data protection
Data protection
1) Introduction and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Andreas Shimf, www.avibes.de c/o Formation Web designer 22 Rue Marc Seguin 94000 Creteil, France , email: info@avibes.de. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (eg orders or inquiries to the person responsible), this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.
2) Data collection when visiting our website
If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if necessary: in anonymous form)
The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
3) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), some of these cookies remain on your device for a longer period of time and enable page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings in your web browser.
If personal data is also processed by individual cookies used by us, the processing takes place in accordance with Article 6 (1) (b) GDPR either for the execution of the contract, in accordance with Article 6 (1) (a) GDPR in the event that consent has been given or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be restricted.
4) Contact
When contacting us (e.g. via contact form or email), personal data is processed – exclusively for the purpose of processing and answering your request and only to the extent required for this. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.
5) Data processing when opening a customer account
In accordance with Article 6 Paragraph 1 Letter b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide it to us when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After your customer account has been deleted, your data will be deleted provided that all contracts concluded have been completed, there are no legal retention periods to the contrary and we have no legitimate interest in further storage.
6) Use of Customer Data for Direct Marketing
6.1 Subscribing to our email newsletter
If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. Providing further data is voluntary and is used to be able to address you personally. We use the so-called double opt-in procedure to send the newsletter, which ensures that you only receive the newsletter if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later point in time. The data we collect when registering for the newsletter is used strictly for the intended purpose. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned above. After you have unsubscribed, your e-mail address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration.
6.2 If you cancel your purchase from us before completing the order, you have the option of being reminded of the contents of your virtual shopping cart once by e-mail.
The only mandatory information for sending this reminder is your e-mail address. Providing further data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure for sending e-mails, which ensures that you only receive a notification if you have expressly confirmed your consent to this by clicking on a verification link sent to the e-mail address provided.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR to send a shopping cart reminder. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later point in time. The data we collect when you register for our e-mail notification service is used strictly for the intended purpose. You can unsubscribe from the shopping cart reminders at any time by sending a message to the person named above. After you have unsubscribed, your e-mail address will be deleted immediately from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data that goes beyond this, which is permitted by law and about which we will inform you in this declaration .
7) Data processing for order processing
7.1 Insofar as it is necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned bank in accordance with Article 6 Paragraph 1 lit. b GDPR.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provide when ordering (name, address, e-mail address) in order to inform you within the framework of our legal information obligations in accordance with Art. 6 Para 1 lit. c GDPR via a suitable communication channel (e.g. by post or e-mail) about upcoming updates in the period stipulated by law. Your contact details will be used strictly earmarked for notifications about updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the information in question.
In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
7.2 Disclosure of personal data to shipping service providers
-DHL
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will provide your e-mail address in accordance with Article 6 (1) (a) GDPR before the goods are delivered for the purpose of coordination of a delivery date or delivery notification to DHL, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Article 6 (1) (b) GDPR. The data will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or the delivery notification is not possible.
The consent can be revoked at any time with effect for the future to the person responsible mentioned above or to the transport service provider DHL.
8) Site Functionalities
8.1 Trustami Trustmark
The Trustami seal of trust is integrated on this website to display the collected ratings and social media feedback. This serves to implement our legitimate interests in optimal marketing of our offer on our own website in accordance with Article 6 (1) (f) GDPR.
When the Trustami trust seal is called up, the web server automatically saves data (access data) in the form of a server log file, which contains, for example, the date and time of the call, your IP address in abbreviated form and the requesting provider. This access data is not evaluated and automatically overwritten no later than seven days after the end of your visit to the site. The Trustami seal of trust and the services advertised with it are an offer from Trustami GmbH, Schröderstraße 5, 10115 Berlin.
You can find more information about Trustami, the automated processing of data and the data protection regulations at https://www.trustami.com/datenschutz/
8.2 Google reCAPTCHA
On this website we use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is primarily used to distinguish whether an entry is made by a natural person or whether it is misused by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in determining individual personal responsibility on the Internet and avoiding abuse and spam.
For the visual design of the Captcha window, Google uses "Google Fonts", i.e. fonts downloaded by Google from the Internet. There is no processing of further information than the ones mentioned above, which are already transmitted to Google via the functionality of ReCaptcha.
When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. come in the US.
Further information on Google reCAPTCHA and Google's data protection declaration can be found at: https://www.google.com /intl /de /policies /privacy /
For the transmission of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.
8.3 Shopsync for Shopify
This website uses the Shopify app "Shopsync" from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
With the help of ShopSync, the "Mailchimp" newsletter service is synchronized with our Shopify account in such a way that updates in Mailchimp email lists (such as a completed opt-out by a newsletter recipient) are also automatically stored on Shopify and on the other hand New contact data generated via contracts concluded on Shopify are automatically transferred to the Mailchimp email lists.
In the first case, data is processed in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in the effective and cross-system maintenance of the files of advertising addressees and the efficient observance of legally significant status changes.
In the second case, the user's first and last name, address and e-mail address together with transaction-related information will be used exclusively on the basis of the user's express consent in accordance with Article 6 (1) (a) GDPR after a contract has been concluded on Shopify for inclusion in the Mailchimp list (purchase amount, time and date of purchase) transferred to Mailchimp by ShopSync.
Data transferred in this way is not stored or retained by ShopSync after synchronization. All information synced between Shopify and Mailchimp is transmitted over Secure Socket Layer (SSL) technology, and all information transmitted remains encrypted during the sync process.
The synchronization process requires information to be transmitted over a secure connection to servers hosted by Amazon Web Services in the United States.
You can find further data protection information on ShopSync here: https://shopsync.io/privacy-policy
9) Tools and Miscellaneous
9.1 - Lex Office
We use the cloud-based accounting software "lexoffice" from Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg to do the accounting.
Lexoffice processes incoming and outgoing invoices and, if necessary, our company's bank transactions in order to automatically record invoices, match them to transactions and create financial accounting from them in a semi-automated process.
If personal data is also processed here, the processing is carried out in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business transactions.
More information about lexoffice, the automated processing of data and the data protection regulations can be found at https://www.lexoffice.de /datenschutz /
9.2 Cookie Consent Tool
This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies that require consent and cookie-based applications. The "Cookie-Consent-Tool" is displayed to users when the page is accessed in the form of an interactive user interface, on which consent can be given for certain cookies and/or cookie-based applications by ticking the box. By using the tool, all cookies/services that require consent are only loaded if the respective user gives their consent by ticking the box. This ensures that such cookies are only set on the respective end device of the user if consent has been given.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed here.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and therefore a legally compliant design of our website.
Another legal basis for processing is Art. 6 (1) (c) GDPR. As the person responsible, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
We have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.
Further information on the operator and the setting options of the cookie content tool can be found directly in the corresponding user interface on our website.
10) Rights of the data subject
10.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention rights) vis-à-vis the person responsible with regard to the processing of your personal data, whereby reference is made to the legal basis given for the respective exercise requirements:
- Right to information according to Art. 15 GDPR;
- Right to rectification according to Art. 16 GDPR;
- Right to erasure according to Art. 17 GDPR;
- Right to restriction of processing in accordance with Art. 18 GDPR;
- Right to information according to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right to revoke granted consent in accordance with Art. 7 Para. 3 GDPR;
- Right to complain according to Art. 77 GDPR.
10.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE CERTIFICATION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED FOR DIRECT MARKETING PURPOSES.
11) Duration of storage of personal data
The duration of the storage of personal data is based on the respective legal basis, the processing purpose and - if relevant - also based on the respective statutory retention period (e.g. commercial and tax retention periods).
When processing personal data on the basis of an express consent in accordance with Article 6 Paragraph 1 lit. a GDPR, this data is stored until the person concerned revokes his consent.
If there are statutory retention periods for data that are processed as part of legal or similar obligations on the basis of Article 6 (1) (b) GDPR, this data will be routinely deleted after the retention period has expired, provided that it is no longer required to fulfill or initiate a contract and/or we have no legitimate interest in further storage.
When personal data is processed on the basis of Article 6 (1) (f) GDPR, this data is stored until the data subject exercises his or her right to object under Article 21 (1) GDPR, unless we can provide compelling reasons worthy of protection for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 lit. f GDPR, this data is stored until the data subject exercises his right of objection under Article 21 Paragraph 2 GDPR.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
