As the controller pursuant to Art. 13 and 14 of the General Data Protection Regulation (GDPR), we hereby inform data subjects about the handling of personal data. This document has been valid since May 2024. It may be necessary to adapt this document due to possible future changes to data processing processes or due to changes in legal or official requirements. The current version is always available at https://degeler.com/pages/datenschutzerklarung
II. Who is responsible for data processing?
The controller for data processing in accordance with Art. 4 No. 7 GDPR is
DEGELER GmbH & Co. KG, Frankfurter Str. 63 A, 63322 Rödermark, Germany. You can find the full legal notice at https://degeler.com/pages/impressum
III. Is there a data protection officer?
We have not appointed a data protection officer for our company.
IV. What do we process your data for?
IV.1 Log files / hosting
If you visit our website without registering or otherwise providing us with information, we only collect the following data that your browser transmits to our server (so-called "server log files"):
- The individual pages of our website (URL)
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (possibly in anonymized form)
Our website is stored by a hosting provider and kept available for retrieval. The web server used stores the aforementioned server log files.
- Purpose of processing: Hosting of the website
- Legal basis and legitimate interests: Processing is carried out on the basis of our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in the security and stability of our website by commissioning a service provider to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services
- Data recipient: Shopify International Limited, https://www.shopify.com/
- Storage period: 7 days
IV.2 Cookies
IV.2.a. General information
(aa) Definitions
Below you will find extensive information on so-called "cookies" and other storage technologies ("web storage"). This is information that is often stored in databases on your end device. Any type of "cookie" or "web storage" may contain personal data. In many cases, however, the data is pseudonymized. The following terms may be used below:
- First-party cookie: This cookie is stored or modified by the website you are currently browsing
- Third-party cookie: This cookie is stored or modified by third parties with which the website operator is connected (e.g. an advertising network, a social media platform, etc.)
- Session cookie: This cookie is deleted from your end device when you close the browser. A session cookie often only stores one session ID in order to assign several requests from a user on a page to their session
- Persistent cookie: This cookie is stored on your end device until its validity expires or you delete it manually or automatically in the browser
- Absolutely necessary: Without this cookie and web storage, the service you have requested cannot be provided
- Optional: This cookie and web storage enables us to use additional functions and is only used if you give your consent to this
- Local Storage: Belongs to the so-called "web storage". This information is also stored in your web browser until you delete it manually.
- Session storage: Is part of the so-called "web storage". This information is also stored in your web browser until you close the browser window.
(bb) Legal bases
- Strictly necessary cookies and web storage: The storage of information and access to this information is based on the legal basis of Section 25 (2) No. 2 TDDDG.
- Optional cookies and web storage: The storage of and access to information is based on the legal basis of your individual personal and voluntary consent in accordance with Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future. The data processing until the revocation remains lawful. Please note that if you do not accept optional cookies, individual functions of our website may be restricted.
(cc) Data recipient / access option
- First-party cookies: Only we as the data controller and website operator have access to these cookies.
- Third-party cookies: Only the third party that has set these cookies itself has access to them. For example, only Google has access to a cookie set by Google and can read or change it.
- Web storage: Only we as the data controller and website operator have access to this.
(dd) Storage duration
- Session cookies: These remain stored in your browser only temporarily until the end of the browser session or can be deleted by you beforehand.
- Persistent cookies: These remain stored on your end device for as long as specified for the respective cookie or can be deleted by you beforehand.
- Local storage: These remain stored until you delete them manually.
- Session storage: This remains stored until the browser window is closed.
The exact storage period is specified under "Cookies used and web storage".
(ee) Deletion options / objection
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/de/latest/web-preferences/
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/.
IV.2.b. Cookies used
In the following overview, we list the technically necessary first-party cookies used on our website and the purpose of data processing:
- _ab (persistent cookie)
Purpose: Used in connection with access to the admin area.
Period of validity: 2 years
- _secure_session_id (persistent cookie)
Purpose: Used in connection with navigation through a storefront.
Validity period: 24 hours
- _shopify_country (session cookie)
Purpose: Used in connection with the checkout.
Validity period: Until the end of the browser session
- _shopify_m (persistent cookie)
Purpose: Used to manage the customer's data protection settings
Period of validity: 1 year
- _shopify_tm (persistent cookie)
Purpose: Used to manage the customer's privacy settings
Period of validity: 30 minutes
- _shopify_tw (persistent cookie)
Purpose: Used to manage the customer's privacy settings
Validity period: 2 weeks
- _storefront_u (persistent cookie)
Purpose: Used to support the updating of customer account information
Validity period: 1 minute
- _tracking_consent (persistent cookie)
Purpose: Tracking settings
Validity period: 1 year
- c (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 1 year
- Shopping cart (persistent cookie)
Purpose: Used in connection with the shopping cart.
Validity period: 2 weeks
- cart_currency (persistent cookie)
Purpose: Used in connection with the shopping cart.
Validity period: 2 weeks
- cart_sig (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 2 weeks
- cart_ts (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 2 weeks
- cart_ver (persistent cookie)
Purpose: Used in connection with the shopping cart.
Validity period: 2 weeks
- Checkout (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 4 weeks
- checkout_token (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 1 year
- dynamic_checkout_shown_on_cart (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 30 minutes
- hide_shopify_pay_for_checkout (session cookie)
Purpose: Used in connection with the checkout.
Validity period: Until the end of the browser session
- keep_alive (persistent cookie)
Purpose: Used in connection with buyer localization.
Validity period: 2 weeks
- master_device_id (persistent cookie)
Purpose: Used in connection with the merchant login.
Validity period: 2 years
- previous_step (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 1 year
- remember_me (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 1 year
- secure_customer_sig (persistent cookie)
Purpose: Used in connection with the customer login.
Validity period: 20 years
- shopify_pay (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 1 year
- shopify_pay_redirect (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 30 minutes, 3 weeks or 1 year depending on the value
- storefront_digest (persistent cookie)
Purpose: Used in connection with the customer login.
Validity period: 2 years
- tracked_start_checkout (persistent cookie)
Purpose: Used in connection with the checkout.
Validity period: 1 year
- checkout_one_experiment (session cookie)
Purpose: Used in connection with the checkout.
Validity period: Until the end of the browser session
In the following overview, we list the optional first-party cookies used on our website and the purpose of data processing:
- _landing_page (persistent cookie)
Purpose: Tracking of landing pages
Period of validity: 2 weeks
- _orig_referrer (persistent cookie)
Purpose: Tracking of landing pages
Validity period: 2 weeks
- _s (persistent cookie)
Purpose: Shopify analyses
Validity period: 30 minutes
- _shopify_d (session cookie)
Purpose: Shopify analyses
Validity period: Until the end of the browser session
- _shopify_fs (persistent cookie)
Purpose: Shopify analyses
Validity period: 30 minutes
- _shopify_s (persistent cookie)
Purpose: Shopify analyses
Validity period: 30 minutes
- _shopify_sa_p (persistent cookie)
Purpose: Shopify analytics related to marketing & recommendations.
Validity period: 30 minutes
- _shopify_sa_t (persistent cookie)
Purpose: Shopify analytics related to marketing & recommendations.
Validity period: 30 minutes
- _shopify_y (persistent cookie)
Purpose: Shopify analyses
Validity period: 1 year
- _y (persistent cookie)
Purpose: Shopify analyses
Validity period: 1 year
- _shopify_evids (session cookie)
Purpose: Shopify analyses
Validity period: Until the end of the browser session
- _shopify_ga (session cookie)
Purpose: Shopify and Google Analytics
Period of validity: Until the end of the browser session
IV.3 Cookie consent management
Cookies and consent management
In addition to storing cookies (see separate section), we manage the declarations of consent of our Internet users using a cookie consent tool.
- Purpose of processing: Fulfillment of the legal obligation to manage consent
- Legal basis: Art. 6 para. 1 sentence 1 lit. c GDPR
- Storage duration: Until consent to cookie storage is revoked, at the latest until the respective cookie expires. The storage duration of the respective cookies is listed in the cookie table.
As far as mentioned below, we have commissioned the following service provider with consent management
Usercentrics
This is a service of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, https://usercentrics.com/de
- Privacy policy of Usercentrics GmbH: https://usercentrics.com/de/datenschutzerklaerung/
- Further information on data storage on the consent management platform: https://usercentrics.com/de/knowledge-hub/it-compliance-faq/
- Storage period at Usercentrics: 3 years
IV.4 Content Delivery Network (CDN)
Shopify CDN
On our website we use a so-called Content Delivery Network ("CDN") of the technology service provider Shopify ("Shopify"). A content delivery network is an online service that is used in particular to deliver static website data through a network of globally distributed servers connected via the Internet. Essentially, this involves your IP address and the data of your browser in order to be able to transmit the website data to you. We ourselves have no access to the data collected by Amazon.
- Purpose of processing: Optimization of the loading speed of our website
- Legal basis and legitimate interests: Processing is carried out on the basis of our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in the speed, security and stability of our website by commissioning a service provider to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services
- Data recipient: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, https://www.shopify.de/
- Data protection information from Shopify: https://www.shopify.com/de/legal/datenschutz
IV.5 Making contact
When you contact us (e.g. via contact form, email, telephone, fax), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. We cannot process your request without this mandatory information. All other information is voluntary.
- Purpose of processing: Answering your request
- Legal basis: Art. 6 para. 1 lit. b GDPR for pre- or contractual matters. Art. 6 para. 1 lit. a GDPR for your voluntary information.
- Recipient of the data: Email service provider for emails, hosting provider for contact form enquiries
- Storage period: Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary. In the case of pre-contractual and contractual matters, your request will be stored until the contract is terminated and processing will then be restricted. If there is no longer a legal reason for storage, the data will be deleted.
IV.6 Newsletter
We send newsletters by email to registered users with information about our company, our products, services, promotions and offers. The newsletter is sent out no more than once a month.
- Double opt-in procedure: Registration for our newsletter is always carried out using a so-called double opt-in procedure. After registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to check the accuracy of your e-mail address. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.
- Purpose of processing: Direct marketing, customer communication
- Legal basis: When subscribing to our newsletter, the subscriber gives their consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
- Right of revocation/opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent, by informing us by e-mail (see above under "Who is responsible for data processing?") or by clicking on the link at the end of each newsletter. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Obligation to provide: To send the newsletter, we require at least your valid e-mail address. Otherwise it will not be possible to send you the newsletter.
- Storage period: Your data will be stored until you withdraw your consent. After that, its processing will be restricted and it will be stored for up to three years in order to be able to provide legally compliant proof of consent previously given. This is done on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in the verifiability of data protection compliance.
If named below, we use the following service provider for this purpose:
RapidMail
- Data recipient: rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., https://www.rapidmail.de
- RapidMail privacy policy:, https://www.rapidmail.de/datenschutz
- Legal basis and legitimate interests: The data transfer is based on our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in the security and stability of a legally compliant newsletter system including automated double opt-in and verifiability of user registrations.
- Transfer to third countries: none
- Storage period: Your data will be stored until you withdraw your consent. After that, its processing will be restricted and it will be stored for up to three years in order to be able to provide legally compliant proof of consent previously given.
We send newsletters by email to our customers with information about our company, our products, services, promotions and offers. The newsletter is sent out no more than once a month.
- Purpose of processing: direct marketing, customer communication
- Legal basis and legitimate interests: The newsletter is sent on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in regular customer communication and sales promotion by means of direct marketing.
- Right to object (opt-out): You can object to the sending of our newsletter at any time with effect for the future by informing us by e-mail (see above under Responsible person) or by clicking on the link that can be found at the end of each newsletter.
- Storage period: Your data will be stored until you object. After that, its processing will be restricted and it will be blocked for further newsletter mailings.
If named below, we use the following service provider:
IV.7 Opening a customer account
If you open a personal customer account with us for future orders, the following provisions apply:
- Purpose of processing: User contract for the personal customer account.
- Legal basis: Contract pursuant to Art. 6 para. 1 lit. b GDPR. For the data provided voluntarily by you, your consent pursuant to Art. 6 para. 1 lit. a GDPR applies.
- Obligation to provide data: The mandatory information can be found in the registration form. We cannot open an account for you without this data.
Data recipient: The customer account is managed via our online store. This is operated by our web host (see above).
- Storage period: Your data in the customer account will be stored for as long as the user contract with us exists. Voluntary data will be stored until you withdraw your consent. After that, its processing will be restricted and it will be stored for up to three years in order to be able to provide legally compliant proof of consent previously given. This is done on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in the verifiability of data protection compliance.
IV.8 Ordering goods or services
IV.8.a. General information
- Purpose of processing: Execution of your order.
- Legal basis: Contract pursuant to Art. 6 para. 1 lit. b GDPR. For the data voluntarily provided by you, your consent pursuant to Art. 6 para. 1 lit. a GDPR applies. For other processing, Art. 6 para. 1 lit. f GDPR applies.
- Legitimate interests: Debt collection and enforcement; measures for business management and further development of services and products
- Data recipients: Web host of the online store (see above). Shipping and payment service providers. Lawyer, debt collection agency, management consultant.
IV.8.b. Payment processing
- Purpose of processing: Execution of the order. Processing of the payment.
- Legal basis: Contract pursuant to Art. 6 para. 1 lit. b GDPR.
- Obligation to provide: Depending on the selected payment method, you must provide us or the payment service provider with the required payment data.
- Data recipients: The payment service providers used are listed below
Amazon Pay
- Service provider: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg, https://pay.amazon.de/
- Privacy policy of Amazon Pay: https://pay.amazon.de/help/201212490
- Third country transfer: see Amazon Pay privacy policy https://pay.amazon.de/help/201212490
Apple Pay
If you decide to pay with Apple Pay, the payment will be processed by the payment service provider Apple, to whom we will pass on the information you provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR.
- Service provider: Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014, https://www.apple.com/de/
- Apple's privacy policy: https://www.apple.com/legal/privacy/de-ww/
- Third country transfer: see Apple's privacy policy: https://www.apple.com/legal/privacy/de-ww/
Bancontact
- Service provider: Bancontact Payconiq Company SA/NV 82, rue d'Arlon , 1040-Brussels, https://www.bancontact.com/en
- Privacy policy of Bancontact: https://www.bancontact.com/files/privacy.pdf
- Third country transfers: see Bancontact's privacy policy: https://www.bancontact.com/files/privacy.pdf
EPS
- Service provider: STUZZA Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH, Frankgasse 10/8
A-1090 Vienna, https://www.eps-ueberweisung.at/
- Privacy policy of EPS: https://eservice.stuzza.at/de/datenschutzerklaerung.html
- Third country transfer: see EPS privacy policy: https://eservice.stuzza.at/de/datenschutzerklaerung.html
Google Pay
If you decide to pay with Google Pay, the payment will be processed by the payment service provider Google, to whom we will pass on the information you provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR.
- Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy of Google: https://policies.google.com/privacy
- Third country transfer: see Google's privacy policy: https://policies.google.com/privacy
- Commission adequacy decision: With regard to data transfers to Google LLC, we refer to the decision of 10.07.2023 for the EU-US data protection framework pursuant to Art. 45 GDPR. The list of companies participating in the EU-US Privacy Shield Framework is available at https://www.dataprivacyframework.gov/
Klarna
If a Klarna payment service is selected, the payment is processed via Klarna Bank AB (hereinafter "Klarna"). To enable the payment to be processed, your personal data (first and last name, street, house number, zip code, city, gender, e-mail address, telephone number and IP address) and data relating to the order (e.g. invoice amount, item, delivery method) will be forwarded to Klarna.
Identity and credit check
Klarna reserves the right to carry out an identity and credit check using the data received. For this purpose, Klarna forwards the data to credit agencies. The list of possible credit agencies can be viewed here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
- Service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, https://www.klarna.com/de
- Klarna's privacy policy: https://www.klarna.com/de/datenschutz/
- Automated decision making: The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information obtained on the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship.
- Third country transfer: see Klarna's privacy policy: https://www.klarna.com/de/datenschutz/
PayPal
- Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
- Privacy policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Credit check: PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
ShopPay (Shopify)
If you choose to pay via ShopPay, payment is processed via Shopify International Limited (hereinafter "Shopify"). To enable payment processing, your personal data (first and last name, street, house number, zip code, city, gender, email address, telephone number and IP address) and data related to the order (e.g. invoice amount, item, delivery method) will be forwarded to Shopify.
- Service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, https://www.shopify.de/
- Privacy policy of Shopify: https://www.shopify.de/legal/datenschutz
Instant bank transfer
- Service provider: Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany, https://www.sofort.de
- Privacy policy of Sofort: https://www.sofort.de/datenschutz.html
- Third country transfer: see privacy policy of Sofort: https://www.sofort.de/datenschutz.html
IV.8.c. Shipping processing
- Purpose of processing: Execution of the order. Delivery of the goods. Notification of the delivery. Shipment tracking.
- Legal basis: Name, address and, if applicable, telephone number: Contract pursuant to Art. 6 para. 1 lit. b GDPR. Forwarding of the e-mail address to shipping service providers: Consent pursuant to Art. 6 para. 1 lit. a GDPR.
- Obligation to provide: The respective shipping company cannot deliver the goods to you without your name, address and, if applicable, telephone number. Without consent to the forwarding of the e-mail address to the shipping service provider, you will not receive any tracking information from them.
- Data recipients: The shipping service providers used are listed below: DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn)
IV.8.d. Direct advertising
- Purpose of processing: Direct advertising, sales promotion
- Legal basis: Our overriding legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR
- Legitimate interests: Direct advertising, sales promotion
- Data recipient: Agency, lettershop
IV.8.e. Legal obligation
- Purpose of processing: Fulfillment of legal obligations (e.g. information, notification, disclosure and retention obligations, payment of taxes and duties)
- Legal basis: The respective legal regulation applies in conjunction with Art. 6 para. 1 lit. c GDPR.
- Data recipients: Authorities, state institutions, lawyer, tax consultant, data protection officer if applicable
Insofar as named below, the controller is subject to these special legal obligations, among others:
IV.9 Web analysis
Google Analytics 4
(a) General: Our website uses Google Analytics, a web analysis service provided by Google Ireland Ltd (Google), with which the use of websites can be analyzed. We receive various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website user.
(b) Consent mode: When you visit a website on our website for the first time, you will be asked to give us your consent to the setting of optional cookies from Google using our cookie consent tool, among other things. Without your consent, certain information about your usage behavior will be collected and processed with so-called "pings".
(c) After your consent: If you give us your consent to set cookies, the demographic characteristics and Google Signals (see the following paragraphs) will also be used.
(d) Demographic characteristics: Google Analytics 4 enables the creation of statistics with statements about your age, gender and interests based on an evaluation of interest-based advertising and with the addition of third-party information via a special function, the so-called "demographic characteristics". This makes it possible to determine and differentiate between user groups of the website for the purpose of target group-optimized marketing measures. However, data collected via the "demographic characteristics" cannot be assigned to a specific person and therefore cannot be assigned to you personally.
(e) Google Signals: We also use the "Signals" service from Google on our website. With "Signals", we can have Google create cross-device reports (so-called "cross-device tracking"). If you have activated "personalized ads" in your Google account settings and linked your Internet-enabled devices to your Google account, Google can analyze usage behavior across devices when you give your consent to the use of Google Analytics 4 and create database models based on this. The logins and device types of all website users who were logged into a Google account and carried out a conversion are taken into account. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the relevant conversion took place. If Google Signals is used, we do not receive any personal data from Google, but only statistics compiled on the basis of Google Signals.
(f) E-commerce measurement: We also use Google's "e-commerce measurement" service on our website. This allows us to analyze the purchasing behavior of website visitors in order to improve our online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.
(g) Further details:
- Purposes of processing: tracking (e.g. interest/behavioral profiling), visitor action evaluation, interest-based and behavioral marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors). These purposes apply to us as well as to Google and its parent company.
- Legal basis and legitimate interests: For the use of Google Analytics, you may give us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which you can revoke at any time with effect for the future by deselecting "Marketing" or "Google Analytics 4" in the cookie settings on our site. Without your consent, we use Google Analytics 4 with the so-called "pings" for our own overriding legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) to achieve the purposes of processing (see above).
- Storage period: We store the anonymized data collected in this way for a maximum period of 14 months. The data is then automatically deleted. With regard to the storage period by Google, we refer to their privacy policy. The data collected via the "demographic characteristics" function is stored for two months and then deleted.
- Objection / opt-out: You can object to the collection of your data by installing a browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
Here you can specify which data should be used by Google: https://g.co/privacytools
You can also deactivate personalized advertising directly at Google: https://www.google.com/settings/ads/onweb/
Further information from Google on how you can block certain advertising and turn off cross-device analysis in connection with Google Signals can be found here: https://support.google.com/ads/answer/2662922?hl=de
You can also store your preferences regarding online advertising across all providers here: https://www.youronlinechoices.com/de/
Alternatively, you can use the administration page of the Network Advertising Initiative: http://www.networkadvertising.org/consumer/opt_out.asp
- Data recipient/processor: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Privacy policy of Google: https://policies.google.com/privacy
- Data protection information from Google for Google Analytics: https://support.google.com/analytics/answer/6004245
- Data protection information from Google for Google Signals: https://support.google.com/analytics/answer/7532985?hl=de
- Third country transfer: Insofar as non-anonymized data is transferred to Google LLC, data processing also takes place in the USA.
- Commission adequacy decision: With regard to data transfers to Google LLC, we refer to the decision of 10.07.2023 for the EU-US data protection framework pursuant to Art. 45 GDPR. The list of companies participating in the EU-US data protection framework is available at https://www.dataprivacyframework.gov/
Google Tag Manager
We use Google Tag Manager from Google on our website. Google Tag Manager is an online tool that allows us to integrate and manage website tags centrally and via a user interface. Tags are small sections of code that record your activities on our website, for example. For this purpose, JavaScript code sections are inserted into the source code of our website. The tags originate from Google Ads or Google Analytics, for example, but tags from other companies can also be integrated and managed via the Manager. Such tags perform different tasks. They can collect browser data, integrate buttons, set cookies and also track users across multiple websites. In the account settings of the Tag Manager, we have allowed Google to receive anonymized data from us. However, this only concerns the use and utilization of our Tag Manager and not your data, which is stored via the code sections.
- Purposes of processing: Tracking (e.g. interest/behavioral profiling), visitor action evaluation, interest-based and behavioral marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors). These purposes apply to us as well as to Google and its parent company. As far as we know, Google also uses the data collected in this way (anonymized) for its own purposes. In this respect, we refer to Google's privacy policy.
- Legal basis and legitimate interests: For the integration of the Google Tag Manager on our website, this processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. The various tags are then used in accordance with the sections described separately with the express consent of the user.
- Storage duration: With regard to the storage duration by Google, we refer to their privacy policy.
- Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Privacy policy of Google: https://policies.google.com/privacy
- Third country transfer: Insofar as non-anonymized data is transferred to Google LLC, the data processing takes place in the USA.
- Commission adequacy decision: With regard to data transfers to Google LLC, we refer to the decision of 10.07.2023 for the EU-US data protection framework pursuant to Art. 45 GDPR. The list of companies participating in the EU-US data protection framework is available at https://www.dataprivacyframework.gov/
IV.10. Social media plugins
Our website uses social plugins from various social networks. In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins, but only by using an HTML link. This type of integration ensures that no connection is established with the servers of the respective social network when a page of our website containing such buttons is accessed. When you click on the button, a new browser window opens and calls up the page of the social network. If necessary, after entering your login data, you can then perform the function provided (e.g. "like" or "share").
By clicking on the respective plugin, you give us your personal consent to the transfer of data to the respective social network. In particular, your IP address will be transmitted to the respective social network. The legal basis for this is Art. 6 para. 1 lit. a GDPR. You have the right to withdraw your consent at any time. The data processing remains lawful until revocation. The revocation only applies to the future.
The following social networks are used
- Data recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"), parent company: Meta Platforms, Inc, 1 Hacker Way, 94025 Menlo Park, California, USA
- Joint controllership: We have entered into a joint controllership agreement with Meta for the processing of personal data, which can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum
- Meta's privacy policy: https://www.facebook.com/policy.php
- Objection: Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads
- Third country transfer: Insofar as non-anonymized data is transferred to Meta Platforms, Inc. the data processing takes place in the USA.
- Commission adequacy decision: With regard to data transfers to Meta Platforms, Inc. we refer to the decision of 10.07.2023 for the EU-US data protection framework pursuant to Art. 45 GDPR. The list of companies participating in the EU-US Privacy Shield Framework is available at https://www.dataprivacyframework.gov/
Instagram is a service of Meta
- Data recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Instagram"), parent company: Meta Platforms, Inc, 1 Hacker Way, 94025 Menlo Park, California, USA
- Joint controllership: We have entered into a joint controllership agreement with Meta for the processing of personal data, which can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum
- Meta's privacy policy: https://instagram.com/about/legal/privacy
- Objection: Further settings and objections to the use of data for advertising purposes are possible within the Instagram profile settings: https://www.instagram.com/accounts/privacy_and_security/
- Third country transfer: Insofar as non-anonymized data is transferred to Meta Platforms, Inc. the data processing takes place in the USA.
- Commission adequacy decision: With regard to data transfers to Meta Platforms, Inc. we refer to the decision of 10.07.2023 for the EU-US data protection framework pursuant to Art. 45 GDPR. The list of companies participating in the EU-US Privacy Shield Framework is available at https://www.dataprivacyframework.gov/
- Data recipient: Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"), parent company: Pinterest Inc, 505 Brannan Street San Francisco, CA 94107, USA
- Privacy policy of Pinterest: https://about.pinterest.com/de/privacy-policy
- Third country transfer: Insofar as non-anonymized data is transferred to Pinterest Inc. the data processing takes place in the USA.
- Data recipient: Twitter International Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland ("Twitter"), parent company: X Corp, 1355 Market Street Suite 900 San Francisco, CA 94103, USA
- Privacy policy of Twitter: https://twitter.com/de/privacy
- Third country transfer: Insofar as non-anonymized data is transferred to Twitter Inc. the data processing takes place in the USA.
- Sufficient guarantees for data transfer: Twitter relies on the Commission's standard data protection clauses pursuant to Art. 46 (2) c) GDPR for data transfer to the USA, see https://help.twitter.com/de/rules-and-policies/global-operations-and-data-transfer
IV.11. Online videos
Our website uses embedded video content provided by the respective third-party provider named below. When you call up a page, your browser first loads a placeholder. No data is yet exchanged with the third-party provider. Only when you click the "Load video" button will the video be loaded by the third-party provider.
For this purpose, the browser you are using must connect to the servers of the respective third-party provider. This gives the third-party provider knowledge that our website has been accessed via your IP address. If you are logged into your third-party provider account, the third-party provider can assign your surfing behavior to you personally. You can prevent this by logging out of your third-party account beforehand. If a video is started, the third-party provider may use cookies and/or other web storage to collect information about user behavior.
- Purpose of processing: To provide a comprehensive and professional online offering, including with videos. User-friendly playback option without switching websites. Speed of video playback.
- Legal basis: Access to your IP address and the setting of any cookies is based on Section 25 (2) No. 2 TDDDG. The use of the video functionality and data processing by the third-party provider named below is subject to the terms of use of the third-party provider (Art. 6 (1) sentence 1 lit. b GDPR).
We use video content from the following third-party providers
YouTube
- Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Privacy policy of Google: https://policies.google.com/privacy
- Option to object (opt-out plugin): https://tools.google.com/dlpage/gaoptout?hl=de
- Third country transfer: Insofar as non-anonymized data is transferred to Google LLC, data processing takes place in the USA.
- Commission adequacy decision: With regard to data transfers to Google LLC, we refer to the decision of 10.07.2023 for the EU-US data protection framework pursuant to Art. 45 GDPR. The list of companies participating in the EU-US data protection framework is available at https://www.dataprivacyframework.gov/
- Storage duration / opt-out: You can stop using the video function at any time for the future by closing your browser window or reloading the page. If you were logged in with your YouTube account during the video playback, please contact Google regarding your opt-out request.
Online fonts
If you have activated the playback of YouTube videos, so-called web fonts are loaded, which are provided by Google. For this purpose, the browser you are using must connect to the Google servers. This informs Google that our website has been accessed via your IP address.
- Purpose of processing: Uniform presentation of online videos in all media
- Legal basis: Access to your IP address and the setting of any cookies is based on Section 25 (2) No. 2 TDDDG. The use of the video functionality and data processing by Google is subject to its terms of use (Art. 6 para. 1 sentence 1 lit. b GDPR).
- Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Privacy policy of Google: https://policies.google.com/privacy
- Third country transfer: Insofar as non-anonymized data is transferred to Google LLC, data processing takes place in the USA.
- Commission adequacy decision: With regard to data transfers to Google LLC, we refer to the decision of 10.07.2023 for the EU-US data protection framework pursuant to Art. 45 GDPR. The list of companies participating in the EU-US Privacy Shield Framework is available at https://www.dataprivacyframework.gov/
IV.12. Online fonts
Our website uses so-called web fonts provided by Shopify for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the Shopify servers. As a result, Shopify becomes aware that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font will be loaded from your computer.
- Purpose of processing: Uniform presentation of our website in all media
- Legal basis and legitimate interests: The integration takes place on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in a technically secure, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.
- Data recipient: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, https://www.shopify.de/
- Data protection information from Shopify: https://www.shopify.com/de/legal/datenschutz
IV.13. Online translations
Our website uses the online tool "ETranslate" from uppercommerce to translate our content into other languages.
- Purpose of processing: User-friendly translation of our content into other languages
- Legal basis and legitimate interests: The integration takes place on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in a user-friendly Internet presence.
- Data recipient: uppercommerce, https://www.uppercommerce.com/
- Third country transfer: Insofar as non-anonymized data is transferred to uppercommerce, data processing takes place in China.
- As a data subject, you have the following rights:
- Confirmation of data processing: You have the right to request confirmation from us as to whether your personal data is being processed. The requirements for this can be found in Art. 15 GDPR;
- Information: You have the right to request information about your personal data processed by us. The requirements for this can be found in Art. 15 GDPR;
- Rectification: You have the right to request the rectification of inaccurate personal data concerning you without undue delay. The requirements for this can be found in Art. 16 GDPR;
- Erasure: You have the right to obtain the erasure of personal data concerning you without undue delay. The requirements for this can be found in Art. 17 GDPR;
- Restriction of processing: You have the right to request the restriction of the processing of your personal data. The requirements for this can be found in Art. 18 GDPR;
- Data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to have this data transmitted by us to another controller. The requirements for this can be found in Art. 20 GDPR;
- Withdrawal of consent: You have the right to withdraw your consent at any time if the processing is based on Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR. The data processing remains lawful until revocation. The revocation only applies to the future. The conditions for this can be found in Art. 7 (3) GDPR;
- Complaint: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The requirements for this can be found in Art. 77 GDPR. You can contact the supervisory authority responsible for the controller or the supervisory authority in your country or federal state. You can find a list of all supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
- Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which we process on the basis of our overriding legitimate interest (Art. 6 (1) lit. e or f GDPR), with effect for the future; this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
- Right to object to the processing of data for the purposes of direct advertising and product reviews
- We collect and process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such direct marketing; this also applies to profiling insofar as it is associated with such direct marketing.
- In individual cases, we process and use your personal data to send you an evaluation request and/or product recommendation by e-mail, which are exclusively in connection with your purchase, conclusion and/or other analogous transactions. Furthermore, we may also use your e-mail address and/or postal address in this context to send you product recommendations by e-mail and/or post for similar goods and/or services offered by us. You will receive these evaluation requests and product recommendations from us regardless of whether you have subscribed to a newsletter.
- Exercising your right to object: You can object to this data processing for direct marketing purposes at any time by sending a letter to DEGELER GmbH & Co. KG, Frankfurter Str. 63 A, 63322 Rödermark or by e-mail to info@DEGELER.com and/or at the end of each advertising e-mail with effect for the future, without incurring any costs other than the respective transmission costs according to the basic rates. Your right to object also applies automatically to any profiling, insofar as it is associated with such direct advertising.
- If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes with immediate effect.
VI. How long will my data be stored?
Unless otherwise specified above, the following criteria apply for determining the storage period:
- In the case of consent pursuant to Art. 6 para. 1 lit. a GDPR, the data will be stored until the data subject withdraws their consent.
- In the case of pre-contractual and contractual purposes in accordance with Art. 6 para. 1 lit. b GDPR, the data is stored beyond the end of the contract until the expiry of relevant limitation periods (e.g. 3 years in accordance with Section 195 BGB) from the concluded contract.
- In the case of our overriding legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, the data will be stored until the data subject exercises their right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defense of legal claims.
- In the case of direct advertising in accordance with Art. 6 para. 1 lit. f GDPR, the data will be stored until the data subject exercises their right to object in accordance with Art. 21 para. 2, 3 GDPR.
- In the case of retention obligations incumbent on us, the relevant documents are stored until the expiry of the relevant statutory provisions (e.g. 10 or 6 years in accordance with Section 147 AO and Section 257 HGB).
- We store data relating to interested parties for as long as it can be assumed that there is still an interest in working with us. If we assume that there is no longer any interest, we delete this data.
- We store business partner data for as long as it can be assumed that there is still an interest in working with us. If we assume that there is no longer any interest, we will delete this data at the earliest 3 years after the end of the last business relationship, provided there are no statutory retention obligations.
- We store supplier data until the supplier objects and delete it at the earliest 3 years after the end of the last business relationship, provided there are no statutory retention obligations.
- Otherwise, personal data will only be stored for as long as there is a legal reason to store it.
We process personal data that we have received from you or the recipients of personal data.
VIII. Obligation to provide data
As part of the performance of our contractual or statutory obligations, you as the data subject may be obliged to provide our company with personal data that is necessary for the establishment, performance and termination of the contractual relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it.
IX. Copyright notice
Data protection information Copyright 2024 Attorney Marc Oliver Giel