Privacy

DATA PRIVACY STATEMENT SIEGELWERK MANUFAKTUR

With this data privacy statement, we would like to educate you in accordance with the provisions of the EU Regulation 2016/679 (General Data Protection Regulation - GDPR) on the nature, extent and purpose of the processing of personal data in connection with our website.

I. Definitions

  1. “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  3. “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  4. “recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

 

II. General Information

1. Responsible Person/ Entity

    Siegelwerk GmbH
    Seidenstraße 57
    70174 Stuttgart

    Tel.  +49-711-7223668-0

    Fax +49-711-7223668-30

    Email info@siegelwerk.com

    We have not nominated a data protection officer and are also not obligated to nominate such a position.

    2. Legal Basis

      We process personal data based on at least one of the following statutory sources:

      • Permission of the data subject to the processing of this or her personal data concerning one or more specific purposes ( 6 Para. 1 S. 1 lit. a GDPR);
      • Completion of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract ( 6 Para. 1 S. 1 lit. b GDPR);
      • Compliance with a legal obligation we are subject to ( 6 Para. 1 S. 1 lit. c GDPR);
      • Protection of the vital interests of the data subject or of another natural person ( 6 Para. 1 S. 1 lit. d GDPR);
      • Protection of our legitimate interests or those legitimate interests of a third party ( 6 Para. 1 S. 1 lit. f GDPR)

      The respective legal basis of individual processing operations is referred to below in this data privacy statement.

      3. Disclosure of personal data to recipients

        We only share personal data with recipients (mandated processors of personal data or other third parties) to the extent necessary and only under one of the following conditions:

        • Permission of the data subject to the transfer of his personal data;
        • The transfer is necessary for the fulfillment of contractual obligations or in order to take steps at the request of the data subject prior to entering into a contract;
        • We are legally obligated to transfer the data;
        • The disclosure is based on our legitimate interests or those legitimate interests of a third party.
        4. Countries outside the EU

          The transfer of personal data to a country or an international organization outside of the European Union (EU) or the European Economic Area (EEA) is subject to a statutory or contractual permission. Such transfer shall only be applicable under the conditions set out in Article 44 et seqq. GDPR. Therefore such transfer of personal data shall only occur to a country which was granted an adequacy decision of the EU-Commission pursuant to Art. 45 GDPR, a country which has given guarantees to appropriately safeguard personal data pursuant to Art. 46 GDPR or has implemented binding corporate rules following Art. 47 GDPR.

          5. Rights of the data subject

            The data subject has the following rights:

            • pursuant to Art. 15 GDPR you have the right to request information about your personal data processed by us; you may also request information regarding the purposes for processing your personal data , the categories of personal data processed, the recipients or categories of recipients to whom your information has been or will be disclosed, the planned safeguarding period or the criteria for determining the safeguarding period, the provenance of your personal data if your personal data was not collected from you, the existence of automated decision-making, including profiling, and, where appropriate, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you, your right to rectification or deletion of your personal data, your right to limit such a processing or your right to object to such processing, the existence of a right to appeal to such processing in front of the supervisory authority; Finally, you have a right to know whether personal data has been transmitted to a country outside the EU or to an international organization and, if this is the case, the right to receive information about the measures taken for appropriate data security associated with such a transfer;
            • pursuant to Art. 16 GDPR, you have the right to obtain the rectification of inaccurate personal data stored with us without undue delay;
            • pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored with us, unless the processing of personal data is justified by the right of freedom of expression and information, for compliance with a legal obligation or for reasons of public interest or for the establishment, exercise or defense of legal claims;
            • pursuant to Art. 18 GDPR you can demand the limitation of the processing of your personal data, if and as far as the accuracy of the data is disputed by you, the processing is unlawful and you are opposed to the erasure of your personal data and request the restriction of the use of such data instead; and we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or you have objected to the processing in accordance with Art. 21 GDPR, but it has not yet been determined whether our legitimate reasons for the data processing outweigh your interest;
            • pursuant to Art. 20 GDPR you may request the transfer of the personal data you have provided us with in a structured, commonly used and machine-readable format and have the right to transmit this personal data to another controller;
            • pursuant to Art. 21 GDPR you have the right to object to the processing of your personal data at any time to, on grounds relating to your particular situation, or personal data is processed for direct marketing purposes and the legal basis for the processing of the personal data are the protection of our legitimate interests or those legitimate interests of a third party according to Art. 6 Para. 1 S. 1 lit. f GDPR;
            • pursuant to Art. 7 Para. 3 GDPR, you may at any time revoke your once given consent for processing your personal data to us. As a result of such a withdrawal, we are not allowed to continue processing your personal data in the future;
            • pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

            If you would like to assert your above data subject rights, you can contact us at any time using the contact details above

            6. Erasure and Limitation of Personal Data

              We erase personal data which we process according to the rules of Art. 17 GDPR and restrict the processing of personal data pursuant to Art. 18 GDPR. Insofar as this Data Privacy Statement does not stipulate otherwise, the personal data is deleted if this data is no longer necessary for the purposes for which the personal data was collected or otherwise processed and the deletion does not conflict with any statutory requirements of safeguarding this personal data. If personal data is required for legally permissible other purposes, it will not be erased but the processing of the personal data will be limited to such purpose. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, documents pursuant to § 257 Para. 1 Nr. 2 und 3 HGB and § 147 Para. 1 Nr. 2, 3, 5 AO will be safeguarded for 6 years, documents pursuant to § 257 Para. 1 Nr. 1 und 4 HGB and § 147 Para. 1 Nr. 1, 4, 4a AO will be safeguarded for 10 years.

              7. Cookies

                We have adopted the use Cookies for our website. Cookies are small text files that your browser automatically creates and are recorded on your device (laptop, tablet, smartphone, PC, etc.) when you visit our site. Cookies do not harm your device and do not contain any viruses or other malicious software. Cookies store information resulting in connection with the specific device in use. However, this does not result in an immediately knowledge of your identity. Cookies are mainly used to make our website offerings more user-friendly, effective and secure.

                We use session Cookies to recognize which webpages you have frequented during your visit on our website. Cookies also provide certain functionalities. Session cookies are deleted after the end of your visit to our website.

                In addition, we also use temporary Cookies that are stored on your device for a specific period of time to optimize usability of our website and to statistically evaluate the use of our offer. If you return to our website to take advantage of our services, the site will automatically recognize that you have frequented the website before, and which settings you have chosen and entries you have made, so that you do not need to reenter them.

                The data processed by Cookies are necessary for the protection of our legitimate interests or those legitimate interests of a third party according to Art.  6 Para. 1 S. 1 lit. f GDPR.

                The majority of browsers accept Cookies automatically. If you object to this routine browser setting, you can configure your browser so that no Cookies are stored on your device or a message is always displayed before a new Cookie is created. A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, e.g. at http://www.youronlinechoices.com/ or the deactivation page of the Network Advertising Initiative http://optout.networkadvertising.org. However, disabling Cookies may imply, that the usability of our website may suffer.

                 

                III. Individual processing operations

                1. Hosting

                  To make our website available to the public, we are engaging services provided by hosting companies, such as the supply of web servers, disk space, database services, security and maintenance services.

                  Thereby we are, respectively our hosting provider is, processing personal data of users of our website on the basis of our legitimate interests in an efficient and secure supply of our online offerings pursuant to Art. 6 Para. 1 lit. f GDPR.

                  2. Access Data and Log Files

                    When you access our website or one of the individual web pages, the browser on your device automatically is sending information to the server of our website. This information is stored in so-called log files by us or our hosting provider.

                    The following information is stored:

                    - IP address of the computer requesting access to our website,
                    - Date and time of the access,
                    - Name and URL of the retrieved file,
                    - Website from which access is made (referrer URL),
                    - The browser used and, if applicable, the operating system of your computer
                    - Name of your access provider.

                    This data is processed for the following purposes:

                    - Supply of our Internet offering including all functions and contents
                    - Enabling of an unobstructed establishment of a dial-up connection to the Internet
                    - Enabling a comfortable utilization of our website
                    - Ensuring system security and stability
                    - Anonymized statistical evaluation of visitors accessing our website
                    - Website optimization
                    - Disclosure to law enforcement authorities in the event of unlawful interference / attack on our systems
                    - Other administrative purposes.

                    The legal basis for the data processing is Art. 6 Para. 1 p. 1 lit. f GDPR. Our legitimate interest derives from the above data collection purposes. The collected personal data is never used for the purpose of drawing conclusions about a person.

                    3. Email Marketing to Customers

                      If you are a customer of us and we have received your email address in connection with the sale of a good or service, we are authorized to use your email address for purposes of direct marketing of similar goods or services. This only applies if you have not objected to such a use and we have explicitly informed you about the possibility to object to such a use when collecting the email address and every time we use your email address. The legal basis of the processing is our legitimate interest in direct marketing according to Art. 6 Para. 1 lit. f GDPR.

                      4. Newsletter

                        If you would like to receive our newsletter, we need your email address. The data processing for the purpose of sending you our newsletter is carried out pursuant to Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your voluntary consent by means of the so-called double opt-in procedure. Your email address will be used and stored for this purpose until you revoke your consent or unsubscribe from receiving the newsletter. The unsubscription from our newsletter is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can unsubscribe at any time by sending an email to the email address documented under II.

                        5. Registration / User Account

                          You have the opportunity to register on our website providing personal data. The registration is voluntary and is in accordance with Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your unsolicited consent. Which personal data is transferred thereby results from the respective input mask which is used for the registration. The personal data recorded will be used for the purposes of our offer as well as for contacting for information regarding supply and registration. A personal access allows you to look at your personal data and to make changes to these data. Your data will be stored until you delete the user account or instruct us to delete your data. Provided that we are obliged to retain your personal data on the basis of statutory retention periods, in particular tax and commercial law, the processing of your personal data will be restricted accordingly until the expiration of the retention periods and then the data will be deleted. 

                          If you register on our website or use the user account we store the IP address and the time of the respective use. The storage takes place on the basis of our legitimate interest according to Art. 6 Para. 1 p. 1 lit. f GDPR for the provision of our offer. The storage is also in your interest to protect you from misuse and other unauthorized use. A transfer of these data to third parties does not take place unless it is required to fulfill contractual obligations according to Art. 6 Para. 1 lit. b GDPR or for the prosecution of any claims to which we are entitled or there is a legal obligation according to Art. 6 Para. 1 lit. c GDPR.

                          6. Contract Data

                            In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations via our Internet offering which takes place at the request of the data subject, we process the data of the data subject required for the fulfillment of the contract. This includes:

                            • Data of the contractor, such as name, address and contact details, if applicable different delivery or billing addresses or recipients and if necessary the date of birth;
                            • Contractual data, such as subject of the contract, duration, customer category;
                            • Payment data, such as bank details, credit card data, payment history.

                            The legal basis for the data processing is Art. 6 Para. 1 p. 1 lit. b GDPR.

                            The data will be transferred to third parties only to the extent to fulfill pre-contractual and contractual obligation, e.g. to banks, payment service providers, credit card companies for the payment transaction and to shipping service providers for the dispatch of goods.

                             

                            IV. Online Shop

                              1. Shopify

                              Our online shop uses Shopify as its shop system. Provider is Shopify Inc., 150 Elgin Street, Suite 800, Ottawa, ON, K2P 1L4, Canda or rather Shopify International Ltd., 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 Xn32, Ireland (herafter “Shopify”). Data entered by you in our online shop are processed by Shopify on our behalf in accordance with Art. 28 GDPR.

                              For more information about how Shopify handles your personal data, please see the relevant privacy policy: https://www.shopify.com/legal/privacy.

                               

                              V. Payment Service Provider

                              1. PayPal

                                This website uses PayPal as a payment service provider. Provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter „PayPal“). PayPal assumes the function of an online payment provider as well as a trustee and provides buyer and seller protection services. In case of payment via PayPal, credit card via PayPal, debit via PayPal, or – if offered – purchase on account via PayPal your name, email address, purchased products, invoice amount, billing and shipping address will be transferred to PayPal within the scope of the payment. If the payment methods credit card via PayPal, debit via PayPal, or – if offered – purchase on account via PayPal are used, PayPal will, if applicable, request a credit rating query, to verify creditworthiness and minimize payment defaults when deciding on the release of the payment transaction. Probability values will be used for a credit rating query (so called score values), address data will be included into the calculation. Recognized mathematical-statistical methods are the foundation of calculating those score values. If the credit rating is insufficient, PayPal can reject the chosen payment method. Legal basis of the processing is Art. 6 Para. 1 lit. b GDPR.

                                If you disagree with the data transfer or you consider your credit rating is not suitable for the chosen payment method we ask you to use another payment method. For more information about how PayPal handles your personal data, please see the relevant privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

                                2. iPayment

                                  This website uses iPayment as a payment service provider. Provider is 1&1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereafter „1&1“). 1&1 assumes the function of an online payment provider and combines different third party payment systems which you can find under https://ipayment.de/technik/ipayment_zahlungsmoeglichkeiten.pdf. In case of payment via iPayment your name, purchased products or services, invoice amount, as well as billing and shipping address will be transferred to 1&1within the scope of the payment. In addition 1&1 performs an address validation. Legal basis of the processing is Art. 6 Para. 1 lit. b GDPR.

                                  For more information about how 1&1 handles your personal data, please see the relevant privacy policy:  https://hosting.1und1.de/terms-gtc/terms-privacy/

                                  3. Stripe

                                     This website uses Stripe as a payment service provider. Provider is Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA or rather Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereafter “Stripe”). Stripe assumes the function of an online payment provider. In case of payment via Stripe your name, purchased products or services, invoice amount, as well as billing and shipping address will be transferred to Stripe. Legal basis of the processing is Art. 6 Para. 1 lit. b GDPR. The data may also be processed on servers in the USA.

                                    Stripe has entered the EU/ U.S. PrivacyShield, has thereby committed to compliance with European privacy standards and therefore is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the United States. Information on Stripe’s commitment concerning the PrivacyShield can be found under:

                                    https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4&status=Active.

                                    For more information about how Stripe handles your personal data, please see the relevant privacy policy: https://stripe.com/us/privacy

                                     

                                    VI. Services of Google

                                      Provider of the following services of Google is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter „Google“).

                                      The legal basis for using the following services of Google are our legitimate interests according to Art. 6 Para. 1 lit. f GDPR.

                                      Google has entered the EU/ U.S. PrivacyShield, has thereby committed to compliance with European privacy standards and therefore is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the United States. Information on Google’s commitment concerning the PrivacyShield can be found under:

                                      https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

                                      For more information about how Google handles your personal data, please see the privacy policy of Google: https://www.google.com/intl/de/policies/privacy/.

                                      Informationen about the use of data for advertising purposes by Google, setting and contradictory options, you can found on these websites:

                                      https://www.google.de/policies/privacy/partners/
                                      https://www.google.de/policies/technologies/ads/
                                      http://www.google.de/settings/ads
                                      http://www.google.com/ads/preferences/

                                      1. Google Analytics

                                      This website uses Google Analytics by Google. Google Analytics uses cookies. Google collects data on the user visits of our Internet offering and their user behavior. These data serve the purpose to ensure a needs-based design and a continuous optimisation of our Internet offering, to  measure the success of marketing measures and to create statistical evaluations. In this context pseudonymised user profiles are created and cookies are used.  Information provided through a cookie about your usage of this website like browser type/version, utilized operating system, referrer-URL (before visited page), host name of the accessing computer (IP address), time of server request will be transmitted to a server of Google in the USA and stored there. User and event data will be deleted after 26 months. These information will also be transferred to third parties if required by law or if third parties process these data on behalf of us or Google. Under no circumstances will your IP address be merged with any other data of Google. IP addresses will be anonymized, therefore an allocation is impossible. You can avoid the storage of cookies by appropriately adjusting your browser software. Although in this case it might be possible that you will not be able to use all functions of this website. In addition, you may avoid the collection of data generated by the cookie and related to your use of the website to Google as well as the processing of these data by Google by downloading and installing a browser plugin that can be found under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can avoid data collection by Google Analytics by clicking the following link:

                                      Google Analytics deaktivieren

                                      to receive an Opt-Out-Cookie. This cookie ensures that in the future no visitors data from your browser will be collected and stored by Google Analytics when visiting this website. Caution: If you delete your cookies the Opt-Out-Cookie will be deleted as well and you may have to activate it again.