Data protection
Privacy Policy
Table of contents:
§ 1 Information on the collection of personal data
§ 2 Your rights
§ 3 Collection of personal data when visiting our website
§ 4 Further functions and offers of our website
§ 5 Duration of storage of personal data
§ 6 Revocation of consent to the processing of your data and objection to the processing of your data
§ 7 Legal or contractual obligation to provide personal data; necessity for the conclusion of the contract; consequences of non-provision
§ 8 Use of our online shop
§ 9 Use of our newsletter
§ 10 Use of Google Analytics
§ 11 Use of social media plug-ins
§ 12 Integration of YouTube videos
§ 13 Use of Google Adwords Conversion
External data protection officer:
SITsolutions
Data Protection | Information Security | Consulting
Jörg Schmidt
Am Sonnenhain 13
36039 Fulda
Phone.: 08042-50390163
e-mail: datenschutz.LHT@mehler-systems.com
SITsolutions
Data Protection | Information Security | Consulting
Jörg Schmidt
Am Sonnenhain 13
36039 Fulda
Phone.: 08042-50390163
e-mail: datenschutz.LHT@mehler-systems.com
§ 1
Information about the collection of personal data
I. Below, we provide information on the collection of personal data when using this website. Personal data are all data that are personally referable to you, such as name, address, email addresses and user behaviour.
II. The data controller according to Art. 4 point 7 of the basic EU data protection regulation (hereinafter: GDPR General Data Protection Regulation) is Lindnerhof-Taktik GmbH, represented by the managing director Jakob Kolbeck, Isarring 3, 83661 Lenggries, Germany, email address: info@hqg.de (see also our legal notice). You can reach our data protection officer at the email address datenschutz.LHT@mehler-systems.com or our postal address with the addition "the data protection officer".
III. When you contact us by email or via a contact form, the data you provide (your email address, your full name, the subject of the message and your message, your company and any other personal data you voluntarily provide) will be stored by us in order to answer your questions and, if necessary, to initiate a contractual relationship at your request (the legal basis is Art. 6 (1) clause 1 of point (b) GDPR). We will delete the data collected in this context after its storage is no longer required, or otherwise limit its further processing if we are required by the law to continue retaining it.
IV. If we make use of contracted service providers for individual functions of our offer or would like to use your data for commercial purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
V. We have implemented extensive organisational and technical measures to ensure the security of your personal data collected on our website as completely as possible. For technical reasons, however, we cannot guarantee absolute security when transmitting data on the Internet. Of course, you are free to transfer your personal data to us by alternative means of transmission (e.g. by post, fax or telephone).
§ 2
Your Rights
I. You have the following rights towards us regarding your personal data:
• The right to information (Art. 15 GDPR)
• The right to rectification and completion (Article 16 GDPR)
• The right to erasure (Art. 17 GDPR)
• The right to restriction of processing (Art. 18 GDPR)
• The right to object to processing (Art. 21 GDPR)
• The right to data portability (Art. 20 GDPR)
• The right to revoke consent (Art. 7 (3) GDPR)
II. You also have the right to lodge a complaint to a data protection supervisory authority concerning our processing of your personal data (Art. 77 GDPR).
§ 3
Personal data collection when visiting our website
I. If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server (so-called log files). If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 (1) clause 1 of point (f) GDPR):
• Your IP address
• Date and time of request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page or data)
• Access status/HTTP status code
• The amount of data transmitted
• Website from which the request comes (so-called referrer)
• Your browser
• Your operating system and device
• Language and version of your browser software
• Other similar data that is useful for security purposes in the event of an attack on our IT infrastructure
We do not combine the aforementioned information with other data and do not use it to draw conclusions about your person. We use this data only to deliver our website to visitors, to maintain the functionality and operational security of our website and the technical systems required for this, to optimise the content of our website and, if necessary, to support law enforcement bodies in the event of an attack on our IT infrastructure.
For this purpose, we may also make use of external service providers (each with company headquarters in the European Union) who host and administer our online presence, ensure the functionality and operational security of our IT infrastructure etc. and who are subject by us to the same strict data protection regulations to which we ourselves are also obliged (cf. also § 4 point 2).
II. In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in association with the browser you're using and by which the body which sets the cookie (in this case, us), transmits certain information. Cookies cannot run programs or deliver viruses to your computer. They serve to make our site more user-friendly and effective.
III. Use of cookies:
1. This website uses the following types of cookies, the scope and functioning of which are explained below:
• transient cookies (see point 2.)
• persistent cookies (see point 3.)
2. Transient cookies are automatically deleted when you close the browser. These include, especially, session cookies. These store a session ID which assigns the various requests made by your browser during the joint session. This will allow your computer to be recognised when you return to our website after a previous visit. Session cookies are deleted when you log out or close the browser. We currently use transient cookies on our website.
3. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie, but no later than 2 years after the last visit to our website. You can delete cookies at any time in the security settings of your browser. We currently use persistent cookies on our website.
4. You can configure your browser settings as desired and refuse to accept third-party or any other cookies. However, please note that if you do so, you may not be able to experience full functionality of this website. This applies in particular to the use of our online shop, since here the use of cookies is absolutely necessary to guarantee the functionality of the online shop for technical reasons (e.g. for the shopping basket function, the order process, the selection of means of payment, etc.). In the event that you wish to use our online shop, but at the same time only wish to accept the absolutely necessary cookies, we recommend that you use the Google Analytics Opt-Out plugin (cf. below § 10 point III) to refuse the collection of data by Google Analytics cookies.
§ 4
Further functions and offers of our website
In addition to the purely informational use of our website, we offer various services that you can use if interested. For this purpose, you must provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
III. Furthermore, we may disclose your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the respective offer below.
If our service providers or partners are based in a country outside the European Economic Area (EEA) or the European Union (EU), we will inform you of the consequences of this circumstance in the description of the respective offer.
§ 5
Duration of personal data retention
Criterion for the duration of the storage of personal data within the meaning of Art. 13 (2) point (a) DGPR is the respective legal retention period. Insofar as the respective personal data is no longer used for the purposes of contract fulfilment or contract initiation within the meaning of Art. 6 (1) clause 1 of point (b) GDPR are required, these will be deleted by us after expiry of the deadline in each case. Server log files in the sense of § 3 point I. are automatically deleted after a period of 100 days. Google Adwords conversion cookies are usually deleted automatically after 30 days at the latest (see also below § 13 point II.), Google Analytics cookies (cf. below § 10) are automatically deleted at the latest two years after the last call of the website.
§ 6
Revocation of consent to the processing of your data and
objection to the processing of your data
I. If you have given your consent to the processing of your data, you can revoke this at any time.
If you exercise this right, this will affect our ability to process your personal data after you have already given it to us. The legality of the processing carried out on the basis of the consent until revocation is not affected.
You can inform us of your revocation of your consent at any time to all under § 1 point 2. or to those mentioned in the contact data in our legal notice .
II. If we base the processing of your personal data on the weighing of interests (Art. 6 (1) point (f) GDPR), you can object to the processing at any time.
This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the description of the functions. When exercising such a revocation, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified revocation, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
You can send us your revocation against the processing at any time to all under § 1 point 2. or to those mentioned in the contact data in our legal notice .
III. Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time.
You can object to the processing of your data for advertising and data analysis purposes at any time to all under § 1 point 2. or to those mentioned in the contact data in our legal notice.
§ 7
Legal or contractual obligation to provide personal data; necessity for the conclusion of the contract; consequences of non-provision
We would like to point out that in certain cases there is a legal obligation on your part to provide personal data. This can be based, for example, on tax or commercial law regulations. In addition, such a necessity may also arise for contractual reasons, for example because information on the contractual partner is required. If you wish to conclude a contract with us, you are obliged to provide us with the necessary personal data to enable us to carry out and process the contractual relationship. If you do not wish to provide us with the required personal data, it is not possible to conclude a contract with us. Also, we may not be able to contact you to initiate a contract or answer your questions (for example, if you do not want to provide us with your contact details and name). We check very carefully in each individual case according to the principle of data economy which personal data we need from you for the conclusion of a contract or to answer an enquiry addressed to us and will inform you of the result of this check in advance in each individual case if you contact us. Within the scope of this individual case examination, we will also inform you whether there is a legal obligation or a contractual necessity to provide your personal data, whether you are obliged to provide it and what consequences a non-provision of your personal data would have in the respective individual case.
§ 8
Use of our online shop
I. If you would like to order in our online shop, it is necessary for the conclusion of the contract that you give us your personal data, which we need for the completion of your order. Required information (in particular your full name, your full address and country of residence as well as your email address) are marked separately; further information is optional. We use the data provided by you to process your order. For this purpose we can pass on your payment data to our house bank. The legal basis for all of the above is Art. 6 (1) clause 1 of point (b) GDPR.
We may also pass on your data to external third parties (mail order companies) to process your order, insofar as the transfer of the data is absolutely necessary to carry out the delivery of the goods ordered by you. The legal basis is Art. 6 (1) clause 1 of point (f) or (b) GDPR.
You can voluntarily create a customer account through which we can store your data for future purchases. When creating a customer account during the order process ("To checkout" or "To order", "Order as new customer", "Register"), the data you have provided will be stored revocably (legal basis for this is Art. 6 (1) clause 1 of point (b) or (f) GDPR). Necessary mandatory information for the customer account registration (in particular your full name, your full address including country of residence, your email address and a desired password for logging into your customer account) are marked separately; further information is voluntary. All other data, including your customer account, can be deleted manually by us at any time: please contact us at the contact details given in our legal notice .
You can also order as "Guest" ("Checkout" or "Order", "Order as new customer", "Buy as guest"), without creating a customer account. Necessary mandatory information for a guest order (in particular your full name, your full address including country of residence, your email address) are marked separately; further information is voluntary.
We may also process the data you provide in order to inform you of other interesting and similar offers from our own portfolio or to send you emails containing technical information (legal basis for this is Art. 6 (1) clause 1 of point (f) or (b) GDPR).
II. We are obliged by commercial and tax law to store your address, payment, and order data for a period of ten years. However, after two years we limit the processing of your data, that is, your data will only be used to comply with legal obligations. The legal basis is Art. 6 (1) clause 1 of point (c) GDPR.
III. To prevent unauthorised access to your personal data, especially financial data, the order process is encrypted using TLS technology ("https://").
IV. The following payment methods can currently be selected by the customer in our online shop: Payment on account, payment in advance, payment by cash on delivery, payment via PayPal.
a. If you as a customer choose payment via the payment service provider PayPal (provider is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg), you hereby give your consent to the transfer of your personal data required for processing the payment to PayPal. If you do not wish to give such consent, please choose an alternative payment method (for example, by "prepayment" as the "most data-saving" alternative), as otherwise payment processing via PayPal is technically not possible. The necessary data will then be automatically transmitted to PayPal for the execution of the payment when paying via PayPal. In particular, the data required for payment processing are: Your full name together with your complete address, your email address, your IP address at the time the payment order is placed, your telephone number(s), data in connection with ordered goods or services and, if applicable, other data which are absolutely necessary for processing the payment order. The purpose of the transmission of the data to PayPal is the processing of payments and preventive measures against fraud (legal basis for this is Art. 6 (1) clause 1 of point (b) or (f) GDPR). PayPal may transfer data transferred to PayPal to external service providers (credit agencies) to obtain credit and identity information. If this is necessary to fulfil the contractual obligations in connection with the purchase or payment or if the corresponding data is to be processed on behalf of PayPal, PayPal may also transmit this data to affiliated companies, external service providers, etc., if applicable.
We refer in this respect completely to PayPal's privacy policy, which can be accessed under the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN. There you will also find information on how to contact PayPal and its data protection officer and in particular the categories of personal data processed by the payment service provider.
Of course, you can also revoke your consent to the processing and storage of your personal data by PayPal at any time. The processing, storage and use of data which are absolutely necessary for the processing of the payment order shall remain unaffected by such a revocation. You will also find corresponding information on this in PayPal's privacy policy, which you can call up under the aforementioned link.
b. If you as a customer choose the payment method "invoice payment", we can check or have checked in each individual case whether we can grant such an invoice payment taking into account the creditworthiness of the customer or any existing default and insolvency risk (scoring). For this purpose, the credit risk is assessed on the basis of mathematical-statistical procedures by the credit agency Creditreform Boniversum (Creditreform Boniversum GmbH, Hellersbergstraße 11, D-41460 Neuss, Germany, tel.: +49 (0)2131-109-501, fax: -+49 (0)2131-109-557). For this purpose, after selecting the "invoice payment" payment method, we pass on the data (in particular the complete name and address of the customer) to the credit agency Creditreform Boniversum, based within the European Currency Area, in order to have a credit check carried out and to enable subsequent execution of the contract. If you do not wish this, a purchase on account cannot be carried out. In this case, please select an alternative method of payment, for example by "prepayment" (as the "most data-saving" alternative).
The data is therefore collected, stored and passed on for the purpose of credit assessment in order to avoid non-payment and on the basis of Art. 6 (1) clause 1 of point (b) and Art. 6 (1) point (f) GDPR. On the basis of this information, a statistical probability of a loan default and thus the solvency of the customer is calculated. If the credit check is positive, a purchase on account is possible. If the credit check is negative, we will not offer you payment on account and will inform you of this. In this case, please choose an alternative method of payment, for example "prepayment".
Automated decision making does not take place, as a scoring value is obtained manually by one of our employees from the aforementioned credit agency and we then decide for each individual case whether we offer you a purchase on account or not.
Information about the scoring process and the source of the personal data used for the scoring process and, if applicable, whether it comes from publicly available sources can be found on the Creditreform Boniversum credit agency website at https://www.boniversum.de/datenschutzerklaerung/ and https://www.boniversum.de/eu-dsgvo/.
§ 9
Use of our newsletter
Currently we do not offer a newsletter service.
§ 10
Use of Google Analytics
I. This website uses Google Analytics, a web analysis service of Google Inc. (hereinafter "Google"). Google Analytics uses "cookies", which are text files that are stored on your computer and which help analyse your use of the website. The information generated by the cookie about your use of the website will be transmitted to, and stored by, Google, on servers in the United States. However, if IP anonymisation is enabled on this website, your IP address will first be abbreviated by Google within the member states of the European Union or other parties to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.
II. The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data held by Google.
III. You can prevent cookies from being stored by selecting the appropriate settings in your browser; however, we wish to point out that by doing so, you may not be able to enjoy the full functionality of this website (cf. above § 3 point. III. point 4.). You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Alternatively to the browser add-on or when using browsers on mobile devices, please use this link to prevent further tracking through Google Analytics within this website.
IV. This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in truncated form, so that linking these to individuals can be ruled out. If the data collected about you is personally identifiable, it will be blocked immediately and the personal data deleted as soon as possible.
V. We use Google Analytics to analyse and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/eu-us-framework, for exceptional cases in which personal data is transferred to the USA. The legal basis for the use of Google Analytics is Art. 6 (1) clause 1 of point (f) GDPR:
VI. Information of the third-party provider: Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. User conditions: http://www.google.com/analytics/terms/de.html, Overview of data security: http://www.google.com/intl/de/analytics/learn/privacy.html and the Privacy Policy: http://www.google.de/intl/de/policies/privacy.
§ 11
Use of social media plug-ins
I. We have not included a Facebook button via script on our website and instead only use a static hyperlink on our website, which only forwards the visitor of our website to our external Facebook profile by clicking on this hyperlink in a targeted manner. This enables us to ensure that no personal data is collected or processed by the operator of Facebook (this is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland for visitors from Europe) without a targeted activation of the hyperlink by the visitor to our website by simply calling up our website. If you access our Facebook profile, personal data may be collected and processed by Facebook, but we have no influence over this. Further information in this regard can be found in Facebook's privacy policy applicable in this respect under the following link: https://de-de.facebook.com/policy.php. There you will also find further information about your rights and setting options to protect your privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
II. Otherwise, we do not use any social media plug-ins on our website.
§ 12
Inclusion of YouTube videos
I. We may use the YouTube platform to provide you with videos that can be played from there. For data protection reasons, however, we have not included our videos directly on our website ("embedded") neither are they directly playable from our website. Rather, we may only use a static hyperlink, which only forwards the visitor to our website to the video platform YouTube by clicking on this hyperlink in a targeted manner. This way we can ensure that without a targeted activation of the hyperlink by the visitor of our website, no personal data is collected or processed by the operator of YouTube simply by calling up our website. If you access a video provided on the YouTube video platform, personal data may be collected and processed by YouTube or Google, but we have no influence over this. The YouTube video platform is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
II. Further information on the purpose and scope of data collection and its processing by YouTube or Google, if you specifically access a video provided by us on the YouTube video platform, can be found in the privacy policy under the link https://www.google.de/intl/de/policies/privacy. There you will also find further information about your rights and setting options to protect your privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 13
Use of Google AdWords Conversion
I. We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. We are interested in showing you advertisements which are of interest to you, in making our website more interesting for you and achieving a fair calculation of advertising costs. The legal basis for processing is your consent under Art. 6 (1) clause 1 of point (f) GDPR.
II. These advertising media are delivered by Google (namely Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA) via so-called "Ad Server". For this purpose, we use ad server cookies, through which certain parameters for measuring success can be measured, such as the display of advertisements or of clicks by users. If you access our website via a Google ad, Google Adwords will store a cookie on your device. These cookies usually expire after 30 days and are not used with the intention of personally identifying you. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a mark that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
III. These cookies enable Google to recognise your Internet browser. If a user visits certain pages of an Adwords customer's website and the cookie stored on their computer has not expired, both Google and the customer are able to recognise that the user has clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Thus, cookies cannot be tracked using the website of an Adwords advertiser. We do not process any personal data ourselves in the aforementioned advertising measures. We only receive statistical evaluations from Google. We are able to recognise which of the advertising measures are particularly effective on the basis of these evaluations. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
IV. Due to the marketing tools used, your browser is automatically able to establish a direct connection to the Google server. We have no influence on the extent and the further use of the data which are collected by Google's use of this tool, and we therefore inform you according to our knowledge: By integrating AdWords conversion, Google receives the information that you accessed the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google may associate your visit to our website with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
V. You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies so that you will not receive ads from third-party providers; b) by deactivating cookies for conversion tracking, by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, this setting being deleted when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies; d) by permanently deactivating Firefox, Internet Explorer or Google Chrome in your browsers under the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of this offer in full (cf. above § 3 point III. point 4.).
VI. Legal basis for the collection and processing of your data is Art. 6 (1) clause 1 of point (f) GDPR. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/eu-us-framework.