§ 1 Responsible person
The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
Prinz Ludwig Str. 2
80333 Munich / Germany
§ 2 General information on data processing and collection of personal data
1) Scope of processing personal data
a) Personal data includes all data that can be related to you personally, e.g. name, address, email addresses, user behavior.
b) We generally only process personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The collection and use of our users’ personal data regularly only takes place with the user’s consent. An exception applies in cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
2) Legal basis for processing personal data
a) If we obtain the consent of the data subject for processing personal data, Article 6 Paragraph 1 Letter a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
b) When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
c) If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis.
d) In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 Letter d GDPR serves as the legal basis.
e) If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for the processing .
3) Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data to conclude or fulfill a contract.
§ 3 Provision of the website and creation of log files
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
– Browser type
– Language and version of the browser software
– The user’s operating system
– Amount of data transferred
– The user’s IP address
– Date and time of access
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
The data is also stored in the log files of our system. This does not affect the user’s IP addresses or other data that enables the data to be assigned to a user. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. To do this, the user’s IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. The data also serves us to optimize the website and to ensure the security of our information technology systems. The data will not be evaluated for marketing purposes in this context. Our legitimate interest in data processing in accordance with Article 6 Paragraph 1 Letter f of the GDPR also lies in these purposes.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the users’ IP addresses are deleted or altered so that it is no longer possible to assign the calling client.
The following data is stored and transmitted in the cookies:
– Articles in shopping cart
– Log-in information
This website uses the following types of cookies, the scope and functionality of which are explained below:
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
We need cookies for the following applications:
The user data collected through technically necessary cookies is not used to create user profiles.
The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.
The purpose of using technically necessary cookies is to simplify the use of websites for users.
§ 5 Collection of personal data when using our web shop
If you would like to order in our webshop, in order to conclude the contract it is necessary that you provide your personal data, which we need to process your order. Mandatory information required to process the contracts is marked separately; further information is voluntary. We process the data you provide to process your order.
On our website we offer you the opportunity to register by providing personal data. The data is entered into an input mask under “My Account” and transmitted to us and stored. A transfer of data to third parties does not take place.
As part of the ordering process, your consent to the processing of this data will be obtained.
Legal basis for the processing of data is Art. 6 Para. 1 lit. b GDPR.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after the contract has been concluded, it may be necessary to store the contractual partner’s personal data in order to comply with contractual or legal obligations.
To prevent unauthorized third-party access to your personal data, especially financial data, the ordering process is encrypted using SSL technology.
§ 6 Collection of personal data through the use of financial service providers
We offer the user the opportunity to pay with Stipe as part of the ordering process. The PayPal payment system is an offer from Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
For the payment transaction, the user’s personal data is transmitted to Stripe. These are name, address, telephone number, email address, credit card number, banking information, date of birth.
In addition, purchase details such as requested amount, retailer information, items and item numbers, device-related information and user location data are transmitted.
The personal data transmitted to Stripe may also be passed on by Stripe to third parties, such as credit agencies to check credit risk and payment service providers.
The legal basis for the transmission of data is Art. 6 lit.b GDPR.
Information on the purpose and scope of data collection, its processing by Stripe, as well as your rights as a user and setting options to protect your data can be found at https://stripe.com/de/privacy.https://stripe.com/privacy- shield policy; Stripe has submitted to the EU-US Privacy Shield: https://stripe.com/privacy-shield-policy.
§ 7 Collection of personal data when using social media plug-ins
1) Our website and our newsletter use so-called social media plug-ins (“plug-ins”) from the social network Facebook.
When you visit our website, no personal data is initially passed on to the provider of the plug-in. You can identify the provider of the respective plug-in by the respective logo.
We give you the opportunity to communicate directly with the plug-in provider via the plug-in. Only if you click on the plug-in and thereby activate it will your browser establish a direct connection with the plug-in provider’s servers and they will receive the information that you have accessed the corresponding website of our online offer, even if You do not have a profile with the respective plug-in provider. In addition, the data mentioned in Section 3 of this declaration, in particular your IP address, will be transmitted. By activating the plug-in, your personal data will be transmitted to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data primarily via cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the plug-in.
2) We have no influence on the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing, or the storage periods. We also have no information about the deletion of the data collected by the plug-in provider.
3) The plug-in provider saves the data collected about you as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this you must contact the respective plug-in provider. Through the plug-ins we offer you the opportunity to interact with social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.
4) Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect will be assigned directly to your existing account with the plug-in provider. If you click on the plug-in and link to the page, the plug-in provider also saves this information in your user account and may share it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the plug-in, as this allows you to avoid being assigned to your profile with the plug-in provider.
5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also receive further information about your rights in this regard and setting options to protect your privacy.
6) Addresses of the plug-in provider and URL with their data protection information:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/186325668085084.Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
§ 8 Collection of personal data when using reCAPTCHA
1) Our website uses reCAPTCHA, an offer from Google LLC (“Google”). This function is intended to ensure that a specific input is made by a natural person and not improperly through machine or automatic processing.
The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data. The company’s different data protection regulations apply to this data
The legal basis for using the function is Article 6 Paragraph 1 Sentence 1 Letter f GDPR.
Our legitimate interest is based on the determination that the input is made by the user as a natural person and the avoidance of misuse of the function.
3) Addresses of the plug-in provider and URL with their data protection information:
Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, https://policies.google.com/privacy?hl=de; Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
§ 9 Newsletter
1) On our website it is possible to subscribe to a free newsletter, which appears a maximum of once a month and provides information about Andreas Ruthemann’s current work. When you register for the newsletter, the data from the input mask is transmitted to us.
The only mandatory information for sending the newsletter is your email address.
Your consent will be obtained for the processing of data as part of the registration process and reference will be made to this data protection declaration.
To register for our newsletter we use the so-called double opt-in procedure. This means that after you register, we will send you an email to the email address you provided, in which we will ask you to confirm that you would like to receive the newsletter. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
2) We use MailChimp, an offer from Rocket Science Group, LLC, to send our newsletter.
We provide MailChimp with your email address. Under no circumstances will MailChimp write to you directly or pass on this data to third parties.
We would like to point out that we evaluate your user behavior when we send the newsletter. For this evaluation, the emails sent contain so-called web beacons, also known as tracking pixels or single-pixel files. These are loaded from a MailChimp server and provide e.g. Information about whether and when an email was opened, what content was read and what links were clicked. For the evaluations, we link the data mentioned in Section 3 and the web beacons with your email address.
This data helps us to adapt the newsletter and its content to the interests of the users.
You can prevent tracking, for example, if you have deactivated the display of images in your email program by default. In this case, the newsletter will not be displayed to you in its entirety and you may not be able to use all functions.
MailChimp uses the aforementioned data, among other things, to improve its own (economic and technical) services
Address and data protection notice:
Rocket Science Group, LLC, 675 Ponce De Leon Ave NE Suite 5000, Atlanta, GA 30308, USA further information on data collection: https://mailchimp.com/legal/privacy/
MailChimp has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
5) The legal basis for data processing when using MailChimp is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. Our legitimate interest in this data processing is to be able to design the newsletter to meet our customers’ needs. In addition, the legal basis for the processing of data after registration for the newsletter by the user, if the user has given his consent, is Art. 6 Para. 1 lit. a GDPR.
The purpose of collecting the user’s email address is to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s email address is therefore stored as long as the subscription to the newsletter is active.
The other personal data collected as part of the registration process is usually deleted after a period of seven days.
The subscription to the newsletter can be canceled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter. Or the affected user can cancel by email to firstname.lastname@example.org.
This also revokes your consent to the storage of personal data collected during the registration process.
§ 10 Contact form and email contact
There is a contact form on our website that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. This data is:
– E-mail address
At the time the message is sent, the following data is also stored:
– The user’s IP address
– Date and time of registration
Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration.
Alternatively, you can contact us using the email address provided. In this case, the user’s personal data transmitted with the email will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The legal basis for processing the data, if the user has given his consent, is Article 6 (1) (a) GDPR. The legal basis for the processing of data transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 (1) (b) GDPR.
The processing of personal data from the input mask is solely used to process contact with us. If you contact us via email, this also includes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified.
The additional personal data collected during the sending process will been deleted after a period of seven days at the latest.
§ 11 Rights of the data subject
The following list covers your rights as a data subject under the GDPR.
If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights towards the person responsible:
1) Right to information in accordance with Article 15 GDPR
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.
If such processing occurs, you can request information from the person responsible about the following information:
– the purposes for which the personal data are processed;
– the categories of personal data that are processed;
– the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
– the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period;
– the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller or a right to object to this processing;
– the existence of a right to lodge a complaint with a supervisory authority;
– all available information about the origin of the data if the personal data are not collected from the data subject;
the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
2) Right to correction in accordance with Article 16 GDPR
You have the right to request correction and/or completion from the person responsible if the personal data processed concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
3) Right to restriction of processing in accordance with Article 18 GDPR
You can request the restriction of the processing of personal data concerning you under the following conditions:
– if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data;
– the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
– the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
– if you have objected to the processing in accordance with Article 21 Para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.
4) Right to deletion in accordance with Article 17 GDPR
Obligation to delete
You can request that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
– The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
– You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing.
– You object to the processing in accordance with Article 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing,or you object to the processing in accordance with Article 21 Para. 2 GDPR.
– Your personal data has been processed unlawfully.
– The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
– The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 Para. 1 GDPR.
Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs To inform data controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
There is no right to deletion if processing is necessary
– to exercise the right to freedom of expression and information;
– in order to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or in order to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
– for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR;
– for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the law mentioned under section a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or
– to assert, exercise or defend legal claims.
5) Right to information in accordance with Art. 19 GDPR
If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless: this turns out to be impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
6) Right to data portability in accordance with Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
– the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR GMO based and
– the processing takes place using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7) Right to object in accordance with Art. 21 GDPR
If you have given your consent to the processing of your data, you can revoke this at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
If we base the processing of your personal data on the balancing of interests in accordance with Section 6 Paragraph 1 Letter f of the GDPR, you can object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, which is explained by us in the following description of the functions. If you exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we do. In the event of your justified objection, we will process the personal data relating to youon-related data will no longer be provided unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. In this case, your personal data will no longer be processed for these purposes.
You can send your objection by email to email@example.com or to our contact details provided in the legal notice.
8) Right to complain to a supervisory authority in accordance with Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you is contrary to violates the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
§ 12 Currentness and changes to this data protection declaration
This data protection declaration is valid as of May 2018.
Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.ruthemann.net/j/privacy.
NOTES ON DATA PROCESSING IN CONNECTION WITH GOOGLE ANALYTICS
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited. If the person responsible for data processing on this website is located outside the European Economic Area or Switzerland, then Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as “Google”.
Google Analytics uses so-called “cookies”, text files that are stored on the site visitor’s computer and enable the site visitor’s use of the website to be analyzed. The information generated by the cookie about the use of this website by the site visitor (including the shortened IP address) is usually transmitted to a Google server and stored there.
Google Analytics is used exclusively with the “_anonymizeIp()” extension on this website. This extension ensures that the IP address is anonymized by shortening it and excludes any direct personal reference. Through the extension, Google’s IP address is shortened beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the corresponding browser as part of Google Analytics is not merged with other Google data.
On behalf of the site operator, Google will use the information generated to evaluate the use of the website, to compile reports on website activity and to provide the site operator with other services related to website and internet use (Art. 6 Para. 1 lit. f GDPR). The legitimate interest in data processing lies in optimizing this website, analyzing use of the website and adapting the content. The interests of the users are sufficiently protected by pseudonymization.
Google LLC. offers a guarantee based on the standard contractual clauses to maintain an appropriate level of data protection. The data sent and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 50 months. The deletion of data whose retention period has been reached occurs automatically once a month.
The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with future effect. The corresponding browser plugin can be downloaded and installed under the following link: https://tools.google.com/dlpage/gaoptout.
The site visitor can prevent Google Analytics from recording data on this website by clicking on the following link. An opt-out cookie is set, which prevents future EThe collection of data when visiting this website is prevented.
Further information on data use by Google, setting options and objection options can be found in Google’s data protection declaration (https://policies.google.com/privacy) and in the settings for the display of advertising by Google (https://adssettings. google.com/authenticated).
To protect your requests via internet forms, we use the reCAPTCHA service from Google LLC (Google). The query is used to distinguish whether the entry was made by a human or improperly through automated, machine processing. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha is not merged with other Google data. The different data protection regulations of Google apply to this data. Further information about Google’s data protection guidelines can be found at: https://policies.google.com/privacy?hl=de