1. DATA CONTROLLER [AND DATA PROTECTION OFFICER] AND GENERAL PRINCIPLES
(1) We, Dipl. Des. Lenka Kühnertová, Schubartstrasse 2 b/1, 70190 Stuttgart, Germany, Tel. 00 49 (0) 711 94 56 27 56, e-mail: email@example.com, are the operator of the Web pages available at www.kuehnertova.de or www.kuehnertova.com (‘the WEBSITE’) and are responsible for the processing of personal data of the users of our WEBSITE (‘you’) pursuant to Article 4 No. 7 of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions.
(2) Hereinafter, as part of our obligation to inform, we wish to provide comprehensive information about which data we process when you visit our WEBSITE and when you make use of our further services and offers on our WEBSITE. We also wish to inform you about the appropriate technical and organisational measures that we have taken to protect your personal data.
2. PROCESSING OF YOUR PERSONAL DATA
(1) Personal data means any information relating to an identified or identifiable natural person (‘data subject’). Your personal data therefore includes all data which are or can be assigned to you directly or indirectly, such as your name, address, telephone number or e-mail address.
(2) Personal data shall only be processed by us if and to the extent that
— You have given us your consent to the processing of your personal data for one or more specific purposes (Article 6(1)(1)(a) GDPR);
— Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (Article 6(1)(1)(b) GDPR);
— Processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(1)(c) GDPR), or
— Processing is necessary for the purposes of the legitimate interests pursued by ourselves or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Article 6(1)(1)(f) GDPR).
3. USE OF WEBSITE FOR INFORMATIONAL PURPOSES ONLY
(1) If you use our WEBSITE for informational purposes only; i.e., if you do not make use of any of the services or offers on our WEBSITE or otherwise transmit information to us, we collect and use only the data that your Internet browser automatically transmits to our server, such as:
— The IP address of the accessing computer
— The date and time of the request
— The content of the request (specific page)
— The access status/HTTP status code
— The website from which the request has come
— Your browser
— Your operating system and interface
— The language and version of the browser software
(2) This information is technically necessary for us to ensure you can use the WEBSITE and make sure it functions properly, in particular to display the WEBSITE and to ensure the security and stability of the WEBSITE. There is no link between this data and personal data of a specific natural person. Our legitimate interest lies in the operation of a functioning website. The legal basis for this is Article 6(1)(1)(f) GDPR.
(3) We will delete this data as soon as it is no longer necessary for the purpose of its collection. Your IP address will be stored anonymously for up to 90 days. The last octet (subsegment) of your IP address will be truncated. The temporary storage of the IP address by our system is necessary in order to remedy disruptions of our WEBSITE and to avert dangers.
4. FEATURES AND OFFERS
On our WEBSITE, we offer various offers and features (‘services’), which you can use if you are interested. This usually requires you to provide additional personal data, which we use in order to render the service. The above-mentioned data processing principles apply to this data. The specific services for which we process your personal data are as follows:
(1) If you contact us to provide feedback for example, your contact details (e.g. first and last name, e-mail address, telephone number) will be processed to allow us to respond to the enquiries and/or suggestions submitted via the contact form, by e-mail or by any other means. Your data will be processed exclusively for the purposes of contacting you, the prevention of misuse and to ensure the security of our IT systems.
(2) The legal basis for the processing of data is Article 6(1)(1)(f) GDPR or Article 6(1)(1)(a) GDPR if you use our contact form. If the purpose of your communication is the conclusion of a contract, the additional legal basis for the processing of your data is Article 6(1)(1)(b) GDPR.
(3) Provided that no statutory or contractual retention periods are in place, your personal data will be deleted as soon as it is no longer required for the purpose of its collection. This is the case when the respective conversation with you has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.
4.2 NEWSLETTER SUBSCRIPTION
(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised offers are named in the declaration of consent.
(2) To register for our newsletter, we use a double opt-in process. This means that after you register, we send an e-mail to the e-mail address you gave asking for confirmation that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information is locked and automatically deleted after a month. In addition, we save the IP addresses you used and the times of registration and confirmation. The purpose of the process is to prove your registration and, if necessary, to investigate possible misuse of your personal information.
(3) The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Article 6(1)(1)(a) GDPR.
(4) You can withdraw your consent to the sending of the newsletter and unsubscribe from the newsletter at any time. You can withdraw it by clicking on the link provided in every newsletter e-mail, by sending an e-mail to firstname.lastname@example.org or by sending a message to the contact details given in section 1.
(5) We delete your data as soon as it is no longer required for the purpose for which it was collected or if you withdraw your consent to receive newsletters. Your data will therefore be stored as long as the subscription to the newsletter is active.
4.3 USE OF OUR WEBSHOP
(1) When you order from our webshop, it is necessary for the performance of the contract that you enter such personal data as is required by us for the processing of your order. Items of information that are essential to the execution of the contract are marked as such; the entering by you of any further information is voluntary. We process the data you enter so that we can fulfil your order. In order to process your order, we may pass on such personal data as is required for this purpose to shipping or logistics companies and your payment data to our house bank/the payment service provider selected by you. You can find an overview of our payment service providers here. The legal basis for the above-mentioned data processing, in so far as the data are required for the fulfilment of your order, is Article 6(1)(1)(b) GDPR, or in the case of additional information you have provided freely, Article 6(1)(1)(f) GDPR.
(2) If you wish, you can create a customer account (registration). In this case, your customer data is saved so that it can also be used for future orders placed with us. When setting up an account under ‘My account’, the details you provide are stored revocably. You can delete all further data, including your user account, at any time in the customer area.
(3) We can also process the data provided by you when placing an order to inform you about other interesting products in our portfolio on the basis of our legitimate interest in targeted advertising in accordance with Article 6(1)(1)(f) GDPR.
(4) Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, we do restrict the processing of this data, i.e. your data will only be used to comply with legal obligations.
(5) To prevent unauthorised access to your personal data, especially financial data, the order process is encrypted using TLS technology.
(2) Our WEBSITE uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (a)
– Persistent cookies (b).
A) TRANSIENT COOKIES are deleted automatically when you close your browser. These include session cookies in particular, which store a so-called session ID, with which your browser’s different requests can be assigned to the common session. This will allow your computer to be recognised when you return to our websites. Session cookies will be deleted when you log out or close the browser.
B) PERSISTENT COOKIES are deleted automatically after a specified duration, which may differ depending on the cookie. You can delete cookies at any time in your browser’s security settings.
(3) Our WEBSITE uses different types of cookies. Some cookies are placed by third party services that appear on our WEBSITE. Cookies are classified as either (a) ‘Essential’ cookies or (b) ‘Statistics’ cookies.
(a) Essential cookies govern the settings regarding your consent to the storage of statistics cookies. Without this cookie, we cannot obtain consent.
(b) Statistics cookies help us understand how visitors interact with websites by collecting and reporting information anonymously. Through the use of statistical tools, we can, for example, analyse use of and traffic on our WEBSITE and measure the number of pages visited. Further details can be found below under section 6 (Matomo).
(4) If personal data are processed by essential cookies, the processing is carried out in accordance with Article 6(1)(1)(f) GDPR to safeguard our legitimate interests in obtaining consent for optimisation and marketing purposes and to ensure the best possible functionality of our WEBSITE.
(5) Regardless of whether you provide consent, you may configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of our WEBSITE.
(1) With your consent, our WEBSITE uses the web analytics service Matomo to analyse and regularly improve the use of our WEBSITE. We use the statistics obtained to improve our WEBSITE content and make it more interesting for you as a user. The legal basis for the use of Matomo is your consent in accordance with Article 6(1)(1)(a) GDPR.
(2) Cookies are stored on your computer for analysis purposes (see section 5 for more details). Information collected in this way is stored exclusively on our server in Germany.
(3) Our WEBSITE uses Matomo with the extension ‘AnonymizeIP’. This truncates the IP addresses prior to processing to prevent any direct references to particular persons. The IP address transmitted by your browser through Matomo will not be merged with other data we have collected.
(4) The Matomo program is an open source project. Information from the third-party provider on data privacy is available at https://matomo.org/privacy/policy.
7. DATA SECURITY
(1) We implement technical and organisational security measures in order to optimally protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. These security measures are upgraded on an ongoing basis to keep up with technological advancements.
(2) Our WEBSITE is encrypted using SSL technology so that it cannot be intercepted by unauthorised parties. You can recognise the secure transfer by the protocol name ‘https://’ in the URL line.
8. YOUR RIGHTS
(1) Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information, and are explained in sections A to H below. Should you wish to assert any of these rights, please contact us at the contact details provided in section 1.
A) RIGHT OF ACCESS
In accordance with Article 15 GDPR, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed. In such case, in accordance with Article 15(1) GDPR, you have the right to information on the purposes of processing; the categories of personal data processed; the recipients or categories of recipients to whom we have disclosed or will disclose the personal data; the planned storage period or the criteria for determining the storage period; the existence of a right to rectification of your personal data, to erasure of your personal data, to restriction of processing, to objection to processing or to lodge a complaint with a supervisory authority; the origin of the data if we have not collected your data from you; the existence of automated decision-making, including profiling, in accordance with Article 15(2) GDPR, as well as the right to information on appropriate safeguards in accordance with Article 46 GDPR in the context of the transfer of personal data to third countries.
B) RIGHT TO RECTIFICATION
In accordance with Article 16 GDPR, you have the right to request the completion of any incomplete data concerning you or the rectification of any inaccurate data concerning you.
C) RIGHT TO ERASURE
In accordance with Article 17 GDPR, you have the right to ask us to erase your personal data without undue delay where one of the grounds specified in Article 17(1) (a)–(f) GDPR applies. However, the right to erasure of your personal data does not exist, in particular, insofar as its processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims (Article 17(3) GDPR).
D) RIGHT TO RESTRICTION OF PROCESSING
In accordance with Article 18 GDPR, you have the right to ask us to restrict the processing of your personal data, where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead; if you need the personal data for the establishment, exercise or defence of legal claims; or if you have objected to processing pending verification as to whether our legitimate grounds override yours.
E) RIGHT TO BE INFORMED
In accordance with Article 19 GDPR, we will communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. In accordance with Article 19 clause 2 GDPR, you have a right to be informed about those recipients if you request it.
F) RIGHT TO DATA PORTABILITY
In accordance with Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller where the remaining conditions specified in Article 20 GDPR apply; in particular, where this is technically feasible.
G) RIGHT TO OBJECT
Insofar as we base the processing of your personal data on legitimate interests in accordance with Article 6(1)(1)(f) GDPR, you may object to the processing in accordance with Article 21 GDPR where the processing is not necessary, in particular, for the performance of a contract with you, as demonstrated by us in each case in the above description of offers. When asserting such an objection, we will ask you to provide the grounds explaining why we should not process your personal data as we have done. Where you assert an objection with grounds, we will review the situation and, in accordance with Article 21(1) clause 2, either will no longer process the personal data or provide our compelling legitimate grounds for processing which override your interests, rights and freedoms. We also reserve the right to further processing if the processing serves the establishment, exercise or defence of legal claims.
In accordance with Article 21(2), you do of course, also have the right to object at any time to the processing of your personal data for the purposes of advertising and profiling, insofar as it is related to direct advertising.
You can inform us of your objection by contacting us at the contact details given in section 1.
H) RIGHT TO WITHDRAW CONSENT
In accordance with Article 7(3) GDPR, you have the right to withdraw any consent to data processing that you may have given us at any time with future effect. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
(2) If you are of the opinion that the processing of your data infringes data protection regulations, you also have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. Please contact a supervisory authority in the Member State of your residence, workplace or the location of the potential infringement.
Date: March 2021