Privacy Policy

Status: July 2018

This data protection declaration explains to you the type, scope and purpose of the processing of your personal data (hereinafter referred to as “data”) by us and your rights in this regard.

1. Who is responsible for data processing and who can I contact

Responsible within the meaning of the General Data Protection Regulation is:

HARATECH GmbH
Dillingerstr. 6
DE-89415 Lauingen

Managing director: Brigitte Gruber

Phone: 09072701169
Fax: 032226881708

Email: [email protected]
Website: www.harastuhl.de

If you would like to object to the collection, processing or use of your data in accordance with the data protection regulations as a whole or for individual measures, send your objection to the above address or by email to the above email address.

2. On what legal basis do we process your data

First of all, we will inform you of the legal basis of our data processing in accordance with Art. 13 GDPR. If the legal basis is not expressly mentioned in this data protection declaration, the following applies: If you have given your consent to the processing of your personal data, the legal basis is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the processing takes place for fulfillment Our services and implementation of contractual measures as well as answering inquiries is the legal basis of Art. 6 Para. 1 lit. b GDPR; if processing is carried out to fulfill our legal obligations, the legal basis is Art. 6 Para The legal basis for safeguarding our legitimate interests is Art. 1 Para. 6 lit.f GDPR. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 1 (6) (d) GDPR serves as the legal basis.

If processing takes place on the basis of your consent, you can revoke this at any time with effect for the future. You can send your revocation by post to the above address or by email to the above email address.

In the event that we disclose data to other persons and companies (contract processors or third parties) as part of our processing, transmit data to them or otherwise grant them access to the data, this is done exclusively on the basis of legal permission (e.g. if a transmission of the Data to third parties, such as payment service providers in accordance with Art. 6 Paragraph 1 lit. etc. in accordance with Art 6 Para. 1 lit. C GDPR).

In the event that we commission third parties to process data, this is done on the basis of Art. 28 GDPR. (so-called "order processing").

3. Which data are processed

3.1 Order process

When you place an order via our website, we collect your first and last name, your address, your date of birth, your e-mail address or your telephone number (contact details) and, depending on the selected payment method, your bank details or your credit card details (bank details). In addition, we collect the data on your order, i.e. which products you have ordered and at what price (order data). We need this data to fulfill the contractual relationship, i.e. to send you the goods you have ordered and in return to settle our purchase price claim. If you place an order via our website, your contact and order data will be passed on to our internal ordering department and accounting department as well as to our supplier (DHL). Depending on the payment method you have chosen, we will pass on your bank details to the commissioned payment service provider as part of the processing of payments. Further information on the individual payment service providers can be found at Numeral 9 of this data protection declaration.

This processing takes place in order to fulfill our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR.

When using our online services, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the users in protection against misuse and other unauthorized use. This data is generally not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (c) GDPR. The data is deleted after the expiry of statutory warranty and comparable obligations; the necessity of storing the data is checked every three years; In the case of the statutory archiving obligations, the deletion takes place after their expiry. Information in any customer account remains until it is deleted. The IP addresses are anonymized or deleted after 7 days at the latest.

3.2 Cookies

We use cookies on our website. This is done in order to be able to assign inquiries and requirements of the interested party. Cookies are small text files that are stored on your computer system. The use of cookies enables us to measure the frequency of page views and general navigation. We would like to point out that some of these cookies are transferred from our server to your computer system, mostly so-called “session cookies”. “Session cookies” are characterized by the fact that they are automatically deleted from your hard drive at the end of the browser session. Other cookies remain on your computer system and enable us to recognize your computer system on your next visit (so-called permanent cookies). If your browser allows this, you can reject cookies at any time. Please note that certain functions of this website may not be able to be used or only to a limited extent if your browser is set in such a way that no cookies (from our website) are accepted.

3.3 Hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer. For these purposes, we or our hosting provider process your data on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).

3.4 Collection of access data and log files

We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 Paragraph 1 lit. The access data includes the date and time of the retrieval, the name of the retrieved website, the amount of data transferred, the notification of successful retrieval, the browser type and version, the user's operating system, the previously visited page (so-called "referrer URL"), the IP -Address and the requesting provider. Log file information is stored for a maximum of 7 days and then deleted. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.

3.5 Contact

When you contact us (e.g. via the contact form, email, telephone or via social media), your details (name, email address, telephone number) will be used to process and process the contact request in accordance with Art. 6 Para. 1 lit b) GDPR processed in connection with the consent you have given.

You can revoke this consent at any time without giving reasons. An informal e-mail to us is sufficient. The legality of the data processing operations carried out before the revocation remains unaffected by the revocation.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected. We do not pass on this data without your consent.

4. How secure is my data

For security reasons, all data that you provide to us are encrypted and transmitted using the SSL (Secure Socket Layer) method. SSL is a tried and tested encryption system that is used around the world, with the help of which your browser automatically encrypts your data before it is sent to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

5. What rights do I have as a data subject?

You can anytime

  • in accordance with Art. 15 GDPR, receive information about the data you have stored or processed by us
  • Request correction in accordance with Art. 16 GDPR or the deletion of your data in accordance with Art. 17 GDPR
  • request restriction of the processing of your data in accordance with Art. 18 GDPR
  • object to the processing of your data in accordance with Art. 21 GDPR
  • demand the portability of your data in accordance with Art. 20 GDPR
  • Submit a complaint to the data protection supervisory authority in accordance with Art. 77 GDPR. Your competent supervisory authority is that of your place of residence. A list of the supervisory authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

6. right to

If we process your personal data on the basis of our predominant legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for this that arise from your particular situation or that you object to direct mail. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to make use of your right of objection, an e-mail to the e-mail address of the person responsible for data processing is sufficient.

7. How long will my data be saved?

The data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. As soon as the data is no longer required for its intended purpose and the deletion does not conflict with any statutory retention requirements, the data stored by us will be deleted. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons. According to legal requirements in Germany, the storage takes place in particular for 6 years according to § 257 Abs. 1 HGB and for 10 years according to § 147 Abs. 1 AO.

8. Which services and content of third parties are integrated?

We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. Integrate services such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to your browser without the IP address. The IP address is therefore required to display this content. If you want to prevent the transmission of data to third party providers, you have the option of deactivating the respective service. To do this, you have to deactivate the JavaScript function in your browser.

The following third-party services and content are integrated into our website:

8.1 Google Analytics with anonymization function

We use the web analysis service Google Analytics from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (hereinafter "Google").

Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it will comply with European data protection law. You can find more information on the Privacy Shield Agreement here:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google Analytics uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile statistics on the activities within our online offer and to provide us with other services related to the use of this online offer and the internet. In doing so, pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user's browser will not be merged with other Google data.

Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de

However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain, delete your cookies in this browser, you have to click this link again):

disable Google Analytics

For more information, please refer to the Google Privacy Policy:

https://www.google.com/policies/privacy/

8.2 Google Fonts

This site uses so-called web fonts from the provider Google for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. If you want to prevent the transfer of data to Google, you have the option of deactivating the service. To do this, you have to deactivate the JavaScript function in your browser.

For more information, please refer to the Google Privacy Policy:

https://www.google.com/policies/privacy/

Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it will comply with European data protection law. You can find more information on the Privacy Shield Agreement here:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The use of Google Web Fonts takes place in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.

8.3 Font Awesome

This page uses so-called web fonts, which are provided by Fonticons, Inc. for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For more information, please refer to the Fonticons privacy policy:

https://fontawesome.com/privacy

Font Awesome is used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.

8.4 Google Maps

We incorporate content from the online map service “Google Maps” from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy findability of our company. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. We have no influence on this data transfer.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it will comply with European data protection law. You can find more information on the Privacy Shield Agreement here:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

You can find more information on handling user data in Google's privacy policy:

https://www.google.de/intl/de/policies/privacy/.

9. Payment service provider

Depending on the payment method you have chosen, on the basis of Art. 6 Para. 1 lit b. GDPR. In order to fulfill our contractual obligations and services, your bank details will be forwarded to the following payment service provider as part of the processing of payments:

9.1 PayPal

When paying via the payment method “PayPal” or “PayPal Express”, your data will be transmitted to PayPal. PayPal is an offer from PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the function of an online payment service provider and trustee and offers buyer protection services.

The personal data transmitted to PayPal are first and last name, gender, address, telephone number, IP address, email address, or other data that are required for order processing, as well as data that is related to the order, such as the number of items, item number, invoice amount, taxes in percent and invoice information. In addition, PayPal is also sent the name of the person whose PayPal account is used to make the payment.

This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and to protect against payment default and fraud.

Please also note that PayPal can pass on your personal data to service providers, subcontractors or other affiliated companies, insofar as this is necessary to fulfill the contractual obligations from your order or the personal data are to be processed on behalf of.

For the purpose of its own credit check, PayPal transmits this data to credit agencies and receives information from them and, if necessary, credit information on the basis of mathematical-statistical procedures (probability or score values), the calculation of which includes address data, among other things.

In Germany, these can be the following credit reporting agencies:

  • Accumio Finance Services GmbH, PO Box 11 02 54, 30099 Hanover
  • Credireform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss
  • Bürgel Wirtschaftsinformationen GmbH & Co. KG, Gasstrasse 28, 22761 Hamburg
  • SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden
  • Infoscore Consumer Data GmbH, Rheinstrasse 99, 76532 Baden-Baden

You can find the applicable data protection provisions of PayPal here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

This processing takes place in order to fulfill our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR.