Privacy policy
Status: July 2018
This data protection declaration explains to you the type, scope and purpose of the processing of your personal data (hereinafter referred to as “data”) by us and your rights in this regard.
1. Who is responsible for data processing and who can I contact
Responsible in terms of the General Data Protection Regulation is:
HARATECH GmbH
Dillingerstr.6
DE-89415 Lauingen
Managing Director: Wolfgang Gruber
Phone: 09072701169
Fax: 032226881708
E-Mail: [email protected]
Website: www.harastuhl.de
If you wish to object to the collection, processing or use of your data in accordance with the data protection regulations as a whole or for individual measures, send your objection to the above address or by e-mail to the above e-mail address.
2. On what legal basis do we process your data
First of all, in accordance with Art. 13 GDPR, we will inform you below about the legal basis for our data processing. If the legal basis is not expressly mentioned in this data protection declaration, the following applies: If you have given your consent to the processing of your personal data, the legal basis is Art. 6 (1) lit. a and Art Our services and implementation of contractual measures as well as answering inquiries is the legal basis Art. 6 Para. 1 lit. b GDPR, if processing is carried out to fulfill our legal obligations, the legal basis is Art. 6 Para. 1 lit. c GDPR and processing is carried out for Safeguarding our legitimate interests is the legal basis Art. 6 Para. 1 lit. f GDPR.
If processing is based on your consent, you can revoke this at any time with effect for the future. You can send your revocation by post to the above address or by email to the above email address.
In the event that we disclose data to other people and companies (processors or third parties), transmit data to them or otherwise grant them access to the data, this is done exclusively on the basis of legal permission (e.g. if a transmission of the Data to third parties, such as to payment service providers, pursuant to Art. 6 Para. 1 lit. b DSGVO is required for the fulfillment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc. according to Art 6 Para. 1 lit. C GDPR).
In the event that we commission third parties to process data, this is done on the basis of Art. 28 GDPR. (so-called “order processing”).
3. What data is processed
3.1 Ordering Process
If you place an order via our website, we collect your first and last name, your address, your date of birth, your e-mail address or your telephone number (contact details) and, depending on the payment method selected, your bank details or your credit card details (bank details). In addition, we collect the data on your order, i.e. which products you ordered and at what price (order data). We need this data in order to fulfill the contractual relationship, i.e. to send you the ordered goods and in return to settle our purchase price claim. If you place an order via our website, your contact and order data will be passed on to our internal ordering department and accounting department as well as to our supplier (DHL). Depending on the payment method you have chosen, we will pass on your bank details to the commissioned payment service provider as part of the processing of payments. Further information on the individual payment service providers can be found at Section 9 of this data protection declaration.
This processing takes place to fulfill our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR.
When using our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (c) GDPR. The data will be deleted after statutory warranty and comparable obligations have expired, the necessity of storing the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after their expiry. Information in any customer account remains until it is deleted.
3.2 Cookies
We use cookies on our website. This is done in order to be able to allocate inquiries and requirements of the interested party. Cookies are small text files that are stored on your computer system. The use of cookies enables us to measure the frequency of page views and general navigation. We would like to point out that some of these cookies are transferred from our server to your computer system, most of which are so-called “session cookies”. “Session cookies” are characterized by the fact that they are automatically deleted from your hard drive after the end of the browser session. Other cookies remain on your computer system and enable us to recognize your computer system on your next visit (so-called. persistent cookies). If your browser allows it, you can reject cookies at any time. Please note that certain functions of this website may not be available or may only be used to a limited extent if your browser is set so that no cookies (from our website) are accepted.
3.3 Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer. For these purposes, we or our hosting provider process your data on the basis of our legitimate interests in making this online offer available efficiently and securely in accordance with Article 6 (1) (f) GDPR in conjunction with Article 28 GDPR (conclusion of an order processing contract).
3.4 Collection of access data and log files
We, or our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 Paragraph 1 lit. The access data includes the date and time of access, the name of the website accessed, the amount of data transferred, notification of successful access, the browser type and version, the user’s operating system, the previously visited page (so-called “referrer URL”), the IP address and the requesting provider. Log file information is stored for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
3.5 Contacting Us
When you contact us (e.g. via contact form, e-mail, telephone or via social media), your details (name, e-mail address, telephone number) will be used to process the contact request and its processing in accordance with Article 6 (1) lit b) GDPR processed in connection with the consent you have given.
You can revoke this consent at any time without giving reasons. An informal message by e-mail to us is sufficient. The legality of the data processing operations that took place up until the revocation remains unaffected by the revocation.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected. We do not pass on this data without your consent.
4. How secure is my data
For security reasons, all data that you make available to us is encrypted and transmitted using the SSL (Secure Socket Layer) method. SSL is a tried-and-tested encryption system used worldwide, with the help of which your browser automatically encrypts your data before sending it to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
5. What rights do I have as a data subject
You can anytime
- in accordance with Art. 15 GDPR, receive information about the data you have stored or processed with us
- according to Art. 16 DSGVO correction or according to Art. 17 DSGVO the deletion of your data
- according to Art. 18 GDPR demand restriction of the processing of your data
- object to the processing of your data in accordance with Art. 21 GDPR
- in accordance with Art. 20 GDPR, request the portability of your data
- lodge a complaint with the data protection supervisory authority in accordance with Art. 77 GDPR. Your competent supervisory authority is that of your place of residence. You can find a list of the supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
6. Right to Object
If we process your personal data on the basis of our overriding legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to make use of your right of objection, it is sufficient to send an e-mail to the e-mail address of the person responsible for data processing.
7. How long will my data be stored
The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. As soon as the data is no longer required for its intended purpose and the deletion does not conflict with any statutory retention requirements, the data stored by us will be deleted. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons. According to legal requirements in Germany, the storage takes place in particular for 6 years according to § 257 Para. 1 HGB and for 10 years according to § 147 Para. 1 AO.
8. Which services and content of third parties are integrated
We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit Integrate services such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to your browser without the IP address. The IP address is therefore required for the display of this content. If you would like to prevent the transmission of data to third parties, you have the option of deactivating the respective service.
The following third-party services and content are integrated on our website:
8.1 Google Analytics with anonymization function
We use the web analytics service Google Analytics from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (hereinafter “Google”).
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law. You can find more information about the Privacy Shield Agreement here:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google Analytics uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile statistics on the activities within our online offer and to provide us with other services related to the use of this online offer and internet usage. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not merged with other Google data.
Users can prevent the storage of cookies by setting their browser software accordingly; In addition, users can prevent the data generated by the cookie and related to their use of the online offering being collected by Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link:
http://tools.google.com/dlpage/gaoptout?hl=de
However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
As an alternative to the browser plugin or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent future detection by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you have to click this link again):
For more information, please see Google’s privacy policy:
https://www.google.com/policies/privacy/
8.2 Google Fonts
This site uses so-called web fonts from the provider Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly. For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website was accessed via your IP address. If you want to prevent the transfer of data to Google, you have the option of deactivating the service. For this purpose you must deactivate the Java Script function in your browser.
For more information, please see Google’s privacy policy:
https://www.google.com/policies/privacy/
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law. You can find more information about the Privacy Shield Agreement here:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offering. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
8.3 Font Awesome
This site uses so-called web fonts provided by Fonticons, Inc. for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.
For more information, please see Fonticon’s privacy policy:
https://fontawesome.com/privacy
Font Awesome is used in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
8.4 Google Maps
We integrate content from the online map service “Google Maps” from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Maps is used in the interest of an attractive presentation of our online offers and to make our company easy to find. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
In order to use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. We have no influence on this data transfer.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law. You can find more information about the Privacy Shield Agreement here:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
More information on handling user data can be found in Google’s data protection declaration:
https://www.google.de/intl/de/policies/privacy/.
9. Payment Providers
Depending on the payment method you have chosen, based on Art. 6 Para. 1 lit b. GDPR. In order to fulfill our contractual obligations and services, your bank details will be passed on to the following payment service provider as part of the processing of payments:
9.1 PayPal
If you pay using the “PayPal” or “PayPal Express” payment method, your data will be sent to PayPal. PayPal is an offer from PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the function of an online payment service provider and a trustee and offers buyer protection services.
The personal data transmitted to PayPal is first and last name, gender, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to of the order, such as number of items, item number, invoice amount, tax percentage and billing information. In addition, PayPal will also receive the name of the person whose PayPal account is used to make the payment.
This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and to protect against non-payment and fraud.
Please also note that PayPal can pass on your personal data to service providers, subcontractors or other affiliated companies insofar as this is necessary to fulfill the contractual obligations from your order or the personal data is to be processed in the order.
For the purpose of its own credit check, PayPal transmits this data to credit agencies and receives from them information and, if necessary, creditworthiness information based on mathematical-statistical processes (probability or score values), the calculation of which includes address data, among other things.
In Germany, these can be the following credit agencies:
- Accumio Finance Services GmbH, PO Box 11 02 54, 30099 Hanover
- Credireform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss
- Bürgel Wirtschaftsinformation GmbH & Co. KG, Gasstrasse 28, 22761 Hamburg
- SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden
- Infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden
PayPal’s applicable data protection regulations can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
This processing takes place to fulfill our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR.