Privacy Notice - WERNS GmbH


Privacy Notice - WERNS GmbH 
 General 
 As a rule, our website can be used without providing personal data. When you are asked to provide personal data on our website (e.g. name, address or email address), this is generally on a voluntary basis as far as possible. Your personal data will not be passed on to third parties without your express prior consent. Please note that there may be security gaps when transferring data on the internet (e.g. email communication) so that uninterrupted protection of the data from third party access is not possible. We expressly object to third parties using the contact data we publish in accordance with our legal obligation to name the website provider and the data protection officer to send us advertising and information materials we have not expressly requested. The website provider expressly reserves the right to take legal action in the event of unsolicited sending of advertising information, e.g. spam emails.  Name and contact data of the controller  The controller responsible for data processing on this website is: WERNS GmbH Feldstiege 60 48161 Münster E-Mail: say@hi-werns.com Website: hi-werns.com  Contact data of our external data protection officer  H. Sadat DSB Münster GmbH Martin-Luther-King-Weg 42 – 44 48155 Münster Germany Tel.: +49 251 71879110 Fax: +49 251 71879290 E-Mail: datenschutz@dsb-ms.de Scope of personal data processing We will only process your personal data if necessary to provide a functioning online store, our content and our services. Personal data will be processed only after we have obtained your consent. An exception applies only in cases where obtaining your prior consent is effectively not possible and the data processing is permitted by law. Legal basis for processing personal data Where we request your consent for data processing, Art. 6 (1)) point ((a) GDPR is the legal basis. Where processing serves the performance of a contract or steps prior to entering into a contract to which you are a party, the legal basis is Art. 6 (1)) point ((b) GDPR. Where processing is necessary for compliance with a legal obligation, it is based on Art. 6 (1) point (c) GDPR. Where processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and these interests are not overridden by your interests or fundamental rights and freedoms after adequate balancing, Art. 6 (1)) point ((f) GDPR is the legal basis for processing. Data erasure and storage period Your personal data will be deleted or blocked as soon as the data is no longer necessary in relation to the purposes for which is was stored. Storage can nevertheless be continued if expressly stipulated by the European or national legislator in regulations, laws or other rules of Union law to which we as data controller are subject. The data can also be blocked or deleted when a storage period that is mandatory under the above-stated legislation expires, unless the continued storage of data is necessary in the context of a contract or the intention to enter into a contract. Provision of the website and creation of logfiles  Every time our website is accessed, our system automatically collects data and information about the inquiring computer. In this context, the following data are collected, for example: the user’s IP address, the date and time of access, the operating system used. The data is additionally saved in the logfiles of our system. It is not linked with other personal data of the user.  The legal basis for temporary storage of the data is Art. 6 (1)) point (f) GDPR. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. The data will be deleted as soon as they are no longer necessary in relation to the purpose for which they were collected. Where the data are collected for the purpose of providing the website, this is the case when the session is terminated. Collecting data for the purpose of providing the online store and the storage of the data in logfiles is indispensable for the operation of the website. Therefore, the user does not have the possibility to object. Cookies Our website uses cookies. Cookies are text files that are stored on your computer when you access our website. This cookie contains a distinctive string of characters that enables our browser to clearly identify your computer the next time you access our website. We use cookies to make our website more user friendly. Some of the elements of our website require identification of the inquiring browser when you change the page. During this process, the following data are stored in the cookies and transmitted: your preferred language, items in your shopping basket and logon information. The data thus collected is pseudonymised by technical precautions to prevent identification of the user by reference to the data. The legal basis for processing personal data through the use of cookies is Art. 6 (1)) point (f) GDPR. The purpose of using technically necessary cookies is to make use of our website easier. Some of the features of our website cannot be provided without the use of cookies. We need cookies for the following applications: the shopping basket, for implementing language settings, and remembering searched terms. The user data generated with technically necessary cookies is not used to create profiles. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. Cookies already saved can be deleted at any time. This can be done automatically. If cookies are deactivated for our website, full use of all features of the website may no longer be possible. Newsletter You can subscribe to a free newsletter on our website hi-werns.com. When registering for the newsletter, the email address entered in the entry box will be transmitted to us. The following additional data is generated on registration: the IP address and the time of registration.  When registering you will be asked to consent to the processing of the data with reference to the present Privacy Notice. When you buy goods or services on our website and enter your email address in the process, we may subsequently use it to send you a newsletter. In that event, the newsletter will be used only to send you direct advertising for our similar goods or services. No data will be passed on to third parties in connection with the processing of data for the newsletter. The data will be used solely for sending the newsletter. If you have consented, the legal basis for processing the data after you have registered is Art. 6 (1)) point (a) GDPR. The legal basis for sending the newsletter following a purchase of goods or services is § 7 (3) UWG. The user’s email address is generated to send the user the newsletter. Additional personal data are generated during registration to prevent misuse of the service or the email address. Your email address / the user’s email address is therefore stored for as long as the newsletter subscription is active. You can cancel the newsletter subscription at any time by revoking your consent. Each newsletter contains a link for that purpose. Registration on our website On our website, we give you the possibility to register. For this purpose, you need to enter personal data in an entry box which are then transmitted to us and stored by us. The data will not be transmitted to any third parties. The following data will be generated during the registration process: email address, title, first name, surname, phone no., address, post code, city and country. At your option you can provide us with the following data: different shipping address: address, post code, city and country. In addition, the following data are stored at the time of registration: IP address, the date and time of registration. During the registration process you will be asked to consent to the processing of the data. If you consent, the legal basis for the processing of the data is Art. 6 (1)) point (a) GDPR.  If registration serves the performance of a contract or steps prior to entering into a contract the additional legal basis for processing the data is Art. 6 (1)) point (b) GDPR. Registration is necessary for providing certain content and services on our website. It is also necessary for performing a contract or steps prior to entering into a contract. The collection of the data serves to protect our services and our business partners. Your data will be deleted at your request as soon as they are no longer necessary in relation to the purpose for which they were generated. This is the case when the registration on our website is cancelled or changed. It is also possible when the data is no longer necessary for performing the contract. Storing personal data can be necessary even after the contract has been concluded in order to perform contractual or legal obligations. As a user, you have the possibility to cancel your registration at any time. You can change or correct the stored data concerning you at any time. To delete your account please send an email to: say@hi-werns.com. If the data are necessary to perform a contract or steps prior to entering into a contract, premature deletion of the data is only possible if no contractual or legal obligations prevent such deletion. Contact form and email contact On our website you can send us questions using a contact form. If you make use of this possibility, the data you enter in the contact form will be transmitted to us and stored. The data concerned are: your name, email address and the text of the questions. At the time of sending the message, the following data are stored in addition: the IP address, date and time of registration, your name and your email address. You will be requested to consent to the processing of the data during the sending process, with reference to the present Privacy Notice. Alternatively, you can contact us using the email address provided. In this case, your transmitted personal data will be saved.  In this context, no data will be transmitted to third parties. The data will be used exclusively for processing the conversation. If the user consents, the legal basis for processing the data is Art. 6 (1) point (a) GDPR. The legal basis for processing data that is transmitted when an email is sent is Art. 6 (1) point (f) GDPR. If the objective of the email communication is the conclusion of a contract, the additional legal basis for processing is Art. 6 (1) point (b) GDPR. Processing the personal data collected in the text field solely serves us to process the contact made. This is also the legitimate interest in processing the data, in the event contact is made by email. The other personal data processed during sending serve to prevent abuse of the contact form and ensure the safety or our information technology systems. Your data will be erased once the purpose of their generation no longer applies. This is the case, where personal data obtained from the text field in the contact form and those sent by email are concerned, when we can assume that the matter in question has been finally resolved. Additional personal data collected during the sending process will be deleted after seven days at the latest. You can revoke your consent to the processing of your personal data at any time. All personal data stored during the process of making contact will be erased at your request. Use of the payment service provider Unzer GmbH To process your payments, in particular but without limitation in the case of purchases on account and secured direct debits, we use the payment service provider Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg. For this purpose, we transmit your data to the service provider.  Transmission takes place in accordance with Art. 6 (1) point (b) GDPR and only if and to the extent necessary to process the payment. In the case of secured purchases on account, or secured direct debit, Unzer GmbH conducts a credit inquiry. For this purpose, Unzer GmbH may transmit your payment data to credit rating agencies in accordance with Art. 6 (1) point (f) GDPR based on the legitimate interest of Unzer GmbH in establishing whether you are solvent. Specifically, such credit rating agencies are, for example, the following services providers: Schufa Holding AG, CRIF Bürgel GmbH, Arvato Infoscore GmbH, Universum Business GmbH, Bisnode D & B Austria GmbH. Unzer GmbH uses the results of the credit rating inquiry in terms of the statistical probability of a default on payment for the purpose of deciding which payment method to grant. The credit rating can contain probability values (so-called scores). Where scores are used to determine the credit information, such scores are based on a scientific, mathematical-statistic procedure. The scores are calculated taking into account inter alia, but without limitation, address data. For more legal information on data privacy, for example relating to credit rating agencies, please refer to the Unzer GmbH data privacy notice at https://www.unzer.com/en/datenschutz/. You can object to the processing of your data at any time by sending a message to Unzer GmbH. However, Unzer GmbH may continue to have the right to process your personal data if it is necessary to process the payment in accordance with the contract. Instagram The services of the service provider Instagram are embedded on our website. Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, impressum@support.instagram.com is the common controller according to Art. 26 GDPR and of the Facebook pages Insights addendum (https://www.facebook.com/legal/terms/page_controller_addendum). The provider of the features is Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you sign in with your Instagram account you can link the content of our pages with your Instagram profile which is then allocated to your user account. Instagram uses the same systems and technology as Facebook. Your data will therefore be processed across all Meta undertakings. Please note that we as the provider of the website do not obtain knowledge of the content of the transmitted data and how Instagram uses them. For more information, please refer to Instagram’s privacy notice at: https://instagram.com/about/legal/privacy/. Even when you are not logged into you Instagram account, data, such as the IP address, the operating system, date and time of access, purchases made, advertisements you see and how you use our services, are generated.  We use Instagram to easily provide you as a visitor to our online store with images of and information about our products and to make your shopping experience as agreeable as possible. The legal basis for processing is Art. 6 (1) point (a) GDPR. The data will be anonymised, respectively erased, after 90 days. Google Analytics This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on you computer and enable an analysis of how you use the website. The information generated by the cookie about how you use this website is generally transmitted to a Google server in the U.S. and stored there. If IP anonymisation is activated on this website, Google will however cut off the last digits of your IP address beforehand when still within a Member State of the European Union or in the other States that are party to the Agreement on the European Economic Area. The full IP address will be transferred to a Google server in the U.S. in exceptional cases only and the last digits cut off there. Google will use the information on behalf of the operator of this website to analyse your use of the website, to compile reports on the website activities, and to provide other services related to website and internet use to the website provider. The IP address transmitted by your browser as part of Google Analytics will not be mixed with other Google data. You can prevent cookies from being stored by changing the settings of your browser software accordingly; however, please note that in this case you may not be able to fully use all features of this website. In addition, you can prevent the data generated by the cookies relating to your use of the website (incl. your IP address) from being collected and transmitted to Google and the data from being processed by Google, by downloading and installing the plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. The legal basis for using Google Analytics is Art. 6 (1)(1) point (a) GDPR. Details of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms: http://www.google.com/analytics/terms/de.html; Overview on data protection: http://www.google.com/intl/de/analytics/learn/privacy.html; Privacy notice: http://www.google.de/intl/en/policies/privacy. Meta Pixel We use Meta Pixel on our website. For this purpose, we have installed a piece of code on our website. The Meta Pixel loads a collection of features with which Meta can track how you use our website, provided you were directed to our website through a Facebook ad. For example, when you purchase an item on our website, the Meta Pixel is triggered and stores your user conduct on our website in one or more than one cookies. The cookies enable Meta to compare your data (customer data, such as IP address, user sign-in) with the data of your Facebook account. Then Meta deletes the data again. The collected data are anonymous and inaccessible for us and can only be used to place advertisements. If you are a Facebook user yourself and signed into it, a visit to our website will be allocated automatically to your Facebook user account. We only want to display our services and goods to those people who are really interested in them. By using Meta Pixel we can adjust our advertising measures to better match your wishes and interests. You will see advertisements matching Facebook, provided you permitted customised advertising. Meta uses the data collected for analysis and for own advertisements. If you have a Facebook account you can change your settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user you can manage your use-based online advertisements at http://www.youronlinechoices.com/en/praferenzmanagement/, where you can deactivate or activate providers. If you want to learn more about Facebook’s data protection, we recommend the company’s own privacy policy at https://www.facebook.com/policy.php. Your rights as a data subject When your personal data is processed you are a data subject under the GDPR and you have the following rights vis-à-vis the controller: Right of access You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to access to the personal data and the following information: (1) the purposes of the processing for which the personal data are intended; (2) the categories of personal data concerned; (3) the recipients or categories of recipient to whom the personal data have been or will be disclosed; 4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; (6) the right to lodge a complaint with a supervisory authority; (7) where the personal data are not collected from you, any available information as to their source; (8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you. Where applicable, you have the right to be informed of the fact that the controller intends to transfer personal data to a third country or international organization. In this context you have the right to be informed of the appropriate suitable safeguards pursuant to Article 46 relating to the transfers. Right to rectification You have the right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data concerning you, without undue delay. Right to restriction of processing Where one of the following applies, you have the right to obtain from the controller restriction of processing of the personal data concerning you: (1) you contest the accuracy of the data for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;  (3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or  (4) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your own. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State If processing was restricted pursuant to paragraph 1 you shall be informed by the controller before the restriction of processing is lifted. Right to erasure You have the right to obtain from the controller the erasure of personal data concerning you without undue delay. We are obliged to erase personal data without undue delay where one of the following grounds applies: (1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (2) you withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing; (3) you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR; (4) the personal data have been unlawfully processed; (5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;  (6) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. The right to erasure shall not apply to the extent that processing is necessary: (1) for exercising the right of freedom of expression and information; (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR; (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; (5) for the establishment, exercise or defence of legal claims. Right to notification If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis us we shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about those recipients. Right to data portability You have the right to receive the personal data concerning you, which you provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where (1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and (2) the processing is carried out by automated means. In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided the rights and freedoms of others are not adversely affected. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Right to object You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications. Right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR. The competent authority is the NorthRhine-Westphalia (NRW) State Commissioner for the Protection of Data and Freedom of Information Kavalleriestr. 2-4 40213 Düsseldorf Telephone: 0211/38424-0 Fax: 0211/38424-10 E-Mail: poststelle@ldi.nrw.de Status and update of the Data Privacy Notice The present data privacy notice is of 28 October 2021. We reserve the right to regularly adjust the data privacy notice to the underlying data processing processes.