- General information
- Data processing when calling up the website
- Cookies, tracking pixels and mobile identifiers
- Orders and payment processing
- Other third party services
- Rights of data subjects
Responsible for data processing is
the cabinet GmbH
Provision of data
As a rule, there is no legal or contractual requirement to provide personal data in order to use our website. Insofar as the provision of data is necessary for the conclusion of a contract or the user is obliged to provide personal data, we will inform you of this circumstance and the consequences of not providing it in this data protection declaration.
Data transfer to third countries
We may use service providers and third parties located in countries outside the European Union and the European Economic Area. The transfer of personal data to such third countries is based on an adequacy decision of the European Commission (Art. 45 GDPR) or we have provided appropriate safeguards to ensure data protection (Art. 46 GDPR). Insofar as an adequacy decision of the European Commission exists for the transfer of data to a third country, we refer to this in this data protection declaration. In all other respects, users can obtain a copy of the appropriate safeguards, insofar as this is not already contained in the data protection declarations of the service providers or third-party providers, from us.
Automated decision making
Processing for other purposes
As a matter of principle, data is only processed for the purposes for which it was collected. If, exceptionally, they are to be further processed for other purposes, we will inform about these other purposes prior to this further processing and provide all other relevant information (Art. 13 (3) DSGVO).
Each time our website is called up, the user's browser transmits various data. For the duration of the visit to the website, the following data is processed and stored in log files even after the connection has ended:
- Browser type and version used
- Operating system
- Pages and files accessed
- Transmitted data volume
- Date and time of the retrieval
- Provider of the user
- IP address
- Referrer URL
The processing of this data is necessary to be able to deliver the website to the user and to optimise it for his or her terminal device. The storage in log files serves to improve the security of our website (e.g. protection against DDOS attacks).
The legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to provide the website and improve website security. Log files are automatically deleted after 30 days.
Our website is designed and operated by the provider Wordpress and Woocommerce.
Cookies, tracking pixels and mobile identifiers
On our website, we use technologies to recognise the end device used. These may be cookies, tracking pixels and/or mobile identifiers.
For a better understanding, we explain below in general terms how cookies, tracking pixels and mobile identifiers work:
- Cookies are small text files that contain certain information and are stored on the user's terminal device. In most cases, this is an identification number that is assigned to a terminal device (cookie ID).
- A tracking pixel is a transparent graphic file that is embedded on a page and enables log file analysis.
- A mobile identifier is a unique number (mobile ID) that is stored on a mobile device and can be read by a website.
Cookies may be necessary for our website to function properly. The legal basis for the use of such cookies is Art. 6 para. 1 UAbs. 1 lit. f) DSGVO. Our legitimate interest is to provide the functions of our website.
The user can prevent and object to the processing of data using cookies by making the appropriate settings in their browser. In the event of an objection, it is possible that not all functions of our website will be available. We provide separate information on other options for objecting to the processing of personal data using cookies in this data protection declaration. Where appropriate, we provide links with which an objection can be declared. These are labelled "Opt-Out".
In the event of contact being made, we process the user's details, date and time for the purpose of processing the enquiry, including any queries.
The legal basis for the data processing is Art. 6 para. 1 UAbs. 1 lit. f) DSGVO. Our legitimate interest is to respond to the requests of our users. Additional legal basis is Art. 6 para. 1 UAbs. 1 lit. b) DSGVO, if the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.
The data will be deleted as soon as the enquiry, including any queries, has been answered. We check at regular intervals, but at least every two years, whether data accrued in connection with contacting us is to be deleted.
When an order is placed in our online shop, we process the data provided when the order is placed, such as name, bank details or payment data, in order to process the order. We only pass on payment data to our payment service providers if this is necessary to process the payment.
The legal basis for the processing of order data is Art. 6 para. 1 UAbs. 1 lit. b) DSGVO. If the user stores his order data in a user account, the legal basis is Art. 6 para. 1 UAbs. 1 lit. a) DSGVO. Otherwise, the processing is based on Art. 6 para. 1 UAbs. 1 lit. f) DSGVO. Our legitimate interest is the processing of repayments and the pursuit of claims.
Order and payment data are deleted as soon as they are no longer required for the processing of the order including a reversal of the payment (e.g. due to a revocation or a withdrawal from the contract) and a processing of warranty cases and no legal storage obligations exist. In the event that the user has stored his order data for a repeat order in his user account, the data will be deleted together with the user account if it is not required for the processing of a specific order.
If payment is made via PayPal, the payment will be processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If payment is made via Stripe, the payment will be processed by Stripe Payments Europe Ltd, C/O A & L Goodbody, Ifsc, North Wall Quay Dublin D01 H104, Ireland.
We use the content delivery network (CDN) Amazon CloudFront. Provider: Amazon Web Services Inc, P.O.. Box 81226, Seattle, WA 98108-1226.
Content is loaded from servers of the CDN. In order for a connection to be established, it is technically necessary to transmit the user's IP address.
The legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to improve the speed and availability of our website.
We use Google Fonts on our website. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Fonts are loaded from the Google server. To establish a connection to the server, it is technically necessary to transmit the user's IP address.
The legal basis of the processing is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is the reduction of loading times and a uniform presentation on different end devices.
If the user's personal data is processed, he or she is a data subject within the meaning of the GDPR. Data subjects are entitled to the following rights:
Right of access: The data subject has the right to obtain confirmation as to whether personal data concerning him or her are being processed. Where personal data are processed, the data subject shall have the right to obtain, free of charge, information and a copy of the personal data undergoing processing.
Right to rectification: The data subject has the right to request that inaccurate or incomplete personal data be rectified without delay.
Right to erasure: The data subject has the right to request the immediate erasure of personal data concerning him or her in accordance with the law.
Right to restriction of processing: The data subject has the right to request restriction of the processing of personal data concerning him or her in accordance with the law.
Right to data portability: The data subject has the right to obtain the personal data concerning him or her in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
Right to object: The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(a)(1)(e) or (f) of the GDPR; this shall also apply to any profiling based on those provisions. If personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling where it is related to such direct marketing.
Right of withdrawal: The data subject has the right to withdraw his or her consent at any time.
Right to complain: The data subject has the right to complain to a supervisory authority.
Status of the data protection declaration: 26 November 2020