- Person responsible
- Data protection officer
- General information - Data processing
- Collection of access data and log files
- Cookies & reach measurement
- Contact, comments and contributions
- Online presence in social media
- Web analysis by Google
- Web analysis by Facebook
- Integration of services and contents of third parties
- Rights of the data subjects
1. Person responsibleGira, Giersiepen GmbH & Co. KG Dahlienstraße 42477 Radevormwald Cologne District Court, HRA 16352 Managing Director: Dirk Giersiepen, Alfred A. Bulitz, Christian Feltgen, Thomas Musial Telephone number: +49(0)2195-60 20 E-mail address: firstname.lastname@example.org
2. Data protection officerTelephone number: 02195 – 602 109 E-mail address: email@example.com
- User-related data
- Contact information
- Content data
- Usage data
- Metadata / communication data
- Customers / interested parties / suppliers.
- Visitors and users of the Online Offer.
- Provision of the Online Offer, its contents and functions.
- Provision of contractual services, service and customer support.
- Response to contact requests and communication with Users.
- Marketing, advertising and market research.
- Security measures.
- If we disclose Data to other persons and companies (processors or third parties) in the context of our processing, transmit it to them or grant them access to the Data otherwise, this is done on the basis of legal permission (e.g. if transfer of the Data to third parties, such as payment service providers in accordance with Art. 6 para. 1 point (b) GDPR is required for fulfilment of the contract), you have given your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
- If we commission third parties with the processing of Data on the basis of an "order processing contract", this is done on the basis of Art. 28 GDPR.
- We process user-related data (e.g. names and addresses as well as contact information of Users), contract data (e.g. services which have been used, names of contact persons, payment information) for the purpose of the fulfilment of our contractual obligations and services in accordance with Art. 6 para. 1 point (b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
- Users can optionally create a user account, in particular by viewing their orders. During the registration process, the required information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If Users have terminated their user account, their Data with regard to the user account will be deleted, subject to their retention being required for commercial or tax reasons, according to Art. 6 para. 1 point (c) GDPR. It is up to the Users to save their Data before the end of the contract if they have given notice of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
- When registering, re-registering and using our online services, we store the IP address and the time of the respective user action. The Data is stored on the basis of our legitimate interests as well as for the User's protection against misuse and other unauthorised use. A transmission of this Data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 point (C) GDPR.
- We process usage data (e.g., the websites visited of our Online Offer, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile in order to show the User e.g. product information based on their previously used services.
- Deletion takes place after the expiration of statutory warranty and comparable obligations, the necessity of the storage of the Data is checked every three years; in the case of statutory archiving obligations the deletion takes place after their expiration (in commercial law (6 years) and tax law (10 years) storage obligation); details in the customer account remain up to their deletion.
4. Collection of access data and log files
- We collect, on the basis of our legitimate interests as defined in Art. 6 para. 1 point (f) GDPR, data on each access to the server on which this service is located (so-called server log files). Access data includes the name of the requested website, file, date and time of access, volume of data transferred, notification of successful retrieval, browser type along with version, the operating system of the user, referrer URL (previously visited page), IP address, and the requesting provider.
- Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
5. Cookies & reach measurement
- Cookies are information that is transferred from our web server or third-party web servers to the User's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
- We use "session cookies" which are only stored on our website for the duration of your current visit (e.g. in order to store your login status or the shopping cart function and, therefore, enable the use of our Online Offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our Online Offer and log out or close your browser, for example.
- If Users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Cookies already saved can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this Online Offer.
6. Contact, comments and contributionsa) Contact
- When contacting us (by contact form or e-mail), the user's details for the processing of the contact enquiry and its handling are processed in accordance with Art. 6 para. 1 point (b) GDPR.
- User information can be stored in our Customer Relationship Management System ("CRM System") or comparable request organisation.
- We delete the requests if they are no longer necessary. We review the requirement every two years; requests from customers who have a customer account are stored permanently and are linked to the customer account details for deletion. In the case of statutory archiving obligations, the deletion takes place after their expiry (in commercial law (6 years) and tax law (10 years) storage obligation).
- If users leave comments or other contributions, their IP address will be stored for 7 days on the basis of our legitimate interests pursuant to Art. 6 para. 1 point (f) GDPR.
- This takes place for our security, in case someone leaves unlawful content (insults, forbidden political propaganda, etc.) in comments and contributions. In this case we can ourselves be prosecuted for the comment or contribution and are, therefore, interested in the identity of the author.
- The following sections explain the contents of our Newsletter, the registration, circulation and statistical analysis processes, and your rights of revocation. By subscribing to our Newsletter, you consent to receipt of the Newsletter and to the processes as outlined.
- Content of the Newsletter: We send newsletters, emails and other electronic notifications containing advertising information (hereinafter “Newsletter”) only with the recipients’ consent or subject to legal permission. If the contents of the Newsletter are outlined specifically upon registration, these are authoritative for Users’ consent. Our Newsletters otherwise contain information regarding our products, offers, promotions and our company.
- Double opt-in and logging: Registering for our Newsletter involves a so-called double opt-in procedure. This means that after signing up, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with third-party e-mail addresses. Registration for the Newsletter will be logged in order to prove that the registration process complies with legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Changes in your Data recorded by the dispatch service provider are likewise logged.
- Login data: To sign up for the Newsletter, you only need to provide your e-mail address. We request that you optionally provide your name so that you may be addressed personally in the Newsletter.
- Measurement of success - The Newsletters contain a so-called web beacon, i.e. a pixel-sized file which is accessed by the Dispatch Service Provider’s server when the Newsletter is opened. When this is accessed, technical information is logged regarding, for example, your browser and system, your IP address and the time at which it is accessed. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour, the places from which it is accessed (determined with the aid of IP addresses) or the times at which it is accessed. The statistics logged also include details regarding whether the Newsletters are opened, when they are opened and which links are clicked on. While this information can be attributed to specific Newsletter recipients for technical reasons, neither we nor the Dispatch Service Provider endeavour to monitor individual Users. Rather, the analyses allow us to identify our Users’ reading habits and to adapt our content accordingly or to dispatch different content based on our Users’ interests.
- The dispatch of the Newsletter and performance measurement are made on the basis of consent being provided by the recipients in accordance with Art. 6 para. 1 point (a) Art. 7 GDPR in conjunction with Part 7 para. 2 no. 3 German Fair Trade Practices Act (UWG) or on the basis of legal permission in accordance with Part 7 para. 3 UWG.
- The logging of the registration procedure shall be carried out on the basis of our legitimate interests in accordance with Art. 6 para. 1 point (f) GDPR and serves as proof of consent to receive the Newsletter.
- Termination/revocation - You may terminate your subscription to our Newsletter at any time, i.e. revoke your consent. A link allowing termination of your subscription to the Newsletter can be found at the end of each Newsletter. If User have only registered for the Newsletter and have cancelled this registration, their personal data is deleted.
8. Online presence in social media
- We maintain online presence within social networks and platforms in order to communicate with customers, interested parties and active users and to inform them about our services. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
9. Web analysis by Googlea) Google Analytics
- Google is certified under the Privacy Shield Agreement, thereby guaranteeing compliance with European data protection laws
- Google will use this information on our behalf to evaluate the use of our Online Offer by the User, to compile reports on the activities within this Online Offer and to provide us with other services related to the use of this Online Offer and the Internet. Pseudonymous usage profiles of Users may be created from the processed Data in this respect.
- We use Google Analytics to display advertisements displayed within Google and its affiliate advertising services only to those Users who have shown an interest in our Online Offer or who have certain characteristics (e.g. interests in specific topics or products determined by the web pages visited by them) that we submit to Google (so-called “remarketing” or “Google Analytics audiences”). With the assistance of Remarketing Audiences we want to also ensure that our ads are in keeping with the Users’ possible interests, rather than being seen as a nuisance.
- We only use Google Analytics with activated IP anonymisation. This means that Google truncates the IP addresses of Users within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and be truncated there.
- The IP address transmitted by the User's browser is not associated with any other data held by Google. The Users can prevent cookies from being stored using the appropriate settings of their browser software; the Users can likewise prevent Google from collecting and processing the Data generated by cookies relating to their use of the Online Offer by downloading and installing the browser plug-in which is available via the following link:
- More information on Google’s data usage and your browser setting and revocation options can be found on the following Google websites:"How Google uses information from sites or apps that use our services", "Use of data for advertising purposes", "Control the information Google uses to show you ads".
- We use on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our Online Offer as defined in Art. 6 para. 1 point (f) GDPR) the marketing and remarketing services (‘Google Marketing Services’ for short) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
- Google is certified under the Privacy Shield Agreement, thereby guaranteeing compliance with European data protection laws
- Google Marketing Services allow us to show ads for and on our website in a more targeted manner, showing Users only those ads that are potentially of interest to them. If a User is shown ads for products in which they showed an interest on other websites, this is known as remarketing. To this end, Google executes a code as soon as a User views our website or other websites for which Google Marketing Services have been activated, thereby incorporating so-called (re)marketing tags (invisible graphics or code, also referred to as web beacons) into the website. This allows a customised cookie, i.e. a small file, to be stored on the User’s device (comparable technologies may also be used instead of cookies). The cookies can be placed by various domains including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web sites the User visits, what Content they express an interest in and which offers they click on, together with technical information relating to the browser and operating system, the referrer URL, the visit time and other details regarding use of the Online Offer. The User’s IP address is likewise logged; please note that with regard to Google Analytics, IP addresses within member states of the European Union or in other signatory states to the Agreement on the European Economic Area are truncated and are only transmitted to a Google server in the USA in exceptional cases and then truncated. The User’s IP address is not combined with other User Data within other Google services. Google may combine the aforementioned information with such information from other sources. When Users subsequently visit other websites, they can be shown ads which are tailored to their interests.
- The User’s details are processed within the Google Marketing Services using pseudonyms. In other words, Google does not record or process the User’s name or email address, for example, and instead processes the relevant Data within pseudonym-based user profiles using cookies. This means the ads are not managed for and shown to a specifically identifiable person from Google’s perspective, but for and to the cookie owner irrespective of who this cookie owner is. This does not apply if the User has explicitly allowed Google to process their Data without this pseudonymisation. The information collected by the Google Marketing Services regarding a User is sent to Google and stored on Google servers in the USA.
- The Google Marketing Services used by us include the online ad program Google AdWords. With Google AdWords, each AdWords customer is assigned a different conversion cookie.. Cookies can, therefore, not be traced via the websites of AdWords customers. The information collected with the aid of the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of Users who clicked on their ad and who were forwarded to a website featuring a conversion tracking tag. They do not, however, receive any information with which a User can be personally identified.
- We can also use the Google Optimizer service. Google Optimizer allows us to understand, in the context of so-called "A/B testing", how different changes have an impact on a website (e.g. changes to the input fields, design etc.). Cookies are stored on the Users' devices for testing purposes. Only pseudonymous User Data is processed.
- We can additionally use Google Tag Manager to incorporate Google’s analysis and marketing services into our website and manage them.
- If you wish to revoke your consent to interest-based advertising by the Google Marketing Services, you can do so using the settings and opt-out options offered by Google:
10. Web analysis by Facebooka) Facebook, Custom Audiences and Facebook Marketing services
- Our Online Offer uses on the basis of our legitimate interests in the analysis, optimisation and economic operation of our Online Offer the so-called Facebook Pixel belonging to the social network Facebook, which is run by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
- Facebook is certified under the Privacy Shield Agreement, thereby guaranteeing compliance with European data protection laws
- The Facebook Pixel enables Facebook to identify visitors to our Online Offer as the target group for the presentation of so-called Facebook Ads. Accordingly, we use the Facebook Pixel to present the Facebook Ads placed by us only to those Facebook users who have also expressed an interest in our Online Offer or who have certain characteristics (e.g. interests in specific topics or products determined by the web pages visited by them) that we submit to Facebook (so called “Custom Audiences”). With the assistance of the Facebook Pixel we want to also ensure that our Facebook Ads are in keeping with the Users’ possible interests, rather than being seen as a nuisance. Additionally, the Facebook Pixel allows us to understand the effectiveness of Facebook Ads for statistical and market research purposes by allowing us to see whether Users were taken to our website upon clicking on a Facebook Ad (so-called Conversion).
- Facebook processes the Data in accordance with its data policy. Accordingly, general information on the presentation of Facebook Ads can be found in Facebook’s data policy:Facebook’s data policy. For specific information and details about the Facebook Pixel and how it works, visit the Facebook help section.
- You may revoke your consent to the Facebook Pixel collecting data and using it to present Facebook Ads. To set which types of ads are displayed to you within Facebook you can access the page created by Facebook and follow the instructions there regarding the settings for use-based advertising. The settings are platform-independent, i.e. they are applied to all devices such as desktop computers and mobile devices.
- We use on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our Online Offer as defined in Art. 6 para. 1 point (f) GDPR) the Social Plugins (‘Plugins’) of the social network facebook.com, which is run by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plug-ins can comprise interaction elements or contents (e.g. videos, graphics or text contributions) and can be recognised by one of the Facebook logos (e.g. white "f" on a blue tile, the terms “Like”, or a thumbs up sign) or feature the phrase “Facebook Social Plug-In”. A list of and the appearance of Facebook Social Plugins can be found here.
- Facebook is certified under the Privacy Shield Agreement, thereby guaranteeing compliance with European data protection laws
- When a User accesses a function of this Online Offer containing such a Plugin, their device establishes a direct link with Facebook’s servers. The Plugin contents are sent directly to the User’s device by Facebook and are incorporated into the Online Offer by the device. Usage profiles of Users may be created from the processed Data in this respect. We, therefore, have no control over the volume of Data collected by Facebook with the aid of this Plugin and, therefore, notify the Users on the basis of what we know.
- When the Plugins are incorporated, Facebook is notified when a User views the corresponding page of the Online Offer. If the User is logged in to Facebook, Facebook can assign this visit to their Facebook account. If Users interact with the Plugins, for example by clicking on the ‘Like’ button or adding a comment, the relevant information is sent directly to Facebook by their device and saved there. If the User is not a member of Facebook, Facebook is nevertheless able to determine and log their IP address. According to Facebook, only anonymised IP addresses are logged in Germany.
- Users can learn about the purpose and extent of Facebook’s data collection and its further processing and use, and about the corresponding rights and settings for the protection of their privacy in Facebook’s data privacy notice here.
- If a User is a Facebook member and does not wish Facebook to collect Data on them via this Online Offer or combine such Data with their Facebook membership details, they must log out of Facebook prior to using our Online Offer and must delete their cookies. Other settings can be selected and consents to the use of Data for advertising purposes revoked within the Facebook profile settings or via the US website or the EU site. The settings are platform-independent, i.e. they are applied to all devices such as desktop computers and mobile devices.
You may opt out of the Facebook pixel and the use of your information to display Facebook ads at any time. To delete the stored cookie, use this link. To set what types of ads you see within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based ads here: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
11. Integration of services and contents of third parties
Within the scope of our online offer, we act on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of the German Civil Code Art. 6 Para. 1 lit. f. of DSGVO) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always assumes that the third-party providers of this content use the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only the content whose respective providers use only the IP address to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit, other information about the use of our online offering, and may be linked to such information from other sources.
The following presentation provides an overview of third party providers and their contents, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possible objections (so-called opt-out):Google reCAPTCHA
We integrate the function reCAPTCHA for the recognition of bots, e.g. for entries in online forms. The behaviour data of the users (e.g. mouse movements or queries) are evaluated in order to be able to distinguish people from bots.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USAWebsite
Privacy Shield (Ensuring data protection level when processing data in the USA)
Settings for the display of advertisements
12. Rights of the data subjectsa) GDPR
- You have the right to request confirmation as to whether the Data concerned is being processed and to request information about this Data as well as further information and a copy of the Data in accordance with Art. 15 GDPR.
- In accordance with Art. 16 GDPR, you have the right to request the completion of Data concerning you or the rectification of inaccurate Data concerning you.
- In accordance with Art. 17 GDPR, you have the right to demand that relevant Data be erased immediately or, alternatively, to demand a restriction on the processing of the Data in accordance with Art. 18 GDPR.
- You have the right to request that the Data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other persons responsible.
- According to Art. 77 GDPR you have the further right to lodge a complaint with the competent supervisory authority.
- In accordance with legal requirements, the storage is carried out in particular for 6 years in accordance with Part 257 para. 1 HGB [German Commercial Code] (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) as well as for 10 years according to Part 147 para. 1 AO [German General Tax Code] (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).