Data protection

As of 25 May 2018, the requirements of the EU General Data Protection Regulation (GDPR) apply throughout Europe. This policy describes how Garpa Garten & Park Einrichtungen GmbH (GARPA) collect and use your personal data during your use of the website in accordance with the new regulation (see Article 13 GDPR). Please read our information on data protection very carefully. Should you have any questions or comments about this privacy policy, you can always send them to the email address provided in section 2.

Content

  1. Overview
  2. The name and contact details of the data controller and of the data protection officer
  3. Purposes of processing data, legal bases and legitimate interests pursued by GARPA or a third party and categories of recipients
    1. 3.1. Accessing our site
    2. 3.2. Conclusion, performance or termination of a contract
    3. 3.3. Processing data for advertising purposes
    4. 3.4. Online presence and website optimisation
    5. 3.5. Contact
    6. 3.6. Access to the GARPA image archive/image database
    7. 3.7. Furnishing Planner
  4. Online social media presence
  5. Your rights
  6. Data security measures
  7. Changes to the Privacy Policy

1. Overview

This Privacy Policy informs you about the type and scope of personal data processed by GARPA. Personal data is information that is or can be directly or indirectly assigned to your person.

The manner in which data is processed by GARPA can essentially be divided into three categories:

  • All data necessary for performing a contract with GARPA are processed for this specific purpose. If external service providers are also involved in the processing of the contract, e.g. logistics companies or credit agencies, your data will be passed on to them to the extent necessary in each case.
  • We use the data collected from you within the framework of processing the contract not only for this specific purpose but also to inform you from time to time about new offers and campaigns.
  • When you access the GARPA website, various information is exchanged between your device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our website or to display advertising in your browser’s device.

In accordance with the provisions of the GDPR, you have different rights which you can assert against us. This includes, among other things, the right to object to selected data being processing, in particular data processed for advertising purposes. The right to object to processing is highlighted typographically. Should you have any questions regarding our Privacy Policy, please feel free to contact our data protection officer at any time. You will find the contact details below.

2. The name and contact details of the data controller and of the data protection officer

This Privacy Policy applies to data processed by Garpa Garten & Park Einrichtungen GmbH, Kiehnwiese 1, 21039 Escheburg near Hamburg, Germany (“Controller”) and by the website www.garpa.com. The Data Protection Officer of Garpa Garten & Park Einrichtungen GmbH can be contacted at the above address, the Data Protection Department or at data-protection@garpa.com.

3. Purposes of processing data, legal bases and legitimate interests pursued by GARPA or a third party and categories of recipients

3.1. Accessing our site

When you access our website, the browser used on your device automatically sends information to the server of our website and temporarily saves it in a log file, over which we have no influence. The following information will be collected without your intervention and stored until automatically deleted:

  • the IP address of the Internet-enabled device making the requesting,
  • the date and time of the access,
  • the name and URL of the file accessed,
  • the website from which access was made (referrer URL),
  • the browser you are using and, if applicable, the operating system of your Internet-capable computer as well as the name of your access provider.

The legal basis for processing the IP address is Art. 6 (1) point f) GDPR. Our legitimate interest arises from the purposes of data collection listed below. We wish to point out that we are not able to draw any direct conclusions about your identity from the data collected, nor can any be drawn through us.

The IP address of your device and the other data listed above are used by us for the following purposes:

  • to ensure a smooth connection setup,
  • to ensure smooth use of our website, and
  • to evaluate system security and stability.

The data are stored only as long as is necessary to fulfil the purpose intended for storage and are deleted afterwards automatically. We also use cookies, tracking tools, targeting methods and social media plug-ins for our website. The exact methods involved and how their data are used for this purpose are explained in more detail in section 3.4 below.

If you accept geolocalization in your browser or operating system or other settings of your device, we use this function in order to be able to offer you individual services related to your current location. We process your location data in this way exclusively for this function. The data will be deleted once the use has ended.

3.2. Conclusion, Performance or Termination of a Contract

3.2.1. Processing data upon the conclusion of a contract

The scope of GARPA’s business is the distance selling of goods and services, retail trade within the framework of permits issued by the relevant authorities, and the serial production of goods to be offered. In this context, we process the data required for the conclusion, performance or termination of a contract with you. This includes:

  • Salutation, Title, First Name, Surname
  • Invoice and Delivery Address
  • Email Address
  • Billing and Payment Information
  • Date of Birth
  • Telephone Number

Art. 6 (1) point b) of the GDPR serve as the legal basis, i.e. you provide us with the data on the basis of the contractual relationship between you and us. In order to process your email address for online orders, we are also obliged to electronically confirm receipt of your order due to a provision in the German Civil Code (BGB). Art. 6 (1) point c) of the GDPR serve as the legal basis. We store the data collected for performing the contract at least until the expiry of the statutory or possible contractual warranty and guarantee rights, provided we do not use your contact data for advertising purposes (see 3.3. below).

The following data processing operations are also required to process the purchase agreement:

We work together with logistics companies for the purpose of processing the sales contract. The following data may be transmitted to these logistics companies commissioned by us for the purpose of delivering the ordered goods or for announcing them: Information about your delivery address (first name, surname, postal address) as well as your email address and telephone number. The logistics company will contact you prior to delivery to provide you with the time of delivery or to discuss delivery details with you.

3.2.2. Identity, Creditworthiness and Information to Credit Agencies

If necessary, we may verify your identity by consulting information from service providers. Art. 6 (1) points b) and f) of the GDPR serve as the legal basis. Authorisation to do so arises from ensuring the protection of your identity and the avoidance of fraud attempts at our expense. The circumstance and the result of our enquiry will be added to your customer account or your guest account for the duration of the contractual relationship.

During the ordering process, we also check your credit rating, provided that you select the payment method ‘on account’. For this purpose, we pass on the following types of data to credit agencies cooperating with us: name, address, date of birth. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required under this provision arises from our interest in minimising the credit risk associated with these types of payments. The circumstance and the result of our enquiry will be added to your customer account for the duration of the contractual relationship.

If you have already made a purchase with us, your data stored by us about you can be supplemented by score values. Scoring is the process of making a forecast of future events based on information collected and past experiences. Such processing is based on Art. 6 (1) point f) of the GDPR. The preparation of such forecasts is to be regarded as a legitimate interest within the meaning of the aforementioned provision. Based on the data stored about your, you will be assigned to statistical groups of people with similar entries in the past. The underlying method used is a well-founded mathematical-statistical method for predicting risk probabilities that has long been tried and tested in practice.

In the event of a delay in payment, we reserve the right to pass on the necessary data to a company commissioned with asserting the claim if other legal requirements have been met. Art. 6 (1) point. b) and Art. 6 (1) point f) of the GDPR serve as the legal basis. The assertion of a contractual claim shall be regarded as a legitimate interest within the meaning of the second provision. Information about the delay in payment or a possible bad debt loss will also be forwarded to credit agencies cooperating with us if other legal requirements have been met. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required here arises from our interest and that of third parties in reducing contractual risks for future contracts.

3.3. Processing Data for Advertising Purposes

The following explanations refer to the processing of personal data for advertising purposes. The DSGVO declares such processing of data based on Art. 6 (1) point f) of the GDPR to be generally conceivable and a legitimate interest. The duration of data storage for advertising purposes does not follow rigid principles and is based on the question of whether storage is necessary for advertising purposes. Please refer to Section 3.3.4 for the procedure to be followed should you wish to assert your right to object.

3.3.1. Advertising Purposes of GARPA and Third Parties

If you have concluded a contract with us, we will store you as a customer in our system. In this case, we process your postal contact details beyond a concrete consent, in order to send you information about products and services in this way. We process your email address, provided we have received it from you, in order to send you information about our own, similar products beyond a concrete consent.

3.3.2. Interest-Oriented Advertising

To ensure that you only receive advertising information that is of supposed interest to you, we categorise and supplement your customer profile with further information. Both statistical information and information about you (e.g. basic details from your customer profile) are used for this purpose. The aim is to provide you with advertising that is solely oriented to your actual or supposed needs and not to trouble you with useless advertising.

3.3.3. Referring friends

If our customers inform us of potential interested parties for our offers (e.g. catalogue request), we collect this personal data provided to us for the purpose of acquiring new customers. We process and use the name and postal address to send our catalogue. For this purpose, we may pass on the personal data provided to us to relevant service providers commissioned by us. We are also obliged to inform the person you have named that you have given us the address data. We store your details (details of the interested party and the fact that you recommended the interested party) as long as this is necessary to fulfil the purpose for reasons of proof. The processing of postal contact data for the purpose of “referring friends” takes place outside the existence of a concrete consent in order to provide interested parties with information about products and services in this way. The GDPR declares such processing of personal data for advertising purposes on the basis of Art. 6 para. 1 lit. f) GDPR as fundamentally conceivable and as a legitimate interest.

3.3.4. Right to object

You can object to your data being processed for the above-mentioned purposes at any time free of charge, separately for the respective communication channel, and with effect for the future. To do so, simply send an email or a letter by post to the contact details listed under Section 2.

If you object to your data being processed, the contact address concerned will be blocked for further processing for advertising purposes. We wish to point out that advertising material may still be sent temporarily in exceptional cases even after receipt of your objection. This is technically due to the necessary lead time of advertisements and does not mean that your right to object has not been considered. We ask for your understanding.

3.3.5. Information on the Newsletter

We offer you the possibility to subscribe to our newsletter via our website. In order to make sure that no errors were made when entering the email address, we use the double opt-in process. This means that we will send you a confirmation link after you have entered your email address in the registration field. Your email address will be added to our mailing list only after you click on this confirmation link. Your electronic contact details will be processed solely on the basis of your consent pursuant to Art. 6 (1) point a) of the GDPR. You may revoke your consent at any time with effect for the future.. To do so, simply send an email to the email address provided under Section 2 or click on the “Unsubscribe” button at the end of each newsletter.

3.4. Online Presence and Website Optimisation

3.4.1. Cookies – General Information

We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that is generated in connection with the specific end device used. This does not mean, however, that we will gain immediate knowledge of your identity.

The use of cookies serves on the one hand to make using our offer more convenient for you. We use temporary cookies to recognise that you have already visited individual pages on our website. These will be deleted automatically once you leave our site. These cookies required for the functionality of our website are essential and cannot be deactivated (e.g. session cookies).

In addition, we also use permanent cookies which are stored on your device for a specified period of time to make our website more user friendly. If you visit our site again to use our services, the site automatically recognises that you have previously visited it and which data you entered as well as the settings you have made, so that you do not have to enter these again.

The cookies are automatically deleted after a specific period of time. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is generated. However, if you disable cookies completely, you may not be able to use all the features of our website. The length of time cookies are stored depends on their purpose and is not the same for everyone.

The marketing cookies used by us serve to display advertising that is in line with your interests. When you visit another website, the browser cookie will be recognised and advertisements selected based on the information stored in this cookie will be displayed.

The sue of statistic cookies helps us to measure the reach of our own offer. We can track which website was visited before calling our website and how our website was used, among other things. We use this data, among other things, to optimise our website by evaluating the campaigns we have carried out.

The legal basis on which we process your personal data using cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent in accordance with Art. 6 para. 1 lit. a) of the GDPR. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary, in order to fulfil our contractual or legal obligations.

Regardless of whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies.

Revoking consent shall not affect the lawfulness of processing data carried out on the basis of the consent up to the point of revocation.

You can exercise your right to object by using the settings of your browser, e.g. by deactivating the use of cookies (this can also restrict the functionality of our online offer).

You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.

3.4.2. Google Analytics

We use Google Analytics, a web analysis service provided by Google ireland Limited (“Google”), to provide need-based design and continuous optimisation of our pages.

In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this site such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transferred to a Google server, possibly in the USA or other third countries, and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and Internet use for market research purposes and to design these Internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that it is not possible to associate them with a user (IP masking).

You can prevent the use of cookies by selecting the appropriate settings in the browser; however, please note that if you do this, you may not be able to use the full features of this website. You can also prevent data generated by the cookie and related to your use of the website (including your IP address) from being collected as well as from processing this data by Google by downloading and installing the browser plug-in available under the following link: As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking this link. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. You can find further information on data protection in connection with Google Analytics on the Google Analytics website.

The legal basis for the processing of personal data described here is your consent in accordance with Art. 6 Para. 1 lit. a) of the GDPR.

You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.

3.4.3. Facebook Custom Audience via the Pixel Method

We use “Facebook pixels” on our website, a service provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”).

Facebook pixels enable Facebook to display our Facebook ads only to Facebook users who have visited our website, especially those who have shown interest in our online offerings or certain topics or products. Facebook pixels allow you to check whether a user has been redirected to our website after clicking on our Facebook ads. Facebook Pixel uses cookies, which are small text files that are stored locally in the cache of your web browser on your device.

If you have a Facebook user account and are registered, Facebook can associate the visit to your user account. The data collected about you is anonymous to us and does not give us any information about the identity of the user. However, Facebook may associate this data with your Facebook account. We have no control over the extent and further use of data collected by Facebook through the use of Facebook pixels. Even if you are not registered with Facebook or have not logged in, Facebook may collect and store your IP address and other identifying information.

We use Facebook pixels for marketing and optimisation purposes, in particular to place relevant and interesting ads on Facebook and thus improve our offer, make it more interesting for you as a user, and avoid annoying ads. This is also our legitimate interest in processing the above-mentioned data. For more information about Facebook’s collection and use of this information and your rights and choices regarding your privacy, please see Facebook’s Privacy Policy.

The legal basis for the processing of personal data described here is your consent in accordance with Art. 6 Para. 1 lit. a) of the GDPR.

You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.

3.4.4. Targeting

We want to ensure that you only see advertising on your end devices that is oriented towards your actual or supposed interests through the targeting measures used. It is both in your and our interest to not bother you with uninteresting advertisements.

The legal basis for the processing of personal data described here is your consent in accordance with Art. 6 Para. 1 lit. a) of the GDPR.

You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.

3.4.4.1. Onsite-Targeting

Our website uses cookies to collect and evaluate information to optimise advertisements. This information includes, for example, information about which of our products you are interested in. Any recording or analysis is done exclusively under a pseudonym and does not enable us to identify you. In particular, the information will not be merged with your personal data. This information enables us to display offers on our site that are specifically tailored to your interests, such as those arising from your past user behaviour. The cookie is automatically deleted after 30 days.

3.4.4.2. Re-Targeting

We also use re-targeting technologies from Google. This enables us to make our online offer more interesting and tailored to your needs. For this purpose, a cookie is set with which data from interested customers is collected using pseudonyms. This information is used to display interest-related advertisements about our offers on the websites of our partners. No directly personal data will be stored and no user profiles will be merged with personal data on you. The cookie is stored for a period of 2 years and then automatically deleted.

3.4.4.3. Right to revoke/object/opt-out

In addition to the option to revoke your consent and the deactivation methods described above, you can also generally prevent the targeting technologies described above by setting the appropriate cookie in your browser (see also 3.4.1.). In addition, you can deactivate preference-based advertising with the help of the preference manager by accessing it here.

3.4.5. Social Media Plug-Ins

We use social plug-ins from the social networks Facebook, Instagram, Pinterest and YouTube on our website on the basis of Art. 6 (1) point f) of the GDPR in order to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for operation that is compliant with data protection regulations is to be guaranteed by their respective providers. These plug-ins are integrated by the two-click method in order to protect visitors to our website in the best possible way.

3.4.5.1. Facebook

We use plug-ins from the social network Facebook on our website, which are offered by Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or contain “Like” or “Share”. An overview of the Facebook plug-ins and their appearance can be found by clicking the following link.

When you activate such a plug-in (first click), your browser establishes a direct connection to Facebook’s servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the page. This integration provides Facebook with the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA where it is stored. If you are logged in to Facebook, Facebook can immediately associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to a Facebook server where it is stored. The information will also be published to your Facebook account and displayed to your Facebook friends.

The purpose and scope of the collection of data and further processing including use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook’s Privacy Policy.

If you do not want Facebook to associate the data collected about your visit to our site directly with your Facebook account, you must log out of Facebook before visiting our site.

3.4.5.2. Instagram

Our website also uses social network plug-ins from Instagram. The Instagram service is a Facebook product provided by Facebook Inc. The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.

When you activate the plug-in (first click), your browser establishes a direct connection to Instagram’s servers. The content of the plug-in is transmitted directly from Instagram to your browser and integrated into the page. This integration provides Instagram with the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram account or are not logged in to Instagram.

This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA where it is stored. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to an Instagram server where it is stored. The information will also be published to your Instagram account and displayed to your Instagram contacts.

If you do not want Instagram to associate the data collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. For more information, see Instagram’s Privacy Policy.

3.4.5.3. YouTube

Our website uses plug-ins from YouTube which is operated by Google. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA is the site operator.

When you activate the plug-in (first click), your browser establishes a direct connection to YouTube’s servers. This will tell the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account beforehand. You can find further information about the handling of user data in YouTube’s Privacy Policy.

3.4.5.4. Pinterest

We also use social plugins on our website by the social network Pinterest, which is operated by Pinterest Europe Ltd. Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland (“Pinterest”). If you visit a page that contains such a plug-in, your browser establishes a direct connection with the Pinterest servers. The plug-in transmits protocol data to the server of Pinterest. This log data may include your IP address, the address of the websites visited, which also contain Pinterest functions, browser type and settings, date and time of the request, your use of Pinterest, and cookies.

If you click the Pinterest “Pin it” button while logged into your Pinterest account, you can link the content of our pages to your Pinterest profile. This allows Pinterest to match the visit to our pages to your user account. We would like to point out that we have no knowledge of the content of the data transmitted or its use by Pinterest. Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights and options to protect your privacy can be found in Pinterest’s privacy policy (https://about.pinterest.com/en/privacy-policy).

3.5. Contact

We offer visitors to our websites the opportunity to contact us via a contact form or by email. We use the information you provide via the contact form or by email (required information is marked with an asterisk) exclusively for the purpose of processing your request. This is done on the basis of Art. 6 (1) point f) of the GDPR. Proper handling of your concerns is to be regarded as a legitimate interest within the meaning of the GDPR. If you contact us in connection with a contractual relationship between you and us, Art. 6 (1) point b) of the GDPR, i.e. this contractual relationship, is also the legal basis for processing data. The data provided will be deleted immediately after use, unless there is a legal retention period. Your data will not be used for another purpose or transferred to third parties unless you have consented to this.

3.6. Access to the GARPA image archive/image database

We use the double opt-in procedure to register to our database. This means that after you register, we will send you an email to the specified email address in which we ask you to confirm that you wish to have your data entered into the database. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any potential misuse of your personal data.

The functions of the database can be described as follows:

For press contacts: Providing free image and text files for editorial purposes only.

For architects & interior designers: Providing free technical drawings, image and text files for personal, educational and informative purposes, for preparing quotations/cost estimates to end customers in connection with the sale of GARPA products via the company itself and for use in training courses or seminars.

3.7. Furnishing Planner

The Furnishing Planner on this website uses HTML5 storage objects that are stored on your mobile device. These objects store the required data (current plans, saved plans) independently of your browser and do not have an automatic expiry date. No personal data is stored by the Furnishing Planner. You can prevent the use of HTML5 storage objects by using private mode in your browser.

4. Online social media presence

4.1. Facebook

We operate a fan page on the social media network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”) under joint responsibility to communicate with interested parties and followers and to inform them about our products and services. All products for customers from the European Economic Area and Switzerland are offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

We may receive statistics from Facebook on the use of our fan page (for example, information about the number, names, interactions, such as likes or dislikes, comments, and summarised demographic and other information or statistics based on certain parameters about our company and the content on our fan page that help us learn about interactions with our site). For more information on the nature and scope of these statistics, please refer to the Facebook Site Stats Insights and responsibilities in the Facebook Page Insights Supplement. The legal basis for this type of data processing is Art. 6 Para. 1 lit. f) GDPR based on our aforementioned legitimate interest.

We have no influence on data that Facebook processes on its own responsibility in accordance with Facebook’s terms of use. However, we would like to point out that when you visit the fan page, data on your usage behaviour is transmitted from Facebook and the fan page to Facebook. Facebook itself processes the aforementioned information in order to compile detailed statistics and for its own market research and advertising purposes over which we have no control. According to Facebook, the data collected will also transferred to the USA and other third countries. For more information, see the Privacy Policy of Facebook.

Should we have obtained personal data of users when operating the fan page, users are entitled to the rights stated in this Privacy Policy. If users also wish to assert rights against Facebook, the easiest way for users to do so is to contact Facebook directly. Facebook knows the details of the technical operation of the platform and associated data processing as well as the specific purposes of data processing and can implement appropriate measures upon request should users wish to exercise their rights. We are happy to support users in asserting their rights as far as possible and forward user requests to Facebook.

4.2. Instagram

We also have an Instagram account. This service is provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

We have entered into an agreement with Facebook on joint processing. This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement by clicking the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

The legal basis for our social media presence at Instagram is Art. 6 para. 1 lit. f) of the GDPR based on our legitimate interest in the widest possible presence on the Internet.

Facebook Ireland Ltd. processes (personal) data when you use Facebook products -– including when you visit our Instagram page – even from people who are not logged into any of the Facebook services. What (personal) data this is in detail, how, for what purposes and on what legal basis it is processed is described by Facebook in its privacy policy, which applies to all Facebook products. There you will also find information on how to contact Facebook and on the settings for advertisements, cookies, etc. The data may be transferred to countries outside the European Union.

The link to Instagram’s privacy policy can be found by visiting: Instagram privacy policy.

4.3. Further online presences

We maintain further online presences in social networks to communicate with customers and interested parties and to inform them about our products and services.

User data is generally processed for market research and advertising purposes. In this way, user profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers will be stored on users’ computers. Advertisements are then placed, for example, on social networks as well as on third-party websites based on these user profiles. When using social networks, personal data of users may be processed outside the European Economic Area. The legal basis for data processing is Art. 6 para. 1 lit. 1 f) of the GDPR, based on our legitimate interest in effective information of and communication with users. The legal basis for data processed by the social networks on their own responsibility can be found in the privacy policy of the respective social network. The following links will also provide you with further information on the respective data processing and the options for exercising your right to objection.

We would like to point out that requests for data protection can be made most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly.

Pinterest

Pinterest is operated by Pinterest Inc, 651 Brannan Street, San Francisco, CA 94107, USA (“Pinterest”). For EEA residents, the data controller is Pinterest Europe Ltd Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland The link to Pinterest’s privacy policy can be found by visiting: Pinterest privacy policy.

YouTube

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. The link to Google’s privacy policy can be found by visiting: Google privacy policy

5. Your Rights

5.1. Overview

In addition to the right to revoke your consent given to us, you are entitled to the following further rights if the respective legal requirements are met:

  • Right of access to your personal data stored by us in accordance with Art. 15 of the GDPR; in particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it has been collected directly from you;
  • Right to rectification of inaccurate or incomplete personal data in accordance with Art. 16 of the GDPR;
  • Right to erasure of your data stored by us in accordance with Art. 17 of the GDPR insofar as no legal or contractual retention periods or other legal obligations or rights for further storage are to be observed; 

  • Right to restriction of processing your data in accordance with Art. 18 of the GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it; the data subject no longer needs the data but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 of the GDPR;
  • Right to data portability in accordance with Art. 20 of the GDPR, i.e. the right to receive selected data stored about you by us in a common, machine-readable format, or to request the transmission of those data to another controller;
  • Right of appeal to a supervisory authority You can generally contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.

5.2. Right to object

Under the conditions of Art. 21 (1) of the GDPR, data processing may be objected to for reasons arising from the particular situation of the data subject.

The above general right to object applies to all processing purposes described in this data protection information which are processed on the basis of Art. 6 (1) point f) of the GDPR. In contrast to the special right to object directed to data processing for advertising purposes (see above under 3.3.3.), the GDPR requires us to implement such a general objection only if you provide us with reasons of overriding importance (e.g. a possible danger to life or health In addition, it is possible to contact a supervisory authority or a competent body if you have a reason for complaint.

6. Data Security Measures

All data transmitted by you personally will be transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard, which is also used, e.g. for online banking. You can recognise a secure SSL connection among other things by the added s on the http (https://...) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Furthermore, we strive to continuously improve our security measures in line with technological developments.

7. Changes to the Privacy Policy

Advancing technology, legal requirements or even changed processes can have an effect on this Privacy Policy. We therefore reserve the right to change this Privacy Policy at any time with effect for the future. You will find the current version of the Privacy Policy on this website. Please inform yourself each time you use our Internet activity about the current Privacy Policy valid at the time.

Status as of: 24.11.2020