This privacy notice applies to the use of the www.expertgear.de website and all its subdomains including expertgear.eu (hereinafter the 'Website').
We take data protection very seriously. Your personal data are collected and processed in accordance with the applicable data protection regulations and in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to provide you with the above-mentioned portal. This notice describes how and for what purpose your data are collected and used and what options you have with regard to your personal data. By using this Website you agree to your data being collected, used and transferred in accordance with this privacy notice. This Website uses SSL and TLS encryption for security reasons and to protect the transfer of personal data and other confidential content (e.g. orders or requests to the data controller). An encrypted connection is indicated by the character sequence 'https://' and the padlock symbol in your address bar.
1. Data Controller
The data controller for the collection, processing and use of your personal data as defined by the GDPR is: Expert Gear UG, Managing Director/Owner: Klaus Reinl, Hütterbaum 17, 41069 Mönchengladbach, Germany, Email address: firstname.lastname@example.org, Contact Data protection officer: email@example.com, Link to our legal notice: https://www.expertgear.de/impressum/
Types of processed data
- User data (e.g. names, addresses).
- Contact data (e.g. email addresses, telephone numbers).
- Content data (e.g. input text, photographs, videos).
- Usage data (e.g. visited websites, interest in content, access times).
- Meta/communication data (e.g. device information, IP addresses).
Categories of data subjects
- Visitors and users of the online offering (data subjects are also referred to hereafter collectively as 'Users').
Purpose of processing
- Providing the online offering, its features and content.
- Replying to contact inquiries and communicating with users.
- Security measures.
- Audience measurement/marketing
Right of withdrawal
- You are entitled to withdraw your consent with effect for the future in accordance with GDPR Art. 7(3).
Should you wish to withdraw your consent for us to collect, process or use your data in accordance with this privacy notice as a whole or with respect to individual measures, please contact the above-mentioned data controller. You can save and print out this privacy notice at any time.
2. General Use of the Website
2.1 Access data
We collect information concerning you when you use this Website. We automatically collect information about your patterns of use and interaction with us and record data concerning your computer or mobile device. We collect, save and use data concerning each access to our online offering (known as 'server log files'). Access data include the name and URL of accessed files, the date and time of access, quantities of data transferred, notification of successful access (HTTP response code), browser type and version, operating system, referrer URL (i.e. the previously visited site), IP address and the requesting provider.
We use this log data, without connecting it to you or carrying out any other type of profiling, to perform the statistical analyses required for operating, optimising, and ensuring the security of our online offering as well as for anonymously recording volumes of visitors to our Website (traffic), determining how and to what extent our Website and services are being used, and to measure the number of clicks from cooperation partners for billing purposes. Using this information, we are able to provide personalised and location-specific content, analyse data traffic, identify and resolve faults, and improve our services. We reserve the right to retrospectively check log data if there is good reason to suspect unlawful use based on concrete evidence. We save IP addresses for a limited period of time in log files where this is necessary for security purposes, service provision, or billing for services e.g. if you use one of our offerings.
Where the ordering process is aborted or after payment is received, we delete IP addresses if these are no longer required for security purposes.
We also save IP addresses if we have good reason to suspect that an offence has been committed in connection with using our Website. As part of your account, we also save the date of your last visit (e.g. when registering, logging in, clicking on links, etc.).
2.2 Email contact
Personal data are collected when you contact us (e.g. using the contact form or by email). Where a contact form is used, it is clear from the form itself what data are collected. These data are used exclusively to respond to your request and are saved and used in order to establish contact and for the purposes of the associated technical administration. The legal basis for processing these data is our legitimate interest of responding to your request pursuant to GDPR Art. 6(1)(f). If you contact us with a view to entering into a contract, the additional legal basis for processing your data is GDPR Art. 6(1)(b).
Your data are erased after your request has been definitively addressed. This is the case where it is clear from the circumstances that the matter in question has been definitively resolved and provided that no legal retention obligations prevent this.
2.3 Order processing in the online shop and customer account
We process our customers' data as part of ordering processes in our online shop to enable them to choose and order selected products and services, pay for these, and allow us to deliver or perform these products or services.
Processed data include user data, communication data, contractual data and payment data. Data subjects include our customers, prospects and other business partners. Data are processed for the purpose of providing contractual services in connection with operating an online shop, billing, deliveries and customer services. In connection with these activities, we use session cookies to save items in the shopping basket and permanent cookies to save login status.
Data is processed on the basis of GDPR Art. 6(1)(b) (performing ordering processes) and (c) (legally required archiving). Details marked as compulsory are necessary for for setting up and fulfilling contracts. We only disclose data to third parties in connection with delivery, payment or in connection with legal permissions and obligations with respect to legal advisers and authorities. Data are only processed in third countries if necessary for performance of contract (e.g. if required by customers for delivery or payment).
Users have the option of opening a user account in which they can notably view their orders. When registering, Users are informed of the compulsory details required. User accounts are not publicly accessible and cannot be indexed by search engines. When Users close their user accounts, their data relating to the user account is deleted unless it must be retained on grounds relating to commercial or tax law in accordance with GDPR Art. 6(1)(c). Information in customer accounts is kept until these are erased and subsequently archived in the event of any legal obligations. Users are responsible for securing their data in the event of termination prior to the end of the contract.
When Users register, log in and use our online services, we save their IP addresses and the time of each User intervention. Data are saved based on our legitimate interests and those of Users in terms of preventing misuse and other types of unauthorised use. These data are not generally passed on to third parties unless necessary for pursuing our claims or if required by a legal obligation in accordance with GDPR Art. 6(1)(c).
It is erased after legal warranties and similar obligations have expired and the necessity of storing data is checked every three years; where legal archiving obligations apply, data is erased after these have expired (at the end of the compulsory storage period under commercial law (6 years) and tax law (10 years).
2.4 Transfer of personal data to couriers
Your data is passed to the courier commissioned with the delivery of your goods if this is necessary for delivery purposes. In order to process payments, we pass your payment details to the financial institution appointed to process the payment.
DHL / GLS
Where goods are delivered by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn) or GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1–7, 36286 Neuenstein), we pass on your email address to DHL or GLS in accordance with GDPR Art. 6(1)(a) before goods are delivered with a view to arranging a delivery date or for delivery notifications, provided that you have given your express consent to this during the ordering process. Alternatively, we shall only provide DHL or GLS with the recipient's name and delivery address for the purpose of delivery in accordance with GDPR Art. 6(1)(b). Data are only passed on if necessary for the delivery of goods. In this case, prior arrangement of a delivery date with DHL or GLS or a delivery notification is not possible.
Consent given to the above-mentioned controller or the transport service provider DHL or GLS may be withdrawn at any time with effect for the future.
2.5 Payment method: data protection provisions regarding
PayPal as a payment method The controller has integrated PayPal components into this Website. PayPal is an online payment service provider. Payments are processed through PayPal accounts, which constitute virtual private or business accounts. Using PayPal, it is also possible to process virtual credit card payments if Users have a PayPal account. PayPal accounts are managed using email addresses and therefore have no conventional account numbers. Using PayPal, it is possible to make online payments to third parties or receive payments. PayPal moreover performs various roles as a custodian and offers buyer protection services.
PayPal's European operating company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If the data subject selects 'PayPal' as the payment option in our online shop, the data subject's data is automatically passed on to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for processing the payment.
Data passed on to PayPal generally comprises first names, last names, postal addresses, email addresses, IP addresses, telephone numbers, mobile telephone numbers, and other data required for processing payments. In order to process a sales agreement, personal data relating to the relevant order are also required. Data are passed on in order to process payments and prevent fraud.
Personal data are also notably passed on by the data controller to PayPal if a legitimate interest in its transfer is provided. Personal data exchanged between PayPal and the data controller may in some circumstances be passed on to credit agencies by PayPal. These data are passed on for the purpose of identity and credit checks.
PayPal may pass on personal data to affiliated companies and suppliers or subcontractors provided that this is necessary for the fulfilment of contractual obligations or if data are to be processed by proxy. Data subjects may withdraw their consent for PayPal to handle their personal data at any time. However such withdrawals do not affect personal data that must imperatively be processed, used or passed on for processing payments (in accordance with contracts).
PayPal's applicable data policy can be accessed at: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev
2.6 Credit checking
Should we provide products prior to payment, in order to safeguard our legitimate interests, we may have a credit check conducted on the basis of a mathematical/statistical procedure by: Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss, https://www.creditreform.de.
Your protectable interests are treated in accordance with legal regulations. Information is not disclosed to third parties.
2.7 Legal bases and storage period
In accordance with GDPR Art. 13, we provide you with information regarding the legal bases on which we process data. The following applies if the legal basis is not specified in the privacy statement: The legal basis for obtaining consent is GDPR Art. 6(1)(a) and Art. 7, the legal basis for processing data to provide our services, perform contractual measures, and reply to queries is GDPR Art. 6(1)(b), the legal basis for processing data to meet our legal obligations is GDPR Art. 6(1)(c), and the legal basis for processing data to safeguard our legitimate interests is GDPR Art. 6(1)(f). GDPR Art. 6(1)(d) is the legal basis in instances where processing of personal data is necessary to protect the vital interests of the data subject or of another natural person.
Unless specifically stated otherwise, we only store personal data as long as needed to achieve the required ends.
2.8 Cookies and right of withdrawal for direct advertising
'Cookies' are defined as small files stored on Users' computers. Various details can be stored in cookies. Cookies are primarily used to store information concerning Users (or the devices on which the cookies are stored) during or after their visit to the online offering. Temporary cookies, 'session cookies' or 'transient cookies' are defined as cookies that are deleted when users leave the online offering and close their browsers. Such cookies may be used to store e.g. the contents of a shopping basket in an online shop or a login status. 'Permanent' or 'persistent' cookies are defined as cookies that remain stored on the device after the browser has been closed. For instance, the login status may be saved if users visit this Website following a gap of several days. Users' interests may also be saved in such cookies and used for audience measurement or marketing purposes. 'Third party cookies' are defined as cookies offered by suppliers other than the controller which operates the online offering (or if cookies are only issued by the data controller, they are defined as 'first party cookies').
We may use temporary and permanent cookies as explained in our privacy statement.
If Users do not want cookies to be stored on their computer, they are asked to disable the appropriate option in their browser's system settings. Saved cookies can be erased in the browser's system settings.
Some features of this online offering may be limited if cookies are disabled. The US website http://www.aboutads.info/choices/ or EU website or http://www.youronlinechoices.com/ allows Users to decline all cookies used for online marketing purposes for a variety of services and especially in the event of tracking. Moreover, storage of cookies can be prevented by disabling this in browser settings.
Please note that if you choose to do so, you may not be able to use all features of this online offering.
2.9 Google Tag Manager
Google Tag Manager is a solution enabling us to manage website tags using an interface (and thus integrate e.g. Google Analytics and other Google marketing services into our online offering). Tag Manager itself (which implements the tags) does not process any of the Users' personal data. Please refer to the following information concerning Google services in relation to processing of Users' personal data. Use policy: https://www.google.com/analytics/tag-manager/use-policy/
2.10 Google AdWords and conversion tracking
On the basis of our legitimate interests (i.e. our interest in analysing, optimising and commercially operating our online offering in accordance with GDPR Art. 6(1)(f)), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (hereinafter 'Google').
Google is certified under the Privacy Shield framework, which constitutes a guarantee of its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the Google 'Adwords' online marketing process in order to post adverts in the Google Network (e.g. in search results, videos, websites, etc.) so they are displayed to Users with an assumed interest in the adverts. This enables us to display adverts for and within our online offering in a more targeted manner, so we are able to present Users solely with adverts that potentially match their interests. Where Users are presented e.g. with adverts for products in which they have shown an interest in other online offerings, this is defined as 'remarketing'. To that end, when our Website and other websites on which the Google Network is active are accessed, Google itself creates a Google code and remarketing tags (invisible graphics or code also known as 'web beacons') are integrated in the website. They enable an individual cookie (i.e. a small file) to be saved on the User's device (other similar technologies may be used instead of cookies). This file contains details of websites Users have visited, content in which they have shown interest, and offerings on which they have clicked. It also includes technical information concerning the browser and operating system, linking websites, visiting time, and additional details regarding the way the online offering is used.
We also receive an individual 'conversion cookie'. The information obtained using this cookie helps Google draw up conversion statistics for us. However, we are only provided with an anonymous total number of Users who have clicked on our advert and were directed to a page with a conversion tracking tag. We receive no information enabling us to identify Users personally.
User data processed in the Google Network is pseudonymised. This means that instead of saving and processing e.g. Users' names and email addresses, Google processes the relevant data in relation to cookies within pseudonymised User profiles. Therefore, from Google's perspective, adverts are managed and displayed for the cookie owner, regardless of who this cookie owner may be, and not for a specifically identified person. This does not apply if Users expressly allow Google to process data without pseudonymisation. Information collected on users is passed on to Google and saved on Google's servers in the US.
2.11 Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (hereinafter ‘Google’). Google Analytics uses ‘cookies’, which are text files that are stored on your computer and used to analyse how you use the website. The information generated by cookies about visitors' use of this Website are generally sent to a Google server in the United States, where it is saved.
If IP anonymisation is activated on this Website, Google will first truncate your IP address within Member States of the European Union or in other parties to the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the US and truncated there in exceptional circumstances. IP anonymisation is activated on this Website. On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity and provide us with other services relating to website activity and internet usage.
Furthermore, you can prevent Google from acquiring and processing the information generated by the cookie concerning your use of this website (including your IP address) by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en-GB
As an alternative to the browser plugin or in browsers on mobile devices, you can click on the following link to install an opt-out cookie that prevents Google Analytics from acquiring data in future from this Website (this opt-out cookie will only work in this browser and only for this domain.
If you delete the cookies in your browser, you must click on this link again): Disable Google Analytics
2.12 Target audience creation with Google Analytics
We use Google Analytics to ensure that adverts generated within Google and its partners' advertising services are only displayed to users who have demonstrated an interest in our online offering or exhibit specific characteristics (e.g. interests in specific themes or products, which are identified based on websites that they have visited), which we pass on to Google (a process known as 'remarketing' and 'Google Analytics Audiences'). Our intention is to use remarketing audiences to ensure that our adverts match users' potential interests.
3. Your Rights as a Data Subject
You have various entitlements with respect to your personal data under the applicable laws. If you wish to exercise these rights, please request this by email or post to the address indicated in Item 1 and clearly identify yourself.
Below is a summary of your rights.
3.1 Right of confirmation and access
You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. If this is the case, you are entitled to request that we provide access free-of-charge to your stored personal data along with a copy of these data. You are moreover entitled to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the scheduled length of time for which personal data will be stored or, if this is not possible, the criteria for determining this period of time;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from you, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in GDPR Article 22(1)
and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Where personal data are transferred to a third country or to an international organisation, you shall have the right to be informed of the appropriate safeguards pursuant to GDPR Art. 46 relating to the transfer.
3.2 Right to rectification
You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3.3 Right to erasure ('right to be forgotten')
You shall have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw consent on which the processing is based according to GDPR Art. 6(1)(a), or GDPR Art. 9(2)(a), and where there is no other legal ground for the processing;
- You object to the processing pursuant to GDPR Art. 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to GDPR Article 21(2);
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
- The personal data have been collected in relation to the offer of information society services referred to in GDPR Article 8(1).
Where we have made the personal data public and are obliged pursuant to paragraph 1 to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3.4 Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies:
- you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or;
- you have objected to processing pursuant to Article 21(1) pending the verification whether our company's legitimate grounds override yours.
3.5 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:
- the processing is based on consent pursuant to GDPR Art. 6(1)(a) or GDPR Art. 9(2)(a) or a contract pursuant to GDPR Art. 6(1)(b) and
- the processing is carried out by automated means. In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly by us to another controller, where technically feasible.
3.6 Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on GDPR Art. 6(1) (e) or (f), including profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed by us for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to GDPR Art. 89(1), you shall have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
3.7 Automated decision-making including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
3.8 Right to withdraw consent in accordance with data protection law
You are entitled to withdraw consent for the processing of personal data at any time.
3.9 Right to lodge a complaint with a supervisory authority
You shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.
4. Data security
We make every effort to ensure the security of your data in accordance with the applicable data protection laws and technical capabilities.
We ensure that your personal data is transferred securely. This applies to potential orders and customer logins. Although we use the SSL (secure socket layer) coding system, please note that data transferred online (e.g. by email) may be subject to security risks. It is not possible to entirely protect data from third party access.
To ensure the security of your data, we take technical and organisational measures, which we continually update to the highest current standards.
We furthermore do not guarantee that our offering will be available at specific times since disruptions, discontinuations and outages cannot be ruled out. The servers we use are carefully secured at regular intervals.
5. Automated decision-making
No automated decision-making occurs on the basis of collected personal data.
6. Transfer of data to third parties, no data transferred outside the EU
We generally only use your personal data within our company.
Where and insofar as we involve third parties (e.g. logistics service providers) in order to fulfil contracts, these third parties only receive personal data to the extent necessary for the service in question.
Where we outsource certain data processing operations ('order processing'), we contractually oblige order processors to only use personal data in keeping with the requirements of data protection laws and ensure that data subjects' rights are protected.
Data are not transferred to bodies or individuals outside the EU, except in the instances specified in Item 2.11 of this privacy notice, and there are no plans to do so.
Expert Gear UG