Privacy Policy
When you visit our website, we process personal data (all the information relating to an identified or identifiable natural person) insofar as we are permitted to do so in accordance with legal requirements or your consent to do so. This data protection information serves to provide you with details of how we process your personal data (sometimes simply referred to as “data processing” hereafter, too) and of your rights as the person involved.
INDEX
A. Who is responsible for data processing
B. Our data protection officer contact details
C. Operation and hosting of our website
D. Overview of the way we process data
E. Contract performance
F. Website use
G. Communication
H. Your other rights as the person involved
J. Data security
A. WHO IS RESPONSIBLE FOR DATA PROCESSING
The following is responsible for data processing on this website:
Braukmann GmbH
Raiffeisenstrasse 9
D-59757 Arnsberg, Germany
Tel.: +49 (0)2932 54766 - 00
Fax: +49 (0)2932 54766 - 77
Website: www.caso-design.com
e-Mail: info@caso-design.de
B. OUR DATA PROTECTION OFFICER CONTACT DETAILS
Our data protection officer can be reached as follow:
Stefan Pietsch
Pietsch IT GmbH
Wilhelmshöher Straße 1
34590 Wabern, Germany
Telefon: 05683-923440
e-Mail: datenschutz@pietsch-it.de
Website: www.pietsch-it.de
C. OPERATION AND HOSTING OF OUR WEBSITE
Our website it operated in our name and on our account by a full service eCommerce provider who undertakes all of our data processing in connection with the use of our website. Our data processing takes place on the servers of a hosting provider connecting our website to the Internet on our account. Both these providers are based inside Germany.
D. OVERVIEW OF THE WAY WE PROCESS DATA
We process data in the following contexts:
- If you shop with us, we process such of your data which are required to conclude and execute a contract of sale (“contract performance”) (for details see below under E.);
- When visiting and browsing our website (“website use”), we process data from and on your terminal device, which could partly allow for your explicit identification (for details see below under F.);
- Finally, we process your data if you would like to contact us (“communication”), for instance by subscribing to our newsletter, by leaving a review on an article or by submitting a message to us via the communication channels made available by us (for details see below under G.).
E. CONTRACT PERFORMANCE
I. General information on data processing
In the context of your purchase in our online shop, we will ask you to divulge the following details about yourself:
- First name;
- last name;
- invoicing/delivery address;
- e-mail address;
- bank or credit card details.
II. Extent and purpose of processing
We will process the personal data requested from you for the following purposes:
- To e-mail you an acknowledgement of receipt and an order confirmation containing statutory information, and status notifications on shipment of the goods ordered where appropriate;
- to process your payment;
- to send you an invoice for your order;
- to deliver the goods ordered to you; and
- to be able to match any cancellations, complaints and any other post-contractual queries by you to your person and order, and process your issue where appropriate.
If you have voluntarily created a customer account under “Sign in - Register now”, we will also process these data to register you as a customer at the Braukmann GmbH CASO DESIGN online shop for potential future visits or purchases. This way, you will not have to keep re-entering these data required for contract performance for every future order, and will also be able to view any purchases made at any time in your customer account. Once signed into your customer account, you can also save products from our online shop as favourites so to be able to purchase them at a later stage, where appropriate.
III. Data transmission/recipients
The recipients of your data are the technical operator and hosting service provider of our website (see above under C.). Insofar as this is required for contract completion, your data will also be passed on to those organisations we have instructed to receive and process your order. In particular, these are the following:
- Shipping provider for shipment, delivery or collection of goods;
- the bank/credit institution instructed to process your payments.
In case you have selected purchase on account, direct debit or credit card as one of the PayPal payment types, it will be necessary to pass on the following personal data to PayPal (Europe) S.á.r.l. & Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg so to process your payment; and in case you have chosen the on account payment type, amongst others to facilitate the assignment of our accounts receivable to PayPal:
- Invoice number;
- invoice amount;
- name and delivery address;
- name and invoicing address.
IV. Data retention time
If you don’t create a customer account, your data will be blocked once an individual contract of sale has been fulfilled, i.e. we will only process them to a limited extent thereafter. This for one is required in case you would like to assert a claim within the statutory limitation periods (usually three years), which we would then have to match up with yourself and the corresponding business transaction. On the other hand, we are obliged by commercial and fiscal law to retain business documentation, which could contain your data, for a maximum term of ten years. Once these purposes have been fulfilled or those time limits have expired, we will delete all your data we hold.
In case you have voluntarily created a customer account, we will process your data within the framework of this until you have your customer account deleted by us. Insofar this involves data we will have to retain for the reasons mentioned above, we will delete them once the retention periods have expired.
V. Legal basis for processing
Data processing takes place since it is necessary for contract performance (art. 6, sect. 1 b GDPR).
In part (to send out an acknowledgement of receipt and notifications containing statutory information on distance selling), it also takes place to fulfil corresponding legal obligations we are under.
If you have created a customer account, we will also process your data based on your agreement to do so, provided to us at the same time (art. 6, sect. 1 a GDPR).
VI. Right of revocation
You can revoke your agreement for data processing in the context of maintaining your customer account with effect for the future at any time, by notifying us at one of the contact addresses stated above under A. We will then delete your customer account and will only retain any data it contains for as long and to the extent that we are legally obliged to do so (see above under item IV).
F. WEBSITE USE
Every time you visit our website, we will process certain personal data from and partly also on your computer/terminal device. Such processing can be split into the following categories:
- Recording your visit/use of functional cookies (for details see below under I.)
- Website usage analysis via Google Analytics (for details see below under II.)
- Use of tracking technologies for personalised Internet advertising (for details see below under III.)
- Use of so-called “social plug-ins” to link with social media (for details see below under IV.)
- Integration of YouTube videos (for details see below under V.)
- Integration of MyFonts counter (for details see below under VI.)
- Utilisation of warranty extension (for details see below under VII.)
- Use of Google reCAPTCHA (for details see below under VIII.)
I. Recording your visit/use of functional cookies
1. I. General information on data processing
Whenever you visit our website and whenever you download any file from our website, we automatically process the following log data:
- Your computer/terminal device host name (IP address);
- date and time of visit/download;
- the page visited;
- where appropriate, the name of the file downloaded;
- browser type used,
- operating system of your terminal device;
- the website where you are visiting us from.
In addition, we are using functional cookies to operate our website. These are small text files which we store on your computer/terminal device. Firstly, there are so-called session cookies which are only set for the duration of your visit to our website. Secondly, we use so-called persistent cookies. These remain on your computer/terminal device for longer. Both types of cookie contain a characteristic alpha-numeric character string which in the case of persistent cookies enables us to recognise your browser when you next visit our website.
2. Extent and purpose of processing
We process data for the following purposes:
- To identify and deter attacks on our website;
- to establish whether your Internet browser supports cookies;
- to prevent pop-ups being shown to you several times;
- to display our website in the language selected; and
- to display the version of our website for the delivery country chosen by you.
3. Data transmission/recipients
The recipients of your data are the technical operator and hosting service provider of our website (see above under C.).
4. Data retention time
Data are retained for the following duration:
- Log data: until they have fulfilled their purpose, for a maximum of three months;
- session cookies: until you leave our site;
- persistent cookies: one year.
5. Legal basis
Processing is undertaken based on our interest in the functionality and security of our website. In our evaluation, there are no predominant interests, fundamental rights or fundamental freedoms by any people involved opposed to this legitimate interest (art. 6 sect. 1 f, GDPR). On request, we will provide you with further information about how we evaluate such interests.
6. Right to object
You have the right to object against the processing for reasons arising from your specific situation at any time. We will then no longer process such data for these purposes, unless we are able to proof mandatory legitimate grounds for such processing which override your interests, rights and freedoms, or unless such processing serves to assert, execute or defend any legal claims. You can submit your objection to the contact details stated under A. above. Alternatively, you can use your Internet browser settings to control whether or what kind of cookies may be set. Insofar as you don’t accept the use of functional cookies, this can result in limitations in our website functionality.
II. Website usage analysis via Google Analytics and Hotjar
1. General information on processing
Insofar as you have provided us with your consent upon visiting our website, we will use third-party analysis-cookies.
These are text files which are stored on your computer/terminal device and facilitate the analysis of how you use our website. In detail, we use the following analysis technologies from the third-party providers named below, with which the following information is processed:
Google Analytics, a web analysis service by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland:
- Browser type
- Operating system
- Website last visited
- Your computer/terminal device host name (IP address, shortened)
- Time of day of your request to our server
Further information on Google’s data protection can be found here: https://policies.google.com/privacy
Hotjar, provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street St Julians STJ 1000, Malta, Europe (Website https://www.hotjar.com):
- Browser type
- Display size
- Device type
- IP address (anonymized)
- Country
We have entered into an order processing contract with Hotjar to implement European data protection regulations. Further information on Hotjar’s data protection can be found here: https://www.hotjar.com/privacy
2. Extent and purpose of data processing
Google will process the information collected via cookies on our account, to evaluate your use of our website, to collate reports of website activities and to provide other services for us in connection with the use of our website or the Internet. We forego processing data which would enable us to identify you in this regard. In particular, the cookie set does not contain any user ID. The shortened IP address transmitted in the context of Google Analytics is not linked to any other data by Google.
Via Hotjar, we collect information about your user behaviour on our website caso-design.de. This includes mouse and scroll movements and click behaviour on our website. Hotjar helps us to continuously optimise and improve our website based on your interests and needs.
In the process, Hotjar uses cookies and other technologies to collect data about the behaviour of users and their terminal devices, in particular the device IP address (is only captured and stored in aggregated form while you use our website), display size, device type, information on the browser you use and your country. Hotjar stores this information in a pseudonymised user profile without actually storing any personal data and information.
3. Data transmission/recipients
Recipients of your data are:
The information about your use of our website generated by this cookie is usually transmitted to a Google server in the USA and stored there. By deactivating the user ID function and activating IP anonymisation (shortening the IP address by the last octet), data can no longer be linked to your connection or computer/terminal device.
Hotjar stores customer data inside the European Union. In a very few cases, customer data will be accessed from the USA or other countries, or other data are transferred to such countries this way. Hotjar has adequate protective measures in place to ensure your personal data remain protected at all times.
4. Data retention time
Google stores the processed data for 14 months and then they will be deleted by Google.
Data processed by Hotjar will be stored for 30 calendar days and will then be deleted by Hotjar – except for such information where there is a statutory storage obligation in place.
We store log data about your consent until revoked, and these are then stored for the duration of the limitation period of your claims (three years) plus a safety margin for judicial service of one month, i.e. for 37 months in total.
5. Legal basis for processing
Data processing takes place based on your consent (art. 6 sect. 1 a GDPR).
6. Right of revocation
Your consent to the use of analysis cookies remains in effect until revoked by you, which you can do at any time with effect for the future. You can switch off analysis altogether by sliding the analysis slider after clicking on “cookie banner“ or at the top of this page from the right (green) to the left (grey) and then confirm your input. You can prevent data generated by this cookie relating to your use of our website from being recorded and processed by Google by downloading and installing the browser plug-in available under this link: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, or for browsers on mobile devices, you can also click here to prevent any future recording by Google Analytics on this website (this opt-out will only work in this browser, and only for this domain). This results in an opt-out cookie being set on your terminal device. If you delete cookies in your browser, you will have to click this link once again. You can deactivate data collection by Hotjar under the following link: https://www.hotjar.com/opt-out. You will have to separately deactivate this for every browser or individual terminal device. This results in an opt-out cookie being set in the browser on your terminal device. If you delete cookies in your browser, you will have to click this link once again. Finally, there is also an option to prevent cookies from being set via your browser settings. If you don’t accept the use of functional cookies, this can result in limitations in our website functionality.
III. Use of tracking technologies for personalised Internet advertising
Insofar as you have provided us with your consent upon visiting our website, we will use third-party tracking technologies such as cookies or tracking pixels for personalised Internet advertising.
“Tracking cookies “ are text files which are stored on your computer/terminal device. “Tracking pixels” are small graphics in our website header. Both technologies facilitate the recognition of your browser also on other websites. IIn detail, we use the following tracking technologies from the third-party providers named below, with which the following information is processed:
Google AdWords Remarketing by Google Ireland Limited(Google), Gordon House, Barrow Street, Dublin 4, Ireland:
- Browser type
- Operating system
- Preferred language used
- Visit to our website, including date and time
- Last Google search request, including date and time
- Your computer/terminal device host name (IP address, shortened)
- Alpha/numerical user ID
Facebook-Pixel for the creation of Custom Audiences (including a Cookie Consent Tool) by Facebook Ireland Limited (Facebook), 4 Grand Canal Quare, Dublin 2, Ireland:
- Browser type
- Operating system
- Preferred language used
- Visit to our website, including date and time
- Your computer/terminal device host name (IP address, shortened)
- Alpha/numerical user ID
We will log your consent given in a log file. In the process, the following information is processed:
- Your computer/terminal device host name (IP address);
- agreement text;
- activation of the “I agree”-button on our start page cookie banner, or the “I agree” slider on this sub-page;
- date and time of your consent given (time stamp).
2. Extent and purpose of processing
We use Google tracking technologies to recognise your browser based on the data logged as listed under 1. above on other websites, and to show you advertisements on such pages which are based on your presumed interests. Your presumed interests are deduced from a pseudonym profile. This pseudonym profile is drawn up from information about your Internet usage behaviour collected with the help of respective cookies/pixel. If for instance you were interested in certain products, we can then show you our products of this kind on associated websites by using third-party cookies as stated. This generally also serves to prevent advertising which would annoy you, since it is unsuitable and not in line with your interests.
You can find out about the categories used to show you personalised advertising in the Google Display network for any specific advert shown via the clickable “i-button” placed above such adverts, or on Google’s page “Why am I seeing this ad?”.
On the one hand, this Facebook-Pixel facility allows for visitors to our online offering to be identified as a target group to then display adverts (so-called “Facebook ads”) to them. Accordingly, we use Facebook-Pixel to display Facebook ads placed by us only to such Facebook users who have also shown an interest in our online offering, or who exhibit certain characteristics (such as an interest in certain topics or products determined by the websites visited) which we then transmit to Facebook (so-called “Custom Audiences“). By using Facebook-Pixel, we would also like to ensure that our Facebook ads correspond only to a user’s potential interests, and are not perceived to be a nuisance. This then allows us to continue analysing the effectiveness of our Facebook ads for statistical and market research purposes by monitoring whether users are actually referred to our website once they have clicked a Facebook ad (so-called “Conversion“).The data collected are anonymous for us and therefore don’t allow us to draw conclusions as to the user’s identity. Facebook however stores and processes these data, so that it is possible to establish a connection to the respective user profile, and so that Facebook can then use these data for their own advertising purposes in accordance with their data usage policy (https://www.facebook.com/about/privacy/). These data can then allow Facebook and its partners to place ads both on and outside of Facebook.
We log your consent so that we can prove it.
3. Data transmission/recipients
Recipients of your data are:
Google Ireland Ltd and its affiliated company Google LLC, which is based in the US.
Facebook runs a global infrastructure and processes data from servers both in the EU and the USA.
4. Data retention time
You can find out for how long respective cookies are stored, and hence for how long your data are processed for the purposes mentioned above, from the security settings in your browser.
For data records in Google Ads Remarketing lists, the storage period is maximum 30 days.
Data processed are stored by Facebook in accordance with their data usage policy (https://www.facebook.com/about/privacy/).
We store log data about your consent until revoked, and these are then stored for the duration of the limitation period of your claims (three years) plus a safety margin for judicial service of one month, i.e. for 37 months in total.
5. Legal basis for processing
Data processing takes place based on your consent (art. 6 sect. 1 a GDPR).
6. Right of revocation
Your consent to the use of tracking cookies for personalised advertising remains in effect until revoked by you, which you can do at any time with effect for the future. You can switch off tracking for advertising purposes altogether by sliding the marketing slider after clicking on “cookie banner“ or at the top of this page from the right (green) to the left (grey) and then confirm. You can prevent the usage of tracking cookies for personalised advertising on the Google Display network by moving the slider for “Ads personalisation on the web” and/or for “Ads Personalisation on Google Search” under Google settings from left to right respectively. You can find out how to separately block advertising or individual advertisers here. You can also control for yourself whether tracking cookies are stored at all via your browser settings, by rejecting tracking across sites there. If you don’t accept the use of functional cookies, this can result in limitations in our website functionality.
IV. Use of social plug-ins
We use so-called social plug-ins (“plug-ins”) by the Facebook, Google+, Pinterest and Twitter social networks on our website. To safeguard the protection of your data, such plug-ins are not integrated into the site directly, but only via an html link (the so-called “Shariff solution” by c‘t). This ensures no connection is established to the providers of these respective social networks yet when visiting one of our websites which contain such plug-ins. If you click one of the buttons, a new window opens in your browser retrieving the page of the respective social network, where you can, for instance, click the “like” or “share” button (where appropriate, once you have entered your log-in data).
Please look up purpose and extent of their data collection and the further processing of data by providers, and your rights in this regard, plus settings options to protect your privacy, in such provider’s individual privacy notices.
Facebook privacy notice: http://www.facebook.com/policy.php
Google privacy notice https://policies.google.com/privacy?hl=de&gl=de
Pinterest privacy notice: https://policy.pinterest.com/de/privacy-policy
Twitter privacy notice: https://twitter.com/de/privacy
V. Integration of YouTube videos
1. I. General information on data processing
We have integrated YouTube videos into our website which are stored on the YouTube platform of Google Ireland Limited (YouTube) and can be viewed directly via our website.
2. Extent and purpose of data processing
These videos are integrated into the “advanced data protection mode”. This means none of your personal data are transferred to YouTube unless you start to play a video. Once you play a video, the following data are processed:
- Your computer/terminal device host name (IP address);
- date and time of visit/download;
- the page with the integrated YouTube video visited;
- where appropriate, the name of the file downloaded;
- browser type used;
- operating system of your terminal device;
- the website where you are visiting us from.
In case you have a Google user account and are logged in, additional personal data of yourself could be processed. This depends on the agreement made between you and Google.
Further information on the extent and purpose of data processing by YouTube can be found here.
3. Data transmission/recipients
Your data are transferred to YouTube. YouTube is represented by Google Ireland Limited (Google) in the USA.
4. Data retention time
The data processed are stored by YouTube/Google until they have fulfilled their purpose and are then deleted. Further information on data retention by YouTube can be found in the Google Ireland Limited data protection statement..
5. Legal basis for processing
Data processing is undertaken based on our interest in the making our website more attractive by integrating YouTube videos. In our evaluation, there are no predominant interests, fundamental rights or fundamental freedoms by any people involved opposed to this legitimate interest (art. 6 sect. 1 f, GDPR). On request, we will provide you with further information about how we evaluate such interests.
6. Right to object
You have the right to object against the processing for reasons arising from your specific situation at any time. We will then no longer process such data for these purposes, unless we are able to proof mandatory legitimate grounds for such processing which override your interests, rights and freedoms, or unless such processing serves to assert, execute or defend any legal claims. You can submit your objection to the contact details stated under A. above.
VI. Integration of MyFonts counter
1. I. General information on data processing
On this website, we use MyFonts, a web analysis service offered by MyFonts Inc. In the process the following data is processed:
- Your IP address;
- date and time of visit;
- data volume transferred;
- provider making the request.
2. Extent and purpose of data processing
Based on the licensing terms pertaining to the use of scripts on our website, so-called page view tracking takes place, where the number of visits to our website are counted for statistical purposes and are then transmitted to MyFonts. Data are passed on by activating Java script code in your browser where appropriate.
3. Data transmission/recipients
The recipient of your data is MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801 in the USA.
With regard to the transmission of personal data to the USA, there is European Commission decision with regard to the adequacy of the data protection level.
4. Data retention time
Your data will be retained until their purpose is fulfilled.
5. Legal basis for processing
Data processing is undertaking on the basis of our interest in the use of MyFonts scripts on our website. In our evaluation, there are no predominant interests, fundamental rights or fundamental freedoms by any people involved opposed to this legitimate interest (art. 6 sect. 1 f, GDPR). On request, we will provide you with further information about how we evaluate such interests.
6. Right to object
You have the right to object against the processing for reasons arising from your specific situation at any time. We will then no longer process such data for these purposes, unless we are able to proof mandatory legitimate grounds for such processing which override your interests, rights and freedoms, or unless such processing serves to assert, execute or defend any legal claims. You can submit your objection to the contact details stated under A. above. To completely prevent Java script code from being executed by MyFonts, you can install a Java script blocker (for instance http://www.noscript.net/). Further information on MyFonts Counter can be found in the MyFonts privacy notices under https://www.monotype.com/legal/privacy-policy/.
VII. Utilisation of warranty extension
1. I. General information on processing
On our website, you can extend our 24-month manufacturer warranty for certain CASO DESIGN products by a further 12 months. To do so, we process the following data:
- Your Name;
- your e-mail address;
- purchase date;
- name of your dealer where you bought the product;
- post code and location of this dealer;
- product price in Euros;
- serial number;
- part number.
2. Extent and purpose of processing
We process your data to check your entitlement to an extension and to be able to fulfil our warranty promise.
3. Data transmission/recipients
The recipients of your data are the technical operator and hosting service provider of our website (see above under C.).
4. Data retention time
We will retain your data until their purpose is fulfilled.
5. Legal basis for processing
Processing takes place based on our legitimate interest in fulfilling your warranty claim. We assume that there are no predominant interests, fundamental rights or fundamental freedoms of yours opposed to this (art. 6 sect. 1 f, GDPR). On request, we will provide you with further information about how we evaluate such interests.
6. Right to object
You have the right to object against the processing for reasons arising from your specific situation at any time. We will then no longer process such data for these purposes, unless we are able to proof mandatory legitimate grounds for such processing which override your interests, rights and freedoms, or unless such processing serves to assert, execute or defend any legal claims. You can submit your objection to the contact details stated under A. above.
VIII. Use of Google reCAPTCHA
1. I. General information on processing
In the context of form requests on our website, we use the reCAPTCHA service by Google Ireland Ltd. (Google). In the process, the following data is processed:
- Browser type and settings
- Operating system
- Visit to the website containing the form request, including date and time
- Your computer/terminal device host name (IP address, shortened)
- Mouse movements and clicks when solving reCAPTCHA tests
2. Extent and purpose of processing
We use this service so that we can be certain from the data collected, and, where appropriate, pattern recognition test mentioned above, that subsequent entries into the form originate from a natural person and not a bot.
Further information on the extent of data processing and data protection when using Google products can be found https://policies.google.com/privacyhere
3. Data transmission/recipients
The recipients of your data are Google Ireland Limited and their associate, Google LLC in the USA.
4. Data retention time
The data are retained until they have fulfilled their purpose and are then deleted.
5. Legal basis for processing
Data processing is undertaken based on our interest in the security of our website and in excluding the possibility of fake data being entered improperly in an automated manner. In our evaluation, there are no predominant interests, fundamental rights or fundamental freedoms by any people concerned opposed to this legitimate interest (art. 6 sect. 1 f, GDPR). On request, we will provide you with further information about how we evaluate such interests.
6. Right to object
You have the right to appeal against the processing for reasons arising from your specific situation at any time. We will then no longer process such data for these purposes, unless we are able to proof mandatory legitimate grounds for such processing which override your interests, rights and freedoms, or unless such processing serves to assert, execute or defend any legal claims. You can submit your objection to the contact details stated under A. above.
G. COMMUNICATION
I. Newsletter
1. I. General information on processing
You can subscribe to our e-mail newsletter service on our website on a voluntary basis, by entering your personal details including your e-mail address into the relevant input field and then clicking the “Subscribe” button.
Your subscription to our newsletter and the consent required to subscribe will only come into effect once you confirm your e-mail address by clicking the link to do so sent out by us to the e-mail address provided (so-called double opt-in method).
We will log your consent given in a log file. In the process, the following information is processed:
- Your e-mail address entered;
- agreement text;
- clicking the “subscribe” button;
- date and time of your consent given (time stamp).
2. Extent and purpose of processing
We will process the e-mail address confirmed by you in accordance with your consent to periodically keep you informed with our e-mail newsletters. Insofar as you have completed the optional fields for salutation, first name and last name when subscribing, we will process these additional details to address you personally in our newsletters.
We will log your consent so that we can prove it.
3. Data transmission/recipients
The recipient of your data are the technical operator and hosting service provider of our website (see above under C.) as well as the newsletter service provider (art. 28 GDPR) we have instructed, who are located in Germany.
4. Data retention time
We will retain your e-mail address log data on your consent until you unsubscribe from our newsletter. We will then store your log data for the duration of the limitation period of your claims (three years) plus a safety margin for judicial service of one month, i.e. 37 months in total.
5. Legal basis for processing
Processing takes place based on your consent (art. 6 sect. 1 a GDPR).
6. Right of revocation
Your newsletter consent remains in effect until revoked. You can declare your revocation at any time with effect for the future, for instance by informing us accordingly via the contact details specified under A. above, or by clicking the “unsubscribe” link which you will find at the very end of every newsletter. Alternatively, you can also enter your e-mail address into the newsletter input field on our website and then click the “unsubscribe” button.
II. Contact
1. I. General information on processing
You can contact us under the contact details stated under A. above, or via our contact form. In the process, those data that you provide us with in your message will be processed, i.e. your concrete request and in case of e-mail requests your e-mail address, in case of letters your postal address, in case of telephone calls your telephone number, and when using our contact form depending on your request the following details:
- • Your Name;
- • your e-mail address;
- • the subject matter chosen for your message;
- • your message;
- • order number where appropriate;
- • customer number where appropriate;
- • part number where appropriate;
- • file(s) uploaded where appropriate;
- • photo(s) uploaded where appropriate.
2. Extent and purpose of processing
We process your data for processing your request and to be able to contact you with an answer.
3. Data transmission/recipients
The recipients of your data are the technical operator and hosting service provider of our website (see above under C.).
4. Data retention time
We retain your data for the duration of the legal retention period for business letters of six years (para. 147 of the Fiscal Code).
5. Legal basis for processing
Processing takes place based on the execution of pre-contractual measures or for contract performance purposes (art. 6 sect. 1 b GDPR). Insofar as no pre-contractual or contractual matters are involved, the legal basis is our legitimate interest in processing your request. We assume that there are no predominant interests, fundamental rights or fundamental freedoms of yours opposed to this (art. 6 sect. 1 f, GDPR). On request, we will provide you with further information about how we evaluate such interests.
6. Right to object
You have the right to object against the processing for reasons arising from your specific situation at any time. We will then no longer process these data for such purposes and will no longer reply to your request, where appropriate. You can submit your objection to the contact details stated under A. above.
III. Live Chat
1. I. General information on processing
On our homepage there is the possibility to contact us via a chat window. We use the offer of Sendinblue GmbH, whose chat function we have integrated into our website. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (website: de.sendinblue.com).
We have entered into a data processing agreement with Sendinblue. Further information on Sendinblue’s data protection can be found here: https://de.sendinblue.com/legal/privacypolicy/
2. Extent and purpose of processing
The data you enter in the chat window will be processed in order to get in touch with you and to answer your request.
We only use the live chat to optimize our product and purchase advice.
3. Data transmission/recipients
Recipient of your data is Sendinblue GmbH.
4. Data retention time
Data processed are stored by Sendinblue a maximum of 48 months.
5. Legal basis for processing
Data processing is undertaken based on our interest in the making our website more attractive. In our evaluation, there are no predominant interests, fundamental rights or fundamental freedoms by any people involved opposed to this legitimate interest (art. 6 sect. 1 f, GDPR). On request, we will provide you with further information about how we evaluate such interests.
6. Right to object
You have the right to object against the processing for reasons arising from your specific situation at any time. We will then no longer process such data for these purposes, unless we are able to proof mandatory legitimate grounds for such processing which override your interests, rights and freedoms, or unless such processing serves to assert, execute or defend any legal claims. You can submit your objection to the contact details stated under A. above.
IV. “Items available” notification service
1. I. General information on processing
In case one of the articles displayed in our online shop is temporarily out of stock, you can use the notification function to leave us your e-mail address, so that we can mail an automated e-mail notification to this address provided once such article is back in stock. When using our notification function, the following data is processed:
- Your e-mail address; and
- the respective article.
You provide your details on a voluntary basis. If you do not provide such details though, we are unable to offer this notification function to you.
2. Extent and purpose of processing
We process your data to process your request and to be able to contact you for this purpose.
3. Data transmission/recipients
The recipients of your data are the technical operator and hosting service provider of our website (see above under C.).
4. Data retention time
We will retain the details provided by you until we have replied to you. In case the article required remains out of stock for over three months, we will automatically delete your details, and you will no longer be notified.
5. Legal basis for processing
Data processing takes place since it is necessary for the execution of pre-contractual measures (art. 6, sect. 1 b GDPR). Insofar as no pre-contractual matters are involved, the legal basis is our legitimate interest in processing your request. We assume that there are no predominant interests, fundamental rights or fundamental freedoms of yours opposed to this (art. 6 sect. 1 f, GDPR). On request, we will provide you with further information about how we evaluate such interests.
6. Right to object
You have the right to object against the processing for reasons arising from your specific situation at any time. We will then no longer process these data for such purposes and will no longer reply to your request, where appropriate. You can submit your objection to the contact details stated under A. above.
V. Direct mailing
1. I. General information on processing
We will process your postal address retained for the purpose of contract performance to also send out direct mailings to you.
2. Extent and purpose of processing
We solely process your postal address in this context to periodically provide you with information about promotions and news on CASO DESIGN products by Braukmann GmbH by letter.
3. Data transmission/recipients
In the process, we will not pass on your postal address to any third parties without your specific consent. The only recipient of your postal address will therefore be the postal service provider which we instruct to deliver our letters.
4. Data retention time
We will retain your postal address for the time we require it to fulfil our contractual obligations (see above under E.). If you object to direct mail (see above under number 6), we will block your postal address for this purpose.
5. Legal basis for processing
Processing takes place based on our legitimate interest in directly informing you as our customer of news and promotions with regard to our products. We assume that there are no predominant interests, fundamental rights or fundamental freedoms of yours opposed to this (art. 6 sect. 1 f, GDPR). On request, we will provide you with further information about how we evaluate such interests.
6. Right to object
You have the right to object against such processing at any time. We will then no longer process your postal address for the purpose of direct mail. You can submit your objection to the contact details stated under A. above.
H. YOUR OTHER RIGHTS AS THE PERSON INVOLVED IN DATA PROCESSING
Next to the rights already stated above in the context of the respective types of data processing, you also have the following other rights with regard to your personal data:
-
Right to information: You can demand information from us with regard to all your personal data we are processing. Details on the extent of your right to information can be found in art. 15 GDPR and para. 34 BDSG (2018)
-
Right to rectification: You can demand that incorrect personal data be rectified and incomplete data be completed. Details on the extent of your right to rectification can be found in art. 16 GDPR.
-
Right to erasure: Under certain conditions, you can demand from us to erase your personal data. Details on the extent of your right to erasure can be found in art. 17 GDPR.
-
Right to restriction of processing: Under certain conditions, you can demand from us to restrict the processing of your personal data. Details on the extent of your right to restriction of processing can be found in art. 18 GDPR.
-
Right to data portability: Under certain conditions, you can demand from us to transfer your personal data which you have provided to us, to you or another person responsible in a common, machine-readable format. Details on the extent of your right to data portability can be found in art. 20 GDPR.
-
Right to lodge a complaint with a supervisory authority: You can also contact a supervisory authority with a complaint. Details on the extent of your right to lodge a complaint with a supervisory authority can be found in art. 77 GDPR.
J. DATA SECURITY
The personal data requested from you on our website is transferred to us via a secure SSL („secure socket layer) connection using 256 bit encryption to ensure you are protected against third-party access.
In addition, we take additional technical and organisational security measures to protect your data against loss, destruction or abuse. Access to any customer account created, where appropriate, is for instance only possible via your personal password. You can contribute to protecting your data yourself by choosing a password which is as difficult to guess as possible (for instance by using a combination of letters, numbers and special characters), and by keeping it strictly secret.