The company responsible for processing personal data via the website is Der Greif e.V., Atelierstr. 18, 81671 Munich, Germany (hereinafter: "Der Greif"). You can reach us in all data protection matters at firstname.lastname@example.org.
All personal data that we process via the website is stored on local servers of the company AWS in Germany. The purpose of this data processing is the hosting of our web servers and databases as well as their data protection (backup) based on corresponding data processing agreements.
For technical reasons, Der Greif collects so-called access data when the website is called up and saves this in a log file (so-called log file). When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required to deliver the content of our website correctly, to optimize the content of our website and the advertising for it and to ensure the long-term functionality of our IT systems and the technology of our website, as well as to notify law enforcement authorities in the event of a crime provide the information necessary for criminal prosecution in the event of a cyber-attack. This collected data and information is therefore evaluated by us statistically on the one hand and also with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us (Art. 6 Paragraph 1 lit. f) GDPR). In addition to the IP address, the name of the website you accessed, the file accessed, the date and time of access, the amount of data transferred and notification of successful access, the browser type provider are stored in the log file. We do not pass this data on to third parties. The log files are automatically deleted 7 days after collection.
In addition to log files, cookies and other tools are used when visiting our websites. For details on the cookies that are used when you use our website, how long they are stored, and information on how you can delete the data collected here, please refer to the cookie settings. We distinguish the following types of cookies:
Essential cookies: These cookies are necessary to provide the basic functions of the website. and cannot be disabled in your systems (Art. 6 para. 1 lit. f) GDPR).
Optional cookies: These cookies allow us, among other things, to evaluate the calls and visits to the website in order to improve our website. With these cookies, we are able to provide advanced functionalities and personalization options. They can be set by us or by third-party providers (External Media) whose services we use on our pages (Art. 6 para. 1 lit. a) GDPR).
We use tools, among other things, to be able to optimize our offers and presentations by way of usage analysis or to gain insights into our target groups. In order to use these tools, however, we require your prior consent (Art. 6 (1) a) GDPR). However, profiling or automated decision-making does not take place. An overview of the tools and their providers can be found in the cookie settings .
Plugins are used on our websites, with which interaction with other services or websites (plugin providers) is usually established. However, we also require your consent for this beforehand (Art. 6 (1) a) GDPR). Only then will your browser establish a connection to the servers of the respective network. An overview of the plugins as well as their providers can be found in the cookie settings.
Please note that Der Greif is only responsible for the collection of the IP address via the use of the plugin. With regard to the subsequent processing by the providers, they are responsible under data protection law, including the duration of data storage. In addition to the IP address collected by us, the plugin provider may use its own personal data (held by the provider) from you for purposes of advertising (including for third parties), market research and/or demand-oriented design of its own website and to inform other users of the respective network about your activities on our website. The providers act here as likewise responsible in the sense of data protection, since we have no knowledge of the extent to which the provider uses the data thus obtained from the time you clicked on the respective button. Further information on the purpose and scope of data processing by the plug-in providers as well as information on exercising your rights in this regard (e.g., information and objection) can be found in the data protection declarations linked below.
You have the option of registering on our website by providing personal data. When creating your customer account, we collect so-called registration data (e.g. first and last name, email address), login data (email address, password) and connection data (IP address). We process this data in order to provide you with access to your customer account. The login data is used to verify your account (Art. 6 Para. 1 lit. b) GDPR). The data will not be passed on to unauthorized third parties. We store this data for the duration of the existence of your customer account, unless you request us to delete it beforehand and there are no other statutory storage and storage obligations. The provision of the above personal data is contractually provided, otherwise it is not possible to use and manage your account.
In the case of your order, we first process your customer data (e.g. first and last name, billing address, delivery address, telephone number, customer ID, email address). We also need the shipping information and payment details (advance payment, PayPal, etc. or credit card payment). We process the data in order to record and process your order (Art. 6 Para. 1 lit. b) GDPR). The data of your order will not be passed on to unauthorized third parties. We pass on information about your delivery address to logistics companies and shipping partners commissioned by us. We store the data collected for contract processing for the duration of the contractual relationship, unless you request us to delete it beforehand, but at least until the statutory warranty claims have expired. After these periods have expired, we retain the information on the contractual relationship required under commercial and tax law for the periods specified by law.
Depending on the payment method you have selected, the payment information will be transmitted to the relevant payment service provider. For credit card payments, we use a PCI-DSS-certified and specialized service provider with whom we have concluded an order processing contract (Art. 6 Para. 1 lit. b) GDPR). If you select one of our offered payment providers during the ordering process in our online shop, your data will be automatically transmitted to this provider. By selecting this payment option, you agree to the transfer of personal data required for payment processing. The personal data transmitted is usually first and last name, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. Personal data related to the respective order are also required to process the purchase contract. The transmission of the data is intended for payment processing and fraud prevention.
We offer a contact form on our website to answer questions of interested parties and users and to provide information about our services. We process the inquiries and information sent to us in this context only to process your inquiry and to contact you (Art. 6 para. 1 f) GDPR). We store your data at the longest for the duration of a resulting business relationship with you (Art. 6 para. 1 b) GDPR). If such a business and contractual relationship does not arise as a result of the request, we will delete your data no later than 24 months after the last contact with you. The right to object to the processing beforehand or to demand deletion remains unaffected, of course.
If you subscribe to our email newsletter, we will only process your email address. The data will be used exclusively to send you information from us at regular intervals (Art. 6 para. 1 lit. a) GDPR). We do not pass on your personal data, which you provide to us when registering for the newsletter, to unauthorized third parties. However, the newsletter tool is provided by an external provider, which is why we have concluded a contract with them for commissioned data processing. When receiving the newsletter, we use so-called web beacons, or tracking pixels, with the help of which we can determine that you have received or opened the newsletter or whether you have clicked on links stored in the newsletter. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. We may link this data by means of tracking with actions you have taken on our website (Art. 6 para. 1 lit. a) GDPR). If you also do not want any automated evaluation and analysis of your user behavior in connection with the newsletter, you must unfortunately unsubscribe from the newsletter service. Until then, the data will be stored as long as you have subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. The provision of personal data is neither legally nor contractually required. However, without the specification of the e-mail address, the dispatch, or the receipt of the newsletter is not possible.
We operate websites on online platforms and social networks in order to interact with potential or existing customers, to exchange information with interested parties and users, or to advertise offers and services. We operate our websites under joint responsibility (under data protection law) with the providers. We process data that you directly share or publish via the online platforms and networks (e.g., via comment and chat functions) as the responsible party in order to interact with you in this regard or to exchange information with you. As part of this interaction, we may also receive statistical data from the platform operators on the use of our "channels and fan pages". This includes, for example, information about interactions, likes, comments or aggregate information and statistics (e.g. IP address; origin of followers) that help us learn about interactions with our site. The legal basis for data processing in our area of responsibility is Art. 6 para. 1 p. 1 f) GDPR.
You have the right to request confirmation from us at any time as to whether we are processing personal data about you and the right to information about this personal data. In addition, you have the right to rectification, erasure and restriction of data processing, as well as the right to object to the processing of personal data at any time, or to withdraw consent to data processing at any time, or to request data transfer. In addition, you have the right to complain to a supervisory authority in the event of data protection violations. Please direct all requests for information, revocations or objections to data processing by email to email@example.com.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning your which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) GDPR, in accordance with Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims. If you would like to exercise your right to object, simply send an email to firstname.lastname@example.org.
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new content, services and website offers. For your renewed visit, the new data protection statement accessible at this URL will then apply.
Status: 14. March 2023