These data protection instructions take into account the requirements of the EU General Data Protection Regulation (DSGVO) to be implemented by 25.05.2018 at the latest, which came into force on 25.05.2016, as well as the German Federal Data Protection Act (BDSG).
Consent to privacy
This consent is given voluntarily and without the exercise of any compulsion. There is full freedom of choice to make the statement or not. If the consent is denied, this does not entail any disadvantages. However, the performance of the contract may be impracticable without the processing of personal data, as performance of the contract may be subject to the processing of personal data.
Personal data will only be collected, processed, used and stored for the purposes set out below and in the forms described below.
There is the right of revocation of the once given consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. This is explicitly stated. The right of withdrawal can not be waived.
The privacy statement is expressly referred to.
Consent of the data subject is any expression of will voluntarily given in a specific, unambiguous and unambiguous manner in the form of a statement or other unambiguous confirmatory act by which the person concerned indicates that he agrees to the processing of his personal data.
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “affected person” or “you”); a natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person.
Processing means any process performed with or without the aid of automated processes, or any such process associated with personal data such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using, disclosure through submission, dissemination or any other form of provision, reconciliation or association, restriction, erasure or destruction.
Restriction of processing the marking of personal data stored with the aim to limit their future processing.
The person responsible is the natural or legal person, public authority, body or other body which, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.
Third is a natural or legal person, public authority, agency or other entity other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.
Supervisory authority is an independent public authority established by a Member State in accordance with Article 51 of the GDPR.
2. Handling of personal data and data storage
We use personal data for the processing of orders, the delivery of goods and the provision of services and the processing of payment. We also use personal information to communicate with the individual and to update our records and maintain and maintain the customer’s accounts with us. We also use personal information to improve our shop and our platform, to prevent or detect misuse, in particular fraud, or to enable third parties to carry out technical, logistical or other services on our behalf. The collection, storage and processing of personal data is particularly necessary because only then the desired by the person concerned service can be provided by the person in charge. The storage of the personal data takes place for the duration of the order processing and execution of the contract or as far as this is necessary due to legal regulations (for example tax regulations).
Personal data are used exclusively for establishing the contract, content, execution or execution of the contractual relationship (Article 6 (1) (b) DSGVO). In addition, personal data will only be processed if we have obtained your consent to do so (Article 6 (1) (a) GDPR). We record this consent.
3. Use of the website
The use of the (publicly accessible) website is usually possible without the provision of personal data. If parts of the website (for example, the ordering process) rely on the provision of personal data in order to ensure the function or to be able to fulfill the contract, the person concerned is requested to enter the personal data in the appropriate place and can decide on the input. As far as on our sides personal data over forms are raised (for example name, address or E-Mail address), this takes place always on freiwilliger basis and with explicit permission of the concerning, which is logged.
You can contact us by e-mail, fax or telephone. We store the data transmitted to us and provided by you for processing the request.
Every time a data subject receives access to a page of our offer and every time a file is stored on the Internet, access data about this process are stored in a log file. Each record consists of:
(1) the page from which the file was requested
(2) the name of the file,
(3) the date and time of the request,
(4) the amount of data transferred,
(5) access status (file transfer, file not found etc.) / Http status code,
(6) a description of the type of operating system and web browser used,
(7) the client IP address.
(8) Time Zone Difference to Greenwich Mean Time (GMT)
The data is stored with every access of a user on one side of our offer and with each call of our Internet presence and is deleted, as soon as they are no longer necessary for the purpose of the collection or the processing.
The temporary storage of the aforementioned data is based on the legal basis of Art. 6 para. 1 lit. f) EU General Data Protection Regulation (DSGVO). The legitimate interest lies in the provision of our website. The affected person can object to the processing at any time.
4. Principle of data avoidance, lawfulness of processing
In addition, as far as we are able to do so, the collection of personal data will be waived. We adhere to the principle of data avoidance, which we take very seriously. We treat personal data confidentially and in accordance with the statutory data protection regulations.
The scope of the personal data provided to us is appropriate to the purpose and limited to what is necessary for the purposes of the processing.
The processing of personal data takes place for the purpose of fulfilling the contract, which the person concerned closes with the person responsible at the request of the person concerned.
The same applies if the person concerned voluntarily contacts us at our own request and initiative on our contact form.
5. Persons under 16 years
Persons under the age of 16 should not submit any personal data to us or consent to them without the consent of their legal representative.
6. Unlawful acts by third parties
If we have concrete indications for an unlawful act or if we are requested by legal authorities, we will issue the data we have available to us to prosecute the competent legal authorities.
7. Data transfer
The stored data will not be passed on to third parties. The following exceptions exist:
To fulfill the contract, the data will be forwarded to the shipping company responsible for the delivery, insofar as this is necessary for the delivery of ordered goods. In order to process payments, the required payment data – insofar as required with regard to the type of payment and the extent of the transfer – are forwarded to the credit institution commissioned with the payment and, if applicable, to the commissioned and selected payment service provider. The processing of your personal data takes place exclusively within the EU.
If necessary, the data may also be transmitted to an approval office of the competent authority for the purposes of registration. If your data is passed on to us by third parties, we process this data just as carefully and securely as the data you entrust to us. If we make your approval to the competent authority, the collection and transfer of your personal data required for this purpose is essential in order to obtain the authorization and to fulfill the contract against you.
8. Data security
All data on our website are protected against loss, destruction, access, modification and dissemination through technical and organizational measures. We point out that the transmission of data on the Internet (for example in the case of communication by e-mail or through harmful infiltration of the visitor’s computer by third parties) may have security gaps. A complete protection of the data from access by third parties is not possible.
We assume no liability for personal data collected and processed by third parties and are not responsible for this.
9. Communication of personal data
We collect personal data if the person concerned volunteers to do so when ordering, when contacting us (for example, by contact form or e-mail), opening a customer account and registering for it. We collect and store all information that the data subject enters on our website or transmits to us in another way. In addition, the processing and collection of personal data by default is only to the extent that this is necessary for the intended purpose of processing.
10. Need for data collection, cookies and the use of Google (Universal) Analytics for web analytics
You have the right to object at any time to the processing of personal data that takes place pursuant to Art. 6 (1) (1) (f) GDPR.
Article 21 DSGVO is expressly referred to.
Our website uses Google (Universal) Analytics, a web analytics service provided by Google Inc. (www.google.com). Google (Universal) Analytics uses methods that allow you to analyze the use of the website, such as so-called “cookies”, text files that are stored on your computer (see point 10). The generated information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address will be shortened prior to transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The anonymized IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
You can prevent Google’s collection of data generated by the cookie and your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link : http://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser plug-in, you can click on this link to prevent the collection by Google Analytics on this website in the future. An opt-out cookie is stored on your device. If you delete your cookies, you must click the link again.
The data subject has the right to object at any time to the processing of personal data which takes place pursuant to Art. 6 (1) (1) (f) GDPR.
Article 21 DSGVO is expressly referred to.
11. Use of WordPress Stats for web analysis
This website uses WordPress.com Stats, a visitor traffic statistics tool operated by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110-4929, USA, using Quantcast Inc., 201 3rd tracking technology St, Floor 2, San Francisco, CA 94103-3153, USA. WordPress.com-Stats uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is stored on a server in the USA. The IP address is anonymized immediately after processing and prior to its storage. You can prevent the installation of cookies by setting your browser software accordingly; However, please be aware that if you do this you may not be able to use the full functionality of this website. You can object to the collection and use of the data by Quantcast with effect for the future, by clicking on the link an opt-out cookie set in your browser at this point: http://www.quantcast.com/opt -out. If you delete all cookies on your computer, you must set the opt-out cookie again.
12. Use of Facebook plugins
Our website uses so-called social plugins (“plugins”) of the social network Facebook operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Social Plug-in of Facebook” or “Facebook Social Plugin”. An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins
If you visit a page of our website that contains such a plugin, your browser connects directly to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are currently not logged in to Facebook. This information (including your IP address) will be transmitted by your browser directly to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can immediately assign the visit to our website to your Facebook profile. If you interact with the plugins, for example, click the “Like” button or leave a comment, this information is also transmitted directly to a Facebook server and stored there. The information will also be posted on your Facebook profile and displayed to your Facebook friends.
If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website.
You can completely prevent the loading of Facebook plugins even with add-ons for your browser, e.g. with the “Facebook Blocker” (http://webgraph.com/resources/facebookblocker/).
13. Using Google+ Plugins (for example, “+1” button)
Our website uses social plugins (“plugins”) from the Google+ social network operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The plugins are z. B. on buttons with the sign “+1” on a white or colored background recognizable. An overview of the Google Plugins and their appearance can be found here: https://developers.google.com/+/web/
When you visit a page of our website that contains such a plugin, your browser connects directly to Google’s servers. The content of the plugin is transmitted by Google directly to your browser and integrated into the site. The integration gives Google the information that your browser has accessed the corresponding page of our website, even if you do not have a profile on Google+ or are currently not logged in to Google+. This information (including your IP address) will be sent from your browser directly to a Google server in the US and stored there.
If you’re logged in to Google+, Google can instantly associate your visit to our website with your Google+ profile. If you interact with the plugins, for example by pressing the “+1” button, the corresponding information is also transmitted directly to a Google server and stored there. The information will also be published on Google+ and displayed there to your contacts.
If you do not want Google to immediately associate the data collected through our website with your profile on Google+, you’ll need to log out of Google+ before you visit our website.
You can completely prevent the loading of Google Plugins even with add-ons for your browser, eg. With the script blocker “NoScript” (http://noscript.net/)
14. Valuation reminder by e-mail
If you have given us your explicit consent during or after your order by activating a checkbox or by clicking on a dedicated button, we will use your reminder e-mail address to submit an evaluation of your order via us used rating system. This consent can be revoked at any time by a message to the contact option described below.
15. Integration of the Trusted Shops Trustbadge
To display our Trusted Shops quality seal and any collected reviews and to offer the Trusted Shops products for buyers after placing an order, the Trusted Shops Trustbadge is included on this website.
This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in the optimal marketing of our offer pursuant to Art. 6 (1) sentence 1 lit. f DSGVO. The Trustbadge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the trust badge is called, the web server automatically stores a so-called server log file, which is e.g. Your IP address, date and time of retrieval, transmitted amount of data and the requesting provider (access data) contains and documented the call. These access data will not be evaluated and automatically overwritten within seven days after the end of your page visit.
Other personal data will only be transferred to Trusted Shops, as far as you have consented to this, decide after the completion of an order for the use of Trusted Shops products or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.
If you have given us your explicit consent by activating a checkbox or by clicking on a dedicated button, we will use your e-mail address to send you a newsletter. The principles concerning the collection and processing of personal data apply in particular to the registration for our newsletter.
It is possible to sign up for a newsletter. If the person concerned signs up for a newsletter, the data stored there by the person concerned during registration will be transmitted to us from the input mask. These are the specified e-mail address, last name, first name, IP address, time and date of registration.
On Art. 6 para. 1 lit. a) and Art. 7 para. 4 DSGVO, in particular lit. a) -c), is expressly incorporated by reference.
The data will be deleted as soon as they are no longer necessary for the achievement of the purpose and the person concerned has unsubscribed from the newsletter. Thereafter, a storage for ten years from the last dispatch of information by e-mail for purposes of proof in case of queries regarding existing consent, taking into account the limitation period.
The use of the data to obtain the information by e-mail can be objected to at any time with effect for the future by unsubscribing from the newsletter. The given consent can be revoked at any time by a message to the contact option described below.
17. Right of appeal to a supervisory authority, Art. 77 DSGVO
Without prejudice to any other administrative or judicial remedy, any interested party shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his residence, place of work or place of alleged infringement, if the person concerned considers that the processing of the personal data concerning him or her is against him this regulation is in breach.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
18. Right to information, Art. 15 GDPR
The person concerned has the right to the following information:
Category of personal data being processed
Recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
(if possible) the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
There is a right to rectification or deletion of your personal data or restriction of our processing or right of objection to such processing
Existence of a right of appeal to a supervisory authority
if the personal data are not collected from the data subject: all available information about the source of the data
Existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject
If personal data are transmitted to a third country or to an international organization, the data subject has the right to be informed about the appropriate guarantees under Art. 46 GDPR in connection with the transfer.
We provide the person concerned with a copy of the personal data that is the subject of the processing. For all other copies requested by the data subject, we may charge a reasonable fee based on administrative costs.
19. Right to rectification, Art. 16 GDPR
The data subject has the right to demand from the person responsible without delay the correction of incorrect personal data concerning you. In consideration of the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.
20. Right to cancellation, Art. 17 GDPR
The data subject has the right to ask the person responsible for the personal data concerned to be deleted immediately and the person responsible is obliged to delete personal data immediately, if one of the following reasons applies:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
the person concerned revokes his consent, to which the processing pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) DSGVO and there is no other legal basis for processing
the person concerned files an objection against the processing in accordance with Art. 21 (1) GDPR and there are no legitimate reasons for the processing, or he objects to the processing in accordance with Art. 21 (2) GDPR
the personal data were processed unlawfully
the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject
the personal data were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
After completion of the contract, the personal data will be blocked for further use and deleted after expiry of the tax and commercial retention periods, unless the person concerned has expressly consented to further use of his data or we reserve the right to use the data beyond that legally permitted is. Please note that these are legally standardized retention periods. Since the data for the execution of the contract must be stored and processed, an objection or premature deletion is not possible.
21. Right to restriction of processing, Art. 18 GDPR
The data subject has the right to demand that we restrict the processing if one of the following conditions applies:
The accuracy of the personal data is contested by the data subject, for a period of time that allows us to verify the accuracy of the personal data
the processing is unlawful and the data subject refuses the deletion of the personal data requested and instead the restriction of the use of the personal data
we no longer need the personal data for the purposes of processing, but the data subject requires them to assert, exercise or defend legal claims, or
the person concerned objects to the processing pursuant to Art. 21 (1) GDPR, as long as it is not certain whether the legitimate reasons of the person responsible outweigh those of the person concerned.
22. Right to information, Art. 19 GDPR
If the person concerned has asserted a correction according to Art. 16 DSGVO, a deletion of Art. 17 (1) GDPR or a restriction of processing according to Art. 18 GDPR with regard to his personal data, the person responsible has all the recipients against whom the personal data Data of the person concerned were disclosed, informed of the request of the person concerned (as far as this was not impossible or associated with disproportionate effort), then the person concerned has the right to be informed by the person responsible about the recipient.
23. Right to data portability, Art. 20 GDPR
The data subject has the right to receive personal data relating to him or her in a structured, common and machine-readable format, and has the right to transfer this data to another person without hindrance, provided that
the processing on a consent according to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) or on a contract pursuant to Art. 6 para. 1 lit. b) DSGVO is based and
the processing is done by automated methods.
Rights and freedoms of other persons must not be affected.
When exercising the right to data portability in accordance with paragraph 1, the data subject has the right to obtain that the personal data are transmitted directly by us to another person responsible, as far as this is technically feasible.
The exercise of the right to data portability is without prejudice to the right of cancellation under Art. 17 GDPR. The right to data portability does not apply to processing necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
24. Right of objection, Art. 21 GDPR
The person concerned has the right at any time, for reasons arising from his particular situation, against the processing of personal data relating to him which, on the basis of Article 6 (1) lit. e) or f) GDPR, objection is lodged; this also applies to profiling based on these provisions.
We no longer process personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or processing for the purpose of enforcing, pursuing or defending legal claims.
If personal data is processed in order to operate direct mail, then the data subject has the right to object at any time to the processing of personal data concerning him for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
25. Automated decisions in individual cases including profiling, Art. 22 DSGVO
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on him or similarly significantly affects him.
This does not apply if the decision
is required for the conclusion or performance of a contract between the person concerned and us,
is permitted under Union or Member State legislation to which we are subject, and where such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the person concerned, or
with the express consent of the person concerned.
These decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a) or g) GDPR and reasonable measures have been taken to protect the rights and freedoms as well as the legitimate interests of the data subject.
In the aforementioned cases of data subject rights, we take reasonable steps to uphold the rights and freedoms and legitimate interests of the person concerned, including at least the right to obtain the intervention of a person on our side, to express his or her own position and to challenge the decision belongs.
26. Right to a judicial remedy
Without prejudice to any available administrative or extrajudicial remedy, including the right to complain to a supervisory authority under Article 77 GDPR, any interested party has the right to an effective judicial remedy, if he considers that the rights conferred on him by that regulation are not in conformity infringement of the processing of his personal data.
Claims against us against a processor are brought before the courts of the Member State in which we or the processor have a place of business. Alternatively, such actions may be brought before the courts of the Member State in which the person concerned is resident, unless we or the processor is an authority of a Member State acting in the exercise of its sovereign powers.
27. Contact and Responsible i.S.d. DSGVO
Emanuel Scheiber e.K. Schilderfabrik, represented by the managing director Frank Keusch
Tel.: 034922 60442
Fax: 034922 60440
28. Data protection officer
If you have questions about data protection, please write us an e-mail or contact our data protection officer directly: