I. What we do with your personal data?
1. What are personal data?
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). Identifiability does not necessarily require mentioning the data subject by name. Indirect identifiability is sufficient, e.g. by reference to an identification number, location data, an online identifier or to one or more specific factors. This means this is about your identity. This includes your name, but also your telephone number, your address and other data you transmit to us.
Many legal grounds for our data processing can be found in the European General Data Protection Regulation (GDPR). In the following, we refer to relevant provisions as the legal basis for our processing.
2. Use of data for the performance of a contract and for internal organisation
- Steps prior to entering into, and performance of, a contract
If you contact us with an enquiry or enter into a contract with us, we will require and process certain data – such as the details of an intended order or an order placed with us, your address, email address and payment details – for checks prior to entering into a contract, performance of the contract and processing any subsequent warranty or guarantee claims (for the legal basis see point (b) of Art. 6(1) of the GDPR). In the course of processing your order and payment, the service providers used by us (e.g. delivery companies, payment services providers) will receive the data concerning your person and/or your order as required. We also perform credit checks (see section IV below). Without such appropriate and correct information, we cannot accept your order or cannot offer you certain modes of payment.
In addition, we are required by commercial and tax law to archive data from completed transactions for the duration of the statutory retention periods. The legal basis for such use of your data is point (c) of Art. 6(1) of the GDPR.
- Processing in the context of company organisation
Furthermore, data are used for defending legal rights and for the pursuit of claims to safeguard our legal interests (point (f) of Art. 6(1) of the GDPR), in compliance with our legal obligations (such as evidence for the revenue authorities) on the basis of point (c) of Art. 6(1) of the GDPR, and within our legitimate interest in a lawful and efficient organisation of our business (including the transfer of data to persons bound to professional secrecy, such as tax advisers or solicitors; point (f) of Art. 6(1) of the GDPR) and/or by transferring data to intermediate service providers contractually obliged pursuant to Art. 28 of the GDPR to comply with statutory data protection provisions. In organising our business, we will process your data on our IT systems and, where necessary, transmit data concerning customers, interested parties, suppliers and personnel to authorities such as the revenue administration, in compliance with our legal obligations, and to advisers (tax advisers, solicitors, auditors) in accordance with our legitimate interest in a lawful and economical company organisation. The legal basis is points (c) and (f) of Art. 6(1) of the GDPR.
In this context, we analyse data concerning all company and business transactions for the purposes of company management and market analysis. Unless a specific purpose necessitates otherwise, the data will largely be analysed in an anonymised or at least pseudonymised form and will only be made available to third parties in a summary form dissociated from individual persons. The legal basis is points (c) and (f) of Art. 6(1) of the GDPR.
- Outsourced IT and hosting
We may make use of IT software and hosting services from external service providers in the course of providing services and fulfilling your requests and our contractual obligations, on the basis of our legitimate interest in the efficient and secure management of the company and performance of the contract. In this context, your data concerning your interests, requests, orders and visits and/or your use of our services will also be processed via the services of such providers.
Where legally required and not already covered by provisions on professional secrecy, we have made contractual provisions with external processors to ensure our access and the secure and confidential treatment of your data.
The legal basis is point (f) of Art. 6(1) in connection with Art. 28 of the GDPR (entering into a processing contract).
3. Data storage, registration, customer account
Your specific order data are stored by us but cannot be viewed and/or accessed.
The online shop is only available to business customers, who in placing an order act in exercise of their trade, business or profession. You must register with us and provide evidence of your being a business customer in order to gain access to the shop.
After successful registration, you can log in with the email address provided by you and the password chosen by you. By registering, you will also gain access to the data stored by us concerning your person and your orders.
Besides authorisation, we will also use your email address for notifications of important changes in connection with your registration.
If you wish to terminate your access, please contact [email protected]
Please note that after termination your data will continued to be stored by us and used for the stated purposes (such as processing orders, but also for marketing information).
If you contact us by any of the ways provided for this purpose (e.g. by email or by using the contact form), we will save and store your name and contact details as well as your query. Your data will be used to process your query and to communicate with you. We will use your email address to be able to reply to you by email (legal basis: points (a) and (b) of Art. 6(1) of the GDPR). If you have a query about a specific order or if there is something you want us to do for you personally, we will need your real name. For any other queries, you may also use a pseudonym. After your query has been definitively resolved and where there are no other retention obligations, your data will be erased.
5. Use of data for marketing purposes
We are interested in maintaining customer relations with you, alert you to new product groups and services provided by us, acquire new customers, reactivate former customers and to provide our customers with information and offers. For the purposes of these legitimate interests, we will process your data on the basis of point (f) of Art. 6(1) of the GDPR (also via service providers) in order to provide you with information and personalised offers from us and to improve our information and offers. We may also arrange to obtain your separate consent outside the scope of this document; in such cases, our use of your data will be based on point (a) of Art. 6(1) of the GDPR.
Please refer to the following list of advertising measures for further information on our data processing in this context.
On the basis of the aforementioned statutory provision, we will make the following uses of your data without asking for your consent separately:
We will use your first name and surname, your address and – where we have obtained such additional information from you – your title, academic degree, your date of birth and your job title or industry or business description to send you offers and information about our company and our services and products by post if we expect that such information is of interest to you.
The following uses of your data shall only be made if we have obtained your consent outside the scope of this policy.
Point (a) of Art. 6(1) of the GDPR is the legal basis for any processing by our company for which we obtain your consent for a specific purpose of processing.
(Your acceptance of this notice does not yet constitute your consent to the relevant use of your data for marketing purposes.)
- Contact by telephone for order requests
Commercially, we will use your telephone number in cases of presumed consent in order to provide relevant information about our offers and promotions if we can assume an interest in such things.
- Advertising by email with separate consent
If you have separately registered for our newsletter, your email address and, as the case may be, further personal data freely provided by you when registering (e.g. your name, to allow us to properly address you) will be used for our own marketing purposes and, as the case may be, for offers from our advertising partners contained in the newsletter.
We will make a statistical analysis of when such an email is accessed and, as the case may be, which information provided is met with interest and to what extent (e.g. when you click on a link). This analysis is for the purpose of improving our delivery times and optimising the content of our offers and marketing information.
6. Erasure and blocking
Your personal data will be stored until the stated purposes have been achieved and/or for as long as we have a legitimate interest in storing them.
Thereafter, they will be erased, unless agreed with you otherwise or unless there are statutory archiving obligations (e.g. on the basis of commercial or tax law). In case of statutory archiving, the data will be blocked against any other access. On expiry of the statutory retention periods, these documents will be erased and destroyed in accordance with data protection law in the course of regular measures.
If you have consented to the collection, processing and use of your data, we will store and use your data for an indefinite period until you withdraw your consent or until the purpose for which you have given consent no longer applies. Thereafter, your consent and processing data will be archived for the statutory limitation period (usually three years) for the purposes of defending legal claims (legal basis: point (e) of Art. 17(3) of the GDPR).
If you no longer wish to receive advertising from us, we will use your name, address and, as the case may be, email address for the purpose of blocking in appropriate lists against which we compare our advertising lists, so that you no longer receive advertising. Erasure in this context thus means that your data are first blocked on our systems, in particular for advertising and marketing activities (legal basis: point (f) of Art. 6(1) of the GDPR). Your data will continue to be processed, where necessary, for purposes other than advertising, e.g. in the context of the performance of a contract and, as the case may be, warranty, as well as for documentation under commercial and tax law (legal basis: points (b) and (c) of Art. 6(1) of the GDPR).
If, notwithstanding the possible consequence of your continuing to receive advertising in individual cases, you desire the erasure rather than blocking of your data, please let us know.
To the top