Thank you for your interest in our website. As a member of the Association of Safe and Serious Internet Shop Operators e. V., the protection of your personal data is very important to us. In the following, we will inform you, transparently and in understandable language, among other things about data collection and its scope, what your data is used for and what rights you have.
You have the right to receive information about the origin, the recipient (s) and the purpose of your stored personal data free of charge at any time. You also have the right to request the correction, restriction or deletion as well as the transfer of this data. If you have any questions about this or about data protection, you can contact the person responsible for data processing at any time. The person responsible for data processing is named under point 1 of this data protection declaration. You also have the right to lodge a complaint with the competent supervisory authority. Your rights in detail and detailed explanations can be found under point 6 of this data protection declaration.
Your data will be collected, stored and processed in compliance with the relevant legal regulations. Personal data are all types of data with which you can be identified as a person.
1.) Who is responsible for data processing?
In terms of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations, the responsible body is a natural or legal person who, alone or together with others, determines the purposes and means of processing personal data (names, contact details etc.) decides.
Responsible for data processing on this website is:
Bertram Mück
Duernbachstrasse 56
83727 Schliersee-Neuhaus
Phone: +49 – (0) 80 26 – 92 15 75
Email: shop@vapus.org
2.) Which data are recorded and processed on our website?
2.1.1 Automated collection of data:
Every time our website is called up, our system automatically records data and information from the computer system of the calling computer, in so-called server log files. Some of these data are technically necessary to display our website to you. It will not be merged with data from other sources. The following data is collected:
- The pages called
- Used browser types and versions
- The operating system used by the accessing system
- The website from which an accessing system came to our site
- The date and time the page was accessed
- The Internet service provider of the accessing computer
- The Internet protocol address (IP address) used
The legal basis for data processing is Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is the reliable and error-free functioning of our website. This data is not processed in any other way.
2.2 Collection of personal data
2.2.1 Data collection and processing when opening a customer account and when processing a contract
If you open a customer account on our website, this is done voluntarily. Registration is not a prerequisite for concluding a contract. Data is only collected to the minimum required; the mandatory information can be recognized by the correspondingly marked input fields. The deletion of the customer account is possible at any time and free of charge. If you wish to delete your data, please contact the person responsible for data processing. This is mentioned under point 1 of this data protection declaration.
We only use your data for the purpose for which you have registered or to process the contract. The legal basis for data processing is Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.
The customer data collected will be blocked after completion of the order, after termination of the business relationship or after deletion of your customer account and deleted after expiry of tax and commercial retention periods, unless you have consented to further use of your data.
2.2.2 Data collection and processing when using our email address or contact function
In the case of emails or messages via the contact form, we will save your data until your message has been processed. The mandatory information in the mask of the contact form can be recognized by the correspondingly marked input fields. The data will only be used to process your request; after processing has been completed, your data will be deleted. The legal basis for data processing is Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is answering your message or processing your request.
For emails or messages via the contact form (if available) aimed at the initiation of a contract, the commercial and tax retention periods of 10 years apply from the end of the calendar year in which the data was collected. After the deadlines have expired, the data are regularly deleted, unless they are still required for the initiation or for the fulfillment of the contract or we have a legitimate interest in continuing the storage. The legal basis for data processing is Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.
2.2.3 Newsletter function, data processing and possibility of objection.
2.2.3.1 You have signed up for our newsletter subscription:
If you subscribe to our free newsletter, data from the registration mask will be transmitted to us. The mandatory information can be recognized by the appropriately marked input fields and is limited to the required minimum (email address). For the processing of your data, consent is obtained during the registration process and reference is made to this data protection declaration. The legal basis for data processing is Art. 6 Para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing.
The data will not be passed on to third parties, but will only be used to send newsletters. You can revoke your subscription to the newsletter (with your consent) at any time for the future. To revoke your consent, there is a link in every newsletter to unsubscribe from the newsletter, but you can also unsubscribe directly via our website. The request to unsubscribe from the newsletter can of course also be sent directly to the person responsible for data processing. This is mentioned under point 1 of this data protection declaration. After unsubscribing from the newsletter, the data will be deleted unless you have consented to further use or we reserve the right to further use (as explained below under 2.2.3.2), which is permitted by law.
2.2.3.2 When we send newsletters to our existing customers
If you have purchased goods or services on our website and have saved your email address, we can use this to send you a newsletter, provided you have not objected to this. In such a case, only direct advertising for similar goods or services from our range will be sent via the newsletter. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 Para. 3 UWG. The legal basis for data processing is Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is to send you personalized advertising. You can object to the use of your data for this purpose at any time with future effect. To object, please contact the person responsible for data processing. This is mentioned under point 1 of this data protection declaration.
2.3 Passing on the data to third parties in order to fulfill the contract
2.3.1 Disclosure to shipping service providers in general and credit institutes
For payment transactions and, if necessary, for the delivery of goods, we pass on personal data to service providers (third parties) to the minimum required, if this is necessary for the execution of the contract.
If we pass on your data to a shipping service provider (such as DHL, DPD, UPS Hermes or GLS), the legal basis for this is Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.
If we pass on your payment data to the commissioned credit institution, the legal basis for this is Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.
2.3.2 Forwarding of email address and / or telephone number to shipping service providers
2.3.3 Payment service providers
On our website, you can choose from various payment service providers. In the following we will inform you about which data is passed on and based on which legal situation this happens:
2.3.3.1 PayPal / PayPal Plus
If you choose this payment service provider, the data required for payment will be passed on to PayPal (PayPal Europe, S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg). The legal basis for this is Art. 6 Para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing and Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure. You have the right to withdraw your declaration of consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.
If you choose the PayPal Plus payment methods by “credit card”, “invoice”, “direct debit” or “PayPal installment payment”, PayPal reserves the right to obtain credit information about you. A credit report can contain scoring values (= probability values). The so-called scoring values are based on a scientifically recognized mathematical-statistical procedure. Your address details are also (but not exclusively) included in the calculation of the score values.
The legal basis for data processing is Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables the processing of data in the event of a legitimate interest. In this case, the legitimate interest is to establish your identity or solvency.
You can object to the processing of your personal data at any time. However, PayPal may still be entitled to process, use and transmit the personal data if this is necessary for contractual payment processing by PayPal, is legally required, or is required by a court or an authority.
If you want to object to the use of your data or if you want to inform us about changes to the stored data, you can contact PayPal directly. You can also find more information about PayPal’s data protection provisions at the following Internet address:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
3.) What are cookies and which data are processed?
3.1 Cookies that are set by our website
Our website uses so-called cookies. Cookies are text files that are stored in the internet browser or by the internet browser on your computer. We use cookies to make our website more user-friendly for you. Some elements of our website require that the calling browser can also be identified after changing pages. For example, to save and transmit the items in your shopping cart or your login information. Most of the cookies we use are so-called “session cookies”, which are automatically deleted when the browser is closed. Some cookies remain stored on your device and enable recognition the next time you visit the website (so-called persistent cookies). These are automatically deleted after a specified period. You can find more detailed information on individual cookies in your browser settings.
The legal basis for data processing is either Art. 6 Para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing, or Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the performance of a contract with you or to carry out a pre-contractual measure, or Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is to offer you a technically error-free and function-optimized website.
If we store other cookies (for example from partner companies or to analyze your surfing behavior) on your device, we will inform you about this in detail below.
You can set your browser so that you are informed about the setting of cookies and then only allow these cookies in individual cases. You can also generally exclude the acceptance of cookies or only accept them in certain cases. You can also set your browser so that cookies are deleted after you close the browser window. The setting options differ depending on the browser. You can find help on the possible settings (for the most common browsers) under the following links:
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that if you do not accept cookies, the functionality of our website may be significantly restricted.
3.2 Comment functions on our website
Are not used by us.
3.3 web analysis / marketing
Is not used by us.
3.4 Social media / plugins
Are not used by us.
4.) How is the data backed up?
The transmission of personal data is exclusively encrypted via an SSL or TLS connection. This applies to messages via our contact function as well as to data on your order and payment transactions. Encryption prevents your sensitive personal data from being intercepted and viewed by unauthorized third parties. You can recognize an encrypted connection by the fact that the address line of the browser begins with “https: //” (and the lock symbol in the browser line).
The data stored in the systems of our website are protected by passwords and cannot be viewed by unauthorized third parties.
The transmission of data on the Internet, for example when sending an email, is not 100% secure and can in some cases have security gaps.
5.) How long will the personal data be stored?
How long your personal data is stored by us sometimes depends on the respective statutory retention period. In the case of messages via our contact function and / or via our email address, your data will be deleted after processing has been completed, unless we have a legitimate interest in continuing the storage.
The retention periods under commercial and tax law are 10 years from the end of the calendar year in which the data was collected. After the deadlines have expired, the data are regularly deleted, unless they are still required for the initiation or for the fulfillment of the contract or we have a legitimate interest in continuing the storage.
6.) What rights do you have vis-à-vis the person responsible for data processing?
In the following, we list the rights that you have against the person responsible for data processing under the General Data Protection Regulation (GDPR). The person responsible is named under point 1 of this data protection declaration. If your personal data is processed, you are “data subject” within the meaning of the General Data Protection Regulation (GDPR).
6.1 Your right to information in accordance with Article 15 of the General Data Protection Regulation (GDPR)
You can request information from the person responsible for data processing as to whether your personal data is being processed. If this is the case, you can also request information about the purposes for which this personal data is being processed; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed; the planned storage duration of your personal data or, if no specific information is available, the criteria for determining the storage duration; the existence of a right to correction or deletion of your personal data, the existence of a right to restrict processing by the person responsible for data processing or a right to object to this processing; The existence of a right to lodge a complaint with a supervisory authority (the data protection officer of the federal state in which we are based is responsible – you can find addresses and links here ); all available information about the origin of the data if the personal data are not collected from the data subject (i.e. you); the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the person concerned.
You have the right to request information about whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with. Art. 46 General Data Protection Regulation (GDPR) to be informed in connection with the transmission.
6.2 Your right to correction in accordance with Article 16 of the General Data Protection Regulation (GDPR)
You have the right to immediate correction and / or completion vis-à-vis the person responsible for data processing, provided that the processed personal data concerning you is incorrect or incomplete.
6.3 Your right to deletion in accordance with Article 17 of the General Data Protection Regulation (GDPR)
You can request the person responsible for data processing to delete the personal data relating to you immediately, and he is obliged to delete this personal data immediately if one of the reasons from Art. 17 Para. 1 GDPR applies.
The right to deletion does not exist if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims.
6.4 Your right to restriction of processing in accordance with Article 18 of the General Data Protection Regulation (GDPR)
You have the right to demand that the person responsible for data processing restrict processing as long as the correctness of the personal data relating to you is checked, you refuse to delete the personal data and instead request that the use of the personal data be restricted, the person responsible for the personal data no longer required for the purposes of processing, but you need them to assert, exercise or defend legal claims, or if you have objected to processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
6.5 Your right to information in accordance with Article 19 of the General Data Protection Regulation (GDPR)
If you have asserted the right to correction, deletion or restriction of processing against the person responsible for data processing, the person responsible is obliged to notify all recipients to whom the personal data relating to you have been disclosed of this correction or deletion of the data or restriction of processing, whether that be because this turns out to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
6.6 Your right to data portability in accordance with Article 20 of the General Data Protection Regulation (GDPR)
You have the right to receive the personal data concerning you, which you have provided to the person responsible for data processing, in a structured, common and machine-readable format, and you have the right to transfer this data to another person responsible without hindrance from the person responsible for data processing, to whom the personal data was provided, to the extent that this is technically feasible.
This right to data portability does not apply to processing that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been assigned to the person responsible for data processing.
The right to data portability must not affect the rights and freedoms of other people.
6.7 Your right to revoke declarations of consent given in accordance with Article 77 of the General Data Protection Regulation (GDPR)
You have the right to revoke your data protection declaration of consent at any time with effect for the future. In the event of a revocation, the data concerned will be deleted immediately, provided that there is no legal basis for processing that does not conflict with further processing that does not require consent. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.
6.8 The automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effects on you or which significantly affects you in a similar manner. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the person responsible, is permissible on the basis of legal provisions of the European Union or of the member states to which the person responsible is subject, and these legal provisions take appropriate measures to safeguard your rights and Contain freedoms and your legitimate interests or with your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases mentioned in 6.8.1 and 6.8.3, the person responsible for data processing takes appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state his own Standpoint and to contest the decision heard.
6.9 Your right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is against violates the GDPR.
The supervisory authority to which the complaint was lodged informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 of the General Data Protection Regulation (GDPR).
+++++++++++++++++++++++++++++
6.10 RIGHT TO OBJECT
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR takes place to file an objection with effect for the future; this also applies to profiling based on these provisions.
The person responsible for data processing will no longer process the personal data relating to you, unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
In connection with the use of information society services – regardless of Directive 2002/58 / EC – you have the option of exercising your right of objection by means of automated procedures in which technical specifications are used.
+++++++++++++++++++++++++++++