Data Privacy Statement
Name / Company: CREATIVES AMBIENTE by Knechtel GmbH & Co. KG
Street: Burgtreswitzer Str. 11
Postcode, City, Country: 92709 Moosbach, Germany
Managing Director: Franz Glaser
Telephone number: 09656-362
1. Basic information on data processing and legal bases
1.2. The terms used, such as “personal data” or their “processing” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3. The personal data of the users processed in the context of this online offer includes stock data (names and addresses of customers), contract data (services used, names of clerks, payment information), usage data (eg, the visited websites of our online offer, interest in our products), contact details (telephone numbers, email addresses of customers), meta/communication data (IP addresses) and content data (entries in the contact form).
1.4. The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offer. The terms used, such as “Users” are gender-neutral.
1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that users’ data will only be processed if there is a legal permit. That is, in particular, if the data processing for the provision of our contractual services (eg processing of orders) and online services required or required by law, a consent of the users exists, as well as our legitimate interests (ie interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 (1) lit. DSGVO, in particular in range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services).
1.6. Please note that the legal basis of the consents Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the performance of contractual measures Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing in order to fulfill our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing in order to safeguard our legitimate interests Art. 6 para. 1 lit. f. DSGVO is.
2. Security measures
2.1. We provide state-of-the-art organizational, contractual and technical security measures to ensure compliance with data protection laws and to protect data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
2.2. The security measures include in particular the encrypted transmission of data between your browser and our server.
3. Disclosure of data to third parties and third parties providers
3.1.A transfer of data to third parties is only within the scope of the legal requirements. We will only pass users’ data on to third parties if this is the case, for example, on the basis of Art. 6 para. 1 lit. b) GDPR is required for contract purposes or based on legitimate interests in accordance with Art. Art. 6 para. 1 lit. f. DSGVO on the economical and effective operation of our business operations.
3.2. If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to safeguard personal information in accordance with applicable law.
4. Rendering of contractual services
4.1. We process inventory data (e.g., names and addresses as well as contact information of users), contract data (e.g., services used, names of contacts, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit b. DSGVO.
4.2. Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the necessary mandatory information will be communicated to the users. The user accounts are not public and can not be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention is for commercial or tax law reasons according to Art. 6 para. 1 lit. c DSGVO necessary. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
4.3. As part of the registration and re-registration as well as use of our online services, the IP address and the time of the respective user action will be saved. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c DSGVO.
4.4. We process usage data (e.g., the visited web pages of our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile to inform the user e.g. show product instructions based on their previously used services.
5.1. When contacting us (via contact form or e-mail), the information provided by the user to process the contact request is processed acc. Art. 6 para. 1 lit. b) DSGVO.
5.2. User information can be stored in our email program Thunderbird.
6. Collection of Access Data and Log Files
6.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO we collect data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
6.2. Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data whose further retention is required for evidential purposes is excluded from the deletion until final clarification of the respective incident.
7. Cookies & Reach Measurement
7.1. Cookies are information transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies may be small files or other forms of information storage.
7.3. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
8. Integration of Services and Third Party Content
8.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. DSGVO), we make use of content or services offered by third-party providers in order to provide their content and services, such as include videos or fonts (collectively referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visiting time, and other information regarding the use of our online offer.
8.2. The following presentation provides an overview of third-party providers as well as their contents, as well as links to their data protection statements, which contain further information on the processing of data and, for already mentioned here, opt-out options include:
- If our customers use the payment services of third parties (PayPal), the terms and conditions and the privacy notices of the respective third party, which are within the respective websites or transactional applications are available.
9. Online presence in social media
We maintain online presence within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services.
We point out that data of the users outside the area of the European Union can be processed. This may result in risks for the users because e.g. enforcement of user rights could be made more difficult. With respect to US providers certified under the Privacy Shield, we point out that they are committed to respecting EU privacy standards.
Furthermore, the data of the users are usually processed for market research and advertising purposes. Thus, e.g. user profiles are created from the user behavior and the resulting interests of the users. The usage profiles can in turn be used to e.g. Place advertisements inside and outside the platforms that are allegedly in line with users’ interests. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and logged in to them).
The processing of the personal data of users is based on our legitimate interests in an effective information of users and communication with users in accordance with. Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers of the platforms for a consent to the above-described data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.
For a detailed description of the respective processing and the possibilities of contradiction (opt-out), we refer to the following linked information of the provider.
Also in the case of requests for information and the assertion of user rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.
10. User Rights
10.1. Users have the right, upon request, to receive information free of charge about the personal data that we have stored about them.
10.2. In addition, users shall have the right to correct inaccurate data, limit the processing and deletion of their personal data, if applicable, assert their rights to data portability and, in the event of the acceptance of unlawful data processing, file a complaint with the inspecting authority.
10.3. Similarly, users can revoke consent, generally with implications for the future.
11. Deletion of data
11.1. The data stored with us are deleted as soon as they are no longer necessary for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the users’ data are not deleted because they are required for other and legally permitted purposes, their processing will be restricted. That the data is blocked and not processed for other purposes. This applies, for example for data of users who must be retained for commercial or tax reasons.
11.2. According to legal requirements the storage takes place for 6 years according to § 257 Abs. 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) as well as for 10 years according to § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documentation relevant to taxation, etc.).
12. Right of objection
Users may object to the future processing of their personal data in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.