Privacy

III. General information on data processing

1. Scope of processing personal data

We only process your personal data insofar as this is necessary to provide a functional website with our content and services. Personal data is only processed in pursuit of a legitimate purpose and where there is a legal basis.

An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is required by law.

2. Legal basis for data processing

Consent (Art. 6 (1) (a) GDPR) - You have given us your consent to process your personal data for the specific purpose that we have explained to you. You have the right to withdraw your consent at any time. To do so, please contact the data protection officer using the contact details provided above.

Contract (Art. 6 (1) (b) GDPR) - The processing of your data is necessary for the fulfilment of a contract to which you are a party or for the implementation of pre-contractual measures taken at your request.

Legal obligation (Art. 6 (1) (c) GDPR) - The processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject.

Vital interests (Art. 6 (1) (d) GDPR) - The processing of your data is necessary to protect your vital interests or those of another person.

Public task (Art. 6 (1) (e) GDPR)) - The processing of your data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Legitimate interests (Art. 6 (1) (f) GDPR) - The processing of your data is necessary to safeguard a legitimate interest that we or another party have, provided that your own interests or fundamental rights and freedoms do not prevail.

Please note that we may not be able to provide you with our web shop if your data is processed in the fulfilment of a contract or a legal obligation and you do not provide the requested data.

IV. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights:

1. Right of access by the data subject (Art. 15 GDPR)

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you can request the following information from us:

• the purposes of the processing,
• the categories of personal data concerned,
• categories of personal data,
• the recipients or categories of recipient to whom the personal data have been or will be disclosed,
• the envisaged period for which the personal data will be stored, or the criteria used to determine that period,
• the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing,
• the right to lodge a complaint with a supervisory authority,
• where the personal data are not collected from the data subject, any available information as to their source,
• the existence of automated decision-making including profiling with meaningful information about the logic involved, the scope and the effects to be expected.
• If applicable, transfer of personal data to a third country or international organization.

2. Right to rectification (Art. 16 GDPR)

If your personal data is incorrect or incomplete, you have the right to obtain without undue delay the rectification or completion of the personal data.

3. Right to erasure (‘right to be forgotten’) (Art. 17 GDPR)

You have the right to demand that your personal data be deleted immediately if one of the following reasons applies:

• Your personal data are no longer necessary for the processing purposes for which they were originally collected;
• You withdraw your consent and there is no other legal ground for the processing;
• You object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
• Your personal data have been unlawfully processed;
• The deletion is necessary to fulfil a legal obligation under Union law or the law of the member state to which we are subject;
• The personal data was collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

Please note that the above reasons do not apply if the processing is necessary:

• For exercising the right of freedom of expression and information;
• For compliance with a legal obligation which requires processing by Union or Member State law to which you are subject or for the performance of a task carried out in the public interest or in the exercise of official authority;
• For reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
• For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
• For the establishment, exercise or defence of legal claims.

4. Right to restriction of processing (Art. 18 GDPR)

You have the right to request that the processing of your personal data be restricted if one of the following applies:

• You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data;
• In the case of unlawful processing, you oppose the erasure of the personal data and request the restriction of their use instead;
• We no longer need your personal data for the purposes of the processing, but you require your personal data for the establishment, exercise or defence of legal claims, or
• After you have objected to the processing pursuant to Art. 21 (1) GDPR, for the duration of the examination as to whether the legitimate reasons outweigh your reasons.

5. Right to notification (Art. 19 GDPR)

If you have the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data have been disclosed of the rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis us to be informed about these recipients.

6. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from us, provided that:

• the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) or on a contract pursuant to Art. 6 (1) (b) and
• the processing is carried out by automated means.

7. Right to object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.

We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

8. Automated individual decision-making, including profiling (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

• is necessary for entering into, or performance of, a contract between you and the controller;
• is authorised by Union or German State law which contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
• is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (b) GDPR applies, and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

9. Right to revoke the data protection consent declaration (Art. 7 (3) GDPR)

You have the right to withdraw your consent at any time. The revocation of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

A list of the locally responsible supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection under the following link:

https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

V. Data sharing and international transfer

VI. Provision of the website and creation of log files

The website is hosted on servers of our service provider

VISTEC Internet Service GmbH
Hagenauer Str. 42
65203 Wiesbaden, Germany.

The website server is geographically located in Germany.

Our hosting service provider does not collect any data.

VII. Use of Cookies

1. Description and scope of data processing

The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.

We require the technically necessary cookies for the following applications:

• Adoption of language settings;
• Remembering search terms;
• Functionality of the website.

3. Legal basis for data processing

The provisions of the Telecommunications and Telemedia Data Protection Act (TTDSG) apply to the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment.

If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, cookies are stored and accessed on your terminal equipment based on § 25 (2) No. 2 TTDSG. The purpose of storing and accessing the information in your terminal equipment is to make it easier for you to use our website and to be able to offer you our services as you have requested. Some functions of our website do not work without the use of these cookies and could therefore not be offered. Cookies are generally deleted after the end of the session (e.g. logging out or closing the browser) or after a specified period. Information on different storage periods for cookies can be found in the following sections of this privacy policy.

VIII. Registration

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data, including for the free download of our software. The data is entered into an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected as part of the registration process:

• First name and surname;
• Company name;
• E-mail address;
• Pseudonym;
• IP-address;
• Date and time of registration.

2. Purpose of data processing

User registration is required to fulfil a contract with the user or to carry out pre-contractual measures.

3. Legal basis for data processing

If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

This is the case for the data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

5. Exercising your rights

As a user, you have the option of cancelling your registration at any time. You can have the data stored about you amended at any time.

Specifically, you can request deletion in the following ways:

The user's personal data will be stored for as long as the registration is active. The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected, and statutory retention periods no longer require the data to be retained.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

IX. Web shop

We offer a web shop on our website. For this we use our own web shop software from InfoFabrik GmbH, Klingholzstr. 7, 65189 Wiesbaden.

Further information can be found in this privacy policy.

The website and web shop are hosted on our own servers. Third parties do not have access to server log files.

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

• Information about the browser type and version used;
• The user's operating system;
• The user's internet service provider;
• Date and time of access;
• IP-address;
• Websites from which the user's system accesses our website.

This data is not merged with other data sources. This data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of its website - the server log files must be recorded for this purpose.

We have concluded an order processing contract with the relevant service provider, in which we oblige the relevant service provider to protect user data and not to disclose it to third parties.

The website server is geographically located in Germany.

X. Payment options

1. Description and scope of data processing

We offer our customers various payment options for processing their orders. Depending on the payment option, we forward customers to the platform of the relevant payment service provider. After completing the payment process, we receive the customer's payment details from the payment service providers or our house bank and process them in our systems for invoicing and accounting purposes.

• Payment via PayPal

It is possible to process the payment transaction with the payment service provider PayPal. In addition to a direct payment method, PayPal also offers purchase on account, direct debit, credit card and payment by instalments.

Die European operating company of PayPal is:
PayPal (Europe) S.à.r.l. & Cie. S.C.A.
22-24 Boulevard Royal
2449 Luxembourg.

If you select PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal.

This involves the following data in particular:

• Name;
• Your address;
• E-mail address;
• Telephone / mobile phone number;
• IP address;
• Bank details;
• Card number;
• Expiry date and CVC code;
• Number of items;
• Item number;
• Data on goods and services;
• Transaction amount and tax charges;
• Information on previous purchasing behaviour.

The data transmitted to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may also pass on your data to third parties if this is necessary to fulfil contractual obligations or if the data is to be processed on our behalf.

When transferring your personal data within companies affiliated with PayPal, the following Binding Corporate Rules, which are approved by the competent supervisory authorities, apply:

https://www.paypal.com/de/webapps/mpp/ua/bcr

Other data transfers may be based on contractual protection provisions. For more information, please contact PayPal.

All PayPal transactions are subject to PayPal's privacy policy. You can find this at:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full/ .

• Further payment options

We also offer you the option of paying by invoice.

2. Purpose of data processing

The transmission of payment data to payment service providers serves to process the payment, e.g. when you purchase a product and/or utilise a service.

3. Legal basis for data processing

The legal basis for data processing is Art. 6 (1) (b) GDPR, as the processing of the data is necessary for the fulfilment of the concluded purchase contract.

4. Duration of storage

All payment data and data on any chargebacks will only be stored as long as they are required for payment processing and possible processing of chargebacks and debt collection as well as to combat misuse.

Furthermore, payment data may be stored for longer if and as long as this is necessary to comply with statutory retention periods or to pursue a specific case of misuse.

Your personal data will be deleted upon expiry of the statutory retention periods, i.e. after 10 years at the latest.

5. Exercising your rights

You can withdraw your consent to the processing of your payment data at any time by notifying the data controller or the payment service provider used. However, if the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

XI. E-Mail contact

1. Description and scope of data processing

It is possible to contact us via the e-mail address provided on our website. In this case, the user's personal data transmitted with the e-mail will be stored.

The data is used exclusively for processing the conversation.

2. Purpose of data processing

In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

3. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. Our legitimate interest is to respond to your enquiry sent by email in the best possible way.

If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Exercising your rights

If you contact us by email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored while contacting us will be deleted in this case.

XII. Contact form

1. Description and scope of data processing

There is a contact form on our website that can be used to contact us electronically. If you make use of this option, the data entered in the input mask will be transmitted to us and stored.

The following data is stored when the message is sent:

• E-mail address;
• Surname;
• First name;
• Message text;
• IP address of the calling computer;
• Date and time.

2. Purpose of data processing

The processing of personal data from the input mask of the contact form or via the e-mail address provided serves us solely to process the contact.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. Legal basis for data processing

The legal basis for the processing of data transmitted while sending an e-mail is Art. 6 (1) (f) GDPR. Our legitimate interest is to answer your enquiry, which you send to us via the contact form, in the best possible way. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Exercising your rights

If the user contacts us via the input mask in the contact form, they can object to the storage of their personal data at any time by sending an email to info@infofabrik.de .

All personal data stored in the course of contacting us will be deleted in this case.

This privacy policy was created with the support of DataGuard .