Data protection statement
1. Data protection at a glance
General information
The following information provides a simple overview of what happens to your personal data if you visit this website. Personal data is all data from which you could be personally identified. You can find further information concerning data protection in this written data protection statement.
Data collection on this website
Who is responsible for collecting data on this website?
Data processing on this website is undertaken by the website operator. You can find the operator’s details in the section “Information about the data controller” of this data protection statement.
How do we collect your data?
Some of your data will be obtained by you sharing it with us. This could, for example, be data which you provide in a contact form.
Other data is automatically collected, or collected with your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system or time of page visit). This data is collected automatically, as soon as you enter the website.
How do we use your data?
Some of the data is collected to ensure that the website can be provided without problems. Other data may be used to analyse your usage behaviour.
What are your rights in respect of your data?
You have the right at any time to receive information about the origin, recipients and purpose of your stored personal data at no cost. You also have the right to request the rectification or erasure of this data. If you have consented to data processing, you can withdraw this consent at any time in respect of future processing. In addition, you have the right to restrict the processing of your personal data in certain circumstances. You also have the right to complain to the responsible supervisory authority.
You can ask us about this, or any other questions regarding data protection at any time.
Analysis tools and third party provider tools
When you visit this website your browsing behaviour may be statistically evaluated. This primarily occurs through so-called analysis programmes.
Detailed information about these analysis programmes can be found in the following data protection statement.
2. Hosting
The content of our website is hosted by the following provider:
External hosting
This website is externally hosted. The personal data collected on this website is stored on the host’s servers. This can include, among other things, IP addresses, contact forms, metadata and communication data, contractual data, contact data, names, website logins and other data which is generated through a website.
The external hosting is for the purposes of fulfilling a contract with our potential and existing customers (Article 6 (1) (b) GDPR) and in the interests of providing our online offer through a professional provider in a secure, fast and efficient manner (Article 6 (1) (f) GDPR). Where appropriate consent has been requested, the processing occurs exclusively on the basis of Article 6 (1) (a) GDPR and section 25, para. 1 of the German Telecommunications-Telemedia Data Protection Act (Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien - TTDSG), provided that the consent includes storage of cookies or access to information on user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.
Our host will only process your data to the extent necessary for the performance of its obligations and in accordance with our instructions in relation to this data.
We use the following host:
Onacy GmbH
Martin-Luther-King-Weg 30
48155 Münster
Germany
www.onacy.com
3. General information and mandatory information
Data protection
The operators of this website take protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection requirements, such as this data protection statement.
If you use this website, various personal data will be collected. Personal data is data from which you could be personally identified. This data protection statement explains what data we collect and what we use it for. It also explains how and for what purpose this occurs.
Please note that data transmission on the internet (e.g., communication by e-mail) can have security gaps. It is not possible to entirely protect the data from third party access.
Information about the data controller
The data controller for data processing on this website is:
Sieper GmbH
Schlittenbacher Straße 60
58511 Lüdenscheid
Telephone: +49 02351 8760
Email: info@siku.de
The data controller is the natural or legal person who makes decisions either individually or jointly with others about the purposes and method of processing of personal data (e.g., names, email addresses).
Storage period
Where no specific storage period is stated within this data protection statement, your personal data will remain with us until the purpose of the data processing has ended. If you make a justified request for erasure, or withdraw consent to data processing, your data will be erased, provided that we do not have any other legally permissible grounds for storage of your personal data (e.g., statutory retention periods under tax or commercial law); in the this case the data will be erased after these grounds end.
General information about the legal bases for data processing on this website
Where you have consented to data processing, we process your personal data on the basis of Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR if special data categories are being processed pursuant to Article 9 (1) GDPR. In the case of express consent to the transfer of personal data to third countries, data processing occurs on the basis of Article 49 (1) (a) GDPR. If you have consented to the storage of cookies, or to accessing information in your end device (e.g., device fingerprinting), data processing also occurs on the basis of section 25, para. 1 TTDSG. The consent can be withdrawn at any time. If your data is required for performance of a contract, or for implementing pre-contractual measures, we process your data on the basis of Article 6 (1) (b) GDPR. In addition, we process your data to the extent that this is necessary to fulfil a legal obligation on the basis of Article 6 (1) (c) GDPR. Data processing may also occur on the basis of our legitimate interest under Article 6 (1) (f) GDPR. We set out the individually applicable legal bases in the following sections of this data protection statement.
Data Protection Officer
Sieper GmbHSchlittenbacher Straße 60
58511 Lüdenscheid
E-Mail: datenschutzbeauftragter@siku.de
Information about data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. When these tools are active your personal data may be transferred to these third countries and processed there. Please note that in these countries a level of data protection comparable to that of the EU cannot be guaranteed. For example, US companies are required to provide personal data to security authorities, without any form of legal redress for you as an affected party. It is therefore possible that the US authorities (e.g., intelligence services) may process, evaluate and store your data that is accessible on US servers on an on-going basis. We have no influence over these processing activities.
Withdrawal of your consent to data processing
Many data processing activities are only permitted with your express consent. You can withdraw consent that you have provided at any time. The legitimacy of the data processing up to the point of withdrawal is unaffected by this.
Right to object to data collection in particular cases and to direct marketing (Article 21 GDPR)
IF THE DATA PROCESSING OCCURS ON THE BASIS ON ARTICLE 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED UPON ONE OF THESE PROVISIONS. YOU CAN FIND THE RELEVANT LEGAL BASIS FOR PROCESSING IN THIS DATA PROTECTION STATEMENT. IF YOU OBJECT, WE SHALL NO LONGER PROCESS THIS DATA UNLESS WE CAN DEMONSTRATE COMPELLING GROUNDS WORTHY OF PROTECTION FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSES OF ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21 (1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THIS TYPE OF ADVERTISING, THIS ALSO APPLIES TO PROFILING, TO THE EXTENT THAT IT RELATES TO SUCH DIRECT MARTKETING. IF YOU OBJECT, YOUR PERONSAL DATA WILL NO LONGER BE USED FOR THE PURPOSES OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21 (2) GDPR).
Right to complain to responsible supervisory authorities
In the event of a breach of the GDPR the data subject has the right to make a complaint to a supervisory authority, in particular in the Member State of his habitual residence, workplace or the location of the alleged breach. The right to complain is not affected by any additional administrative law or judicial remedies.
Right to data portability
You have the right to request that a copy of data which we automatically process on the basis of your consent or for performance of a contract is provided in a structured, commonly used and machine-readable format to you or a third party. Where you request the direct transfer of the data to another data controller, this will only occur to the extent technically possible.
Information, erasure and rectification
You have the right at any time within the scope of the applicable statutory provisions to receive without charge information concerning the personal data stored about you, its origin and recipients and the purpose of the data processing and, where applicable, the right to rectification or erasure of this data. You can ask us about this, or any other questions regarding personal data at any time.
Right to restriction of processing
You have the right to restrict the processing of your personal data. You can contact us about this at any time. The right to restriction of processing will exist in the following situations:
- If you dispute the accuracy of your stored personal data, we will normally need some time to check this. You have the right to request that processing of your personal data is restricted for the duration of our checks.
- If the processing of your personal data occurs/occurred illegitimately, you can request restriction of the processing of the data instead of erasure.
- If we no longer require your personal data, but you require it for the exercise, defence or assertion of legal claims, you have the right to request restriction of the processing of the data instead of erasure.
- If you have made an objection under Article 21 (1) GDPR, we must balance your interests and our interests. Until it is decided whose interests take precedence, you have the right to request that processing of your personal data is restricted.
If you have restricted the processing of your personal data, this data - with the exception of storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transfer of confidential information, such as, for example, orders or queries which you send us as the site operator. You can identify an encrypted connection if the address in the browser bar changes from “http://” to “https://” and by the padlock symbol in your browser bar.
If SSL or TLS encryption is activated, the data you send us cannot be read by third parties.
Encrypted payment transactions on this website
Where you are required to provide us with your payment details following the conclusion of a chargeable contract, (e.g., account number with direct debit mandate) this data is required in order to make payment.
Payment transactions via the payment methods used (Visa/Mastercard, direct debit process) are undertaken solely through an encrypted SSL or TLS connection. You can identify an encrypted connection if the address in the browser bar changes from “http://” to “https://” and by the padlock symbol in your browser bar.
With encrypted communication, the payment data you send us cannot be read by third parties.
Objection to marketing emails
We hereby object to the use of the statutory published contact details on our website for the transmission of advertising materials and information which has not been expressly requested. The site operator expressly reserves its legal rights regarding the unsolicited sending of advertising information, such as spam emails.
4. Data collection on this website
Cookies
Our webpages use so-called “cookies”. Cookies are small packages of data which do not harm your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently on your end device (permanent cookies). Session cookies are automatically erased after the end of your visit. Permanent cookies remain stored on your end device until you erase these yourself, or through automatic erasure by your web browser.
Sometimes cookies from third parties can also be stored on your end device if you access our site (third party cookies). These enable us or you to use certain services from third party providers (e.g., cookies to enable payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not operate without them (e.g., the shopping cart function or display of videos). Other cookies are used to evaluate user behaviour, or to show advertisements.
Cookies which are necessary to carry out electronic communications, to make available particular functions required by you (e.g., for the shopping cart function) or for optimising the performance of the website (e.g., cookies which measure the web audience) (necessary cookies) are stored on the basis of Article 6 (1) (f) GDPR, unless an alternative legal basis is specified. The website operator has a legitimate interest in storing necessary cooking to ensure the technical error-free and optimised provision of its services. Where consent is requested for the storage of cookies and comparable recognition technology, the processing takes place exclusively on the basis of this consent (Article 6 (1) (a) GDPR and section 25, para. 1 TTDSG); the consent can be withdrawn at any time.
You can adjust your browser settings to ensure that you are notified where cookies are used and only permit cookies on an individual basis, to accept cookies only for particular cases, or exclude them in general, as well as to automatically erase cookies on closing the browser. If cookies are deactivated this may affect the functionality of this website.
Where third party cookies or analysis cookies are used, we will inform you of this specifically in this Data Protection Statement and, if necessary, seek consent.
Server log files
The site provider automatically creates and stores information in so-called server log files, which are automatically transferred by your browser to us. These are:
- browser type and version
- operating system used
- referrer URL
- host name of the accessing computer
- time of server access
- IP address
This data is not combined with other data sources.
Collection of this data is on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the technical error-free and optimised provision of its services - this requires the creation of server log files.
Contact form
If you send us a query by contact form, your details from the query form, including the contact details provided there, are stored by us for the purposes of processing the query and any related questions. We will not pass on this data further without your consent.
The processing of this data occurs on the basis of Article 6 (1) (b) GDPR, where your query is connected to performance of a contract or for the implementation of pre-contractual measures. In all other cases the processing is based on our legitimate interest in effectively processing queries we receive (Article 6 (1) (f) GDPR), or on your consent (Article 6 (1) (a) GDPR) to the extent this is requested; the consent can be withdrawn at any time.
We will keep the data you provide in the contact form until you request its erasure, withdraw your consent to storage, or until the end of the purposes for data storage (e.g., following conclusion of processing your query). All mandatory statutory requirements, in particular retention periods, are unaffected.
Query by email, telephone or fax
If you contact us by email, telephone or fax, your query including all personal information relating to it (name, query) is stored and processed by us for the purposes of processing your request. We will not pass on this data further without your consent.
The processing of this data occurs on the basis of Article 6 (1) (b) GDPR, where your query is connected to performance of a contract or for the implementation of pre-contractual measures. In all other cases the processing is based on our legitimate interest in effectively processing queries we receive (Article 6 (1) (f) GDPR), or on your consent (Article 6 (1) (a) GDPR) to the extent this is requested; the consent can be withdrawn at any time.
We will keep the data you provide in your query until you request its erasure, withdraw your consent to storage, or until the end of the purposes for data storage (e.g., following conclusion of processing your query). All mandatory statutory requirements, in particular statutory retention periods, are unaffected.
5. Analysis tools and advertising
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool which we can use to integrate tracking or statistical tools and other technology into our website. Google Tag Manager does not create a user profile itself and does not store cookies or undertake any independent analysis. It is only used for administering and operating the integrated tools. Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the fast and simple connection and operation of various tools on its website. Where appropriate consent has been requested, the processing occurs exclusively on the basis of Article 6 (1) (a) GDPR and section 25, para. 1 TTDSG, provided that the consent includes storage of cookies or access to information on the end device of the user (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.
Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as, for example, page views, length of stay, operating systems used and origin of the user. This data is combined in a user ID and attributed to the relevant end device of the website visitor.
We can also depict, among other things, your mouse and scrolling movements and clicks through Google Analytics. Google Analytics also uses various modelling approaches to enhance the collected data and uses machine learning technology in data analysis.
Google Analytics uses technologies which enable user recognition for the purposes of analysing user behaviour (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is normally transferred to and stored on a Google Server in the USA.
The use of this service is based on your consent pursuant to Article 6 (1) (a) GDPR and section 25, para. 1 TTDSG. The consent can be withdrawn at any time.
Data transfer to the USA is made on the basis of the EU Commission’s standard contractual clauses. You can find further details here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information about Google Analytics use of user data can be found in Google’s data protection statement: https://support.google.com/analytics/answer/6004245?hl=de.
Contract processing
We have entered into a contract with Google for data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Analytics ecommerce tracking
This website uses the Google Analytics “ecommerce tracking” function. By using ecommerce tracking, a website operator can analyse the shopping habits of website visitors in order to improve online marketing campaigns. This means that information can be collected, such as, for example, orders placed, average order value, shipping costs and the time from viewing to purchase of a product. This data can be combined by Google under a transaction ID, which is assigned to the relevant user or device.
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Conversion Tracking enables us and Google to see whether a user has carried out certain actions. This means, for example, that we can evaluate which buttons on our website have been clicked and how frequently and which products have been particularly regularly viewed or purchased. This information enables conversion statistics to be produced. We discover the total number of users who have clicked on our displays and what actions they carried out. We do not receive any information which allows us to personally identify the user. Google itself uses identification cookies or similar recognition technology.
The use of this service is based on your consent pursuant to Article 6 (1) (a) GDPR and section 25, para. 1 TTDSG. The consent can be withdrawn at any time.
You can find more information about Google Conversion Tracking in Google’s data protection provisions at: https://policies.google.com/privacy?hl=de.
Facebook Pixel Tracking PRO (Meta)
6. Newsletter
Newsletter data
If you wish to subscribe to the newsletter offered on the website, we need your email address, together with information which allows us to check that you are the owner of the email address provided and have agreed to receive the newsletter. Further data is either not collected, or only on a voluntary basis. We use a newsletter service provider to process the newsletter, further details of which are provided below.
Campaign from Optimizely
This website uses Campaign to send newsletters. The provider is Episerver GmbH, Wallstraße 16, 10179 Berlin, Germany, which is part of the Optimizely business group.
Campaign is a service which, among other things, enables the distribution of newsletters to be organised and analysed. If you register on our website for a newsletter, the data provided in the registration form (first name, surname, email address) is processed. The confirmation email sent contains a link which, when accessed, transmits information that the recipient has confirmed the registration.
We use the newsletter tool of the provider Optimizely (Episerver) to provide the newsletter. For this purpose data will be transferred to Optimizely’s servers within the EU:
Confirmed email addresses are transferred to a system to administer subscriptions on Optimizely’s servers within the EU. All subscriptions and cancellations, together with your data (first name, surname, email address) are stored on the system. Your email address and IP data for the time of the entry, confirmation and cancellation are recorded.
Data analysis by Campaign
Campaign enables us to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links were clicked on. This enables us to establish, among other things, which links were particularly frequently clicked on.
We can also see whether certain pre-defined actions were carried out following the opening/clicking (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter. Campaign also enables us to classify newsletter recipients into certain categories (“cluster”). This allows newsletter recipients to be classified, for example, by age, gender or location. This enables us to better adapt the newsletter for the respective target groups.
If you do not want the analysis from Campaign, you must cancel the newsletter. We make an appropriate link available for this purpose in every newsletter. Further information about the functions of Campaign can be found via the following link:
https://www.optimizely.com/de/produkte/campaign/#features.
Legal bases
Data processing occurs on the basis of your consent (Article 6 (1) (a) GDPR). You can withdraw this consent at any time. The legitimacy of data processing that has already occurred is unaffected by the withdrawal.
Storage period
The data provided by you for the purposes of the newsletter will be stored by us or the newsletter provider until you unsubscribe from the newsletter and will be removed from the newsletter distribution list once you have unsubscribed. Data which is stored by us for other purposes is not affected by this.
Following your removal from the newsletter distribution list, we or the newsletter provider may store your email address in a blacklist, where this is necessary to prevent future mailings. Data on the blacklist will only be used for this purpose and not combined with other data. This is in both your and our interests in complying with the statutory provisions for sending newsletters (a legitimate interest within the meaning of Article 6 (1) (f) GDPR). There is no time limit on storage in the blacklist. You can object to the storage, provided your interests override our legitimate interest.
You can find more information about the data protection provisions of Campaign at:
https://www.optimizely.com/de/legal/datenschutz/.
7. Plugins and tools
YouTube with enhanced data protection
This website integrates videos from the YouTube website. The site operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube with enhanced data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they view the video. However, the onward transmission of data to YouTube partners is not specifically excluded in the enhanced data protection mode. Independently of whether you watch a video, YouTube makes a connection to the Google DoubleClick network.
As soon as a YouTube video starts on this website, a connection is made to YouTube servers. This means that the YouTube server will be informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to attribute your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
In addition, YouTube can store various cookies or similar recognition technology (e.g., device fingerprinting) on your end device after the start of a video. In this way YouTube can obtain information about visitors to this website. This information is used, among other things, to produce video statistics, to improve the user experience and to prevent attempted fraud.
In some cases, additional data processing may occur following the start of a YouTube video, which we have no influence over.
The use of YouTube occurs in the interests of making our online offers attractive. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Where appropriate consent has been requested, the processing occurs exclusively on the basis of Article 6 (1) (a) GDPR and section 25, para. 1 TTDSG, provided that the consent includes storage of cookies or access to information on the end device of the user (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.
You can find further information about YouTube and data protection in their data protection statement at: https://policies.google.com/privacy?hl=de.
Vimeo without tracking (Do Not Track)
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New
York, New York 10011, USA.
If you visit one of our webpages which contains Vimeo videos, a connection is made
to Vimeo’s servers. This means that the Vimeo server will be informed which of our pages you
have visited. Vimeo requires your IP address for this. We have installed Vimeo so that Vimeo cannot
track your user activities and will not use cookies.
The use of Vimeo occurs in the interests of making our online offers attractive.
This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Where consent
is requested, processing occurs exclusively on the basis of Article 6 (1) (a)
GPDR; the consent can be withdrawn at any time.
Data transfer to the USA is made on the basis of the EU Commission’s standard contractual clauses and,
according to Vimeo, “legitimate business interests”. You can find further details here:
https://vimeo.com/privacy.
Further information about use of user data can be found in Vimeo’s data protection statement
at:
https://vimeo.com/privacy.
Google Maps
This site uses the maps service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
In order to use the functions of Google Maps it is necessary to store your IP address. This information is normally transferred to and stored on a Google Server in the USA. The provider of this site has no influence over this data transfer. If Google Maps is activated, Google may use Google Fonts for the purposes of uniform font presentation. When accessing Google Maps, your browser downloads the necessary web fonts in your browser cache, in order to display text and fonts correctly.
The use of Google Maps occurs in the interests of making our online offers attractive and in order to make the locations provided on our website easy to find. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Where appropriate consent has been requested, the processing occurs exclusively on the basis of Article 6 (1) (a) GDPR and section 25, para. 1 TTDSG, provided that the consent includes storage of cookies or access to information on the end device of the user (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.
Data transfer to the USA is made on the basis of the EU Commission’s standard contractual clauses. You can find further details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
Further information about use of user data can be found in Google’s data protection statement: https://policies.google.com/privacy?hl=de.
8. Ecommerce and payment providers
Processing of customer and contractual data
We collect, process and use customer and contractual personal data to establish, create the content of and change our contractual relationships. We only collect, process and use personal data about the use of this website (user data) to the extent necessary in order to enable the user to use the service or for invoicing. The legal basis for this is Article 6 (1) (b) GDPR.
The customer data collected will be erased following conclusion of the order, or termination of the business relationship and expiry of any applicable statutory retention periods. All statutory retention periods remain unaffected.
Data transfer when concluding contracts for online shops, traders and shipping of goods
If you order goods from us, we will provide your personal data to the transport company entrusted with delivery and to the payment provider used by us for payment processing. Only data which is needed by the relevant service provider to provide the service will be transferred. The legal basis for this is Article 6 (1) (b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. Where you have provided an appropriate consent pursuant to Article 6 (1) (a) GDPR, we will provide your email address to the transport company entrusted with delivery, in order that they can notify you about the delivery status of your order by email; you can withdraw this consent at any time.
Payment services
We integrate third party payment services into our website. If you make a purchase from us, your payment data (e.g., first name, payment amount, bank account details, credit card number) will be processed by the payment provider for the purposes of payment processing. The applicable contractual and data protection provisions of the relevant provider apply to these transactions. Our use of the payment provider occurs on the basis of Article 6 (1) (b) GDPR (contract processing), and in the interests of enabling smooth, comfortable and secure payment (Article 6 (1) (f) GDPR). Where your consent is requested for particular transactions, Article 6 (1) (a) GDPR is the legal basis for the data processing; consents can be withdrawn at any time for the future.
We use the following payment services / payment providers on this website:
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter “PayPal”).
Data transfer to the USA is made on the basis of the EU Commission’s standard contractual clauses. You can find further details here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Your can find details in Paypal’s data protection statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Sofortüberweisung
The provider of this service is Sofort GmbH, Theresienhöhe 12, 80339, Munich (hereafter “Sofort GmbH”). By using the “Sofortüberweisung” (immediate transfer) process we receive a payment confirmation from Sofort GmbH in real time and can immediately start to fulfil our obligations. If you have selected the “Sofortüberweisung” payment method, the PIN and a relevant TAN are transferred by you to Sofort GmbH, which the company can use to log into your online bank account. Sofort GmbH will automatically check your account balance following login and will make the transfer to us using the TAN provided by you. They then immediately provide us with a transaction confirmation. After logging in, your balance, credit level of the overdraft facility and the existence of other accounts and their balances are also checked automatically. As well as the PIN and TAN, the payment details and personal data provided by you are transferred to Sofort GmbH. Your personal data includes first name and surname, address, telephone number(s), email address, IP address and any further applicable data necessary for processing the payment. The transfer of this data is necessary in order to unequivocally establish your identity and to prevent attempted fraud. You can find details about payment with Sofortüberweisung via the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
Amazon Pay
The provider of this service is Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg.
You can find details about the use of your data in Amazon Pay’s data protection statement via the following link: https://pay.amazon.de/help/201212490?ld=APDELPADirect.
Unzer
We use the payment service provider Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg to process your payments, in particular secure payment on account, immediate transfer and credit card payment. We transfer your personal data to the service provider for this purpose.
The transfer occurs pursuant to Article 6 (1) (b) GDPR and only to the extent necessary for payment processing.
For secure payment on account, Unzer GmbH carries out a credit check. This means that, where applicable, your payment data is provided to credit agencies pursuant to Article 6 (1) (f) GDPR on the basis of the legitimate interests of Unzer GmbH to establish your creditworthiness. These include, for example and not exclusively, the following named service providers: Schufa Holding AG, CRIF Bürgel GmbH, Arvato Infoscore GmbH, Universum Business GmbH, Bisnode D & B Austria GmbH.
Unzer GmbH uses the result of the credit check for the purposes of making the relevant payment method available based on the statistical probability of payment default. The credit information may contain the probability value (so-called score value). Where score values are used in the result of the credit check, the are based on a scientifically recognised mathematical statistical process. In calculating the score value, address details are transferred, among other details. Your can find further data protection law information about the credit agencies used in Unzer GmbH’s data protection statementhttps://www.unzer.com/de/datenschutz#datenschutzhinweise-gem-art-1314-und-21-dsgvo.
You can object to the processing of your personal data at any time by notifying Unzer GmbH. However, Unzer GmbH will remain entitled to process your personal data to the extent necessary for payment processing in accordance with the contract.
9. Own services
Use of applicant data
You have the opportunity to apply to us (e.g., by email or by post). We provide information below about the scope, purpose and use of your personal data which we collect during the application process. We ensure that the collection, processing and use of your data is in accordance with applicable data protection law and all other statutory requirements and that your data is treated in strict confidence.
Scope and purpose of data collection
If you apply to us, we process the personal data linked to this (e.g., contact and communication data, application documents, notes in the context of job interviews etc.), to the extent necessary for reaching a decision about establishing an employment relationship. The legal basis for this is section 26 of the German Data Protection Act (Bundesdatenschutzgesetz - BDSG) under German law (initiation of an employment relationship), Article 6 (1) (b) GDPR (general initiation of a contract) and, where you have provided consent, Article 6 (1) (a) GDPR. The consent can be withdrawn at any time. Your personal data will only be provided to persons within our business who are involved in processing your application.
If the application is successful, the data you provide to us will be stored in our data processing systems on the basis of section 26 BDSG and Article 6 (1) (b) GDPR for the purposes of implementing the employment relationship.
Duration of retention of data
If we are not able to offer you employment, you refuse an employment offer or withdraw your application, we reserve the right to retain the data provided by you for up to 6 months from the end of the application process (refusal or withdrawal of the application) on the basis of our legitimate interests (Article 6 (1) (f) GDPR). After this the data will be erased and the physical application documents destroyed. In particular, the retention is for the purposes of evidence in the event of a legal dispute. If it is foreseeable that the data will be required after the expiry of the 6 month deadline, (e.g., on the basis of a threatened or pending legal dispute) erasure will only occur once the purpose of the ongoing retention has concluded.
Longer retention may also occur if you have provided appropriate consent (Article 6 (1) (a) GPRD) or if statutory retention periods prevent erasure.
10. Prize Game
Sieper GmbH collects and uses the data of the participants only for the purpose of implementing the prize game. Any further collection and use of the data takes place only to the extent that the participants agree to it.
The provision of personal data is required for participation in the prize game. The participant expressly agrees that the data transmitted by him may be collected and processed for the purpose of implementing and executing the prize game. The participant also agrees to receiving news concerning the prize game from Sieper GmbH at the email address provided by him. In the event of revocation, the participant will be excluded from the prize game.
The personal data entered and transmitted by the participant is collected, stored, used and passed on to third parties, e.g., for the delivery of the prize (by post parcel service etc.) by Sieper GmbH solely for the purpose of implementing and executing the prize game. After full implementation of the prize game, the data is immediately and permanently erased.
Subscription to the newsletter is not mandatory for taking part in the prize game. When you subscribe to the newsletter, we use your email address to send the newsletter. In this case, the provisions in clause 3.2 apply.