DIBBERN GmbH ("DIBBERN") takes the protection of your personal data very seriously. We would like you to know when we store what data, and for how long we use them. As a company under private law, we are subject to the provisions of the General Data Protection Regulation of the European Union ("GDPR") and other data protection laws of the Member States, as well as other provisions of privacy laws. We have taken technical and organizational measures to ensure that both we and external service providers abide by the regulations regarding data protection. In the following statement, we inform you about the manner and purpose of processing your personal data when you use our web pages.
1. Who controls your personal data?
The party responsible for processing all personal data via the web pages www.dibbern-onlineshop.de and https://www.dibbern.de is:
Tel.: +49 (0)40 303 77 68-68
Fax: +49 (0)40 303 77 68-69
2. What are personal data?
According to Article 4 no. 1 GDPR, 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
3. What personal data does Dibbern process and for what purposes?
3.1 Data processing when accessing our web pages
We collect and use your personal data as soon as you access our web pages, to the extent necessary to provide a functioning web page as well as our contents and services. This includes the IP address associated with your computer, which we require to transmit the content you request such as images or files made available for download to your computer.
Furthermore, we collect information about the usage of our web pages, which is transmitted by your browser. This includes the date and the time of access, the URL of the previously visited web page, the browser type and browser version, the operating system of the user and general system information. We use such information to ensure data security, for example to intercept and track attacks on our servers or attempts at misuse, which are necessary to protect our legitimate interests, in accordance with Article 6(1) (f) GDPR.
3.2 Data processing to provide services you request
We collect and use personal data, which you provide when you place an order, write us a letter or an e-mail, and when you call us by telephone. This may include the following information about you: name, title, company, postal address, e-mail address, telephone number, fax number, credit card number and expiration date and/or your bank account, other demographic information, details about orders and payment history, return requests or offers that were made to you, and data that relate to your use of our web pages. We may possibly require additional personal data such as your age or your date of birth, for example.
We process the personal data you provide to participate in our advertising program or otherwise to contact us. We may also use the data to contact you, if we have questions regarding your order or to inform you about the status of an order. We may also use your e-mail address to identify you in our internal system.
Processing for the purposes of direct marketing is within our legitimate interests, in accordance with Article 6 (1) (f) GDPR. To the extent that processing your data is necessary to fulfill the contract with you, or to perform pre-contractual measures, it has its legal basis in Article 6 (1) (b) GDPR.
3.3 Use for advertising purposes once consent is granted
If you have given your respective consent, we also use your personal data to inform you about new services or special advertising campaigns, or to send you offers or information about our products. The legal basis for this is Article 6 (1) (a) GDPR.
"Cookies" are small files that are stored on your device. "Cookies" do not give us any control over your computer. Unless described otherwise below, the processing of this information is used to make our website more user-friendly and effective, and is thus within our legitimate interests in accordance with Article 6 (1) (f) GDPR. Cookies cannot execute programs or transmit viruses to your computer. To operate our website, we use temporary cookies with anonymized session IDs.
You can remove stored cookies in your browser settings and deactivate the future storage of cookies. Please consult the help function of your browser to find out how to deactivate cookies. Please note that after deactivating cookies it may not be possible to use all of the functionality of our web pages.
3.5 Google Analytics
We use Google Analytics, an analysis service operated by Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, "Google"). For this purpose, Google places a cookie on your device when you visit our web pages. This makes it possible to recognize your browser and to analyze your usage of our web pages on our behalf, which is within our legitimate economic interests, Article 6 (1) (f) GDPR.
Google normally anonymizes your IP address within the EU or the EEA, before the data about your website usage are transmitted to the USA. Google has submitted to the EU-US Privacy Shield for the exceptional cases, in which personal data are transmitted to the USA, to ensure a reasonable level of data protection. More detailed information is available here: https://www.privacyshield.gov/EU-US-Framework. The IP address transmitted from your browser in connection with Google Analytics is not merged with other Google data.
Please note further that on our web pages, Google Analytics was extended by the "anonymizeIp();" code in order to ensure an anonymized collection of IP addresses. As a result, IP address are processed in abbreviated fashion. This prevents data collected in connection with Google Analytics from being associated with you. Thus, to the extent that the data collected about you have a personal reference, this is immediately excluded and the personal data are thus promptly deleted. Additional information regarding the use of your data by Google is available here: https://policies.google.com/?hl=de.
Furthermore, you have the option to prevent the use of your data at any time by installing the plug-in offered by Google. This plug-in is available at: https://tools.google.com/dlpage/gaoptout?hl=de. Furthermore, you can prevent the use of Google Analytics by clicking on this link . This stores a so-called "opt-out cookie" on your data storage medium, which prevents the processing of personal data by Google Analytics. Please note that deleting all cookies on your device also deletes these opt-out cookies. In this case, you must set it again if you want to continue to prevent this form of data collection. Please note further that the opt-out cookies are always associated with a specific browser and a specific device, and must therefore be activated separately for each browser, computer or device.
4. Where are the collected data stored?
We store your data on a specially protected, central, online server in Germany. Access to this server is restricted to a few specially authorized persons, who are charged with the technical, commercial or editorial maintenance of the servers. The use of modern encryption technology (SSL/TLS) protects your personal data against access by unauthorized third parties at a high level during transmission to our servers.
5. Duration of the storage of your data
We store your data only for as long as they are required to achieve the respective processing purpose, and we delete them subsequently. We regularly delete data about the use of our web pages after 28 days at most. Otherwise, we limit processing if we are prohibited from deleting the data, e.g. by statutory regulations.
6. Will your personal data be disclosed to third parties?
We will disclose your personal data to third parties only in the following cases. We have agreements with other companies to process your order and to provide you with the desired products or services, or to process your payment to us. This specifically comprises:
(a) a company for processing credit card transactions to verify, charge and process payments you make by credit card;
(b) an independent financial institution for processing direct debit payments;
(c) a transport company for shipping your orders; and
(d) external service providers for operating our website, for sending e-mails to customers and for providing direct mail services.
These external service providers only receive the data they require to fulfill their respective tasks, and these external service providers are prohibited from using or disclosing your personal data without your prior consent.
Further than that, we do not disclose your personal data to third parties without your consent, in particular we will not use or disclose your personal data for the advertising purposes of third parties.
On the basis of the GDPR, the Federal Data Protection Act in its new version, other national data protection laws of the Member States, and other data protection provisions, personal data may be disclosed if we are obligated by law to do so (Article 6 (1) (c) GDPR).
7. How can I limit the use of personal data about me?
You can withdraw your consent to process your personal data, which are not directly required to process your order, at any time effective in the future, by e-mail (firstname.lastname@example.org), by telephone (+49 (0)40 303 77 68-68) or by fax (+49 (0)40 303 77 68-69). Withdrawing your consent does not affect the lawfulness of processing your data prior to said withdrawal, that was based on consent you granted before.
8. Right to object
You have the right to object, for reasons arising from your particular situation, at any time to the processing of your personal data that we process on the basis of our legitimate interests. In this case, we shall no longer process your personal data unless there are compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of our legal claims.
9. Your rights
Moreover, you have the following rights regarding personal data that concerns you in relation to us:
9.1 the right to request access to your data processed by us including information about the purposes of processing,
9.2 the right to request rectification of incorrect personal data,
9.3 the right to request erasure of your personal data ("right to be forgotten"),
9.4 the right to request restriction of the processing of your personal data,
9.5 the right to receive a copy of your personal data in a structured, commonly used and machine-readable format if their processing is based on your consent or these data are processed with regard to a contractual relation with you ("right to data portability").
According to Article 77 GDPR, you also have the right to lodge a complaint at any time with a data protection supervisory authority about our processing of your personal data.
You can exercise your rights in relation to us by writing an e-mail to email@example.com or by post to DIBBERN GmbH, Heinrich-Hertz-Straße 1, 22941 Bargteheide.
Bargteheide, 25 May 2018