Privacy policy and data protection information
Privacy policy
and information on any consent you may have given us
As the responsible party within the meaning of the data protection regulations, we inform you below about the processing of your personal data by us.
I. The term personal data and other important terms
In simple terms, personal data is any information that relates to you personally as a data subject. Provisions on what the term "personal data" means and what other terms important for the following data protection information mean can be found in Art. 4 of the DS-GVO (General Data Protection Regulation).
II. Name and contact details of the data controller; contact details of the data protection officer
In simple terms, the controller is the person who alone or jointly with others decides on the purposes and means of the processing of personal data. The name and contact details of the person responsible (and, if a data protection officer has been appointed, the contact details of the data protection officer) can be found in our provider identification / imprint.
III. purposes of processing your personal data; legal basis for processing
We process your personal data within the scope of our activities for the purposes listed below in accordance with the legal bases stated in each case.
1. in order to protect our legitimate interest in maintaining the proper operation of our website, in providing the most user-friendly functions possible and in analysing the use of our website, your personal data is processed on the basis of Article 6(1)(f) of the GDPR. 2. to carry out pre-contractual measures.
2. in order to carry out pre-contractual measures based on an enquiry from you, your personal data will be processed on the basis of Article 6 (1) (b) of the GDPR.
3. in order to safeguard our legitimate interest in responding to enquiries and in taking other measures based on an enquiry from you, your personal data will be processed on the basis of Article 6(1)(f) of the GDPR.
4. for the performance of a contract to which you are a party, the processing of your personal data is based on Article 6 (1) (b) of the GDPR.
5. for the performance of measures for the purpose of advertising, the processing of your personal data shall be carried out either on the basis of the consent given by you pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (f) DS-GVO.
6. in order to comply with legal obligations to which we are subject, your personal data will be processed on the basis of Article 6(1)(c) DS-GVO.
7. in order to protect our legitimate interest in enforcing our rights and defending ourselves against claims, the processing of your personal data is based on Article 6(1)(f) of the GDPR.
Our systems are secured in accordance with the state of the art by technical and organisational measures to protect your personal data against access, alteration or dissemination by unauthorised persons and against loss and destruction.
Information on the processing of your personal data for the individual processing purposes can be found in the corresponding further notes within the framework of this data protection declaration.
IV. Transfer of your personal data to third parties; categories of recipients of your personal data
Insofar as this is necessary to achieve the purposes of processing your personal data, we transfer your personal data to third parties within the framework of the legal requirements. Detailed information on the transfer of your personal data to third parties for the individual processing purposes can be found in the corresponding further notes within the framework of this data protection declaration. In cases where your personal data is transferred to third parties, the scope of the data transferred is limited to the minimum necessary.
V. Scope of the processing of your personal data for the individual processing purposes
Below we inform you in detail about the processing of your personal data for the various processing purposes.
Your personal data will be deleted when it is no longer needed for processing for the respective processing purpose, unless we are allowed to continue processing the data for another processing purpose within the scope of the legal requirements and in accordance with the information in this privacy policy.
1. use of our website for information purposes
If you visit our website without sending us any information, we only process the personal data that your browser transmits to our server. This is the following data, which is technically necessary to display our Internet presence to you and to ensure stability and security:
- the page you called up
- date and time of the request
- amount of data transferred
- the source or link from which you accessed the page
- the browser you are using
- the operating system you are using
- your IP address
Your personal data is processed on the basis of Article 6 (1) (f) DS-GVO to protect our legitimate interest in maintaining the proper operation of our website, in providing the most user-friendly functions possible and in analysing the use of our website.
Your personal data will be deleted after 6 months, unless they are still required for the assertion of rights or the enforcement of claims due to measures against the proper operation of our website. In this case, the deletion will take place immediately after the conclusion of the corresponding proceedings.
You are not obliged to provide your personal data. However, failure to provide your personal data would mean that you would not be able to view our website.
2. processing of enquiries
If you contact us with an enquiry or a request, we will process the personal data and information/documents you provide. Regardless of the way in which you send us your enquiry or request, this may include:
- Date and time of contact
- Name data
- Contact details
- data on enquiry/concern
- transmitted information/documents
Depending on the content of your enquiry or request, the processing of your personal data and the information/documents submitted is based on Article 6(1)(b) DS-GVO for the performance of pre-contractual measures or on Article 6(1)(b) DS-GVO for the performance of a contract to which you are a party or on Article 6(1)(f) DS-GVO to protect our legitimate interest in responding to enquiries/concerns and in taking other measures in connection with the processing of enquiries/concerns.
Insofar as this is necessary for the processing of your enquiry/concern, we transmit your personal data to third parties within the framework of the legal requirements. In cases where your personal data is transmitted to third parties, the scope of the transmitted data is limited to the necessary minimum.
Your personal data will be deleted when your enquiry/concern has been clarified, but at the earliest after expiry of the retention periods under tax and commercial law of 6 or 10 years, unless we may continue to process the data for another processing purpose within the framework of the legal requirements and in accordance with the information in this data protection declaration.
You are not obliged to provide your personal data. However, failure to provide your personal data would result in us being unable to process your enquiry or request.
3. fulfilment of contracts
If you provide us with personal data for the purpose of concluding a contract or in connection with a contract, we process the data you provide for the purpose of processing the contract. This is your customer data (e.g. your name and address) and the contract data (e.g. details of the products covered by the contract and payment and delivery information).
Your personal data is processed on the basis of Article 6 (1) (b) DS-GVO for the performance of a contract to which you are a party.
Insofar as this is necessary for the performance of the contract with you, we transmit your personal data to third parties within the framework of the legal requirements. This transfer is made to the service providers involved in the processing of the contract. These are the providers of the processing tools used by us, the companies commissioned with the transport and the payment service providers commissioned with the payment matters.
Insofar as you use the payment service provider PayPal for the processing of payment transactions, we expressly point out that the PayPal data protection declaration applies to all PayPal transactions: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum required.
Your personal data will be deleted after the expiry of the retention periods under tax and commercial law of 6 or 10 years, unless we are allowed to continue processing the data for another processing purpose within the scope of the legal requirements and in accordance with the information in this privacy policy.
The provision of your personal data is necessary for the conclusion of a contract with us. You are not obliged to provide your personal data. However, failure to provide your personal data would result in us not being able to enter into a contract with you.
4.1 Advertising via newsletter
If you register for our newsletter, we will process the e-mail address you provide - and if you provide further personal data, we will also process this - in order to send you information about our offers by e-mail. In this respect, only the provision of your e-mail address is obligatory. If you voluntarily provide further personal data, we may process this data in order to address you personally in the newsletter.
When you register for our newsletter, you give your consent with the following content: "I agree to be informed by e-mail about interesting offers and therefore consent to the processing of my e-mail address and the other personal data I have provided for the purpose of sending the newsletter. I can revoke this consent at any time and without giving reasons with effect for the future. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation."
The registration for our newsletter takes place in the so-called double opt-in procedure. This means: After registration, you will first receive an email with a message about the registration for the newsletter combined with a request for confirmation of the registration. Your confirmation of registration is necessary to document the required consent to send the newsletter and to be able to recognise registrations to third-party e-mail addresses. In connection with the registrations for the newsletter and the confirmations, the IP address as well as the date and time are logged in order to be able to prove the granting of consent in accordance with the legal requirements if necessary.
The processing of your personal data is based on the consent you have given in this regard in accordance with Article 6 (1) (a) DS-GVO.
You can revoke your consent at any time and without giving reasons with effect for the future. To do so, it is sufficient to send a corresponding message to the person responsible, whose contact details you can find in the information on the person responsible. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation.
If you revoke your consent or unsubscribe from our newsletter, your e-mail address and any other data transmitted will be deleted immediately, unless we are allowed to continue processing the data for another processing purpose within the scope of the legal requirements and in accordance with the information in this data protection declaration.
In order to receive our newsletter, it is at least necessary to provide your e-mail address. You are not obliged to provide your e-mail address. However, failure to provide your e-mail address would result in you not being able to subscribe to our newsletter.
4.2 Advertising by newsletter without registration and your right to object
We process the personal data you provide in connection with the sale of a product or service regarding your e-mail address, first name, last name and address, if applicable, for the purpose of sending you an e-mail newsletter containing offers for similar products.
In this respect, the processing of your personal data is carried out on the basis of Article 6 (1) (f) DS-GVO in order to protect our legitimate interest in carrying out advertising measures by e-mail.
You may object to the processing of your personal data for the purpose of carrying out advertising measures by e-mail at any time. To do so, it is sufficient to notify the person responsible, whose contact details you can find in the information on the person responsible. Alternatively, each advertising e-mail contains a link to unsubscribe from further advertising e-mails. Apart from transmission costs according to the basic rates, you will not incur any further costs.
If you object to the processing of your personal data for the purpose of carrying out advertising measures by e-mail, the e-mail address will be deleted from the list of recipients immediately unless you have expressly consented to the further use of your data or we may continue to process the data for another processing purpose within the framework of the legal requirements and in accordance with the information in this data protection declaration.
5. advertising by letter post
We process the personal data you provide regarding first and last name and address, if necessary, for sending information about our offers by letter post.
In this respect, the processing of your personal data is carried out on the basis of Article 6 (1) (f) DS-GVO in order to protect our legitimate interest in carrying out advertising measures by letter post.
You may object to the processing of your personal data for the purpose of carrying out advertising measures by letter post at any time. To do so, it is sufficient to notify the responsible person, whose contact details you can find in the information on the responsible person.
If you object to the processing of your personal data for the purpose of carrying out advertising measures by letter post, the personal data you have provided on first and last name and address will be deleted immediately, unless we may continue to process the data for another processing purpose within the framework of the legal requirements and in accordance with the information in this data protection declaration.
You are not required to provide your personal data for the purposes of carrying out promotional activities by letter post. However, failure to provide your personal data would mean that we would not be able to send you advertising by letter post.
6. compliance with legal obligations to which we are subject
We may process your personal data to comply with legal obligations to which we are subject.
In order to comply with legal obligations to which we are subject, the processing of your personal data is based on Article 6(1)(c) DS-GVO.
Insofar as this is necessary for the fulfilment of legal obligations to which we are subject, we transmit your personal data to third parties within the framework of the legal requirements. In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum necessary.
Your personal data will be deleted when it is no longer required for the fulfilment of legal obligations to which we are subject, unless we are allowed to continue processing the data for another processing purpose within the framework of the legal requirements and in accordance with the information in this privacy policy.
7. use of cookies and other technologies
We may use cookies on our website to enable you to use the functions we offer, to analyse the use of the functions we offer and, where appropriate, to present advertising that is as tailored as possible to your needs. Below we inform you about the cookies and other technologies we use.
Cookies are small files that are stored on your device and through which certain information is transmitted to us. Cookies are used to enable you to use certain functions and to make our website as a whole more user-friendly.
7.1 Technically necessary cookies and technologies:
In some cases, the use of cookies and technologies on our website is technically necessary in order to provide you with the functions of our service that you have requested and to document any consent that you have given. For this reason, you cannot deselect the use of the corresponding cookies and technologies (opt-out). You can prevent the storage of cookies by setting your browser software accordingly. You can delete stored cookies via the corresponding settings. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.
7.1.1 Consent tool
We use a so-called Consent Tool on our website, which we use in accordance with our data protection obligations in this regard pursuant to Art. 5 para. 2 DS-GVO in conjunction with Art. 6 para. 1 letter c) DS-GVO. Art. 6 para. 1 letter c) DS-GVO about the cookies we use and with which we document whether and to what extent you have opted in to the processing of your data.
Person responsible:
The processing of your personal data is carried out by us as the responsible party. You can find the name and contact details of the responsible person (and if a data protection officer has been appointed, the contact details of the data protection officer) in our provider identification / imprint.
Processing purposes and legal basis:
Fulfilment of obligations under data protection law, to inform about cookies used and storage/documentation of consent given in accordance with Art. 5 para. 2 DS-GVO in conjunction with. Art. 6 para. 1 letter c) DS-GVO
Provider of the consent tool used:
shopware AG
Ebbinghoff 10
48624 Schöppingen
Imprint
You can find the data protection information of the provider of the content tool we use here: https://www.shopware.com/de/datenschutz/
Name/designation of the cookie: "cookiePreferences".
Cookie duration: 180 days
7.1.2 Technically required cookies:
Technically necessary cookies are cookies that are required so that you can use the functions of our service that you want (to carry out an order). This concerns, for example, the storage of entries in connection with the use of the shopping basket function or the storage of entries after registration in connection with the creation of a customer account.
Person responsible:
The processing of your personal data is carried out by us as the responsible party. You can find the name and contact details of the person responsible (and if a data protection officer has been appointed, the contact details of the data protection officer) in our provider identification / imprint. Information on whether the cookies are set by us (first-party cookies) or by a partner company (third-party cookies) can be found in the information on the individual cookies.
Processing purposes and legal basis:
The processing of your personal data is insofar carried out on the basis of Article 6 (1) (b) DS-GVO for the implementation of pre-contractual measures, which are carried out at your request as a data subject or on the basis of Article 6 (1) (b) DS-GVO for the performance of a contract to which you are a party.
Name | Provider | Description | Duration |
allow | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Sets when the visitor allows cookies to be stored. | 180 days |
context_hash | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Is needed for the recognition of the control rules. | Session |
csrf | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Provides protection against a CSRF attack. Additional informationen |
Session |
currency | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Stores the selected currency. | |
decline | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Set if the visitor refuses the storage of cookies. | 180 days |
no_cache | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | The elements that are not to be cached are stored here. | Session |
preferences | Stores the settings from the Cookie Consent Manager. | ||
session | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Identifies the current session, the user and their shopping cart. | Session |
shop | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Stores the language/subshop that the customer calls up. | 180 days |
7.2 Other cookies and technologies; right to revoke consent given
In some cases, the use of cookies and technologies on our website is not technically necessary in order to provide you with the functions of our service that you require. These other cookies and technologies are only used on our website with your consent (opt-in). In order to enable you to make an informed decision in this respect, we inform you below about the relevant cookies and technologies. You can give your consent to the use of the relevant cookies and technologies via the consent tool we use. You can revoke your consent at any time and without giving reasons with effect for the future. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation.
Person responsible:
The processing of your personal data is carried out by us as the responsible party. You can find the name and contact details of the responsible party (and if a data protection officer has been appointed, the contact details of the data protection officer) in our provider identification / imprint. Information on whether the cookies are set by us (first-party cookies) or by a partner company (third-party cookies) can be found in the information on the individual cookies.
Processing purposes and legal basis:
Insofar as we use other cookies and technologies on our website, these are used to optimise the use of our website (preference cookies), to analyse the use of our website (statistics cookies) and to initiate advertising that is as tailored as possible to your needs (marketing cookies). In this respect, the processing of your personal data takes place on the basis of the consent given by you in accordance with Article 6 (1) (a) DS-GVO.
7.2.1 Preference cookies
Name | Provider | Description | Duration |
note | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | If a customer places an item on the wish list, a cookie is created for this purpose. | 1 years |
slt | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Allows the customer to be recognised when returning to the shop, even if the session has already expired. Additional information |
7.2.2 Statistics cookies
Name | Provider | Description | Duration |
device | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Stores the device used, e.g. for the correct display of the shop. | Session |
partner | medesign I.C. GmbH; https://medesign.de/en/datenschutzerklaerung-und-datenschutzhinweise | Required to recognise partners for the partner programme. |
7.2.3. Marketing-Cookies
Name | Provider | Description | Duration |
8. enforcing our rights and defending claims against us.
Where appropriate, we process your personal data to protect our legitimate interest in enforcing our rights and defending claims against us.
In this case, the processing of your personal data is based on Article 6(1)(f) DS-GVO.
Insofar as this is necessary to protect our legitimate interest, we transmit your personal data to third parties within the framework of the legal requirements. This transmission takes place to the providers of debt collection services involved or to our lawyers.
In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum necessary.
Your personal data will be deleted after the conclusion of the procedure, at the earliest, however, after the expiry of the retention periods under tax and commercial law of 6 or 10 years, unless we may continue to process the data for another processing purpose within the framework of the legal requirements and in accordance with the information in this data protection declaration.
VI. Duration for which your personal data is stored or criteria for determining this duration
Your personal data will be deleted when it is no longer necessary for processing for the purpose for which it was collected, unless we are allowed to continue processing it for another purpose within the limits of the law and in accordance with the information in this Privacy Policy. Information on the period for which your personal data is stored or the criteria for determining this period can be found in the information on the processing of your personal data for the individual processing purposes in this privacy policy.
VII. Your rights
1. overview
In order to ensure fair and transparent processing of personal data, you as a data subject have the following rights under data protection law:
the right to information according to Article 15 DS-GVO,
the right to rectification according to Article 16 DS-GVO,
the right to erasure in accordance with Article 17 of the Data Protection Regulation,
the right to restriction of processing pursuant to Article 18 of the Regulation,
the right to data portability under Article 20 of the GDPR
the right to revoke consent given at any time in accordance with Article 7 (3) DS-GVO,
the right to object to processing pursuant to Article 21 DS-GVO, which we will inform you about separately below
and the right to lodge a complaint with the supervisory authority pursuant to Article 77 of the GDPR, about which we will inform you separately below.
2. your right to object to processing
The processing of personal data is permissible if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override these interests, in particular if the data subject is a child, Art. 6(1)(f) DS-GVO.
As the data subject, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) of the GDPR; this also applies to profiling based on these provisions.
If you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a data subject, or for the establishment, exercise or defence of legal claims.
If we process your personal data for the purposes of direct marketing, you as the data subject have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you, as the data subject, object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
3. your right of appeal to the supervisory authority
As a data subject, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the requirements of the GDPR.
VIII. Information on the basis for providing your personal data and possible consequences of not providing it
To the extent necessary to ensure fair and transparent processing, you will find information on the basis for providing your personal data and on the possible consequences of failure to provide it in the information on the processing of your personal data for the individual processing purposes.