Data protection
Privacy Policy
1. Information about the collection of personal data and contact details of the controller
2. Data collection when visiting our website
3. Contact
4. Cookies
5. Data processing for order processing
6. Data processing when opening a customer account and for contract processing
7. Retargeting / Remarketing / Recommendation Advertising
8. Rights of the data subject
9. Duration of storage of personal data
1. Information about the collection of personal data and contact details of the controller
1.1 Thank you for visiting our website. Below, we would like to inform you about how we handle your personal data when you use our website. Personal data is generally all data that can be used to identify you personally.
1.2. The person responsible for the processing of data on our website within the meaning of the General Data Protection Regulation (GDPR) is:
Merle Steinweg
Eggenkopp 24
59929 Brilon
Germany
Phone: 01787703835
Email: merle@fietes-pawluxe.com
2. Data collection when visiting our website
Each time you visit our website, our system automatically records data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Operating system used
- Browser used
- IP address used (if applicable: in anonymized form)
The legal basis for processing is Art. 6 (1) (f) GDPR, based on our legitimate interest in improving the stability and maintaining the functionality of our website. The data will not be shared or used for any other purpose. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.
We reserve the right to subsequently review the server log files should concrete evidence of illegal use arise. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session ends.
If data is stored in log files, this occurs after a maximum of seven days. Longer storage is possible. In this case, the users' IP addresses are deleted or altered so that the accessing client can no longer be identified. The collection of data for providing the website and the storage of data in log files is essential for the operation of the website. Therefore, the user has no right to object.
3. Contact
If you contact us via the contact form, the data entered in the input form will be transmitted to us and stored. The data collected can be found in the respective input form. If you contact us by email, only the data you enter there will be transmitted to us.
The data will be used exclusively to process the conversation and your request. The legal basis for processing the data, if the user has given their consent, is Art. 6 (1) (a) GDPR. The legal basis for processing data transmitted when sending an email is Art. 6 (1) (f) GDPR. If the email contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6 (1) (b) GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and provided that there are no statutory retention periods to the contrary. For personal data from the input mask of the contact form and data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
3.1. WhatsApp Business
Visitors to our website have the opportunity to communicate with us via WhatsApp (a service provided by Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA).
We use the so-called "business version" of WhatsApp for this purpose. If you contact us via WhatsApp regarding a specific contract, we will store and use the mobile phone number you use for WhatsApp and – if published and/or transmitted – your first and last name (Article 6 (1) (b) GDPR) for the purpose of processing your request.
You may be asked to provide further data if this is necessary to process your request (Art. 6 (1) (b) GDPR).
If contact via WhatsApp Business is used for general inquiries that do not concern a specific contract, we will save and use the mobile phone number you use on WhatsApp and – if published and/or provided – your first and last name (in accordance with Art. 6 (1) (f) GDPR) for the purpose of processing your request.
Our legitimate interest lies in answering the questions of our customers or interested parties as quickly as possible.
The data will not be passed on to third parties.
WhatsApp Business receives access to the address book of the mobile device used for this purpose. Phone numbers stored there are automatically transferred to a Facebook server in the US.
The mobile device we use for WhatsApp Business only contains the WhatsApp contact details of those users who have already contacted us via WhatsApp.
For data transfers from the European Economic Area to the USA, WhatsApp relies on standard contractual clauses of the EU Commission. For further details on how WhatsApp handles data, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
4. Cookies
Our website uses cookies.
Cookies are text files stored on the user's device. When a user visits a website, a cookie may be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. This requires that the browser is recognized even after changing pages. The user data collected by technically necessary cookies is not used to create user profiles. Our legitimate interest in processing personal data for the purposes stated above also lies in accordance with Art. 6 (1) (f) GDPR.
In addition, our website may use cookies that enable analysis of user browsing behavior (so-called third-party cookies). Further information on the scope, purpose, legal basis, and objection options can be found in the respective sections of the respective chapter of this privacy policy.
As a user, you have full control over the use of cookies. You can deactivate, restrict, or delete the transmission of cookies by changing the settings in your internet browser. If you deactivate cookies for our website, you may no longer be able to fully use all of the website's functions. You can prevent the transmission of Flash cookies by changing the Flash Player settings.
You can find help with the settings in your browser's help menu or at the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser the next time you visit (persistent cookies). When cookies are set, they collect and process certain user information, such as browser and location data, as well as IP address values, to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookie.
5. Data processing for order processing
5.1. If you wish to place an order in our online shop, you must provide your personal data in order to conclude the contract. We will process the data you provide to process your order.
In some cases, we work with external service providers to process your order. For this, we must share the necessary personal data.
If we commission a transport company to deliver your goods, we will pass on your data required for the delivery of the goods to the respective transport company. For the processing of payments, we will pass on your data to the commissioned credit institution as necessary. If we use payment service providers, you will also be informed of this below.
The legal basis for the transfer of your data is Art. 6 (1) (b) GDPR.
5.2. Transfer of your personal data to shipping service providers
- DHL
If the goods are delivered to you by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will only pass on the recipient's name and delivery address to DHL for the purpose of delivery and to the extent necessary in accordance with Art. 6 (1) (b) GDPR. Only if you have given your express consent during the ordering process will we pass on your email address to DHL prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification in accordance with Art. 6 (1) (a) GDPR. Your consent can be revoked at any time with future effect by contacting the above-mentioned controller or the transport service provider DHL.
5.3. Use of payment service providers
5.4. bancontact
When paying via "bancontact" via the PayPal checkout, payment processing is carried out by the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").
Further information on PayPal checkout can be found in the relevant section below.
5.5. blik
When paying via "blik" via the PayPal checkout, payment processing is carried out by the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").
Further information on PayPal checkout can be found in the relevant section below.
5.6. giropay
When paying via "giropay" via the PayPal checkout, payment processing is carried out by the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").
Further information on PayPal checkout can be found in the relevant section below.
- Klarna
When paying using the following payment methods (if offered): - "Klarna Purchase on Account" - "Klarna Installment Purchase" - "Klarna Direct Debit" (a Klarna instant payment method) - "Klarna Credit Card Payment" (a Klarna instant payment method), payment processing is carried out by Klarna AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna"). We will pass on your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number, and IP address) as well as data related to the order (e.g., invoice amount, item, delivery method) to Klarna for the purpose of identity and credit checks if you have expressly consented to this transfer in accordance with Art. 6 (1) (a) GDPR. Klarna may share your information with one of the following credit rating agencies: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). To the extent that score values are included in the credit report result, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. You can revoke your consent at any time by sending a message to the person responsible for processing your data or to Klarna. However, Klarna may still process your personal data if this is necessary for contractual payment processing. The following Klarna data protection provisions apply to data subjects based in Germany: https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf The following Klarna data protection provisions apply to data subjects based in Austria: https://cdn.klarna.com/1.0/shared/content/policy/data/de_at/data_protection.pdf
5.7. mybank
When paying via "mybank" using the PayPal checkout, payment processing is carried out by the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").
Further information on PayPal checkout can be found in the relevant section below.
- Mollie
If you select a payment method from the payment service provider Mollie BV, Keizersgracht 313, 1016 EE Amsterdam (hereinafter referred to as "Mollie"), payment processing will be carried out via Mollie. We will transfer your personal data, along with information about your order (name, address, account number, bank code, credit card number (if applicable), invoice amount, currency, and transaction number), to Mollie in accordance with Art. 6 (1) (b) GDPR exclusively for the purpose of payment processing and only to the extent necessary.
- Paypal
If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” via PayPal, payment will be processed via PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
We will share your personal data with PayPal as necessary in accordance with Art. 6 (1) (b) GDPR. PayPal reserves the right to conduct a credit check for payment methods such as credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" via PayPal.
For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR due to PayPal's legitimate interest in determining your ability to pay. PayPal uses the results of the credit check regarding the statistical probability of default to decide whether to provide the respective payment method.
The credit report may contain probability values (so-called scores). To the extent that scores are included in the credit report results, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is used in the calculation of the scores.
What other data PayPal collects is set out in the respective PayPal privacy policy. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
5.8. Paypal Checkout
We use PayPal Checkout (PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") on this website.
PayPal Checkout is an online payment solution from PayPal that supports both PayPal payment methods and local third-party payment methods.
If you select the payment methods PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal (if offered), we will transfer your necessary payment data to PayPal for the purpose of processing the payment. This transfer is permitted in accordance with Art. 6 (1) (b) GDPR.
For payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay later" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, PayPal may share your necessary payment data with credit agencies if necessary. This processing is based on Art. 6 (1) (f) GDPR. PayPal has a legitimate interest in determining your ability to pay. You can object to this processing of your data at any time by sending a message to PayPal. However, further processing of your personal data by PayPal may still be permitted if necessary for the contractual payment processing.
'
If you select the PayPal invoice payment method, we will initially transmit your payment data to PayPal in accordance with Art. 6 (1) (b) GDPR. PayPal will then forward your data to Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin, to process the payment. RatePay will then conduct an identity and credit check in its own name. The legal basis for this is Art. 6 (1) (f) GDPR, the legitimate interest in determining solvency. For this purpose, RatePay will forward your payment data to credit agencies in accordance with Art. 6 (1) (f) GDPR.
Ratepay can access the following credit agencies: https://www.ratepay.com/legal-payment-creditagencies/
If you choose a local third-party payment method, we will initially transfer your payment data to PayPal in accordance with Art. 6 (1) (b) GDPR. PayPal will then transfer your payment data to the provider you selected to process the payment (Art. 6 (1) (b) GDPR):
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main
- Immediately (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- blik (Polski Standard Płatności sp. z oo, ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
- MyBank (PRETA SAS, 40 Rue de Courcelles, F-75008 Paris, France)
For more information, please see PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, payment processing will be carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information you provided during the ordering process, along with information about your order (name, address, account number, bank sort code, credit card number (if applicable), invoice amount, currency, and transaction number) in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on Shopify Payments' data protection can be found at the following internet address: https://www.shopify.com/legal/privacy
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
6. Data processing when opening a customer account and for contract processing
If you open a customer account with us, personal data will be collected and processed in accordance with Art. 6 (1) (b) GDPR. The scope of the data is stated in the form. The data you enter will be stored and used by us for contract processing.
You can delete your customer account at any time. This can be done by sending a message to the responsible person's address or, if offered, directly in your customer account. In this case, we will also block your data in accordance with tax and commercial retention periods and delete it after these periods have expired. This can only be prevented by your consent to permanent storage or by a legally permitted further use of the data on our part.
7. Retargeting / Remarketing / Recommendation Advertising
Meta Custom Audience via the pixel method
On this website, we use the "Meta Pixel" of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta"). With explicit consent, the behavior of users can be tracked after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising measures. The data collected is anonymous to us, so we cannot draw any conclusions about the identity of the users. However, data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/).
You can allow Meta and its partners to place advertisements on and outside of Facebook. A cookie may be stored on your device for these purposes. These processing operations only occur with the granting of express consent in accordance with Art. 6 (1) (a) GDPR. Consent to the use of the Meta pixel may only be given by users older than 13. If you are younger, we ask you to ask your legal guardian for permission. You can deactivate the use of cookies on your computer by adjusting your browser settings accordingly. However, this may result in some functions on our website no longer being fully usable. You can also deactivate the use of cookies by third parties such as Meta on the following Digital Advertising Alliance website: http://www.aboutads.info/choices/
Meta Platforms Inc. is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU.
Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
8. Rights of the data subject
8.1. The applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we will inform you below:
- Right to information according to Art. 15 GDPR:
You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have the right to information about the purpose, the categories of personal data, the recipients, the planned storage period and the existence of other rights such as rectification of the data or the right to lodge a complaint with a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed of the guarantees that exist pursuant to Art. 46 GDPR when your data is transferred to third countries.
- Right to rectification according to Art. 16 GDPR:
You have the right to have any inaccurate data concerning you rectified without delay and/or to have any incomplete data stored by us completed; the rectification or completion must be carried out without delay.
- Right to restriction of processing pursuant to Art. 18 GDPR:
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you contest, is being verified, if you refuse to delete your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons related to your particular situation, as long as it has not yet been determined whether our legitimate reasons outweigh yours;
If the processing of personal data concerning you has been restricted, this data – with the exception of storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the processing has been restricted, you will be informed by the controller before the restriction is lifted.
- Right to erasure according to Art. 17 GDPR:
You have the right to the immediate erasure of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right to erasure does not apply in particular - but not exclusively - if processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
- Right to information according to Art. 19 GDPR:
If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obligated to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless doing so is impossible or involves disproportionate effort. You also have the right to be informed about these recipients.
- Right to data portability according to Art. 20 GDPR:
You have the right to receive your personal data communicated to us in a structured, common and machine-readable format or to request that it be transmitted to another controller, where technically feasible;
- Right of revocation according to Art. 7 Para. 3 GDPR:
You have the right to object at any time to the processing of personal data concerning you based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
You also have the right to revoke your consent to data protection at any time with future effect. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent until the revocation.
- Right to lodge a complaint pursuant to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
8.2. Right of objection
You have the right to object to the processing of your data at any time with future effect if we process your data based on our overriding legitimate interest after weighing up the interests.
If you exercise this right of objection, we will stop processing your data unless there are demonstrably overriding compelling legitimate grounds that prevent termination or if further processing serves to exercise or defend legal claims.
9. Duration of storage of personal data
The length of time personal data is stored depends on statutory retention periods. After these periods have expired, we routinely delete the data if it is no longer required for the fulfillment or initiation of a contract and/or if we no longer have a legitimate interest in continuing to store it.