This privacy statement is to inform you about the type, the scope and the purpose of the processing of personal data in connection with the use of our website in accordance with the General Data Protection Regulation (GDPR ). Pursuant to Art. 4 nr. 1 of the DSVGO “personal data” is all information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, primarily by means of association with an identifier such as a name, with an identification number, with location data, with an online ID or with one or several unique features reflecting the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
1.) Provider/person responsible for data protection
This website is a service of the company:
41 Publishing & Marketing UG
Hummelbergweg 12, 71229 Leonberg, Germany
represented by Robin Schmitt & Max-Philip Schmitt
registered in the commercial register of the AG Stuttgart under HRB 738884
2.) Data protection officer
ecolaw.de Gesellschaft für Datensicherheit & Datenschutz mbH
represented by the managing director, Mr Florian König
Roseggerstraße 1, D-38440 Wolfsburg, Germany
Tel. +49 (0)5361 27 29 293
Fax +49 (0)5361 27 29 296
Datenschutz (a) ecolaw.de
registered in the commercial register of the district court of Braunschweig under HRB 203444
3.) Responsible supervisory authority
for Baden-Württemberg: The State Commissioner for Data Protection and Freedom of Information, Königstrasse 10 a, 70173 Stuttgart, Tel.: 0711/615541-0, FAX: 0711/615541-15, E-Mail: firstname.lastname@example.org
4.) In general
Your personal data (e.g. title, name, address, e-mail address, telephone number, bank details, credit card number) will be stored and processed in accordance with the relevant data protection regulations, in particular REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL as of 27 June 2016 for the protection of natural persons with regard to the processing of personal data, the free movement of data and the repeal of Directive 95/46/EC (the General Data Protection Regulation – GDPR), the Federal Data Protection Act (BDSG) and other data-related laws (e.g. the Telemedia Act (TMG)).
Pursuant to the GDPR and other regulations, data processing and use is only permitted if the GDPR or another legal provision expressly permits this or if the data subject consents (prohibition with reservation of permission). According to these legal principles, data processing and use is only permissible if
- the data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes;
- the processing is necessary for the fulfilment of a contract to which the data subject is party or in order to fulfil contractual requirements at the request of the data subject prior to entering into a contract;
- the processing is necessary to fulfil a legal obligation to which the provider is subject;
- the processing is necessary to protect the vital interests of the data subject or another natural person;
- the processing is necessary for the performance of a task in the public interest or the exercise of public authority conferred on the provider;
- the processing is necessary to safeguard the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.
Accordingly, we will only use and process your personal data within the permissible scope of contract fulfilment or if you have given your informed consent.
We do not pass on your personal data including your address and your e-mail address to third parties. Excluded from this are our service partners who require the transmission of data in order to fulfil the contractual relationship or if we have expressly pointed this out. In these cases, the amount of data disclosed is limited to the required minimum.
5.) Anonymous data collection
You can generally visit our website without telling us who you are. We only learn the name of your Internet service provider, the website from which you visit us, and the pages of our website that you visit. This information is evaluated for statistical purposes only. As an individual user, you remain principally anonymous; we do not combine this information with your personal data unless you have expressly consented to this or one of the following cases applies.
6.) Collection of personal data when visiting our website and using our services in general
We only collect personal data if you provide it to us voluntarily and on your own initiative. It can take place for example with an order or for the fulfilment of a contract, a survey, or with the registration for services for which personal data should be necessary (so, e.g. for orders, special offers, competitions, newsletters or the like). In such cases we only collect the data we are legally authorised to collect and which is necessary for the fulfilment of the services requested by you (this would usually be your name, your address, your telephone number and your e-mail address, for example only your e-mail address when registering for the newsletter). If we collect personal data from you (e.g. via a contact or order form), you only have to provide the required data. The mandatory data fields are marked with an asterisk. All additional data provided by you is purely voluntary and need not be disclosed. By disclosing this additional data, you give us your consent that we may also store and process this data for the purpose stated in each case; in some cases we also request your express consent for data protection purposes, which require an express permission, which you can, of course, give voluntarily, and is not bound to any further conditions and can be revoked at any time in the future.
For the highest possible security of your data, all data is transmitted via an SSL encrypted pathway; this is to prevent misuse of the data by third parties.
7.) Data processing for contract fulfilment
(7.1) Processing purpose
In the context of processing an order, for example, you provide us with your personal data. The mandatory data marked with an asterisk in this context are personal data required for fulfilling a contract with us. Of course, you are not obliged to provide your personal data. However, without the necessary data (your name, address, e-mail address, etc. in the case of an order for example), we will not be able to process your order or provide the desired service (contract fulfilment). For some payment methods, we require the necessary payment data to pass them on to a payment service provider commissioned by us. The processing of your data entered in the order process therefore always takes place for the purpose of contract fulfilment.
(7.2) Legal basis
The legal basis for data processing is Art. 6 para. 1(b) GDPR.
(7.3) Recipient groups
Payment service providers, shipping service providers, merchandise management system if necessary, suppliers if necessary (drop-shipping).
(7.4) Storage duration
We store the data required for contract processing until the statutory warranty and, if applicable, contractual warranty periods expire.
We store the data required under commercial and tax law for the legally specified periods; usually ten years (cf. § 257 HGB, § 147 AO).
E-mail addresses that we only receive for sending newsletters will be deleted immediately as soon as you unsubscribe from the newsletter.
If you use our contact form, you will be asked to provide your name and e-mail address so that we can contact you personally. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntary consent. All personal data collected in connection with the contact form will be deleted after your request has been processed unless storage is required for the documentation of other processes.
a.) Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of your use of the website. An overview of cookies can be found here, for example. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within the member states of the European Union or in other countries that are contracting parties to the Agreement in the European Economic Area. In exceptional cases only, the complete IP address may be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. You can prevent cookies from being stored by selecting the appropriate settings in your browser; however, we wish to point out that by doing so, you may not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (including your IP address) from being sent to and processed by Google, by downloading and installing the browser plugin available under this link.
b.) Google Analytics advertising features
We use Google Analytics’ advertising functions. In addition to the data collected by the standard implementation of Google Analytics, Google Analytics collects additional data with Google cookies for ad preferences and other anonymous identifiers. These include the following functions in particular:
We use the Google Analytics Advertising Reporting Features
If you generally want to deactivate Google Analytics, you can control this via your browser settings. These settings depend on the browser you are using. Basic information about the options to disable Google Analytics can be found here.
c.) Google Tag Manager
We use Google Tag Manager to recognise user behaviour. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data under certain circumstances. The Google Tag Manager does not access this data. If deactivation occurs at domain or cookie level, it remains in use for all tracking tags, which are implemented by Google Tag Manager.
Although this website does not use so-called social plugins (“plugins”) of the social network Facebook, it does link to the Facebook website operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). No Facebook data is transmitted directly to your browser via the link and integrated into the website.
11.) Integration of services and content from third parties
In some cases, third-party content, such as YouTube videos, maps from Google Maps, RSS feeds or graphics, from other websites are included as part of this website. It is always assumed that the provider of such content (hereinafter referred to as “third-party providers”) access the user’s IP address. Without the IP address, the content could not be sent to the user’s browser. The IP address is, therefore, necessary in order to display this content. We try hard only to use content from providers who use the IP address to deliver content, and for nothing else. However, we have no control over whether the third-party provider might, for example, save the IP address for statistical purposes. If we know of any such usage, we notify the user.
12.) Revocation of your consent
If you have given us a data protection consent for certain data uses or services, you can, of course, revoke this at any time with future effect. All you need to do is send a simple message to the address given below:
Firma 41 Publishing & Marketing UG
Hummelbergweg 12, 71229 Leonberg, Germany
Erasure and Restriction of Collected Data
We delete the personal data processed by us in accordance with the provisions of Art. 17 GDPR or restrict the processing of personal data in accordance with the provisions of Art. 18 GDPR. Unless otherwise specified in this data protection declaration in individual cases, personal data will be deleted if this data is no longer necessary for the purposes for which it was collected or processed in any other way and if there is no legal obligation to keep it in safekeeping. If personal data are required for other and legally permissible purposes, they are not deleted, but their processing is restricted and not processed for other purposes; this applies, for example, to personal data that must be kept by us for commercial or tax reasons. Thus documents pursuant to § 257 para. 1 Nr. 2 and 3 HGB and § 147 para. 1 Nr. 2, 3, 5 AO for 6 years, documents pursuant to § 257 para. 1 Nr. 1 and 4 HGB and in accordance with § 147 para. 1 Nr. 1, 4, 4a AO for 10 years.
Data subject rights
As a so-called data subject, you have the right to
request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of personal data, the groups of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if this has not been collected by us, and requires the existence of automated decision-making including profiling and, where appropriate, meaningful information about its detail;
to immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 GDPR;
to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
pursuant to Art. 18 GDPR to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion, and we no longer need the data, but you need this to assert, exercise or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR;
pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another responsible person;
in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are grounds for doing so that arise from your particular situation or if the objection is directed against direct advertising and the legal basis for processing the personal data has legitimate interests pursuant to Art. 6 para. 1 sentence. 1 lit. f GDPR.
in accordance with Art. 7 para. 3 GDPR to revoke your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future and
to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our practice headquarters.
If you wish to assert your rights as a data subject, please contact us at the above e-mail address or our data protection officer at the above e-mail address.
13.) E-mail Marketing
If you have registered separately for the newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe from the newsletter. You can unsubscribe at any time without incurring any costs other than the transmission costs in accordance with the basic rates of your access provider. You may unsubscribe at any time by sending an e-mail to email@example.com.
14.) Additional Information
WIf you have further questions or suggestions on the subject of “privacy or if you require information on your data or the correction or deletion thereof, please write us an e-mail or letter:
41 Publishing & Marketing UG
Hummelbergweg 12, 71229 Leonberg, Germany
Hamburg, May 2018