- The name and contact details of the data controller and of the data protection officer
- 3. Purposes of processing data, legal bases and legitimate interests pursued by GARPA or a third party and categories of recipients
- Recipients outside the EU
- Your rights
- Data security measures
The manner in which data is processed by GARPA can essentially be divided into three categories:
- All data necessary for performing a contract with GARPA are processed for this specific purpose. If external service providers are also involved in the processing of the contract, e.g. logistics companies or credit agencies, your data will be passed on to them to the extent necessary in each case.
- We use the data collected from you within the framework of processing the contract not only for this specific purpose but also to inform you from time to time about new offers and campaigns.
- When you access the GARPA website, various information is exchanged between your device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our website or to display advertising in your browser’s device.
2. The name and contact details of the data controller and of the data protection officer
3. Purposes of processing data, legal bases and legitimate interests pursued by GARPA or a third party and categories of recipients
3.1. Accessing our site
When you access our website, the browser used on your device automatically sends information to the server of our website and temporarily saves it in a log file, over which we have no influence. The following information will be collected without your intervention and stored until automatically deleted:
- the IP address of the Internet-enabled device making the requesting,
- the date and time of the access,
- the name and URL of the file accessed,
- the website from which access was made (referrer URL),
- the browser you are using and, if applicable, the operating system of your Internet-capable computer as well as the name of your access provider.
The legal basis for processing the IP address is Art. 6 (1) point f) GDPR. Our legitimate interest arises from the purposes of data collection listed below. We wish to point out that we are not able to draw any direct conclusions about your identity from the data collected, nor can any be drawn through us.
The IP address of your device and the other data listed above are used by us for the following purposes:
- to ensure a smooth connection setup,
- to ensure smooth use of our website, and
- to evaluate system security and stability.
If you accept geolocalization in your browser or operating system or other settings of your device, we use this function in order to be able to offer you individual services related to your current location. We process your location data in this way exclusively for this function. The data will be deleted once the use has ended.
3.2. Conclusion, Performance or Termination of a Contract
3.2.1. Processing data upon the conclusion of a contract
The scope of GARPA’s business is the distance selling of goods and services, retail trade within the framework of permits issued by the relevant authorities, and the serial production of goods to be offered. In this context, we process the data required for the conclusion, performance or termination of a contract with you. This includes:
- Salutation, Title, First Name, Surname
- Invoice and Delivery Address
- Email Address
- Billing and Payment Information
- Date of Birth
- Telephone Number
Art. 6 (1) point b) of the GDPR serve as the legal basis, i.e. you provide us with the data on the basis of the contractual relationship between you and us. In order to process your email address for online orders, we are also obliged to electronically confirm receipt of your order due to a provision in the German Civil Code (BGB). Art. 6 (1) point c) of the GDPR serve as the legal basis. We store the data collected for performing the contract at least until the expiry of the statutory or possible contractual warranty and guarantee rights, provided we do not use your contact data for advertising purposes (see 3.3. below).
The following data processing operations are also required to process the purchase agreement:
We pass on your delivery address details to a logistics company commissioned by us to process the purchase agreement. Should you provide your consent, we will forward your email address and telephone number to the logistics company commissioned by us in order to ensure that the goods are delivered according to your wishes. The logistics company will contact you prior to delivery to provide you with the time of delivery or to discuss delivery details with you. The data will be transmitted exclusively for this purpose and deleted after delivery.
3.2.2. Identity, Creditworthiness and Information to Credit Agencies
If necessary, we may verify your identity by consulting information from service providers. Art. 6 (1) points b) and f) of the GDPR serve as the legal basis. Authorisation to do so arises from ensuring the protection of your identity and the avoidance of fraud attempts at our expense. The circumstance and the result of our enquiry will be added to your customer account or your guest account for the duration of the contractual relationship.
During the ordering process, we also check your credit rating, provided that you select the payment method ‘on account’. For this purpose, we pass on the following types of data to credit agencies cooperating with us: name, address, date of birth. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required under this provision arises from our interest in minimising the credit risk associated with these types of payments. The circumstance and the result of our enquiry will be added to your customer account for the duration of the contractual relationship.
If you have already made a purchase with us, your data stored by us about you can be supplemented by score values. Scoring is the process of making a forecast of future events based on information collected and past experiences. Such processing is based on Art. 6 (1) point f) of the GDPR. The preparation of such forecasts is to be regarded as a legitimate interest within the meaning of the aforementioned provision. Based on the data stored about your, you will be assigned to statistical groups of people with similar entries in the past. The underlying method used is a well-founded mathematical-statistical method for predicting risk probabilities that has long been tried and tested in practice.
In the event of a delay in payment, we reserve the right to pass on the necessary data to a company commissioned with asserting the claim if other legal requirements have been met. Art. 6 (1) point. b) and Art. 6 (1) point f) of the GDPR serve as the legal basis. The assertion of a contractual claim shall be regarded as a legitimate interest within the meaning of the second provision. Information about the delay in payment or a possible bad debt loss will also be forwarded to credit agencies cooperating with us if other legal requirements have been met. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required here arises from our interest and that of third parties in reducing contractual risks for future contracts.
3.3. Processing Data for Advertising Purposes
The following explanations refer to the processing of personal data for advertising purposes. The DSGVO declares such processing of data based on Art. 6 (1) point f) of the GDPR to be generally conceivable and a legitimate interest. The duration of data storage for advertising purposes does not follow rigid principles and is based on the question of whether storage is necessary for advertising purposes. Please refer to Section 3.3.3 for the procedure to be followed should you wish to assert your right to object.
3.3.1. Advertising Purposes of GARPA and Third Parties
If you have concluded a contract with us, we will store you as a customer in our system. In this case, we process your postal contact details beyond a concrete consent, in order to send you information about products and services in this way. We process your email address, provided we have received it from you, in order to send you information about our own, similar products beyond a concrete consent.
3.3.2. Interest-Oriented Advertising
To ensure that you only receive advertising information that is of supposed interest to you, we categorise and supplement your customer profile with further information. Both statistical information and information about you (e.g. basic details from your customer profile) are used for this purpose. The aim is to provide you with advertising that is solely oriented to your actual or supposed needs and not to trouble you with useless advertising.
3.3.3. Right to object
You can object to your data being processed for the above-mentioned purposes at any time free of charge, separately for the respective communication channel, and with effect for the future. To do so, simply send an email or a letter by post to the contact details listed under Section 2.
If you object to your data being processed, the contact address concerned will be blocked for further processing for advertising purposes. We wish to point out that advertising material may still be sent temporarily in exceptional cases even after receipt of your objection. This is technically due to the necessary lead time of advertisements and does not mean that your right to object has not been considered. We ask for your understanding.
3.3.4. Information on the Newsletter
We offer you the possibility to subscribe to our newsletter via our website. In order to make sure that no errors were made when entering the email address, we use the double opt-in process. This means that we will send you a confirmation link after you have entered your email address in the registration field. Your email address will be added to our mailing list only after you click on this confirmation link. Your electronic contact details will be processed solely on the basis of your consent pursuant to Art. 6 (1) point a) of the GDPR. You may revoke your consent at any time with effect for the future.. To do so, simply send an email to the email address provided under Section 2 or click on the “Unsubscribe” button at the end of each newsletter.
3.4. Online Presence and Website Optimisation
3.4.1. Cookies – General Information
econda GmbH uses solutions and technologies to collect and store anonymised data and to create user profiles from this data using pseudonyms in order to design and optimise this website according to your needs. For this purpose, cookies can be used which enable recognition of an Internet browser. However, user profiles are not merged with data about the bearer of the pseudonym without the express consent of the visitor. In particular, IP addresses are made unrecognisable immediately after receipt, so that it is not possible to assign user profiles to IP addresses. The analysis of user behaviour is based on Art. 6 (1) point f) of the GDPR. The website operator has a justified interest in the anonymous analysis of user behaviour in order to optimise both their website and advertising. Visitors to this website can object to this collection and storage of data at any time for the future. The objection only applies to the device and the web browser on which it was set, please repeat the process on all devices as needed. If you delete the opt-out cookie, requests will be sent to econda again. Disable Econda tracking.
3.4.3. Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”), to provide need-based design and continuous optimisation of our pages in accordance with Art. 6 (1) point f) of the GDPR. In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this site such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and Internet use for market research purposes and to design these Internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that it is not possible to associate them with a user (IP masking).
3.4.4. Facebook Custom Audience via the Pixel Method
We use “Facebook pixels” on our website, a service provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”).
If you have a Facebook user account and are registered, Facebook can associate the visit to your user account. The data collected about you is anonymous to us and does not give us any information about the identity of the user. However, Facebook may associate this data with your Facebook account. We have no control over the extent and further use of data collected by Facebook through the use of Facebook pixels. Even if you are not registered with Facebook or have not logged in, Facebook may collect and store your IP address and other identifying information.
The targeting measures listed below and implemented by us are carried out on the basis of Art. 6 (1) point f) of the GDPR. We want to ensure that you only see advertising on your end devices that is oriented towards your actual or supposed interests through the targeting measures used. It is both in your and our interest to not bother you with uninteresting advertisements.
We also use re-targeting technologies from Google. This enables us to make our online offer more interesting and tailored to your needs. For this purpose, a cookie is set with which data from interested customers is collected using pseudonyms. This information is used to display interest-related advertisements about our offers on the websites of our partners. No directly personal data will be stored and no user profiles will be merged with personal data on you. The cookie is stored for a period of 2 years and then automatically deleted.
220.127.116.11. Right to object/opt-out
In addition to the deactivation methods described above, you can also generally prevent the targeting technologies described above by setting the appropriate cookie in your browser (see also 3.4.1.). In addition, you can deactivate preference-based advertising with the help of the preference manager by accessing it here.
3.4.6. Social Media Plug-Ins
We use social plug-ins from the social networks Facebook, Instagram and YouTube on our website on the basis of Art. 6 (1) point f) of the GDPR in order to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for operation that is compliant with data protection regulations is to be guaranteed by their respective providers. These plug-ins are integrated by the two-click method in order to protect visitors to our website in the best possible way.
We use plug-ins from the social network Facebook on our website, which are offered by Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or contain “Like” or “Share”. An overview of the Facebook plug-ins and their appearance can be found by clicking the following link.
When you activate such a plug-in (first click), your browser establishes a direct connection to Facebook’s servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the page. This integration provides Facebook with the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA where it is stored. If you are logged in to Facebook, Facebook can immediately associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to a Facebook server where it is stored. The information will also be published to your Facebook account and displayed to your Facebook friends.
If you do not want Facebook to associate the data collected about your visit to our site directly with your Facebook account, you must log out of Facebook before visiting our site.
Our website also uses social network plug-ins from Instagram. The Instagram service is a Facebook product provided by Facebook Inc. The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.
When you activate the plug-in (first click), your browser establishes a direct connection to Instagram’s servers. The content of the plug-in is transmitted directly from Instagram to your browser and integrated into the page. This integration provides Instagram with the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram account or are not logged in to Instagram.
This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA where it is stored. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to an Instagram server where it is stored. The information will also be published to your Instagram account and displayed to your Instagram contacts.
Our website uses plug-ins from YouTube which is operated by Google. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA is the site operator.
We operate a Facebook fan page to draw attention to our products and to get in touch with you as a visitor and user of this Facebook page and our web pages.
As the operator of the Facebook fan page, we have no interest in collecting and further processing your individual personal data for analysis or marketing purposes.
The operation of this Facebook fan page, including processing of personal user data is based on our legitimate interest to provide a modern and supporting opportunity for information and interaction for and with our users and visitors in accordance with Art. 6 (1) point f) of the GGDPR.
We are aware that Facebook processes user data for the following purposes:
- Advertising (analysis, creation of personalised advertising)
- Creating user profiles
- Market research.
Facebook Inc., the US parent company of Facebook Ireland Ltd. is certified under the EU–US Privacy Shield and thus promises to comply with European privacy laws.
As the operator of this site, we cannot exclude that personal data of users will be transferred and further processed in third countries, such as the USA, nor can we exclude any associated potential risks for users.
The “Insights” on the Facebook fan page provide us with statistical data from various categories. These statistics are generated and provided by Facebook. As the operator of this site, we have no influence on the generation and display of this information. We cannot turn off this function or prevent data from being generated or processed. For a selectable period of time and for the categories fans, subscribers, persons reached and interacting persons, the following data is provided to us by Facebook in relation to our Facebook fan page:
total number of page views, “Like” information, page activities, post interactions, reach, video views, post reach, comments, shared content, responses, proportion of men and women, country and city origin, language, shop views and clicks, route planner clicks, phone number clicks.
As only Facebook has full access to user data, we recommend that you contact Facebook directly if you wish to request information or ask other questions about your rights as a user (e.g. right to erasure). If you need assistance or have any other questions, please do not hesitate to contact us by email. If you no longer wish to have the data processed described here, please cancel the connection of your user account to our site by using the “I don't like this page any more” feature.
We offer visitors to our websites the opportunity to contact us via a contact form or by email. We use the information you provide via the contact form or by email (required information is marked with an asterisk) exclusively for the purpose of processing your request. This is done on the basis of Art. 6 (1) point f) of the GDPR. Proper handling of your concerns is to be regarded as a legitimate interest within the meaning of the GDPR. If you contact us in connection with a contractual relationship between you and us, Art. 6 (1) point b) of the GDPR, i.e. this contractual relationship, is also the legal basis for processing data. The data provided will be deleted immediately after use, unless there is a legal retention period. Your data will not be uses for another purpose or transferred to third parties unless you have consented to this.
3.6. Access to the GARPA image archive/image database
We use the double opt-in procedure to register to our database. This means that after you register, we will send you an email to the specified email address in which we ask you to confirm that you wish to have your data entered into the database. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any potential misuse of your personal data.
The functions of the database can be described as follows:
For press contacts: Providing free image and text files for editorial purposes only.
For architects & interior designers: Providing free technical drawings, image and text files for personal, educational and informative purposes, for preparing quotations/cost estimates to end customers in connection with the sale of GARPA products via the company itself and for use in training courses or seminars.
3.7. Furnishing Planner
The Furnishing Planner on this website uses HTML5 storage objects that are stored on your mobile device. These objects store the required data (current plans, saved plans) independently of your browser and do not have an automatic expiry date. No personal data is stored by the Furnishing Planner. You can prevent the use of HTML5 storage objects by using private mode in your browser.
4. Recipients outside the EU
With the exception of the processing operations described under 3.4.3. and 3.4.6., we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing operations mentioned under 3.4.3. and 3.4.6. cause data to be transmitted to the servers of the tracking and targeting technology providers commissioned by us. These servers are located in the USA. Data is transferred according to the requirements of the Privacy Shield as well as on the basis of standard contract clauses of the EU Commission.
5. Your Rights
In addition to the right to revoke your consent given to us, you are entitled to the following further rights if the respective legal requirements are met:
- Right of access to your personal data stored by us in accordance with Art. 15 of the GDPR; in particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it has been collected directly from you;
- Right to rectification of inaccurate or incomplete personal data in accordance with Art. 16 of the GDPR;
- Right to erasure of your data stored by us in accordance with Art. 17 of the GDPR insofar as no legal or contractual retention periods or other legal obligations or rights for further storage are to be observed;
- Right to restriction of processing your data in accordance with Art. 18 of the GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it; the data subject no longer needs the data but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 of the GDPR;
- Right to data portability in accordance with Art. 20 of the GDPR, i.e. the right to receive selected data stored about you by us in a common, machine-readable format, or to request the transmission of those data to another controller;
- Right of appeal to a supervisory authority You can generally contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.
5.2. Right to object
Under the conditions of Art. 21 (1) of the GDPR, data processing may be objected to for reasons arising from the particular situation of the data subject.
The above general right to object applies to all processing purposes described in this data protection information which are processed on the basis of Art. 6 (1) point f) of the GDPR. In contrast to the special right to object directed to data processing for advertising purposes (see above under 3.3.3.), the GDPR requires us to implement such a general objection only if you provide us with reasons of overriding importance (e.g. a possible danger to life or health In addition, it is possible to contact a supervisory authority or a competent body if you have a reason for complaint.
6. Data Security Measures
All data transmitted by you personally will be transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard, which is also used, e.g. for online banking. You can recognise a secure SSL connection among other things by the added s on the http (https://...) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Furthermore, we strive to continuously improve our security measures in line with technological developments.
Status as of: 27.09.2018