, we will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend of legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
In connection with the use of information society services - notwithstanding Directive 2002/58/EC - you have the opportunity to exercise your right to object using automated procedures using technical specifications.
Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply (1) if the decision is necessary for the conclusion or performance of a contract between you and the controller, (2) is permitted by Union or Member State law to which the controller is subject and such legislation requires appropriate measures to protect your rights and freedoms as well as your legitimate interests or (3) with your express consent.
However, these decisions may not be based on special categories of personal data in accordance with Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 Letters a or g applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests. With regard to the cases mentioned in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express one's own point of view and to challenge the decision.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you is contrary to violates the GDPR. The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
Further data protection information
If you have any further data protection questions, please feel free to contact us. You can find our contact details under section 2 of this data protection declaration or in our legal notice.
Endereco
On our website we offer you the opportunity to check certain entries in the address forms of our web shop in real time for input errors, e.gu check. This is to avoid problems with the delivery of the products you have ordered due to incorrect information.
We would also like to ensure that your contact details are valid for sending information about your order or for any necessary queries.
To provide these functions, we use the service provider Endereco, Balthasar-Neumann-Straße 4b, 97236 Randersacker. The service provider processes the data exclusively according to our instructions. Legal basis for the transmission, processing and temporary storage of the data
The service provider is subject to Art. 6 Para. 1 lit. b GDPR, as it is essential for the fulfillment of the contract or to carry out pre-contractual measures that some of the data you enter into the input mask is checked for accuracy. The following data is sent by the
Service provider processes:
- Address (country, city, postal code, street, house number if applicable)
- Email address (if not activated, please delete)
- Phone number (if not activated please delete)
The data is processed separately by the service provider and not combined. The requests will be deleted by the service provider as soon as the status of the data entered has been determined and storage in the web shop has been completed, but no later than after 30 days.
230704HZ