VII. Plugins and Tools
Our website uses plugins from the Google-powered YouTube page. Site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit one of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. It tells the YouTube server which of our pages you've visited.
If you're logged into your YouTube account, YouTube will allow you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
2. Google Maps
This site uses the mapping service Google Maps via an API. The service provider is Google Inc, 1600 Amphitheater Parkway Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored on a Google server in the United States. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of appropriate presentation of our online offers and an easy locatability of the places we specify on the site. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
For more information about how to handle user data, please refer to: https://www.google.com/intl/en/policies/privacy.
VIII. Credit assessment
In the context of this contractual relationship, we transfer personal data collected on the application, the execution and termination of this business relationship as well as data on non-contractual behaviour or fraudulent behaviour to CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich.
The legal bases of these transfers are Article 6 (1) (b) and Article 6 (1) (f) of the General Data Protection Regulation (GDPR). Transfers pursuant to Article 6 (1) (f) GDPR may only be made to the extent necessary to safeguard the legitimate interests of our company or third parties and not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data. The data exchange with the CRIFBÜRGEL also serves the fulfilment of legal obligations to carry out creditworthiness checks of customers (§ 505a and 506 of the Civil Code).
CRIFBÜRGEL processes the data received and also uses it for the purpose of profiling (scoring) in order to provide its contracting partners in the European Economic Area and in Switzerland and, if applicable, other third countries (if there is an adequacy decision by the European Commission) information on, inter-alia, the evaluation of the creditworthiness of natural persons. Further information on the activities of CRIFBÜRGEL can be found in the CRIFBÜRGEL Information Sheet or viewed online at
IX. Rights of the person concerned
If personal data are processed by you, you are a person concerned within the meaning of the GDPR and you have the following rights to the person responsible:
1. Right to Information
You may ask the person in charge to confirm if personal data concerning you is processed by us.
If such processing is available, you can request information from the person responsible about the following information:
(1) The purposes for which the personal data are processed;
(2) The categories of personal data that are processed;
(3) The recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) The planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) The existence of a right of appeal to a supervisory authority;
(7) All available information on the source of the data if the personal data are not collected from the data subject;
(8) The existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.
2. Right to rectification
You have a right to rectification and / or completion related to the controller, if the personal data related to you is incorrect or incomplete. The controller must make the correction without delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) If you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
(2) The processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
(3) The controller no longer requires personal data for the purposes of processing, but you need them for the purposes of asserting, exercising or defending legal claims, or
(4) If you objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller prevail over your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, the controller will inform you before the restriction is lifted.
4. Right to deletion
a) Obligation of deletion
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately, if any of the following is true:
(1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent to the processing gem. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal basis for processing.
(3) In accordance with Article 21 (1) of the GDPR, you object to the processing and there are no prior justifiable grounds for processing, or you submit opposition to processing in accordance with Art. 21 (2) GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data concerning you is required to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the person responsible has made public the personal data relating to you and is obliged to delete them in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical ones, to inform data controllers, taking into account the available technology and the implementation costs informing that you, as the data subject, have requested the deletion of all links to such personal data or of copies or replications of such personal data.
The right to deletion does not exist if the processing is necessary
(1) To exercise the right to freedom of expression and information;
(2) To fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of public authority delegated to the controller;
(3) For reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
(4) For archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in sub-paragraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) To assert, exercise or defend legal claims.
5. Right to Information
If you have the right of rectification, deletion or restriction of processing to the controller, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.
You have a right related to the controller, to be informed about these recipients.
6. Right to Data Portability
You have the right to receive personally identifiable information relating to you provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the controller for providing the personal data, provided that
(1) The processing s based on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR and
(2) The processing is done using automated procedures.
In exercising this right, you also have the right to demand that personal data relating to you be transmitted directly from one controller to another controller, as far as technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right of objection
You have the right at any time, for reasons arising from your particular situation, against the processing of personal data concerning you, which, pursuant to Art. 6 para. 1 lit. e or f GDPR takes the form of an objection; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision on an individual basis including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
(1) Is required for the conclusion or performance of a contract between you and the controller,
(2) Is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) With your express consent.
However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and challenge the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you is in violation of the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
11. Automated decision-making
There is no automated decision-making based on personal data collected.
12. Data security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities. Your personal data will be transmitted encrypted by us. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (for example, when communicating by e-mail) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible. To safeguard your data, we maintain technical and organizational security measures that we always adapt to state-of-the-art technology. We also do not accept liability that our offer will be unavailable at specific times; Disturbances, interruptions or failures cannot be excluded. The servers we use are regularly and carefully backed up.
13. Transfer of data to third parties, no data transfer to non-EU countries
In essence, we only use your personal data within our company.
If and to the extent that we engage third parties in the performance of contracts (such as logistics service providers), these personal data will only be received to the extent that the transmission is required for the corresponding service. In the event that we outsource certain parts of the data processing ("order processing"), we contractually obligate processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject's rights. Data transmission to agencies or persons outside the EU outside the cases mentioned in this declaration does not take place and is not planned.