We process personal data (hereinafter called “data”) of the User only to the extent that is necessary to provide a functional, user-friendly website, as well as our content and services.
The term “processing” refers to the collection, use, transfer and/or storage of data. According to the General Data Protection Regulation (hereinafter “GDPR”), “personal data” refers to all data with which a natural person can be identified. The exact definitions of the terms are defined in Art. 4 of the GDPR.
The following information informs you in particular about the nature, scope, purpose, duration and legal basis of the processing of personal data, regarding which we alone, or together with others, decide on the purposes and means of the processing, as well as about the components of third parties, who process data on their own responsibility, that we likewise use for optimisation and quality of use:
1. A) Information on the Data Controller
2. B) Rights of the User
3. C) Information on the data processing
A) Information on the Data Controller
The Data Controller (hereinafter referred to as the “Provider”) within the meaning of the GDPR and other national data protection laws of the member states, as well as other data protection regulations, is:
mb-Vermarktung Martin Bauer
74523 Schwäbisch Hall
Tel.: +49 791 202139–0
Fax: +49 791 202139–20
External Data Protection Officer
c/o mb-Vermarktung Martin Bauer
B) Rights of the User
In relation to the processing of their personal data described below by the Provider, the User has the right:
* to request confirmation as to whether the data concerning them are being processed and to obtain precise information about the said data, as well as further information and copies of the data in accordance with Art. 15 GDPR;
* to request the immediate rectification of incorrect data concerning them or the completion of that data, in accordance with Art. 16 GDPR;
* to request that the data concerning them be immediately erased in accordance with Art. 17 GDPR, or alternatively, if for example further processing is necessary, in accordance with Art. 17 (3) GDPR, to request a restriction of the data processing, in accordance with Art. 18 GDPR;
* to request to receive the data concerning them and provided by them in accordance with Art. 20 GDPR, and to request that the data be transferred to other data controllers;
* to submit a complaint to the Supervisory Authority in accordance with Art. 77 GDPR if the User believes that the processing of their data by the Provider violates the GDPR.
* In principle, the User may, in accordance with Art. 21 GDPR, object at any time to the future processing of the data concerning them, which is carried out by a data controller on the basis of Art. 6 (1) (f) GDPR. The said objection may, in particular, be filed against the processing of the data for direct marketing purposes.
* The Provider is also obliged to notify all recipients of the data to whom the data has been disclosed by the Provider, of any rectification or erasure of the personal data or restriction of processing that is carried out on the basis of Art. 16 GDPR, Art. 17 (1) GDPR and Art. 18 GDPR. The said obligation shall not apply in the event that the said notification proves to be impossible or involves a disproportionate effort. The User has the right to receive information regarding the said recipients of the data.
C) Information on data processing
If no detailed information on the individual data processing is subsequently provided, the User's data processed by the Provider shall be erased or blocked as soon as the purpose of storage ceases to apply and provided the erasure does not conflict with any statutory retention obligations.
For communication and security reasons, the following data (among other things), which the User's internet browser transmits to the Provider or to its web space provider, will be collected during the User’s visit to the website (so-called “server log files”):
- Browser type and version
- Operating system used
- Website from which the User has accessed the website of the Provider (referrer URL)
- Website visited by the User
- Date and time of access
- Internet protocol (IP) address of the User
The data will also be stored temporarily. This data will not be stored together with other personal data of the User. The legal basis for the said temporary storage is Art. 6 (1)(f) GDPR, based on the Provider’s legitimate interest in improving the stability, functionality and security of the website.
After seven days at the latest, the data will be erased. Any data whose further retention is required for evidentiary purposes will be excluded from erasure until the final clarification of the respective incident.
Cookies are small text files or other storage technologies that the internet browser used by the User deposits and stores on the terminal device. These cookies process certain information of the User, such as browser and location data and IP address values, on an individual basis.
- a) Data processing
The personal data provided by the User for the purpose of purchasing goods or services will be processed by the Provider for the purpose of contract implementation. Entry of the data is necessary for the conclusion of the contract; without the provision of the data, the conclusion of the contract is not possible. The legal basis for the processing is Art. 6 (1)(b) GDPR. After the full implementation of the contract, the User's data will be erased, taking into account tax and commercial retention periods.
- B) Data transfer
As part of the process of implementing the contract, the User's personal data will be transferred to a service provider used to process the purchase of the goods or services, to the transport company commissioned with the delivery or to the financial service provider, insofar as this is necessary for the processing, delivery or payment of the goods.
The legal basis for the transfer of data is thereby Art. 6 (1)(b) GDPR.
Should the User contact the Provider, the User's personal data entered on this occasion will be used to process their enquiry. The entry of the data is required to answer the enquiry; without the provision of the data, it is not possible to answer the enquiry, or only to a limited extent.
Should the contact enquiry be for the purpose of fulfilling a contract or implementing pre-contractual measures, the legal basis is Art. 6 (1)(b) GDPR.
The User's data shall be erased if the User's enquiry has been conclusively answered and there are no legal data retention obligations such as exist, for example, in the case of a subsequent implementation of a contract.
The legal basis may also be the User's consent, in accordance with Art. 6 (1)(a) GDPR.
The User may at any time withdraw the consent they have granted for the contact enquiry by notifying the Provider thereof in accordance with Art. 7 (3) GDPR at any time. The data processed in connection with the contact enquiry will be erased as soon as their processing is no longer necessary.
In order to display the font on the Website, the Provider uses external fonts in the form of “Google Fonts”, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter called “Google”.
Google is certified in accordance with the “EU-US Privacy Shield” and thus guarantees compliance with EU data protection regulations when processing the data in the USA.
When the Provider’s website is accessed, a connection to the Google server in the USA is established to enable the display of the font or to update it.
The legal basis is Art. 6 (1)(f) GDPR. The Provider’s legitimate interest lies in the optimisation and commercial operation of the website.
Due to the connection, Google can tell from which website an enquiry is sent and to which IP address the display of the font is transmitted.
Google offers further information, particularly on the options of preventing the use of data, under the following links:
The Provider uses the BootstrapCDN (Content Delivery Network) service, via StackPath, LLC, 2021 McKinney Ave, Suite 1100, Dallas, TX 75201, USA, for the speed, design and presentation of the offered content on different terminal devices.
In order to deliver the content with appropriate speed, the service uses so-called “libraries” (collections of technical instructions) to deliver the content to your browser as quickly as possible. To do this, relevant files are downloaded from the BootstrapCDN server. This causes StackPath to record your IP address.
For further information on StackPath’s data protection policy, visit: https://www.stackpath.com/legal/master-service-agreement/#privacy
The legal basis here is Art. 6 (1)(f) GDPR. The Provider’s legitimate interest lies in the improvement of the usage quality and loading speed of the website.
StackPath is certified in accordance with the “EU-US Privacy Shield”, thus guaranteeing compliance with EU data protection regulations when processing the data in the USA.
In order to prevent the execution of the Java Script Code as a whole, the User can install a Java Script Blocker (e.g. www.noscript.net or www.ghostery.com). Should the User prevent or restrict the execution of the Java Script Code, this may result in their not being able to use all the functions of the website to the full.