1. The data controller and data protection officer
a) The data controller for this website as defined within the General Data Protection Regulation (GDPR) is SmartStore AG, Kaiserstr.
63-65, 44135 Dortmund, Germany, represented by Pavlos Tsulfaidis, at the same address as above. Tel.: +49 (0) 231 5335-0, Fax: 49 (0)
231 5335 101, E-Mail: firstname.lastname@example.org.
b) The data protection officer for SmartStore AG is Mr. Murat Cakir. He is at the above address, with correspondence to be marked for his attention. Alternatively, you can reach Murat Cakir by email at email@example.com
2. The collection and storage of personal data
a) Storage of access data in server log files
You can visit our web pages without disclosing any of your personal details. When you visit our website, the browser on your end device automatically sends us only the following access data information. This is temporarily recorded and stored in a server log file until it is automatically deleted:
- The IP address of the computer making the request,
- The date and time of access,
- The name and URL of the accessed file,
- Possibly the volume of data requested,
- The website from where access is made (referrer URL),
- browser used,
- If applicable, your computer operating system
- The name of your provider.
We process this data with a legitimate interest according to Article 6, para. 1 (f) GDPR for
- Easy access to our website,
- Easy use of our website,
- System security and stability, and also
- For other administrative purposes.
We never us it to draw conclusions on your identity. For the cookies used on our website, web analysis services and plugins, please refer to the rest of section 5 and 6 of this data protection declaration.
b) Contact form and email
Our website enables swift electronic contact and direct communication with our company via our website's contact form or by email.
If you contact us via the contact form or by email, the personal data you provide will automatically be saved. To enable this, you only need to provide a valid email address so that we know who the request has come from and can answer it; optionally, you can provide further personal data.
Data processing for the purpose of making contact with us and processing your request is carried out in accordance with Art. 6 para. 1 S.1 l (a) of the GDPR, based on your consent being given. The personal data collected by us will automatically be deleted after your request has been processed. We will not pass on this personal information to third parties.
c) User account
You can choose to open a user account on our website by providing personal data. The personal data transmitted to us is determined by
the input form provided when you register for a user account. The personal data entered by you will be subject to para. 4 and collected
and stored for our internal use and own purposes.
Furthermore, upon registering on our website, the IP address assigned by your Internet service provider and the date and time of registration are also saved. This data storage takes place to prevent the misuse of our services. If necessary, this data will serve to clarify any offenses committed. In this respect, so storing this data is necessary for our security. This data will not be passed on to third parties unless this is required by law or for the purposes of criminal prosecution.
Your registration for a user account and voluntarily providing personal data serves to offer you content or services that, due to their very nature, can only be offered to registered users.
You can only access to your customer account after entering your personal password. You should keep your access information confidential and close the browser window when you have finished your session with us, especially if you share your computer with others.
You can delete your user account at any time, either by using a designated function in your user account or by notifying us e.g. by emailing firstname.lastname@example.org or using the contact form on our website.
d) Newsletter subscription
If you have given us your valid email address, which is only needed for the newsletter, according to Art. 6 para. 1 S. 1 (a) GDPR, you
have expressly given your consent and we will use your email address to regularly send you our newsletter for information about our
latest offers and news.
A confirmation email is part of the ‘double opt-in procedure’. This is sent to an email address when first registered and is part of the process for sending the newsletter in order to check whether the owner of the email address is the person concerned and has authorised the newsletter registration. When you register for the newsletter, the personal data that you, the user, have entered into the registration form, the IP address assigned to you by the Internet Service Provider and the date and time of registration for the newsletter are saved. The data collection described above is needed to trace any misuse of the data belonging to a data subject at a later date. The personal data collected in the context of registering for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter can be informed by email in the event of changes to the newsletter subscription or technical changes.
You can unsubscribe from the newsletter at any time and withdraw your consent to your personal data being stored for sending the newsletter, for example, via a unsubscribe link at the end of each newsletter or by sending us a message, e.g., by email to email@example.com or via the contact form on our website.
e) Evaluation reminder by email with consent
If in accordance with Art. 6 para. 1 S. 1 (a) GDPR, if you have given your express consent in this respect, we will use your email address as a reminder to submit an order evaluation using our evaluation system. This consent can be revoked at any time by sending us a message, for example, to firstname.lastname@example.org or using the contact form on our website.
f) Email promotion without newsletter subscription
If you provide us with information in accordance with Art. 6 para 1 S. 1 (a) GDPR, you have given your express consent in this respect and we reserve the right to occasionally send you offers for products and services from our range that may be of interest to you even without a newsletter subscription. You can withdraw your consent to this use of your email address at any time by sending us a message, e.g. by emailing us at email@example.com or using the contact form on our website. If you have provided us with your email contact information as a customer in connection with the sale of a product or service and you have not objected, we also retain a legitimate interest according to Art. 6 para. 1 s. 1 (f), Art. 95 GDPR, Art. 13 para. 2 of the data protection Directive for electronic communication 2002/58/EG, and § 7 para. 3 UWG (Law against Unfair Competition), even if you have not specifically given your consent, to occasionally send you direct mail for our own similar products or services. Upon the collection of your electronic contact information and each time it is transferred, you have a clear opportunity to use your electronic contact information in this way without any problems and without additional fees other than your own transfer costs.
g) Postal advertising with consent
If, in accordance with Art. 6 para 1 S 1 (a) GDPR, we have received your express consent, we also reserve the right to store your first and last name, postal address in summarised lists and - if we have received this additional information as part of the contractual relationship with you - your title, academic degree, year of birth and professional title, sector description or business name. We may use these for our own promotional purposes, such as sending you interesting offers and information about our products by post. You can withdraw your consent to this use of your email address at any time by sending us a message, e.g., by emailing firstname.lastname@example.org or using the contact form on our website.
3. Data security with SSL procedures
As part of our website, we use the customary SSL procedure (Secure Socket Layer) in connection with the highest encryption level
supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3
You will see the encryption of an individual page of our website by the closed lock symbol in your browser.
We use suitable technical and administrative security measures that are continuously improved in line with technological developments to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and/or against unauthorised access by third parties.
4. Transfer of data
Under no circumstances will we pass on your personal data to third parties for any purposes other than listed below. We will only disclose your personal data to third parties if:
- You have expressly consented to this under Art. 6 para 1 S 1 (a) of the GDPR,
- The disclosure is in accordance with Art. 6 para 1 S 1 (f) GDPR to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data,
- In the event that disclosure in accordance with Art. 6 para. 1 S 1 (c) GDPR is a statutory obligation and provided that,
- This is legally permissible and in accordance with Art. 6 para. 1 S 1 (b) GDPR, this is required for processing the contractual relationship with you.
To implement pre-contractual measures at your request and to fulfil the contract with you, based on Art. 6 para. 1 S. 1 (b) GDPR and Art. 6 para. 1 S. 1 (f), Art. 95 GDPR and in conjunction with Art. 13 para. 2 of the Data Protection Directive for electronic communication 2002/58/EG and §7 para. 3 UWG, we use selected cloud-based services in compliance with data protection. Here, as part of contractual data processing according to Art. 28 GDPR and only as far as necessary, customer data is stored and processed on the provider's servers. At present, these are:
- Microsoft Office 365 Germany, in particular Microsoft Exchange Online, for email communication with customers, with online calendar and address book functions while processing customer data such as messages, text, audio, video or image files, appointments and contact information on Microsoft Exchange servers in German data centers (Microsoft's data protection declaration can be found online at: https://privacy.microsoft.com/de-de/privacystatement)
- Weclapp, which is accounting software with a Merchandise Management System (CRM and ERP functionalities) processing customer data required for accounting and ERP (contact information, offers, orders, products, invoices) with data centers in Germany. Weclapp's data protection declaration is online at https://www.weclapp.com/de/datenschutz/ as well as at the interface to the CRM and ERP functionalities of Weclapp, if you have not objected to this,
- CleverReach, which is a German service provider for email marketing and direct communication between you as a customer and us as a company, processing the data required for sending emails and newsletters on their servers. (the data protection declaration can be found online at: https://www.cleverreach.com/de/datenschutz/).
If, in accordance with Art. 6, para 1 S. 1 (a) GDPR, you have given your express consent to this, we may obtain credit information from a credit check provider based on mathematical and statistical procedures to safeguard our legitimate interests. As part of this, we will disclose personal data required for the credit check and use the information received to provide information on the statistical probability of a default, so that we may take a well-balanced decision to enter into, implement or terminate a contractual relationship with you. The credit report may include a score calculated through scientifically approved mathematical and statistical methods. These take data such as your address into account.
As part of a payment process, your data will only be processed in accordance with article 6 para 1 (b) GDPR relating to the bank, savings bank or credit institution and as far as necessary for payment processing; when paying by credit card or by direct debit by means of a payment service provider, the data required for payment processing is transmitted directly to the payment service provider within the process without being stored by us.
device when you visit our website. By using cookies, our systems can recognise your browser and offer you additional useful information
in connection with the specific end device used; cookies also serve to statistically record the use of our website and to evaluate to
optimise our services and products.
A cookie is used to collect information about your use of our website such as your browser type/version, the operating system, referrer URL (the previously visited webpage), host name of the accessing computer (IP address) and time of the server request.
Some of the cookies we use are deleted after the browser session, i.e. after you close your browser (these are session cookies). They are used to recognise that you have already visited individual pages of our website.
Temporary cookies, which are stored on your device for a specific period of time, automatically recognise your browser and any entries and settings you make when you visit our website again. These cookies are automatically deleted after a defined period of time.
6. Programs for web analysis and newsletter tracking
a) Web analysis programs
On the basis of Art. 6 para. 1 S 1 (f) GDPR, we use the tracking measures mentioned below with a legitimate interest in web analysis to statistically record the use of our website and to evaluate this to optimise our products and services so we can design our website to meet requirements and continuously improve it. The relevant data processing purposes and data categories can be found in the various tracking tools.
(1) Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA
94043, USA, hereinafter referred to as "Google", cf. a. https://www.google.de/intl/de/about/.
Google Analytics uses "cookies" (cf. para. 5 for details) to enable an analysis of your website use. The information generated by a cookie is usually sent to and saved in a Google server in the U.S.. IP anonymisation has been enabled on our website, which means your IP address is truncated in advance by Google within EU Member States or other states party to the agreement in the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the U.S. and shortened there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports regarding website activity and provide other services to the website operator related to website usage and internet usage. The IP address provided by your browser for Google Analytics will not be combined with other data from Google.
(2) Google Tag Manager
Our website uses the Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn can collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
(3) Google Ads Remarketing
We use the remarketing function within the Google Ads service. The remarketing function allows us to present users of our website with interest-based advertising on other websites within the Google advertising network (in Google search or on YouTube, so-called "Google Ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers interested the user, in order to be able to show targeted advertising to users on other sites even after they have visited our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google Display Network. These cookies are used to record the visits of these users. The cookies are used to uniquely identify a web browser on a specific end device and not to identify a person.
The newsletter sent by us can contain tracking pixels. This is a miniature graphic that is embedded in our email newsletter sent in
HTML format so that log file recording and analysis can be carried out. Based on a tracking pixel, we can recognise if and when an email
was opened and which links were clicked on in the email. This helps us to carry out a statistical evaluation of the success or failure
of online marketing campaigns.
Data collected from you in the tracking pixels contained in our newsletters are saved and evaluated by us, but not passed on to third parties.
At any time, you are can withdraw the separate declaration of consent relating to this, which has been made using the double opt-in procedure (see Section 2 (d). After withdrawing your consent and also after unsubscribing from the newsletter, the data collected from you will be deleted.
7. Social Plugins
Based on Art. 6 para. 1 S. 1 (f) GDPR, we use social plug-ins on our website, in particular, the social networks Facebook, Google+,
Twitter, Instagram and XING, to make your visit to our website more personal, to network our company and to publicise ourselves. This
advertising has a legitimate interest as part of the GDPR.
When you visit a page on our website that contains one of these social plug-ins, your browser establishes a direct connection to the servers belonging to the social plug-in provider. They receive the information that you have accessed the page on our website through your browser, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server belonging to the provider in the U.S. and is stored there.
If you are logged in to one of the providers' services, they can assign your visit to our website against your profile. When interacting by means the social plug-in, the relevant information is also sent directly to the provider’s server, stored there, published in the social network and displayed there to your contacts.
We operate our website with social plug-ins, but have no knowledge of the content of the data transmitted or how the provider of the social plug-in uses this data.
If you do not want the provider of a social plug-in to assign the data collected via our website directly to your profile there, you can log out of the respective provider’s site when visiting our website. You can also completely prevent plugins from loading using browser add-ons, e.g. the script blocker "NoScript".
Responsibility for operating within the bounds of data protection will be guaranteed by the provider of the social media plugin; The purpose and scope of data collection and the further processing and use of the data by the provider, as well as your rights and setting options for protecting your privacy can be found in the data protection information for the provider listed below.
These individual providers are:
We use Facebook plugins, especially the "Like" and "Share" buttons. You will find an overview of the Facebook plugin and the design at http://developers.facebook.com/docs/plugins/.
Facebook can obtain and evaluate the information transmitted via a Facebook plug-in sent to its servers in the U.S. to create usage, interest and relationship profiles for advertising, market research and the custom presentation of Facebook pages, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook. Facebook's data protection declaration, with information on the purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights and setting options for protecting your privacy can be found online at http://de-de.facebook.com/policy.php. . If you do not want Facebook to assign your visit to our website to your Facebook user account, please log out of Facebook beforehand.
8. Rights of affected persons
With regard to the processing of your personal data, you have the following data subject rights:
a) Right to information, Article 15 GDPR:
In particular, you have a right to access your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, whether there is a right to rectification, deletion, restriction of processing, objection to processing, a complaint to a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the scope concerning you and the desired effects of such processing, as well as your right to be informed about the guarantees provided in accordance with Art. 46 GDPR for the transfer of your data to third countries.
b) Right to rectification, Art. 16 GDPR
This includes the right to correct inaccurate data about you and/or to complete any incomplete data we have stored.
c) Right to deletion, Art. 17 GDPR
This includes the right to demand that we delete your personal data according to the requirements of Art. 17 para. 1 GDPR. However, this right does not exist, in particular, if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
d) The right to restriction of processing, Art. 18 GDPR:
This includes the right to request that the processing of your personal data is restricted if you dispute the accuracy of the data and the processing is unlawful, but you decline to have the data deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims or you object according to Art. 21 GDPR or have lodged an objection to the processing.
e) Right to information in accordance with Art. 19 GDPR;
If you have exercised the right to rectify, erase or restrict the processing of your data and have informed the data controller of this, he/she is obliged to notify all recipients about this rectification (if your personal data has been disclosed to these recipients), unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the person responsible.
f) Right to data portability, Art. 20 GDPR:
You have the right to receive the personal data you have provided to us in a structured, up-to-date and machine-readable format or to request its transfer to another responsible person, insofar as this is technically feasible.
g) Right to withdraw your consent, Art. 7 para. 3 GDPR:
This includes the right to withdraw your consent given to us to process your data at any time and with future effect. In the event of withdrawal of consent, we will delete the data concerned without delay, unless there is a legal basis for processing without consent that requires further data processing. This withdrawal of consent will not affect the lawfulness of any processing carried out beforehand.
i) Right to lodge a complaint, Art. 77 GDPR:
Regardless of any administrative or judicial remedies that may exist, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the provisions of the GDPR.
9. Duration of the storage of personal data
After ending a contract, we will routinely delete the personal data stored by us, taking into account tax and business retention periods, if this is no longer required for contractual purposes, if you have not expressly declared your consent to specific future use of the data and/or we have no legitimate interest in further processing.
10. RIGHT OF OBJECTION
IF THERE IS A LEGITIMATE INTEREST FOR PROCESSING YOUR DATA ACCORDING TO ART 6 PARA 1 S 1 GDPR, ART. 21 GDPR, YOU HAVE THE RIGHT TO OBJECT AGAINST THIS PROCESSING OF YOUR PERSONAL DATA WITH A FUTURE EFFECT, IF THERE ARE REASONS BASED ON YOUR INDIVIDUAL CIRCUMSTANCES. THE DATA CONTROLLER WILL NO LONGER PROCESS THE PERSONAL DATA UNLESS HE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH THE INTERESTS, RIGHTS AND FREEDOMS OF THE DATA SUBJECT, OR THE PROCESSING IS FOR THE PURPOSE OF ENFORCING, PURSUING OR DEFENDING LEGAL CLAIMS. IF YOUR OBJECTION IS AGAINST DIRECT ADVERTISING, YOU HAVE A GENERAL RIGHT TO OBJECT, WHICH WILL BE IMPLEMENTED WITHOUT ANY SPECIFIC CIRCUMSTANCES. IF YOU WANT TO USE YOUR RIGHT TO OBJECT, PLEASE SEND AN EMAIL TO: email@example.com