1. Legal basis for data processing
The data controller as defined by the provisions of the General Data Protection Regulation (GDPR) is:
1784 PJ Den Helder
Telephone: 0031-(0)681 309 418
2. General information on data processing
In the course of our business and website operations, we process data.
This also includes disclosure by transmission to third parties and, where applicable, to third countries outside the European Union ("EU") and the European Economic Area ("EEA"). Where we transfer data outside the EU or the EEA, we have indicated this accordingly below.
3. Data processing
The individual data concerned, processing purposes, legal bases, recipients and, if applicable, transfers to third countries are listed below:
a) Log file when you visit our website
We log your visit to our website. In doing so we process:
- the name(s) of our website(s) accessed;
- the date and time you accessed the site(s);
- the amount of data transferred;
- the browser type and version;
- the operating system you used;
- the referrer URL (previously visited website);
- your IP address;
- the requesting provider.
The legal basis for data processing in accordance with Article 6(1)(f) GDPR is our overriding legitimate interest in the ongoing provision and security of our website.
The log file is deleted after seven days, unless it is needed to prove or clarify specific legal violations that have become known within the retention period.
To provide our online presence, we use the services of web hosting providers who process the above-mentioned data and all data processed in connection with the operation of this website (log file when visiting the website) on our behalf.
The legal basis for data processing in accordance with Article 6(1)(f) GDPR is our overriding legitimate interest in providing our website.
c) Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your enquiry: name, contact details — if provided by you — and your message.
The legal basis for data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations in accordance with Article 6(1)(b) GDPR and/or our overriding legitimate interest in processing your enquiry in accordance with Article 6(1)(f) GDPR.
d) Processing of contracts
We process your order data to process the contractual relationships between you and us.
The legal basis for data processing in accordance with Article 6(1)(b) GDPR is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations in accordance with Article 6(1)(c) GDPR.
We transmit your transaction data (name, date of order, method of payment, date of dispatch and/or receipt, amount and payee, bank details or credit card details if applicable) to the payment service provider commissioned with processing the payment.
e) Shop system, customer data management and supply of the streaming service via Shopify
In order to provide our shop system and our streaming service and to manage our customer data, we use the systems provided by Shopify International Limited, Victoria Buildings, second floor, 1-2 Haddington Road, Dublin 4, D04 XN32. The data that we process in order to provide your customer account and process your purchase is therefore processed using Shopify systems.
The legal basis for the data processing is the need to comply with our contractual obligations in accordance with Article 6(1)(b) GDPR and the need to comply with our legal obligations in a particular case in accordance with Article 6(1)(c) GDPR.
Shopify is a corporation with multinational subsidiaries. Data processing by Shopify may therefore involve the transmission of data to the USA. The EU Commission has not issued an adequacy decision for data transfers to the USA. Salesforce ensures an adequate level of data protection by means of the EU standard contractual clauses, however. We can provide you with a copy of the clauses on request. Please contact firstname.lastname@example.org to request these.
In order that we can send you regular information about our company and our offers, we offer you the option of receiving an email newsletter. When you register for the newsletter, we process the data you enter (email address and other information provided voluntarily). In order to prevent misuse, we will send you an email after your registration, in which we ask you to confirm your registration (double opt-in procedure). In order to be able to verify the registration process in a legally compliant manner, your registration is logged. This includes storing the time of the registration and confirmation as well as your IP address.
The legal basis for sending the newsletter is your consent according to Article 6(1)(a) GDPR. Data processing in connection with the sending of the confirmation email for your registration and associated data logging is performed in accordance with Article 6(1)(f) GDPR based on our legitimate interest in verifying your correct registration.
If you give us your consent, we will also analyse whether you have opened the newsletter as well as your scrolling and clicking behaviour in the newsletter. We do so for the purpose of ensuring that our newsletter is aligned with your interests as well as improving the content of our newsletter. The legal basis for analysis of the newsletter is your consent in accordance with Article 6(1)(a) GDPR.
To send the newsletter, we use service providers to whom we transmit the aforementioned data.
g) Direct marketing by email for existing customers
Unless you have objected to this, we will send you direct marketing related to the goods and services you have purchased in order to offer you similar goods and services. To do so, we will use the email address provided by you when entering into the contract.
You can object to such use at any time without incurring any costs other than the transmission costs in accordance with the basic tariff.
The legal basis for sending such direct marketing is Section 7(3) of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG) in conjunction with Article 95 GDPR. To send the newsletter, we use service providers to whom we transmit the aforementioned data.
h) Customer account
When you open and use a customer account, we process your user data (name, address, email address, bank details) as well as your usage data (user name, password). This enables you to manage your orders and contracts, and we can identify you as a customer. The legal basis for this data processing is your consent in accordance with Article 6(1)(a) GDPR.
We do not use any other advertising cookies besides this. Information on the exact cookies we use and their providers and purposes is provided in our consent banner. Here you give your consent to the relevant services and can withdraw your consent or change your settings at a later date. The legal basis is your consent in accordance with Article 6(1)(a) GDPR.
Our consent banner
We use a consent banner to document your selection for certain data processing operations and to fulfil our legal data protection obligations. When you visit our website, you are asked for your cookie preferences via a banner. We then use a cookie which stores details of the consent that is granted or withdrawn. Data processing is performed in order to comply with our legal obligations in accordance with Article 6(1)(c) GDPR.
4. Duration of data storage
We only store personal data for as long as we need it for the purposes for which it is processed or until you withdraw your consent. Insofar as statutory retention obligations must be observed, the storage period for certain data can be up to 10 years, irrespective of the processing purposes.
5. Your rights as a data subject
You may request access free of charge at any time to all of the personal data that we have stored about you.
b) Rectification, erasure, restriction of processing (blocking), objection
If you no longer agree to the storage of your personal data or if this data is no longer correct, we will, on the basis of a corresponding instruction, arrange for the erasure or restriction of your data or make the necessary corrections (insofar as this is possible under the applicable law). The same applies if we are only to process data in a restricted manner in the future. In particular, you have a right to object in cases in which your data is necessary for the performance of a task in the public interest or the data processing is carried out on the basis of our legitimate interest, as well as profiling on this basis. You also have a right to object in the case of data processing for the purpose of direct advertising.
c) Right to withdraw consent with effect for the future
You may withdraw your consent at any time with effect for the future. Your withdrawal will not affect the lawfulness of the processing up until the time of withdrawal.
d) Data portability
If data is processed based on a contract, pre-contractual negotiations, consent or by means of automated procedures, you have the right to data portability. Upon request, we will provide you with your data in a common, structured and machine-readable format so that you can transfer the data to another controller if you wish.
e) Restriction of processing
The above rights do not apply for data where we are not able to identify the data subject, e.g. if it has been anonymised for analysis purposes. Access, erasure, restriction, rectification or transfer to another company may be possible in relation to this data if you provide us with additional information that allows us to identify you.
f) Exercising your rights as a data subject and right of appeal
If you have any questions about the processing of your personal data, if you would like access to or to rectify, restrict, object to the use of or erase data or to request for data to be transferred to another company, please contact email@example.com.
You also have the option to lodge a complaint with a supervisory authority about your rights as a data subject.