The following Privacy Notice is effective for the use of our online services
(hereinafter "Web Site").
We value data privacy highly. The collection and processing of your personal data is done in line with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
Controller for the collection, processing and usage of your personal data according to article 4 no. 7 GDPR is
Schutz Marken Dienst GmbH
Manhagener Allee 76a
You can save and print this Privacy Notice at any time.
2. General Purpose of Processing
We use personal data for the purpose of running the Web Site, as well as, if you have contacted us beyond merely visiting our Web Site, for the purpose of maintaining contact with you.
3. What data is being used any why
We use and provide hosting services for the purpose of providing the following services: infrastructure and platform services, processing capacity, data storage capacity and database services, security services as well as technical maintenance services, which we employ for the purpose of maintaining the Web Site.
We process stock data, contact data, content data, contract data, usage data, meta and communication data of customers, prospective customers and visitors of the Web Site on the basis of our legitimate interest in an efficient maintenance of our Web Site, according to article 6, paragraph 1, 1 f) GDPR together with article 28 GDPR.
ii. Access data
We collect information about you, when you use the Web Site. We automatically collect information about your usage and your interaction with us and save data about your computer or mobile device. We collect, store and use data about every access to our Web Site (so called server log files). Among the data are:
- Name and URL of the accessed file
- Date and time of the access
- Amount of data transferred
- Notices of successful transfer (HTTP response code)
- Browser type and browser version
- Operating system
- Referrer URL (the web site visited prior to visiting our Web Site)
- Web sites, which were accessed by the user through our web site
- Internet service provider of the user
- IP address and provider
We use these log protocol data without association to your person and without any other profiling, for statistical analysis for the purpose of maintenance, security and optimization of our Web Site, as well as for the purpose of anonymous collection of the number of visitors to our Web Site (traffic), the amount and type of usage of our Web Site and services. Based on this information we can provide personalized and localized content and analyze, debug and improve our services.
This is also our legitimate interest according to article 6, paragraph 1, 1 f) GDPR.
We reserve the right to subsequently check the protocol data, if based on concrete evidence there is a justified suspicion of unlawful usage. IP addresses are saved for a limited time in the log files, where this is necessary for security reasons or for the purpose of providing our billing a service, e.g. if you are using one of our service offers. If the order process is aborted, or payment received, we delete the IP address, if it isn’t required for security reasons any more. We also store IP addresses where there is concrete suspicion of a criminal act in connection with the usage of our Web Site. Furthermore, as part of your account details, we save the date of your last visit (e.g. upon registration, login, etc.).
We use so called session cookies in order to optimize our Web Site. A session cookie is a small text file, which is sent by the respective servers upon visit of an internet page, and stored on your hard drive temporarily. This file contains a so called session ID, which is used to associate multiple requests sent by your browser to a single session. This way your computer or device is recognized when you return to our Web Site. These cookies are deleted, as soon as you close your browser. One typical use of these cookies is to allow you to keep the shopping basket across multiple pages.
To a lesser extent we also use persistent cookies (also small text files which are saved on your computer or device). These remain on your hard drive and allow us to recognize your browser the next time you visit. The cookies will be deleted automatically after a predefined period of time. The duration can vary from 1 month to 10 years. The persistent cookies allow us to make our Web Site more user friendly, effective and secure. They allow e.g. an automatic login on subsequent visits.
The following data is generally stored in cookies:
- Login information
- Language settings
- Search terms used
- Information about the number of visits to our Web Site and usage of specific functions
Upon activation of a cookie, it is assigned an ID; your personal data is not associated with this ID. Your name, your IP address and similar data, which would allow an association of the cookie to you personally, is not being saved in the cookie. The cookie technology only provides us anonymized information, e.g. which pages of our shop have been visited, which products viewed etc.
You can adjust the settings of your browser so that you will be informed in advance of the placement of cookies and be able to decide, whether you would like to disallow the placement of a cookie for certain cases. You can even disallow the placement of cookies completely. The functionality of the Web Site may be affected by this.
iv. Data for the purpose of fulfilling contractual obligations
We process personal data which we require to fulfil our contractual obligations, such as the name, address, email address, ordered products, accounting and payment data. This data is necessary for the contractual purposes.
This data is deleted once the period of warranty as well as statutory periods of safekeeping have passed. Data associated with a user account (see below) is in all cases stored for the time that the account is maintained.
The legal basis for this processing of data is article 6, paragraph 1, 1 b) GDPR, because this data is required in order to fulfil our contractual obligations towards you.
v. User account
You can create a user account on our Web Site. If you want to create an account, we need the personal data requested at the account creation. At later logins, only your user name and the chosen password are needed.
Upon account creation, we request basic data (e.g. name, address) and communication data (e.g. email address), as well as login data (user name, password).
In order to ensure your valid registration, and in order to prevent unauthorized registrations by third parties, you will receive an email after registration with an activation link, in order to activate your account. Only when registration is complete, will we store your personal data permanently in our system.
You can request at any time the deletion of a user account that you have created. A text message to the contact details mentioned under number 1 is sufficient. We will then delete your personal data, unless we need it to process ongoing orders or due to statutory periods of safekeeping.
The legal basis for this processing of data is your consent according to article 6, paragraph 1, 1 a) GDPR.
In order to sign up for our newsletter, the data requested in the signup process is required. The signup for the newsletter is stored. Once you’ve signed up, you will receive an email requesting confirmation of the signup ("Double Opt In"). This is necessary to prevent third parties from signing up with your email address.
You can at any time withdraw your consent to receiving the newsletter, thereby cancelling your newsletter signup.
We store the signup data for as long as it is needed for sending the newsletter. The protocol of the signup process together with the email address is stored as long as we have a legitimate interest in being able to prove the initial consent. Usually, this relates to statutory periods of limitation, e.g. 3 years.
The legal basis for sending the newsletter is your consent according to article 6, paragraph 1, 1 a) GDPR in conjunction with article 7 GDPR. Legal basis for saving the signup protocol is our legitimate interest in proof of consent.
You can cancel your signup at any time. A text message to the contact details mentioned under number 1 is sufficient. Of course you will also find an "unsubscribe" link in each newsletter.
vii. Product recommendations
Independent of our newsletter we regularly send you product recommendations via email. This way we provide you with information about products and services from our array, which you might be interested in, based on your previous orders of products and services. We do this strictly in accordance with existing law. You can object to our sending of product recommendations to you at any time. A text message to the contact details mentioned under number 1 is sufficient. Of course you will also find an "unsubscribe" link in each product recommendation.
Legal basis for this is the statutory permission according to article 6, paragraph 1, 1 f) GDPR.
viii. Email contact
If you contact us (e.g. via a contact form or via email), we process your data in order to process your request/message, and also in case of follow-up questions.
If the data processing following your contact to us is done as actions preceding a contract, or if you are a customer of ours, the legal basis for the data processing is article 6, paragraph 1, 1 b) GDPR.
We only process further personal data if you give your consent (article 6, paragraph 1, 1 a) GDPR) or if we have a legitimate interest in processing your data (article 6, paragraph 1, 1 f) GDPR). A legitimate interest may be e.g. to reply to your email.
4. Google Analytics
We use Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so called cookies, text files, which are stored on your computer or device, and which allow analysis of the usage of the Web Site by you. The information created by the cookie about the usage of the Web Site by the visitor are generally transferred to a server by Google in the USA and stored there.
This is also a legitimate interest of ours according to article 6, paragraph 1, 1 f) GDPR.
Google has submitted and certified to the EU-US Privacy Shield framework. Google is thereby required to adhere to the standards and policies of European data privacy law. You can find further information under the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
The IP address transferred by your browser in the Google Analytics process is not linked with other data by Google. You can prevent the storage of the cookies with the help of specific settings in your browser. We advise you, however, that in this case you may not be able to use the full functionality of the Web Site.
Additionally, you can prevent the transfer of the data created by the cookie about your usage of the Web Site (including your IP address) to Google, as well as the further processing of this data by Google, by downloading and installing the browser plugin found under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser plugin, or for browsers on mobile devices, you can click the following link, in order to set an "opt out cookie". This cookie will prevent the collection of data by Google Analytics for your usage of our Web Site in the future (this "opt out cookie" only works in this browser and for this domain; if you delete cookies from your browser, you need to click the link again):
5. Duration of storage
Unless otherwise specifically noted we store personal data only for as long as it is required to fulfil the respective purposes.
In some cases the legislators requires the storage of personal data, e.g. in tax and trade law. In these cases, we store the data only for these statutory purposes, don’t process them further and delete them once the statutory period of safekeeping has expired.
6. Your rights
According to the applicable laws and regulations, you have different rights in relation to your personal data. If you would like to exercise these rights, you can address your request via email or mail to the contact listed in number 1, while clearly identifying your person.
Below you can find an overview of your rights.
i. Right of confirmation and disclosure
You have the right to receive a clear disclosure of the processing of your personal data.
You have at any time the right to receive a confirmation from us on whether we are processing personal data concerning you. If this is the case, you have the right to receive a free disclosure from us of all personal data we have stored regarding you. Additionally you have a right to the following information:
- the purposes for processing
- the categories of data that are being processed
- the recipients or categories of recipients to whom personal data has been made available, in particular in third party countries and international organizations
- if possible, the planned duration for which personal data is being stored, or, if this is not possible, the criteria for determining this duration
- the existence of the right of correction and deletion of personal data relating to you, or of limitation of processing by the controller, or of the right of objection to the processing
- the existence of a right of appeal to the controlling authority
- if the personal data was not collected from you, information about the origin of the data
- the existence of automated decision making, including profiling, according to article 22 paragraphs 1 and 4 GDPR and – at least in these cases – clear information regarding the logic involved as well as the scope and intended consequences of such processing for you
If personal data is transmitted to third party countries or international organizations, you have the right to be informed of the appropriate guarantees according to article 46 GDPR in relation to this transmission.
ii. Right of correction
You have the right to request correction and completion of the personal data regarding you.
You have the right to request immediate correction of incorrect personal data regarding you. Taking into consideration the purpose of the processing, you have the right to request completion of incomplete personal data regarding you, including via an additional statement.
iii. Right of deletion ("Right to be forgotten")
In a number of cases we are required to delete personal data relating to you.
According to article 17 paragraph 1 GDPR you have the right to request from us immediate deletion of personal data regarding you, and we are obligated to immediately delete this personal data, if one of the following reasons applies:
- The personal data is no longer required for the purposes, for which they were collected or otherwise processed
- You revoke your consent, on which the processing was based according to article 6, paragraph 1, 1 a) GDPR or article 9 paragraph 2 a) GDPR, and there is no other legal basis for the processing
- You object to the processing according to article 21 paragraph 1 GDPR and there are no prevailing legitimate reasons for the processing, or you object to the processing according to article 21 paragraph 2 GDPR
- The personal data was processed unlawfully
- The deletion of the personal data is required in order to fulfill an obligation stemming from European Union law or the law of a member country, to which we are subject
- The personal data was collected in relation to services of the information society according to article 8 paragraph 1 GDPR
If we have made public personal data, and we are obligated to delete it according to article 17 paragraph 1 GDPR, we will take appropriate measures, taking into account available technology and implementation costs, to inform controllers who are processing the personal data that you requested deletion of all links to this personal data and copies of this personal data.
iv. Right of limitation of processing
In several cases you have the right to request from us limitation of the processing of personal data regarding you.
You have the right to request from us limitation of processing, if one of the following cases applies:
- The correctness of the personal data is being contested by you, for the duration necessary for us to verify the correctness of the personal data
- The processing is unlawful and you have declined deletion of the personal data and instead requested the limitation of usage of the personal data
- We no longer require the personal data for the purposes of processing, but you require the data in order to enforce or defend your rights
- You have objected to the processing according to article 21 paragraph 1 GDPR, while it hasn’t been determined yet whether our legitimate interests prevail over your interests
v. Right of transmission
You have the right to receive personal data relating to you in machine readable format, to transmit it, or to have us transmit it.
You have the right to receive from us the personal data related to you, which you have provided to us, in a structured, established, machine readable format, and you have the right to transmit this data to a third party without obstruction by us, if
- The processing is based on consent according to article 6, paragraph 1, 1 a) GDPR or article 9 paragraph 2 a) GDPR, or on a contract according to article 6, paragraph 1, 1 b) GDPR and
- The processing is done using automated procedures
When making use of the right of transmission, you have the right to request that your personal data be made available directly to a third party controller, if technically feasible.
vi. Right of objection
You have the right to object to a lawful processing of your personal data by us, if this is grounded in your special situation, and our interests in processing are not prevailing.
You have the right to object at any time to the processing of your personal data, if this is done according to article 6, paragraph 1, 1 e) or f) GDPR, for reasons grounded in your special situation. This applies also to profiling based on these regulations. We will cease to process the personal data, unless we can establish a compelling reason that merits protection, which prevails over your rights and freedoms, or the processing is required to enforce or defend rights.
If we are processing personal data for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing; this also applies to profiling, if it is connected to direct marketing.
You have the right to object to processing of your personal data for the purposes of scientific or historic research, or for statistical purposes according to article 80 paragraph 1 GDPR, for reasons grounded in your special situation, unless the processing is necessary to fulfil an assignment of public interest.
vii. Automated decision making, including profiling
You have the right not to be submitted to a decision based solely on automated processing – including profiling -, if this decision has immediate legal effect on you or affects you in a similar way.
Automated decision making on the basis of collected personal data does not take place.
viii. Right of revocation of consent
You have at any time the right to revoke consent given for the processing of personal data.
ix. Right of appeal to the controlling authority
You have the right to place an appeal with a controlling authority, in particular in the member state that is your place of residence, your place of work, or the place of the alleged violation, if you are of the opinion, that the processing of your personal data is unlawful.
7. Data security
We take maximum care of the security of your data, within the limitations of the applicable data protection laws and the technical possibilities.
Your personal data is being transmitted in encrypted form. This applies to your orders as well as the user login. We use the encoding system SSL (Secure Socket Layer), but we draw your attention to the fact that data transmission on the internet (e.g. in email communication) may have security risks. Absolute protection of data from access by third parties is not possible.
In order to protect your data we maintain technical and organizational security measures according to article 32 GDPR, which we regularly adjust to the current state of the art.
We do not guarantee that our offers and services are available at specific times. Disruptions and outages cannot be excluded. Our servers are regularly backed up.
8. Transmission to third parties
Generally speaking we only use your personal data within our company.
Insofar as we employ third parties in the fulfillment of contracts (e.g. lawyers or other partners, who conduct searches for us or provide legal opinions), these third parties only receive personal data to the extent in which it is necessary for the respective fulfillment.
In case we outsource certain parts of the data processing, we obligate the processing party to process and use the personal data only in accordance with the applicable data protection laws and to ensure the protection of the rights of the concerned person.