
Data protection
I. General
1. scope of application
This data protection declaration applies to all business relationships with customers and suppliers, rental and lease relationships, employment relationships and all other business relationships. The declarations also apply to pre-contractual or business-like relationships.
2. contents
The European Union has regulated the rights and obligations of data subjects and companies that collect data in the General Data Protection Regulation (GDPR). Data subjects are all persons from whom personal data is collected.
According to Art. 13, 14 EU GDPR, collecting companies are obliged to provide information about the scope of the data collected, the processing of this data and the rights of the data subjects.
3. scope of data collected
Depending on the type of business relationship, the scope of the data collected can vary greatly. Personal data is any data that can be personally related to the data subject. Personal data generally includes: Name, address, contact details, bank details, date of birth, but also any other data that may be collected.
4. data sources
Primary data sources are direct information provided by the data subject in correspondence, telephone calls or personal conversations. Depending on the type, these can be expanded by further research, especially in telephone directories, or also by payment transactions.
II. contact person
1. data protection officer
The contact details of the data protection officer are:
E-mail: datenschutz@lobbe.de
2. complaints body
A supervisory authority is available in the event of potential legal violations. The supervisory authority responsible for the data subject is that of their place of residence. A list of supervisory authorities can be found at:
http:/www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
III. processing
1. purpose
We process your personal data for the following purposes:
-
- Fulfillment of the contract: We process your personal data to fulfill our contractual obligations to you. This includes, for example, the processing of your orders, the fulfillment of the contracted services and, if applicable, the processing of payments.
- Legitimate interest: In some cases, we process your personal data based on our legitimate interest. This may include improving our services, conducting analysis or ensuring IT security.
- Consent: Where necessary, we will obtain your consent before processing your personal data for specific purposes. Your consent can be revoked at any time.
Intention of further processing
The personal data provided by you will not be further processed for any other purpose that is not compatible with the above-mentioned purpose, unless we inform you in advance and obtain your consent, or there is a legal obligation for further processing.
2. justification
The processing of your personal data is based on the following legal bases:
- Consent (Art. 6 para. 1 lit. a) DSGVO): In some cases, we ask for your consent to process your data. In this case, you have the right to revoke your consent at any time.
- Fulfillment of contractual obligations (Art. 6 para. 1 lit. b) DSGVO): The processing is necessary for the initiation or implementation of a contractual relationship in which you participate as a data subject.
- Compliance with legal requirements (Art. 6 para. 1 lit. c) DSGVO): In some cases, we are required by law to process your personal data. This is required, for example, due to commercial law regulations.
- Weighing of interests or safeguarding of legitimate interests (Art. 6 para. 1 lit. f) DSGVO): We also process your data on the basis of a balancing of interests. This only takes place if there are no overriding interests worthy of protection on your side. This may be the case, for example, within the scope of our general business operations in order to opt in to our range of services.
3. duration
In principle, the data is stored and processed for the duration of the business relationship. In addition, data may be stored for a longer period of time if this is justified to protect business interests. In particular, data may be stored for at least 6 years to comply with legal and statutory retention periods.
4. protective devices
Current technical measures for the protection of personal data are maintained. These measures are adapted to the state of the art on an ongoing basis by assessing the specific risk situation.
IV. Automated decision making
For the conclusion or performance of the contract between the data subject and the controller, automated processing is necessary in some areas to evaluate certain personal aspects relating to the data subject. This is in particular the case when services are ordered via a specific online portal. In these areas, programmed systems use personal data to make decisions as to whether or not services can be offered. The decisive factor is the location of the service/place of residence.
V. Rights
1. information
Pursuant to Art. 15 EU-DSGVO, data subjects may at any time request information about the scope of data stored about them.
2. deletion, rectification and restriction
Data subjects may request the deletion of their data under the conditions of Art. 17 EU-DSGVO, the correction of their data in accordance with Art. 16 EU-DSGVO and the restriction of the processing of their data in accordance with Art. 18 EU-DSGVO.
3. data transmission
Pursuant to Article 20 of the EU Data Protection Regulation, data subjects have the right to transfer data to another company, insofar as this is technically possible and business secrets remain unaffected.
4. revocation
Declaration of consent
If the processing of personal data is based on the consent of the data subjects, the data subjects have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
VI. Transfer to third parties, order processing
Personal data will only be passed on to third parties in compliance with the statutory provisions. The transfer of personal data to processors employed by the responsible party (Art. 28 EU-DSGVO) for the purpose stated in point III. 1. is permissible.
VII. Collection of personal data when visiting the website
In the case of mere informational use of the websites without registration and without transmission of other information by the data subject, only the personal data transmitted by the browser to the server is collected. If the data subject wishes to view the websites, the following data, which are technically necessary for the controller to display the websites and to ensure stability and security, are collected (legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO):
- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of the request (specific page)
- access status/HTTP status code
- amount of data transferred
- website from which the request originates
- browser
- operating system and its interface
- language and version of the browser software.
Pursuant to Art. 6(1)(f) of the General Data Protection Regulation (GDPR), legitimate interests of the controller may constitute the legal basis for the processing of personal data. In the case of the operation of a website, the following possible legitimate interests could exist:
The processing of the users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in the processing of data in accordance with Art. 6 para. 1 lit. f DSGVO.
According to Art. 13 (2) (e) of the General Data Protection Regulation (GDPR), the privacy statement of a website must indicate whether the provision of data is required by law or by contract and what the possible consequences of not providing it may be. Here is an example description of this section in a privacy policy:
"Legal or contractual obligation to provide data:
- Option a): The provision of certain personal data may in some cases be required by law or contract. If you do not provide us with the required data, certain services or features may not be provided properly. The exact impact of not providing it will depend on the specific circumstances, and we will advise you in such cases when relevant."
- Option b): We would like to point out that the provision of your personal data is voluntary, but may be necessary for the use of our services.
Use of cookies
(1) In addition to the aforementioned data, cookies are stored on the data subject's computer when the website is used. Cookies are small text files that are stored on the hard disk of the browser used by the data subject and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transmit viruses to the data subject's computer. They are used to make the website more user-friendly and effective overall.
(2) The websites use the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see a.)
- Persistent cookies (see b.)
- Borlabs cookies (see c.)
a.) Transient cookies are automatically deleted when the browser is closed. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various browser requests to the joint session. This means that the computer of the person concerned can be recognised when he or she returns to the website. The session cookies are deleted when the data subject logs out or closes the browser.
b.) Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. The data subject can delete the cookies at any time in the security settings of their browser.
c.) This website uses the Borlabs cookie, which sets technically necessary cookies (Borlabs cookie) to store the cookie consents of the data subject. The Borlabs cookie does not process any personal data. Only consents given by the data subject when entering the website are stored in the Borlabs cookie. If the data subject wishes to revoke this consent, he or she simply deletes the cookie in his or her browser. For the purpose of revising or revoking consent, there is a corresponding link "Manage cookie settings" on the website. When the data subject re-enters/reloads the website, they will be asked again for their cookie consent.
The data subject can configure his/her browser settings according to his/her wishes and, for example, refuse to accept third-party cookies or all cookies. So-called "third party cookies" are cookies that have been set by a third party, consequently not by the actual website on which one is currently located. By deactivating cookies, it may not be possible to use all the functions of the website.
Cookies are used to identify the data subject for subsequent visits if the data subjects have an account with the responsible parties. Otherwise, you would have to log in again for each visit.
The consent to the storage of the cookie given by the data subject for the use of the website can be adapted at any time. For the purpose of revising or revoking consent, a corresponding link "Manage cookie settings" can be found on the website.
The data subject can prevent the setting of cookies at any time by means of an appropriate setting in the internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via the internet browser. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, it may not be possible to use all the functions of our website without restrictions.
Furthermore, HTML5 storage objects are used, which are stored on the end device of the data subject. These objects store the required data independently of the browser used by the data subject and have no automatic expiry date. The data subject can prevent the use of HTML5 storage objects by setting their browser to private mode. In addition, it is recommended to manually delete the cookies and the browser history on a regular basis.
Other functions and offers of the websites
- Processing of personal data
(1) In addition to the purely informational use of the websites, various services are offered that the data subject can use if interested. For this purpose, the data subject must generally provide further personal data that is used to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, external service providers are used to process personal data. These have been carefully selected and commissioned, are bound by the instructions of the collecting company and are regularly monitored.
(3) Furthermore, personal data may be passed on to third parties if the collecting company offers participation in promotions, competitions, contracts or similar services together with partners. The data subject will receive more detailed information on this when providing their personal data or in the description of the offer.
(4) If the commissioned service providers or partners are based in a country outside the European Economic Area (EEA), the data subject will be informed of the consequences of this circumstance in the description of the offer.
- Use of our webshop
If the data subject wishes to place an order in the web store, it is necessary for the conclusion of the contract that they provide the personal data required for the processing of their order. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. The data provided by the data subject will be processed to process their order. For this purpose, their payment data may be forwarded to the collecting company's bank. The legal basis for this is Art. 6 para. 1 lit. b) GDPR. The data subject can voluntarily create a customer account through which the collecting company can save their data for future purchases. When an account is created under "My account", the data provided by the data subject is stored on a revocable basis. The data subject can delete all other data, including the user account, at any time in the customer area.
(2) The collecting company is obliged by commercial and tax law to store address, payment and order data for a period of ten years. However, after two years, processing is restricted in such a way that the data is only used to comply with legal obligations.
(3) To prevent unauthorized access by third parties to personal data, in particular financial data, the order process is encrypted using TLS technology.
- Data protection provisions about the use of external payment service providers
(1) The collecting company offers several payment methods for the use of the web store and uses different payment service providers. Depending on which payment method the data subject chooses, different data is transmitted to the respective payment service provider. The legal basis for the transfer is Art. 6 para. 1 lit. a) GDPR. The payment service providers in question are listed below.
WP-Statistic
We use the analysis plugin WP Statistics on our website. This plugin was developed by VeronaLabs (address: Tatari 64, 10134 Tallinn, Estonia), a software company from Estonia. This plugin provides us with simple statistics on how you as a user use our website. WP-Statistics analyzes the users of our website by showing their browser, the search engine they use and the most visited content based on categories, tags and authors. These simple statistics help us to make our website even more interesting and better for you.
This plugin is an analysis software specially developed for websites that use the WordPress content management system. WordPress helps us to easily edit our website even without programming knowledge. WP Statistics can collect data about how long you spend on our website, which subpages you visit, how many visitors there are on the website or which website you came to us from. WP Statistics does not use cookies and the data collected is only used to compile anonymized statistics on the use of our website. WP Statistics also anonymizes your IP address. You as a person cannot be identified.
WP Statistics collects visitor data (so-called Visitos'Data) when your web browser connects to our web server. This data is stored in our database on our server. This includes, for example
- the address (URL) of the website accessed
- browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- the host name and IP address of the device from which access is made
- date and time
- country/city information
- number of visitors coming from a search engine
- length of time spent on the website
- clicks on the website
- The data is not passed on or sold.
All data is stored locally on our web server. The data is stored on our web server until it is no longer required for the above-mentioned purposes.
You have the right to information, correction or deletion and restriction of the processing of your personal data at any time. You can also revoke your consent to the processing of data at any time.
We have provided you with the most important information about data processing by WP Analytics. Due to the fact that the plugin does not use cookies and the data is stored locally in the web server for statistical analysis, your data is handled very carefully here. If you want to learn more about WP Analytics, you should take a look at their privacy policy at https://wp-statistics.com/privacy-and-policy/.
PayPal
If the data subject chooses the PayPal payment method, the personal data will be transmitted to PayPal. A prerequisite for the use of PayPal is the opening of a PayPal account. When using or opening a PayPal account, the name, address, telephone number and e-mail address, among other things, must be transmitted to PayPal. The legal basis for the transmission of data is Article 6(1)(a) GDPR (consent) and Article 6(1)(b) GDPR (processing for the performance of a contract).
is the operator of the PayPal payment service:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
E-mail: impressum@paypal.com
With the PayPal payment option, the data subject consents to the transfer of personal data such as name, address, telephone number and email address to PayPal. Which other data is collected by PayPal can be found in PayPal's privacy policy. This can be found at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Newsletter
(1) With their consent, the data subject can subscribe to the newsletter of the collecting company, with which the data subject is informed about current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) The so-called double opt-in procedure is used to subscribe to the newsletter. This means that after registration by the data subject, an email is sent to the email address provided in which the data subject is asked to confirm that they wish to receive the newsletter. If the data subject does not confirm their registration within 24 hours, their information is blocked and automatically deleted after one month. In addition, the IP addresses used and the times of registration and confirmation are stored. The purpose of this procedure is to be able to prove the registration and, if necessary, to clarify any possible misuse of personal data.
(3) The only mandatory information for sending the newsletter is the data subject's email address. The provision of further, separately marked data is voluntary and is used to be able to address the data subject personally. After your confirmation, your e-mail address will be stored for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 lit. a) GDPR.
(4) The data subject can revoke their consent to the sending of the newsletter at any time and unsubscribe from the newsletter. The data subject can declare their revocation by clicking on the link provided in every newsletter e-mail, via this form on the website, by e-mail to info@firma.de or by sending a message to the contact details given in the imprint.
(5) The collecting company informs the data subject that their user behavior will be evaluated when the newsletter is sent. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files that are stored on the website. For the evaluations, the data mentioned in section VII and the web beacons are linked to the e-mail address and an individual ID. The data is collected exclusively in pseudonymized form, i.e. the IDs are not linked to any other personal data, and direct personal identification is excluded. The data subject can object to this tracking at any time by clicking on the separate link provided in each email or by informing the collecting company via another contact channel. The information is stored for as long as the data subject is subscribed to the newsletter. After unsubscribing, the data is stored purely statistically and anonymously.
Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service of Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on the data subject's computer, to help the website analyze how users use the site. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, the IP address of the data subject will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by the data subject's browser as part of Google Analytics will not be merged with other Google data.
(3) The data subject may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if you do this you may not be able to use the full functionality of this website. The data subject can also prevent Google from collecting the data generated by the cookie and relating to their use of the website (including their IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
. (4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are further processed in abbreviated form, thus excluding the possibility of personal identification. If the data collected about the data subject is personally identifiable, it is immediately excluded and the personal data is deleted immediately.
(5) The collecting company uses Google Analytics to analyze and regularly improve the use of its website. The statistics obtained enable the collecting company to improve its offering and make it more interesting for the data subject as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.
(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms of use: http://www.google.com/analytics/terms/de.html,
Overview of data protection:
http://www.google.com/intl/de/analytics/learn/privacy.html, and
the privacy policy:
http://www.google.de/intl/de/policies/privacy.
(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. The data subject can deactivate the cross-device analysis of their usage in their customer account under "My data", "Personal data".
Use of Wordfence
The collecting company uses a Wordfence plug-in. This is a security plug-in.
Further information can be found at: https://www.konvis.de/neuigkeiten/internetseiten/wordpress-wordfence-nutzung-und-dsvgo/.
Google Web Fonts (local hosting)
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google fonts are installed locally. There is no connection to Google servers. This means that no data is transferred to external servers. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
Integration of Google Maps
(1) The Google Maps service is used on this website. This allows the data subject to view interactive maps directly on the website and enables the data subject to conveniently use the map function.
(2) By visiting the website, Google receives the information that the data subject has accessed the corresponding subpage of our website. In addition, the data mentioned under point VII of this declaration is transmitted. This occurs regardless of whether Google provides a user account through which the data subject is logged in or whether no user account exists. If the data subject is logged in to Google, their data will be assigned directly to their account. If the data subject does not wish to be associated with their profile on Google, they must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about their activities on the website of the collecting company. The data subject has the right to object to the creation of these user profiles, whereby they must contact Google to exercise this right.
(3) The data subject can obtain further information on the purpose and scope of data collection and its processing by the plug-in provider in the provider's privacy policy. There they will also find further information on their rights in this regard and setting options to protect their privacy: http://www.google.de/intl/de/policies/privacy.
Use of SalesViewer® technology
This website uses SalesViewer® technology from SalesViewer® GmbH to collect and store data for marketing, market research and optimization purposes on the basis of the legitimate interests of the collecting company (Art. 6 para.1 lit.f GDPR).
A javascript-based code is used for this purpose, which is used to collect company-related data and the corresponding use. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and not used to personally identify the visitor to this website.
The data stored by Salesviewer is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention requirements.
The data collection and storage can be objected to at any time with effect for the future by the person concerned clicking on a link to prevent the collection by Sales-Viewer® within this website in the future. An opt-out cookie is stored for this website. If the data subject deletes this cookie in this browser, the data subject must click this link again.
Processing of personal data in the USA
In exceptional cases, Google and Meta also process personal data in the USA. The European Court of Justice has assessed the USA as a country with an inadequate level of data protection according to EU standards. In cases in which personal data is transferred to the USA, there is a particular risk that personal data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse. If the data subject clicks on "Only accept essential cookies", personal data will not be transferred to the USA.
Technology upgrade
The above provisions apply mutatis mutandis to corresponding successor products and technologies.
VIII. Scope
This data protection declaration applies to all the companies listed in the Attachment 1 to this privacy policy that collect personal data (collecting companies).
July 2024