Privacy Policy
DATA PRIVACY STATEMENT
With this data privacy statement, we would like to educate you in accordance with the provisions of the EU Regulation 2016/679 (General Data Protection Regulation - GDPR) on the nature, extent and purpose of the processing of personal data in connection with our website.
Definitions
“personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
General Information
Responsible Person/ Entity
Engel GmbH
Wörthstraße 155
72793 Pfullingen
Telephone +49 7121 387877
Telefax +49 7121 3878787
Email info@engel-natur.de
Contact Information of the responsible data protection officer
Engel GmbH
Wörthstraße 155
72793 Pfullingen
Telephone +49 7121 387877
Telefax +49 7121 3878787
Email datenschutz@engel-natur.de
Legal Basis
We process personal data based on at least one of the following statutory sources:
- Permission of the data subject to the processing of this or her personal data concerning one or more specific purposes (Art. 6 Para. 1 S. 1 lit. a GDPR);
- Completion of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 Para. 1 S. 1 lit. b GDPR);
- Compliance with a legal obligation we are subject to (Art. 6 Para. 1 S. 1 lit. c GDPR);
- Protection of the vital interests of the data subject or of another natural person (Art. 6 Para. 1 S. 1 lit. d GDPR);
- Protection of our legitimate interests or those legitimate interests of a third party (Art. 6 Para. 1 S. 1 lit. f GDPR)
The respective legal basis of individual processing operations is referred to below in this data privacy statement.
Disclosure of personal data to recipients
We only share personal data with recipients (mandated processors of personal data or other third parties) to the extent necessary and only under one of the following conditions:
- Permission of the data subject to the transfer of his personal data;>/li>
- The transfer is necessary for the fulfillment of contractual obligations or in order to take steps at the request of the data subject prior to entering into a contract;
- We are legally obligated to transfer the data;
- The disclosure is based on our legitimate interests or those legitimate interests of a third party.
Countries outside the EU
The transfer of personal data to a country or an international organization outside of the European Union (EU) or the European Economic Area (EEA) is subject to a statutory or contractual permission. Such transfer shall only be applicable under the conditions set out in Article 44 et seqq. GDPR. Therefore such transfer of personal data shall only occur to a country which was granted an adequacy decision of the EU-Commission pursuant to Art. 45 GDPR, a country which has given guarantees to appropriately safeguard personal data pursuant to Art. 46 GDPR or has implemented binding corporate rules following Art. 47 GDPR.
Rights of the data subject
The data subject has the following rights:
- pursuant to Art. 15 GDPR you have the right to request information about your personal data processed by us; you may also request information regarding the purposes for processing your personal data , the categories of personal data processed, the recipients or categories of recipients to whom your information has been or will be disclosed, the planned safeguarding period or the criteria for determining the safeguarding period, the provenance of your personal data if your personal data was not collected from you, the existence of automated decision-making, including profiling, and, where appropriate, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you, your right to rectification or deletion of your personal data, your right to limit such a processing or your right to object to such processing, the existence of a right to appeal to such processing in front of the supervisory authority; Finally, you have a right to know whether personal data has been transmitted to a country outside the EU or to an international organization and, if this is the case, the right to receive information about the measures taken for appropriate data security associated with such a transfer;
- pursuant to Art. 16 GDPR, you have the right to obtain the rectification of inaccurate personal data stored with us without undue delay;
- pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored with us, unless the processing of personal data is justified by the right of freedom of expression and information, for compliance with a legal obligation or for reasons of public interest or for the establishment, exercise or defense of legal claims;
- pursuant to Art. 18 GDPR you can demand the limitation of the processing of your personal data, if and as far as the accuracy of the data is disputed by you, the processing is unlawful and you are opposed to the erasure of your personal data and request the restriction of the use of such data instead; and we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or you have objected to the processing in accordance with Art. 21 GDPR, but it has not yet been determined whether our legitimate reasons for the data processing outweigh your interest;
- pursuant to Art. 20 GDPR you may request the transfer of the personal data you have provided us with in a structured, commonly used and machine-readable format and have the right to transmit this personal data to another controller;
- pursuant to Art. 21 GDPR you have the right to object to the processing of your personal data at any time to, on grounds relating to your particular situation, or personal data is processed for direct marketing purposes and the legal basis for the processing of the personal data are the protection of our legitimate interests or those legitimate interests of a third party according to Art. 6 Para. 1 S. 1 lit. f GDPR;
- pursuant to Art. 7 Para. 3 GDPR, you may at any time revoke your once given consent for processing your personal data to us. As a result of such a withdrawal, we are not allowed to continue processing your personal data in the future;
- pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular you can contact the supervisory authority of your habitual residence, your place of work or the place of the alleged infringement.
If you would like to assert your above data subject rights, you can contact us or our data protection officer at any time using the contact details above.
Erasure and Limitation of Personal Data
We erase personal data which we process according to the rules of Art. 17 GDPR and restrict the processing of personal data pursuant to Art. 18 GDPR. Insofar as this Data Privacy Statement does not stipulate otherwise, the personal data is deleted if this data is no longer necessary for the purposes for which the personal data was collected or otherwise processed and the deletion does not conflict with any statutory requirements of safeguarding this personal data. If personal data is required for legally permissible other purposes, it will not be erased but the processing of the personal data will be limited to such purpose. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, documents pursuant to § 257 Para. 1 Nr. 2 und 3 HGB and § 147 Para. 1 Nr. 2, 3, 5 AO will be safeguarded for 6 years, documents pursuant to § 257 Para. 1 Nr. 1 und 4 HGB and § 147 Para. 1 Nr. 1, 4, 4a AO will be safeguarded for 10 years.
Cookies
We have adopted the use Cookies for our website. Cookies are small text files that your browser automatically creates and are recorded on your device (laptop, tablet, smartphone, PC, etc.) when you visit our site. Cookies do not harm your device and do not contain any viruses or other malicious software. Cookies store information resulting in connection with the specific device in use. However, this does not result in an immediately knowledge of your identity. Cookies are mainly used to make our website offerings more user-friendly, effective and secure.
We use session Cookies to recognize which webpages you have frequented during your visit on our website. Cookies also provide certain functionalities. Session cookies are deleted after the end of your visit to our website.
The data processed by Cookies are necessary for the protection of our legitimate interests or those legitimate interests of a third party according to Art. 6 Para. 1 S. 1 lit. f GDPR.
The majority of browsers accept Cookies automatically. If you object to this routine browser setting, you can configure your browser so that no Cookies are stored on your device or a message is always displayed before a new Cookie is created. A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, e.g. at http://www.youronlinechoices.com/ or the deactivation page of the Network Advertising Initiative http://optout.networkadvertising.org. However, disabling Cookies may imply, that the usability of our website may suffer.
Individual processing operations
Hosting
To make our website available to the public, we are engaging services provided by hosting companies, such as the supply of web servers, disk space, database services, security and maintenance services.
Thereby we are, respectively our hosting provider is, processing personal data of users of our website on the basis of our legitimate interests in an efficient and secure supply of our online offerings pursuant to Art. 6 Para. 1 lit. f GDPR.
Access Data and Log Files
When you access our website or one of the individual web pages, the browser on your device automatically is sending information to the server of our website. This information is stored in so-called log files by us or our hosting provider.
The following information is stored:
- IP address of the computer requesting access to our website,
- Date and time of the access,
- Name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
This data is processed for the following purposes:
- Supply of our Internet offering including all functions and contents
- Enabling of an unobstructed establishment of a dial-up connection to the Internet
- Enabling a comfortable utilization of our website
- Ensuring system security and stability
- Anonymized statistical evaluation of visitors accessing our website
- Website optimization
- Disclosure to law enforcement authorities in the event of unlawful interference / attack on our systems
- Other administrative purposes.
The legal basis for the data processing is Art. 6 Para. 1 p. 1 lit. f GDPR. Our legitimate interest derives from the above data collection purposes. The collected personal data is never used for the purpose of drawing conclusions about a person.
Contact Form
If you use the contact form, you will be asked to provide your name and email address so that we can get in personal contact with you. Further information can be provided voluntarily. The processing of personal data for the purpose of establishing a contact with you and answering your request is in accordance with Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your unsolicited consent. All personal data collected in connection with the contact form will be deleted after your request has been processed, unless storage is required for the documentation of other transactions (for example the subsequent conclusion of a contract).
Newsletter
If you would like to receive our newsletter, we need your email address. The data processing for the purpose of sending you our newsletter is carried out pursuant to Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your voluntary consent by means of the so-called double opt-in procedure. Your email address will be used and stored for this purpose until you revoke your consent or unsubscribe from receiving the newsletter. The unsubscription from our newsletter is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can unsubscribe at any time by sending an email to the email address documented under II.
Registration
You have the opportunity to register on our website providing personal data. The registration is voluntary and is in accordance with Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your unsolicited consent. Which personal data is transferred thereby results from the respective input mask which is used for the registration. The personal data recorded will be used for the purposes of our offer as well as for contacting for information regarding supply and registration. A personal access allows you to look at your personal data and to make changes to these data. Your data will be stored until you delete the user account or instruct us to delete your data. Provided that we are obliged to retain your personal data on the basis of statutory retention periods, in particular tax and commercial law, the processing of your personal data will be restricted accordingly until the expiration of the retention periods and then the data will be deleted.
If you register on our website or use the user account we store the IP address and the time of the respective use. The storage takes place on the basis of our legitimate interest according to Art. 6 Para. 1 p. 1 lit. f GDPR for the provision of our offer. The storage is also in your interest to protect you from misuse and other unauthorized use. A transfer of these data to third parties does not take place unless it is required to fulfill contractual obligations according to Art. 6 Para. 1 lit. b GDPR or for the prosecution of any claims to which we are entitled or there is a legal obligation according to Art. 6 Para. 1 lit. c GDPR.
Contract Data
In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations via our Internet offering which takes place at the request of the data subject, we process the data of the data subject required for the fulfillment of the contract. This includes:
- Data of the contractor, such as name, address and contact details, if applicable different delivery or billing addresses or recipients and if necessary the date of birth;
- Contractual data, such as subject of the contract, duration, customer category;
- Payment data, such as bank details, credit card data, payment history.
The legal basis for the data processing is Art. 6 Para. 1 p. 1 lit. b GDPR.
The data will be transferred to third parties only to the extent to fulfill pre-contractual and contractual obligation, e.g. to banks, payment service providers, credit card companies for the payment transaction and to shipping service providers for the dispatch of goods.
Payment Service Provider
PayPal
This website uses PayPal as a payment service provider. Provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter „PayPal“). PayPal assumes the function of an online payment provider as well as a trustee and provides buyer and seller protection services. In case of payment via PayPal, credit card via PayPal, debit via PayPal, or – if offered – purchase on account via PayPal your name, email address, purchased products, invoice amount, billing and shipping address will be transferred to PayPal within the scope of the payment. If the payment methods credit card via PayPal, debit via PayPal, or – if offered – purchase on account via PayPal are used, PayPal will, if applicable, request a credit rating query, to verify creditworthiness and minimize payment defaults when deciding on the release of the payment transaction. Probability values will be used for a credit rating query (so called score values), address data will be included into the calculation. Recognized mathematical-statistical methods are the foundation of calculating those score values. If the credit rating is insufficient, PayPal can reject the chosen payment method. Legal basis of the processing is Art. 6 Para. 1 lit. b GDPR.
If you disagree with the data transfer or you consider your credit rating is not suitable for the chosen payment method we ask you to use another payment method. For more information about how PayPal handles your personal data, please see the relevant privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.
Services of Google
Provider of the following services of Google is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter „Google“).
The legal basis for using the following services of Google are our legitimate interests according to Art. 6 Para. 1 lit. f GDPR.
Google has entered the EU/ U.S. PrivacyShield, has thereby committed to compliance with European privacy standards and therefore is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the United States. Information on Google’s commitment concerning the PrivacyShield can be found under:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
For more information about how Google handles your personal data, please see the privacy policy of Google: https://www.google.com/intl/de/policies/privacy/.
Informations about the use of data for advertising purposes by Google, setting and contradictory options, you can found on these websites:
https://www.google.de/policies/privacy/partners/
https://www.google.de/policies/technologies/ads/
http://www.google.de/settings/ads
http://www.google.com/ads/preferences/
Google Maps
This website uses Google Maps by Google to display site plans, maps, terrain data or geographic maps. This service collects your IP address, which of our websites you have visited and, if applicable, other data required by Google for the provision of Maps (e.g. location data). Generated information will be stored on a server in the USA. These information will be transferred to third parties if required by law or if third parties process these data on behalf of us or Google. The terms of use for Google Maps can be found under: https://www.google.com/intl/de_de/help/terms_maps.html.