Data privacy statement
Responsible party for the processing of data:
FOLIATEC Böhm GmbH & Co. Vertriebs-KG
Neumeyerstraße 70
90411 Nuremberg
Germany
info(at)foliatec.de
Thank you for visiting our online shop. Protection of your privacy is very important to us. Below you will find extensive information about how we handle your data.
1. Access data and hosting
You may visit our website without revealing any personal information. With every visit on the website, the web server stores automatically only a so-called server log file which contains e.g., the name of the requested file, your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data) and documents the request. These access data are analyzed exclusively for the purpose of ensuring the smooth operation of the website and improving our offer. This serves the protection of our legitimate interest in the proper presentation of our offer according to Art. 6 (1) 1 lit f GDPR that outweigh those of the data subject in the process of weighing of interests. All access data are deleted no later than seven days after the end of your visit on our website.
Hosting
The services for hosting and displaying the website are partly provided by our service providers in the context of processing on our behalf. Unless otherwise stated in this data protection declaration, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this data privacy statement.
Our service providers are located and/or use servers in countries outside the EU and the EEA. There is no European Commission adequacy decision for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.
2. Data processing for contract fulfilment and getting in contact
2.1 Data processing for contract fulfilment
For the purpose of contract processing in accordance with Art. 6 (1) 1 lit b GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as in these cases we require the data to process the contract and we cannot send the order without their specification. You can see which data is collected from the respective input forms.
You will find further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and shipping processing, in the following sections of this privacy policy. Upon fulfilment of the contract, any further processing of your data will be restricted, and your data will be deleted upon expiry of the retention period applicable under relevant regulations according to Art. 6 (1) 1 lit c GDPR, unless you expressly consent to the further use of your data according to Art. 6 (1) 1 lit a GDPR, or we reserve the right to further use your personal data in the scope and manner permitted by law, of which we inform you in this declaration.
2.2 Customer account
Insofar as you have given your consent to this in accordance with Art. 6 (1) 1 lit a GDPR by deciding to open a customer account, we will use your data for the purpose of opening the customer account as well as for storing your data for further future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you have explicitly consented to further use of your data in accordance with Art. 6 (1) 1 lit a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
2.3 Getting in contact
Within the scope of customer communication, we collect personal data in order to process your enquiries in accordance with Art. 6 (1) 1 lit b GDPR if you voluntarily provide us with this data when contacting us (e.g., via contact form, live chat tool or email). Mandatory fields are marked as such because in these cases we require the data to process your enquiry. The data collected can be seen from the respective input forms. After your enquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 (1) 1 lit a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
3. Data processing for shipping purposes
We disclose your data to the shipping company in the scope required for the delivery of the ordered goods according to Art. 6 (1) 1 lit b GDPR.
Disclosure of data to a shipping provider for the purpose of dispatch notification
If, when or after placing your order, you have given your express consent to us doing so, we disclose your email address to the selected shipping provider based on that consent according to Art. 6 (1) 1 lit a GDPR, in order to enable the shipping provider to contact you to advise you of the delivery or agree with you the delivery details. You may revoke your consent at any time by sending a message to the contact option specified in this data privacy statement or by directly notifying the shipping provider at the contact address specified below. After you revoke your consent, we will delete the data disclosed for this purpose, unless you expressly consent to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by the law, of which we inform you in this declaration.
DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany
4. Data processing for payment handling
We work with these partners to process payments in our online shop: technical service providers, credit institutions, payment service providers.
4.1 Data processing for payment handling
Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who work for us as part of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves the fulfillment of the contract according to Art. 6 (1) 1 lit b GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies. If you have any questions about our payment processing partners and the basis of our cooperation with them, please use the contact option described in this privacy policy.
4.2 Data processing for the purpose of fraud prevention and optimization of our payment processes
Where appropriate, we may grant our service providers additional information which they use, together with the information necessary to process the payment, for the purposes of fraud prevention and to optimise our payment processes (e.g. invoicing, processing of contested payments, assistance with accounting). Pursuant to Art. 6 (1) 1 lit f GDPR, this serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh those of the data subject in the context of a balancing of interests.
5. Advertising by email, post
5.1 Email newsletter with registration
If you subscribe to our newsletter, we will regularly send you our email newsletter based on your consent according to Art. 6 (1) 1 lit a GDPR, using the data required or disclosed by you separately for this purpose. You may unsubscribe from the newsletter service at any time. For this purpose you can either send a message to the contact option specified below or use the opt-out link in the newsletter. Upon unsubscription, we will delete your email address unless you have expressly consented to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by the law, of which we inform you in this declaration.
5.2 Postal advertising and your right to opt out
Unless you have not opted-out, we reserve the right to use your first and last name and your postal address for our advertising purposes, e.g. for sending interesting offers and information about our products by post. This serves the protection of our legitimate interests in promoting and advertising our products to customers that are outweighing those of the data subject in the process of weighing of interests according to Art. 6 (1) 1 lit f GDPR. You can opt out of the storage and use of your data for these purposes at any time by sending a message to the contact option specified below.
The advertisements are sent to you by our service provider who processes data on our behalf and to whom we disclose your data for this purpose.
6. Cookies and other technologies
General information
In order to make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. A cookie is a small text file which is stored automatically on your end device. Some of the cookies we use are deleted after you close the browser session, i.e. when you close the browser (so-called session cookies). Other cookies are stored on your end-user device and enable us to recognise your browser when you visit us again (persistent cookies).
We use such technologies that are mandatory for the use of certain functions of our website (e.g. shopping cart function). These technologies are used to collect and process IP addresses, time of visit, device and browser information as well as information on your use of our website (e.g. information on the contents of the shopping basket). In the context of weighing of interests, this serves legitimate interests in an optimised presentation of our offer, which outweigh those of the data subject in accordance with Art. 6 (1) 1 lit f GDPR.
In addition, we use technologies to fulfil the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.
The cookie settings for your browser can be found under the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
Insofar as you have consented to the use of the technologies in accordance with Art. 6 (1) 1 lit a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the data privacy statement.
7. Use of cookies and other technologies for web analysis and advertising purposes
Insofar as you have given your consent in accordance with Art. 6 (1) 1 lit a GDPR, we use the following cookies and other third-party technologies on our website. The data collected in this context will be deleted after the discontinuation of the purpose and the end of our use of the respective technology. You can revoke your consent at any time with effect for the future. You will find further information on your revocation options in the section "Cookies and other technologies". Further information including the basis of our cooperation with the individual providers can be found under the individual technologies. If you have any questions about the providers and the basis of our cooperation with them, please use the contact option described in this data privacy statement.
7.1 Use of Google-Services
We use the following technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google technologies about your use of our website is generally transferred to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and stored there. There is no adequacy finding by the European Commission for the USA. Our co-operation is based on standard data protection clauses of the European Commission. If your IP address is collected using Google technologies, it will be shortened by activating IP anonymisation before being stored on Google's servers. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information on data processing by Google can be found in the Google data protection information.
Google Analytics
For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information as well as information on your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address will not be combined with other data from Google. Data processing is based on an agreement on order processing by Google.
Google Ads
For advertising purposes in the Google search results and on the websites of third parties, the so-called Google Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information as well as information on your use of our website) and by means of a pseudonymous cookie ID and on the basis of the pages you visit. Any further data processing will only take place if you have activated the setting "personalised advertising" in your Google account. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.
For website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent usage behaviour when you have reached our website via a Google Ads advertisement. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information on your use of our website based on events specified by us, such as a visit to a website or newsletter registration) may be collected, from which usage profiles are created using pseudonyms.
Google Maps
For the visual representation of geographical information, Google Maps collects data on your use of the Maps functions, in particular the IP address and location data, and transmits this data to Google and then processes it by Google. We have no influence on this subsequent data processing.
Google reCAPTCHA
For the purpose of protection against misuse of our web forms and against spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information and information on your use of our website) and uses a so-called JavaScript and cookies to analyse your use of our website. In addition, other cookies stored in your browser by Google services are evaluated. No personal data is read out or saved from the input fields of the respective form.
Google Fonts
For the uniform presentation of the contents on our website, data (IP address, time of visit, device and browser information) are collected by the script code "Google Fonts", transmitted to Google and then processed by Google. We have no influence on this subsequent data processing.
YouTube Video Plugin
In order to integrate third party content, data (IP address, time of visit, device and browser information) is collected via the YouTube Video Plugin in the extended data protection mode used by us, transmitted to Google and then processed by Google only when you play a video.
7.2 Use of Facebook services for web analysis and advertising purposes
Use of Facebook Pixel
We use the Facebook Pixel as part of the technologies of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") described below. The Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information, as well as information about your use of our website based on events specified by us, such as a visit to a website or newsletter registration), from which usage profiles are created using pseudonyms. In addition, as part of the so-called extended data matching, information is collected and stored hashed for matching purposes, with which individuals can be identified (e.g. names, email addresses and telephone numbers). For this purpose, when you visit our website, a cookie is automatically set by the Facebook Pixel, which automatically enables recognition of your browser when you visit other websites by means of a pseudonymous CookieID. Facebook will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website use, in particular personalized and group-based advertising.
The information automatically collected by Facebook technologies about your use of our website is generally transmitted to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision of the European Commission for the USA. Insofar as the transfer of data to the USA falls within our responsibility, our cooperation is based on standard data protection clauses of the European Commission. For further information on data processing by Facebook, please refer to Facebook's privacy policy..
Facebook Analytics
Facebook Ads
As part of Facebook Analytics, statistics on visitor activity on our website are created from the data collected with the Facebook Pixel about your use of our website. The data processing takes place on the basis of an order processing agreement by Facebook. Their analysis serves the optimal presentation and marketing of our website.
Through Facebook Ads, we advertise this website on Facebook as well as on other platforms. We determine the parameters of the respective advertising campaign. Facebook is responsible for the exact implementation, in particular the decision on the placement of the ads with individual users. Unless otherwise specified for the individual technologies, the data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. The joint responsibility is limited to the collection of the data and its transmission to Facebook Ireland. The subsequent data processing by Facebook Ireland is not covered by this.
Based on the statistics about visitor activity on our website generated via Facebook Pixel, we operate group-based advertising on Facebook via Facebook Custom Audience by determining the characteristics of the respective target group. In the context of the extended data matching that takes place to determine the respective target group (see above), Facebook acts as our processor.
Based on the pseudonymous cookie ID set by the Facebook Pixel and the data collected about your usage behavior on our website, we conduct personalized advertising via Facebook Pixel Remarketing.
Via Facebook Pixel Conversions, we measure for web analytics and event tracking your subsequent usage behavior when you have reached our website via an ad from Facebook Ads. The data processing takes place on the basis of an order processing agreement by Facebook.
8. Integration of the Trusted Shops Trustbadge
We have integrated the Trusted Shops Trustbadge on this website in order to display our Trusted Shops Trustmark and offer the Trusted Shops products to customers after placing an order.
This serves the protection of our legitimate interests in the optimal marketing of our offer by facilitating safe shopping according to Art. 6 (1) 1 lit f GDPR that outweigh in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. The trust badge is made available by a CDN (Content Delivery Network) provider within the scope of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is guaranteed. Further information on data protection at Trusted Shops GmbH can be found here.
When the Trustbadge is retrieved, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the retrieval, the amount of data transferred and the requesting provider (access data) and documents the retrieval. Certain access data is stored in a security database for the purpose of analyzing security anomalies. The log files are automatically deleted no later than 90 days after creation.
Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies. The contractual agreement made between you and Trusted Shops applies. For this purpose, an automatic collection of personal data from the order data takes place. Whether you are already registered as a buyer for a product use is automatically checked by means of a neutral parameter, the email address hashed by cryptological one-way function. The email address is converted before transmission into this hash value, which cannot be decrypted by Trusted Shops. After checking for a match, the parameter is automatically deleted.
This is necessary for the fulfilment of our and Trusted Shops' predominant legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services in accordance with Art. 6 (1) 1 lit f GDPR. Further details, also on the objection, can be found in the Trusted Shops data protection declaration linked above and in the trust badge.
9. Social Media
Our online presence on Facebook, Twitter, Instagram, Youtube
Insofar as you have given your consent to the respective social media operator in accordance with Art. 6 (1) 1 lit a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media mentioned above, from which user profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. As a rule, cookies are used for this purpose. For detailed information on the processing and use of data by the respective social media operator as well as a contact option and your rights and settings options for the protection of your privacy, please refer to the data protection information of the providers linked below. Should you nevertheless require assistance in this regard, please contact us.
Facebook is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland") The information automatically collected by Facebook Ireland about your use of our online presence on Facebook is usually transferred to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy finding for the USA by the European Commission. Our co-operation is based on standard data protection clauses of the European Commission. Data processing in the context of a visit to a Facebook fan page is based on an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.
Twitter is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). The information automatically collected by Twitter about your use of our online presence on Twitter is generally transmitted to and stored on a server of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. There is no adequacy finding for the US by the European Commission. Our co-operation is based on standard data protection clauses of the European Commission.
Instagram is a service of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland") The information automatically collected by Facebook Ireland about your use of our online presence on Instagram is generally transmitted to and stored on a server of Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025, USA. There is no adequacy finding for the US by the European Commission. Our co-operation is based on standard data protection clauses of the European Commission. Data processing in the context of visiting an Instagram Fanpage is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.
YouTube is a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is generally transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy finding for the USA by the European Commission. Our co-operation is based on standard data protection clauses of the European Commission.
10. Contact possibilities and your rights
10.1 Your rights
As a person affected, you have the following rights:
- in accordance with Art. 15 GDPR, the right to request information about your personal data processed by us to the extent described therein;
- in accordance with Art. 16 GDPR, the right to demand the immediate correction of incorrect or incomplete personal data stored by us;
- in accordance with Art. 17 GDPR, the right to demand the deletion of your personal data stored by us, unless further processing of the data is required in these cases;
- on the exercise of the right to freedom of expression and information;
- to fulfil a legal obligation;
- for reasons of public interest; or
- to assert, exercise or defend legal claims;
- in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as
- the correctness of the data is disputed by you;
- the processing is unlawful, but you object to its deletion;
- we no longer need the data, but you need it to assert, exercise or defend legal claims; or
- you have lodged an objection to the processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party;
- pursuant to Art. 77 GDPR the right to complain to a supervisory authority. As a rule, you may contact the supervisory authority at your usual place of residence or workplace or at our registered office for this purpose.
Right to object If we process personal data as described above to protect our legitimate interests which outweigh in the process of weighing of interests, you may object to such data processing with future effect. If your data are processed for direct marketing purposes, you may exercise this right at any time as described above. If your data are processed for other purposes, you have the right to object only on grounds relating to your particular situation. After you have exercised your right to object, we will no longer process your personal data for such purposes unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. This does not apply to the processing of personal data for direct marketing purposes. In such a case we will no longer process your personal data for such purposes. |
10.2 Contact possibilities
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consents granted or objection to a specific use of data, please contact us directly via the contact details in our imprint.