Data protection
We run our websites according to the following principles:
We undertake to comply with the legal provisions on data protection and strive to always take into account the principles of data avoidance and data minimization.
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:
PROTECT Laserschutz GmbH
Mühlhofer Hauptstrasse 7
90453 Nuremberg
Germany
Phone: +49 911 9644 31-0
Fax: +49 911 9644 31-181
Email: datenschutz@protect-laserschutz.de
Website: https://protect-laserschutz.de/
You can reach the data protection officer of the person responsible as follows:
SiDIT GmbH, Langgasse 20, 97261 Güntersleben, info@sidit.de
We have designed our data protection declaration according to the principles of clarity and transparency. However, should there be any ambiguity regarding the use of different terms, the corresponding definitions can be viewed here .
a) Processing of personal data according to the GDPR
We only process your personal data such as your surname and first name, your e-mail address and IP address, etc. if there is a legal basis for this. According to the General Data Protection Regulation, the following regulations in particular come into consideration here:
· Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given their consent to the processing of their personal data for one or more specific purposes.
· Art. 6 para. 1 sentence 1 lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is party, or for the implementation of pre-contractual measures that are taken at the request of the data subject.
· Art. 6 para. 1 sentence 1 lit. c GDPR: The processing is necessary to fulfill a legal obligation to which the person responsible is subject
· Art. 6 para. 1 sentence 1 lit. d GDPR: Processing is necessary to protect the vital interests of the data subject or another natural person
· Art. 6 para. 1 sentence 1 lit. e GDPR: the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible
· Art. 6 para. 1 sentence 1 lit. f GDPR: the processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child acts
However, at the relevant points in this data protection declaration, we will always point out the legal basis on which the processing of your personal data takes place.
b) Consent of the legal guardians according to Art. 8 Para. 1 S.2 Alt.2 GDPR
A legal guardian must agree to all data processing on this website for which the consent of a minor who has not yet reached the age of 16 is required.
Information on the individual data processing operations, their purposes and the data categories affected, for which the consent of the person concerned is required, can be found in the data protection declaration.
You can revoke your consent at any time by sending the declaration of revocation in text form to the contact details of the person responsible. The processing until the revocation remains lawful.
c) Processing of information according to § 25 Abs.1 TTDSG
We also process information in accordance with Section 25 (1) TTDSG by storing information on your terminal device or accessing information that is already stored on your terminal device. This can be both personal information and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses and IMEI numbers. Terminal equipment is any device connected directly or indirectly to the interface of a public telecommunications network for sending, processing or receiving messages, Section 2 Paragraph 2 No. 6 TTDSG.
We usually process this information on the basis of your consent, Section 25 (1) TTDSG.
As far as an exception according to § 25 Abs.2 Nr. 1 und Nr.2 TTDSG is given, we do not need our consent. One such exception is where we are accessing or storing the information solely to transmit a message over a public telecommunications network or where it is strictly necessary for us to provide a telemedia service that you have specifically requested. You can revoke your consent at any time.
We inform you that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the point of revocation
The transfer of personal data is also processing within the meaning of the previous paragraph 3. However, at this point we would like to inform you again separately about the topic of transfer to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.
It will therefore only be passed on to third parties if there is a legal basis for processing. For example, we pass on personal data to persons or companies who work for us as processors in accordance with Art. 28 GDPR. Processor is anyone who processes personal data on our behalf - i.e. in particular in an instruction and control relationship with us
In accordance with the requirements of the GDPR, we conclude a contract with each of our processors in order to oblige them to comply with data protection regulations and thus to provide your data with comprehensive protection.
Your personal data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation reasons of public interest or to assert, exercise or defend legal claims.
For security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the website operator, this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
We use cookies on our website. Cookies are small data packages that your browser creates automatically and that are stored on your end device when you visit our website. These cookies are used to store information related to the end device used.
When using cookies, a distinction is made between technically necessary cookies and “other” cookies. Technically necessary cookies are given if they are absolutely necessary to provide an information society service that you have expressly requested.
a) Technically necessary cookies
In order to make the use of our offer more pleasant for you, we use technically necessary cookies, these can be so-called session cookies (e.g. language and font selection, shopping cart, etc.), consent cookies, cookies to ensure server stability and security or similar .Act. The legal basis for the cookies results from Art. 6 Para. 1 S. 1 lit. f) GDPR, our legitimate interest in the error-free operation of the website and the interest in making our services available to you in an optimized way.
b) More cookies
Other cookies include cookies for statistical, analysis, marketing and retargeting purposes.
We set these cookies on the basis of your consent in accordance with Article 6 Paragraph 1 Sentence 1 lit. a) GDPR for you.
You can revoke your consent to the use of cookies at any time.
We inform you that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the point of revocation.
To do this, you can either edit your cookie settings on our website, deactivate the use of cookies in your browser settings (which can also limit the functionality of the online offer) or set an opt-out for the relevant service in individual cases .
We will point out the legal basis on which this data is processed for the respective services within the data protection declaration.
To obtain consent for the cookies we use, we use the cookie banner Tarte Au Citron from the service provider Amauri Champeaux , Siren 520 271 669, 4 rue leo Valentin, 34500 Béziers, France . This itself sets a so-called consent cookie in order to query and process the respective consent status. This consent cookie is technically necessary and is therefore used on the basis of our legitimate interest in accordance with Article 6 Paragraph 1 Sentence 1 lit. f DSGVO, § 25 Abs.1 TTDSG used.
a) External hosting
Our website is hosted by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany hosted. For this reason, all personal data that is recorded on our website is stored on the servers of our hoster, unless an external service from a third party is involved. This can be the IP address, your e-mail address, communication data or similar. You can find out which specific personal data is involved in the following with the individual functions and services we have explained. If we use an external service from a third party, this will be made clear in the description of the respective service or tool.
The host only processes your data on our instructions and insofar as this is necessary to fulfill the services on the website. The hoster does not process the data for its own purposes. We have concluded an order processing contract with them.
b) shop system
Pimcore GmbH, Söllheimer Straße 16, 5020, Salzburg, Austria to offer our goods .
The data you provide will therefore also be processed by our shop provider as part of the operation of the shop system. In addition, additional cookies may be set by the shop system.
For this reason, we have concluded a contract for order data processing with them.
Further information on data protection can be found at:
https://pimcore.com/en/about/privacy
When you visit our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer and the name of your access provider
The data mentioned are processed by us for the following purposes:
• Ensuring smooth connection establishment of the website
• Ensuring comfortable use of our website
• Evaluation of system security and stability
• Error analysis
• for other administrative purposes
Data that allow conclusions to be drawn about your person, such as the IP address, will be deleted after 7 days at the latest. If we store the data beyond this period, this data will be pseudonymized so that it can no longer be assigned to you.
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
d) contractual relationship
(1) conclusion of contract
As part of the establishment of the contractual relationship, according to Art. 6 Para. 1 p . 1 lit. b GDPR only processes the personal data that is absolutely necessary for the execution of the contract.
If you also provide voluntary information, this will only be processed on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit a DSGVO. We use this voluntary information to offer a customer-friendly service and to constantly improve it.
You have the option of creating a customer account with us. For this purpose, in addition to your personal data for contract processing, your other voluntary information and the purchases you have made from us in the past are stored and processed. You can call this up at any time and thus get an overview of the purchases you have made from us. This data is used so that you can simply log in with your login data the next time you make a purchase. It should also help you to control your purchasing activities.
The legal basis results from the consent you have given in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.
You have the option at any time to change or delete your data in the customer account and also to delete the account as a whole. If you make use of this function, your customer account and all the data it contains will be deleted immediately.
(3) Passing on the data for shipping
We pass on the data required for shipping our goods (first name and surname, address, e-mail address, telephone number if necessary due to the goods being shipped) to the relevant shipping service provider for notification/coordination of the delivery of the goods and for the delivery of the goods.
The legal basis for the transfer results from Art. 6 Para. 1 p . 1 lit. b GDPR.
In this context, we pass on your data to one of the following shipping service providers. You will then receive further information on the processing of your data from them:
UPS
UPS Europa SA , Ave Ariane 5, Brussels, B-1200, Belgium: https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page?
(4) Passing on of the data when using online payment service providers
If you decide to pay with one of the online payment service providers we offer as part of your order process, your contact details will be sent to them as part of the order placed in this way. The lawfulness of the transfer of data results from Art. 6 Para. 1 p . 1 lit. b GDPR, to carry out the payment method you have selected and our legitimate interests in accordance with Article 6 Paragraph 1 p . 1 lit. f GDPR to enable user-friendly and uncomplicated payment processing.
The personal data transmitted to the online payment service provider is mostly first name , last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to with the order, such as number of items, item number, invoice amount and tax percentage, billing information, etc.
This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administrate your payment and the customer relationship.
However, please note: The online payment service provider can also pass on personal data to service providers, subcontractors or other affiliated companies insofar as this is necessary to fulfill the contractual obligations arising from your order or the personal data is to be processed in the order.
Depending on the selected payment method, e.g. invoice or direct debit, the personal data transmitted to the provider will be transmitted to credit agencies. This transmission serves to check identity and creditworthiness in relation to the order you have placed. Which credit agencies are involved and which data is generally collected, processed, stored and passed on by the respective provider can be found in the respective data protection declarations of the providers:
PayPal
PayPal (Europe) S.à.rl . & Cie. SCA, 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
BSPAYONE
BS PAYONE GmbH, Lyoner Strasse 9, D-60528 Frankfurt/Main, https://www.payone.com/datenschutz/
e) contact form
We provide you with a form on our website so that you can contact us at any time. In order to use the contact form, it is necessary to provide a name for a personal salutation and a valid e-mail address to contact you so that we know who sent the request and can also process it.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided there and your IP address, will be processed in accordance with Article 6 Paragraph 1 p . 1 lit. b and f GDPR to carry out pre-contractual measures that take place at your request or to exercise our legitimate interest, namely to carry out our business activities .
The inquiries and the associated data will be deleted no later than 3 months after receipt, provided they are not required for a further contractual relationship.
f) Google Tag Manager
We use the Google Tag Manager from Google ( Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ) on our website. The Google Tag Manager is an administration and management tool in which other tracking and/or statistical tools can be centrally managed and played out.
When you visit our website and give your consent in accordance with Art. 6 Para . 1 S.1 lit. a) GDPR, the Google Tag Manager collects and processes your IP address, which can also be transmitted to the USA. However, the Google Tag Manager does not create a user profile or analyzes itself.
The Google privacy policy can be found here . https://www.google.com/policies/privacy/?hl=en
We use the analysis and tracking tools listed below on our website. These serve to ensure the continuous optimization of our website and to design it in line with requirements.
We use these tools on the basis of the consent you have given in accordance with Article 6 Paragraph 1 Sentence 1 lit. a GDPR. You can withdraw your consent at any time by changing the cookie settings. The processing until the revocation remains lawful.
The respective data processing purposes and data categories can be found in the corresponding tools. We would like to point out that we have no influence on whether and to what extent the service providers carry out further data processing.
We use Google Analytics on our website, a web analysis service provided by Google ( Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google").
· Name and version of the browser used
· operating system of your computer
· Website from which access is made ( referrer URL)
· IP address of the requesting computer
· Time of server request
are usually transferred to a Google server in the USA and stored there.
Your IP address is automatically anonymized by Google before being recorded across EU domains and servers. There is therefore no logging or storage of your IP address.
On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
We have concluded an order processing contract with Google.
Please click here for an overview of data protection at Google. https://support.google.com/analytics/answer/6004245
You have the following rights:
In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right to information includes information about
· the processing purposes
· the categories of personal data
· the recipients or categories of recipients to whom your data has been or will be disclosed
· the planned storage period or at least the criteria for determining the storage period
· the existence of a right to rectification, erasure, restriction of processing or objection
· the existence of a right of appeal to a supervisory authority
· the origin of your personal data, if they were not collected from us
· the existence of automated decision-making including profiling and, where appropriate, meaningful information on its details
According to Art. 16 GDPR, you have the right to immediate correction of incorrect or incomplete personal data stored by us.
c) deletion
According to Art. 17 GDPR, you have the right to request the immediate deletion of your personal data from us, provided that further processing is not necessary for one of the following reasons:
· the personal data are still necessary for the purposes for which they were collected or otherwise processed
· to exercise the right to freedom of expression and information
· to fulfill a legal obligation that requires processing under European Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller
· for reasons of public interest in the field of public health pursuant to Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 GDPR
· for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing
· to assert, exercise or defend legal claims
In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:
· You contest the accuracy of your personal data.
· The processing is unlawful and you oppose the erasure of the personal data.
· We no longer need the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims.
· You object to the processing in accordance with Art. 21 (1) GDPR.
If you have requested the correction or deletion of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 or Art. 18 DSGVO, we will inform all recipients to whom your personal data have been disclosed, unless this proves to be impossible or involves a disproportionate effort. You can request that we inform you of these recipients.
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format.
You also have the right to request the transmission of this data to a third party, provided that the processing was carried out using automated procedures and is based on consent in accordance with Art. 6 Para . 1 S. 1 lit. a or Art. 9 Para . 2 lit. a or on a contract pursuant to Art. 6 Para. 1 p . 1 lit. b DSGVO is based.
In accordance with Art. 7 Para. 3 GDPR, you have the right to revoke the consent you have given us at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.
According to Art. 77 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the GDPR.
If your personal data is based on legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO are processed, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying the particular situation. If you would like to make use of your right of revocation or objection, an e-mail to datenschutz@protect-laserschutz.de is sufficient
to be subject to a decision based solely on automated processing, including profiling , which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
i. is necessary for entering into, or the performance of, a contract between you and us
ii. is permitted on the basis of legal regulations of the European Union or the member states to which we are subject and these legal regulations contain appropriate measures to protect your rights and freedoms as well as your legitimate interests
iii. takes place with your express consent
Para . 1 DSGVO, unless Art. 9 Para. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in i) and iii), we take appropriate measures to protect your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision heard.
If we change the data protection declaration, this will be indicated on the website and the registered customers will be informed by e-mail.
Nuremberg, July 6th, 2023
