+49 (0) 7821 32901 0 wir sprechen Deutsch / nous parlons français

product search

I am an EMUK customer

email address
pasword
forgot password

register

Your basquet is empty

Data protection notice

 

Data protection notice
 
Thank you for your interest in our company. Data protection is of particular importance to the executive of EMUK GmbH & Co. KG. Using the website of EMUK GmbH & Co. KG is fundamentally possible without disclosing any personal data. However, the processing of personal data may be necessary when a data subject wants to utilise specific services of our company through our website. When processing personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

Personal data such as the name, address, e-mail address or telephone number of a data subject are always processed in accordance with the General Data Protection Regulation (GDPR) and the national data protection provisions that apply for EMUK GmbH & Co. KG. With this data protection notice, our company informs the public of the type, scope and purpose of the personal data collected, used and processed by us. This data protection notice also informs data subjects of the rights they are entitled to.

EMUK GmbH & Co. KG as the controller has implemented numerous technical and organisational measures to ensure the most comprehensive possible protection of personal data processed through this website. Nevertheless, the transfer of data over the Internet is fundamentally subject to security vulnerabilities, so that absolute protection cannot be guaranteed. Every data subject is therefore free to provide us with their personal data using alternative means, for example, by telephone.
1. Definition of terms
The data protection notice of EMUK GmbH & Co. KG is based on the terminology used in the General Data Protection Regulation (GDPR) by the issuers of European directives and regulations. Our data protection notice is intended to be easy to read and understand for the public and our customers and business partners. We therefore explain the terminology that is used at the outset.
We use the following terms among others in this data protection notice:
  • a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject” in the following). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
  • c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as 

collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
  • e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • g) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
  • j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
 
k) Consent 
                                                                                                                                                                                                                                                                                                                Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
 
2. Name and address of the controller
The controller in terms of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other data protection provisions is:
EMUK GmbH & Co. KG
Raiffeisenstr. 39
77933 Lahr
Germany
Phone: 07821 32901–0
E-mail: info@emuk.com
Website: www.emuk.com
 
3. Collection of general data and information
Each time EMUK GmbH & Co. KG’s website is called up by a data subject or automated system, the website collects various general data and information. Such general data and information are stored in server logfiles. The following may be recorded: (1) the browser type and version, (2) the operating system of the accessing device, (3) the website from where an accessing system gets to our website (referrer URL), (4) the pages on our website accessed by an accessing system, (5) the date and time of accessing the website, (6) an IP (Internet Protocol) address, (7) the accessing system’s Internet service provider and (8) other similar data and information for the purpose of defence against hazards in case of attacks on our IT systems.
In using these general data and information, EMUK GmbH & Co. KG does not draw any conclusions about the data subject. In fact this information is needed to (1) correctly deliver the content of our website, (2) optimise the content of our website and advertising for the same, (3) ensure the ongoing functioning of our IT systems and the technology of our website and (4) provide law enforcement authorities with information required for prosecution in case of a cyber attack. EMUK GmbH & Co. KG therefore evaluates these anonymously collected data for statistical purposes and with the goal of improving data protection and data security in our company, so as to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server logfiles are stored separately from all personal data provided by a data subject.
 
4. Subscription to our newsletter
Users have the option to subscribe to our company newsletter on the EMUK GmbH & Co. KG website. What personal data are transmitted to the controller when subscribing to the newsletter is apparent from the input screen used for this purpose.
EMUK GmbH & Co. KG regularly informs its customers and business partners about company offers through a newsletter. On principle, our company newsletter can only be received by the data subject when (1) the data subject has a valid e-mail address and (2) the data subject has subscribed to the newsletter. For legal reasons, a confirmation message is 
sent to the e-mail address provided for the newsletter subscription in a double opt-in process. The purpose of this confirmation message is to verify that the owner of the e-mail address as the data subject has authorised the subscription to the newsletter.
We also store the IP address of the data subject assigned by the Internet service provider (ISP) for the computer system used at the time of registration and the date and time of registration when you subscribe to our newsletter. Collecting these data is required so the (possible) misuse of the e-mail address of a data subject can be subsequently retraced, and thus serves as legal protection for the controller.
Personal data collected in the course of subscribing to the newsletter are used solely for sending out our newsletter. Newsletter subscribers may also be informed by e-mail insofar as this is required for the operation of the newsletter service or a related registration, for example, when the newsletter offering or the technical conditions change. There is no dissemination to third parties of personal data collected within the scope of the newsletter service. The subscription to our newsletter can be cancelled by the data subject at any time. The data subject’s consent to the storage of personal data for sending out the newsletter can be revoked at any time. There is a link in each newsletter for revoking consent. It is also possible to unsubscribe from the newsletter at any time directly on the controller’s website, or to otherwise notify the controller.
 
5. Newsletter tracking
The newsletters of EMUK GmbH & Co. KG contain what are known as tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails sent in the HTML format to support logfile recording and logfile analysis. This permits a statistical analysis of the success or failure of online marketing campaigns. An embedded tracking pixel allows EMUK GmbH & Co. KG to identify whether and when an e-mail was opened by a data subject and which links in the e-mail were followed by the data subject.
Personal data collected using the tracking pixel in the newsletters are stored and evaluated by the controller to optimise the sending of newsletters and to better adapt the content of future newsletters to the interests of the data subject. These personal data are not shared with third parties. Data subjects have the right to revoke the corresponding declaration of consent issued using the double opt-in procedure at any time. After revocation, these personal data are erased by the controller. EMUK GmbH & Co. KG automatically considers unsubscribing from the newsletter to constitute revocation.
 
6. Ways to contact us via the website
In compliance with legal regulations, EMUK GmbH & Co. KG’s website contains information that makes it possible to electronically contact our company quickly and enable direct communication with us, including a general electronic mail address (e-mail address). When a data subject contacts the controller by e-mail or using a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted voluntarily by the data subject to the controller are stored for the purpose of processing or to contact the data subject. These personal data are not disseminated to third parties.
 
7. Routine erasure and blocking of personal data
The controller processes and stores personal data of the data subject only for the period required to achieve the purpose of storage, or insofar as required by European directives and regulations or laws or regulations of other lawmakers that apply to the controller.
When the purpose of storage ceases to apply or the retention period prescribed by European directives and regulations or another applicable lawmaker ends, the personal data are routinely erased or blocked in accordance with the applicable legal regulations.
 
8. Rights of the data subject
  • a) Right to confirmation
Every data subject has the right granted by European directives and regulations to request confirmation from the controller as to whether or not personal data concerning the data subject are being processed. If the data subject wants to assert this right to obtain confirmation, they may contact our Data Protection Officer or another employee of the controller at any time.
  • b) Right to information
Every data subject for whom personal data are processed has the right granted by European directives and regulations to request information from the controller at any time, free of charge, regarding the personal data concerning the data subject being stored, and to receive a copy of this information. Furthermore, the data subject has the right granted by European directives and regulations to obtain the following information:
  • The purposes of processing
  • The categories of personal data being processed
  • The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • The existence of the right to lodge a complaint with a supervisory authority
  • Where the personal data are not collected from the data subject, any available information as to their source
  • The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
The data subject also has the right to information whether personal data are transferred to a third country or to an international organisation. If this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If the data subject wants to assert this right to information, they may contact our Data Protection Officer or another employee of the controller at any time.
  • c) Right to rectification
Every data subject for whom personal data are processed has the right granted by European directives and regulations to obtain the rectification of inaccurate personal data concerning the data subject, without undue delay. Taking into account the purposes of processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.If the data subject wants to assert this right to rectification, they may contact our Data Protection Officer or another employee of the controller at any time.
  • d) Right to erasure (right to be forgotten)
Every data subject for whom personal data are processed has the right granted by European directives and regulations to obtain from the controller the erasure of personal data concerning the data subject, without undue delay, where one of the following grounds applies and insofar as processing is not necessary:
  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent on which processing is based according to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, and there is no other legal ground for processing.
  • The data subject objects to processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for processing, or the data subject objects to processing pursuant to Article 21(2) GDPR.
  • The personal data have been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Insofar as one of the aforementioned reasons applies and a data subject wants to initiate the erasure of personal data stored by EMUK GmbH & Co. KG, they may contact our Data Protection Officer or another employee of the controller at any time. The Data Protection Officer of EMUK GmbH & Co. KG or another employee will ensure that the request for erasure is executed promptly.
Where EMUK GmbH & Co. KG has made the personal data public and our company as the controller is obliged pursuant to Article 17(1) GDPR to erase the personal data, EMUK GmbH & Co. KG, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replications of, those personal data, insofar as processing is not necessary. The Data Protection Officer of EMUK GmbH & Co. KG or another employee will take the necessary steps on a case-by-case basis.
  • e) Right to restriction of processing
Every data subject for whom personal data are processed has the right granted by European directives and regulations to obtain from the controller restriction of processing where one of the following applies:
  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Insofar as one of the aforementioned reasons applies and a data subject wants to initiate the erasure of personal data stored by EMUK GmbH & Co. KG, they may contact our Data Protection Officer or another employee of the controller at any time. The Data Protection Officer of EMUK GmbH & Co. KG or another employee will initiate the restriction of processing.                  
  • f) Right to data portability
  • Every data subject for whom personal data are processed has the right granted by European directives and regulations to receive the personal data concerning the data subject, which they have provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and processing is carried out by automated means, insofar as processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    In exercising the right to data portability pursuant to paragraph Article 20(1) GDPR, the data subject also has the right to have the personal data transmitted directly from one controller to another, where technically feasible, provided the rights and freedoms of others are not adversely affect.
    To assert the right to data portability, the data subject may contact the Data Protection Officer appointed by EMUK GmbH & Co. KG or another employee at any time.                                          
  • g) Right to object
  • Every data subject for whom personal data are processed has the right granted by European directives and regulations to object, on grounds relating to their particular situation, at any time to processing of personal data concerning the data subject which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
    In case of such an objection, EMUK GmbH & Co. KG shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or in case of processing for the establishment, exercise or defence of legal claims.
    Where personal data are processed by EMUK GmbH & Co. KG for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed by EMUK GmbH & Co. KG for such purposes.
    Where personal data are processed by EMUK GmbH & Co. KG for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to their particular situation, has the right to object to the processing of personal data concerning the data subject, unless such processing is necessary for the performance of a task carried out for reasons of public interest.
  • To assert the right to object, the data subject may contact the Data Protection Officer of EMUK GmbH & Co. KG or another employee directly. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.                                         
  • h) Automated individual decision-making, including profiling
  • Every data subject for whom personal data are processed has the right granted by European directives and regulations not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them, unless the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent.
    If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller or (2) is based on the data subject’s explicit consent, EMUK GmbH & Co. KG shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
    If the data subject wants to assert their rights related to automated decision-making, they may contact our Data Protection Officer or another employee of the controller at any time.                       
  • i) Right to revoke the data protection declaration of consent
  • Every data subject has the right granted by European directives and regulations to withdraw their consent for the processing of personal data at any time.
    If the data subject wants to assert their right to withdraw consent, they may contact our Data Protection Officer or another employee of the controller at any time.                                                   
  • 9. Data protection for applications and application processes
    The controller collects the personal data of applicants for the purpose of conducting the application process. Processing may also be carried out electronically. This is the case in particular when an applicant submits application documents to the controller using electronic means, such as e-mail or an online form on the website. When the controller concludes an employment contract with an applicant, the transmitted data are stored for the purpose of the employment relationship in compliance with the applicable legal regulations. If the controller does not conclude an employment contract with the applicant, the application documents are automatically erased two months after a notice of rejection is issued, unless erasure conflicts with other legitimate interests of the controller. In this context, an example of another legitimate interest is the burden of proof in proceedings under the German General Equal Treatment Act (AGG).
  •  
    10. Data protection provisions for the use of Facebook
    The controller has integrated components of the company Facebook on this website. Facebook is a social network.
    A social network is a social meeting place operated on the Internet, an online community that, as a rule, allows users to communicate and interact with each other in virtual space. A social network can serve as a platform to exchange opinions and experiences or allow the Internet community to share personal or business information. Among other things, Facebook allows the users of the social network to create private profiles, upload photos and network via friend requests.
    Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For data subjects living outside the USA or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
    When a page of this website, operated by the controller, with an integrated Facebook component (Facebook plugin) is called up, the respective Facebook component automatically causes the Internet browser on the data subject's IT system to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plugins is available under https://developers.facebook.com/docs/plugins/?locale=de_DE. In the course of this technical process, Facebook receives information about which concrete page of our website the data subject is visiting.
    If the data subject is logged on to Facebook at the time, Facebook is able to identify the concrete pages of our website visited by the data subject each time our website is accessed by the data subject and during the entire visit to our website. This information is collected by the Facebook component and assigned to the respective Facebook account of the data subject by Facebook. When the data subject activates one of the Facebook buttons integrated on our website, such as the “Like” button, or when the data subject posts a comment, Facebook assigns this information to the data subject's personal Facebook account and stores this personal data.
    Facebook always receives information from the Facebook component that the data subject is visiting our website when the data subject is logged on to Facebook at the time of accessing our website. This takes place regardless of whether the data subject activates the Facebook component or not. If the data subject does not want this transfer of information to Facebook, the transfer can be prevented by logging off the Facebook account before calling up our website.
    The Facebook privacy policy published under https://de-de.facebook.com/about/privacy/ provides information about the collection, processing and use of personal data by Facebook. It also explains the Facebook settings that are available to protect the data subject's privacy. Various applications are available as well to suppress the transfer of data to Facebook. Such applications can be used by the data subject to suppress data transfers to Facebook.
     
    11. Data protection provisions for the use of Twitter
    The controller has integrated Twitter components on this website. Twitter is a multilingual micro-blogging service available to the public where users can publish and share what are known as Tweets, short messages limited to 140 characters. These short messages can be accessed by anyone, including persons who are not logged on to Twitter. Tweets are also displayed to the respective user's followers. Followers are other Twitter users who follow a user's Tweets. Twitter also makes it possible to reach a broad audience by means of hashtags, links and retweets.
    Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
    When a page of this website, operated by the controller, with an integrated Twitter component (Twitter button) is called up, the respective Twitter component automatically causes the 
    Internet browser on the data subject's IT system to download a representation of the corresponding Twitter component from Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. In the course of this technical process, Twitter receives information about which concrete page of our website the data subject is visiting. The purpose of integrating the Twitter component is to allow our users to share the content of this website, make the website known in the digital world and increase our visitor numbers.
    If the data subject is logged on to Twitter at the time, Twitter is able to identify the concrete pages of our website visited by the data subject each time our website is accessed by the data subject and during the entire visit to our website. This information is collected by the Twitter component and assigned to the respective Twitter account of the data subject by Twitter. When the data subject activates one of the Twitter buttons integrated on our website, the data and information transferred as a result are assigned to the data subject's personal Twitter account and stored and processed by Twitter.
    Twitter always receives information from the Twitter component that the data subject is visiting our website when the data subject is logged on to Twitter at the time of accessing our website. This takes place regardless of whether the data subject activates the Twitter component or not. If the data subject does not want this transfer of information to Twitter, the transfer can be prevented by logging off the Twitter account before calling up our website.
    Twitter’s data protection provisions are available under https://twitter.com/privacy?lang=de.
     
    12. Data protection provisions for the use of YouTube
    The controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to publish video clips free of charge and other users to view, rate and comment on them, also free of charge. Since YouTube permits the publication of all kinds of videos, anything from complete motion pictures and television shows to music videos, trailers and videos created by users themselves can be accessed via the Internet portal.
    YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
    When a page of this website, operated by the controller, with an integrated YouTube component (YouTube video) is called up, the respective YouTube component automatically causes the Internet browser on the data subject's IT system to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube is available under https://www.youtube.com/yt/about/de/. In the course of this technical process, YouTube and Google receive information about which concrete page of our website the data subject is visiting.
    If the data subject is logged on to YouTube at the time, YouTube is able to identify the concrete page of our website visited by the data subject when a page containing a YouTube video is called up. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
    YouTube and Google always receive information from the YouTube component that the data subject is visiting our website when the data subject is logged on to YouTube at the time of accessing our website. This takes place regardless of whether the data subject activates a YouTube video or not. If the data subject does not want this transfer of information to YouTube and Google, the transfer can be prevented by logging off the YouTube account before calling up our website.
    The YouTube privacy policy published under https://www.google.de/intl/de/policies/privacy/ provides information about the collection, processing and use of personal data by YouTube and Google.
     
    13. Data protection provisions for the use of Google Fonts and Google Maps
    The controller has integrated components of the services Google Fonts and Google Maps from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on this website. These services require your browser to establish a connection with Google's servers. This means Google obtains knowledge of your IP address as a minimum. These services are used in the interest of a uniform and appealing presentation of our online offers. This is a legitimate interest according to point (f) of Article 6(1) GDPR.
     
    14. Payment method: Data protection provisions for PayPal as the payment method
    The controller has integrated PayPal components on this website. PayPal is an online payment service provider. Payments are processed through PayPal accounts representing virtual private or business accounts. PayPal also supports the processing of online credit card payments when a user does not have a PayPal account. Since a PayPal account is assigned to an e-mail address, there is no account number in the traditional sense. PayPal can be used to make online payments to third parties or to receive payments. PayPal also provides trustee services and offers buyer protection.
    The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
    When the data subject selects “PayPal” as the payment method during the ordering process in our online shop, data of the data subject are automatically transferred to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.
    As a rule, the personal data transferred to PayPal includes the first name, last name, address, e-mail address, IP address, phone number, mobile number and other data required for payment processing. Personal data related to the respective order are also required for the fulfilment of the purchase contract.
    The data are transferred for the purpose of payment processing and fraud prevention. In particular, the controller will transfer personal data to PayPal when there is a legitimate interest in doing so. The personal data exchanged between PayPal and the controller may be transferred to credit agencies by PayPal. This transmission is for the purpose of identity verification and credit screening.
    PayPal may transfer the personal data to affiliated companies and service providers or subcontractors to the extent this is required for the fulfilment of contractual obligations or the data will be processed as part of the order.
    The data subject may revoke their consent to the use of personal data by PayPal at any time. Revocation has no effect on the processing, use or transfer of personal data where this is essential for (contractual) payment processing.
    The applicable data protection provisions of PayPal are available under https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
    15. Legal basis for processing
    The legal basis for processing by our company where we obtain consent for a specific purpose of processing is point (a) of Article 6(1) GDPR. When processing personal data is required for the fulfilment of a contract where the data subject is a contracting party, for example, in case 
    of processing for the delivery of goods or the provision of services or other consideration, processing is based on point (b) of Article 6(1) GDPR. This applies correspondingly in case of processing required in order to take steps prior to entering into a contract, for example, in case of enquiries about our products or services. In cases when our company has a legal obligation that requires the processing of personal data, such as an obligation under tax law, processing is based on point (c) of Article 6(1) GDPR. In rare cases, processing may be necessary in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were to be injured on our premises and we would then have to provide their name, age, health insurance data and other vital information to a doctor, hospital or other third party. Processing would then be based on point (d) of Article 6(1) GDPR. Finally, processing may also be based on point (f) of Article 6(1) GDPR. This is the legal basis for processing that is not covered by any of the aforementioned legal bases, when processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing is permissible for us in particular because it is specifically mentioned in European law. It states that a legitimate interest could exist when the data subject is a client of the controller (Recital 47, sentence 2 GDPR).
     
    16. Legitimate interest in processing pursued by the controller or by a third party
    When the processing of personal data is based on point (f) of Article 6(1) GDPR, our legitimate interest is in carrying out our business for the benefit of all our employees and shareholders.
     
    17. Duration of storage for personal data
    The duration of storage for personal data is in accordance with the respective retention periods required by law. Data are routinely erased after the end of this period insofar as they are no longer needed for contract performance or contract initiation.
     
    18. Legal regulations or contract terms regarding the provision of personal data; necessity for contract conclusion; obligation of the data subject to provide personal data; possible consequences of failure to provide
    We hereby inform you that, in certain cases, providing personal data is prescribed by law (under tax regulations, for example) or contract terms (information about a contractual partner, for example). A data subject may have to provide us with personal data for the conclusion of a contract, which subsequently must be processed by us. For example, the data subject is obliged to provide us with personal data when concluding a contract with our company. Failing to provide the personal data would mean that the contract could not be concluded with the data subject. Before the data subject provides personal data, they are asked to contact our Data Protection Officer. Our Data Protection Officer can inform the data subject on a case-by-case basis whether providing personal data is prescribed by law or contract or required to conclude a contract, whether there is an obligation to provide the personal data, and what the consequences of failing to provide the personal data would be.
     
    19. Existence of automated decision-making
    We are a responsible company and do not use automated decision-making or profiling.
     
    This data protection notice was prepared using the data protection notice generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, serving as the External Data Protection Officer Neu-Ulm, in cooperation with the Attorney for IT and Data Protection Law Christian Solmecke. 
     
 
 
 
 
 
Diese Website verwendet Cookies. Mit der Nutzung unserer Website erklären Sie sich damit einverstanden, dass wir Cookies verwenden. Weitere Informationen erhalten Sie in unter "Info".
OK
Info