Privacy Policy

Collection, processing and use of personal data

Welcome to the website of Gottseidank GmbH & Co. KG. We are delighted that you have chosen to visit our website and would like to take this opportunity to thank you for your interest in our brand. We take the protection of your personal data very seriously, which is why we are committed to following all applicable regulations relating to data protection and security within the scope of our online activity. The most up-to-date version of this privacy policy outlines the way in which we process your data

1. Data controller

Gottseidank GmbH & Co. KG
Represented by Managing Directors Jörg Hittenkofer and Tanja Merriam
Schleißheimer Str. 263
80809 Munich
Germany
Tel.: +49 (0)89 358 999 18 0
Fax: + 49 (0)89 358 999 18 99

2. Collected data

2.1 Website

When you visit our website – www.gottseidank.com – the web browser you are using on your device automatically sends information to our website server. This information is temporarily stored in what is known as a log file until it is automatically deleted. The following information is collected without any action on your part and stored until it is automatically deleted:
• Anonymised IP address
• Name of your internet service provider
• Date and time of request
• Amount of data transferred and date and length of your visit
• Browser used and operating system used where applicable
• Website from which our website was accessed (referrer URL)
We use this data for the following purposes:
• To ensure that our connection is stable
• To ensure that our website is easy to use
• To assess the level of system security
• To perform other administrative tasks
The legal basis for the temporary storage of data and log files is provided by our legitimate interests in accordance with Article 6(1)(f) of the GDPR.

2.2. Orders for Gottseidank GmbH & Co. KG products

When you place an order via our online shop, you must provide us with the personal data we need to process your order before you can enter into a sales contract with us. All data you need to provide in order for your order to be processed is marked as a mandatory field. It is up to you whether you provide us with any further details. We process the data you provide us with in this way to process your order. The legal basis for this is set out by Article 6(1)(1)(b) of the GDPR.

2.3. Newsletter

You can choose to subscribe to our newsletter. We use a double opt-in system for subscriptions to our newsletter. This means that we ask you to explicitly confirm that you would like to subscribe to our newsletter before we start emailing it out to you. We then send you a notification email containing a link that you need to click on to confirm again that you would like to subscribe to our newsletter. If you do choose to subscribe to our newsletter, we will store your IP address and the date on which you subscribed. We need to store this data and have you provide us with a valid email address to stop email addresses being signed up without authorisation. If you decide that you no longer want to receive our newsletter, you can unsubscribe at any time without incurring any additional costs. Our newsletter is sent out by Mailchimp, a newsletter platform provided by US company The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta GA 30308 USA. You can check out the privacy policy for Mailchimp here: https://mailchimp.com/legal/privacy/. The Rocket Science Group applies the standard data protection clauses adopted by the EU Commission when it comes to transferring personal data to third countries and therefore provides appropriate safeguards for data protection in accordance with Article 46 of the GDPR.

2.4. Customer account

You can choose to create a customer account, where your data will be stored to speed up future purchases. When you create an account via the ‘My Account’ button, the data you enter will be stored. You do, however, have the option to revoke your consent at any time. If you wish to place an order in this way, you will need to create a password-protected customer account of your own. When setting up your customer account, you will need to provide us with your title, full name, address and telephone number. You will also need to enter your email address and choose a password. The email address you enter will double up as the username for your customer account. Once you have successfully created your customer account, you will receive an automated confirmation email. At this point, you will have entered into a contract with us regarding the provision of your customer account.
When you sign into your customer account, you can see a summary of all past and present orders.
The data you provide when you create your customer account is used to allow you to use that account. We will store your IP address and the time at which you accessed your customer account every time you sign in. This data is stored on the basis of our legitimate interests and with a view to protecting your account against misuse and other unauthorised access. We will not share this data with third parties unless we are required to do so in order to pursue our claims or for legal reasons. We accept no liability for password violations unless we were at fault.
We use SSL encryption for the order process to prevent third parties gaining unauthorised access to your personal data, especially financial data.

2.5. Processing data to process orders

We need you to provide specific personal data (as indicated by the mandatory fields) in order to fulfil our obligations under the sales contract. If you do not wish to provide this data, we will unfortunately not be able to enter into a contract with you on the basis that we will not be able to fulfil our obligations.
When processing your order, we work with external service providers, such as delivery companies, which help us fulfil – in full or in part – our outstanding contractual obligations. We will share the personal data we collect with such companies if required to ensure delivery of our products so that we are able to fulfil our contractual obligations. In other words, we share this data to enable performance of our contract in accordance with Article 6(1)(b) of the GDPR.

2.6. Processing data to process payments

When placing an order via our online shop, you have a number of payment methods to choose from. Data relevant to the payment is collected to allow your order and payment to be processed. Your IP address is also processed for essential technical reasons and for legal assurance. The data is shared with our payment service providers as required in order for the payment to be processed. The payment systems we have in place use SSL encryption to protect your data when it is being transferred. The legal basis for sharing your data in this way is provided by Article 6(1)(b) of the GDPR.

PayPal

If you choose to pay by PayPal, credit or debit card via PayPal or, where available, an account balance or instalment plan via PayPal, we will share your payment data with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter referred to as ‘PayPal’) for the purposes of processing your payment. The legal basis for sharing your data in this way is provided by Article 6(1)(b) of the GDPR and your data will only be shared as required in order to process your payment. If you choose to pay by credit or debit card via PayPal or, where available, an account balance or instalment plan via PayPal, PayPal reserves the right to run a credit check. In this case, your payment data may be shared with credit agencies to check your credit rating on the basis of PayPal’s legitimate interests in accordance with Article 6(1)(f) of the GDPR. PayPal will use the result of the credit check to statistically determine the likelihood of you defaulting on payments and make a decision as to whether to allow you to use your selected payment method on that basis. The information provided by credit agencies may include your credit score. If your credit score is provided as part of a credit check, the information is based on a scientifically proven mathematical and statistical process. Data, including your address, is used to calculate your credit score. You can find out more about data protection, including the credit agencies used, by reading PayPal’s own privacy policy here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. PayPal applies its own binding regulations regarding the transfer of personal data, including to third countries, within its organisation and these regulations have been approved by the relevant supervisory authorities in accordance with Article 46 of the GDPR.
You can object to your data being processed in this way at any time by contacting PayPal. Please note, though, that PayPal may still be authorised to process your personal data if required to process a payment in line with a contract.

SOFORT

If you choose to pay via ‘SOFORT’, your payment will be processed by the payment provider SOFORT GmbH, Theresienhöhe 12, 80339, Munich, Germany (hereinafter referred to as ‘SOFORT’). In this case, we will share with the payment provider the data you have provided as part of your order along with details about your order in accordance with Article 6(1)(b) of the GDPR. Sofort GmbH belongs to the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will be shared with the payment provider SOFORT solely to process your payment and only to the extent required for that purpose. You can read SOFORT’s own privacy policy by heading to the following website: https://www.klarna.com/sofort/datenschutz.

Stripe

If you choose to pay by a method offered by payment service provider Stripe, your payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. In this case, we will share with the payment provider the data you have provided as part of your order along with details about your order (name, address, account number, sort code, credit card number where applicable, total amount to be paid, currency and transaction number) in accordance with Article 6(1)(b) of the GDPR. Your data will be shared with the payment provider Stripe Payments Europe Ltd. solely to process your payment and only to the extent required for that purpose. You can read Stripe’s own privacy policy here: https://stripe.com/de/privacy#translation. Stripe applies the standard data protection clauses adopted by the EU Commission when it comes to transferring personal data to third countries and therefore provides appropriate safeguards for data protection in accordance with Article 46 of the GDPR.

3. Purposes of data usage

If you order products via our online shop, your personal data will only be processed for the purposes of entering into the sales contract, fulfilling our contractual obligations and processing the order, including payment and delivery.
The legal basis for processing your data in this way is provided by Article 6(1)(1)(b) (performance of a contract) and (f) (legitimate interests) of the GDPR and the legal basis relating to your consent is covered in Article 6(1)(a) of the GDPR. We will store any data we have collected in order to perform a contract for as long as that contract exists and will delete the data once the contract has come to an end unless we are authorised to store it for longer, we are legally obliged to store it for longer in accordance with Article 6(1)(1) of the GDPR, or you have provided your consent as per Article 6(1)(1) of the GDPR.

4. Sharing data with third parties

We will only share personal data with third parties or contracted data processors when we are required to do so in order to fulfil the relevant purposes. In such cases, we will take appropriate steps to ensure that these third parties have appropriate measures in place to protect your personal data.
With the exception of the types of processing already outlined, we will not share your data with any recipients based outside of the European Union or the European Economic Area. In the case of the types of processing already outlined, data is transferred to the servers of the providers we work with. These servers are located in the USA. These companies apply the standard data protection clauses adopted by the EU Commission when it comes to transferring personal data to third countries or else have their own data protection regulations that have been approved by the relevant supervisory authorities. In all cases, appropriate safeguards are provided to ensure compliance with the EU’s data protection standards in accordance with Article 46 of the GDPR.

5. Deleting data

We will delete the personal data we have stored about you if you withdraw your consent to us processing it, if we no longer need it to fulfil the purposes for which it was originally stored, and if we are not permitted to store it (any more) for other legal reasons.

6. Cookies

We use cookies on our website. Cookies are small text files that are automatically generated by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, trojans or other types of malware. Cookies contain information that is generated in relation to the specific device you are using, but this does not mean that we can use the information to identify you directly. One of our reasons for using cookies is to improve your experience of using our website. We use session cookies to track the pages you have visited on our website, but they are deleted automatically when you leave our site. We also use temporary cookies to make our website more user-friendly. This type of cookie is stored on your device for a set period of time. If you visit our website again to use our services, we can automatically detect that you have visited it before. The text you entered and any settings you configured can be recalled so you don’t have to repeat anything.
We also use cookies to compile statistics about the use of our website, which we can then evaluate and use to optimise our online presence for your benefit (refer to Section 5). These cookies allow us to automatically detect that you have visited our website before when you return. These cookies are automatically deleted after a set period of time. The data processed by cookies is necessary for the aforementioned purposes of respecting our legitimate interests as well as those of third parties in accordance with Article 6(1)(1)(f) of the GDPR. Most browsers accept cookies by default. You do, however, have the option of updating your browser settings to stop cookies being stored on your computer or to make sure a pop-up appears before each new cookie is created. Please note, though, that you may not be able to use all of the features of our website if you disable all cookies.
This website uses Google Analytics, a web analysis service provided by Google, Inc. (hereinafter referred to as ‘Google’). Google Analytics uses ‘cookies’, which are text files stored on your computer to make it possible to analyse the way in which you use the website. The information generated by the cookie about your use of this website is usually sent to a Google server in the USA and stored there. If IP anonymisation is enabled on this website, Google will anonymise your IP address beforehand within Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area.
Your full IP address will only be sent to a Google server in the USA and anonymised there in exceptional cases. The operator of this website commissions Google to use this information to evaluate your use of the website, to generate reports about website activity and to provide the website operator with other services relating to use of the website and internet. Google will not link the IP address transmitted by your browser in relation to Google Analytics to any other data.
You can stop cookies from being stored by changing your browser settings. Please note, though, that you may not be able to make full use of all of the features of this website in that case. You can also stop the data generated by the cookie about your use of the website (including your IP address) being sent to and processed by Google by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You can also deactivate Google Analytics and its tracking services by installing a Google browser plugin (please insert link), which stores an opt-out cookie that will stop your data being collected when you visit this website in future. You can find out more by reading the terms of use and privacy policy available via the following two links: http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.

The legal basis for this processing is provided by Article 6(1)(f) of the GDPR (legitimate interests). You can stop cookies from being stored by changing your browser settings.

7. Integration of Vimeo videos

We use the Vimeo platform to integrate videos. Vimeo is provided by Vimeo, LLC, based at 555 West 18th Street, New York, New York 10011. We have enabled the ‘Do Not Track’ setting within the embed code, which means that Vimeo is not able to store cookies on your browser when you access the website or play videos. As a result, no personal data is processed.
You can read more about how Vimeo processes and protects your data here: https://vimeo.com/privacy. Vimeo also applies the standard data protection clauses adopted by the EU Commission when it comes to transferring personal data to third countries and therefore provides appropriate safeguards for data protection in accordance with Article 46 of the GDPR.

8. Fonts

We use Typekit fonts provided by Adobe Systems Software Ireland, company registration number: 344992, address: 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. You can read Adobe’s privacy policy here: https://www.adobe.com/de/privacy.html. Adobe applies the standard data protection clauses adopted by the EU Commission when it comes to transferring personal data to third countries and therefore provides appropriate safeguards for data protection in accordance with Article 46 of the GDPR.

9. Data security

We protect your personal data against risks associated with data processing, which include in particular unauthorised access, use and publication. We do this by implementing appropriate technical and organisational measures and taking into account the state of the art at all times. Your personal data is always encrypted (SSL) when it is transferred.

10. Your Rights

10.1 Right to withdraw consent

You have the right to withdraw your consent to us processing us your personal data going forward at any time.
The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10.2 Right to be informed

You have the right to request information about the personal data we are storing about you at no cost. You may also request to receive this information electronically.

10.3 Right to rectification, erasure and restriction of processing

You have the right to request for your personal data to be rectified or deleted. You also have the right to obtain restriction of processing of your personal data. Please note, however, that if you request for your data to be deleted or restricted, you will no longer be able to use associated services.
Your right to erasure may be limited by legal obligations to continue storing data.

10.4 Right to data portability

You have the right to receive your data in a machine-readable format or have your data transmitted to another controller provided that processing is carried out by automated means and based on your consent.

10.5 Exercising your rights

If you wish to exercise any of your rights, please send us an informal letter to Gottseidank GmbH & Co. KG, Schleißheimer Str. 263, 80809 Munich, Germany or email to webshop@gottseidank.com.
If you have a complaint, please contact the relevant supervisory authority for data protection in Berlin.

11. Data protection officer

If you have any specific questions relating to data protection, please do not hesitate to get in touch with our data protection officer, Olivier Mayaud, by post (Schleißheimerstraße 263, 80809 Munich, Germany) or by email (info@gottseidank.com).

12. Legal bases

We will always provide you with the legal basis for processing your data in accordance with Article 13 of the GDPR. If we do not provide any specific details on the legal basis for processing your data, the following applies:
– The legal basis relating to your consent is covered in Article 6(1)(a) and Article 7 of the GDPR.
– The legal basis relating to the performance of our contract and provision of our services is covered in Article 6(1)(b) of the GDPR.
– The legal basis relating to compliance with legal obligations is covered in Article 6(1)(c) of the GDPR.
– The legal basis relating to our legitimate interests is covered in Article 6(1)(f) of the GDPR.

Updated: 09/09/2020

 

 

Store
Schleißheimer Straße 273 Munich
Monday - Friday 11:00 - 19:00 Saturday 11:00 - 17:00