PRIVACY POLICY OF DIBBERN GMBH
DIBBERN GmbH ("DIBBERN") takes the protection of your personal data very seriously. We want you to know when we store which data and how long we use it. As a company under private law, we are subject to the provisions of the General Data Protection Regulation of the European Union ("GDPR") and other national data protection laws of the member states as well as other data protection regulations. We have taken technical and organizational measures to ensure that both we and external service providers comply with data protection regulations. In the following statement, we inform you about the nature and purpose of the processing of your personal data when you use our website.
1. Who controls your personal data?
The controller responsible for the processing of all personal data via the website https://www.dibbern.de/ is the:
DIBBERN GmbH
Heinrich-Hertz-Straße 1
22941 Bargteheide
Phone: +49 (0)40 303 77 68-68
E-mail: info@dibbern.de
Managing directors: Jan Dibbern, Ben Dibbern
Data protection officer:
Cordula Schau
Phone: +49 (0)152/01813521
E-mail: ds@the-core-solution.de
2. What is personal data?
According to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. What personal data does Dibbern process and for what purposes?
Data processing when you visit our websiteWe collect and use your personal data as soon as you access our website, insofar as this is necessary to provide a functional website and our content and services. This includes the IP address assigned to your computer, which we need to transmit the content you request, such as images or files provided for download, to your computer.
We also collect information about the use of our website that your browser transmits to us. This includes the date and time of access, the URL of the previously visited website, the browser type and version, the user's operating system and general system information. We use such information to ensure data security, for example to defend against and track attacks on our servers or attempts at misuse, which is necessary to safeguard our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR.
4. Data processing for the provision of services initiated by you
We collect and use personal data that you provide to us when you place an order, write us a letter or an email, and when you call us. This may include the following information about you: Name, title, company, postal address, email address, telephone number, fax number, credit card number and expiry date and/or your bank details, other demographic information, details of orders and payment history, return requests or offers made to you, and data relating to your use of our websites. We may require additional personal data such as your age or date of birth.
We process your personal data that you provide to us in order to participate in our advertising program or otherwise contact us. We may also use the data to contact you if we have questions about your order or to inform you about the status of an order. We may also use your e-mail address to identify you in our internal system.
Processing for the purpose of direct marketing is in our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. Insofar as the processing of your data is necessary for the fulfillment of the contract with you or for the implementation of pre-contractual measures, it finds its legal basis in Art. 6 para. 1 lit. b) GDPR.
4.1 Use for advertising purposes after consent has been given
If you have given your consent, we will also use your personal data to inform you about new services or special advertising campaigns or to send you offers or information about our products. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. a) GDPR.
4.2 Use of cookies
"Cookies" are small files that are stored on your end device. "Cookies" do not allow us to control your computer. Unless otherwise described below, the processing of this information serves to make our website more user-friendly and effective and is therefore in our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Cookies cannot execute programs or transmit viruses to your computer. We use temporary cookies with anonymized session information (so-called session IDs) for the operation of our website.5. Use of third-party providers
5.1 Usercentrics
The recipient of your data within the meaning of Art. 13 (1) (e) GDPR is Usercentrics GmbH. As part of the order processing, Dibbern GmbH transmits personal data (consent data) to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich as processor. Consent data includes the following data: Date and time of the visit or consent / refusal, device information. The data is processed for the purpose of compliance with legal obligations (obligation to provide evidence pursuant to Art. 7 para. 1 GDPR) and the associated documentation of consent and thus on the basis of Art. 6 para. 1 lit. c) GDPR. Local storage is used to store the data.
The consent data is stored for 1 year. The data is stored in the European Union. Further information on the data collected and contact options can be found at https://usercentrics.com/privacy-policy/.
5.2 PAYONE
We use PAYONE as a processor for payment services in our store. The legal basis for this is Art. 6 para. 1 lit. b. For further information on the processing of your personal data by PAYONE, please refer to PAYONE's privacy policy: PAYONE privacy policy
5.3 Google Analystics
We use Google Analytics, an analysis service operated by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, "Google"). For this purpose, Google places a cookie on your device when you visit our website. This makes it possible to recognize your browser and to analyze your use of our website on our behalf, which is in our legitimate economic interest, Art. 6 para. 1 lit. f) GDPR.
5.4 Hotjar
This website uses the Hotjar analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, + 1 (855) 464-6788, support@hotjar.com. This tool creates so-called "heat maps". These overviews enable us, for example, to understand which elements of our site the user has interacted with, how far they have scrolled or which elements they have clicked on. We use this tool to make our website more interesting, to adapt it to the needs of our customers and to identify user trends. The legal basis for data collection is Art. 6 I 1 lit. f GDPR. Cookies are stored on your computer for this analysis. The data collected is stored in a pseudonymized user profile. The IP addresses are anonymized before storage. The data is not merged with other data and individual users are not identified. The data collected is stored on a server in Ireland. You can prevent the storage of cookies in your browser. In this case, we would like to point out that some functions of our website may not work properly. You can also object to data collection by Hotjar by clicking on the following link. In this case, a cookie is set which prevents data collection by Hotjar. You can find more information about Hotjar and how it works at: https://www.hotjar.com/legal/policies/privacy
5.5 Endereco
On our website, we offer you the option of checking certain entries in address forms in our web shop for input errors in real time. This is to avoid problems with the delivery of the products you have ordered due to incorrect information.
Furthermore, we want to ensure that your contact details are valid for sending information about your order or for any necessary queries.
We use the service provider Endereco, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany, to provide these functions. The service provider processes the data exclusively in accordance with our instructions. The legal basis for the transmission, processing and temporary storage of the data by the service provider is Art. 6 para. 1 lit. b GDPR, as it is absolutely necessary for the fulfilment of the contract or for the implementation of pre-contractual measures that some of the data you enter in the input mask is checked for correctness. The following data is processed by the service provider
- Address (country, town, postcode, street, house number if applicable)
The data is processed separately by the service provider and is not merged. The enquiries are deleted by the service provider as soon as the status of the data entered has been determined and storage in the web shop has been completed, but at the latest after 30 days.
6. Data transmission when concluding a contract in the online store and shipping goods
If you order goods from us, we will pass on your personal data to the transport company entrusted with the delivery and to the payment service provider commissioned to process the payment. Only the data required by the respective service provider to fulfill its task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will pass on your e-mail address to the transport company entrusted with the delivery so that it can inform you by e-mail about the shipping status of your order; you can revoke your consent at any time.
7. Where is the collected information stored?
We store your data on a specially protected central online server in Germany. Access to it is only possible for a few specially authorized persons who are entrusted with the technical, commercial or editorial support of the servers. By using modern encryption technology (SSL/TLS), your personal data is protected at a high level against access by unauthorized third parties during transmission to our servers.
7.1 Duration of storage of your data
We only store your data for as long as we need it to achieve the respective processing purpose and then delete it. We regularly delete data about the use of our website after 28 days at the latest. Otherwise, we restrict the processing if we are not allowed to delete the data due to legal regulations, for example.
7.2 Will your personal data be passed on to third parties?
We will only pass on your personal data to third parties in the following cases. We have contracts with other companies to fulfill your order and provide you with the requested products or services or to process your payment to us. This specifically includes:
a. a credit card transaction processing company to verify, bill and claim payments you make with your credit card;
b. an independent financial institution to process the direct debit;
c. a transport company to dispatch your orders; and
d. external service providers to operate our website, to send emails to customers and to provide direct mailing services.
These external service providers only receive data that you need in order to fulfill their respective tasks, and these external service providers are not permitted to use or disclose your personal data for other purposes without your prior permission.
8. How can I restrict the use of personal data about me?
You can revoke your consent to the processing of your personal data, which is not required for the direct execution of your order, at any time with effect for the future, by e-mail (info@dibbern.de), by telephone (+49 (0)40 303 77 68-68) or by fax (+49 (0)40 303 77 68-69). This does not affect the lawfulness of the processing of your data up to the time of revocation on the basis of consent previously given by you.
9. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which we process on the basis of our legitimate interests. In this case, we will no longer process your personal data unless there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend our legal claims.
10. Your rights
In addition, you have the following rights with regard to the personal data concerning you:
- a. the right to information about your data processed by us, including the purposes of processing,
- b. the right to rectification of inaccurate personal data,
- c. the right to erasure of your personal data ("right to be forgotten")
- d. the right to restrict the processing of your personal data
- e. the right to receive a copy of your personal data in a structured, commonly used and machine-readable format.
You can exercise your rights against us by contacting us by email at info@dibbern.de or by post at DIBBERN GmbH, Heinrich-Hertz-Straße 1, 22941 Bargteheide, Germany.
This privacy policy was updated in February 2024. We reserve the right to make changes due to adjustments to the legal situation.
Bargteheide, February 14, 2024