Last revised: February 25th, 2019
Data privacy is important to us and your trust is our highest priority! Hence, we always handle your personal data confidentially and naturally adhere to any relevant data protection laws. We only use your personal data insofar as is legally permitted or consented to by you.
This privacy informs you about:
- The manner in which we handle personal data on the internet.
- Which type of information is collected and processed.
- If and how this data is used, shared or otherwise processed.
This policy applies to any data processing by us as controller according to Art. 4 (7) General Data Protection Regulation (GDPR).
You may contact us at:
Court of registry: Steinfurt Local Court ("Amtsgericht")
Commercial register no: HRB 4157
CEO: Markus Knäpper
VAT no: DE124395396
Contact: E-Mail: email@example.com
Phone: +49 (0) 25 72 - 93 51 -0
Fax: +49 (0) 25 72 - 93 51 -24
3. Date Protection Officer
The Data Protection Officer appointed by us can be reached at:
comp/lex – Datenschutzbeauftragte
Rechtsanwalt Dr. Jochen Notholt
Fax: +49 (0) 89 – 41 61 42 95-9
Insofar as this policy does not contain or imply deviating definitions all terms mentioned herein are used as defined by Art. 4 GDPR.
5. Processing of Personal Data
1. For contact Purposes
When you contact us (e.g. via E-Mail, contact form or phone, etc.), we require your personal data (e.g. title, name, e-mail address, etc.) in order to process and respond to your inquiry or request. These personal data may be stored in a CRM (Customer Relationship Management) system or comparable systems for the purpose of organising inquiries. In any such case, personal data will be processed in accordance with Art. 6 (1) b) GDPR. When no longer needed, we will delete the inquiries or – where legally mandated preservation obligations apply – restrict processing. Necessity of data preservation is reviewed every six months.
2. When Accessing Our Website
When accessing our website, i.e. when you are not registering with us or providing us with information in another way, we will only collect personal data as transmitted to our servers by your browser. If you want to view our website, we only collect data that are technically required for displaying our website. In such cases, data shall be processed in accordance with Art. 6 (1) f) GDPR.
- IP address
- date and time of access
- timezone difference from Greenwich Mean Time (GMT)
- specific page accessed
- HTTP status code
- data volume transferred
- website sending the request
- operating system and its user interface
- language and version of browser used
3. When ordering from Our Online Shop
When ordering from our online shop, we collect the following data from you for the purpose of fulfilling our contractual obligations:
- Master data
- Company name
- Phone number
- E-Mail address
- Contractual data
- Services used
- Goods ordered
- Contact information (if applicable)
- Phone number
- E-Mail address
- Payment information in cases where we received SEPA direct depit mandate
- Account holder
- Information pertaining to the bank
Insofar as this entails personal data, data are processed in accordance with Art. 6 (1) b) GDPR for the purpose of fulfilling our contractual duties.
We delete these data as soon as we no longer require them to fulfil our contractual duties and legally prescribed obligations to preserve records have expired. We review necessity of data preservation every six months.
4. Credit Risk Assessment by Creditreform
In cases of advance delivery, we retain the right to perform a credit risk rating via Creditreform. To this end, we transmit the name and address of your company (which may include personally identifiable data) and, if required, other company data for the purpose of performing credit risk assessment to Creditreform (Creditreform Münster Riegel & Riegel, Scharnhorststraße 46, 48151 Münster). Creditreform uses these data to provide us with a credit risk assessment. Insofar as data transmitted to Creditreform includes personally identifiable data, these are processed on the basis of our legitimate interest to minimise risk of payment default according to Art. 6 (1) f) GDPR.
We use the statistics-based information regarding the likelihood of payment default provided by Creditreform to determine whether we will enter into, fulfil or terminate a contract with you. Creditreform’s assessment of your credit risk can include probability values (so-called score values). If and insofar as score values are included in the assessment of a person’s credit risk, these are based on a scientifically validated mathematical-statistical procedure. According to Creditreform, calculation of score values factors in address data in addition to further information. All personal rights and freedoms will be protected and personal data will be processed pursuant to legislation.
Further information about Creditreform´s data processing is available at: https://www.creditreform-muenster.de/EU-DSGVO/.
5. Payment via Credit Card
Credit card payment will be handled by our banking institution, VR-Bank Kreis Steinfurt eG, Matthiasstraße 30, 48431 Rheine. In case of credit card payment, we transfer the following data to VR-Bank Kreis Steinfurt eG:
- Credit card number
- Card Owner
- Expiry date (month and year)
Data transfer for payment processing according to Art. 6 (1b) GDPR. We only transfer data inasmuch as is necessary for processing payment.
6. When Registering for Our Newsletter
You may consent to subscribing to our newsletter, with which we keep you up to date with our latest interesting offers.
We use a so-called double-opt-in procedure for registering for our newsletter. This means that we will send an e-mail to the address entered, in which we ask you to confirm your subscription to our newsletter. If you do not confirm your subscription within 24 hours, your data will be locked and automatically deleted after one month. Furthermore, we store your IP address and time of registration as well as time of confirmation in order to prove your consent and if necessary investigate potential misuse of personal data.
Entering your e-mail address, title and name is required for subscribing to the newsletter. Upon receiving your confirmation we store your e-mail address for delivering the newsletter according to art. 6 par. 1 subpar. 1 lit. a GDPR.
Right of Revocation: You may revoke your consent for the transmission of the newsletter at any time and cancel your subscription. Revocation may be effected by clicking the link at the bottom of every newsletter e-mail, or by informing the contact provided in the imprint.
We employ technology provided by Evalanche to deliver the newsletter and analyse your usage of the newsletter. For these purposes, we transmit the data you provided when registering for newsletter (title, name and e-mail address) to Evalanche (SC-Networks GmbH, Enzianstraße 2, D-82319 Starnberg).
For the purpose of analysis, the newsletter e-mails contain so-called web beacons, also known as tracking pixels. These are image files, 1 pixel by 1 pixel in size, that link to and are retrieved from our website. During retrieval, technical information like browser and system information as well as IP address and time of download are collected. This information is used for technical improvements to the service based on the technical information or for identifying target audiences and their reading behaviour based on place of retrieval (determinable via IP address) or time of access. Statistical analysis in includes determining whether newsletters are opened, when they are opened and which links are clicked. This information may be attributable to individual newsletter subscribers. However, it is neither our intent, nor that of our dispatch service to monitor individual users. Analysis is much rather used to observe reading behaviours of our users and adapt our content accordingly or send different content according to our users’ interests. Evalanche stores data collected in this manner on a server in Germany.
Right to Object: You may object to these tracking procedures at any time by clicking the link at the bottom of every e-mail or by informing us of your objection by using the contact information provided in section 2. of this policy. Data is stored for the duration of your subscription. Tracking is also made impossible by disabling the displaying of images contained in e-mails in your e-mail client. In this case, the newsletter is not displayed correctly, however, and you may not be able to use all functions of the newsletter. When displaying images manually, usage of the newsletter will be tracked.
Using a dispatch service, effecting statistical analyses as well as analyses and recording registration are based on our legitimate interest according to Art. 6 (1f) GDPR. Our interest lies in providing a user-friendly and secure newsletter service, which serves our business goals equally as well as it meets users’ expectations.
7. Usage Analysis by Google Analytics
We use technology by Google Analytics to analyse usage of our services. Hence, we transfer the following data for purpose of analysis to Google in the USA (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA):
- IP address
- date and time of request
- time zone difference to Greenwich Mean Time (GMT)
- specific page accessed
- HTTP status code
- data volume transferred
- website sending the request
- operating system and user interface
- language and version of browser used
- device information
- window and display resolution
- approximate location
- viewing duration
- features and functionality used on the website
Google analyses data regarding your usage of our website on our behalf to create reports about usage of our online services and to provide us with further services connected to usage of these services and the internet. To this end, cookies are used to identify your browser and from the collected data, pseudonymous user profiles may be created. These data are required for us to ensure and further improve stability and security of the website. Basis for data processing is Art. 6 (1f) GDPR.
Google stores these data for us for a period of 24 months as instructed by us.
Google is certified for the EU-US Privacy Shield treaty: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.
We only employ Google Analytics with active IP anonymisation. This means that only a shortened version of your IP address will be transmitted by Google within EU member states or in states belonging to the European Economic Area. The full IP will only be transmitted to the US and subsequently shortened in exceptional cases.
Google will not link the IP address collected from the browser with other data.
Right to Object: To prevent cookies from being stored on your computer, you may set up your internet browser to disable cookies or to delete existing cookies. Disabling all cookies may lead to impaired functionality of our website. Furthermore, you may prevent usage data collected by the cookie from being transferred to Google by downloading and installing the browser plug-in available at this URL: http://tools.google.com/dlpage/gaoptout?hl=de.
Right to Object: You may object to the creation of a pseudonymous user profile at any time with effect for the future. If you want to make use of your right to object, you may send an e-mail to firstname.lastname@example.org or alternatively use the contact information provided in Section 2.
Further information about data processing by Google, settings and rights to object are available on Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“Advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).
8. Usage Analysis by Matomo
We employ the web analytics software Matomo (www.matomo.org, formerly Piwik), a service offered by InnoCraft Ltd., 150 Willis St., 6011 Wellington, New Zealand, to analyse how our service is used. For purpose of analysis, we process data that might be personally identifiable (e.g. anonymised IP address, date and time of request, operating system, website sending the request) with this tool.
To this end, cookies are used to identify your browser and a pseudonymised user profile can be created from the collected data.
Right to Object: If you do not consent to preservation and analysis of the data gathered during your visit to our sites, you may object at any time by unchecking the box below. If you do so, we store a so-called opt-out cookie in your browser, which prevents Matomo from collecting session data. Please note that deleting all your cookies also deletes the opt-out cookie, which will then have to be activated again.
6. Erasure of Data
Data processed by us is erased according to Art. 17 GDPR or processing will be limited according to Art. 18 GDPR.
Unless otherwise stipulated in this policy, processed data will be deleted once they are no longer required for their intended purpose and no legal requirement to preserve data exists. Necessity of data preservation is reviewed every six months. If data are not deleted because they are required for other, legally permitted purposes, processing will be limited. That means data will be locked and not used. For example, this applies to data that are mandated to be kept by commercial or tax law.
Under German law, trading books, inventories, opening balances, statutory accounts, commercial correspondence, account vouchers, etc. have to be preserved for six years according to Art. 257 (1) HGB (Handelsgesetzbuch, German Commercial Code). Furthermore, according to Art. 147 (1) AO (Abgabenordnung, General Fiscal Law), accounts, business records, management reports, account vouchers, commercial correspondence as well as tax-related documents have to be kept for ten years.
7. Rights of the Sata Subject
You have the right:
- according to Art. 15 GDPR to obtain information concerning your personal data. In particular, you may obtain information on purposes of processing, category of personal data concerned, recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, to request rectification or erasure of personal data or restriction of processing or to object to such processing, to lodge a complaint, where the data is not collected from you, to obtain any available information as to their source, to obtain information concerning existence of automated decision-making, including profiling and meaningful information about the logic involved.
- according to Art. 16 GDPR to obtain rectification of inaccurate personal data without undue delay.
- according to Art. 17 GDPR to obtain erasure of personal data as long as processing of data is not required for exercising the right of freedom of expression and information or for complying with a legal obligation or for reasons of public interest or for establishment, exercise or defence of a legal claim.
- according to Art. 18 GDPR to obtain restriction of processing of the personal data you provided if you contest the accuracy, if the processing is unlawful but you oppose the erasure of the data and instead request the restriction of their use and we no longer need the personal data but you require them for the establishment, exercise or defence of legal claims or you have objected to processing according to Art. 21 GDPR.
- according to Art. 20 GDPR to obtain the data provided to us by you in a structured, commonly used an machine-readble format and to have the personal data transmitted directly from us to another controller.
- according to Art. 7 (3) GDPR to revoke your consent at any time. This means that processing that was based on this consent shall not be permitted in the future and
- according to Art. 77 GDPR the right to lodge a complaint with a supervisory authority. Ordinarily, you can contact the supervisory authority of your place of habitual residence or place of work or our company domicile.
8. Right of Revocation and Right to Object
1. Revocation of Consen
Should we be processing your personal data based on your consent according to Art. 6 (1a) GDPR, you have the right to withdraw your consent at any time with effect for the future, according to Art. 7 (3) GDPR.
If you wish to make use of your right to withdraw your consent, you may inform us via e-mail to email@example.com. Alternatively, you may use the contact information provided in Section 2.
2. Right to Object to Processing Based on Legimitade Interest
Insofar as we process your personal data based on our legitimate interest according to Art. 6 (1f) GDPR, you have the right to object to processing of your personal data, based on grounds relating to your particular situation or if the objection is directed against processing for direct marketing purposes, according to Art. 21 GDPR. In the latter case, you have a general right to object which we will adhere to without the need to cite a particular situation.
If you wish to make use of your right to object, you may inform us via e-mail to firstname.lastname@example.org. Alternatively, you may use the contact information provided in Section 2.
9. Security Measures
We implement organisational, contractual and technical security measures according to the state of technology to ensure that regulations concerning data protection are adhered to and to safeguard the data collected by us against accidental or deliberate manipulation, loss, destruction or unauthorised access. These measures include encrypted transmission of data between your browser and our server.
10. Final Provisions
We retain the right to change our data protection policy if new technologies or changes in our data processing procedures necessitate alterations or to adapt to changes to the applicable legislation. This applies only to this data protection policy. As far as we are processing your personal data based on your consent or parts of the data protection policy contain stipulations affecting contractual relations with you, possible changes will only be effected with your consent.
The most current version of our data protection policy is available at https://en.econconnect.de/data-privacy.