Adjust cookie settings:
Thank you for visiting our website. The following privacy statement is intended to inform you about how we handle your data in accordance with Article 13 of the EU General Data Protection Regulation (GDPR).
A range of personal data is collected when you use this website. The following statement explains what data we process and why, i.e. the purpose for processing this data.
The controller, i.e. the entity responsible for the data processing described here, is named in the website legal notice.
When you visit our website, your browser will relay certain information to us. This “usage data” is temporarily stored on our web server and analysed in server log files for statistical purposes. We use this data based on Art. 6 (1) 1st sentence (f) GDPR so that we can enhance the quality of our website – especially to improve it in terms of stability and security.
Such a dataset consists of
• Name and address of the requested content;
• Date and time of the request;
• Data volume transferred;
• Access status (content transferred, content not found);
• Description of the web browser and operating system used;
• Referral URL, which indicates the website you visited prior to visiting our website;
• IP address of the requesting computer, which is truncated such that any connection to any person is no longer possible.
The aforementioned log data is only analysed anonymously.
In addition, to protect the security of our web server, the full (non-truncated) IP address is stored for seven days strictly for this specific purpose. This operation is based on Art. 6 (1) 1st sentence (f) GDPR, and is done so as part of our interest in detecting, localising, and eliminating attacks on our website. Once this time period has elapsed we will delete or anonymise the IP address.
To protect your data from unauthorised access as comprehensively as possible, we also implement technical and organisational measures. Our website uses TLS encryption to create secure connections for the transfer of data. You can generally recognise this by checking to the status bar of your browser to see if the padlock symbol is closed and the address line starts with https://.
The majority of cookies we use are session cookies; these are automatically deleted at the end of your visit. Other cookies (known as “permanent” cookies) remain stored on your device until you delete them. These cookies allow us to recognise you and your browser the next time you visit our website.
We do not use these necessary cookies for analysis or tracking purposes, i.e. they do not collect any information about you for marketing purposes, nor do they record what individual pages you visit.
Sometimes cookies only contain information about certain settings, and cannot establish any reference to a particular person. They may also be necessary for the navigation, security, and realisation of the website. Our use of all these cookies is based on Art. 6 (1) 1st sentence (f) GDPR.
You can configure your browser so that it notifies you about the placement of cookies. This makes the placement of cookies transparent to you. You can also use the relevant settings of your browser at any time to delete cookies and block the placement of new ones. Please note this may mean that our website will then no longer be displayed properly and certain functions may become unavailable.
|Provider||Purpose||Period of storage||Appropriate level of data protection|
|OneTrust||Content management system provider||1 year||Processing solely within the EU/EEA|
Tracking for analysis and marketing purposes
In order to design our website appropriately, we create pseudonymous usage profiles using various web analysis tools. In this connection, we use cross-device tracking technologies so that you can be shown targeted advertising on other internet sites based on your visit to our website, and we are able to ascertain the level of effectiveness of our marketing activities.
Our web analysis is supported by the following third-party providers:
• Google Ireland Limited – an affiliated company of Google LLC. (USA) – (“Google”) as processor within the definition of Art. 28 GDPR;
• Aut O’Mattic A8C Ireland Ltd. (for the service: Jetpack);
• Meta Platforms, Inc. (for the service: Facebook Connect).
In some cases, data processing may take place outside of the EU or the EEA (for details, see ‘Issue and withdrawal of consent’). Through this we are able to commission the third-party providers to display advertising based our webpages as visited by you.
When you visit our website, third-party providers will, on our behalf, invoke certain identifying characteristics for your browser or terminal device (such as a “browser fingerprint”), analyse your IP address, store or evaluate identifying characteristics on your terminal device (e.g. permanent cookies), or gain access to individual tracking pixels.
Therefore, if a defined characteristic is created there specifically for your laptop, desktop PC, smartphone, or tablet, for example, these individual characteristics can be matched to one another. This enables our third-party providers to purposefully manage our advertising campaigns even across a number of terminal devices.
Third-party use of information
However, the aforementioned providers may also, under their own responsibility, use this information for their own purposes (e.g. for profiling or linking it to existing user accounts) if you use a service offered by the third-party vendor with your login data. We have no personal control over the specific purposes and the scope of this data processing (further information can be found at www.google.de/intl/de/policies/privacy and at https://automattic.com/privacy and https://www.facebook.com/privacy/policy, for example). If you use your own user details to log in with the third-party vendor, the various identifying characteristics of various browsers and terminal devices can be linked with one another.
Level of data protection and withdrawal of consent
With regard to Google LLC and Meta Platforms, Inc., an adequate level of data protection is ensured through corresponding participation in the EU-U.S. Data Privacy Framework (“DPF”) in accordance with Art. 45 (1) GDPR.
The processing of your data is generally based on your consent insofar as you have issued such consent through our banner. You may withdraw your consent at any time. To do so, please use the link below and enter the appropriate settings through our banner.
We collect the following data via our shop in order to process your purchase order and arrange the delivery of the goods as ordered: First name, surname, address, postal code, and town/city.
Your telephone number will also be saved so that we can contact you if the goods you ordered become unavailable at short notice, or if we have any urgent queries regarding the delivery address or processing of payment. We use your email address to update you on the current status of your order and to invoice you.
The handling of payments is assigned to various service providers, and we will forward your payment information to them (date of purchase order, article number, payment method, invoice total). The following payment service providers are directly responsible for delivering their services in accordance with data protection regulations.
Instant transfer (Klarna Bank AB, German Branch, Chausseestraße 117, 10115 Berlin) and giropay (paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt/Main) are other available online payment methods which are processed similarly to an online bank transfer and which are verified using your online banking login details. These service providers give an assurance that the relevant payment information is transferred using state-of-the-art encryption and that this data cannot be seen by these providers nor any other third parties. Further information is available at https://www.klarna.com/sofort/ and https://www.giropay.de/kunden/hilfe.html.
Personal information provided by you in connection with a purchase order will be solely used for performing the relevant contract in accordance with Art. 6 (1) 1st sentence (b) GDPR.
Integration of external fonts
We use external third-party fonts to ensure our webpages are displayed uniformly (“web fonts”); these fonts are provided by the providers named below. When invoking a page, your browser automatically loads the requisite fonts to your memory so that text and fonts are displayed correctly.
Through this process, the third-party vendor is informed that you have invoked our page, and they also receive the technical usage data needed in this connection. We have no control over any subsequent processing of data by the third-party vendor.
The processing of this data is performed on the basis of your consent, insofar as you have issued such consent through our banner.
Please note that the use of third-party content and functions may mean that your data is processed outside the EU or the EEA. In some countries this creates the risk that authorities will access this data for security and surveillance purposes without you receiving any notification thereof or having the opportunity to file a legal objection. In the event that we use the services of providers based in non-secure third countries and you consent to the transfer of data to an non-secure third country, the transfer is based on Art. 49 (1) (a) GDPR.
|Provider||Technical function or content||Maximum period of storage||Transfer of data to third countries based on providers’ information and assurance of an adequate level of data protection|
|Google LLC (USA)||Google Fonts||Participation in the EU-U.S. Data Privacy Framework (“DPF”) under Art. 45 (1) GDPR|
Your rights as a data subject
As a data subject, the GDPR affords you certain rights in connection with the processing of your personal data:
Right of access (Art. 15 GDPR)
You have the right to be informed, free of charge, regarding your personal data stored by us, as well as the origins, recipients and the purpose of processing this data, together with the information described in detail in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you, and to have any incomplete personal data completed.
Right to erasure (Art. 17 GDPR)
You have the right to demand erasure without delay of personal data concerning you if one of the reasons listed in Art. 17 GDPR applies, for example if the data is no longer necessary for the purposes for which it was collected.
Right to restriction of processing (Art. 18 GDPR)
You have the right to demand restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have raised an objection against the processing and this is currently being reviewed by the controller.
Right to data portability (Art. 20 GDPR)
In certain situations described in Art. 20 GDPR you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to have this data transmitted to a third party, e.g. if you personally created a user account on our website.
Right to withdraw consent (Art. 7 GDPR)
Insofar as the processing of data is performed on the basis of your consent, you have the right under Art. 7 (3) GDPR to withdraw your consent to the use of your personal data at any time. Please note that the withdrawal will not affect data processing that has already been performed. Data processing activities performed prior to the cancellation of the consent are not affected.
Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 (1) 1st sentence (f) GDPR (processing of data to uphold a legitimate interest) or on the basis of Art. 6 (1) 1st sentence (e) GDPR (performance of a task carried out in the public interest or in the exercise of official authority), you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection law. The right to lodge a complaint may, in particular, be exercised through the supervisory authority of your habitual residence or of our registered address (The State Commissioner for Data Protection of Lower Saxony (“Landesbeauftragte für den Datenschutz”), Prinzenstraße 5, 30159 Hanover, tel: +49(0)511-120-4500, fax: +49(0)511-120-4599, email: firstname.lastname@example.org).
Exercising your rights
Unless otherwise described above, to exercise your rights as a data subject please contact the entity named in the website legal notice.
Contact details of our Data Protection Officer
If you require any information regarding data protection, please do not hesitate to contact our Data Protection Officer, whose contact details are as follows:
Kesseböhmer Holding KG
Mindener Straße 208
49152 Bad Essen
When contacting our Data Protection Officer, please also state the data controller as specified in the website legal notice.