Thank you for visiting our website and for your interest in our company, our products and our website.
Data protection is a matter of trust and your trust is important to us. The protection and lawful processing of your personal data is an important concern for us.
At this point we would like to inform you about the processing of personal data carried out by us.
Table of Contents:
- Name and address of the responsible person
- Data Protection Officer
- General information on data processing
- Information on data processing when visiting our website
- WooCommerce and WooCommerce Germanized
- Information on data processing for the creation of a customer account
- Information on data processing for handling your order
- Information on data processing for advertising purposes
- Notes on data processing for applications
- Use of analytics services (Google Analytics)
- Use of Google Fund
- Social media
- Your rights
- Data security
1. name and address of the responsible person
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is the:
Managing Director: Dr. Marisa Nöldeke
Phone: +49 (30) 235 98 60 20
2. data protection officer
For all questions on the subject of data protection, you can also contact our data protection officer at any time.
Please contact for this purpose:
Managing Director: Dr. Marisa Nöldeke
Phone: +49 (30) 235 98 60 20
3. general information on data processing
As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website and for our content and services.
a) Personal data
Personal data in the sense of the DSGVO and the BDSG is all information, is all information relating to an identified or identifiable natural person (hereinafter: "data subject"). The personal data of users processed within the framework of this online offer includes in particular
- Your name, title, address, e-mail address, telephone number, encrypted password to the customer account and, if applicable, your date of birth,
- Your order information, the products you purchased, the services you used, payment information, your preferences regarding product types,
- Your data, which is generated during the use of our online offer,
- Data that we receive from our service providers in certain cases (e.g. from payment service providers).
Affected groups of people are:
- current employees,
- former employees,
- Service provider,
- other business partners.
b) Purposes of the processing
We process personal data of our users only insofar as this is necessary for the provision of a functional website and our content and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases where obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
We process personal data when you visit our website (section 4), when you set up a customer account (section 7) and when you place an order with us (section 8). In addition, we process personal data for advertising purposes (clause 9) and when you apply for a job with us (clause 10).
The collection and use of personal data of our users is always in accordance with the DSGVO and the applicable country-specific data protection rules. If the processing of personal data is necessary and such processing is not permitted by legal regulations, we always obtain the consent of the data subject. If we ask you to provide certain personal data, you can of course refuse to do so. You have the choice as to which information you give us. However, there is then a possibility that we will not be able to offer you certain products and services.
c) Legal basis
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (hereinafter "GDPR") serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and if our interests, the fundamental rights and freedoms of the data subject are overridden, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
d) Disclosure of your data
A transfer of personal data to third parties takes place in the following cases and on the basis of the legal basis stated in each case:
- if you have expressly consented to the transfer of your data (Art. 6 para. 1 p. 1 lit. a DSGVO),
- if a transfer of the data to third parties is necessary in accordance with Art. 6 para. 1 lit. b DSGVO for the performance of the contract; this includes, for example, data transfers to payment and logistics service providers, carriers and suppliers if they supply you directly,
- if there is a legitimate interest of the responsible party or a third party for the disclosure and no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 para. 1 p. 1 lit. f DSGVO); this includes, for example, data transfers in the context of assignments of claims or to credit agencies for the purpose of credit checks,
- if there is a legal obligation for the transfer according to Art. 6 para. 1 p. 1 lit. c DSGVO.
Service providers acting on our behalf have been carefully selected and commissioned by us and are bound by our pattern. Furthermore, we are contractually entitled to monitor the service providers' compliance with the relevant contractual and legal rules. The external service providers can be assigned to the following categories:
- Service provider for the hosting, maintenance and upkeep of our website,
- Banks and other payment service providers, including for processing payments,
- Service provider in the field of shipping, transport and deliveries,
- Service provider in the field of accounting and tax
- Mailing provider for e-mail newsletters as well as mailing provider for catalogs,
- Service provider from the field of marketing and web analytics,
- Service provider for customer inquiries,
- Service provider for the display of forms on the website.
If we transfer personal data to recipients in so-called "third countries", i.e. countries outside the European Union ("EU") or the European Economic Area ("EEA"), in which a level of data protection comparable to that in the EU cannot be assumed without further ado and we are not authorized to transfer on the basis of a legal obligation, we ensure that the required adequate level of data protection is guaranteed in the respective third country or at the recipient in the third country. This may result in particular from a so-called "adequacy decision" of the European Commission, which establishes an adequate level of data protection for a specific third country as a whole. In addition, we can also base the data transfer on the so-called "EU standard contractual clauses" agreed with a recipient. You can read the contractual texts of the EU standard contractual clauses at the European Commission. This also applies to adequacy decisions. Further information can be obtained from the data protection officer at firstname.lastname@example.org.
e) Storage period and deletion
As a matter of principle, we only store your data for as long as it is required for the respective purpose of processing. We store the personal data collected for the purpose of contract processing until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiry of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (regularly 10 years from the conclusion of the contract), the data is processed again solely in the event of an audit by the tax authorities.
We delete the data collected and stored in connection with the customer account at the latest when the purpose of the storage no longer applies or you inform us that your customer account should be deleted. However, an early deletion of your personal data is not possible if and to the extent that the data is still necessary for the execution of the contract or if legal regulations oblige us to further storage.
4. notes on data processing when visiting our website
When you visit our website www.maschenfein.com, the browser you use automatically transmits information to our website server.
The following information is collected and stored until automatic deletion:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- the referrer URL, i.e. the website from which the access was made,
- Information about the type of browser used,
- the operating system of your computer,
- the name of the Internet service provider.
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. The legitimate interest in the processing lies in the technical enablement of the call of the internet presence, the optimized presentation of the content to the user and the future further improvement/optimization of the internet offer.
You have the right to object to the processing of your personal data on the basis of a legitimate interest. For this purpose, it is sufficient to send a message, e.g. by e-mail to email@example.com. However, the non-provision would possibly result in you not being able to use our website or not being able to use it to its full extent.
5. WooCommerce and WooCommerce Germanized
This website uses the WordPress plugins Woocommerce, Woocommerce Germanized, Woocommerce Wishlist and Woocommerce Waitlist to ensure the sale of products technically smooth. Each of these is a local plugin for WordPress, which adds the functionality of an online store to the content management system. No personal data is transferred to Woocommerce. WooCommerce Germanized extends WooCommerce and ensures the technical adaptation to the specific German legal conditions. In this way, we ensure compliance with data protection regulations when using WooCommerce.
6. notes on data processing for the creation of a customer account
You can register in our online store and create a customer account. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered.
The legal basis for the processing is Art. 6 para. 1 lit. a.
The personal data collected during registration will be stored by us for as long as you are registered in our online store, after which it will be deleted. This does not affect statutory retention obligations.
You have the right to revoke your consent for the processing of your personal data at any time. For this purpose, it is sufficient to send a message, e.g. by e-mail to firstname.lastname@example.org. In this case, your account will expire and we will no longer be able to offer you our services in full.
7. notes on data processing for the handling of your order
For the processing and handling of your order we need your title, your first and last name, the address data, your e-mail address and a telephone number (optional). We use this to fulfill our obligations under the purchase contract with you, for claims management, as well as for the processing of any returns and warranty cases. The processing of your personal data serves to fulfill the contract with you. The legal basis for this is Art. 6 para. 1 lit. b or f DSGVO.
Those data that are absolutely necessary for delivery or order processing are passed on to third party service providers. In addition, we and our logistics service providers use this data to inform you about the status of your delivery and delivery times.
We process your payment information for the purpose of payment processing, i.e. when you purchase or claim a product via www.maschenfein.com. Depending on the payment method, we forward your payment information to third parties (e.g. in the case of credit card payment to your credit card provider).
The legal basis for data processing by maschenfein is Art. 6 para. 1 lit. a, Art. 6 para.1 lit. b and Art. 6 para. 1 lit. f DSGVO.
When paying via PayPal, your payment data will be forwarded to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or purchase on account via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values. For further information on data protection law, including information on the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
We offer on our website the payment method "Sofortüberweisung" of the company Sofort GmbH for cashless payment. Sofort GmbH has belonged to the Swedish company Klarna since 2014, but has its headquarters in Germany, Theresienhöhe 12, 80339 Munich.
If you decide to use this payment method, personal data will also be transmitted to Sofort GmbH, stored and processed there.
Sofortüberweisung is an online payment system that allows you to place an order via online banking. In this case, the payment processing is carried out by Sofort GmbH and we immediately receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. Only a few banks do not yet support this payment method.
We use "Sofortüberweisung" to provide you with the best possible service. This includes, in addition to the overall experience on the website and in addition to our offers, a smooth, fast and secure payment processing of your orders. To ensure this, we use "Sofortüberweisung" as a payment system.
When you make an instant transfer via the Sofort/Klarna service, data such as name, account number, bank code, subject, amount and date are stored on the company's servers. We also receive this information via the payment confirmation.
As part of the account coverage check, Sofort GmbH checks whether your account balance and overdraft facility cover the payment contribution. In some cases, it also checks whether Sofort transfers have been made successfully in the last 30 days. In addition, your user identification (such as user number or contract number) in abbreviated ("hashed") form and your IP address are collected and stored. For SEPA transfers, the BIC and IBAN are also stored.
According to the company, no other personal data (such as account balances, turnover data, withdrawal limits, account lists, cell phone number, authentication certificates, security codes or PIN/TAN) is collected, stored or passed on to third parties.
8. notes on data processing for advertising purposes
We also use your information to communicate with them for promotional purposes about your orders, recommend certain products or services that may interest you.
You can object to the use of your data for advertising purposes at any time. All you need to do is send a message, e.g. by e-mail to email@example.com.
On our website you can sign up to receive our newsletter. Our newsletter contains news, offers and other information about maschenfein products and services.
The newsletter is sent on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO. To receive the newsletter, you must enter your email address in the field provided for this purpose on our website. You will then receive an e-mail from us in which we ask you to confirm that you would like to receive our newsletter by clicking on a link (double opt-in). We will therefore only send you a newsletter if you have previously expressly confirmed that you would like to receive one.
We use the services of MailChimp to send our newsletters.
The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on MailChimp's servers in the USA.
With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to MailChimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
You can revoke your consent to the processing of your data for newsletter dispatch at any time with effect for the future. For this purpose, it is sufficient to send a message, e.g. by e-mail to firstname.lastname@example.org. You will also find an unsubscribe link in every newsletter.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. email addresses for the member area) remains unaffected by this.
At MailChimp, the European Commission's standard contractual clauses apply to the transfer of data for online advertising and personal data originating from the European Economic Area, Switzerland and the United Kingdom.
We have concluded a so-called "Data Processing Agreement" with MailChimp, in which we oblige MailChimp to protect our customers' data and not to pass it on to third parties.
For more information, see:
9. notes on data processing for applications
If you apply for a job with us, we process the information you provide, in particular your first and last name, your e-mail address, your postal address, your telephone number and the information contained in any application documents such as cover letter, resume and references ("application data").
The data you provide to us as part of your application will be processed exclusively for the purpose of handling this application. We always treat your application data confidentially.
The legal basis for the described processing of your application data is Art. 6 para. 1 p. 1 lit. b and Art. 88 para. 1 DSGVO in conjunction with Section 26 para. 1 p. 1 BDSG.
If your application is successful and leads to an employment relationship, the data will be transferred to your personnel file. The data will be stored for as long as is necessary for the employment relationship and insofar as legal regulations justify an obligation to retain it. The legal basis for this processing is also Art. 6 Para. 1 Sentence 1 lit. b and Art. 88 Para. 1 DSGVO in conjunction with Section 26 Para. 1 Sentence 1 BDSG.
If your application is unsuccessful, we will generally store your application data for a maximum of 6 months after completion of the relevant application process in order to be able to defend ourselves against any legal claims. The legal basis for this storage is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest in this context stems from the burden of proof in proceedings.
The documents you submit as part of the application may contain personal data that fall under "special categories of personal data" as defined in Article 9 of the GDPR ("sensitive data"). These are personal data that may reveal a natural person's racial or ethnic origin, political opinions, religion or beliefs, trade union membership, genetic predispositions or biometric data, health status or information about sex life or sexual orientation.
As a rule, we do not require any special categories of personal data within the meaning of Art. 9 DSGVO for the application process. We therefore ask you not to provide us with any such information from the outset. Should such information be relevant by way of exception, we will inform you accordingly.
In the event that your application nevertheless contains sensitive data, we ask for your express consent to process this data for the purpose of processing the application. You are free to decide whether you wish to give this consent. The consent can be revoked at any time. The revocation of consent does not affect the lawfulness of processing that took place on the basis of consent before the revocation. In this regard, however, we would like to point out that in the event that your application has led to employment, the further processing of the sensitive data (also) contained in the application may be necessary in order to exercise rights arising from labor law and social security and social protection law and to be able to fulfill obligations in this regard, and may therefore be justified in accordance with Art. 9 (2) lit. b DSGVO even without your consent.
The legal basis for the processing of sensitive data in the case of your consent is Art. 9 (2) lit. a DSGVO; in the case of employment, the processing in this regard is based on Art. 9 (2) lit. b DSGVO and Section 26 (3) BDSG.
Please note that your application cannot be considered if your application documents contain sensitive data and you do not consent to their processing or revoke consent.
Cookies can store unique identifiers consisting of a string of characters that allow the browser to be identified when the website is visited again. Cookies can store various information, such as browser type, operating system used, language settings or other personal page settings, as well as user behavior, such as sub-pages accessed or links clicked. This does not mean that we gain direct knowledge of your identity as a result.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or to display advertising.
Technically necessary cookies:
Technically necessary cookies are those that are required for the smooth functioning of our website. Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services.
Cookies for marketing purposes:
Marketing cookies are used to show you interest-based advertising. When you visit another website, the cookie of your browser will be recognized again and you will be shown selected advertising based on the information stored in this cookie. These cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time for the future.
Cookies for analysis purposes:
These cookies can be used to measure the reach of our own offer. Through the set cookie, we can, among other things, track which website was visited before calling up our website and how our website was used. We use this data to, among other things, optimize our website by evaluating the campaigns we run These cookies are only stored with your consent on the basis of Art. 6 (1) lit. a DSGVO. The consent can be revoked at any time for the future.
You can set your browser to allow you to
- be informed about the setting of cookies,
- Allow cookies only in individual cases,
- exclude the acceptance of cookies for certain cases or in general,
- enable automatic deletion of cookies when closing the browser.
Cookie settings can be managed under the following links for the respective browsers:
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/
You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools.
Most browsers also offer a do-not-track feature that allows you to indicate that you do not want to be "tracked" by websites. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be tracked for behavioral advertising and the like. For information and pattern on how to edit this feature, depending on your browser provider, see the links below:
- GoogleChrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
- Mozilla Firefox: https://www.mozilla.org/de/firefox/dnt/
- Internet Explorer: https://support.microsoft.com/de-de/topic/verwenden-von-do-not-track-in-internet-explorer-11-ad61fa73-d533-ce96-3f64-2aa3a332e792
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/de/latest/
Please note that if you disable cookies, the functionality of this website may be limited.Open cookie box again
11. use of analysis services (Google Analytics)
For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) (hereinafter: "Google").
The processing of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time for the future.
In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
The European Commission has approved the use of standard contractual clauses as a means of ensuring adequate protection when transferring data outside the EEA. Through the use of standard contractual clauses in a contract concluded between data controllers, personal data is considered to be protected when transferred from the EEA or the United Kingdom to countries not covered by an adequacy decision.
Google relies on these standard contractual clauses for data transfers. As of August 12, 2020, Google is subject to the European Commission's standard contractual clauses for transfers of data for online advertising and personal data originating in the European Economic Area, Switzerland and the United Kingdom (https://support.google.com/adspolicy/answer/10042247?hl=de)
12. use of Google Fonts
We use on our website for optimal display of the font partly so-called web fonts. Google Fonts is a service of Google (Google LLC, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
When you call up one of our pages in which web fonts are embedded, your browser loads the required web fonts into your browser cache. If your browser does not support this function, a standard font will be used by your computer for display. To retrieve the fonts, a connection to a Google server is established and your IP address and possibly stored there. Depending on the end device used and permitted app permissions, your location and user data may also be transmitted. The location of the server may be in the USA. According to Google, data that is transferred as part of the font service is not merged with other data at Google.
The processing of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time for the future.
For data transfers, Google relies on the standard contractual clauses mentioned above.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.
13. social media
We use social media plugins or other components of the social networks YouTube, Facebook, Twitter, Instagram and Pinterest on our website on the basis of Art. 6 (1) lit. a DSGVO in order to make our website and our company better known via these.
To increase the protection of your data when visiting our website, the redirects are static links that are built in by means of so-called "Shariff" - project. This prevents your data from already being sent to the social networks when you visit our website. A contact between you and the social network is only established when you actively click on the button.
In order to provide you with information and offer another contact option, we are present on various social media platforms.
The processing of your personal data on these platforms is largely beyond our control. As a rule, when you visit our social media offerings, cookies are stored in your browser by the platform operator, in which your usage behavior or information about your interests are stored for market research and advertising purposes. Since some of the services of the platforms can also be used without registration, it cannot be ruled out that persons who are not registered on the respective platform are also affected by the data processing.
a) YouTube: YouTube and YouTube Plug-Ins. YouTube is a service of YouTube LLC ("YouTube"), 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
You can find more detailed information in the privacy notices of YouTube and Google, respectively, which you can access here: www.google.com/policies/privacy/
b) Facebook: Facebook Inc, Hacker Way, Menlo Park, CA 94025, USA (hereinafter: "Facebook"). The controller for the processing of personal data for data subjects outside the USA or Canada is Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.
c) Twitter: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter: "Twitter").
d) Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: "Instagram").
Information about the collection, processing and use of personal data by Instagram is available at https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc=Instagram help section&bc=Privacy%20and%20Security.
e) Pinterest: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest").
14. your rights
As a data subject, you have the following rights vis-à-vis the data controller. If you would like to exercise one of these rights, please contact the data controller using the contact details provided in section 1.
a) Right of access (Art. 15 GDPR)
You have the right to request information from us about whether and, if so, in what way we process personal data relating to you. Upon request, we will provide you with a digital copy of this data.
The aforementioned right to information may be restricted or excluded under certain legal conditions. In particular, according to Section 29 (1) sentence 2 of the German Federal Data Protection Act (BDSG), a right to information is not given if the information would disclose information that must be kept secret according to a legal provision or by its nature, in particular because of the overriding legitimate interests of a third party.
b) Right of rectification (Art. 16 GDPR)
You have a right to have your personal data corrected and/or completed without undue delay vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete.
c) Right to erasure (Art. 17 DSGVO)
You can request the deletion of your data stored by us,
- if the data is no longer necessary for the purposes for which it was collected or processed,
- you have withdrawn your consent and there is no other legal basis for the processing,
- you object pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 (2) DSGVO,
- the personal data have been processed unlawfully,
- the deletion is necessary to fulfill a legal obligation or
- the personal data was collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.
This right to erasure does not apply insofar as the processing is necessary for the exercise of the right to freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defense of legal claims.
d) Right to restriction of processing (Art. 18 DSGVO)
You may request the restriction of the processing of personal data concerning you if
- the accuracy of the personal data is disputed by you for the duration of the verification of the accuracy by the controller;
- the processing is unlawful and you request restriction of use instead of erasure;
- the data controller no longer needs the data, but you require it for the assertion, exercise or defense of legal claims, or
- you have objected to the processing pursuant to Art. 21 (1) DSGVO and it is not yet clear whether legitimate reasons of the controller outweigh your reasons.
Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
e) Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
f) Right to object (Art. 21 DSGVO)
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) e or f DSGVO, you have the right to object to the processing of your personal data, provided that there are grounds for doing so that arise from your particular situation. If the objection is directed against direct marketing, you have a general right to object, which will be implemented by us without specifying a particular situation.
g) Right to withdraw consent (Art. 7 (3) DSGVO)
You have the right to revoke your consent at any time with the consequence that we may no longer continue the data processing based on this consent in the future.
h) Right of appeal (Art. 77 GDPR)
You have the right to complain to a supervisory authority. You can contact the supervisory authority of your place of residence or workplace or the supervisory authority responsible for us.
15. data security
Your personal data is transferred securely by us through encryption. This applies to the visit of our website, the customer login as well as your order. For this purpose, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.