This data protection declaration is based on the terms used by the European legislator for the adoption of the Datenschutz-Grundverordnung (DSGVO). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
- „Personal data“ means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- „Data subject“ is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
- „Processing“ is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- „Restriction of processing“ is the marking of stored personal data with the aim of limiting their processing in the future.
- „Profiling“ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- „Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- „Recipient“ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- „Third party“ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- „Consent“ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
2. Name and the address of the controller
These data protection statements apply to the processing by:
TOM GmbH & Co. KG, represented by managing director Mr. Anton Majerle, E-Mail firstname.lastname@example.org, Telefon: +49 (0) 7543 965 49 69
3. Acquisition and storage of personal data and the nature and purpose of their use
a) During visits to our website:
When you access our website information is automatically sent to the server of our website by the browser used on your terminal. This information is stored temporarily in a so-called logfile. The following information is collected without your assistance and stored until it is automatically erased:
- IP address of the enquiring computer;
- Date and time of access;
- Name and URL of the file requested;
- Website from which access has taken place (referrer URL);
- The browser used, and possibly the operating system of your computer and the name of your access provider.
We process the above data for the following purposes:
- To ensure that the connection to our website can be established smoothly;
- To ensure convenient use of our website;
- To assess the security and stability of the system;
- For further administrative purposes.
The legal basis for processing the data is provided by Art. 6 Subparagraph 1 S. 1 Point f GDPR. Our legitimate interest follows from the listed purposes of data acquisition. In no case do we use the data acquired in order to draw conclusions concerning your person.
b) When using our contact form
If you have questions of any kind, we offer you the option of contacting us with the form provided on the website. It is necessary to state a valid email address so that we know who the enquiry has come from and in order to answer it. Any further information given is voluntary.
Data processing for the purpose of establishing contact with us takes place according to Art. 6 Subparagraph 1 S. 1 Point a GDPR on the basis of your consent, which is given voluntarily.
The personal data collected by us for the purpose of using the contact form are erased automatically when your enquiry has been handled.
c) When ordering via our website
You can place orders via our website either as a guest without registration, or you can register in our shop as a customer for future orders. Your advantage of registration is that in case of a future order you can directly log in to our shop with your email address and your password, without again entering your contact details.
Your personal data are upon registration entered in an entry mask, sent to us and stored. When you place an order via our website, we at first collect the following data, both in the case that you order as a guest, and in the case of a registration to the shop:
- salutatory address, first name, last name
- a valid e-mail address,
- telephone number (fixed-line and/or mobile phone)
These data are collected
- to be able to identify you as our customer;
- to process, fulfil and deliver your order;
- to exchange correspondence with you;
- for billing purposes;
- for handling any liability claims that might arise and for the assertion of potential claims against you;
- to ensure the technical administration of our website;
- to manage your customer data.
The data processing follows your order and/or registration and is required according to Art. 6 (1) sentence 1 lit. b) GDPR for the above-stated purposes to appropriately process your order and to mutually fulfil obligations under the purchase contract.
The personal data which we collect for processing your order are stored until the expiry of the statutory retention duty and will thereafter be erased, unless we are obliged to longer storage due to retention and documentation duties under tax law or commercial law (under the German Commercial Code (HGB), the German Penal Code (StGB) or the German Tax Code (AO), or if you consented to the storage for further purposes according to Art. 6 (1) sentence 1 lit. a) GDPR.
4. Disclosure of data
We will only pass on your personal data to third parties to the service partners involved in the execution of the contract, such as the logistics company commissioned with the delivery and the credit institution commissioned with payment matters. In the event that your personal data is passed on to third parties, the scope of the transmitted data is limited to the necessary minimum.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or “purchase on account” via PayPal, we pass your payment details on to PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L -2449 Luxembourg (hereinafter “PayPal”), further. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or “purchase on account” via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is used to calculate the score values. Further data protection information can be found in the PayPal data protection principles: //www.paypal.com/de/webapps/mpp/ua/privacy-full
A transfer of your personal data from us to third parties will be made exclusively to the service partners involved in the execution of the contract, such as a logistics company commissioned with delivery and a bank responsible for payment matters. In the case of the disclosure of your personal data to third parties, the scope of the data transmitted is limited to the minimum required.
Your personal data are not transferred to third parties for purposes other than those mentioned above.
We will share your personal data with third parties only if:
- you have given express consent to this in accordance with Article 6, paragraph 1, page 1, point a of the GDPR,
- the transfer according to Article 6, paragraph 1, page 1, point f of the GDPR is required to establish, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
- there is a legal obligation for transfer according to Article 6, paragraph 1, page 1, point c of the GDPR, and
- this is permitted by law and, according to Article 6, paragraph 1, page 1, point b of the GDPR, is required for the settlement of contractual relationships with you.
As part of the ordering process, we will obtain your consent to share your information with third parties
The cookie stores information generated in connection with the particular terminal used. However, that does not mean we acquire a direct knowledge of your identity.
We also use temporary cookies to optimize the user friendliness of our site; these are stored on your terminal for a certain specified time. If you visit our site again in order to make use of our services they recognize automatically that you have visited us before and know what entries and settings you have used, so that you do not have to enter them again.
The data processed by cookies are necessary for the stated purpose of pursuing our legitimate interests and those of third parties pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies can be stored on your computer or so that a warning always appears before a new cookie is set up. However, if you deactivate cookies completely you may not be able to use all the functions on our website.
6. Links to third-party websites
The links published on our website are researched and compiled by us with the utmost care. We have, however, no influence on the current and future design and content of linked pages. We are not responsible for the content of linked sites and expressly do not endorse the content of these sites. The provider of the linked website has sole responsibility for any illegal, incorrect or incomplete content, as well as for damage that may result from the use or non-use of the information. Any liability for those who merely point to the publication by means of a link is excluded. We are responsible for external referrals only if we have positive knowledge of them, including any possible illegal or criminal content, and it is technically possible and reasonable for us to prevent their use.
7. Analysis and tracking tools
The tracking tools listed below and used by us are based on Article 6, paragraph 1, page 1, point f of the GDPR. The tracking tools used are intended to ensure a needs-oriented design and the continuous optimisation of our website. We also use the tracking tools to statistically measure the use of our website and for the purpose of evaluating how we optimise the services we offer you. These interests are to be regarded as justified within the meaning of the aforementioned provision.
The respective data-processing purposes and data categories can be found in the corresponding tracking tools.
a) Google Analytics
For the purpose of the needs-oriented design and continuous optimisation of our pages, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, US; hereafter referred to as “Google”). In this connection, pseudonymised usage profiles are created and cookies used (see point 5). The information generated by the cookie about your use of this website, such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of server request,
is transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and Internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties are commissioned to process these data. Under no circumstances will your IP address be combined with any other data provided by Google. The IP addresses are anonymised to ensure that identification is not possible (IP masking).
You can prevent the installation of cookies by setting the browser software accordingly; however, please note that not all features of our website may be fully usable in that event.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent data collection by Google Analytics by clicking on the link mentioned above. An opt-out cookie will be set to prevent the future collection of your data when you visit our website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information about privacy related to Google Analytics, please use the following link to the Google Analytics Help Center: https://support.google.com/analytics/answer/6004245?hl=en
b) Google Adwords Conversion Tracking
We also use Google conversion tracking to record the statistics relating to the use of our website and to improve our website for you.
This means that Google Adwords sets a cookie (see number 5) on your computer if you navigated to our website from a Google advertisement.
These cookies become invalid after 30 days and are not used for personal identification. If the user visits certain pages on the website of the Adwords customer and the cookie has not yet expired, Google and the customer can detect that the user has clicked on the advertisement and has been forwarded to this page.
Each Adwords customer receives a different cookie. This means that cookies cannot be traced using the websites of Adwords customers. The information obtained using the conversion cookie is used to generate conversion statistics for Adwords customers who have decided to use conversion tracking. Adwords customers are notified of the total number of users who have clicked on the advertisement and have been forwarded to the page featuring a conversion tracking tag. However, they do not receive any information which enables them to identify users in person.
8. Social Media Plugins
On the basis of Art. 6 Subparagraph 1 S. 1 Point f GDPR our website makes use of social plugins for the social networks Facebook, Twitter and Google +1 in order to make our company better known through these media. The commercial purpose behind this is to be deemed a legitimate interest in the meaning of the GDPR. Responsibility for operation in compliance with the data protection laws lies with the provider concerned. These plugins are incorporated by us using the “two-click method” in order to protect visitors to our website to the fullest possible extent.
Our website uses social media plugins from Facebook in order to personalize its use. For this we use the “LIKE” or “SHARE” button. This is an offer provided by Facebook.
When you call up a page of our website that contains a plugin of this kind, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transferred directly from Facebook to your browser, and from there it is incorporated into the website.
Through incorporation of the plugin, Facebook receives the information that your browser has called up this page of our website, even if you do not have a Facebook account or are not logged in to Facebook at the moment. This information (including your IP address) is transferred from your browser directly to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example if you activate the “LIKE” or “SHARE” button, the corresponding information is also communicated directly to a Facebook server and stored there. Moreover, the information is published on Facebook and shown to your Facebook friends.
Facebook can use this information for the purpose of advertising, market research and user-friendly design of the Facebook sites. To do so, Facebook draws up user, interest and relationship profiles, for example in order to evaluate your use of our website in respect of the advertisements displayed to you by Facebook, to inform other Facebook users about your activities on our website or to perform other services in connection with the use of Facebook.
If you do not want Facebook to assign the data collected through our website to your Facebook account, you must log out of Facebook before visiting our website.
Plugins from the short message service of Twitter Inc. (Twitter) are integrated into our webpages. You can identify the Twitter plugins (tweet button) by the Twitter logo on our website. You will find an overview of tweet buttons here (https://dev.twitter.com/web/tweet-button).
When you call up a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. In this way, Twitter receives the information that you have visited our website with your IP address. If you click the Twitter “tweet button” while you are logged in to your Twitter account, you can link the content of our pages to your Twitter profile. This enables Twitter to assign the visit to our pages to your user account. Please note that we, as the originator of the website, receive no information about the content of the data transferred or how they are used by Twitter.
If you do not want Twitter to be able to assign the visit to our pages, please log out of your Twitter user account.
c) Google „+1“
Our website uses the “+1” button on the social network Google, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043-1351, USA. The button is marked with a “+1”.
The “+1” button is an abbreviation for “that’s pretty cool” or “look at it”. The button is not used to track your visits to the web.
If a website of our website contains the “+1” button, then your internet browser will load and display this button from the Google server. The website you visit on our website is automatically communicated to the Google server. When displaying a +1 button, Google will not log your browsing history permanently, but only for up to two weeks.
Google keeps this information about your visit for this period for system maintenance and troubleshooting purposes. However, this data is not structured according to individual profiles, usernames or URLs. This information is also not available to website publishers or advertisers. Use of this information is only for maintenance and troubleshooting in Google’s internal systems. Your visit to a +1 button page will not be evaluated by Google in any other way.
A further evaluation of your visit to a website of our website with a “+1” button does not take place.
The assignment of +1 itself is a public process, anyone who does a Google search or calls content on the web that you +1 can potentially see that you + 1’d that content. So only +1 if you are sure you want to share this recommendation with the world.
Clicking on this +1 button serves as a recommendation for other users in Google’s search results. You may publicly announce that you like our website, that our website is approved or that you can recommend our website. If you have registered for Google+ and you are logged in, then the +1 button turns blue when clicked. It also adds +1 to the + 1 tab in your Google profile. On this tab, you can manage your +1s and decide if you want to make the + 1 tab public.
In order to save your +1 recommendation and make it publicly available, Google collects information about your recommended URL, IP address, and other browser-related information through your profile. If you cancel your +1, this information will be deleted. All +1 recommendations from you are listed on the +1 tab in your profile.
9. Rights of the data subject
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or opposition, the existence of a right to lodge a complaint, the origin of your data, unless it was collected by us, and the existence of automated decision-making, including profiling and, if necessary, meaningful information about its details;
- according to Art. 16 GDPR to immediately request the correction of incorrect or incomplete personal data stored by us;
- to request the deletion of your personal data stored by us, in accordance with Art. 17 GDPR, unless the processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
- to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, provided that the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or need to defend legal claims or you have objected to processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible;
- to revoke your consent given to us at any time in accordance with Art. 7 Para. 3 GDPR. As a result, we are no longer allowed to continue the data processing based on this consent in the future and
- • to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
10. Right to object
If your personal data are processed on the basis of legitimate interests according to Article 6, paragraph 1, page 1, point f of the GDPR, you have the right according to Article 21 of the GDPR to lodge an objection to the processing of your personal data, in so far as there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without the need to specify any particular situation.
If you would like to exercise your right of withdrawal or objection, please send an email to: email@example.com.
11. Data security
For visits to our website, we use the widely-used SSL (Secure Socket Layer) process in conjunction with the highest level of encryption that is supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology. Whether a given page of our website is encrypted is shown by the closed representation of the key or lock icon in the lower status bar of your browser.
We also take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are constantly being improved in line with technological developments.