Data Protection
PRIVACY POLICY
- Information on the collection of personal data and contact details of the controller
- Data collection when visiting our website
- Contacting us
- Cookies
- Data processing for order processing
- Data processing when opening a customer account and for contract execution
- Contacting for review reminders
- Use of review and certification seal graphics
- Tools and miscellaneous
- Rights of the data subject
- Duration of storage of personal data
- Information on the collection of personal data and contact details of the controller
1.1 Thank you for visiting our website. Below, we would like to inform you about how we handle your personal data when using our website. Personal data is any information that can be used to identify you personally.
1.2 The controller responsible for processing data on our website in accordance with the General Data Protection Regulation (GDPR) is:
Alexei Pack
Averdiektsr. 28
49078 Osnabrück, Germany
Tel.: 0541-5068195
Fax: 0541-5068196
E-Mail: mail@wasserladenonline.com
1.3 To protect the security of your data during transmission, we use encryption methods that meet current technical standards (e.g., SSL or TSL) via HTTPS.
- Data collection when visiting our website
Each time you access our website, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following technically necessary data is collected:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Operating system used
- Browser used
- IP address used (if applicable: in anonymized form)
The legal basis for processing is Art. 6 para. 1 lit. f GDPR due to our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. We reserve the right to subsequently check server log files if there are concrete indications of illegal use. The data will be deleted as soon as they are no longer necessary for achieving their purpose and provided that there are no statutory retention obligations preventing deletion. In case of collecting data to provide the website, this occurs when the respective session has ended. In case of storing data in log files, this occurs after a maximum of seven days. Further storage is possible; in this case, user IP addresses are deleted or anonymized so that an assignment to the calling client is no longer possible. The collection of data to provide the website and storage in log files is absolutely necessary for operating the internet site; therefore, there is no possibility for users to object.
- Contacting us
3.1 WhatsApp Business
Visitors to our website have the option to communicate with us via WhatsApp (a service provided by Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA). We use what is known as "Business Version" of WhatsApp for this purpose. If you contact us regarding a specific contract via WhatsApp, we store and use your mobile number used on WhatsApp and – if published and/or transmitted – your first and last name (Art 6 para 1 lit b GDPR) for processing your inquiry. You may be asked to provide additional information if required for handling your request (Art 6 para 1 lit b GDPR). If WhatsApp Business is used for general inquiries not related to a specific contract, we store and use your mobile number used on WhatsApp and – if published and/or provided – your first and last name (according to Art 6 para 1 lit f GDPR) for processing your inquiry. Our legitimate interest lies in promptly answering questions from our customers or interested parties. There will be no transfer of your data to third parties. WhatsApp Business gains access to the address book on your mobile device used for this purpose; stored phone numbers are automatically transferred to a Facebook server in the USA. On our mobile device used for WhatsApp Business, only WhatsApp contact details from users who have already contacted us via WhatsApp are stored. For transfers of personal data from within the European Economic Area (EEA) to outside it (e.g., USA), WhatsApp relies on standard contractual clauses established by EU Commission regulations. For more details on how WhatsApp handles your information, please refer to their privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
4. Cookies
Our website uses cookies. Cookies are text files that are stored on the user's device. When a user accesses a website, a cookie can be saved on the user's operating system. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies will not be used to create user profiles. Our legitimate interest in processing personal data according to Art. 6 para. 1 lit. f) GDPR also lies in these purposes. In addition, our website may use cookies that allow for analysis of users' browsing behavior (so-called third-party cookies). More information about the scope, purpose, legal basis, and options for objection can be found in the respective sections of this privacy policy. As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable, restrict, or delete the transmission of cookies. If you disable cookies for our website, it may no longer be possible to fully utilize all functions of the website. You can prevent the transmission of Flash cookies by changing the settings of the Flash Player. Help with settings can be found in the help menu of your browser or at the following links:
- Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser during your next visit (persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values.
Persistent cookies are automatically deleted after a predetermined duration, which may vary depending on the cookie.
5. Data processing for order processing
5.1 If you wish to place an order in our webshop, it is necessary for concluding a contract that you provide your personal data that we need to process your order. We process the data you provide for order processing. We sometimes work with external service providers to fulfill your order; for this purpose, we must pass on the necessary personal data. If we commission transport companies to deliver your goods, we will pass on your data required for delivery to the respective transport company. For payment processing, we will pass on your data as necessary to the commissioned credit institution. If we use payment service providers, you will also be informed about this below. The legal basis for passing on your data is Art. 6 para. 1 lit b GDPR.
5.2 Transfer of your personal data to shipping service providers - DHL
If delivery of goods to you is carried out by DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will only pass on the recipient's name and delivery address to DHL for delivery purposes and within the scope of necessity according to Art. 6 para. 1 lit b GDPR. Only if you have expressly consented during the ordering process will we pass on your email address according to Art. 6 para. 1 lit a GDPR before delivery for coordinating a delivery date or notifying DHL about delivery. You can revoke your consent at any time with effect for the future against the above-mentioned controller or against DHL.
5.3 Use of payment service providers - Klarna
When paying via one of the following payment methods (if offered):
- "Klarna Invoice Purchase"
- "Klarna Installment Purchase"
- "Klarna Direct Debit" (a Klarna instant payment method)
- "Klarna Credit Card Payment" (a Klarna instant payment method)
the payment processing is carried out through Klarna AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna"). We pass on your personal data (first and last name, street address, house number, postal code, city, gender, email address, phone number, and IP address) as well as order-related data (e.g., invoice amount, items ordered, delivery method) for identity and creditworthiness verification purposes to Klarna if you have expressly consented to this transfer according to Art. 6 para. 1 lit a GDPR. Klarna may share your data with one of the following credit agencies: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). If score values are included in the result of credit reporting, they are based on scientifically recognized mathematical-statistical procedures; among other things but not exclusively address data is included in calculating score values. You can revoke your consent at any time by sending a message to either Klarna or those responsible for processing your data. However, Klarna reserves the right to continue processing your personal data if this is necessary for contractual payment processing.
For individuals based in Germany, Klarna's privacy policy applies: https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf
For individuals based in Austria, Klarna's privacy policy applies: https://cdn.klarna.com/1.0/shared/content/policy/data/de_at/data_protection.pdf
- PayPal
If you select PayPal as a payment method or pay via PayPal using credit card or direct debit – or if offered – "Purchase on Account" via PayPal occurs through PayPal (Europe) S.a.r.l et Cie S.C.A., 22-24 Boulevard Royal L-2449 Luxembourg (hereinafter referred to as "PayPal"). We pass on your personal data according to Art. 6 para. 1 lit b GDPR as necessary to PayPal.
PayPal reserves itself regarding credit card payments via PayPal or direct debit via PayPal or – if offered – "Purchase on Account" via PayPal conducting a credit check; therefore they may forward your payment details according to Art. 6 para. 1 lit f GDPR due to their legitimate interest in determining your ability to pay. The result from credit checks regarding statistical default probabilities is used by PayPal when deciding whether or not to offer specific payment methods; these reports may contain probability values (so-called score values). If score values are included in credit reporting results they are based on scientifically recognized mathematical-statistical procedures; among other things but not exclusively address data is included in calculating score values.
Further details about what other information PayPal collects can be found in their respective privacy policy at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object at any time against this processing by sending a message directly to PayPal; however PayPal remains entitled under certain circumstances still able to process your personal information if it’s required for contractual payment processing.
- Stripe
When selecting a payment method from Stripe Payments Europe Ltd., Block 4 Harcourt Centre Harcourt Road Dublin 2 Ireland (hereinafter referred to as "Stripe"), we only pass along personal information along with order details (name address account number bank code possibly credit card number invoice amount currency transaction number) according strictly under Art .6 para .1 lit.b GDPR solely for purposes related directly towards completing payments .
6. Data Processing when opening customer accounts and contract execution
When opening an account with us ,personal information will be collected processed accordingly under art .6 para .1 lit.b DGSVO . The extent of such information can be seen from input forms provided . The entered details shall be stored utilized by us towards fulfilling contracts made . You may delete customer accounts anytime either through messages sent directly towards responsible parties mentioned above ,or where applicable directly within customer accounts themselves . In such cases ,we shall also block relevant records considering tax commercial retention periods before deleting them once those periods expire . Only consent given towards permanent storage legally permitted further usage would stand against this action.
7. Contacting for Review Reminders
Review Reminder by Trusted Shops
You can revoke your consent at any time by sending a message to the data processing controller or to the review platform. Based on your explicit consent according to Art. 6 para. 1 lit. a GDPR, we will transmit your email address to the review platform Trusted Shops (Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de)). You will receive a review reminder via email from Trusted Shops. You can revoke your consent at any time by sending a message to the data processing controller or to Trusted Shops.
8. Use of Review and Certification Seal Graphics
Trusted Shops Trustbadge
On our website, we integrate the Trusted Shops quality seal (Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne) and any collected reviews as well as offer Trusted Shops products for buyers after an order using the Trusted Shops Trustbadge. Our legitimate interest lies in optimally marketing our offerings. The legal basis is Art. 6 para. 1 lit. f GDPR. When accessing the Trustbadge, the web server automatically saves a server log file that includes your IP address, date and time of access, amount of data transmitted, and the requesting provider, documenting the access. We do not evaluate this access data and it is automatically overwritten no later than seven days after your visit to the site.
9. Tools and Miscellaneous
Google Maps
We use "Google Maps" (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Maps serves to display interactive maps and create directions. By using Google Maps, information about your use of this website including your IP address and the (starting) address entered in connection with the route planner function may be transmitted to Google. When you access a webpage on our site that contains Google Maps, your browser establishes a direct connection with Google's servers. The map content is transmitted directly from Google to your browser and embedded in the website by it; therefore, we have no influence on the extent of data collected by Google in this manner.
According to our knowledge, at least the following data is collected:
- Date and time of visit to the respective webpage
- Internet address or URL of the accessed webpage
- IP address
- (Starting) address entered during route planning
We have no influence over further processing and use of data by Google and cannot assume responsibility for this. If you are logged into Google, your data will be directly associated with your Google account. If you do not wish this association, you must log out of Google. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them; such evaluation occurs according to Art. 6 para. 1 lit. a GDPR based on your explicit consent. If you do not want Google to collect, process or use data about you through our website, you can also disable JavaScript in your browser settings; however, in this case you may not be able to use the map display. The purpose and scope of data collection as well as further processing and use of data by Google along with your rights regarding this matter and options for protecting your privacy can be found in Google's privacy policy (https://policies.google.com/privacy?hl=en). The terms of service for Google can be accessed here: http://www.google.de/intl/en/policies/terms/regional.html; terms for Google Maps are available here: https://www.google.com/intl/en_US/help/terms_maps.html
Google LLC based in the USA is certified under the US-European Data Privacy Framework "EU-U.S. Data Privacy Framework," which ensures compliance with EU data protection standards. Further information about Google's privacy policies can be found at: http://www.google.de/policies/privacy/
Additional notes on Google's privacy practices can be found here: https://business.safety.google/privacy/
10. Rights of Data Subjects
10.1 Applicable data protection law grants you comprehensive rights regarding personal data processing against the controller (rights to information and intervention), which we inform you about below:
- Right to Information according to Art. 15 GDPR: You have the right to request confirmation from the controller whether personal data concerning you is being processed by them. Furthermore, you have a right to information about purposes, categories of personal data processed, recipients, planned duration of storage as well as other rights such as rectification or existence of a right to lodge a complaint with a supervisory authority; origin of your data if it was not collected by us; existence of automated decision-making including profiling along with meaningful information about logic involved and significance concerning you as well as intended effects of such processing; also your right to be informed about guarantees according to Art. 46 GDPR when forwarding your data to third countries.
- Right to Rectification according to Art. 16 GDPR: You have the right for immediate rectification of inaccurate personal data concerning you and/or completion of incomplete personal data stored with us; rectification or completion must occur without delay.
- Right to Restriction of Processing according to Art. 18 GDPR: You have the right to request restriction on processing personal data while accuracy is contested; if you refuse deletion due unlawful processing but instead request restriction; if you need these for asserting claims after we no longer require them for purposes achieved or if you've lodged an objection due special circumstances while it's still unclear whether our legitimate grounds outweigh yours; if processing has been restricted concerning personal data relating to you these may only be processed – aside from their storage – with consent or for asserting claims or protecting rights belonging either another natural or legal person or due important public interest reasons within Union or member states.
If restriction has been lifted you'll be informed before it’s removed. - Right to Deletion according to Art. 17 GDPR: You have right for immediate deletion if conditions under Art. 17 para. 1 GDPR are met. This deletion right does not exist particularly - but not limited - when processing is necessary for exercising freedom expression, fulfilling legal obligations, public interest reasons, asserting, exercising, defending legal claims.
- Right To Notification According To Article 19 Of The GDPR: If you've exercised rights regarding rectification, deletion, limitation then responsible party must notify all recipients whom personal information was disclosed regarding rectification, deletion, limitation unless impossible or disproportionate effort required. You also have right being informed about those recipients.
- Right To Data Portability According To Article 20 Of The GDPR: You have right receiving communicated personal information structured commonly machine-readable format or requesting transfer another controller where technically feasible;
- Right To Withdraw Consent According To Article 7 Para. 3 Of The GDPR: You have right anytime objecting against processing concerning yourself based upon art. 6 para. 1 lit.e) f); this applies also profiling based upon these provisions. Furthermore, you may withdraw consent given anytime future effect . Withdrawal does not affect legality prior until withdrawal occurred.
- Right To Lodge A Complaint According To Article 77 Of The GDPR: Without prejudice administrative judicial remedy available, you possess right lodging complaint before supervisory authority especially within member state residence workplace location alleged infringement occurs if believe processing violates regulations.
10.2 Right To Object
You possess right opposing future effect against processing whenever we process based upon legitimate interests after weighing interests. Should exercise this objection we'll cease processing unless compelling legitimate grounds override cessation necessity arise from asserting defending legal claims.
11. Duration Of Storage Of Personal Data
Duration storing personal information depends upon statutory retention periods applicable. After expiration thereof we'll routinely delete records when they’re no longer necessary fulfilling contracts initiated / executed nor continuing legitimate interests exist retaining them.