Data Protection Statement
This Data Protection Statement informs you about the scope of the processing of your personal data (hereinafter “data”).
1. Legal basis for data processing
The data processing controller as defined by the provisions of the General Data Protection Regulation (GDPR) is:
Bernd Schürmann GmbH & Co. KG
Phone: +49 (0) 30 2100 5740
2. General information on data processing
In the course of our business and website operations, we process data.
This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the European Union (“EU”) and the European Economic Area (“EEA”). Where we transfer data outside the EU or the EEA, we have indicated this accordingly below.
3. Data processing
The individual data concerned, processing purposes, legal bases, recipients and, if applicable, transfers to third countries are listed below:
a) Log file when you visit our website
We log your visit to our website. In doing so we process:
- the name(s) of our website(s) accessed,
- the date and time you accessed the site,
- the amount of data transferred,
- the browser type and version,
- the operating system you use,
- the referrer URL (the previously visited website),
- your IP address,
- the requesting provider.
We analyse the log files to provide a secure website and to ensure the performance of our website.
The legal basis for data processing in accordance with Article 6(1)(f) GDPR is our overriding legitimate interest in the ongoing provision and security of our website.
The log file is deleted after seven days, unless it is needed to prove or clarify specific legal violations that have become known within the retention period.
We use the service provider NewRelic, based in the USA, to evaluate the log files. Data processing takes place on servers in data centres in the EU. In the event that data is transferred to the USA in the course of processing, we ensure an appropriate level of data protection via the EU standard contractual clauses. A copy of the contract clauses can be found at the following link: https://newrelic.com/resources/articles/how-demise-of-privacy-shield-affects-you
To provide our online presence, we use the services of web hosting providers who process the above-mentioned data and all data processed in connection with the operation of this website (log file when visiting the website) on our behalf.
The legal basis for data processing in accordance with Article 6(1)(f) GDPR is our overriding legitimate interest in providing our website.
c) Establishment of contact
If you contact us, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details—if provided by you—and your message.
The legal basis for data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations in accordance with Article 6(1) b) GDPR and/or our overriding legitimate interest in processing your enquiry in accordance with Article 6(1)(f) GDPR.
d) Contact in the case of job applications
If you contact us to send us your application for a job, e.g. by email or via a contact form, the data you enter (e.g. name, email address, desired place of employment), your message and the transmitted application documents will be processed exclusively for the purpose of handling and processing your application request.
The legal basis for data processing is primarily Section 26 BDSG (German Federal Data Protection Act). According to this, the processing of data is permissible where this is necessary in connection with the decision to establish an employment relationship.
Should the data be required after completion of the application process, for example for prosecution purposes, data processing can be performed to safeguard our legitimate interests in accordance with Article 6(1)(f) GDPR, namely to assert and/or defend claims.
e) Processing of contracts
We process your order data to process the contractual relationships between you and us.
The legal basis for data processing in accordance with Article 6(1)(b) GDPR is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations in accordance with Article 6(1)(c) GDPR.
We transfer your address data to the company commissioned with the delivery. If necessary for the processing of the contract, we also transmit your e-mail address or your telephone number to the company commissioned with the delivery in order to coordinate a delivery date (notification).
We transmit your transaction data (name, date of order, method of payment, date of dispatch and/or receipt, amount and payee, bank details or credit card details if applicable) to the payment service provider commissioned with processing the payment.
In order to provide you with regular information about our enterprise and offers, we offer the dispatch of an e-mail newsletter. With your newsletter registration, we process the data you entered during registration (e-mail address and other voluntary information). In order to prevent misuse, we will send you an e-mail after your registration in which we ask you to confirm your registration (double opt-in procedure). In order to be able to prove the registration process in a legally compliant manner, your registration is logged. This concerns the time of registration and confirmation as well as your IP address.
The legal basis for sending the newsletter is your consent in accordance with Art. 6 (1) a) GDPR. The data processing in connection with the sending of the confirmation email for your registration and the associated data logging is carried out in accordance with Art. 6 (1) f) GDPR due to our legitimate interest in proving your proper registration.
For sending the newsletter, we use the service Klaviyo of Klaviyo Inc, 125 Summer St, Floor 6, Boston, MA 02111, United States (“Klaviyo”). In the course of data processing by Klaviyo, data is transferred to the US. There is no adequacy decision by the EU Commission for data processing in the US. Klaviyo ensures an adequate level of data protection through the EU standard contractual clauses. We will provide you with a copy upon request. Please contact firstname.lastname@example.org for this purpose.
g) Customer account
When you open and use a customer account, we process your inventory data (name, address, e-mail address, bank details) as well as your usage data (user name, password). This enables you to manage your orders and contracts, and we can identify you as a customer. The legal basis for this data processing is your consent according to Article 6(1)(a) GDPR.
We use technically necessary cookies to enable the optimal functionality of our web offer. These cookies make it possible, for example, to navigate on the website or to offer other basic functions of the website.
In addition, we use optional cookies that provide us with additional information, for example to analyse data traffic or for advertising and marketing purposes.
Lifespan of cookies
The cookies used remain on your end device for different periods of time:
Session cookies: These cookies are deleted from your end device immediately after you close your internet browser.
Permanent cookies: These cookies remain on your end device even after you close your web browser and enable us, for example, to recognise you the next time you visit our website.
Cookies that are set directly by us are known as first-party cookies. Third-party cookies, on the other hand, are set by external websites, for example when displaying content (advertisements, images, tracking pixels or similar).
Legal basis for data processing
In principle the following applies: The legal basis for data processing by means of a cookie is your consent according to Article 6(1)(a) GDPR or our overriding legitimate interests in optimising and establishing the functionality of our website according to Article 6(1)(f) GDPR.
Revocation and opting out
If data processing is based on your consent, you can revoke your consent at any time with effect for the future (opt-out). In the case of data processing based on our legitimate interest, you can object to further data processing with effect for the future.
You can revoke your consent via the opt-out link in the data protection statement for the respective service or by adjusting your preferences in our Cookie settings.
For information on objecting to data processing, please see section 5 b) of this Data Protection Statement.
Browser cookie settings
In addition, you can prevent or restrict future data processing by cookies by selecting the appropriate browser settings and, for example, deactivating cookie use there. Cookies that have already been saved can be deleted in the browser settings. Further information on your respective browser settings can be found through the following links:
Mozilla Firefox: https://support.mozilla.org/en-US/products/firefox
Internet Explorer: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies
Google Chrome: https://support.google.com/accounts
Further information on the specific cookies set, the purposes pursued with these and their lifespan can be found in our Cookie information.
i) Analysis / Marketing
We use the open-source-analytics Matomo by InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, Neuseeland („Matomo“) as tracking tool on our website. The way we configured Matomo it does not use any cookies. Matomo does use technologies to analyze user behavior with information such as device information, logins or the users operating system. We use that information to evaluate your usage of our website and generate reports of website activities in order to offer more services for the usage of our website.
- IP address (shortened by 2 bytes)
- custom dimensions
- custom variables
- date and time
- title of the visited page
- url of the visited page
- local time
- files clicked and downloaded
- clicked links
- loading times
- country, region and city
- language of the browser
- user agent of the browser
The legal basis for data processing is your consent according to Article 6(1)(a) GDPR.
For transferring data to New Zealand an adequacy decision by the eu commission exists.
bb) Facebook Custom Audiences (customer list)
We use Custom Audience services provided by Facebook Inc., 1601, Willow Road Menlo Park, CA 94025, USA (Facebook). Customer data is transmitted to Facebook in lists and transferred to Facebook servers in the USA. The data is used to analyse user behaviour on the Internet and to personalise advertising and, if necessary, linked to an existing user account with Facebook.
The legal basis for data processing is your consent according to Article 6(1)(a) GDPR.
You can revoke your consent to this at any time with future effect by adjusting your preferences in our Cookie settings.
j) External content
We use dynamic content from external sources to optimise the presentation of our website and what it offers. When you visit the website, a request is automatically made via an interface to the server of the relevant content provider, and specific log data (such as the users’ IP address) is transferred. The dynamic content is then transmitted to our website and displayed there.
We use external content in connection with the following functionalities:
aa) Integration of Vimeo videos
We have integrated videos from the Vimeo portal of Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA on our website. When playing the videos, log data is transferred to the Vimeo servers in the USA. This processing is performed on the basis of our overriding legitimate interest in the optimal marketing of our offer in accordance with Article 6(1)(f) GDPR.
Further information can be found at: https://vimeo.com/privacy
k) Referral Program
If you participate in our referral program, we will process your customer data and the data from your order to check the eligibility requirements. If you qualify for the loyalty program, you will receive an individualized link which we will link to your account in order to associate the activities under the link with your account. If we identify activity that qualifies you for a reward, such as a purchase by another customer, we will process your data to provide you with that reward.
If you receive an individualized link from our loyalty program from a friend, we process your data when you enter our shop via this link. We use tracking mechanisms to track your activities in our online shop and link them to the account whose link you use. This enables us to determine if you have accessed our site via a corresponding link and have subsequently made a purchase. We process the data in order to be able award the bonus to the respective customer from the loyalty program.
The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 a) GDPR.
You can withdraw your consent at any time by adapting the settings in our Consent Banner or by terminating your participation in the loyalty program in your customer account.
For the provision of the loyalty program, we use the ReferralCandy service of Anafore Pte Ltd, #06-26, 71 Ayer Rajah Crescent, 139951 Singapore. There is no adequacy decision by the EU Commission for data transfers to Singapore. We ensure an adequate level of data protection via the EU standard contractual clauses. We will provide a copy of the contractual clauses upon request. Please contact email@example.com for this.
4. Duration of data storage
We only store personal data for as long as we need it for the purposes for which it is processed or until you withdraw your consent. Insofar as statutory retention obligations must be observed, the storage period for certain data can be up to ten years, irrespective of the processing purposes.
5. Your rights as a data subject
You may request information free of charge at any time about all of the personal data that we have stored about you.
b) Correction, erasure, restriction of processing (blocking), objection
If you no longer agree to the storage of your personal data or if this data is no longer correct, we will on the basis of a corresponding instruction arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible under the applicable law). The same applies if we are only to process data in a restrictive manner in the future. You have a right of objection in particular in cases in which your data is necessary for the performance of a task carried out in the public interest or on the basis of our legitimate interest, as well as profiling based on this. You also have such a right of objection in the case of data processing for the purpose of direct advertising.
c) Right to withdraw consent with effect for the future
You may withdraw your consent at any time with effect for the future. Your revocation will not affect the lawfulness of the processing up until the time of revocation.
d) Data portability
If data processing is based on a contract, pre-contractual negotiations, consent or automated procedures, you have the right to data portability. Upon request, we will provide you with your data in a common, structured and machine-readable format so that you can transfer the data to another controller if you wish.
e) Right to lodge a complaint
You also have the option to complain to a supervisory authority about your rights as a data subject:
The above rights do not apply for data where we are not able to identify the data subject, e.g. if it has been anonymised for analysis purposes. Information, deletion, blocking, correction or transfer to another company may be possible in relation to this data if you provide us with additional information that allows us to identify you.
6. Exercising you rights as a data subject
If you have any questions about the processing of your personal data, if you would like information or to rectify, block, object to the use of, or erase data, or request for data to be transferred to another company, please contact firstname.lastname@example.org.