Thank you very much for your interest in our company. We take data protection seriously. You can generally use our website without providing any personal data. If a data subject wishes to make use of any services our company offers via our website, a processing of personal data may become necessary. Whenever it is necessary to process personal data and there is no legal basis for such processing, we always obtain the consent of the data subject.
The processing of personal data (e.g. name, address, email address or telephone number of a data subject) always complies with the General Data Protection Regulation (GDPR) and with the national data protection regulations applicable to us.
With the following Data Protection Statement, we wish to inform the data subjects about the rights to which they are entitled.
However, it is generally possible that any transfer of data via the Internet involves security vulnerability. It is therefore impossible to guarantee 100 per cent security. Therefore, every data subject can of course also alternatively provide us with personal data, for example by telephone.
This Data Protection Statement is based on the definition of terms used by the European regulatory authority in the General Data Protection Regulation (GDPR). This Data Protection Statement inter alia uses the following definitions:
• “personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• “data subject” means any identified or identifiable natural person whose personal data are processed by the controller in charge of processing;
• “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• “restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;
• “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
• “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• “recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing
• “third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
• “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
This Data Processing Statement applies to the processing of data by:
Controller: kvk73 GmbH, represented by the managing director Ms. Kim Vanessa Kortlepel, e-mail: email@example.com, telephone: +49 421 98985744.
a) When visiting our website
You can generally use our website without disclosing your identity. When accessing our website, the browser used by your terminal automatically sends information to our website server. This information is temporarily stored in a so-called logfile. In this context, the following information is collected without any action on your part, and stored until automatic erasure:
• IP address of the requesting computer,
• data and time of access,
• name and URL of the file retrieved;
• website, from which access is made (Referrer-URL),
• browser used and, if applicable, operating system of your computer and name of your access provider.
The mentioned data are processed by us for the following purposes:
• ensuring smooth website connection,
• ensuring comfortable use of our website,
• analysing the system security and stability and
• for further administrative purposes.
The relevant legal basis for data processing is Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest follows from the above-listed purposes for the collection of data. In no case do we use the collected data for the purpose of drawing any conclusions in respect of you.
b) When ordering via our website
You can place orders via our website either as a guest without registration, or you can register in our shop as a customer for future orders. Your advantage of registration is that in case of a future order you can directly log in to our shop with your email address and your password, without again entering your contact details.
Your personal data are upon registration entered in an entry mask, sent to us and stored. When you place an order via our website, we at first collect the following data, both in the case that you order as a guest, and in the case of a registration to the shop:
• salutatory address, first name, last name
• date of birth,
• a valid e-mail address,
• telephone number (fixed-line and/or mobile phone)
These data are collected
• to be able to identify you as our customer;
• to process, fulfil and deliver your order;
• to exchange correspondence with you;
• for billing purposes;
• for handling any liability claims that might arise and for the assertion of potential claims against you;
• to ensure the technical administration of our website;
• to manage your customer data.
The data processing follows your order and/or registration and is required according to Art. 6 (1) sentence 1 lit. b) GDPR for the above-stated purposes to appropriately process your order and to mutually fulfil obligations under the purchase contract.
The personal data which we collect for processing your order are stored until the expiry of the statutory retention duty and will thereafter be erased, unless we are obliged to longer storage due to retention and documentation duties under tax law or commercial law (under the German Commercial Code (HGB), the German Penal Code (StGB) or the German Tax Code (AO), or if you consented to the storage for further purposes according to Art. 6 (1) sentence 1 lit. a) GDPR.
c) When subscribing to the newsletter
You can order a newsletter on our website, which provides you with information on all our news.
If you wish to subscribe to our newsletter, you will have to state your email address on which you wish to receive the newsletter. The newsletter is sent only upon your express consent. After you have entered your email address, you will receive a confirmation mail to that stated email address. The newsletter is sent to you only after you have expressly confirmed your consent by clicking on a link provided in the confirmation email (so-called double-opt-in).
Your email address is collected and stored so that we can send you the newsletter. The legal basis for the processing of the data after subscription to the newsletter is provided in Art. 6 (1) sentence 1 lit. a) GDPR.
Your email address is stored until you unsubscribe from the newsletter.
You are of course entitled to withdraw your consent for the future and to unsubscribe from the newsletter at any time. For this purpose, please click on the relevant link in the newsletter sent to you, or inform us thereof via our contact data. Your email address is erased from the newsletter dispatch after withdrawal.
Your personal data will be transferred exclusively to our service partners involved in the processing of the contract, for example the logistics company commissioned to make the delivery and the credit institution handling payment transactions. If your personal data is transferred to third parties, the extent of the transferred data will be limited to the required minimum.
In case of payment via PayPal, credit card via PayPal, direct debit via PayPal, or “purchase on account” via PayPal, we will within the scope of payment processing transfer your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or “purchase on account” via PayPal. PayPal uses the result of the credit check with regard to the statistical default probability for deciding on providing the respective payment method. The credit check can include probability values (so-called score values). Insofar as score values flow into the result of the credit check, these are based on a scientifically recognized mathematic-statistical procedure. The calculation of the score values inter alia include the address data. You can obtain further information on data protection from the PayPal data protection principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Your personal data is not transferred to third parties for any purposes other than those stated above.
We also transfer your personal data to third parties only if
• you expressly granted your consent according to Art. 6 (1) sentence 1 lit. a) GDPR,
• the transfer according to Art. 6 (1) sentence 1 lit. f) GDPR is required for exercising or defending against legal claims, and if there is no reason to presume that you have an overriding interest in protection regarding the transfer of your data,
• for the case that the transfer is required for compliance with a legal obligation according to Art. 6 (1) sentence 1 lit. c), and
• if this is permitted by law and required according to Art. 6 (1) sentence 1 lit. b) for the performance of contractual relationships with you.
The cookie stores information resulting from the terminal specifically used. This, however, does not mean that your identity becomes directly known to us.
In addition we use temporary cookies, also for optimizing user friendliness, which are stored on your terminal for a specifically determined period. When you again visit our website to use our services, it is automatically recognized that you were here before and what entries and settings you used, so that you do not need to enter them again.
The data processed by cookies are required for the specified purposes in order to safeguard our legitimate interests and those of the third parties according to Art. 6 (1) sentence 1 lit. f) GDPR.
Most browsers automatically accept cookies. However, you can configure your browser in such manner that no cookies are stored on your computer or that you are always notified before a new cookie is created. However, if you fully deactivate cookies, you might not be able to use all our website functions.
We research and compile any links published on our website with utmost diligence. However, we have no control over the current and future design and content of the linked websites. We are not responsible for the content of the linked websites and do expressly not adopt the content of those websites as our own. The provider of the website to which reference is made is solely liable for any illegal, incorrect or incomplete content as well as for any damage arising from the use or failure to use the information. Any liability of the party merely pointing out the publication by providing a link is excluded. We can be held liable for third party content only if we have positive knowledge thereof, i.e. also of any potentially illegal or punishable content, and if it is technically possible and acceptable for us to prevent the use thereof.
Based on Art. 6 (1) sentence 1 lit. f) GDPR, we use Google Analytics to ensure appropriate design and continuous optimization of our webpages. We additionally use tracking measures to statistically record and analyse the use of our website for optimizing our offer for you. These interests are classified as legitimate within the meaning of the aforementioned regulation.
Google Analytics is a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised usage profiles are created and cookies used (see clause 5). The information created by the cookie regarding your use of this website, such as
• browser type/version,
• operating system used,
• Referrer-URL (the page previously visited),
• host name of the accessing computer (IP address),
• time of server request,
is transferred to a Google server in the USA and stored there. The information is used for analysing the use of the website, compiling reports on website activity and for providing other services relating to website activity and internet usage for market research purposes and for an appropriate design of these webpages. This information may also be transferred to third parties where required to do so by law, or where such third parties process the data on order. In no case will your IP address be combined with any other data held by Google. The IP addresses are anonymised to make an attribution impossible (IP masking).
You may refuse the installation of cookies by setting your browser accordingly; however, please note that in such case you may probably not be able to fully use all functions on our website.
In addition, you can prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing a browser add-on available at the link http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on, especially in the case of browsers on mobile terminals, you can also prevent the data collection by Google Analytics by clicking on the aforementioned link. An opt-out cookie will be placed which will prevent the future collection of your data when visiting our website. The opt-out cookie applies only to this browser and only for our website and is stored on your device. When you delete the cookies in this browser, you have to activate the opt-out cookie again.
Further information on data protection relating to Google Analytics can be found at the following link of Google Analytics help system: https://support.google.com/analytics/answer/6004245?hl=de
Based on Art. 6 (1) sentence 1 lit. f) GDPR, we place so-called social plug-ins of social networks on our website (e.g. Facebook, Twitter, Google+) to make our company more widely known. The underlying advertising purpose is to be classified as a legitimate interest within the meaning of the GDPR. The responsibility for operations in compliance with the data protection laws is to be guaranteed by the respective provider. We integrate these plug-ins by way of the so-called 2-click method to protect our website visitors to the best possible extent.
We use social media plug-ins of Facebook on our website to make its use more personal. For this purpose we use the “LIKE” or “SHARE” button. This feature is offered by Facebook.
When visiting a page on our website containing such plug-in, your browser will establish a direct connection with the Facebook servers. Facebook transfers the content of the plug-in directly to your browser which integrates it into the website.
By such plug-in integration, Facebook is informed that your browser visited the corresponding page on our website, even if you do not have a Facebook account or if you are not logged-in to Facebook at the moment. Your browser directly transfers this information (including your IP address) to a Facebook server in the USA and stores it there.
If you are logged-in to Facebook, Facebook can directly allocate the visit to our website to your Facebook account. When interacting with the plug-ins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also directly transferred to and stored by a Facebook server. The information is furthermore published on Facebook, clearly visible to everybody.
Facebook can use this information for advertising purposes, for market research and for needs-based design of the Facebook pages. For this purpose, Facebooks creates usage, interests and relations profiles, for example to analyse your use of our website with regard to the advertising adverts shown to you on Facebook, to inform other Facebook users about your activities on our website and to perform further services relating to the use of Facebook.
If you do not wish Facebook to allocate the data collected via our website to your Facebook account, you have to log out from Facebook before visiting our website.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your relevant rights and setting options for protecting your privacy can be retrieved from the relevant data protection statements, in particular the data policy of Facebook, which you can find at the following link: https://www.facebook.com/about/privacy/
Our website has integrated plug-ins of the short news network of Twitter Inc. (hereinafter “Twitter”). The Twitter plug-ins (tweet button) can be recognized on our website by the Twitter logo. An overview of tweet buttons can be found at the following link at Twitter: https://dev.twitter.com/web/tweet-button
When visiting a page on our website containing such plug-in, a direct connection will be established between your browser and the Twitter server. Twitter thereby receives the information that you visited our website with your IP address. When clicking on the Twitter “tweet button” while being logged in to your Twitter account, you can link the contents of our webpages with your Twitter profile. This enables Twitter to allocate the visit to our webpages to your user account. We point out that in our capacity as provider of the webpages we do not obtain any knowledge of the content of the data transferred, nor of their use by Twitter.
If you do not wish Twitter to be able to allocate the visit to our webpages, please log out from your Twitter account.
Further information in this regard can be obtained from the data protection statement of Twitter, which you can view at the following link: https://twitter.com/de/privacy
Our website uses so-called social plug-ins (“plug-ins”) of Instagram, operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA („Instagram“). The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plug-ins and on what they look like can be found at:
When visiting a page on our website containing such plug-in, your browser will establish a direct connection with the Instagram servers. Instagram transfers the content of the plug-in directly to your browser and integrates it into the website. By such integration, Instagram is informed that your browser visited the corresponding page on our website, even if you do not have an Instagram profile account or if you are not logged in to Instagram at the moment. Your browser directly transfers this information (including your IP address) to an Instagram server in the USA and stores it there.
If you are logged in to Instagram, Instagram can directly allocate the visit to our website to your Instagram account. When interacting with the plug-ins, for example by clicking the “Instagram” button, this information is also directly transferred to and stored by an Instagram server. The information is furthermore published on your Instagram account and shown to your contacts there.
The purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your relevant rights and setting options for protecting your privacy can be retrieved from the Instagram data protection statements:
If you do not wish Instagram to directly allocate the data collected via our website to your Instagram account, you have to log out from Instagram before visiting our website. You can also entirely prevent the loading of the Instagram plug-in with add-ons for your browser, for example with the script blocker “NoScript” (https://noscript.net/).
You are entitled
• according to Art. 15 GDPR to obtain information on your personal data processed by us. In particular, you can request information on the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the source of your data if not collected by us, and the existence of automated decision making, including profiling and if applicable meaningful information on details;
• according to Art. 16 GDPR to request prompt rectification of incorrect or incomplete personal data stored by us;
• according to Art. 17 GDPR to request the erasure of the personal data stored by us, unless the processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise or defence of legal claims;
• according to Art. 18 GDPR to request the restriction of processing of your personal data, insofar as you contest the accuracy of the personal data, the processing is unlawful but you oppose erasure, and we no longer need the data, but you require them to assert, exercise or defend legal claims, or you objected to the processing according to Art. 21 GDPR;
• according to Art. 20 GDPR to request to receive your personal data provided to us, in a structured, commonly used and machine-readable format or request transmission of those data to another controller;
• according to Art. 7 (3) GDPR to withdraw your consent at any time. This means that we are in the future no longer allowed to process the data based on such consent; and
• according to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule you can for this purpose contact the supervisory authority at your usual place of abode or workplace, or at our company’s registered office.
Insofar as your personal data are processed on the basis of legitimate interests according to Art. 6 (1) sentence 1 lit. f) GDPR, you are according to Art. 21 GDPR entitled to object to the processing of your personal data on grounds relating to your particular situation or if the objection is aimed at direct marketing. In the latter case you have a general right to object which we implement without statement of a particular situation.
If you wish to exercise your right to withdraw or object, you can simply send an email to:
Within the scope of the visit to our website we use the wide-spread SSL procedure (Secure Socket Layer in connection with the respective highest encryption level supported by your browser. As a rule, this is a 256 bit encryption. If your browser does not support a 256 bit encryption, we instead use 128 bit v3 technology. You can see whether an individual page of our website is transferred with encryption by means of the closed key or key symbol in the bottom status line of your browser.
Besides, we use suitable technical and organisational security measures to protect your data from accidental or intentional manipulations, partial or full loss, destruction or unauthorized access by third parties. Our security measures are constantly improved in accordance with new technological developments.
This Data Protection Statement is currently valid as at June 2018.
Owing to further development of our website and offers relating thereto, or due to changed statutory or regulatory requirements, it may become necessary to amend this Data Protection Statement. The relevant up-to-date Data Protection Statement can at any time be retrieved and printed out from our website.