Privacy policy

Privacy

Thank you for your interest in our website. As a member of the Verein sicherer und seriöser Internetshopbetreiber e. V. association, the protection of your personal data is a serious concern for us. Below we inform you transparently and in understandable language about data collection and its scope, the use of your data and your rights.

You have the right to receive information about the origin, recipient(s) and purpose of your stored personal data free of charge at any time. You also have the right to request the rectification, restriction or erasure of this data and the disclosure of this data. If you have any questions about this or about data protection, you can contact the person responsible for data processing at any time. The person responsible for data processing is named under point 1 of this privacy policy. You also have the right to lodge a complaint with the competent supervisory authority. Your rights in detail and detailed explanations can be found under point 6 of this privacy policy.

Your data is collected, stored and processed in compliance with the relevant legal regulations. Personal data is all types of data that can be used to identify you as a person.

1) Who is responsible for data processing?

Within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations, the controller is a natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (names, contact details, etc.).

Responsible for data processing on this website is

Verdeckshop.de - Cabrio-Verdecke
Holder Hubert Niemann
Am Büchsenschütz 16
D-45527 Hattingen
Email: mein@verdeckshop.de

2) What data is collected and processed on our website?

2.1.1 Automated collection of data:

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer in so-called server log files. Some of this data is technically necessary to display our website to you. It is not merged with data from other sources. The following data is collected:

The pages accessed
The browser types and versions used
The operating system used by the accessing system
The website from which an accessing system reaches our site
The date and time of access to the site
The internet service provider of the accessing computer
The internet protocol address (IP address) used

The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process data in the case of a legitimate interest. In this case, our legitimate interest is the reliable and error-free functioning of our website. This data is not processed in any other way.

2.2 Collection of personal data

2.2.1 Data collection and processing when opening a customer account and when processing a contract

If you open a customer account on our website, this is done voluntarily. Registration is not a prerequisite for concluding a contract. Data is only collected to the minimum extent necessary; the mandatory information can be recognised by the correspondingly marked input fields. The cancellation of the customer account is possible at any time and free of charge. If you wish to delete your data, please contact the person responsible for data processing. This person is named under point 1 of this privacy policy.

We only use your data for the purpose for which you have registered or for contract fulfilment. The legal basis for data processing is Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the fulfilment of a contract with you or for the implementation of a pre-contractual measure.

The customer data collected will be blocked after completion of the order, after termination of the business relationship or after cancellation of your customer account and deleted after expiry of the retention periods under tax and commercial law, unless you have consented to further use of your data.

2.2.2 Data collection and processing when using our email address or contact function

In the case of emails or messages via the contact form, we store your data until your message has been processed. The mandatory information in the contact form can be recognised by the correspondingly marked input fields. The data will only be used to process your enquiry and will be deleted once processing has been completed. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process the data in the case of a legitimate interest. Our legitimate interest in this case is responding to your message or processing your request.

In the case of emails or messages via the contact form (if available) which are aimed at initiating a contract, the retention periods under commercial and tax law of 10 years from the end of the calendar year in which the data was collected apply. After these periods have expired, the data is regularly deleted unless it is still required for the initiation or fulfilment of the contract or we have a legitimate interest in continuing to store it. The legal basis for data processing is Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the fulfilment of a contract with you or for the implementation of a pre-contractual measure.

2.2.3 Newsletter function, data processing and objection option.

2.2.3.1 You have registered for our newsletter subscription:

If you subscribe to our free newsletter, data from the registration form will be transmitted to us. The mandatory information can be recognised by the correspondingly marked input fields and is limited to the minimum required (email address). Consent to the processing of your data is obtained during the registration process and reference is made to this privacy policy. The legal basis for data processing is Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which allows us to process the data if you have consented to the processing.

The data will not be passed on to third parties, but will be used exclusively for sending newsletters. Subscription to the newsletter (your consent) can be cancelled at any time for the future. To revoke your consent, you will find a link to unsubscribe from the newsletter in every newsletter, but you can also unsubscribe directly via our website. The request to unsubscribe from the newsletter can of course also be sent directly to the person responsible for data processing. This person is named under point 1 of this privacy policy. After unsubscribing from the newsletter, the data will be deleted unless you have consented to further use or we reserve the right to further use (as explained below under 2.2.3.2), which is permitted by law.

2.2.3.2 When we send newsletters to our existing customers

If you have purchased goods or services on our website and have provided your e-mail address, we may use it to send you a newsletter, provided you have not objected to this. In such a case, the newsletter will only be used to send direct advertising for similar goods or services from our range. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process data in the case of a legitimate interest. In this case, our legitimate interest is to send you personalised advertising. You can object to the use of your data for this purpose at any time with effect for the future. To object, please contact the person responsible for data processing. This person is named under point 1 of this privacy policy.

2.3 Transfer of data to third parties for the fulfilment of the contract

2.3.1 Forwarding to shipping service providers in general and credit institution

For payment transactions and, if necessary, for the delivery of goods, we pass on personal data to service providers (third parties) to the minimum extent required, insofar as this is necessary for the fulfilment of the contract.

If we pass on your data to a shipping service provider (such as DHL, DPD, UPS Hermes or GLS), the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the fulfilment of a contract with you or for the implementation of a pre-contractual measure.

If we pass on your payment data to the commissioned credit institution, the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the fulfilment of a contract with you or for the implementation of a pre-contractual measure.

2.3.2 Forwarding of email address and/or telephone number to shipping service providers

Your e-mail address and/or telephone number will be passed on to enable the selected shipping service provider to announce the delivery or to coordinate it with you.

2.3.3 Payment service providers

On our website, you have the choice between various payment service providers. In the following, we will inform you about which data is passed on and the legal basis for this:

2.3.3.1 PayPal/PayPal Plus

If you choose this payment service provider, the data required for payment will be forwarded to PayPal (PayPal Europe, S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). The legal basis for this is Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing, and Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the fulfilment of a contract with you or for the implementation of a pre-contractual measure. You have the right to revoke your declaration of consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you select the PayPal Plus payment methods ‘credit card’, ‘invoice’, ‘direct debit’ or ‘PayPal instalment payment’, PayPal reserves the right to obtain credit information about you. A credit report may contain scoring values (=probability values). The so-called scoring values are based on a scientifically recognised mathematical-statistical procedure. Your address data is also (but not exclusively) included in the calculation of the score values.

The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows the processing of data in the case of a legitimate interest. The legitimate interest in this case is to establish your identity or solvency.

You may object to the processing of your personal data at any time. However, PayPal may still be authorised to process, use and transfer the personal data if this is necessary for PayPal to process payments in accordance with the contract, is required by law or is requested by a court or authority.

If you wish to object to the use of your data or wish to communicate changes to the stored data, you can contact PayPal directly. You can also obtain further information about PayPal's data protection provisions at the following Internet address:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN

3) What are cookies and what data are processed?

3.1 Cookies that are set by our website

Our website uses so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer. We use cookies to make our website more user-friendly for you. Some elements of our website require that the accessing browser can be identified even after a page change. For example, to save and transmit the items in your shopping basket or your login information. Most of the cookies we use are so-called ‘session cookies’, which are automatically deleted after the browser is closed. Some cookies remain stored on your device and allow you to be recognised the next time you visit the site (so-called persistent cookies). These are automatically deleted after a specified period of time. You can find more detailed information on individual cookies in your browser settings.

The legal basis for data processing is either Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing, or Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the fulfilment of a contract with you or for the implementation of a pre-contractual measure, or Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the case of a legitimate interest. In this case, our legitimate interest is to offer you a technically error-free and functionally optimised website.

If we store other cookies (e.g. from partner companies or to analyse your surfing behaviour) on your device, we will inform you about this in detail below.

You can set your browser so that you are informed about the setting of cookies and then only allow these cookies in individual cases. You can also generally exclude the acceptance of cookies or only accept them in certain cases. You can also set your browser to delete cookies once you close the browser window. The setting options differ depending on the browser. You can find help on the possible settings (for the most common browsers) under the following links:

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Please note that if you do not accept cookies, the functionality of our website may be significantly restricted.

3.2 Comment functions on our website

Are not used by us

3.3 Web analytics/marketing

Not used by us.

3.4 Social media/plugins

Not used by us.

4) How is the data backed up?

The transmission of personal data is exclusively encrypted via an SSL or TLS connection. This applies both to messages via our contact function and to data relating to your order and payment transactions. Encryption means that your sensitive personal data cannot be intercepted and viewed by unauthorised third parties. You can recognise an encrypted connection by the fact that the address line of the browser begins with ‘https://’ (and by the lock symbol in the browser line).

The data stored in the systems of our website are protected by passwords and cannot be viewed by unauthorised third parties.

Data transmission on the Internet, for example when sending an email, is not 100% secure and may in some cases have security gaps.

5) How long will the personal data be stored?

How long your personal data is stored by us depends on the respective statutory retention period. In the case of messages via our contact function and/or via our email address, your data will be deleted after processing has been completed, unless we have a legitimate interest in continuing to store it.

The retention periods under commercial and tax law are 10 years from the end of the calendar year in which the data was collected. After these periods have expired, the data is regularly deleted unless it is still required for the initiation or fulfilment of the contract or we have a legitimate interest in continuing to store it.

6) What rights do you have vis-à-vis the data controller?

Below we list the rights that you have under the General Data Protection Regulation (GDPR) vis-à-vis the data controller. The controller is named under point 1 of this privacy policy. If your personal data is processed, you are a ‘data subject’ within the meaning of the General Data Protection Regulation (GDPR).

6.1 Your right to information in accordance with Art. 15 General Data Protection Regulation (GDPR)

You can request information from the data controller as to whether your personal data is being processed. If such processing is taking place, you can also request the following information: the purposes for which the personal data are being processed; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; the envisaged period for which the personal data concerning you will be stored, or, if no specific information is available, the criteria used to determine that period; the existence of a right to rectification or erasure of personal data concerning you, the existence of a right to restriction of processing by the controller or a right to object to such processing; the existence of a right to lodge a complaint with a supervisory authority (the competent authority is the data protection officer of the federal state in which We are based - addresses and links can be found here ); all available information on the origin of the data if the personal data are not collected from the data subject (i.e. you); the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 of the General Data Protection Regulation (GDPR) in connection with the transfer.

6.2 Your right to rectification in accordance with Article 16 of the General Data Protection Regulation (GDPR)

You have a right to immediate rectification and/or completion vis-à-vis the data controller if the processed personal data concerning you is incorrect or incomplete.

6.3 Your right to erasure in accordance with Art. 17 General Data Protection Regulation (GDPR)

You can demand from the data controller that the personal data concerning you be deleted immediately, and the data controller is obliged to delete this personal data immediately if one of the reasons under Art. 17 para. 1 GDPR applies.

The right to erasure does not exist if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

6.4 Your right to restriction of processing in accordance with Art. 18 General Data Protection Regulation (GDPR)

You have the right to obtain from the controller restriction of processing where the accuracy of the personal data concerning you is contested, you oppose the erasure of the personal data and request the restriction of their use instead, the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or if you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

6.5 Your right to information in accordance with Art. 19 of the General Data Protection Regulation (GDPR)

If you have asserted the right to rectification, erasure or restriction of processing against the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

6.6 Your right to data portability in accordance with Art. 20 General Data Protection Regulation (GDPR)

You have the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the data controller to which the personal data have been provided, where technically feasible.

This right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

The right to data portability must not adversely affect the rights and freedoms of others.

6.7 Your right to revoke declarations of consent granted in accordance with Art. 77 of the General Data Protection Regulation (GDPR)

You have the right to revoke your declaration of consent under data protection law at any time with effect for the future. In the event of revocation, the data concerned will be deleted immediately, provided that there is no legal basis for further processing that does not require consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

6.8 Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller, is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in 6.8.1 and 6.8.3, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

6.9 Your right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

6.10 RIGHT OF OBJECTION

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, with effect for the future; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.