Data protection

1. Privacy Policy

This website \(hereafter "Website"\) is provided by Royal H. \(hereafter "us" or "we"\). With the following data protection declaration we inform you about the processing of your personal data and the rights to which you are entitled.

The laws \(DS-GVO and BDSG-new\) on which this data protection declaration is based came into force on May 25, 2018.

We use GIDA to create the data protection declaration. GIDA is a generator for creating imprints and data protection declarations. The generator GIDA is a trademark of the law firm Fischer-Battermann, Kirchring 55, 26831 Bunde, Germany. No personal data from you will be processed or stored for these services.

Further information about GIDA can be found on the following websites of the Fischer-Battermann law firm: 
http://www.fischer-battermann.de
http://www.impressum-datenschutz.de

2. Name and address of the person responsible for processing

As the person concerned, you can contact our data protection officer directly with any questions or suggestions regarding data protection.

You can reach the data protection officer:

Anna Hilgen

Email: anna.hilgen@royalh.de
Phone: +49 160 97240106

3. Purpose of processing your personal data

By processing your personal data, we want to ensure that you have a user-friendly, secure and efficient service that is tailored to your individual wishes and needs. In particular, we process your personal data if it is essential for the functioning of our website and our services. In addition, we offer you various services on our website that are not only of purely informative value. If you wish to use these services, you must provide further additional personal data. We use this data in compliance with the following data processing principles in order to provide the service you have selected.

We process your personal data with your prior consent. We only refrain from obtaining your consent beforehand if we cannot obtain your consent beforehand for actual reasons and the processing of your data is expressly permitted by statutory provisions.

4. Legal basis for processing your personal data

The legal basis for the processing of your personal data results from the European General Data Protection Regulation \(DS-GVO\), the new Federal Data Protection Act \(BDSG-new\) and other relevant laws.

The legal bases of the GDPR:

Art. 6 I lit. a DS-GVO Processing of personal data after obtaining the consent of the person concerned of the personal data concerning them for one or more specific purposes

Art. 6 I lit. b DS-GVO processing of personal data is necessary to fulfill a contract or to carry out pre-contractual measures, the contracting party of which is the data subject, which take place at the request of the data subject

Art. 6 I lit. c GDPR Processing of personal data to fulfill a legal obligation to which we are subject

Art. 6 I lit. d GDPR Processing of personal data to protect the vital interests of the data subject or another natural person

Art. 6 I lit. e GDPR Processing of personal data for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible

Art. 6 I lit. f DS-GVO processing of personal data to safeguard our legitimate interests or those of a third party, unless the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, prevail, especially if it the data subject is a child

5. Protection of minors

All persons under the age of 16 must not transmit any personal data to us without the consent of their parents or legal guardians. We do not collect any personal data from children and young people and do not pass such data on to third parties.

6. Categories of recipients of personal data

6.1. Transfer of personal data to external service providers

We can also transmit your personal data to external service providers for processing:

- to fulfill our legal reporting obligations in accordance with Art. 6 I lit. c GDPR, this includes in particular authorities \(e.g. social security institutions, tax authorities or law enforcement authorities\)
- to fulfill a contract or pre-contractual obligations in accordance with Art. 6 I lit. b GDPR \(e.g. payment service provider\)
- on the basis of a legitimate interest pursuant to Art. 6 I lit. f GDPR \(e.g. service companies commissioned by us such as web hosts, external data centers, credit institutions, printers, courier services, auditing service providers etc.\)
- on the basis of your consent in accordance with Art. 6 I lit. a DS-GVO

If you participate in campaigns or competitions, conclude a contract with us or use similar services that we offer together with other partners, we can pass on your data to external service providers. You will receive further information before you enter your data and directly in the description of the offer. 

All external service providers commissioned by us are carefully selected, bound by our instructions and are regularly checked by us. 

If we commission third parties on the basis of an order processing contract, we observe Art. 28 DS-GVO.

6.2. Transfer of personal data outside the EU and EEA

If we provide functions or services of external third party providers based in non-European countries on our website, your personal data can also be processed and stored outside the European Union \(EU\) or the European Economic Area \(EEA\). This is only done in compliance with legal requirements. 

We only transmit your personal data if we have informed you in advance and you expressly consent to this or if this is required for contractual reasons or by law. In addition, a recognized level of data protection, a contractual obligation through standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations must exist in the third country. 

For more information, see:
http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf

6.3. Data Erasure and Storage Duration

Your personal data will be deleted or blocked if the purposes for which they were collected or otherwise processed are no longer applicable. We store your personal data for the period in which claims (e.g. statutory limitation periods of up to 30 years) can be asserted against us. In addition, data storage is only possible if the European or German legislator has stipulated this for proof and retention periods, e.g. Commercial Code \(HGB\), Fiscal Code \(AO\) or Money Laundering Act \(GWG\). We will block or delete personal data when a statutory storage period expires. Something else only applies if there is a need for further storage of the data for the conclusion or fulfillment of a contract.

7. Your rights as a data subject

You have a right regarding your personal data

  • confirmation and information,

  • correction,

  • Deletion,

  • restriction of processing,

  • Objection to the processing and

  • data portability.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
Your requests will be processed within 30 days. We may require that you enclose a photocopy of proof of your identity with your application.

7.1. Right to confirmation and information \(Art. 15 DS-GVO\)

You have the right to free confirmation as to whether we are processing personal data relating to you and, if this is the case, a right to information about this personal data and the following information: 
• the processing purposes;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
• if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria used to determine that duration;
• the existence of a right to correction or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing;
• the existence of a right of appeal to a supervisory authority;
• if the personal data are not collected from the data subject, all available information about the origin of the data;
• the existence of automated decision-making including profiling in accordance with Art. 22 I, IV DS-GVO and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the person concerned.
If your personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate guarantees under Art. 46 GDPR in connection with the transfer.

We will provide you with a copy of the personal data that is the subject of the processing. For any additional copies you request, we may charge a reasonable fee based on administrative costs. If you submit the application electronically, we will provide you with the information in a common electronic format, unless you specify otherwise. Your right to receive a copy according to Art. 15 III DS-GVO must not affect the rights and freedoms of other people.

7.2. Right to rectification \(Article 16 GDPR\)

You have the right to immediate correction if your personal data has been stored incorrectly or incompletely by us. You can contact us at any time for this. You can also assert your right by means of a supplementary declaration. The purpose of the processing must be taken into account.

7.3. Right to erasure / "Right to be forgotten" \(Article 17 GDPR\)

You have the right at any time according to Art. 17 DS-GVO to demand the immediate deletion of your personal data if one of the following reasons applies and the processing is no longer \(no longer\) necessary:

• Your personal data was collected for purposes or otherwise processed for which your data is no longer required.

• You revoke your consent according to Art. 6 I lit. a GDPR or Art. 9 II lit. a GDPR and there are no other legal bases for the processing.

• You object to the processing of your data in accordance with Art. 21 I DS-GVO for reasons that arise from your particular situation. This also applies to profiling based on the GDPR. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

• According to Art. 21 II DS-GVO you object to the processing of your personal data in order to operate direct advertising. This also applies to profiling insofar as it is associated with such direct advertising.

• Your personal data has been processed unlawfully.

• The deletion of your personal data is necessary to fulfill a legal obligation under European Union law or German law.

• Your personal data was collected for the consent of a child in relation to information society services offered in accordance with Art. 8 I DS-GVO.

If your personal data has been made public by us and we, as the person responsible, are obliged to delete your personal data in accordance with Art. 17 I DS-GVO, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to ensure that others are responsible for the To inform those responsible for data processing who process your published personal data that you have requested that these other persons responsible for data processing delete all links to this personal data or copies or replications of this personal data, insofar as the processing is not necessary.

7.4. Right to restriction of processing \(Art. 18 DS-GVO\)

You have the right to request us to restrict processing if one of the following conditions is met:

  • you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of your personal data,

  • The processing is unlawful, you refuse to delete the personal data and instead request that the use of your personal data be restricted.

  • We no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims.

  • You have lodged an objection to the processing pursuant to Art. 21 I DS-GVO, as long as it is not certain whether our legitimate reasons outweigh yours.

If the processing was restricted according to Art. 21 I DS-GVO, your personal data - apart from your storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or from reasons of important public interest of the Union or a Member State are processed.
If you have obtained a restriction of processing according to Art. 21 I DS-GVO, you will be informed by us before the restriction is lifted.

7.5. Right to data portability \(Article 20 GDPR\)

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transmit this data to another person responsible without hindrance from us, provided that

• the processing is based on consent pursuant to Article 6 I lit. a GDPR or Article 9 II lit. a GDPR or on a contract pursuant to Article 6 I lit. b GDPR and
• the processing is carried out using automated procedures.

When exercising your right to data portability in accordance with Article 20 I GDPR, you have the right to have your personal data transmitted directly from us to another person in charge, insofar as this is technically feasible.

The exercise of the right according to Art. 20 I DS-GVO does not affect Art. 17 DS-GVO. This right does not apply to processing that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been delegated to us.

The right according to Art. 20 I DS-GVO must not impair the rights and freedoms of other people.

7.6. Right to object \(Article 21 GDPR\)

 

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 I lit. e or f. This also applies to profiling based on these provisions. This is particularly the case if we do not process your personal data to fulfill a contract concluded with us. We no longer process personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If personal data is processed in order to operate direct advertising or data analysis, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

At the latest at the time of the first communication with us, you were expressly informed of the right specified in Art. 21 I, II DS-GVO. This notice is given to you in a form that is understandable and separate from other information.

You have the right, for reasons arising from your particular situation, to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 I DS-GVO, unless because the processing is necessary to fulfill a task in the public interest.
If you exercise your right of objection, we ask you to inform us of the reasons for your objection. If your objection is justified, we will examine the situation and either stop processing the data or inform you of our compelling reasons worthy of protection, on the basis of which we will continue the data processing.

 

7.7. Automated decisions in individual cases including profiling \(Art. 22 DS-GVO\)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision 
• is necessary for the conclusion or performance of a contract between us and you,
• is permitted by law of the Union or the Member States to which we are subject and this law contains appropriate measures to protect your rights and freedoms and your legitimate interests, or
• is made with your express consent.

In the cases mentioned, we take appropriate measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
Decisions according to Art. 22 II DS-GVO may not be based on special categories of personal data according to Art. 9 I DS-GVO, unless Art. 9 II lit. a or lit. g DS-GVO applies and appropriate measures to protect your rights and freedoms and your legitimate interests have been met.

7.8. Right to revoke consent \(Art. 7 DS-GVO\)

In accordance with Art. 7 III GDPR, you have the right to revoke your consent to the processing of your personal data at any time with effect for the future. To do this, please use the contact details given above.

7.9. Right of appeal to the competent supervisory authority \(Art. 77 DS-GVO\)

In the event of violations of data protection law, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which we are based. A list of data protection officers and their contact details is available under the following link:  https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .

8. Provision of our website and creation of log files

For technical reasons, we automatically collect the following personal data when you visit our website and save this as "server log files", which your Internet browser transmits to our provider or server before our website is displayed:

  • browser type and version used

  • operating system and interface used

  • Access Status / HTTP Status Code

  • Amount of data transferred in bytes

  • Source from which you came to our website \(Referrer URL\)

  • Visited website

  • Date and time of your request

  • Time zone offset to Greenwich Mean Time \(GMT\) between requesting host and web server

  • \(IP\) address used.

This data collection takes place completely independently of whether you register or otherwise transmit personal data to us. Data is stored in our system, but separately from other personal data.

The legal basis for the temporary data storage and the storage of the log files is Art. 6 I lit. f GDPR. The purpose of the temporary storage in log files is to be able to make our website available to you. The data is only evaluated for statistical purposes in order to improve our website and our offer. An evaluation for marketing purposes does not take place.

The data stored in log files will be deleted after seven days at the latest. A longer storage only takes place if the data is made anonymous, so that an assignment is no longer possible.

Since the collection of this data is absolutely necessary for the provision of our website and the storage of the data in log files, you have no possibility of objection.

9.Cookies

Our website partially uses so-called cookies, which are stored on your computer. Cookies do not damage your computer and do not contain viruses. These cookies are data packages consisting of small text files that are stored on your computer in a designated area of the hard drive and that your browser stores.

Our website uses the following cookies:

  • Transient cookies

  • Persistent cookies

The transient cookies are automatically deleted from your computer when you log out, leave our website or close your browser. These are mostly session cookies. These cookies contain a so-called session ID, which consists of a random, unique character string \(digits and letters\). These small units of information enable the cookie to be clearly identified, which means that websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows the websites and servers visited to distinguish the respective browser of the person concerned from other Internet browsers with other cookies. Your internet browser can thus be recognized and identified via the unique session ID.

Persistent cookies, on the other hand, are only deleted after a specified period of time, which varies depending on the type of cookie. You can delete these cookies at any time in the security settings of your browser.

The purpose of this recognition is to make visiting our website more effective and secure. For example, as a visitor to a website that uses cookies, you do not have to re-enter your access data each time you visit the website because this is done by the website and the cookie stored on the user's computer system. In addition, we can use cookies on our website, which analyze and evaluate your surfing behavior during your visit to the website. These are the purposes of our legitimate interest in processing your personal data in accordance with Art. 6 I lit. f GDPR. You have also given your consent to the use of cookies in accordance with Art. 6 I lit. a GDPR.

All of the data we collect is pseudonymised using a technical process, so that the data collected cannot be assigned to you personally. Your other personal data will not be stored.

When you visit our website, you will be informed about the use of cookies by means of an information banner, you will be asked for your consent and you will be referred to this data protection declaration. You will also receive information about the options for setting your browser to prevent the processing of your personal data. If you deactivate cookies, the functionality of our website may be restricted.

You can delete cookies in the following browsers and change cookie settings as follows:
Google Chrome:  https://support.google.com/chrome/answer/95647?hl=en
Mozilla Firefox:  https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-remove
Apple Safari:  https://support.apple.com/de-de/guide/safari/sfri11471/mac
Microsoft Internet Explorer:  https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Opera: https://help.opera.com/de/latest/web-preferences/
iPhone, iPad or Apple Accessories: https://support.apple.com/en-us/HT201265
Android phones or accessories: https://hubpages.com/technology/How-to-delete-internet-cookies-on-your-Droid-or-any-Android-device
There is no way to prevent the transmission of Flash cookies via your browser settings. Use the Flash Player settings for this.

10. Newsletters

On our website we offer you the opportunity to register to receive our free newsletter. In order to be able to order our newsletter, you must enter your valid e-mail address in the input mask and expressly confirm that you would like to receive our newsletter by selecting the appropriate checkbox.

In addition, the following data is collected when you register:
- \(IP\) address of the calling computer
- Date and time of registration

When you register for our newsletter, we will also use your e-mail address for our own advertising purposes. We will not link and evaluate this stored data with other data that may be stored by other components on our website.

For legal reasons, we will send a confirmation e-mail using the double opt-in procedure to the e-mail address you entered for the first time for sending the newsletter. This confirmation e-mail is used to check whether you are the owner of the e-mail address or whether you are authorized by the owner of the e-mail address to receive the newsletter.

The purpose of collecting this data is to send the newsletter and prevent possible misuse of your e-mail address or our newsletter and our legal protection.

The legal basis for the processing of your personal data after you have subscribed to the newsletter is Article 6(1)(a) of the GDPR if you have given your consent. For this reason, before subscribing to our newsletter, we ask you to provide a declaration of consent, which you must actively submit by ticking the checkbox.

The data is stored for as long as it is necessary to achieve the purpose for which it was collected. We save your e-mail address for the duration of the newsletter dispatch. All other personal data is usually deleted after seven days.

You can revoke your subscription to our newsletter and your consent to the storage of your e-mail address at any time using the link in the newsletter or by sending us a message. This revocation also declares the revocation of consent to the storage of your personal data.

11. Use of the Registration Feature

On our website you have the option of registering by entering your personal data. We use and store all the data you enter in the input mask (e.g. name, e-mail address) exclusively for the use of our offers. In this context, we also store your \(IP\) address, the date and time of your registration in order to protect you against misuse of your data and us against misuse of our online offer by unauthorized third parties. We reserve the right to pass it on to third parties, to one or more processors who use your personal data internally on our behalf. We do not compare this data with data that you leave through other components of our website.

Your registration is necessary for the implementation or fulfillment of a contract or pre-contractual obligations of which you are a contractual partner. The legal basis for the processing of your personal data for the implementation or fulfillment of a contract or pre-contractual obligations of which you are a contractual partner is Art. 6 I lit. b GDPR.

The personal data you provide when registering will be deleted as soon as your data is no longer required to process and execute the contract or our pre-contractual obligations. If you have a continuing obligation, we will only delete your data after the end of the contract period. This does not apply if we have to continue to store the data due to contractual or legal obligations. These include storage periods for the warranty or periods under tax law.

You can delete the data recorded during the registration process at any time or have the stored personal data changed or corrected. For your message or to file an objection, please use the contact details provided.
This does not apply if we need the data to fulfill a contract concluded with you or to fulfill pre-contractual obligations. Upon request, we will provide you with information at any time as to what personal data we have stored about you.

12. Use of the Registration Facility

On our website you have the option of registering by entering your personal data. We use and store all the data you enter in the input mask (e.g. name, e-mail address) exclusively for the use of our offers. In this context, we also store your \(IP\) address, the date and time of your registration in order to protect you against misuse of your data and us against misuse of our online offer by unauthorized third parties. In order to be able to transmit your personal data to us, you must first give your consent and you will be referred to this data protection declaration. We do not compare this data with data that you leave through other components of our website. A transfer to third parties does not take place.

Your registration is necessary in order to be able to provide you with content and services on our website.

If your registration does not serve to conclude a contract, the legal basis for the processing of personal data after you have given your consent is Article 6 I lit. a GDPR.

The personal data you provide when registering will be deleted as soon as your registration is terminated or changed. You can revoke your consent to data processing at any time. You can delete the recorded data at any time or change or correct the stored personal data. To notify us of your objection, please use the contact details provided.

13. Use of Contact Us

On our website we offer you the opportunity to write an e-mail via our contact form or to leave information for contacting us. We use and store all the data you enter in the input mask (e.g. name, e-mail address) exclusively for the use of our offers. In this context, we also store your \(IP\) address, the date and time of your registration in order to protect you against misuse of your data and us against misuse of our online offer by unauthorized third parties. In order to be able to transmit your personal data to us, you must first give your consent and you will be referred to this data protection declaration. We do not compare this data with data that you leave through other components of our website. A transfer to third parties does not take place.

We offer you the opportunity to contact us via the e-mail address provided. All personal data that you transmit to us will be stored by us. We do not compare this data with data that you leave through other components of our website. A transfer to third parties does not take place.

The purpose of processing your personal data from the input mask and from your email contact is to process your contact request.

The legal basis for the processing of your personal data for the implementation or fulfillment of a contract or pre-contractual obligations of which you are a contractual partner is Art. 6 I lit. b GDPR.

If your contact does not serve to conclude a contract, then after you have given your consent, the legal basis for the processing of personal data is Article 6 I lit. a GDPR.

Your details of personal data from the input mask of our contact form or from your e-mail will be deleted as soon as your communication with us has ended. This is the case if we can reasonably assume that the purpose of your contact has been achieved. We delete all other additional data after seven days at the latest.

If you contact us for the purpose of concluding a contract, your details of personal data will be deleted when you contact us as soon as your data are no longer required for the processing and implementation of the contract or our pre-contractual obligations. If you have a continuing obligation, we will only delete your data after the end of the contract period. This does not apply if we have to continue to store the data due to contractual or legal obligations. These include storage periods for the warranty or periods under tax law.


You can revoke your consent to data processing at any time. To notify us of your objection, please use the contact details provided. You can delete the recorded data at any time or change or correct the stored personal data.

14. Data processing for order processing

If you order goods or services via our website, it is necessary to store and process personal data in order to carry out the contract.

When you place an order, we collect and store the following data: 
•           Kundenstatus \(Privatkunde /corporate client\)
•           Vorname, Nachname
•           Telefonnummer
•           Geburtsdatum
•           Anschrift
•           E-Mailadresse

If you provide a delivery address that differs from the billing address, we also collect and store the following data:
•           Vor- und Nachname
•           Anschrift
•           Firma_cc781905-5cde- 3194-bb3b-136bad5cf58d_

We have marked the mandatory information required for contract processing separately; all other information you provide is voluntary.

The legal basis for the processing of personal data is Art. 6 I lit. b GDPR, insofar as this processing is absolutely necessary for order processing and serves to process your order with the delivery type you have selected, in particular to confirm your identity and to administer the customer relationship.

Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, after 24 months we restrict the processing and only store your data to comply with legal obligations.

To process your order, we use service providers to carry out the order processing and delivery to you. We also transmit personal data to these service providers.

Transport company:
The personal data collected by us will be passed on to the transport company commissioned with the delivery for the purpose of contract processing, insofar as this is necessary for the delivery of the goods.

The legal basis for the processing of personal data for parcel shipments is Art. 6 I lit. b GDPR, as we pass on your name and address to fulfill the contract \(delivery of the ordered goods\).

Freight forwarders:
The personal data collected by us will be passed on to the forwarding company commissioned with the delivery of freight for contract processing, insofar as this is necessary for the delivery of the goods. The forwarding company will arrange a delivery date with you by telephone before the goods are delivered.

The legal basis for the processing of personal data for forwarding shipments is Art. 6 I lit. b GDPR, as we pass on your name, address and telephone number to fulfill the contract \(delivery of the ordered goods\).

Shipping status and package notifications via email:
The personal data we collect from your e-mail address will be passed on to the transport company commissioned by us with the delivery for shipping status and package notifications by e-mail as part of contract processing. In order to be able to transmit your personal data to us, you must first give your consent and you will be referred to this data protection declaration.

The legal basis for the processing of personal data for parcel shipments with shipping status and parcel notifications by e-mail is Art. 6 I lit. a GDPR, since you have previously consented to the processing.

drop shipping
The personal data collected by us can be passed on directly to the manufacturer of the goods for contract processing, insofar as this is necessary for the delivery of the goods to you. 

The legal basis for the processing of personal data for parcel shipments is Art. 6 I lit. b GDPR, as we pass on your name and address to fulfill the contract \(delivery of the ordered goods\).

 

15. Data processing for payment processing

If you order goods or services via our website, it is necessary to store and process personal data in order to carry out the contract.

In addition, we collect and store the payment method you have selected as part of the ordering process. 
If you choose a payment service provider as the payment method, you will be forwarded directly to the website of the respective payment service provider during the payment process. The data you enter on the website of the respective payment service provider will not be collected, processed or stored by us. The data protection regulations of the respective payment service provider apply.

15.1. PayPal

You can use the online payment service provider PayPal to pay for the order. If you choose this payment process, your contact details will be sent to PayPal. PayPal is a service of PayPal \(Europe\) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal acts in the capacity of an online payment processor and trustee providing you with buyer protection services. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account.

The following personal data is transmitted to PayPal:

  • Your first and last name

  • Your Address

  • Your phone number

  • Your \(IP\) address

  • Your email address or

  • Data required for order processing \(e.g. number of items, item number, invoice amount and taxes in percent, billing information, etc.\)

The legal basis for the processing of personal data is Art. 6 I lit. b GDPR, insofar as this processing is absolutely necessary for payment processing and is used to process your order with the payment method you have selected, in particular to confirm your identity, to administrate your payment and the customer relationship.

Personal data can also be transmitted to third parties by PayPal, insofar as this is necessary to fulfill the contract for your order or your personal data is processed in the order.

Depending on the payment method you have chosen, e.g. invoice or direct debit, PayPal will forward your personal data to credit agencies for identity and creditworthiness checks. The legal basis for the processing of personal data is Art. 6 I lit. f GDPR. PayPal has a legitimate interest in determining the calculation of your predicted solvency and the statistical probability of non-payment in order to make a decision about the provision of the respective payment method. This calculation is based on statistical score values, which result from probability values. Address data is also used to calculate the score values. The purpose is to minimize the risk of non-payment and to protect against fraud. This data is also transmitted and stored by PayPal on servers outside the European Union.

For more information about third parties, see:  https://www.paypal.com/de/webapps/mpp/ua/third-parties-list

For more information, see PayPal's privacy policy at  https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You have the right to object to the collection and processing of your personal data by PayPal. However, you cannot object to the processing of your personal data if this is necessary to fulfill the contract.

If you do not want PayPal to collect your data, please select a different payment method.

15.2. Prepayment by bank transfer

When paying by bank transfer in advance, we will give you our bank details in the order confirmation and deliver the goods after receipt of payment. Please note the data protection regulations of the respective payment service provider.

Created with  GIDA

');