Data protection declaration

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.

 
Server log files
You can use our websites without submitting personal data. 
Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.
 
Collection and processing when using the contact form 
When you use the contact form we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact. By submitting your message you agree to the processing of your transmitted data. Processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent.You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. We will only use your email address to process your request. Finally your data will be deleted, unless you have agreed to further processing and use.
 
Use of Google reCAPTCHA 
Our website uses the reCAPTCHA service by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). The request serves to distinguish whether the input was made by a human or automatic machine processing. For this purpose your input will be transmitted to Google and used by them further. In addition, the IP address and any other data required by Google for the reCAPTCHA service will be transferred to Google. This data will be processed by Google within the EU and potentially also in the USA. Transmission of data to the USA is covered by an adequacy decision by the European Commission, the “Privacy Shield”. Google participates in “Privacy Shield” and has submitted to its requirements. 
Processing is carried out on the basis of Article 6(1)f) GDPR due to our legitimate interest in protecting our website from automated spying, misuse and SPAM.
You can find more detailed information on Google reCAPTCHA and the associated data protection declaration at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy
 
Customer account
When you open a customer account, we will collect your personal data in the scope given there. The data processing is for the purpose of improving your shopping experience and simplifying order processing. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your customer account will then be deleted.
 
Data collection when you post a comment 
When you comment on an article or a contribution, we collect your personal data (name, email address, comment text) only in the scope provided by you. The processing serves to allow you to comment and to display comments. By submitting the comment you agree to the processing of the transmitted data. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. You personal data will then be deleted.
 
On publication of your comment only the name you have entered will be published.
 
Collection, processing, and transfer of personal data in orders
When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfilment and handling of your order as well as processing of your queries. The provision of data is necessary for conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfilment of a contract with you. 
Your data is transferred here for example to the shipping companies and dropshipping providers, payment service providers, service providers for handling the order and IT service providers that you have selected. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum.
 
 
Use of your email address for mailing of newsletters
We use your email address outside of contractual processing exclusively to send you a newsletter for our own marketing purposes, if you have explicitly agreed to this. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can unsubscribe from the newsletter at any time using the relevant link in the newsletter or by contacting us. Your email address will then be removed from the distributor.
 
Your data will be forwarded to a service provider for email marketing in the course of order processing. It will not be forwarded to other third parties.
 
Use of an external merchandise management system
We use a merchandise management system in the course of order processing for the purposes of contractual processing. For this purpose your personal data as collected in the course of the order will be sent to
JTL-Software-GmbH, Rheinstr. 7, 41836 Hückelhoven, Germany 
Data collection and processing, identity and credit check if you choose Billpay payment methods 
If you choose one of the payment options provided by our partner Billpay GmbH (Zinnowitzer Str. 1, 10115 Berlin), you will be asked during the order process to agree to the transmission to Billpay of the data required for the processing of the payment and an identity and credit check. If you give your consent, your data (first name, surname, street, house number, post code, city, date of birth, telephone number and in the case of the account details provided if paying by direct debit), as well as data in connection with your order, will be transferred to Billpay. The data processing is for the purpose of offering purchase on account as well as the credit check required for this. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. In order to carry out its in-house identity and credit check, Billpay, or the partner companies commissioned by Billpay, send data to credit agencies and receive information from them and, if applicable, information on creditworthiness on the basis of mathematical and statistical procedures, taking address information among other things into account. You can find more detailed information on this and the credit agencies used in Billpay GmbH’s data protection provisions at https://www.billpay.de/en/privacy-de/. The provision of data is required for conclusion of contract with your desired payment method. Failure to provide it will mean that the contract cannot be concluded with your desired payment method.
 
Data collection and processing when paying by credit card, direct debit and invoice via secupay AG
We have integrated the components secupay.Lastschrift (direct debit), secupay.Rechnungskauf (payment by invoice) and secupay.Kreditkarte (credit card) by secupay AG (Goethstr. 6, 01896 Pulsnitz; “secupay”) into our website. secupay is a payment institute in the sense of the Zahlungsdiensteaufsichtsgesetz (Payment Services Supervision Act - ZAG) registered with the Federal Financial Supervisory Authority (Graurheindorfer Str. 108, 53117 Bonn; “BaFin” (register number: 126737) and facilitates cashless payment for products and services online. secupay forms a procedure allowing the claim for the purchase price to be assigned to secupay. This allows a retailer to deliver goods, services or downloads to the customer immediately after the order is placed. If you choose “direct debit”, “payment by invoice” or “credit card” via secupay when ordering from us, your data will automatically be transmitted to secupay. By choosing one of these payment options you agree to transmission of your personal data as necessary for handling the payment. When handling the purchase via secupay, your payment method data is transmitted to secupay. secupay then carries out a technical check on the risk of payment default. The online retailer is then automatically notified that the financial transaction has been carried out. The personal data exchanged with secupay includes first name, last name, address, email address, IP address, phone number and other data which is required for handling the payment. Data is transmitted in order to process your payment and prevent fraud. We will also transmit other personal data to secupay if there is a justified interest in doing so. The personal data exchanged between us and secupay may be transmitted by secupay to credit agencies. This transmission is for the purpose of identity and credit checking. secupay may forward the personal data to affiliated companies and service providers or subcontractors where this is necessary for the fulfilment of contractual obligations or the data is to be processed on its behalf. You have the option of withdrawing your consent for secupay to handle your data at any time. Withdrawal will not affect personal data which have to be processed, used or transmitted for (contractually compliant) payment processing. secupay’s applicable data protection provisions can be found at https://www.secupay.com/en/privacy-policy.
 
Using PayPal
All PayPal transaction are covered by the PayPal Data Privacy Statement. You can found this at https://www.paypal.com/de/webapps/mpp/ua/privacy-prev?locale.x=en_GB

 
Cookies
Our website uses cookies. Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again. We use cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognise your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.
 
Processing is carried out on the basis of § 15 (3) TMG (Telemedia Act) as well as art. 6 (1) lit. f GDPR due to our justified interest in the purposes above.
The data collected in this way is pseudonymised using technological measures. It is therefore not possible to connect the data to your person. The data will not be stored together with other personal data pertaining to you. You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR by contacting us, for reasons relating to your personal situation. Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Duration of storage 
After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.
 
Rights of the affected person
If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.
 
Contact us at any time. Our contact details can be found in our imprint.
 
Right to complain to the regulatory authority
You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.
 
Right to object
If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect.
If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
If personal data is being processed for the purposes of direct advertising, you can objection to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct advertising.
 
last update: 25.04.2018