1) Information on the collection of personal data and contact details of the responsible person
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data is any data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Poulten & Graf GmbH, Karl-Carstens-Str. 10, 97877 Wertheim, Germany, Tel.: +49 (0)9342 / 922 90, e-mail: H.Fahrenkrog-Keller@poulten-graf.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 The data controller has appointed a data protection officer, who can be reached as follows: “Christian Schwab, Karl-Carstens-Str. 10, 97877 Wertheim, +49 (0)9342/9229-0, firstname.lastname@example.org”.
1.4 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the person responsible). You can recognise an encrypted connection by the string “https://” and the lock symbol in your browser line.
2) Data collection when visiting our website
During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymised form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or generally.
Please note that if you do not accept cookies, the functionality of our website may be limited.
When contacting us (e.g. via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5) Data processing for order handling
5.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b DSGVO.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you personally by suitable means of communication (e.g. by post or e-mail) about upcoming updates within the legally stipulated period of time within the framework of our statutory duty to inform pursuant to Art. 6 (1) lit. c DSGVO. Your contact details will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.
In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
5.2 Use of payment service providers (payment services)
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b DSGVO and only insofar as this is necessary for the payment processing.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
6) Page functionalities
6.1 Facebook plugins with Shariff solution
Our website uses so-called social plugins (“plugins”) of the social network Facebook, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with Facebook’s servers. When you click on the button, a new browser window opens and calls up the Facebook page where you can interact with the plugins there (if necessary after entering your login data).
6.2 LinkedIn plugin as Shariff solution
Our website uses so-called social plugins (“plugins”) of the online service LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with the servers of LinkedIn. When you click on the button, a new browser window opens and calls up the LinkedIn page on which you can interact with the plugins there (possibly after entering your login data).
6.3 Twitter plugin as Shariff solution
Our website uses so-called social plugins (“plugins”) of the microblogging service Twitter, which is operated by Twitter International Company, One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 Ireland (“Twitter”).
In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with the servers of Twitter. When you click on the button, a new browser window opens and calls up the Twitter page, where you can interact with the plugins there (possibly after entering your login data). Please note that when you interact with the plugin, information collected (including your IP address) is transmitted from your browser directly to a Twitter Inc. server in the USA and stored there.
For the purpose and scope of the data collection and the further processing and use of the data by Twitter, as well as your rights in this regard and setting options for protecting your privacy, please refer to Twitter’s data protection information: https://twitter.com/privacy
6.4 Google reCAPTCHA
On this website we use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland („Google“). This function is primarily used to distinguish whether an entry is made by a natural person or is abused by machine and automated processing. The service includes the sending of the IP address and, if applicable, further data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in determining individual personal responsibility on the Internet and the prevention of misuse and spam. The use of Google reCAPTCHA may also involve the transmission of personal data to the servers of Google LLC. in the USA.
Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the option described above for making an objection.
For the transfer of data from the EU to the USA, Google relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
7) Tools and miscellaneous
7.1 Cookie-Consent-Tool (Borlabs Cookie)
This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users in the form of an interactive user interface when they access the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. Through the use of the tool, all cookies/services requiring consent are only loaded if the respective user gives the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on the respective end device of the user if consent has been granted.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
Further legal basis for the processing is Art. 6 para. 1 lit. c DSGVO. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
7.2 – Wordfence
For security purposes, this website uses the “Wordfence” plugin, a service provided by Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”). The plugin protects the website and the associated IT infrastructure from unauthorised third-party access, cyber attacks and viruses and malware. Wordfence collects the IP addresses of users and, if necessary, other data on your behaviour on our website (in particular URLs called up and header information) in order to recognise and prevent illegitimate page accesses and dangers. In doing so, the collected IP address is compared with a list of known attackers. If the captured IP address is identified as a security risk, Wordfence can automatically block it from accessing the site. The information collected in this way is transferred to a server of Defiant Inc. in the USA and stored there.
The data processing described above is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security.
Defiant Inc. invokes the standard data protection clauses according to Art. 46 sentence 2 lit. c DSGVO as the legal basis for the transfer of data to the USA.
If website visitors have login rights, Wordfence also sets cookies (= small text files) on the respective end device used by the visitor. With the help of the cookies, certain location and device information can be read out, which enables an assessment of whether the login-authorised access originates from a legitimate person. At the same time, access rights can be evaluated via the cookies and released via a site-internal firewall according to the authorisation level. Finally, the cookies are used to register irregular access by site administrators from new devices or new locations and to notify other administrators of this.
These cookies are only set if a user has login rights. Wordfence does not set cookies for site visitors without login rights.
If personal data is processed via the cookies, the processing is carried out in accordance with Art. 6 Para. 1 lit f. DSGVO on the basis of our legitimate interest in preventing illegitimate access to the site administration and defence against unauthorised administrator access.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.wordfence.com/help/general-data-protection-regulation/.
8) Rights of the person concerned
8.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:
- Right to information pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to information pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent granted pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Article 77 of the GDPR.
8.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
9) Duration of the storage of personal data
The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, this data is stored until the data subject revokes his/her consent.
If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) DSGVO, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfilment or initiation of a contract and/or we have no justified interest in continuing to store it.
When processing personal data on the basis of Art. 6(1)(f) DSGVO, such data shall be stored until the data subject exercises his/her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6(1)(f) DSGVO, such data shall be stored until the data subject exercises his or her right to object pursuant to Art. 21(2) DSGVO.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.