§ 1 Information About the Acquisition of Personal Data
The below is to inform you about the acquisition of personal data when using our website. Personal data is all data that refers to you personally, e.g. name, address, email address, user behaviour.
The party responsible according to Art. 4 par. 7 of the EU General Data Protection Regulation (GDPR) is:
represented by the General Manager, Marek Odzimek
Westhafenstr. 1 (Rundbau)
For matters relating to privacy protection, you may also reach us at: email@example.com or via our postal address.
When contacting us via email or via a contact form, the data you provide (e.g. your email address, where applicable, your name, address and your telephone/fax number) will be stored by us in order to answer your questions. Any data collected therein will either be deleted once storage is no longer necessary, or its processing will be reduced should there be any legal obligation to retain said data.
If, for individual features of our offer, we use authorised vendors or wish to use your data for advertising purposes, we will inform you about the individual procedures in detail as mentioned below. At the same time, we will also state the determined criteria of the duration of storage.
§ 2 Your Rights
You have the following rights with regards to your personal data:
– right of information,
– right of correction or deletion,
– right of limitation of data processing,
– right of objection against data processing,
– right of data transferability.
Moreover, you have the right to file a complaint about our processing of your personal data with any data protection supervisory body.
§ 3 Acquisition of Personal Data While Visiting Our Website
When using our website solely for information purposes, i.e. when you are not registering or otherwise submitting data, we only collect the personal data your browser submits to our server. If you wish to look at our website, we collect the following data necessary to display our website to you and assure its stability and security. (The legal basis is Art. 6 par. 1 p. 1 lit. f GDPR):
– date and time of query
– time zone difference to Greenwich Mean Time (GMT)
– content of request (concrete page)
– access status/HTTP-status code
– currently transferred data volume
– website originating the request
– operating system and its interface
– language and version of browser software.
In addition to the aforementioned data, cookies are stored on your computer while using our website. Cookies are small text files held in dedicated storage on your hard drive by your browser. The spot the cookie assigns (in this case by us) receives certain information. Cookies can neither execute programmes nor transmit viruses. They serve to make the internet overall more user-friendly and effective.
a) This website uses the following types of cookies whose extent and operating mode will be explained hereafter:
– transient cookies (see b)
– persistent cookies (see c).
b) Transient cookies are deleted automatically when you close the browser. Among these cookies are session cookies. These cookies store a so-called session ID, which is used to assign the different queries of your browser to the joint session. That way, your computer can be recognised when you return to our website. These session cookies are deleted once you log out or close the browser.
c) Persistent cookies are deleted automatically after a predetermined period, a period that can differ depending on the cookie. You can delete these cookies in your browser’s security settings at any time.
d) You can configure your browser settings according to your wishes and, for instance, reject third-party cookies or all cookies. We inform you, however, that you may not be able to use all of the features of our website.
e) We employ cookies in order to identify you during follow-up visits if you have an account with us. Otherwise you will have to log in for every visit.
f) We use HTML5 storage objects that are stored on your end device. These objects store the necessary data independent of your browser and do not have an automatic expiration date. You can prevent the use of HTML5 storage objects by employing the privacy mode in your browser. In addition, we recommend that you delete your cookies and clear the browser history manually at regular intervals.
§ 4 Additional Features of Our Website
Aside from information, we offer various services that may be of interest. Using the contact form on our website, you may get in touch with us. To that end, you usually have to provide additional personal data, which is necessary for us to get in touch with you. The data entered into the input mask is transmitted to us and stored. Aside from the IP-address, the date and time are stored and transmitted in the process.
During the dispatching process, we request your consent and refer to this data protection declaration in order to process data. (The legal basis is Art. 6 par. 1 lit. f GDPR. If the email contact aims to finalise a contract, additional legal basis for the processing will apply in the form of Art. 6 par. 1 lit. b GDPR). Alternatively, we may be contacted via the email address provided. In that case, the personal data that is transmitted along with the email address is stored. (When user’s consent is provided, the legal basis is Art. 6 par. 1 lIT. a GDPR).
The acquired data is deleted as soon as it has served its purpose. The data sent via contact form and/or email address will be deleted once a particular conversation with the user has ended or the end of the conversation can be deduced from the circumstances. The additional personal data acquired during the dispatching process is deleted within seven days at the latest. Some of the processing of your data is done by external vendors. These vendors have been chosen carefully and commissioned, and are both bound by our instructions and monitored regularly.
The above-mentioned fundamentals of data processing also apply here.
§ 5 Objection against or Retraction of the Processing of Your Data
If you have consented to the processing of your data, you can retract said consent at any time. Such a retraction has a bearing on the permissibility of the processing of your personal data after said retraction has been made.
The extent to which we base the processing of your personal data on the balance of interest, you can object to said processing. Such is the case particularly when the processing is not necessary for the completion of a contract with you, which will be shown in each case in the adjoining description of the features. When objecting, we request that you state the reasons as to why we should not process your personal data in the manner in which we did. In case of well-founded objections, we will either cease or adjust the data processing, or we will present you with compelling reasons worthy of protection as to why we will continue the processing.
Naturally, you may object at any time to the processing of your personal data for the purposes of advertising and data analysis. You may inform us about your advertising objection via the following contact details:
Westhafenstr. 1 (Rundbau)
Telephone: +49 (0)30 / 39 40 53 76
Email: datenschutz@ alfako.de
Manager: Marek Odzimek
§ 6 Use of Our Web Shop
If you wish to order from our web shop, it is necessary for the contract conclusion that you provide us with personal data needed for the processing of your order. Required information necessary for the implementation of the contract is marked separately, additional information is voluntary. We use the data you provide in order to process your order.
To that end, we may relay your data to the commissioned forwarder, assuming relaying your data is necessary for the delivery of the order. The transmission only encompasses data necessary for the delivery of the order. The legal basis for this is Art. 6 par. 1 p. 1 lit. b GDPR.
Furthermore, we may process the data you provide in order to inform you about additional interesting products from our portfolio or send you emails with technical information.
Commercial and fiscal guidelines obligate us to store your address, payment and order data for a period of ten years. After two years, though, we restrict processing, i.e. your data will only be used to fulfil our legal obligation.
For the prevention of unauthorised access of your personal data (especially financial data) by third parties, the order transaction is encrypted using SSL-technology.
§ 7 Transfer of Personal Data for Payment Processing
For payments via PayPal or – if offered – credit card via PayPal, direct debit via PayPal and “purchases on account” via PayPal, we pass on your payment data to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter “PayPal”) for the purposes of processing the payment. When paying via PayPal, the bank details you provide to PayPal are used for payment by PayPal. We do not have access to this data.
PayPal reserves the right to conduct a credit check for credit card payments via PayPal, direct debit via PayPal and – if offered – “purchases on account” via PayPal. PayPal uses the result of the credit check to statistically ascertain the non-payment probability in order to decide whether to approve a payment method. The credit check may contain probability values, so-called score values. As far as score values enter into the result of the credit check, they are based on a scientifically recognised mathematical-statistical process. Among others, address data is entered into the score values. For further data protection information, including the credit agencies used, please refer to PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
When making payments via SOFORT transfer, the SOFORT AG transmits to your bank the online-banking data (PIN and TAN-codes), which you enter into their digital money transfer form in the process of ordering, in order to execute the transfer; they do so using encryption. Neither we nor the SOFORT AG will store your online banking data.
§ 8 Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google“). Google Analytics use so-called “cookies“, text files stored on your computer that enable an analysis of your use of the website. The information about the use of this website that the cookie generates is usually transmitted to one of Google’s servers in the United States and stored there. In case the IP-anonymisation is activated on this website, Google will truncate your IP-address within the EU-member states or other signatory states of the treaty of the European economic region. Only in exceptional cases will the full IP-address be transmitted to one of Google’s servers in the United States and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website in order to assemble reports about the website’s activities and to provide to the website operator further services connected to website and internet use.
The IP-address transmitted from your server in the context of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies through an appropriate setting of your browser software; we point out, however, that in that case not all features of this website are fully usable. Furthermore, the acquisition of data generated and connected to your use of the website (incl. your IP-address) by the cookie and transfer to Google as well as the processing of said data by Google may be prevented by downloading and installing the browser plug-in from: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension „anonymizeIp()“. IP-addresses will thereby be processed in a truncated manner, precluding the identification of an individual. As far as a reference to an individual is attributable via the data collected on you, the reference will be precluded and said data will thereby immediately be deleted.
We use Google Analytics in order to analyse and regularly improve the use of our website. Using the obtained statistics, we can improve our offer and make it more interesting for you, the user. In the exceptional event that personal data is transmitted to the United States, Google submits to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 par. 1 p. 1 lit. f GDPR.
Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User terms: http://www.google.com/analytics/ terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.
Objection to Data Collection
You can keep Google Analytics from collecting data on you by clicking on the following link. An opt-out cookie is placed preventing the collection of your data for future visits of this website: deactivate Google Analytics.
More information about the handling of user data at Google Analytics can be found in the data protection declaration of Google: https://support.google.com/analytics/answer/6004245?hl=de.
§ 9 Plugin and Tools
Web Fonts of Adobe Typekit
In order to display fonts uniformly, this page uses so-called web fonts provided by Adobe Typekit. When requesting a page, your browser loads the necessary web fonts in your browser cache in order to display texts and fonts correctly.
To that end, your browser needs to contact the servers of Adobe Typekit. In doing so, Adobe Typekit becomes aware that our website is visited via your IP-address. Adobe Typekit web fonts are used in order to assure a uniform and appealing presentation of our online offer. This presents a justified interest per Art. 6 par. 1 lit. f GDPR.
If your browser does not support web fonts, your computer will choose a standard font.
For further information about Adobe Typekit web fonts, please visit: https://typekit.com/ and the data protection declaration of Adobe Typekit: https://www.adobe.com/de/privacy/policies/typekit.html
§ 10 Data Security
On our website, we use the wide-spread Secure Sockets Layer-process (SSL), using the highest encryption your browser supports. Usually, this entails a 256-bit encryption. Should your browser not support said encryption, we will resort to 128-bit v3 technology for encryption. The closed key or closed lock symbol on the status bar of your browser indicates that individual pages of our web presence are transmitted using encryption. Apart from that, we use appropriate technical and organisational security measures to secure your data against incidental or deliberate manipulation, loss, destruction or against unauthorised access by third parties. Our security measures are regularly adjusted and improved as technology advances.
§ 11 Topicality and Amendment of This Data Protection Declaration
This data protection declaration is currently valid as of 24 May 2018.
Due to further development of our website or changing legal or regulatory requirements, it may become necessary to amend this data protection declaration. You may always retrieve the most current version of our data protection declaration from our imprint via: https://alfako.de/datenschutzbelehrung/.