Data privacy policy
Sect. 1 General
We will process your personal data (e.g. title, name, address, e-mail address, phone number, bank details, credit card number) solely in accordance with the provisions of the German data protection law and the data protection law of the European Union (EU). The following provisions will inform you, besides the information about the processing purposes, recipients, legal bases and storage periods, also about your rights and the controller for your data processing. This privacy policy applies only to our websites. If you are directed to other sites via links on our pages, please familiarise yourself with the respective use of your data there.
Sect. 2 Data processing for the performance of contracts
(1) Purpose of data processing
Your personal data you provide us during the ordering process are necessary for the conclusion of a contract with us. You are not obliged to provide your personal data. However, we would not be able to send you the goods without your address. For some payment methods we ask for the necessary payment data in order to pass them on to a payment service provider commissioned by us. Hence, the processing of your data collected during the ordering process is soley for the purpose of contract performance.
If you send us a request by e-mail or by using the contact form, etc. before concluding the contract, we process the obtained data to carry out pre-contractual measures and answer your questions about e.g. our products.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (b) of the GDPR.
(3) Recipient categories
Payment service provider, shipping service provider, hosting provider, if necessary merchandise management system, suppliers if necessary (drop-shipping).
(4) Duration of Storage
We store the data required for contract execution until the statutory warranty and, if applicable, contractual warranty periods expire.
We store the data required under commercial and tax law for the statutory periods, generally ten years (cf. § 257 German Commercial Code (HGB), § 147 Regulation of Taxation (AO)).
The data processed for the execution of pre-contractual measures will be deleted as soon as the measures have been carried out and the contract cannot be concluded.
Sect. 3 PayPal-transactions
Please note that all PayPal transactions are subject to the PayPal Privacy Policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Sect. 4 Web analysis with Matomo
(1) Purpose of data processing
Our website uses the web analysis service Matomo. Matomo (www.matomo.org) uses cookies. The information about your preferences generated by the cookie enables us to analyze the usage of this website. For this purpose the information generated by the cookies (including your shortened IP-address) will be transferred to our server and stored for analysis purpose. The information about your usage of this website generated by the cookies will not be transferred to any third party.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR.
(3) Right of objection
You may refuse the use of cookies by selecting the appropriate settings on your browser; however, you may not be able to use all the features of this website. If you do not agree with the storage and evaluation of the data of your visit, you can object to the storage with the click of a mouse. In this case, an opt-out cookie is stored in your browser and Matomo does not collect any session data.
Attention:
If you delete your cookies, the opt-out cookie will also be deleted and must be activated again the next time when you visit this website. Objection
Sect. 5 Information about cookies
(1) Purpose of data processing
This website uses technically necessary cookies. These are small text files that are stored in or by your Internet browser on your computer system. These cookies enable, for example, the inserting of several products in a shopping basket.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (f) of the GDPR.
(3) Legitimate interest
Our legitimate interest is the functionality of our website. The user data collected by technically necessary cookies are not used to create user profiles. This preserves your interest in data protection.
(4) Duration of storage
The technically necessary cookies are usually deleted when the browser is closed. Persistent cookies have different validity period from a few minutes to several years.
(5) Right of objection
If you do not wish these cookies to be stored, please deactivate the use of cookies in your Internet browser. However, this may cause a functional limitation of our website. You can also delete persistent cookies at any time by changing your browser settings.
Sect. 6 Your rights as a data subject
If your personal data is being processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards us, the controller:
1. Right to information
You may request us to provide information about your personal data processed by us under Article 15 of the GDPR.
2. Right to rectification
If your personal data provided to us is not up to date or not accurate you have the right to ask for modifications to your personal data under Article 16 of the GDPR. You also have the right to request us to complete an incomplete data.
3. Right to erasure
You have the right to have your personal data erased and ask for deletion of your data under Article 17 of the GDPR.
4. Right to restriction of processing
You have the right to restrict the processing your personal data under Article 18 of the GDPR.
5. Right to data portability
You have the right referred to in Article 20 of the GDPR to receive your personal data provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
6. Right to revoke the consent given under data protection law
You have the right referred to in paragraph 3 of Article 7 to withdraw your given consent based on the data protection provisions at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
7. Right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data relating to you infringes the GDPR, you have the right referring to in Article 77 of the GDPR to complain to the supervisory authority against the processing of your personal data (in particular in the Member State of your habitual residence, place of work or place of the alleged infringement ).
Please also note your right of objection under Article 21 GDPR:
a) In general: reasoned objection required
If the processing of personal data concerning you takes place in order
- to perform our overriding legitimate interest (legal basis: Article 6 (1f) GDPR)
or
- to safeguard the public interest (legal basis: Article 6 (1e) GDPR),
you are entitled to object to the processing at any time for reasons arising from your particular situation; this also applies to profiling based on the provisions of the GDPR.
In the event of objection, we will no longer process the personal data concerning you unless we can prove compelling grounds for processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims;
b) Special case of direct marketing: simple objection is sufficient
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing and without stating reasons; this includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Responsible for data processing:
EHPO e.K.
Weserstr. 14
26203 Wardenburg
Phone: 04407-91363-0
service [at] ehpo [dot] de