Personal data is any data relating to an identified or identifiable natural person.
- Data controller’s name and contact details
Responsible party: Weinwelt NÄGELSFÖRST GmbH Nägelsförst 1 76534 Baden-Baden Phone: +49 (0)7221 35550 Fax: +49 (0)7221 3555 Email: firstname.lastname@example.org Website: www.naegelsfoerst.de
- Collection and storage of personal data, type of data, and purpose of their use a) When you visit our website
You can visit our website https://www.naegelsfoerst.de without having to give us any information about yourself (who you are).
When you use our website purely for informational purposes, i.e. if you do not register or otherwise provide us with information about yourself, we only collect the personal data that your browser sends to our server. When you visit our website https://www.naegelsfoerst.de, the browser you use on your device automatically sends data to our website’s server. This data is then temporarily stored in a so-called log file. The following data is recorded without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the accessed file,
- website from which the access takes place (referrer URL),
- the browser used and possibly the operating system of your computer as well as the name of your access provider, language and version of the browser software
We process the above-mentioned data for the following purposes:
- to ensure a functioning connection to our website,
- to ensure ease of use of our website,
- to evaluate system security and stability, and
- for other administrative purposes.
The legal basis for our data processing is art. 6 para. 1 sentence 1 lit. f) EU GDPR. Our legitimate interest is based on the above-mentioned data collection purposes. Under no circumstances will we use the data we collect in order to derive conclusions about your person.
b)When you use our web shop
When you use our web shop, e.g. by making offers or accepting our offers, by registering or by way of any other communication, we process the personal data you provide exclusively for the purpose of initiating or performing a contract.
The legal basis for data processing is art. 6 para. 1 sentence 1 lit. b) EU GDPR. According to this article, data processing is necessary to conclude or perform a contract to which the data subject is a party, or to conduct any pre-contractual measures taken at the request of the data subject.
When you use our web shop, we will process the following personal data transmitted by you:
- First and last name
- Telephone number (home and/or mobile)
- Telefax number (only if available)
- Email address
- IBAN (only if required for processing payments)
- Credit card number and verification code (only if required for processing payments)
This data is processed for the purpose of fulfilling our contractual obligations, in particular for the dispatch of products, for payment processing, including invoicing, for processing possible warranty claims, as well as for any correspondence with you in connection therewith.
You may also choose to create a customer account in which we store your personal data for future purchases. When you create an account, the data you provide will be stored under “My Account” with the option to subsequently revoke it. You can always delete all other data, including your user account, in the customer area.
c) When you use our contact form
We provide a contact form on our website so you can send us your questions, concerns, comments etc. In order to use it, you must provide an email address and a name so we know to whom to reply; any other information is optional.
The legal basis for data processing is your consent, which you provide voluntarily (art. 6 para. 1 sentence 1 lit. a) EU-GDPR).
The personal data we collect when using the contact form will be deleted once your request is completed.
d) When you register for our newsletter
Provided you have given your express consent (art. 6 para. 1 sentence 1 lit. a) EU-GDPR), you can subscribe to our newsletter, which informs you about our current product and/or service offers. The products and/or services advertised in the newsletter are named in the declaration of consent. The only mandatory information you must provide in order to receive our newsletter is your email address. Any additional, separately labelled data is provided by you voluntarily and will be used to personalize our communication with you.
For our newsletter registration, we use what is called a double opt-in procedure. This means that after you register, we will send you an email to the address you provided, asking you to confirm your newsletter subscription. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to trace any possible misuse of your personal data.
The legal basis for this data processing is your consent, which you provided voluntarily (art. 6 para. 1 sentence 1 lit. a) EU GDPR).
You can revoke your consent to receiving the newsletter at any time and unsubscribe from it. To do so, you can email your unsubscribe request to email@example.com.
e) Processing based on legitimate interest
As far as is necessary for our business purposes, we process your data – except from initiation or performance of a contract and any consent you have expressly given – in order to safeguard the legitimate interest of our company, except for individual cases where, upon consideration, it is found that it is overridden by your legitimate fundamental rights and freedoms, which require protection of personal data (cf. art. 6 para. 1 lit. f) EU GDPR). Our company’s legitimate interests include:
- Direct mail, unless you have objected to the use of your personal data.
3. Disclosure of data to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below. In particular, no data will be passed on to third parties, e.g. for advertising purposes, without your express consent.
We only pass on your personal data to third parties if:
- you have given your express consent in accordance with art. 6 para. 1 sentence 1 lit. a) EU-GDPR;
- it is necessary, according to art. 6 para. 1 sentence 1 lit. b) EU GDPR, for fulfilling contractual relationships with you, e.g. to financial institutions for processing contractually agreed payments, to shipping and transport companies for the purpose of transporting goods, including tracking and tracing, and to lawyers and legal service companies if you fail to make contractually agreed payments, for the purpose of legal enforcement;
- there is a legal obligation to disclose the data in accordance with art. 6 para. 1 sentence 1 lit. c) EU GDPR; or
- a disclosure is necessary pursuant to art. 6 (1) sentence 1 lit. f) EU GDPR to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.
The cookie stores data on the specific device that is used. This does not mean, however, that it directly tells us who you are.
In addition, we also use temporary cookies to optimize user-friendliness. These are stored on your device for a certain, defined period of time. If you return to our site to use our services, it automatically detects that you have previously visited the site and which entries and settings you have made so you don’t have to redo them.
The data processed by cookies is required for the above-mentioned purposes to protect our legitimate interests and those of third parties in accordance with art. 6 para. 1 S. 1 lit. f) EU GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so as not to allow cookies to be stored on your computer, or to always show a message before a new cookie is placed. However, if you completely deactivate cookies, you may not be able to use the full functionality of our website.
5. Retention period and data deletion
In particular, your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed. The data will then be erased unless further retention is necessary to comply with a legal obligation that requires processing under Union or national law to which the controller is subject, or in order to pursue, exercise or defend legal claims. Mandatory legal retention periods constitute one such legal obligation, for example, 10 years (for accounting data, including order and payment data, payroll accounting) or 6 years (for commercial correspondence). For the duration of these mandatory legal retention periods, the data is locked; once they expire, it is deleted.
6. Rights of data subjects
You have the right,
- in accordance with art. 7 para. 3 EU GDPR, to revoke your consent you gave to us at any time. As a result, we will not be allowed to continue any data processing that was based on this consent in the future. The lawfulness of any data processing that took place up to the moment of revocation remains unaffected by your revocation;
- in accordance with art. 15 EU GDPR, to request information about your personal data that we process. You may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or is being disclosed, the planned retention period, the existence of a right of rectification, erasure, restriction of processing, or objection, the existence of a right of to lodge a complaint, the origin of your data, if it was not collected by us, as well as the existence of automated decision making including profiling, and, if applicable, meaningful information on details thereof;
- in accordance with art. 16 EU GDPR, to demand the prompt correction of incorrect or incomplete personal data stored by us;
- in accordance with art. 17 EU GDPR, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims;
- in accordance with art. 18 EU GDPR, to demand that processing of your personal data be restricted if you dispute the accuracy of the data; the processing is unlawful, but you do not want it deleted; and we no longer require the data, but you require it to assert, exercise, or defend legal claims; or you have lodged an objection to processing pursuant to Art. 21 GDPR;
- in accordance with art. 20 EU GDPR, to obtain your personal data that you have provided to us in a structured, common, and machine-readable format, or to request its transfer to another data controller;
- in accordance with art. 77 EU GDPR, to lodge a complaint with a supervisory authority. The competent supervisory authority is the state data protection commissioner of the federal state in which our company is based. An overview of the state data protection commissioners and their contact details can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
7. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with art. 6 para. 1 sentence 1 letter f) EU GDPR, you have the right to object to the processing of your personal data in accordance with art. 21 GDPR, provided that there are grounds relating to your particular situation. If your objection is justified, we will examine the facts of the case and either stop or adapt our processing of the data, or inform you of our compelling legitimate reasons for continuing the processing.
If we process your personal data for the purpose of direct marketing, you have the right to object to the processing of your personal data for the purpose of direct marketing at any time.
To exercise your right of revocation or objection, simply send an email to firstname.lastname@example.org.
8. Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are subject to continuous improvements in line with technological developments.
While you visit our website, we also use SSL or TLS encryption (SSL = Secure Sockets Layer; TLS = Transport Layer Security; SSL being the previous designation of TLS). You can tell whether an individual page of our website is being transmitted in encrypted form by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. When SSL or TLS encryption is activated, data that you transmit to us cannot be read by third parties.