1. Person responsible
The entity mentioned in the legal notice is responsible for the data processing described below.
2. Usage data
When you visit our website, temporary usage data is analyzed on our web server for statistical purposes to improve the quality of our websites. This dataset includes:
- the name and address of the requested content,
- the date and time of the request,
- the amount of data transferred,
- the access status (content transferred, content not found),
- a description of the browser and operating system used,
- the referral link that indicates the site from which you accessed our website,
- the IP address of the requesting computer, which is shortened so that it can no longer be traced to an individual. The mentioned log data is evaluated only in anonymized form.
3. Cookies required
We use cookies on our website that are necessary for its operation. Cookies are small text files stored on your device that can be read. There are session cookies, which are deleted as soon as you close your browser, and persistent cookies that are stored beyond a single session. We do not use these required cookies for analytics, tracking, or advertising purposes. Some of these cookies merely contain information about certain settings and are not personal. They may also be necessary to enable navigation, security, and page functionality. We use these cookies based on Art. 6(1) sentence 1 lit. f GDPR. You can configure your browser to inform you about the placement of cookies. This makes the use of cookies transparent to you. You can delete cookies at any time via your browser settings and prevent new cookies from being set. Please note that our websites may not be displayed correctly, and some functions may no longer be available.
| Name | Purpose | Storage Duration | Appropriate Data Protection Level |
|---|---|---|---|
| ARRAfinity | Load balancing | Until end of session | Data processed within the EU/EEA |
| connect.sid | Shopping cart cookie | Until end of session | Data processed within the EU/EEA |
4. Google Analytics
We use the web analytics tool "Google Analytics" to tailor our websites to your needs. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and read by us. This enables us to recognize and count returning visitors. In the context of Google Analytics, Google Ireland Limited and Google LLC (USA) assist us as processors under Art. 28 GDPR. Therefore, data processing may also take place outside the EU or EEA. Regarding Google LLC, an appropriate data protection level cannot be assumed due to processing in the USA. There is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing legal remedies. Please consider this when deciding whether to consent to our use of Google Analytics. Data processing is based on your consent, provided you have given it via our banner. Data transfer to a third country is based on Art. 49(1) lit. a GDPR. You can withdraw your consent at any time. Please follow this link and adjust the settings via our banner.
5. Third-Party Tracking Technologies for Advertising Purposes
We use cross-device tracking technologies to show you targeted advertisements on other websites based on your visit to our websites and to measure the effectiveness of our advertising efforts. Data processing is based on your consent, provided you have given it via our banner. Your consent is voluntary and can be withdrawn at any time. How does tracking work? When you visit our websites, third-party providers may retrieve recognition features for your browser or device (e.g., a browser fingerprint), evaluate your IP address, store or read recognition features on your device (e.g., cookies), or access individual tracking pixels. The individual characteristics can be used by third-party providers to recognize your device on other websites. We can commission third-party providers to display advertisements based on the pages you visited on our website. What does cross-device tracking mean? If you log in to a third-party service with your user data, the recognition features of various browsers and devices can be linked. If a third-party provider creates its own feature for your laptop, desktop PC, smartphone, or tablet, these individual features can be linked when you use your login credentials. This allows the third-party provider to control our advertising campaigns across different devices. Which third-party providers do we use for advertising purposes? Below are the third-party providers we work with for advertising purposes. If data is processed outside the EU/EEA in this context, please note the risk that authorities may access the data for security and surveillance purposes without notifying you or offering legal remedies. If we use providers in unsafe third countries and you consent, the transfer to a third country is based on Art. 49(1) lit. a GDPR.
| Provider | Maximum Storage Duration | Appropriate Data Protection Level | Withdrawal of Consent |
|---|---|---|---|
| Facebook Conversion and Retargeting Tags | tbd | No adequate data protection level. Transfer is based on Art. 49(1) lit. a GDPR. | To withdraw your consent, click here and adjust your settings via our banner. |
| Google Remarketing | tbd | No adequate data protection level. Transfer is based on Art. 49(1) lit. a GDPR. | To withdraw your consent, click here and adjust your settings via our banner. |
6. Newsletter Subscription and Distribution
You can subscribe to a newsletter on our website. Please note that we require certain data (at least your email address) for newsletter registration. The newsletter will only be sent if you have given us explicit consent. After subscribing on our website, you will receive a confirmation email to the email address you provided (so-called double opt-in). You can withdraw your consent at any time. An easy way to withdraw is provided via a link in every newsletter for unsubscription. In addition to the data already mentioned, we store further data necessary to prove that you subscribed to our newsletter. This may include storing the full IP address at the time of the subscription or confirmation and a copy of the confirmation email we sent. The corresponding data processing is based on Art. 6(1) sentence 1 lit. f GDPR, as it is in our interest to be able to demonstrate the legality of the newsletter distribution.
7. Integration of Other Technical Third-Party Content and Functions
We use the technical functions and content of third-party providers mentioned below to display our websites. Accessing our pages results in content from these third-party providers being loaded, as they provide the respective functions and content. As a result, the third-party provider receives the information that you have accessed our page, along with the usage data that is technically necessary in this context. We have no influence on further data processing by the third-party provider. Data processing is based on your consent, provided that you have given it in advance through our banner solution by clicking on the preview image. Please note that the use of third-party content and functions may result in your data being processed outside the EU or the EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without informing you or providing you with legal recourse. If we use providers in insecure third countries and you consent, the transmission to an insecure third country is based on Article 49(1)(a) GDPR.
| Provider | Adequate Level of Data Protection | Withdrawal of Consent |
|---|---|---|
| Google Maps by Google LLC (USA) | No adequate level of data protection. | The transfer is based on Article 49(1)(a) GDPR. If you have clicked on a preview image, the content from the third-party provider is immediately loaded. If you do not want such content to be loaded on other pages, please refrain from clicking on preview images. |
| OpenStreetMap by the OpenStreetMap Foundation (UK) | Processing only within the EU/EEA and UK (Adequacy Decision) | If you have clicked on a preview image, the content from the third-party provider is immediately loaded. If you do not want such content to be loaded on other pages, please refrain from clicking on preview images. |
| Storemapper SureSwift Capital, Inc. (USA) | No adequate level of data protection. | The transfer is based on Article 49(1)(a) GDPR. If you have clicked on a preview image, the content from the third-party provider is immediately loaded. If you do not want such content to be loaded on other pages, please refrain from clicking on preview images. |
| Embedding of Third-Party Content (Images/Videos) cdninstagram.com Facebook Inc. (USA) | No adequate level of data protection. | The transfer is based on Article 49(1)(a) GDPR. If you have clicked on a preview image, the content from the third-party provider is immediately loaded. If you do not want such content to be loaded on other pages, please refrain from clicking on preview images. |
| Embedding of Third-Party Content (Images/Videos) cdn.lightwidget.com Black Sail Division (PL) | Processing only within the EU/EEA | If you have clicked on a preview image, the content from the third-party provider is immediately loaded. If you do not want such content to be loaded on other pages, please refrain from clicking on preview images. |
8. Order in the Webshop
Processing Your Data When Placing an Order
If you decide to order products, we will process your data to fulfill and execute the contract and, if applicable, for the termination of the contract. Additionally, we will use your data to inform you about the status of the order. You can deactivate these notifications at any time through your account settings. The legal basis for data processing to fulfill the contract is Art. 6 (1) sentence 1 lit. b GDPR, and to comply with legal information and retention obligations, Art. 6 (1) lit. c GDPR. If you are ordering as a contact person for a company or organization, we process your data based on Art. 6 (1) sentence 1 lit. f GDPR. As a contact person, you can object to this processing at any time with future effect according to Art. 21 GDPR.
Forwarding of Email Addresses to Delivery Services
For orders placed through our online shop, we forward the email address you provided during the order to our logistics partner. The purpose is to fulfill our contractual obligation to deliver the ordered goods and to ensure that you can receive the goods. The legal basis is Art. 6 (1) lit. f) GDPR. Our legitimate interest is to ensure the shipping of the goods and a successfully completed ordering process. The email address also serves as an additional contact option to inform the buyer about the delivery status or to communicate in case of delivery issues. Our current logistics partner is Rhiem Services GmbH, which in turn uses various service providers for package delivery.
Payment Processing
Various payment methods are available during the ordering process (Paypal, direct debit, credit card, prepayment). Payment processing via PayPal is carried out by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, under their sole responsibility. During the payment process, you will be redirected to PayPal's pages to enter your data. PayPal only provides us with the chosen payment method and confirmation of a successful transaction. We do not receive any payment details, such as account or credit card information. The legal basis for processing your data is Art. 6 (1) sentence 1 lit. b GDPR. For more information on PayPal's data protection policy, please visit https://www.paypal.com/myaccount/privacy/privacyhub
Shop Reviews by TrustedShops
You can review our webshop, where your name, email address, as well as other contract/purchaser data (e.g., order number) and usage data (e.g., website log files) may be processed. The review is voluntary. If you leave a review, you consent to the associated data processing under Art. 6 (1) lit. a GDPR. The review process is supported by TrustedShops GmbH, with whom we have a data processing agreement in accordance with Art. 28 GDPR. For more information on data protection at TrustedShops, please visit https://business.trustedshops.de/impressum
Duration of Data Storage
We store your data as long as necessary for the above purposes or due to legal retention obligations. The data in your customer account is stored until you delete the account. Data related to an order is stored for 3 years after the completion of the order, unless longer storage is required due to legal retention obligations (e.g., under commercial or tax law). The period begins at the end of the calendar year in which the triggering event occurred.
9. Your Rights as a Data Subject
Under the GDPR, you have certain rights regarding the processing of your personal data:
Right to Information (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to access this personal data and the detailed information listed in Art. 15 GDPR.
Right to Rectification (Art. 16 GDPR)
You have the right to request the immediate correction of inaccurate personal data concerning you and, where applicable, the completion of incomplete data.
Right to Erasure (Art. 17 GDPR)
You have the right to request the immediate deletion of personal data concerning you, provided one of the reasons listed in Art. 17 GDPR applies.
Right to Restrict Processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, for example, if you have objected to processing for the duration of the review by the controller.
Right to Data Portability (Art. 20 GDPR)
In certain cases outlined in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format or to request the transmission of this data to a third party.
Right to Withdraw Consent (Art. 7 GDPR)
If data processing is based on your consent, you have the right under Art. 7 (3) GDPR to withdraw your consent at any time. Please note that the withdrawal only applies to future processing. Processing carried out before the withdrawal is not affected.
Right to Object (Art. 21 GDPR)
If data is collected based on Art. 6 (1) sentence 1 lit. f GDPR (data processing to protect legitimate interests) or Art. 6 (1) sentence 1 lit. e GDPR (data processing in the public interest or in the exercise of public authority), you have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data. We will then cease processing your personal data unless there are compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection laws. This right may be exercised with a supervisory authority in the member state of your habitual residence, place of work, or the location of the alleged violation.
Exercising Your Rights
Unless otherwise stated above, please contact the entity named in the imprint to exercise your rights as a data subject.
10. Contact Details of the Data Protection Officer
Our external data protection officer is available to answer any questions you may have regarding data protection at the following contact details:
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: www.datenschutz-nord-gruppe.de
Email: office@datenschutz-nord.de
When contacting our data protection officer, please also mention the responsible entity listed in the imprint.
