Privacy & data protection
Thank you very much for visiting the store of edel.stahl.depot and interest in our products. We take the protection of your personal data during processing during the entire business process very seriously. Please read the following information:
Privacy policy
I. Responsible in terms of the data protection regulations
edel+stahl DESIGN GmbH
Geschäftsführer: Petra Möbus, Steffen Möbus
Im Wüstfeld 21
D-64859 Eppertshausen
Deutschland
Phone: +49 (0) 6071 3 93 80 50
Fax: +49 (0) 6071 3 93 88 27
Email: info7759@51945edelstahldepot.de (spam protection remove the numbers before the @ and behind)
Website: https://www.edelstahldepot.de
II. Scope of the processing of personal data, legal basis for the processing of personal data, duration of storage/deletion
The protection and security of your data is very important to us. We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. To protect the transmission of personal data, this website uses SSL encryption, which you can recognize by the character string https in the browser line.
1. Data collection when visiting our website
Basically you can visit our website without giving your name.
When our website is accessed, however, data about this process is automatically and temporarily stored on our provider's server in a log file.
The following data is retrieved and stored:
• IP-Address
• Date and time of access
• Internet service provider of the user
• Websites from which the user's system has reached our website
• Web pages that are accessed by the user's system via our website
• Information about the browser type and version of the user
• Information about the user's operating system
The creation of personal user profiles is excluded.
The purpose of data processing is to ensure a smooth connection of the website and to make the use of the site more comfortable for the visitors.
The legal basis for this temporary data processing is Art. 6 para. 1 sentence 1 letter f) DSGVO. Our legitimate interest results from economic aspects in making our website accessible to users.
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is usually the case when the respective session is ended.
2. Cookies
On the pages of our website we use so-called cookies, small text files that are stored on the user's end device. When cookies are set, user information such as browser and IP address is collected and processed.
We only use so-called "session cookies", which are deleted after you close your browser. Such cookies are required to display the contents of the shopping cart in our online store, to enable the login status and to register. These cookies store a so-called session ID, with which various requests from your browser can be assigned to the common session.
You always have the option of setting your browser to notify you when cookies are set and to decide individually or in general which cookies should be allowed or rejected. In the menu of your browser you can inform yourself about the possibilities of cookie settings. If cookies are rejected, the usability of our website may be limited.
The purpose of setting cookies is to make our website more attractive for users and to enable certain uses. The legal basis for the temporary storage of data is Art. 6 para. 1 p.1 lit. f) DSGVO. Our legitimate interest is based on economic considerations to make our website more comfortable for users and to enable certain functions.
3. E-mail contact / contact form
You can contact us voluntarily using the e-mail addresses provided and the contact form. If you contact us via these e-mail addresses or the contact form, the personal data (e-mail address, name and other data transmitted to us via the e-mail or contact form) will be processed by us. You contact us (by e-mail or contact form) voluntarily. Without the provision and processing of personal data a conversation with you is not possible.
The data will be used exclusively for processing the conversation with you. The data will only be passed on to third parties with your consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail or the contact form is Art. 6 para. 1 sentence 1 letter f) DSGVO. Our legitimate interest results from the reply to your inquiry. If the inquiry is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) DSGVO. After the processing of the inquiry, the processing of the data may be required in accordance with Art. 6 para. 1 sentence 1 lit. c) in order to comply with our tax retention obligations. Within the scope of weighing up interests, we may process your data in accordance with Art. 6 Para. 1 S. 1 lit. f) DSGVO beyond the actual fulfilment of the contract and statutory storage obligations in order to be able to defend ourselves against the assertion of claims. If you have given your consent for the processing operations, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a) DSGVO.
If an application is sent in response to a job application, the application documents are deleted or destroyed as soon as the application procedure is completed.
If a request by e-mail or contact form is followed by the conclusion of a contract, our customers will receive further information about the scope of the processing of personal data.
The data will be deleted after completion of the processing of the inquiry, unless we are obliged to store the data for a longer period of time (usually up to 10 years) due to tax and/or commercial law storage and documentation obligations (e.g. from HGB, StGB or AO). We may store your data for the preservation of evidence for the time during which claims can be asserted against us (statutory limitation period of three years or in individual cases up to thirty years). Any storage beyond this period will only take place if you have given your consent.
4. Registration / Customer account
You can voluntarily open a customer account on our website. The data provided there (mandatory data: name, address, e-mail address, telephone number, company name if applicable) will be processed by us. The purpose of this data collection is to be able to maintain the customer account in order to simplify the ordering process for future orders. The data in the customer account will not be passed on to third parties. Legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. b) DSGVO. Since we also obtain your consent when creating the customer account, an additional legal basis is Art. 6 para. 1 p. 1 lit. a) DSGVO. The customer account will be deleted after revocation of your consent, unless we are obliged to store the data for a longer period of time (usually up to 10 years) due to tax and/or commercial law storage and documentation obligations (e.g. from HGB, StGB or AO).
5. Order of goods
If you order goods in our online store, you must provide personal data during the ordering process (name, address, e-mail address, telephone number, company name if applicable, VAT registration number).
The purpose of processing this data is to be able to contact you, to fulfil our contractual obligations towards you, to be able to send you the ordered goods, to be able to invoice you for the delivery of the goods, to ward off or assert any existing claims and to be able to fulfil our legal obligations (e.g. obligations under tax law to keep records).
The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 letter b) DSGVO.
Failure to provide and process the data would mean that the contractual relationship could not be concluded. Once the contract has been processed, the processing of the data in accordance with Art. 6 Par. 1 S. 1 lit. c) is necessary in order to comply with our storage obligations under tax law. Within the scope of weighing up interests, we may process your data in accordance with Art. 6 Para. 1 S. 1 lit. f) DSGVO beyond the actual fulfilment of the contract and statutory storage obligations in order to be able to defend ourselves against the assertion of claims. If you have given your consent to the processing of your data, the legal basis for the processing is additionally Art. 6 para. 1 sentence 1 lit. a) DSGVO.
The data will be deleted after completion of the contract, unless we are obliged to store the data for a longer period of time (usually up to 10 years) due to tax and/or commercial storage and documentation obligations (e.g. from HGB, StGB or AO). We may store your data for the preservation of evidence for the time during which claims can be asserted against us (legal limitation period of three years or in individual cases up to thirty years).
Insofar as this is necessary for the fulfilment of the contract, your personal data will be passed on to service providers. In all cases, the legal basis for this is also Art. 6 para. 1 p. 1 lit. b) DSGVO. The purpose of passing on the data is to be able to fulfill the mutual contractual obligations (delivery of the goods, payment).
For the delivery of the goods, the shipping service providers (DHL, Deutsche Post) receive knowledge of your data. A transfer of individual data can also be made due to a legal obligation towards an authority (e.g. tax office). In addition, a tax office receives invoice documents containing your data for the preparation of our tax returns.
For payment processing, the commissioned credit institutions and payment service providers receive your data.
PayPal
If you have chosen to pay via PayPal when ordering goods, we will forward the data relevant for the sale (e.g. first name, last name, address, telephone number, IP address, e-mail address, number of items, item number, invoice amount and taxes in percent, invoice information) to PayPal (Europe) S.à.r.l. & Cie., S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
We would like to point out that PayPal may carry out creditworthiness checks and may pass on your personal data to credit agencies for this purpose. PayPal has a legitimate interest in the disclosure in order to determine the probability of non-payment and thus to be able to decide on the provision of the payment method. The legal basis results from art. 6 para. 1 lit. f) DSGVO.
PayPal collects and uses, apart from an address check, also information about the previous payment behaviour of the buyer as well as probability values about this behaviour in the future. The calculation of these score values by PayPal is based on a scientifically recognized mathematical and statistical procedure. PayPal also uses your address data. If the calculation shows that your creditworthiness is not given, PayPal will inform you immediately.
You can revoke your consent to PayPal to use your personal data at any time. However, PayPal may process, use and transfer personal data if this is necessary for the contractual payment processing by PayPal's services or if it is required by law.
For more information, please refer to PayPal's privacy policy at the following link:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Immediately
If you have chosen the payment method "Immediately", the payment will be processed by the service provider Sofort GmbH, Theresienhöhe 12, 80339 Munich. Sofort GmbH belongs to the KLARNA Group (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden). Your data (name, address, gender, e-mail address, telephone number, IP address) and data related to the order (invoice amount, number of items, item number, invoice amount and taxes in percent) will be forwarded to Sofort GmbH.
Further information can be found in Klarna's privacy policy at the following link:
https://www.klarna.com/sofort/datenschutz/
Heidelpay
Payment processing for credit card payments is carried out by the external payment service provider heidelpay GmbH, Vangerowstraße 18, 69115 Heidelberg (hereinafter referred to as "Heidelpay"). The data required for processing the payment (first name and surname, street, house number, postal code, city, telephone number), as well as the data in connection with the order are passed on to Heidelpay.
Further information can be found in the Heidelpay data protection declaration under the following link:
https://www.heidelpay.com/de/datenschutz/
IV. Rights of the data subject
As a person concerned you have
- the right to obtain information on the personal data processed by us concerning you (art. 15 DSGVO),
- a right to rectify the processing (Art. 16 DSGVO),
- a right to cancellation of processing (Art. 17 DSGVO),
- a right to restrict processing (Art. 18 DSGVO),
- a right to information (Art. 19 DSGVO),
- a right to data transferability (Art. 20 DSGVO),
- a right to object to the processing (Art. 21 DSGVO; see also highlighted below),
- a right of appeal to a supervisory authority (Art. 77 DSGVO in connection with § 19 BDSG).
- the right to revoke this consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. If you would like to revoke a granted consent, a simple notification is sufficient: info@edelstahldepot.de
Right to object according to Art. 21 DSGVO a) Right of objection in individual cases You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6, paragraph 1, sentence 1, letter e) DPA (data processing in the public interest) or Article 6, paragraph 1, sentence 1, letter f) DPA (data processing based on a balancing of interests); this also applies to profiling based on these provisions. b) Right to object to processing of data for advertising purposes If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes. If you wish to object to the processing, simply send a message to: info3546@74658edelstahldepot.de (Spam protect numbers from @ and leave behind) |
The legal norms concerning your rights as a data subject are as follows:
Art. 15 DSGVO - Right to information of the data subject
(1) The data subject shall have the right to obtain from the controller confirmation as to whether personal data relating to him/her are being processed; if this is the case, he/she shall have the right to obtain information on such personal data and the following:
a) the processing purposes;
b) the categories of personal data processed;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or international organizations;
d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
e) the existence of a right of rectification or erasure of personal data concerning him or her or of a right to have the processing limited by the controller or to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
g) if the personal data are not collected from the data subject, all available information on the origin of the data;
h) the existence of automated decision making, including profiling, as referred to in Article 22(1) and (4) and, at least in those cases, relevant information about the logic involved and the scope and intended impact of such processing on the data subject.
(2) Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 in relation to the transfer.
(3) The data controller shall provide a copy of the personal data that is the subject of the processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. If the data subject submits the request electronically, the information shall be provided in a standard electronic format, unless the data subject indicates otherwise.
(4) The right to receive a copy under paragraph 1b shall not interfere with the rights and freedoms of other persons.
Art. 16 DSGVO - Right of rectification
The person concerned has the right to ask the data controller to rectify incorrect personal data concerning him/her without delay. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Art. 17 DSGVO - Right of deletion ("right to be forgotten")
(1) The data subject shall have the right to request the controller to delete personal data relating to him/her without undue delay and the controller shall be obliged to delete personal data without undue delay if one of the following reasons applies:
a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) the data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing.
c) the data subject lodges an objection to processing pursuant to Article 21(1) and there are no legitimate legitimate overriding reasons for processing, or the data subject lodges an objection to processing pursuant to Article 21(2).
d) The personal data were processed unlawfully.
e) The deletion of personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
f) The personal data have been collected in relation to the information society services offered in accordance with Article 8(1).
(2) Where the controller has made the personal data public and is obliged to delete them pursuant to paragraph 1, he shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers who process the personal data that a data subject has requested them to delete all links to such personal data or copies or replications thereof.
(3) Paragraphs 1 and 2 shall not apply if the processing is necessary
a) to exercise the right to freedom of expression and information;
b) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
c) on grounds of public interest relating to public health, in accordance with Article 9(2)(h) and (i) and Article 9(3);
d) for archiving, scientific or historical research purposes in the public interest or for statistical purposes referred to in Article 89(1), in so far as the law referred to in paragraph 1 is likely to make it impossible or seriously hinder the achievement of the purposes of such processing, or
e) to assert, exercise or defend legal claims.
Art. 18 DSGVO - Right to limit processing
(1) The data subject shall have the right to obtain from the controller the restriction of the processing if one of the following conditions is met:
a) the accuracy of the personal data is contested by the data subject, for a period of time that allows the controller to verify the accuracy of the personal data,
b) the processing is unlawful and the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data;
c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it in order to assert, exercise or defend legal claims, or
d) the data subject has lodged an objection to the processing in accordance with Article 21(1), pending a determination as to whether the legitimate reasons invoked by the controller outweigh those invoked by the data subject.
(2) Where processing has been restricted in accordance with paragraph 1, such personal data may be processed except with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
(3) A data subject who has obtained a restriction on processing pursuant to paragraph 1 shall be informed by the controller before the restriction is lifted.
Art. 19 DSGVO - Notification obligation in connection with the correction or deletion of personal data or the restriction of processing
The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of personal data or of any restriction on processing under Articles 16, 17(1) and 18, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject of these recipients if the data subject so requests.
Art. 20 DSGVO - Right to data transferability
(1) The data subject shall have the right to obtain the personal data concerning him/her that he/she has provided to a controller in a structured, common and machine-readable format and the right to have such data communicated to another controller without interference from the controller to whom the personal data was provided, provided that
a) processing is based on an authorisation in accordance with Article 6(1)(a) or Article 9(2)(a) or on a contract in accordance with Article 6(1)(b), and
b) the processing is carried out using automated procedures.
(2) In exercising his or her right to transfer data in accordance with paragraph 1, the data subject shall have the right to obtain that personal data be transferred directly from one controller to another controller, insofar as this is technically feasible.
(3) The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) The right under paragraph 2 shall not interfere with the rights and freedoms of other persons.
Art. 21 DSGVO - Right of objection
(1) The data subject shall have the right to object at any time, on the grounds relating to his particular situation, to the processing of personal data relating to him which is carried out pursuant to Article 6(1)(e) or (f), including profiling based on those provisions. The controller shall stop processing the personal data unless he can demonstrate compelling legitimate reasons for processing which outweigh the interests, rights and freedoms of the data subject, or for the purpose of exercising or defending legal claims.
(2) Where personal data are processed for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data relating to him/her for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.
(3) If the data subject objects to processing for the purposes of direct marketing, the personal data shall no longer be processed for those purposes.
(4) The right referred to in paragraphs 1 and 2 shall be expressly brought to the attention of the data subject at the latest at the time of the first communication with him/her, in a comprehensible and separate manner from any other information.
(5) In the context of the use of information society services and notwithstanding Directive 2002/58/EC, the data subject may exercise his right of objection by means of automated procedures involving technical specifications.
(6) The data subject shall have the right to object, on the grounds relating to his particular situation, to the processing of personal data concerning him which is carried out for purposes of scientific or historical research or for statistical purposes referred to in Article 89(1), except where such processing is necessary for the performance of a task carried out in the public interest.
Art. 22 DSGVO - Automated decisions in individual cases including profiling
(1) The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or significantly affects him/her in a similar way.
(2) Paragraph 1 shall not apply if the decision
a) is necessary for the conclusion or performance of a contract between the data subject and the controller,
b) is authorised by Union law or the law of the Member States to which the controller is subject and that law contains adequate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
c) with the express consent of the person concerned.
(3) In the cases referred to in paragraph 2(a) and (c), the controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of the controller, to express his point of view and to challenge the decision.
(4) Decisions referred to in paragraph 2 may not be based on special categories of personal data referred to in Article 9(1), unless Article 9(2)(a) or (g) applies and adequate measures have been taken to safeguard the rights and freedoms and the legitimate interests of the data subject.
Art. 77 DSGVO - Right of appeal to a supervisory authority
(1) Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he/she resides, works or is alleged to have worked, if he/she considers that personal data relating to him/her are being processed in breach of this Regulation.
(2) The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of judicial redress in accordance with Article 78.
Art. 7 para. 3 DSGVO - Right to withdraw consent
The person concerned has the right to revoke his or her consent at any time. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation. The data subject shall be informed before consent is given. The revocation of the consent must be as simple as the granting of the consent.
V. Changes to the privacy policy
We will change our data protection declaration if this becomes necessary due to the further development of our offer on these pages and/or due to changed legal regulations. The current version of our privacy policy can be found on our website.
Status of the privacy policy 25 May 2018