Data Privacy Statement
1. An overview of data protection
General
The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data (such as the internet browser, operating system or the point of time when you visit the page). These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.
If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmitted via the internet (for example via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
GREIFF Mode GmbH & Co. KG
Memmelsdorfer Str. 250
96052 Bamberg
Fon: +49 951 405-0
E-Mail: datenschutz@greiff.de
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (such as names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data protection officer
Statutory data protection officer
We have appointed a data protection officer for our company.
Stephan Eschenbacher
Phone: +49 911 401823
4. Data collection on our website
Cookies
Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.
Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (for example after fulfilling your request). Any mandatory statutory provisions – especially those regarding mandatory data retention periods – remain unaffected by this provision.
Mosparo (Captcha)
Processing
Mosparo only processes the data that is transmitted when the form data is checked. This includes
- The address and title of the website on which the form was filled out
- All data entered by the user in the form fields
- The user’s IP address and user agent
- The AS number and country of the IP address, provided that GeoIP2 is activated
Storage
All personal data stored for a submission is automatically encrypted. If someone were to gain unauthorized access to the mosparo database, they would be able to see all submissions, but not which data was entered for them, because the data is encrypted.
In some places, the user’s IP address is not stored in encrypted form. To enable the security measures, it is important that the system can search for the IP address. However, the non-encrypted IP addresses are stored as a hash and are no longer directly recognizable.
Other data that has nothing to do with the submissions (e.g. user accounts, settings, rules) is not stored in encrypted form.
Delete
All submissions are considered obsolete after 14 days. The next time a system cleanup is run, all obsolete data is automatically deleted. A system cleanup is either run automatically when a form is opened (requesting a submission code), when mosparo is used, or automatically by the cleanup action. However, the automatic cleanup action must be configured manually as a cronjob.
Entry codes (and the associated IP address) that have not been used are considered obsolete after 24 hours and deleted during the next system cleanup.
Hosting
We host Mosparo exclusively on our own servers, so that all Mosparo data remains with us and is not passed on.
5. Analytics and advertising
Matomo
This website uses the open source web analytics service Matomo. Matomo uses technologies that enable the recognition of the user across pages for the analysis of user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server.
With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising.
IP anonymisation
We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before analysis so that it can no longer be clearly assigned to you.
Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
Plausible
This website also uses the open source web analytics service Plausible.
Plausible pays attention to absolute data economy: no cookies or personal data (IP) or data that make personally identifiable are stored. The information collected by Plausible about the use of this website is stored on our own servers in Germany. With the help of Plausible, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which countries they come. We also collect various log files (e.g. referrers, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
Hosting
We host Plausible exclusively on our own servers so that all analysis data remains with us and is not passed on.
6. Newsletter
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information.
For this purpose, we pass the data on to our service provider Sendinblue GmbH, Köpenicker Str. 136, 10179 Berlin. This service provider processes the data on our behalf. A contract for order processing according to Art. 28 has been concluded.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe”- Link in the newsletter. The data processed before we receive your request may still be legally processed.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
7. Plugins und Tools
YouTube
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under: https://policies.google.com/privacy?hl=en.
Adobe Typekit
This site uses the Adobe Typekit service for the uniform display of fonts. When you visit our site, your IP address and other technical data are transmitted to Typekit. The use of Adobe Typekit Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.
Further information on Adobe Typekit Web Fonts can be found at https://typekit.com/ and in the Adobe Typekit privacy policy: https://www.adobe.com/privacy/policies/adobe-fonts.html
OpenStreetMap
This site uses the open source mapping tool “OpenStreetMap” (OSM) via an API. The provider is the OpenStreetMap Foundation. To use the functions of OpenStreetMap, it is necessary to store your IP address. This information is usually transmitted to a server of OpenStreetMap and stored there. The provider of this site has no influence on this data transmission. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website.
This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. More information on the handling of user data can be found on the OpenStreetMap data protection page and here https://wiki.openstreetmap.org/wiki/Legal_FAQ.
7. Payment services
Payment services
We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of processing the payment. For these transactions, the respective contract and data protection provisions of the respective providers apply. The use of the payment service providers is based on Art. 6 para. 1 lit. b DSGVO (contract processing) and in the
Interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f DSGVO). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a DSGVO is the legal basis for data processing; consents can be revoked at any time for the future.
We use the following payment services / payment service providers within the scope of this website:
PayPal
Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). For details, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
Instant bank transfer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as
“Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have chosen the payment method “Sofortüberweisung”, you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, it also automatically checks your turnover, the credit line of the overdraft facility and the existence of other accounts and their balances. In addition to the PIN and the TAN, the payment data you have entered as well as data about yourself are also transmitted to Sofort GmbH. The personal data is your first and last name, address, telephone number(s), e-mail address, IP address and, if necessary, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts. Details on payment with Sofortüberweisung can be found in the following links:
https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/
Purchase on account (Ratepay)
The provider of this payment service is Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin. For this purpose GREIFF assigns the claim to Ratepay. Therefore, the payment of the customer is to be made to Ratepay. For this purpose, the necessary data are transmitted to Ratepay.
For details on payment with Ratepay, please refer to the following links: https://www.ratepay.com/datenschutz/