Collection, processing and use of personal data
1. Data controller
Gottseidank GmbH & Co. KG
Represented by Managing Directors Jörg Hittenkofer and Tanja Merriam
Schleißheimer Str. 263
Tel.: +49 (0)89 358 999 18 0
Fax: + 49 (0)89 358 999 18 99
2. Collected data
When you visit our website – www.gottseidank.com – the web browser you are using on your device automatically sends information to our website server. This information is temporarily stored in what is known as a log file until it is automatically deleted. The following information is collected without any action on your part and stored until it is automatically deleted:
• Anonymised IP address
• Name of your internet service provider
• Date and time of request
• Amount of data transferred and date and length of your visit
• Browser used and operating system used where applicable
• Website from which our website was accessed (referrer URL)
We use this data for the following purposes:
• To ensure that our connection is stable
• To ensure that our website is easy to use
• To assess the level of system security
• To perform other administrative tasks
The legal basis for the temporary storage of data and log files is provided by our legitimate interests in accordance with Article 6(1)(f) of the GDPR.
2.2. Orders for Gottseidank GmbH & Co. KG products
When you place an order via our online shop, you must provide us with the personal data we need to process your order before you can enter into a sales contract with us. All data you need to provide in order for your order to be processed is marked as a mandatory field. It is up to you whether you provide us with any further details. We process the data you provide us with in this way to process your order. The legal basis for this is set out by Article 6(1)(1)(b) of the GDPR.
2.4. Customer account
You can choose to create a customer account, where your data will be stored to speed up future purchases. When you create an account via the ‘My Account’ button, the data you enter will be stored. You do, however, have the option to revoke your consent at any time. If you wish to place an order in this way, you will need to create a password-protected customer account of your own. When setting up your customer account, you will need to provide us with your title, full name, address and telephone number. You will also need to enter your email address and choose a password. The email address you enter will double up as the username for your customer account. Once you have successfully created your customer account, you will receive an automated confirmation email. At this point, you will have entered into a contract with us regarding the provision of your customer account.
When you sign into your customer account, you can see a summary of all past and present orders.
The data you provide when you create your customer account is used to allow you to use that account. We will store your IP address and the time at which you accessed your customer account every time you sign in. This data is stored on the basis of our legitimate interests and with a view to protecting your account against misuse and other unauthorised access. We will not share this data with third parties unless we are required to do so in order to pursue our claims or for legal reasons. We accept no liability for password violations unless we were at fault.
We use SSL encryption for the order process to prevent third parties gaining unauthorised access to your personal data, especially financial data.
2.5. Processing data to process orders
We need you to provide specific personal data (as indicated by the mandatory fields) in order to fulfil our obligations under the sales contract. If you do not wish to provide this data, we will unfortunately not be able to enter into a contract with you on the basis that we will not be able to fulfil our obligations.
When processing your order, we work with external service providers, such as delivery companies, which help us fulfil – in full or in part – our outstanding contractual obligations. We will share the personal data we collect with such companies if required to ensure delivery of our products so that we are able to fulfil our contractual obligations. In other words, we share this data to enable performance of our contract in accordance with Article 6(1)(b) of the GDPR.
2.6. Processing data to process payments
When placing an order via our online shop, you have a number of payment methods to choose from. Data relevant to the payment is collected to allow your order and payment to be processed. Your IP address is also processed for essential technical reasons and for legal assurance. The data is shared with our payment service providers as required in order for the payment to be processed. The payment systems we have in place use SSL encryption to protect your data when it is being transferred. The legal basis for sharing your data in this way is provided by Article 6(1)(b) of the GDPR.
You can object to your data being processed in this way at any time by contacting PayPal. Please note, though, that PayPal may still be authorised to process your personal data if required to process a payment in line with a contract.
3. Purposes of data usage
If you order products via our online shop, your personal data will only be processed for the purposes of entering into the sales contract, fulfilling our contractual obligations and processing the order, including payment and delivery.
The legal basis for processing your data in this way is provided by Article 6(1)(1)(b) (performance of a contract) and (f) (legitimate interests) of the GDPR and the legal basis relating to your consent is covered in Article 6(1)(a) of the GDPR. We will store any data we have collected in order to perform a contract for as long as that contract exists and will delete the data once the contract has come to an end unless we are authorised to store it for longer, we are legally obliged to store it for longer in accordance with Article 6(1)(1) of the GDPR, or you have provided your consent as per Article 6(1)(1) of the GDPR.
4. Sharing data with third parties
We will only share personal data with third parties or contracted data processors when we are required to do so in order to fulfil the relevant purposes. In such cases, we will take appropriate steps to ensure that these third parties have appropriate measures in place to protect your personal data.
With the exception of the types of processing already outlined, we will not share your data with any recipients based outside of the European Union or the European Economic Area. In the case of the types of processing already outlined, data is transferred to the servers of the providers we work with. These servers are located in the USA. These companies apply the standard data protection clauses adopted by the EU Commission when it comes to transferring personal data to third countries or else have their own data protection regulations that have been approved by the relevant supervisory authorities. In all cases, appropriate safeguards are provided to ensure compliance with the EU’s data protection standards in accordance with Article 46 of the GDPR.
5. Deleting data
We will delete the personal data we have stored about you if you withdraw your consent to us processing it, if we no longer need it to fulfil the purposes for which it was originally stored, and if we are not permitted to store it (any more) for other legal reasons.
This website uses Google Analytics, a web analysis service provided by Google, Inc. (hereinafter referred to as ‘Google’). Google Analytics uses ‘cookies’, which are text files stored on your computer to make it possible to analyse the way in which you use the website. The information generated by the cookie about your use of this website is usually sent to a Google server in the USA and stored there. If IP anonymisation is enabled on this website, Google will anonymise your IP address beforehand within Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area.
Your full IP address will only be sent to a Google server in the USA and anonymised there in exceptional cases. The operator of this website commissions Google to use this information to evaluate your use of the website, to generate reports about website activity and to provide the website operator with other services relating to use of the website and internet. Google will not link the IP address transmitted by your browser in relation to Google Analytics to any other data.
The legal basis for this processing is provided by Article 6(1)(f) of the GDPR (legitimate interests). You can stop cookies from being stored by changing your browser settings.
7. Integration of Vimeo videos
We use the Vimeo platform to integrate videos. Vimeo is provided by Vimeo, LLC, based at 555 West 18th Street, New York, New York 10011. We have enabled the ‘Do Not Track’ setting within the embed code, which means that Vimeo is not able to store cookies on your browser when you access the website or play videos. As a result, no personal data is processed.
You can read more about how Vimeo processes and protects your data here: https://vimeo.com/privacy. Vimeo also applies the standard data protection clauses adopted by the EU Commission when it comes to transferring personal data to third countries and therefore provides appropriate safeguards for data protection in accordance with Article 46 of the GDPR.
9. Data security
We protect your personal data against risks associated with data processing, which include in particular unauthorised access, use and publication. We do this by implementing appropriate technical and organisational measures and taking into account the state of the art at all times. Your personal data is always encrypted (SSL) when it is transferred.
10. Your Rights
10.1 Right to withdraw consent
You have the right to withdraw your consent to us processing us your personal data going forward at any time.
The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
10.2 Right to be informed
You have the right to request information about the personal data we are storing about you at no cost. You may also request to receive this information electronically.
10.3 Right to rectification, erasure and restriction of processing
You have the right to request for your personal data to be rectified or deleted. You also have the right to obtain restriction of processing of your personal data. Please note, however, that if you request for your data to be deleted or restricted, you will no longer be able to use associated services.
Your right to erasure may be limited by legal obligations to continue storing data.
10.4 Right to data portability
You have the right to receive your data in a machine-readable format or have your data transmitted to another controller provided that processing is carried out by automated means and based on your consent.
10.5 Exercising your rights
If you wish to exercise any of your rights, please send us an informal letter to Gottseidank GmbH & Co. KG, Schleißheimer Str. 263, 80809 Munich, Germany or email to firstname.lastname@example.org.
If you have a complaint, please contact the relevant supervisory authority for data protection in Berlin.
11. Data protection officer
If you have any specific questions relating to data protection, please do not hesitate to get in touch with our data protection officer, Olivier Mayaud, by post (Schleißheimerstraße 263, 80809 Munich, Germany) or by email (email@example.com).
12. Legal bases
We will always provide you with the legal basis for processing your data in accordance with Article 13 of the GDPR. If we do not provide any specific details on the legal basis for processing your data, the following applies:
– The legal basis relating to your consent is covered in Article 6(1)(a) and Article 7 of the GDPR.
– The legal basis relating to the performance of our contract and provision of our services is covered in Article 6(1)(b) of the GDPR.
– The legal basis relating to compliance with legal obligations is covered in Article 6(1)(c) of the GDPR.
– The legal basis relating to our legitimate interests is covered in Article 6(1)(f) of the GDPR.
Schleißheimer Straße 273 Munich
Monday - Friday 11:00 - 19:00 Saturday 11:00 - 17:00