When you access our website, we collect, store and process personal data as follows.
I. COMPETENT AUTHORITY AND PRIVACY OFFICER
The competent authority as stipulated by the applicable privacy law on the collection, storage and processing of personal data is:
Kompernaß Handelsgesellschaft mbH,
represented by its Managing Johannes-Heinrich Kompernaß, Monika Kompernaß and
Tel.: +49 02327/3018-0
Fax: +49 02327/3018-100
You can contact our privacy officer, Ms Jennifer Hogrebe, at the same address and phone number or by sending an e-mail to email@example.com.
1. Accessing our website
Whenever our website is accessed, we automatically collect and store the following data in order to facilitate the use of the website. This data is only stored for the purposes of ensuring IT security (e.g. identifying attacks on the website) and generating statistics. We store all data in a form in which cannot be linked to any specific person. No usage profiles are created for individual users. We collect the following data: browser type/version, operating system used, IP address, referrer URL (the previously visited page), date and time of access.
2. The data is stored for a duration of 2 days.
The personal data specified below is only collected with express consent as per Section 6 Paragraph 1 Sentence 1a of the German General Data Protection Regulation (GDPR), which will come into force on 25/05/2018. This consent is given upon the creation of a customer account in our online shop (if registering as an online shop customer) and when submitting data to order goods (if goods are being ordered). When you order goods, your personal data is further processed on the basis of Section 6 Paragraph 1 Sentence 1b GDPR, as the data collected and processed during the order is necessary to perform the contract in respect of delivery of the ordered goods.
When you register as a customer of our online shop and order goods, the registration and login forms collect the following personal data, which is used exclusively for the purpose of delivering and invoicing your order:
- Address data
- Payment method
- Ordered item(s)
You must provide the above data to place an order in our online shop. You cannot place any orders in our online shop without consenting to the collection and processing of the above data. The same applies to the creation of a user account with the exception of the ordered goods and applicable payment method.
The data is stored for a period of ten years.
3. Personal data collected during registration using a single sign-on account
You can also register as a customer of our online shop using an existing single sign-on account ("SSO"). SSO accounts allow you to log on to different services and platforms with a single account after it has been created. You can also register for our online shop using the SSO providers Facebook and Google.
When you register as a customer of our online shop, we draw your attention to the option of registering with an SSO account from Facebook or Google. To do so, you must be registered with Facebook or Google or create such an account during the registration process, provided this option is offered by the respective provider. Please note that the registration and use of the SSO providers Facebook and Google are subject to the privacy and usage conditions of the respective provider.
a) Log in to the SSO provider
If you decide to register in our online shop using your Facebook or Google SSO account, you will first be forwarded directly to your SSO provider. Your SSO provider will ask you to enter your access data and log on or register with the SSO provider. If you are already logged in to the SSO provider, this login query will be skipped. Your Facebook or Google access data will not be shared with us and remains with your SSO provider.
b) Connection to the SSO provider (Facebook or Google)
Afterwards, you connect your profile with your SSO provider to your customer account in our online shop. This step also tells you which details from your SSO profile can be queried on Facebook or Google when you register as a customer of our online shop. To register as a customer of our online shop we also need your e-mail address (as stored in your SSO profile). This is necessary so that if you later wish to cancel the connection between your SSO profile and your customer account in our online shop, you can continue to use your customer account in our online shop using the "Forgotten password" function. When you create a link between your SSO profile and your customer account in our online shop via your SSO provider, you agree to the use of your above-mentioned data. You will then be redirected to a page where you can register as a customer of our online shop. When you register, we will take the above-mentioned data from your SSO provider and use it to create your customer account in our online shop for you. After successful registration, you can log in to your customer account in our online shop using the corresponding login button for the SSO provider you have used for your customer account.
(c) Data collection and storage by Kompernaß
Your SSO provider gives us access to a small amount of data. This is your e-mail address and your name, which we use to create your customer account.
(c) Data collection and storage by the SSO provider
e) Further information
If you have completed the registration in our online shop via an SSO provider, we will store the information that you have registered in our online shop via your SSO provider. This information is stored in the form of a key. Your access data to the respective SSO provider will not be stored by us. If you change your details with your SSO provider, i.e. those that were transmitted in connection with your registration as a customer in our online shop, you must also make these changes in your customer account in our online shop. We do not automatically receive your updated information from your SSO provider, nor do we send any information to your SSO provider unless you agree to this.
(f) Cancellation of the link
If you want to cancel the link between your customer account in our online shop and your SSO provider, please log in to your SSO provider (Facebook or Google) and make the necessary changes in your profile there, if this is possible with your respective SSO provider. In this way, you can withdraw our authorisation to use information from your SSO profile on your behalf.
III. RIGHT OF REVOCATION
You have the right to revoke your consent to the processing of your personal data at any time, but the legitimacy of the data processing that has taken place between your granting and revoking of consent will not be affected. Contact us by sending an e-mail to firstname.lastname@example.org or via another channel to revoke your consent.
IV. PASSING ON OF DATA
Any data we collect is only passed on to the forwarding company contracted to deliver the goods and the financial institutions responsible for the billing of the order, and only to the extent required for the delivery and billing of the order.
V. PRIVACY STATEMENT FOR THE USE OF GOOGLE ANALYTICS
This website uses functions of web analytics service Google Analytics. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are placed on your computer to help the website analyse how users use the site. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States.
In the event that IP anonymization is activated on this website, your IP address will, however, be shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. In exceptional cases, the full IP address will be transmitted to the USA and shortened there. Google uses this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and Internet-related services to the website operator. The IP address collected by your browser in the context of Google Analytics will not be combined with any other data held by Google.
You may refuse the saving of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use all the features of this website. You can also prevent the collection of the data generated by the cookie and other data related to your usage of the website (including your IP address) by Google as well as the processing of these data by Google by downloading and installing the browser plug-in available at the following address: http://tools.google.com/dlpage/gaoptout?hl=de
The use of Google Analytics serves the legitimate interest of Kompernaß to maintain the website and online shop and collect statistical data about visitor numbers and their usage of the services. Data processing for the fulfilment of such legitimate interest is carried out on the basis of Section 6 Paragraph 1 Sentence 1 f) GDPR.
VI. OTHER COOKIES
Some web pages use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies help to make our service more user-friendly, more efficient and more secure. Cookies are small text files that are placed on your computer and saved by your browser.
Most of the cookies we use are so-called session cookies. They are automatically deleted after the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognise your browser when you visit your website again.
You can set your browser to inform you about the storage of new cookies and ask your permission each time, prevent the storage of cookies on an individual basis or altogether, or activate automatic deletion of cookies when closing the browser. If you deactivate cookies, you might be unable to use the full functionality of this website.
VII. SSL ENCRYPTION
Kompernaß Handelsgesellschaft mbH takes all technical and organisational measures required to guarantee effective data protection. All of our employees are obliged to observe data confidentiality. Your data will always be treated as confidential. The encryption of sensitive data transfers is done using SSL (Secure Sockets Layer). This is currently the most common and most secure data transmission method on the Internet.
VIII. RIGHT OF ACCESS
In accordance with Section 15–21 GDPR, you have the right
- to demand a confirmation regarding our processing of personal data about you,
- in the event that we do process personal data about you, to request details about this data and, in particular, information regarding the purpose of the data processing, the category of personal data processed, the recipients or category of recipients to whom the personal data has been or will be disclosed, especially if these recipient are located in third countries or international organisations, and the planned duration of storage of this personal data/the criteria determining this duration,
- to correction, deletion and/or restriction of the data and transfer of any personal data concerning you,
- and to refuse data processing in individual cases.
In order to exercise your rights, please contact our data privacy officer by sending an e-mail to email@example.com.
IX. FURTHER INFORMATION
Your trust is important to us. We will be happy to answer any questions you may have regarding the processing of your personal data. If you have any questions that this data protection declaration does not answer or if, at a later time, you would like more detailed information, please contact our data protection officer at the following e-mail address: firstname.lastname@example.org.
You also have the right to file a complaint regarding the processing of your personal data to the commissioner for data protection of the state of North Rhine-Westphalia.
X. Contact options and your rights
As the subject, you have the following rights:
- in accordance with art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent described therein;
- in accordance with art. 16 GDPR, you have the right to request immediate correction of incorrect or incomplete personal data stored by us;
- in accordance with art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless further processing is not required
- to exercise the right to freedom of expression and information;
- to fulfil legal obligations;
- for reasons of public interest, or
- for the assertion, exercising or defence of legal claims;
- in accordance with art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data insofar as
- the correctness of your data is in dispute;
- the processing is unlawful, but you oppose the deletion of your data;
- we no longer need the data, but you require the data for the assertion, exercising or defence of legal claims, or
- you have lodged an objection to the processing of your data pursuant to art. 21 GDPR;
- in accordance with art. 20 GDPR, you have the right to receive your personal data that you have provided us in a structured, standard and machine-readable format or to request that it be transferred to another responsible party;
- in accordance with art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority in your usual place of residence or work or at our registered office for this purpose.