Data Policy
1) Information, Presentation and Notes
We hereby inform you that we may collect, process and use personal data, in so far as necessary, through electronic data processing (EDP) for the purpose of establishing, modifying the content of or changing the purchase contract (contract of sale).
The fulfilment of the contract of sale, of which you as a customer are one of the contracting parties, represents permission at the level of European law for us to process your personal data (Art. 6 para. 1 lit. b DS-GMO).
We would like to notify you that we forward your details for the purchase contract, in so far as necessary, to Afterbuy (ViA-Online GmbH, Kimplerstraße 296, 47807 Krefeld, https://www.afterbuy.de).
Apart from this, we do not pass on your details to any further third parties. For more information or disclosure on the matter, please contact us at the address stated in the provider indentification (Impressum). We would like to inform you that according to Art. 12 Para. 2 no. 4 of the German Telemedia Act, you can revoke your permission for us to collect, process and use your data at any time with immediate effect for the future. You can also declare this revocation via e-mail. You will find our e-mail address in our provider indentification (imprint).
2) Google Analytics
This website uses the service “Google Analytics”, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), to analyse website use by users. This service uses “cookies” text files which are then stored on your terminal device. As a general rule, the information collected by cookies is usually sent to a Google server in the USA and is stored there. IP address anonymisation is used on this website. The IP addresses of users is cut off at member states of the EU and the European Economic Area. This limitation means that the personal data of your IP addresses is omitted. Within the framework of the order-related data processing agreement which the website operators have concluded with Google Inc., and with the support of information collected, an evaluation of the website usage and the website activity is created and services related to internet usage are provided.
You have the possibility to prevent cookies from being saved on your device if you adjust the settings of your browser. It is not guaranteed that you will be able to access all functions of this website if your browser does not allow cookies.
You can also use a web browser plug-in to prevent information collected by cookies (including your IP addresses) from being sent to and used by Google Inc. The following link takes you to the corresponding plug-in: https://tools.google.com/dlpage/gaoptout
Note: if you delete your cookies or use the privacy mode of your browser, or if you use a different browser, there is a chance that you may still be tracked and may have to repeat this process again.
You will find further information about how Google Inc. uses data here: https://support.google.com/analytics/answer/6004245
3) Profitmetrics
Profitmetrics ApS, hejreskov alle 2c, 3050 humlebæk, Denmark - is a web analysis tool for measuring and calculating profits from orders to make statistical measurements. Personal information shared includes: IP, name, E-mail address and browser information. Data is stored and processed within the EU.
4) Mircosoft Ads
Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads sets a cookie on your computer if you have accessed our website via a Microsoft Bing ad. In this way, we and Microsoft Bing can recognise that someone has clicked on an ad, been redirected to our website and reached a previously determined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user's identity is disclosed. If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies. Further information on the data protection policy and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/en-GB/privacystatement.
5) Hotjar
This website uses Hotjar (Hotjar Ltd., Dragonara Road, Paceville St Julian's STJ 3141, Malta), an all-in-one analysis and feedback tool that reveals the online behaviour and feedback of visitors to a website. We use this tool to evaluate and analyse visitor feedback (such as clicks, mouse movements, scrolling behaviour, etc.) in order to improve the functionality of our website and the overall user experience. By means of the “Tracking Code” and cookies, information about your visit to our website is transmitted to Hotjar and stored.
The following information recorded by your device and browser can be collected by the “Tracking Code”:
- IP address of your terminal device (collected and stored in anonymised format)
- size of the terminal device screen
- terminal type (individual terminal identifiers) and browser information
- geographical location (country only)
- language preferences when viewing the website.
The following log data can be collected by the "Tracking Code":
- referring domain
- pages visited
- geographical location (country only)
- language preferences when viewing the website
- date and time when the website pages were accessed
Hotjar uses cookies to collect non-personal information including standard internet log data and information about your behaviour patterns when visiting the pages of our website.
You have the option to opt out of the collection of your data by unsubscribing here: https://www.hotjar.com/legal/compliance/opt-out/
For more information on Hotjar's privacy policy, click here: www.hotjar.com/privacy
6) Adyen
Adyen is a payment technology service provider with a banking licence. This means that Adyen provides payment and financial services such as payment processing for customers and platforms by credit card, bank transfer and other payment methods, issuing of cards, provision of account services (for merchants), fraud detection and other services. Please note that Adyen N.V. (Simon Carmiggeltstraat 6-50, 1011 DJ in Amsterdam, The Netherlands) is supervised by the Dutch Central Bank as a regulated bank under Dutch law.
Adyen processes personal customer data in connection with the provision of payment processing. This data includes address data, account data and credit card data (encrypted according to PCI-DSS standards).
You can find more information about Adyen's data processing here: https://www.adyen.com/policies-and-disclaimer/privacy-policy
7) Newsletter
We offer you as our customer a newsletter in which we inform you about current events and offers. If you would like to subscribe to the newsletter, you must provide a valid e-mail address. By subscribing to the newsletter, you consent to receive the newsletter and to the explained procedures.
The newsletter is sent by the dispatch service provider CampaignPlus, a dispatch platform of the provider CampaignPlus GmbH, Wollmarktstrasse 115b, 33098 Paderborn, Germany. Information on the data protection provisions of the dispatch service provider can be found at: https://www.campaign.plus/datenschutzerklarung
Revocation and unsubscription: You can revoke your consent to receive the newsletter at any time and thereby unsubscribe from the newsletter. After you have unsubscribed, your personal data will be deleted. Your agreement to receive the newsletter will expire at the same time. At the end of each newsletter you will find the link to unsubscribe.
8) Varify
Data category: IP address, browser-specific data for establishing the connection.
Purpose: Further development and needs-based optimization of the website
Legal basis: Section 25 (2) sentence 2 TTDSG
Storage period: Your personal data is processed primarily for the technical execution of the A/B test. Personal data will be deleted after the A/B test has been carried out.
9) Meta Platforms
The service of Meta Platforms, Inc, 1601 Willow Road, Menlo Park, CA 94025, USA (Meta) or, if you are based in the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Meta), enables us to determine target groups for advertisements on the Meta platforms Facebook and Instagram on the basis of website visits and surfing behavior there. We also use this service to measure the effectiveness of online marketing measures. We can track the actions of users after they have seen and/or clicked on a Facebook or Instagram ad and then placed an order.
If you log in to Facebook/Instagram or are already logged in to Facebook/Instagram, your website visit will be noted in your profile. The collected user data is anonymous to us and therefore does not allow us to draw any conclusions about the user's identity. However, this data is stored and processed by Meta so that it is possible to draw conclusions about the user profile. Data processing by Meta is carried out in accordance with Meta's Data Usage Policy. If you are not a member of Facebook/Instagram, you are not affected by this data processing.
Privacy Statement according to the General Data Protection Regulation (GDPR)
I) Name and Address of the Data Controller
The data controller in line with the General Data Protection Regulation and other national data protection laws of other Member States as well as any other legal data protection regulations is:
B & W Handelsgesellschaft mbH
Thormeyerstr. 1
D - 01877 Bischofswerda
Germany
II) Name and Address of the Data Protection Supervisor
The Data Protection Supervisor of the data controller named above is:
Rechtsanwalt Wolfgang Wentzel
Fachkraft für Verwaltung und Wirtschaft der Diakonie (IHK)
Blasewitzer Str. 41
01307 Dresden
Germany
E-Mail: datenschutz@vhbw.de
III) General Information about Data Processing
III-a) Scope of Personal Data Processing
We fundamentally only collect and use the personal data of our users as is necessary to provide a functional website as well as content and services. The collection and use of the personal data of our users occurs on a regular basis but only with consent from our users. Exceptions may be made if it is not possible for practical reasons to obtain the permission and if the processing of the data is permitted by legal regulations.
III-b) Legal basis of Processing Personal Data
Provided that we obtain consent from the individual concerned (data subject) to process their personal data, Art. 6 Para.1 lit. a) of the General Data Protection Regulation (GDPR) serves as a legal basis for processing personal data.
With regard to the processing of personal data which is necessary for fulfiling a contract to which the contractual party is the data subject, Art. 6 Para.1 lit.b) of the GDPR serves as a legal basis. This is also valid for processing operations which are necessary for the execution of precontractual measures.
Provided that processing personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c) of the GDPR serves as a legal basis.
In the event that vital interests of the data subject or of another natural person require the processing of personal information, Art. 6 Para. 1 lit. d) of the GDPR serves as a legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the legitimie interests first mentioned, Art. 6 Para.1 lit. f) of the GDPR serves as a legal basis for the processing operation.
III-c) Deletion of Data and Duration of Storage
Personal data of the data subject will be deleted or suspended as soon as there is no longer a suitable purpose for its storage. Furthermore, storage can then occur if this has been stipulated by the european or national legislator in Union regulations, laws or other legislations which the responsible party is subject to. A suspension or deletion of the data can be carried out if the storage period expires through the mandatory norms mentioned, unless there is a necessity for further data storage for a conclusion of a contract or fulfilment of a contract.
IV) Contact Form, Feedback Form and E-mail Contact
IV-a) Description and Extent of Data Processing
If there is a contact form or feedback form available, it can be used for contacting us electronically. If a user decides to use this option all information which is entered into the form will be submitted to us and saved.
Alternatively it is also possible to contact us using the e-mail address provided. In this case all information which is submitted to us via e-mail by the user will be saved.
In this context no data will be forwarded to third parties. The information will exclusively be used for processing the conversation.
IV-b) Legal Basis for Processing Data
Processing of data shall be lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes in Art. 6 Para.1 lit.a) of the GDPR.
The legal basis for the processing of data which has been submitted in the course of sending an e-mail is Art. 6 Para.1 lit. f) of the GDPR. If the e-mail contact is targeted at concluding a contract, the additional legal basis for processing is Art. 6 Para.1 lit.b) of the GDPR.
IV-c) Purposes of the Processing
We only process personal data from the input fields in order to process establishing contact. The interest in processing data is also necessary and applicable in cases where contact is established via e-mail.
The other processed personal information which is processed when the form is sent is there to prevent the contact forms from being misused and to guarantee safety in our information technology systems.
IV-d) Duration of Storage
Information is deleted as soon as it is no longer necessary for achieveing the purpose of its collection. For personal data from input fields of the contact forms and those forms which have been sent via e-mail, this is then the case when the respective conversation with the user ends. The conversation is then only ended when it is clear from the circumstances that the data subject has conclusively resolved.
The additional personal data acquired in the sending process will be deleted after a period of seven days at the latest.
IV-e) Opt-Out Option and Withdrawal Possibility
The data subject always has the opportunity to withdraw his or her consent for personal data to be processed. If the data subject gets in contact with us via e-mail, they can also object to their personal data being stored at any time. In such a case, the conversation cannot be continued.
The following is a description of how the revocation of consent and the objection of storage can be carried out.
All personal data which has been stored upon establishing contact will be deleted in this case.
V) Rights of the Data Subject
If your personal data is being processed, you are the data subject in line with GDPR and you have the following rights against the person or organisation (data controller) accountable:
V-a) Right of Access
You have the right to obtain a confirmation from the data controller as to whether or not personal data concerning yourself is being processed.
If that is the case, you have the right to obtain access to the personal data and the following information from the data controller:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request rectification or deletion of personal data or restriction of processing of personal data from the data controller concerning the data subject or to object to such processing;
- the right to file a complaint with a supervisory authority;
- where personal data is not collected from the data subject, any available information as to its source;
- the existence of automated decision-making, including profiling, referred to in Art. 22 Para. 1 and 4 in the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data is transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
V-b) Right to Correction
You have the right to obtain the correction of inaccurate personal data concerning yourself from the data controller, who must carry out these changes without undue delay You also have the right to have incomplete personal data completed.
V-c) Right to Restriction of Processing
Under the following circumstances, you have the right to obtain a restriction on the processing of personal data concerning yourself from the data controller:
- If you contest the accuracy of the personal data for a period, enabling the controller to verify the accuracy of the personal data;
- If the processing is unlawful and you oppose the deletion of the personal data and request the restriction of its use instead;
- The controller no longer needs the personal data for the purposes of the processing, but you still require them for the establishment, exercise or defence of legal claims, or
- If you have objected to processing pursuant to Art.21 Para.1 in the GDPR pending the verification whether the legitimate grounds of the data controller override your legitimate grounds.
Where processing of personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained a restriction of processing personal data persuant to the conditions mentioned above, you shall be informed by the data controller before the restriction of processing is lifted.
V-d) Right to Deletion
A) Deletion Liability
You have the right to obtain the deletion of personal data concerning yourself without undue delay from the data controller, and the controller has an obligation to erase personal data without undue delay where one of the following reasons applies:
- The personal data concerning yourself is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw consent on which the processing is based according to Art. 6 Para 1 lit a) or Art. 9 Para 2 lit. a) in the GDPR, and where there is no other legal ground for the processing;
- You object to the processing pursuant to Art. 21Para 1 and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 in the GDPR;
- The personal data concerning yourself has been unlawfully processed
- The personal data concerning yourself has to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject
- The personal data concerning yourself has been collected in relation to the offer of information society services referred to in Art. 8 Para. 1 in the GDPR.
B) Information to Third Parties
If the controller has made the personal data public, they are obliged pursuant to Art. 17 Para. 1 in the GDPR to delete the personal data. Thereby the controller must take account of available technology and the cost of implementation in order to take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that you, as the data subject, have requested the deletion of any links to, or copies or replications of, such personal data by such controllers.
C) Exceptions
The right to deletion does not apply if the processing is necessary
- Exercising the right of freedom of expression and information;
- For compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in public interest or in the exercise of official authority vested in the controller
- For reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 lit. h) and i) as well as Art. 9 Para. 3 in the GDPR.
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Para 1 in the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- For the establishment, exercise or defence of legal claims.
V-e) Right to Information
If you have claimed the right to access, delete or restrict information by the data controller, they are obliged to inform all recipients of the personal data about the rectification or deletion of personal data or the restriction of the processing, unless this proves impossibe or would involve disproportionate efforts.
You have the right to request the responsible party to inform you about such recipients.
V-f) Right to Data Portability
You have the right to receive the personal data concerning yourself, which you have provided to a data controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to which the personal data has already been provided, where:
- the processing is based on consent pursuant to Art. 6 Para 1 lit. a) of the GDPR or Art. 9 Para 2 lit. a) of the GDPR or on a contract pursuant to Art. 6 Para 1 lit. b) of the GDPR and
- the processing is carried out by automated means.
In exercising this right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.The rights referred to here should not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in public interest or in the exercise of official authority vested in the controller.
V-g) Right to Object
You have the right to object at any time on grounds relating to your particular situation to the processing of personal data concerning yourself based on Art. 6 Para 1. lit. e) or f) of the GDPR, including profiling based on those provisions.
The data controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves for the establishment, exercise or defence of legal claims.
Where personal data concerning yourself is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning yourself shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
V-h) Right to Withdraw the Declaration of Consent
You have the right to withdraw your declaration of consent at any time. The withdrawal of consent shall not affect the llegal basis of processing based on consent before its withdrawal.
V-i) Automated Individual Decision-Making, including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and a data controller;
- is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
Decisions referred to shall not be based on special categories of personal data referred to in Art. 9 Para 1 of the GDPR, unless Art. 9 Para (2) lit. a) or g) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
V-j) Right to File a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to yourself infringes the General Data Protection Regulation.
The supervisory authority with which the complaint has been filed shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.