Next we inform you about the nature, scope and purpose of processing your personal data during use of our shop at "www.meingriff.de". Personal data comprises any information relating to an identified or identifiable natural person.
The controller as per the EU's general data protection regulation (GDPR) is the natural or legal person who decides, alone or jointly with others, the purposes and means of processing personal data. For the personal data processed at this shop, the controller within the meaning of GDPR is: Ulrike Dievernich / MeinGriff (hereinafter "we"), Kopenhagenweg 11, 25479 Ellerau, Germany. Phone: +49 (0)4106-6132904. E-mail: email@example.com.
2. When you visit our website
Our server collects the following information from the terminal devices of visitors to our website: Browser type and version, operating system, previously visited website ("referrer"), IP address and time of page invocation.
We collect and process these data to ensure trouble-free operation of our website, and to be able to detect, fend off and track any misuse of our services. Furthermore, we use the collected data for statistical purposes, for example, to evaluate which terminal devices and browsers are used to access our platform, in order to continuously improve our offer and adapt it to users' needs.
These data are processed on the basis of Article 6 Paragraph 1 Item (f) of GDPR. We delete all personal data mentioned above no later than twelve months after their collection.
3. When you order from us
When you place an order at our shop, we process your name, billing address and e-mail address as specified by you during the ordering process. Any further data you provide when placing your order (e.g. a different delivery address or a telephone number) are also processed by us.
We process the data mentioned in the paragraph above electronically for proper fulfilment of the contract, in particular, for delivery, invoicing, booking of payments and handling of returns and complaints. These data are processed on the basis of Article 6 Paragraph 1 Item (b) of GDPR.
We keep these data saved until all mutual claims arising from the respective contractual relationship with you have been fully settled, and the commercial and tax-related statutory retention periods to which we are subject have expired.
In order to mutually conclude a contract, it is necessary for us to receive your name, delivery address and e-mail address. The need to provide these data arises from legal provisions (such as § 312i Paragraph 1 Item (3) of the German Civil Code, § 14 Paragraph 4 of the German VAT Act). You can therefore not enter into a contract with us without providing these data.
When concluding contracts, we dispense with automated decision-making and profiling.
4. Customer account
You have the option to create a customer account at our online shop. The input dialog for creating such an account supplies the data required and processed by us. The customer account is established solely on your request. The legal basis is therefore your consent in accordance with Article 6 Paragraph 1 Item (a) of GDPR. We preserve the personal data associated with your customer account until you delete the account or ask us to delete it. Personal data from previously concluded contracts are subject to the retention periods as per the section titled "When you order from us", regardless of the customer account's status.
5. Delivery and payment
Insofar as we send physical goods on the basis of the purchase agreement, we may relay the recipient's name and address to Deutsche Post (Deutsche Post AG, 53113 Bonn), DHL (DHL Paket GmbH, 53113 Bonn) or Hermes (Hermes Germany GmbH, 22419 Hamburg) so that these shipping agencies can deliver the goods to you and, if necessary, return them to us on the basis of Article 6 Paragraph 1 Item (b) of GDPR.
To pay the price of your purchase, the payment service provider you choose ascertains and processes, by your commission, your name, card or account number and/or details required by the payment method you choose. To this extent, the data privacy provisions of the payment service provider chosen by you shall apply in addition.
On receiving a payment, we process the data which the payment service provider transmits to us.
These data are processed on the basis of Article 6 Paragraph 1 Item (b) of GDPR. We preserve these data until all mutual claims arising from the respective contractual relationship with you have been fully settled, and the commercial and tax-related statutory retention periods to which we are subject have expired.
6. Delegated data processor
For operation of our website in the Internet, we engage the technical service provider Strato (Strato AG, 10587 Berlin) as delegated data processor in accordance with Article 28 GDPR.
7. Establishment of contact
When you use the contact form at our website, we process your name, e-mail address and message, once you have submitted these details.
When you send us an e-mail, we save your message together with the relayed sender details (name, e-mail address, and any other information added by your e-mail program and the transmitting servers). For receiving, storing and sending e-mails, we engage an e-mail provider who acts for us as a delegated data processor in compliance with Article 28 GDPR.
The legal basis for this data processing is our legitimate interest in replying to your message, and in being able to respond to any subsequent enquiries of yours (Article 6 Paragraph 1 Item (f) of GDPR). We delete the data collected with your message no later than twelve months after the last communication with you regarding your concern, subject to the regulation in the following paragraph.
If you submit a legally relevant declaration concerning the contractual relationship (e.g. a revocation or a complaint) to us, the legal basis for processing, regardless of the method of submission, is also Article 6 Paragraph 1 Item (b) of GDPR. In such cases, we delete the data related to your declaration as soon as all reciprocal claims arising from the contractual relationship have been finally settled, and the commercial and tax-related statutory retention periods have expired.
8. Comments and ratings
If you submit a review or rating about one of our products at our shop, we publish your submission at our shop's website, together with your user name, which you can also formulate as a pseudonym. To prevent misuse of our offer, we store the IP address of the terminal device from which you are writing for a period of twelve months (Article 6 Paragraph 1 Item (f) of GDPR). We reserve the right to delete irrelevant or thematically inappropriate posts at any time. Furthermore, we delete published posts only at the respective author's request.
When you visit our shop, we store a cookie on your terminal device. This is a small text file with which we can recognize your terminal device when you re-visit our shop at a later occasion. The cookie also allows us to analyze certain user behaviours, e.g. which products you look at, how long you stay at our site, and when and how often you return to our shop. We delete the stored cookie no later than twelve months after your last visit to our shop.
This data processing is carried out on the basis of Article 6 Paragraph 1 Item (f) of GDPR for the purpose of improving our product portfolio's orientation toward the wishes of our shop's visitors, and optimizing our shop's functions as well as the efficiency of advertising measures.
You can prevent creation of cookies by selecting your Internet browser's cookie settings, and disabling cookie creation there for our website individually, or for all websites. There you can also delete cookies which have already been stored.
10. Google Analytics
We use Google Analytics, a web analysis service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). Google stores a cookie on your terminal device. This cookie allows Google to collect information about how you use our website. This information is transmitted to a server in the USA, evaluated there by Google and made available to us. The legal basis is Article 6 Paragraph 1 Item (f) of GDPR, namely our legitimate interest in evaluating and optimizing our website.
Under the EU-US privacy shield agreement, Google has committed itself to complying with the European Union's legislation.
We use Google Analytics with activated IP anonymization. This means that your IP address is usually truncated within the scope of GDPR such that the address can no longer be associated with you. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. The IP address communicated by your browser is not merged with other data by Google. You can prevent storage of cookies by appropriately setting your browser software.
11. Social media
Social media buttons can be displayed at our shop; they are recognizable by the logos of the social media platforms (hereinafter "platforms") (Facebook: blue "f"-logo. Twitter: Blue bird silhouette.). These are links to the respective platforms based in the USA. Clicking on such a link invokes the respective platform's website, whereby the IP address of the calling terminal device as well as the address of the page establishing the link ("referrer") are transmitted to the invoked platform in the USA. However, we do not process or collect any data in connection with the social media buttons.
12. Your rights
You possess the following rights with respect to your personal data processed by us:
You have the right to request confirmation from us as to whether we process any of your personal data. If so, we will notify you of your stored personal data and remaining information in accordance with Article 15 Paragraphs 1 & 2 of GDPR.
You are entitled to have incorrect personal data of yours corrected immediately. Taking into account the purposes of processing, you also have the right to demand the completion of incomplete personal data, also by means of a supplementary declaration.
You may demand that we immediately delete personal data of yours under the conditions of Article 17 Paragraph 1 of GDPR, unless their processing is required as per Article 17 Paragraph 3 of GDPR.
You may demand that we restrict processing of your data if any of the conditions of Article 18 Paragraph 1 of GDPR are fulfilled. In particular, you may demand restriction instead of deletion.
Any rectification or deletion of your personal data and restriction of processing will be reported by us to all recipients to whom we have disclosed personal data of yours, unless this proves impossible or only possible with disproportionate effort. We will also notify you of these recipients if you so request.
You have the right to receive the personal data you provided to us in a structured, common and machine-readable format, and may demand that we transfer this data to another controller without hindrance, insofar as this is technically possible.
Insofar as data processing is based on your consent, you have the right to withdraw this consent at any time. Revocation of consent does not influence the legality of the data processing carried out until revocation.
RIGHT TO OBJECT: FOR REASONS ARISING FROM YOUR SPECIAL SITUATION, YOU CAN ALWAYS OBJECT TO PROCESSING OF YOUR PERSONAL DATA; this right of objection applies to the data processing carried out on the basis of Article 6 Paragraph 1 Item (f) of GDPR in order to safeguard legitimate interests of ours or a third party's, unless outweighed by your interests or fundamental rights / freedoms necessitating protection of personal data. If you exercise your right to object, we will cease processing your personal data, unless we can demonstrate compelling, defensible reasons for processing which outweigh your interests, rights and freedoms, or unless processing serves to assert, exercise or defend legal claims.
IN CASE WE PROCESS YOUR PERSONAL DATA FOR DIRECT ADVERTISING (e.g. NEWSLETTERS), YOU CAN AT ANY TIME OBJECT TO SUCH PROCESSING FOR SUCH ADVERTISING; AS A RESULT, WE WILL NO LONGER PROCESS YOUR DATA FOR THESE PURPOSES.
If you believe that processing of your personal data is in breach of GDPR, you may lodge a complaint with a supervisory authority, in particular, in the member state where your residence or place of work / place of the suspected infringement is located. This does not preclude other administrative or judicial remedies.