Data Privacy Declaration
I. General information on data processing
1. Scope of processing of personal data
In general, we process the personal data of our users only if necessary to provide a functional website and to provide our content and services. We typically only process our users’ personal data after we have received consent to do so from the user. In some exceptional cases, we may not be able to obtain prior consent due to the circumstances of the situation, but may process your data if permitted by law.
2. Legal basis for processing personal data
If we obtain consent from a data subject to process personal data, Art. 6 para. 1 lit. a. of the EU General Data Protection Regulation (GDPR) serves as the legal basis for doing so.
When processing personal data necessary to fulfill an agreement to which the data subject is a contractual party, Art. 6 para. 1 lit. b GDPR serves as the legal basis for processing. This also applies to processing procedures necessary to carry out pre-contractual measures.
If personal data must be processed to fulfill a legal obligation of our company, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the vital interests of the data subject or another natural person make it necessary for us to process personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If data processing is required to safeguard the legitimate interests of our company or a third party, and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the above interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
3. Data deletion and storage terms
Personal data of data subjects is deleted or blocked once the purpose for which it was saved no longer applies. In addition, data may only be saved if specified under European or national legislation in EU ordinances, laws, or other regulations to which the data controller is subject. Data will be blocked or deleted when the storage term specified by law expires unless it is necessary to continue saving the data to conclude an agreement or fulfill a contract.
II. Name and address of the data controller
The data controller under the GDPR and other national data privacy laws of the member states and data security regulations is:
III. Provision of the website and creation of log files
1. Description and scope of data processing
Each time you access our website, our system automatically records data and information from the requesting computer.
The following data is collected:
(1) Information on the browser type and version used
(2) The user's operating system
(3) The user’s internet service provider
(4) The user's IP address
(5) The date and time of access
(6) Websites from which the user’s system accessed our website
(7) Websites accessed by the user's system via our website
The log files contain IP addresses or other data that make it possible to associate such information with a user. This could be the case, for instance, if the link to the website from which the user accessed the page, or the link to the website to which the user switches contains personal data.
Data is also saved in our system's log files. This data is never saved alongside other personal data belonging to the user.
2. Legal basis for data processing
Art. 6 para. 1 lit. f) GDPR forms the legal basis for temporary storage of data and log files.
3. Purpose of data processing
The system must temporarily store the user’s IP address to allow it to deliver the website to the user’s computer. It must save the user’s IP address for the duration of the session. Data is saved in log files to ensure the website functionality. In addition, we use the data to optimize the website and ensure the security of our information technology systems. We do not evaluate the data in this context for marketing purposes.
We have a legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR for these purposes.
4. Duration of storage
Data is deleted once it is no longer necessary to achieve the purpose for which it was collected. If data is collected to provide the website, it will no longer be necessary once the specific session is ended. If data is saved in log files, it is deleted after seven days at the latest. We may save data for a longer period. In this case, the user’s IP address will be anonymized so it is no longer possible to associate it with the accessing client.
5. Right to object and right to data deletion
Data must be collected and saved in log files to provide and operate the website. Therefore, the user has no right to object.
1. Description and scope of data processing
The following data may be transmitted by such cookies:
(1) Search terms entered
(2) Frequency of page visits
(3) Use of website functions
2. Legal basis for data processing
Art. 6 para. 1 lit. f GDPR forms the legal basis for processing personal data using cookies.
3. Purpose of data processing
User data collected via technically required cookies is not used to create user profiles.
This website uses analytic cookies in order to improve the quality and content of our website. Analytic cookies tell us how the website is being used, helping us continuously optimize our services.
We have a legitimate interest in data processing personal data in accordance with Art. 6 para. 1 lit. f GDPR for these purposes.
4. Duration of storage, right to object and right to data deletion
Cookies are saved on the user’s computer and transmitted to our page by the computer. Therefore, as a user you have full control over how cookies are used. You can change the settings in your web browser to deactivate or restrict the transmission of cookies. Cookies saved in the past can be deleted at any time. This can also be done using an automatic process. If cookies are deactivated for our website, it is possible that you may not be able to use all of the functions of our website in full.
V. Use of etracker
Our website uses services by etracker GmbH from Hamburg, Germany (https://www.etracker.com) to analyze usage data. Cookies are used during this process that facilitates a statistical analysis of the use of this website by its visitors and the display of usage-related content or advertisements. Cookies are small text files saved by the user's web browser on their device. Etracker cookies contain no information that could allow us to identify the user.
Data is processed on the legal basis of Art. 6 para. 1 lit f of the General Data Protection Regulation (GDPR). Our legitimate interest lies in optimizing our online services and web presence. Since protecting the privacy of our users is highly important to us, etracker anonymizes IP addresses as early as possible and converts login or device identification into a unique key that cannot be associated with a specific person. Etracker does not use data in any other manner, nor does it combine it with other data or transmit it to third parties.
You can object to data collection and storage at any time, with future effect. To object to data collection and storage of your user data with future effect, you can download an opt-out cookie from etracker at the following link. This will prevent user data from your browser from being collected and saved by etracker in the future: http://www.etracker.de/privacy?et=V23Jbb This will save an opt-out cookie named “cntcookie” from etracker. Please do not delete this cookie for as long as you want to maintain your objection. Further information is provided in the etracker Data Privacy Provisions: http://www.etracker.com/de/datenschutz.html
VI. Newsletter, contact form and e-mail contact
1. Description and scope of data processing
Our website includes a contact form that can be used to get in touch with us electronically. If a user uses this contact form, the data they enter on the input screen is transmitted to us and saved. This data includes:
(2) E-mail address
You will be referred to this Data Privacy Declaration during the transmission process regarding data processing. Users may also contact us through the e-mail addressed provided. If they do so, any personal data transmitted in the e-mail will be saved.
Such data is never transmitted to third parties. Data is only used to handle the conversation.
You can also register for a newsletter on the Strube website. If you have consented to receive the newsletter, we will use your e-mail address to send you current offers and news on the content you have subscribed to via e-mail.
After successfully registering for the newsletter, you will automatically receive an e-mail requesting that you confirm your e-mail address. After you click the confirmation link in the e-mail to confirm your e-mail address, you will receive our electronic newsletter regularly.
We analyze parameters associated with you through a usage profile in aggregated form and in conjunction with the recipient name, including the following parameters associated with you due to your access of the newsletter and clicking the link contained in the newsletter. Our objective is to better tailor the newsletter to your individual preferences and interests: opening rate for the newsletter, click rate for individual linked posts, list of pages visited in the online shop.
You can revoke your consent to receive the newsletter at any time with future effect at email@example.com. In addition, you can unsubscribe from the newsletter at any time by clicking the link provided for this purpose in the newsletter. Your revocation of consent does not affect the legality of processing completed up to that point based on your consent.
3. Legal basis for data processing
The legal basis for processing personal data is Art. 6 para. 1 lit. a GDPR, if we have the user’s consent.
The legal basis for processing data transmitted when an e-mail is sent is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is sent for the purpose of concluding an agreement, Art. 6 para. 1 lit. b GDPR also serves as the legal basis for processing.
4. Purpose of data processing
We only process personal data from the input screen to contact the user. If a user contacts us via e-mail, this also serves as part of our legitimate interest in processing the data.
Other personal data processed during the transmission process is used to prevent misuse of the contact form and ensure the safety of our information technology systems.
5. Duration of storage
Data is deleted once it is no longer necessary to achieve the purpose for which it was collected. This is the case for the personal data from the contact form input screen and personal data transmitted via e-mail once our conversation with the user is over. The conversation is over when circumstances indicate that the matter in question has been fully clarified.
Additional personal data collected during the transmission process is deleted at the latest after seven days.
6. Right to object and right to data deletion
Users can revoke their consent to process personal data at any time. If the user contacts us via e-mail, they may object to saving of their personal data at any time. In such cases, we will not be able to continue our conversation with them.
Users may object by sending a message directly to the following e-mail address: firstname.lastname@example.org
All personal data saved during the course of contacting the user will then be deleted.
VII. Secure data transmission
We use the popular SSL process (secure socket layer) in conjunction with the highest encryption level supported by your browser during your website visit. Typically, this is 256 bit encryption. If your browser does not support 256 bit encryption, we instead use 128 bit v3 technology. You can tell whether individual pages of our website are being transmitted in an encrypted format because a key or lock symbol will be displayed in the bottom status bar of your browser.
We also take suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously revised in response to technological development.
VIII. Rights of data subjects
If we process your personal data, you are a data subject in the sense of the GDPR, and you have the following rights towards the data controller:
1. Your right to information
You can request a confirmation from the data controller of whether we process your personal data.
If we do process your data, you can request the following information from the data controller:
(1) the purposes for which personal data is processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed;
(4) the planned duration for which your personal data will be saved or, if no specific information is available, the criteria for determining this duration;
(5) the existence of a right to correct your personal data, a right to restrict processing by the data controller or a right to object to such processing;
(6) the existence of a right to submit complaints with a supervising authority;
(7) all available information on the origin of the data, if it was not collected from the data subject;
(8) the use of automated decision-making, including profiling, in accordance with Art. 22 para. 1 and 4 GDPR and – at least in such cases – clear information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information on whether your personal data is transmitted to a third party country or an international organization. You can also request in this respect to be informed of relevant guarantees according to Art. 46 GDPR given in conjunction with the transmission.
2. Right to correction
You have the right to request that the data controller correct and/or complete your personal data, if personal data processed on you is incorrect or incomplete. The data controller must correct such data promptly.
3. Right to restrict processing
Under the following conditions, you can request that processing of your personal data be restricted:
(1) if you dispute the correctness of your personal data for a long enough period allowing the data controller to check the correctness of said personal data;
(2) if processing is unlawful and you reject deletion of personal data, instead requesting a restriction in the use of personal data;
(3) if the data controller no longer requires the personal data for the purpose of processing, but if you need such data to assert, exercise, or defend against legal claims, or
(4) if you have objected to processing according to Art. 21 para. 1 GDPR and it is not yet clear whether the data controller's justifiable grounds for processing outweigh your own justifications.
If processing of your personal data was restricted, this data may only be processed – apart from saving it – with your consent or to assert, exercise, or defend against legal claims, or to protect the rights of another legal or natural person, in order to safeguard a significant public interest of the Union or its member states.
If the restriction of processing was restricted under the above conditions, you will be informed by the data controller before this restriction is lifted.
4. Right to deletion
a) Deletion obligation
You can request that the data controller promptly delete your personal data, and the data controller is obligated to delete this data promptly if one of the following justifications applies:
(1) Your personal datais no longer required for the purposes for which it was collected or processed in some other manner.
(2) You revoke your consent on which processing was based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for processing.
(3) You submit an objection to processing according to Art. 21 para. 1 GDPR and there are no justifiable grounds for processing that take priority over your objection, or you submit an objection to processing according to Art. 21 para. 2 GDPR.
(4) Your personal data was processed unlawfully.
(5) Your personal data must be deleted to fulfill a legal obligation under EU law or the law of its member states, to which the data controller is subject.
(6) Your personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
b) Information to third parties
If the data controller has disclosed your personal data and if it is obligated to delete such personal data according to Art. 17 para. 1 GDPR, it shall take appropriate technical measures in consideration of available technology and implementation costs to inform the data controller that you as the data subject have requested that all links to said personal data or copies or replications of the personal data be deleted.
In general, we only use your personal data within our company.
If and insofar as we engage third parties in order to carry out agreements (such as logistics service providers), they receive personal data only if transmission is necessary for the relevant service.
If we outsource certain parts of data processing (“contract data processing”), we contractually obligate contract processors to only use personal data in accordance with data privacy law requirements and to ensure protection for the rights of data subjects.
We do not transmit data to entities or persons outside of the EU except for in cases under clause 4 of this declaration, nor do we plan to do so.
The right to deletion shall not exist if processing is required
(1) to exercise a right to freedom of expression and information;
(2) to fulfill a legal obligation that requires processing in accordance with EU law or the law of the member states to which the data controller is subject, or to carry out an obligation that is in the public interest or under public authority assigned to the data controller;
(3) to safeguard public interests in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
(4) for archival purposes that are in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as this makes the right indicated under section a) will likely make it impossible to realize the goals of this processing or seriously interferes with it, or
(5) to assert, exercise, or defend against legal claims.
5. Right to information
If you have asserted your rights to correction, deletion, or restriction of processing against the data controller, the data controller is obligated to inform all recipients to whom your personal data was disclosed of this correction or deletion of data or restriction of processing, unless this proves to be impossible or unreasonably difficult.
You have the right to be informed by the data controller who these recipients were.
6. Right to data portability
You have the right to obtain your personal data, which you have provided to the data controller, in a structured, current, and machine-readable format. In addition, you have the right to transmit this data to another data controller without being prevented from doing so by the data controller to whom personal data was provided, if
(1) processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on an agreement according to Art. 6 para. 1 lit b. GDPR and
(2) processing is completed using automated processes.
In exercising this right, you furthermore have the right to ensure that your personal data is transmitted directly from one data controller to another, if this is technically feasible. The freedom and rights of other individuals may not be affected.
The right to data portability does not apply to processing of personal data necessary to carry out tasks that are in the public interest or to carry out public authority assigned to the data controller.
7. Your right to object
You have the right to object to the processing of your personal data at any time for reasons related to your specific situation, if such processing is carried out under Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process your personal data unless they can show mandatory and protected grounds for processing that outweigh your interests, rights, and freedoms, or if processing serves to assert, exercise, or defend against legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object against processing of your personal data for the purpose of such advertisements; this also applies to profiling, if it is connected to such direct advertising.
If you object to processing for the purpose of direct advertising, your personal data will no longer be processed for this purpose.
You may exercise your right to object through an automated process in which technical specifications are used in conjunction with the use of information society services – regardless of directive 2002/58/EG.
8. Right to revoke a declaration of consent under data privacy law
You have the right to revoke your declaration of consent under data privacy law at any time. Your revocation of consent does not affect the legality of processing completed up to that point based on your consent.
9. Automated decisions in individual cases, including profiling
You have the right to have decisions made about you not made exclusively through automated processing – including profiling – if this would have a legal impact on you or would affect you significantly in some other manner. This does not apply if the decision
(1) is necessary to conclude or fulfill an agreement between you and the data controller,
(2) is permitted based on legal regulations of the European Union or member states to which the data controller is subject, and if these legal regulations include appropriate measures safeguarding your rights, freedoms, and justifiable interests, or
(3) is completed with your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 para. 1 GDPR if Art. 9 para. 2 lit. a or g applies and if appropriate measures have been taken to safeguard your rights, freedoms, and legitimate interests.
With respect to the cases described in (1) and (3), the data controller must take appropriate measures to safeguard your rights, freedom, and legitimate interests, including at least the right to human intervention by the data controller, to present one's own opinion, and to challenge a decision.
10. Right to submit complaints to a supervisory authority
Apart from any other legal remedies under administrative or other law, you have the right to submit a complaint with a supervisory authority, in particular in the member state in which you live, work, or where the alleged violation took place, if you believe that processing of your personal data violates the GDPR.
The supervisory authority to which the complaint was submitted must inform the individual submitting the complaint of the status and results of said complaint, including the option of judicial remedy under Art. 78 GDPR.