Data Protection

Data protection statement of the Hermann Biederlack GmbH + Co. KG

Thank you for your interest in our company. We take data protection seriously.

In principle you can use our website without entering any personal data. If a data owner wishes to use our company's services via our website, processing of personal data may be required. If the processing of personal data is required and no legal basis for such processing exists, we will always seek the consent of the data owner.

The processing of personal data (for example, the name, address, email address or telephone number of a data owner) always takes place in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection provisions applicable to us.

With the following data protection statement we would like to inform the public about the nature, extent and purpose of the personal data collected, used and processed by us. Likewise, data owners are informed of their rights with respect to this data protection statement.

As the data processor, we have implemented numerous technical and organisational measures in order to ensure the most complete protection possible for the personal data processed through our website. However, data transmissions over the Internet may contain gaps in security. Consequently, 100% protection cannot be guaranteed. So, for example, each data owner may alternatively transmit personal data by telephone.

1. Definition of terms

This data protection statement is based upon the definitions used by the European Guideline and Regulatory Authority when adopting the GDPR (Article 4 of the GDPR). This data protection statement should be easily read and understood by anyone. You should be able to consult the GDPR by using the following link:

http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=DE

The objective of our data protection statement is to inform you in a simple and understandable way about the processing of your personal data on our websites and through our apps. In order to ensure this, we would first like to explain the terminology used. In this data protection statement these definitions, among others, are used:

“Personal data” is all information relating to an identified or identifiable natural person (hereinafter the “data owner”); as identifiable is regarded a natural person, who can be identified, directly or indirectly, in particular by means of the assignment of an identifier such as a name, with an identification number, with location data, with an online identifier or with one or more specific features which are the embodiment of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person;

“Data owner” is any identified or identifiable natural person whose personal data is processed by the data processor.

“Processing” is any process performed with or without the aid of automated procedures or any such operational sequence relating to personal data such as its capture, collection, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or other means of provision, matching or linking, restriction, erasure or destruction;

“Restriction of processing” is the marking of stored personal data with the objective of restricting its future processing;

“Profiling” is any type of automated processing used for the analysis or predicting of personal data which involves the use of such personal data in order to evaluate certain personal aspects relating to a natural person, in particular aspects relating to the work performance, economic situation, health, personal preferences, interests reliability, conduct, location or change of location of this natural person;

“Data controller” is the natural or legal person, public authority, agency or other body which, alone or in concert with others, decides upon the purposes and means of processing personal data; where the purposes and means of such processing are determined by the law of the Union or that of the Member States, the data controller or the specific criteria for its designation may be stipulated under the law of the Union or that of the Member States;

“Recipient” is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it involves a third party. However, authorities which may receive personal data under the law of the Union or that of the Member States in connection with a particular request for testing are not considered to be recipients; the processing of this data by the said authorities will be consistent with the data protection rules applicable in accordance with the purposes of the processing;

“Third party” is a natural or legal person, public authority, agency or body other than the data owner, the controller, the processor and the persons authorised under the direct responsibility of the data controller or the processor to process the personal data;

“Consent”: the data owner gives consent for each expression of intent rendered voluntarily for the specific case, in an informed and unambiguous manner, in the form of a statement or other unambiguous confirmatory act by which the data owner indicates that he/she agrees to the processing of the personal data concerning him/her.

2. Name and contact details of the data processor

This data protection notification applies to data processing by the:

Data controller:

Hermann Biederlack GmbH + Co. KG, represented by the managing directors Dr Ottenjann, Ms Lotty Biederlack, Mr Ralf Rensmann, Biederlackstr. 21, D-48268 Greven, email: shop@biederlack.de, telephone: +49 (0)2571 – 808 - 0, fax: +49 (0)2571 – 808 - 404

3. Contact details of the Data Protection Officer

Data Protection Officer, Hermann Biederlack GmbH + Co. KG, Biederlackstr. 21, D-48268 Greven, telephone: +49 (0)2571 – 808 - 0, fax: +49 (0)2571 – 808 - 404, email: dsb@biederlack.de

4. Deletion and blocking of personal data

We only process and store the personal data of the data owner for the period required to achieve the purpose of the storage or insofar as this is stipulated by the applicable laws to which the data processor is subject.

If the purpose of the storage should cease to exist, or if a legally prescribed retention period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

5. Collection and storage of personal data as well as the nature and purpose of its usage

a) When visiting the website

You may in principle use our website without disclosing your identity. When you visit our website, the browser used on your terminal automatically sends information to the server for our website. This information is temporarily stored in a so-called log file. The following information will be collected here without your intervention and stored until its automated deletion:

the IP address of the requesting computer,

the date and time of the access,

the name and URL of the retrieved file,

the website from which the access takes place (referrer URL),

the browser used and, where applicable, the operating system for your computer and the name of your access provider.

The data mentioned is processed by us for the following purposes:

ensuring a smooth connection set-up for the website,

ensuring comfortable use of our website,

evaluation of the system security and stability and

for further administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 P. 1 (f) of the GDPR. Our legitimate interest results from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing any conclusions regarding your person.

In addition, we use cookies and analysis services when you visit my website. Further details can be found in sections 9 and 11 of this data protection statement.

b) Using our contact form

For questions of any kind, we offer you the opportunity to contact us by using a form provided on our website. It is necessary here to provide a valid email address so that we know from whom the request came and in order to be able to answer it. Further information can be provided voluntarily. It is up to you to decide whether you want to enter this information in the contact form.

The data processing required for the purpose of contacting us is provided in accordance with Art. 6 para. 1 P. 1 (a) of the GDPR, based upon your voluntarily given consent.

The personal data collected by us when you use the contact form will be automatically deleted after completion of the request made by you.

c) For orders via our website

You can either place orders as a guest using our website without registering, or register in our shop as a customer for future orders. Registration has the advantage for you that you can log into our shop directly with your email address and password when making a future order, without having to enter your contact information again.

Your personal data will be entered in an input mask and sent to us and stored. If you place an order via our website, we will collect the following data in the case of a guest order as well as in the case of a registration in the shop:

title, first name, last name,

a valid email address,

address,

telephone number (landline and/or mobile)

The capture of this data takes place

in order to identify you as our customer;

in order to be able to process, comply with and handle your order;

for correspondence with you;

for invoicing;

in order to settle any possible liability claims, as well as the assertion of any claims against you;

in order to ensure the technical administration of our website;

in order to manage our customer data.

As part of the ordering process, consent will be obtained from you in order to process this information.

The data processing takes place based upon your order and/or registration and is, in accordance with Art. 6 para. 1 P. 1 (b) of the GDPR, required for the stated purposes for the proper processing of your order and for the mutual fulfilment of the obligations arising from the purchase agreement.

The personal data collected by us for the processing of your order will be stored until the statutory retention period has expired, and then deleted, unless we are required under Article 6 para. 1 P. 1 (c) of the GDPR to provide storage for a longer period of time due to statutory taxation and commercial obligations involving retention and documentation purposes (German Commercial Code (HGB), German Penal Code (StGB) or Regulation of Taxation (AO)), or if you have agreed to the provision of further storage according to Art. 6 para. 1 P. 1 (a).

6. Further information with regard to the legal basis for the processing

Art. 6 I (a) of the GDPR is used by Hermann Biederlack GmbH + Co. KG as the legal basis for processing operations, where consent must be sought for a particular processing purpose. If the processing of personal data is required to fulfil a contract to which the data owner is a party, the processing is based upon Art. 6 I (b) of the GDPR. The same applies to processing operations required to carry out pre-contractual measures, such as in cases of enquiries about our services and products. If Hermann Biederlack GmbH + Co. KG is subject to a legal obligation requiring the processing of personal data, the processing is based upon Art. 6 I (c) of the GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data owner or another natural person. In this case, the processing is based upon Art. 6 I (d) of the GDPR. Furthermore, processing operations could be based upon Art. 6 I (f) of the GDPR. Upon these legal foundations are based processing operations which are not covered by any of the aforementioned legal grounds, if the processing is necessary to safeguard a legitimate interest of Hermann Biederlack GmbH + Co. KG or a third party, provided that the interests, basic rights and fundamental freedoms of the data owner do not outweigh these. Such processing operations are in particular permitted to us because they have been specifically mentioned by the European legislator (see grounds for consideration 47, sentence 2 of the GDPR).

7. Consideration of legitimate interests

If the processing of personal data is based upon Article 6 I (f) of the GDPR, the legitimate interest of Hermann Biederlack GmbH + Co. KG will be to carry out and fulfil our business activities for the benefit of our employees and shareholders.

8. Data disclosure

Any disclosure of your personal data from us to third parties will be made exclusively to those service partners involved in the execution of the contract, such as, for example, the logistics company commissioned with the delivery and the credit institution responsible for payment matters. However, in the case of the disclosure of your personal data to third parties, the scope of the data transmitted will be limited to the minimum required.

With payment by PayPal, credit card via Klarna, Sofortüberweisung via Klarna or “purchase on account” via Klarna we will forward your payment data related to the payment processing to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) and the Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). PayPal and Klarna reserve the right to carry out a credit report check upon the "credit card", “Sofortüberweisung” and “purchase on account” via Klarna, or “PayPal” payment methods. The result of the credit report check with regard to the statistical probability of default is used by Klarna and PayPal for the purpose of reaching a decision concerning the provision of the respective payment method. The credit information may contain probability values (so-called score values). Insofar as score values are included in the results of the credit rating, they are based upon a scientifically recognised mathematical-statistical procedure. Address data is, among other things, incorporated into the calculation of the score values. You can find further data protection information in the PayPal and Klarna data protection guidelines at:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

https://www.klarna.com/de/datenschutz/

A transfer of your personal data to third parties for purposes other than those mentioned above will not take place.

We only disclose your personal data to third parties if:

you have given your express consent according to Art. 6 para. 1 P. 1 (a) of the GDPR,

the disclosure pursuant to Art. 6 para. 1 P. 1 (f) of the GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data,

in the event that disclosure pursuant to Art. 6 para. 1 P. 1 (c) of the GDPR is a legal obligation, and

this is legally permissible and according to Art. 6 para. 1 P. 1 (b) of the GDPR is required for the settlement of contractual relationships with you.

As part of the ordering process, we will obtain your consent to share your information with third parties.

9. Use of cookies

We use cookies on our site. This involves small files which your browser automatically creates and which are stored on your terminal (laptop, tablet, smartphone, etc) whenever you visit our website. Cookies do not harm your terminal, and do not contain viruses, Trojans or any other malicious software.

Information is stored in the cookie. Each of them is generated as a result of the connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.

On the one hand, the use of cookies helps us make the use of our service more pleasant for you. For example, we use so-called session cookies to recognise the fact that you have already visited individual pages on our website. These are automatically deleted after you leave our page.

Furthermore, in order to optimise our user-friendliness we also use temporary cookies which are stored on your terminal for a specified period of time. If you visit our site again to use our services, it automatically recognises the fact that you have already visited our site and the inputs and settings which you used previously, so you do not have to re-enter them.

On the other hand, we use cookies in order to produce statistics regarding the use of our website and to evaluate them for the purpose of optimising our service for you (please see Section 7). These cookies allow us to recognise automatically on your next visit to our website the fact that you have already been with us before. These cookies are automatically deleted after a specified period of time.

The data processed by cookies are required for the purposes mentioned in order to safeguard our legitimate interests as well as those of third parties pursuant to Art. 6 para. 1 P. 1 (f) of the GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or so that a warning always appears before a new cookie is created. However, completely disabling cookies may mean that you cannot use all the features of our website.

10. Links to third party websites

The links published on our website are researched and compiled with the utmost care. However, we have no influence upon the current and future design and content of the linked pages. We are not responsible for the content of the linked pages and we do not endorse the content of these pages. The provider of the website, which was referred to, is liable for any illegal, incorrect or incomplete contents as well as for any damage resulting from the use or non-use of the information. The liability of those who merely refer to the publication by a link is excluded. We are only responsible for third-party references if we also have positive knowledge regarding them - that also involves any illegal or criminal content - and it is technically possible and reasonable for us to prevent their usage.

11. Analysis and tracking tools

The tracking measures listed below and used by us are carried out based upon Art. 6 para. 1 P. 1 (f) of the GDPR. With the tracking measures used we would like to ensure a needs-based design and the continuous optimisation of our website. On the other hand, we use these tracking measures in order to produce statistical records concerning the use of our website and to evaluate them for the purpose of optimising the offer which we provide to you. These interests should be regarded as justifiable within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

a) Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc, for the purpose of customising and continually optimising our pages (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this connection, pseudonymised usage profiles are created and cookies (please see section 5) are used. The information generated by the cookie about your use of this website such as

the browser-type/version,

the operating system used,

the referrer URL (the previously visited page),

the host name of the accessing computer (IP address),

the time of the server enquiry,

is transferred to a Google server in the USA and stored there. The information is used in order to evaluate the use of the website, to compile reports regarding the website activity, and to provide other services related to website and internet usage for the purpose of market research and the customisation of these websites. This information may also be transferred to third parties if required by law or if third parties process this data when instructed to do so. In no case will your IP address be merged with other data provided by Google. The IP addresses are anonymised, so that any allocation of them is not possible (IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we should point out that in this case not all the features of our website may be fully exploited.

Furthermore you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address), and the processing of this data by Google, by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on the above-mentioned link. An opt-out cookie will be set which prevents the future collection of your data when you visit our website. The opt-out cookie is only valid for this browser and only for our website, and is stored on your device. If you delete the cookies for this browser, you must reset the opt-out cookie.

For more information about the data protection related to Google Analytics, please see the following link in the Google Analytics Help Centre:

https://support.google.com/analytics/answer/6004245?hl=de

b) Google Adwords Conversion Tracking

In order to record statistically the use of our website and to evaluate it for the purpose of optimising our website, we also use Google conversion tracking. When using this service, Google Adwords will set a cookie (please see paragraph 5) on your computer if you have reached our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognise that the user has clicked on the ad and was redirected to this page.

Each Adwords customer receives a different cookie. Cookies cannot be tracked via the websites of Adwords customers. The information gathered using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers discover the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information which personally identifies users.

If you do not want to participate in the tracking process, you can also refuse the setting required for a cookie - for example, via a browser setting which generally disables the automatic setting of cookies. You may also disable cookies for conversion tracking by setting up your browser in such a way that cookies from the “www.googleadservices.com” domain are blocked. Google’s data protection guidance for conversion tracking may be found at the link below: https://services.google.com/sitestats/de.html

c) Use of software from squarelovin (Anchor Media GmbH)

On the website, software from the Anchor Media GmbH (“squarelovin”) is used. The users of squarelovin can upload their own pictures via Instagram or via the website, in the format indicated on the website and optionally with a text (hereinafter referred to as an “article”). The articles are displayed in the online shop of Hermann Biederlack GmbH & Co. KG. The consent of users for the use of their pictures in the online shop can be revoked at any time. Please make your objections to shop@biederlack.de or use the report function provided below the pictures.

d) Integration of the Trusted Shops Trustbadge

In order to display our Trusted Shops quality seal and any collected reviews, and to offer the Trusted Shops products for buyers after placing an order, the Trusted Shops Trustbadge is included on this website.

This serves to safeguard our predominant legitimate interests, in the context of a weighing-up of interests, in the optimal marketing of our offer according to Art. 6 (1) P. 1 (f) of the GDPR. The Trustbadge and the advertised services are provided by the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When the Trustbadge is called, the web server automatically stores a so-called server log file which contains, for example, your IP address, the date and time of retrieval, the transmitted amount of data and the requesting provider (access data), and documents the call. This access data will not be evaluated and will be automatically overwritten within seven days after the end of your visit to the site.

Other personal data will only be transferred to Trusted Shops if you have agreed to this, have decided after the completion of an order to use Trusted Shops products, or have already registered for its use. In this case, the contractual agreement reached between you and Trusted Shops will apply.

12. Social media plug-ins

Upon our website, based upon Art. 6 para. 1 P. 1 (f) of the GDPR, we rely upon social networking plug-ins (e.g. Facebook) in order to make our company better known. The underlying commercial purpose here is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for the operation being compliant with data protection must be guaranteed by their respective providers. The integration of these plug-ins by us takes place by way of the so-called two-click method, in order to protect visitors to our website in the best possible way.

a) Facebook

On our website social media plug-ins from Facebook are used in order to personalise their usage. For this purpose we use the "LIKE" or "SHARE" buttons. This involves an option provided by Facebook.

If you visit a page on our website which contains such a plug-in, your browser will establish a direct connection to the Facebook servers. The content of the plug-in will be transmitted by Facebook directly to your browser and integrated by this onto the website.

By integrating the plug-ins, Facebook receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook account or are not currently logged on to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.

If you are logged on to Facebook, it can assign the visit to our website directly to your Facebook account. If you interact with the plug-ins, for example by pressing the "LIKE" or "SHARE" buttons, the corresponding information will also be transmitted directly to a Facebook server and stored there. The information will also be published on Facebook and be visible to everyone.

Facebook may use this information for the purpose of advertising, market research and customised Facebook pages. For this purpose, Facebook creates user, interest and relationship profiles, for example, in order to evaluate your use of our website in relation to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting my website.

With regard to the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for the protection of your privacy, please refer to the data protection notices, in particular the data guidelines of Facebook, which you can view at the following link: https://www.facebook.com/about/privacy/

13. Rights of data owners

You have the right:

pursuant to Art. 15 of the GDPR, to request information about your personal data which is processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of or objection to any processing, the existence of a right of appeal, the source of your data if it was not collected from me, and about the existence of automated decision-making including profiling, and, where appropriate, meaningful information concerning the specific details involved;

pursuant to Art. 16 of the GDPR to request promptly the rectification of incorrect data or the completion of your personal data stored by us;

pursuant to Art. 17 of the GDPR to request the deletion of your personal data held by us, unless such processing is required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims;

pursuant to Art. 18 of the GDPR to demand the restriction of the processing of your personal data insofar as the processing is unlawful as the correctness of the data is disputed by you, however, you reject its deletion and we no longer need the data but you need this for the assertion, exercise or defence of legal claims or you have filed an objection to the processing under Art. 21 of the GDPR;

pursuant to Art. 20 of the GDPR to receive your personal information provided to us in a structured, common and machine-readable format or to request transmission to another data controller;

pursuant to Art. 7 para. 3 of the GDPR to withdraw from us at any time your one-time given consent. As a result, we will no longer be allowed to continue the data processing based upon this consent in the future, and

pursuant to Art. 77 of the GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority for your usual place of residence or work or our company headquarters.

14. Right to object

Provided that your personal data is processed based upon legitimate interests in accordance with Art. 6 para. 1 P. 1 (f) of the GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 of the GDPR, insofar as there are reasons for this arising from your particular situation, or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without providing details of a particular situation.

If you would like to exercise your right to revocation or objection, please send an email to: shop@biederlack.de

15. Data security

We use the widely used Secure Socket Layer (SSL) method in conjunction with the highest level of encryption supported by your browser. As a rule, this involves a 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can see whether a single page from our website is transmitted in encrypted form by checking the closed key icon or, more specifically, the lock symbol in the lower status bar on your browser.

We also take appropriate technical and organisational security measures in order to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

16. Currency of and changes to this data protection statement

This data protection statement is currently valid as of 25-05-2018.

Due to the further development of our website and offers, or as a result of changed statutory or regulatory requirements, it may become necessary to amend this data protection statement. The current data protection statement can always be accessed and printed from our website using the following link:

(https://www.biederlack.de/de/datenschutz)