As part of our Privacy Statement, we inform our clients and website visitors about our collection and processing of personal information. Personal information refers to all data relating to an identified or identifiable natural person (known as a data subject). This includes names, addresses, e-mail addresses, as well as user behavior.
- Who is responsible for processing this information?
GbR MR. E Aoude Ilham und Hussein Mohanad
You can contact our Data Protection Officers at:
GbR MR. E Aoude Ilham und Hussein Mohanad
For any questions about data protection, please contact our Data Protection Officers directly.
2. On which legal basis do we process personal information?
We process personal information according to the provisions of the European General Data Protection Regulation GDPR) and the Federal Data Protection Act (BDSG).
According to article 6 of the GDPR, data processing may only take place
- on a consensual basis,
- to fulfill contractual duties or pre-contractual measures,
- for the public benefit or
- insofar as the processing is required to protect the legitimate interests of the responsible parties or a third party, except where those interests are overridden by the interests and the fundamental rights of the data subject, which require the protection of personal information. A legitimate interest especially exists in the establishment of a contract with financial obligations, such as the conclusion of a sales contract.
3. Which data do we collect and process when a visitor enters our website?
During an informational visit to our website, meaning you neither register nor provide us with any further information, we only collect the personal information which your browser transmits to our server (known as “server log files”). The following data is technically necessary for you to be able to view our website:
- The IP address
- The date and time of the request
- The time zone difference from Greenwich Mean Time (GMT)
- The specific content of the request (the exact page)
- The access status/HTTP status code
- The volume of data transferred each time
- The source/Internet page from which the request came
- The Browser you used
- The operating system and its environment
- The language and version of your browser software
This processing takes place according to GDPR Art. 6 Paragraph 1 f) to ensure a smooth connection is established with our web pages, to ensure that our web pages are comfortable to use, to evaluate our system’s safety and stability, as well as for further administrative purposes.
In no case do we use the data collected for the purposes of drawing conclusions about your person.
4. Which data do we collect and process when a visitor enters our online shops?
If you send us an inquiry or wish to order products from our online shop, we require and process certain data, such as information about the order you have selected or completed, your address and e-mail address, and your chosen payment methods. You have the option of voluntarily adding additional information, such as a telephone number, in order to allow us to get in touch with you faster.
You may voluntarily open a customer account, through which we can save your data for later purchases. By opening a customer account under “My Account,” the data you enter is revocably stored for the duration of your customer account’s existence. You may find the legal basis for this in GDPR Article 6 Paragraph 1 a).
We process the data submitted to us to execute contracts, for pre-contractual verifications depending on the chosen payment method, and for processing potential warranty claims. You may find the legal basis for this in GDPR Article 6 Paragraph 1 c) and f).
In addition, our service providers (such as logistics companies or payment agents) receive the necessary data regarding your person or your order. Depending on the chosen payment method, we also carry out credit checks. Without the relevant personal information, we cannot accept orders, or can only do so through a limited selection of payment methods.
As part of our company’s operations, we process your data using our IT systems. We also partly use external service providers for processing your data. We carefully select and commission these service providers, they are held to our instructions, and are regularly monitored.
We can also process the data you provide to inform you about interesting products from our portfolio, or to get in touch with you on particular occasions.
5. How is data collected and processed from inquiries or communications made via post, fax, e-mail, or contact forms?
If you send us inquiries or communications relating to an order by post, fax, e-mail, or via a contact form, we save your inquiry or communication as well as our answer under correspondences related to each order and/or your customer account, as part of our commercial and tax obligations.
For other inquiries or communications made by post, fax, e-mail, or via a contact form, we use the personal information you transmit in your inquiry exclusively to answer your inquiry, but we do not save your inquiry or the personal information transmitted in the inquiry.
6. Who do we transmit personal information to?
When you place an order, to execute the agreement we transmit your personal information to the shipping company we commission to carry out the delivery if this is necessary for the delivery of the purchased products. To process payments, we transmit the necessary payment information to the credit institution entrusted with the payment and potentially also to our commissioned payment service provider, and/or to the payment service you selected during the order process.
We transmit, as far as necessary and in accordance with the relevant legal obligations, data concerning customers, interested parties, delivery services, and our own personnel to public authorities, such as financial administrations, and external advisors (tax advisors, attorneys, accountants), as far as is required to manage our company economically and in compliance with the applicable laws.
7. How long do we store personal information?
The storage period for personal information is determined on the basis of relevant legal retention periods. In particular, commercial and tax law mandate that data arising from completed transactions be archived for the duration of statutory retention periods. GDPR Article 6 Paragraph 1 c) provides the legal basis for the relevant data utilization.
After the elapse of the relevant statutory retention period, the data in question is routinely deleted, as long as it is no longer necessary for the fulfillment or initiation of an agreement and/or we no longer have any legitimate interest in continuing to store it.
8. What rights do data subjects have?
The applicable data protection regulation grants our customers and visitors to our website the following rights concerning the personal information that relates to them:
- a) The right of access according to GDPR Article 15
You have the right to request a confirmation from us stating whether we are processing personal information relating to you. If so, you have the right to access this personal information, as well as information about
- the processing purposes,
- the categories of personal information being processed,
- the recipients or categories of recipients with whom this personal information is shared, or will be shared, especially third country recipients or international organizations,
- if possible, the planned duration for which the personal information will be stored, or, if this is not possible, the criteria for establishing this duration,
- the existence of a right to rectify or delete personal information relating to you, or to restrict the processing of this data by the data controller, or the right to revoke your consent to this processing,
- the existence of a right to appeal to supervisory authorities,
- if personal information is not collected from you, all available information about the origins of the data or
- about the use of automated decision-making or profiling
- b) The right to rectification according to GDPR Article 16
You have the right to request that we immediately rectify incorrect personal information relating to you.
- c) The right to erasure according to GDPR Article 17
You have the right, according to the provisions of GDPR Article 17 Paragraph 1, to request that we delete your personal information. However, this right does not apply in those particular cases where its processing is necessary for exercising the right to freedom of expression and information, for carrying out legal obligations, for reasons of public interest, or for the exercise, pursuit, or defense of legal claims.
- d) The right to restrict processing according to GDPR Article 18
You have the right to request that we restrict the processing of your personal information, provided that
- we verify the accuracy of the data which you dispute,
- you decline the deletion of your information due to unauthorized data processing and instead request that the processing of your information be restricted.
- we no longer require your personal information for the processing purposes, but you require this information in order to enforce, exercise, or defend legal claims or
- if you filed an objection on grounds that arise from your particular situation, our legal rights have not yet been determined as prevailing over your objection.
- e) The right to data portability according to GDPR Article 20
You have the right to receive the personal information which you have provided us, in a structured, commonly used, and machine-readable format, or to request that it be transmitted to a different data controller, as long as the processing is based on consent or on a contract, and the processing is carried out through automated means.
- f) The right to withdraw consent according to GDPR Article 7, Paragraph 3
You have the right to withdraw the consent you gave us to process your data at any time. You will not incur any special costs in doing so (except for transmission costs based on the rates of your provider).
Withdrawing your consent will not affect the lawfulness of processing which was carried out on the basis of your initial consent and until its withdrawal.
- g) The right lodge a complaint according to GDPR Article 77
You have the right to lodge a complaint with a supervisory authority, particularly in the Member State in which your residence, your workplace, or the place of alleged infringement is located, if you believe that your personal information has been processed in violation of the Data Protection Regulation.
9. What provision of personal information is mandatory?
Without the provision of certain relevant personal information, our online shop cannot take orders, or can only do with limited payment options.
10. What consent have you given us?
You may have consented to being contacted for the purposes of advertising or certain data utilizations (for example, for us to send you a newsletter or to reproduce offers after you log in in as a customer). If you have given us consent, we have saved the written consent and can retrieve it. You can retrieve this text by sending us an e-mail at the address listed under point 1 of this privacy statement. We will then send you the information you request via e-mail.
In order to for our website to look appealing and to enable certain functions, we use “cookies” on different pages. Cookies are small text files which are stored on your terminal device (laptop, tablet, or smartphone) when you visit our web pages. Cookies allow us to generally make our website more user-friendly and effective. Cookies do not damage your device, nor do they contain any viruses, trojans, or other kinds of malware.
Some of the cookies we use are deleted at the end of the browser session, meaning when you close your browser. These are called transient cookies, or session cookies.
Other cookies remain on your device to allows us or our partner companies (third-party cookies) to recognize your browser upon your next visit. These are called persistent cookies. When cookies are used, they collect and process user information within an individually-defined scope, such as browser or location information, as well as IP address information. Persistent cookies are automatically deleted after a given period of time. Different cookies may have different duration periods before they are deleted.
Personal information which we process through the individual cookies we implement is processed according to GDPR Article 6 Paragraph 1 f) in order to protect our legitimate interests and the best possible functioning of our website, as well to ensure a user-friendly and effectively-designed page visit.
Please note that you can configure your browser so that you are informed about each insertion of cookies. You can configure your browser, so that you can decide whether to accept cookies, or to accept cookies only in certain cases, or to reject them general. Each browser has different processes to follow for configuring your cookie settings. You can find out how to change your cookie acceptance or rejection settings in your browser’s Help menu, which will show you how to modify your cookie settings. You can also choose to clear all saved cookies at any time from your browser.
Please note that not accepting cookies may restrict our website’s functionality.
12. Subscribing to our Newsletter
You can consent to sign up to our newsletter, through which we inform you about interesting offers. The products and services offered are described in the declaration of consent.
We manage newsletter subscriptions using what is called a double-opt-in process. This means that after you sign up, we send an e-mail to the e-mail address you provide, asking you to confirm that you wish to receive our newsletter. If you do not confirm your subscription within 24 hours, your information will be frozen and automatically deleted after one month. We also save the IP address you used and the time of your subscription and confirmation. The purpose of this process is to verify your subscription and potentially to identify possible misuse of your personal information.
Your e-mail address is the only information required for us to send you our newsletter. Providing any further, more specific information is voluntary, and is used to be able to address you personally.
After your confirmation, we save your e-mail address for the purpose of sending you the newsletter. The legal basis for this is GDPR Article 6 Paragraph 1 a).
13. Use of Google Analytics
This website uses features from the web analytics service Google Analytics, the service provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses “cookies”. These are text files which are saved onto your computer and allow us to analyze the use of the website. The information collected from these cookies regarding your use of this website are generally transmitted and stored in a server belonging to Google in the USA. If IP anonymization is activated on this website, Google will preemptively shorten your IP address within member states of the European Union or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to Google’s servers in the United States and shortened there. This website’s owner commissions Google to use this information to evaluate your utilization of the website, to create reports about website activity, and to provide other services relating to the website utilization and internet utilization to the website owner. The IP address transmitted by your browser to Google Analytics is not merged with other Google data. You can configure your browser software to prevent cookies from being stored; we would like to inform you however, that doing so may prevent you from making full use of some of the functions of this website. You can also prevent data provided by the cookie concerning your use of this website (incl. your IP address) from being collected or processed by Google by downloading and installing the browser plug-in available at this link: http://tools.google.com/dlpage/gaoptout?hl=de
14. Use of Facebook Social Plugins
15. Data Security
For security purposes and to protect the transmission of personal information and other confidential content (e.g. orders or requests directed to us), our website uses SSL or TLS encryption. You can identify which of our web pages have an encrypted connection because the key- or lock icon in the lower status bar of your browser will appear locked.
We also use the appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or any unauthorized access by third parties. Our security measures are continuously improved based on technological developments.
16. No use of automated decision-making
We hereby warrant that we do not use any automatic decision-making or profiling.
17. Information about the right to restrict processing according to GDPR Article 21
You have the right, on grounds that arise from your particular situation, to file an objection at any time to the processing of your personal information which we carry out according to Article 6 Paragraph 1 e) or f); this also applies to profiling based on these provisions.
We will then stop processing of your personal information unless we can demonstrate compelling legitimate grounds for this processing, which override the interests, rights, and freedoms of the data subject, or that the processing of the data serves to enforce, exercise, or defend legal claims.
If we process your personal information in order to carry out direct mailings, you have the right to object to the processing of your personal information for the purpose of this mailing at any time; this also applies to profiling, insofar as it is connected to this direct mailing. Should you object to processing for the purposes of direct mailing, your personal information will no longer be used for this purpose.