Privacy policy for the ASKÖ website
I. Name and contact details of the controller
Managing Director: Theo Maier
Adolph-Kolping-Str. 6
D-72393 Burladingen
Telephone number: 0 74 75 / 95 00 0 – 0
Fax number: 0 74 75 / 95 00 0 - 29
Email address: info@askoe-online.de
II. Children
Our products and services are aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their respective parents or guardians.
III. Provision of the website and log files
1. Description and scope of data processing
Every time our website is accessed, our system, i.e. the web server, automatically collects information from the system of the accessing computer or end device of the user.
We collect the following data:
- Information about the browser type and version used
- The operating system of the user's end device
- Internet service provider of the user
- IP address of the user
- Date and time of access
- The website from which the user accessed our website
2. Legal basis for data processing
The legal basis for the temporary storage of this data and the log files is Article 6 (1) (f) GDPR (our legitimate interests as a responsible website operator)
3. Purpose of data processing
The temporary storage of the user’s IP address by the system is necessary to display the website on the user’s computer. To do this, it is necessary to store the user’s IP address for the duration of the session.
The above data is stored in log files to ensure the functionality of our website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems (e.g. to detect attacks). An evaluation of the data for marketing purposes does not take place in this context.
4. Duration of storage
The above data will be erased as soon as it is no longer required for the purpose for which it was originally collected. Where the data is collected for the purpose of providing the website, the data will be deleted at the end of the respective session.
Where the data is stored in log files, it will be deleted after 7 days at the latest. Storage beyond this is possible. In this case, we will delete or anonymise the IP address of the user to ensure that the accessing client can no longer be identified and the data contained no longer has any personal reference.
IV. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the browser or by the browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. Session cookies are used to store information that is relevant to your current visit to the website.
2. Legal basis for data processing
The data processed by cookies is necessary for the following purposes of pursuing our and third-party legitimate interests in accordance with Article 6 (1) (f) GDPR.
3. Purpose of data processing
We primarily use cookies to improve your experience when you visit our website. In addition, we also use temporary cookies that are stored on your device for a specified period of time to make our website more user friendly. They help us to recognise you automatically when you return to our website to use our services, and they remember you entries and settings so that you do not have to enter them again.
4. Duration of storage, right to object and other rights
Cookies are stored on the user's computer and transmitted to our site. This gives you as the user full control over the use of cookies. You have the option to prevent the use of cookies at any time: by changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If you choose to disable cookies for our website, you may not be able to use all the functions and features of this website.
V. Email contact and contact form
1. Description and scope of data processing
We can be contacted through our contact form and/or the email address provided. In this case, the personal data of the sender, i.e., the user, transmitted when sending a query will be stored.
2. Legal basis for data processing
The legal basis for the processing of this data transmitted when sending a query, is Article 6 (1) (f) GDPR (our legitimate interests as the controller).
If the purpose of the query is to conclude a contract, then the additional basis for the processing of data will be Article 6 (1) (b) GDPR (performance of a contract).
3. Purpose of data processing
We process this personal data solely to process the communication.
4. Duration of storage
The above data will be erased as soon as it is no longer required for the purpose for which it was originally collected. For personal data sent by email or through the contact form, this will be the case when the communication with the user has ended. The communication ends when the circumstances indicate that the matter in question has been definitely resolved.
5. Right to object
The objection can be sent to the following email address: info@askoe-online.de
VI. Customer account
1. Description and scope of data processing
We offer the option to register for a customer account to enhance the shopping experience.
The following data is collected during the registration process:
· Name, surname
· Invoice and delivery address
· Email address
· Invoice and payment details
· Date of birth, where appropriate
· Telephone number, where appropriate
· IBAN, where appropriate
The following data is collected during the login process:
- Username
- Password
At the time of login, we also store the following types of data:
- IP address of the user
- Date and time of the login
2. Legal basis for data processing
The legal basis for the processing of the data is Article 6 (1) (b) GDPR (performance of a contract), as the registration and the login area are necessary for the performance of the contract or for the implementation of pre-contractual measures.
3. Purpose of data processing
The registration and login are intended to provide an online shopping function with an order form.
The above data will be erased as soon as it is no longer required for the purpose for which it was originally collected. For the data collected during the registration process for the performance of a contract or the implementation of pre-contractual measures, this is the case when the data is no longer required for the performance of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party to comply with contractual or legal obligations (e.g., tax retention obligations).
The login log files are retained for a period of 60 days for security reasons and to address any potential support inquiries and then deleted.
5. Right to object
A registered user has the option to cancel their registration in the customer account at any time. The data stored in the customer account can also be changed by the user at any time.
VII. Order processing
1. Description, scope and purpose of data processing
The following data is required for the conclusion and performance of orders (including the dispatch of order confirmations, the ordered goods and invoices, payment processing) as well as for the processing of any complaints:
· Name, surname
· Invoice and delivery address
· Email address
· Invoice and payment details
· Date of birth, where appropriate
· Telephone number, where appropriate
· IBAN, where appropriate
Depending on the content and processing of the contract, it may be necessary to process additional personal data (e.g., special sizes, reasons for complaint).
2. Legal basis for data processing
The legal basis for this is Article 6 (1) b) GDPR (performance of a contract), i.e. the user provides us with the data on the basis of the respective contractual relationship (e.g. contract implementation).
3. Duration of storage
VIII. Payment processing
1. Description, scope and purpose of data processing
a) The payment and bank information entered or deposited for an order (payment information) is processed for the purpose of payment processing. Depending on the payment method, we pass on your payment information to third parties (e.g., to your credit card provider for credit card payments).
b) When paying via PayPal, the payment information is forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg as part of payment processing. PayPal conducts a credit check for various services, especially when PayPal's credit services are used (e.g. pay by PayPal later), to ensure your willingness and ability to pay. For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. A list of the credit agencies PayPal works with can be found here: https://www.paypal.com/de/webapps/mpp/ua/cra-list-full?locale.x=de_DE. We have no influence on this process and only receive the result of whether the payment has been made, rejected or is pending verification. For more information, visit https://www.paypal.com/de/webapps/mpp/ua/privacy-full
c) If the credit card payment method (payment with a card from VISA or Mastercard including any debit products of these card organizations) is selected, the payment information, in particular card number, card sequence number, verification number, card type, card expiry date, amount, date and time - depending on the credit card - will be sent to the following companies:
Visa Europe Management Services Limited (registered number 08778032), a limited liability company incorporated in England and Wales with its registered office at 1 Sheldon Square, London W2 6TT, trading through its branch in Germany: Visa Europe Management Services Limited, German Branch, Neue Mainzer Strasse 66-68, 60311 Frankfurt or to Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium for the purpose of verifying and executing your payment. For more information on the type and scope of the data processed by your credit card company, please refer to the Visa privacy policy at https://www.visa.de/legal/privacy-policy.html or the Mastercard privacy policy at https://www.mastercard.de/de-de/datenschutz.html#usePersonalInfo.
e) If the payment method giropay is selected, the payment information will be collected, processed and transmitted to the bank by giropay GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main. Furthermore, giropay GmbH authenticates the payment. The bank then authorises the payment to us using giropay GmbH. Giropay GmbH collects and stores the transaction data (transaction reference, transaction ID, shopping basket information). This enables giropay GmbH and the bank to identify and reference the transaction at a later date, e.g., in the case of refunds. You can find more information at https://www.giropay.de/agb/index.html..
f) If the payment method KLARNA Sofortüberweisung is selected, the payment information will be forwarded to Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. KLARNA forwards the payment information to the following companies for the purpose of verifying your identity and the accuracy of the information provided, as well as for fraud and crime prevention purposes https://cdn.klarna.com/1.0/shared/content/legal/terms/de-DE/credit_rating_agencies. We have no influence on this process and only receive the result of whether the payment has been made, rejected or is pending verification. More information is avaialble at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
2. Legal basis for data processing
The legal basis for this data processing is Article 6 (1) (b) GDPR (performance of a contract). Furthermore, it is in our legitimate interest to offer an efficient and secure payment method under Article 6 (1) (f) GDPR.
The legal basis for data processing by the aforementioned payment service providers is also the performance of the contract pursuant to Article 6 (1) (b) GDPR as well as the legitimate interest of these payment service providers pursuant to Article 6 (1) (f) GDPR, in particular to verify your identity and the accuracy of the data provided as well as to combat fraud and crime.
3. Duration of storage
We store the data collected for the processing of the contract for the duration of the contract and until the expiry of the statutory or possible pre-contractual warranty and guarantee rights. After expiry of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods specified by law. For this period, the data is processed again solely in the event of a review by the tax authorities.
4. Right to object
If you wish to object to the processing of data by us, which is based on a legitimate interest pursuant to Article 6 (1) (f) GDPR, the objection can be sent to the following email address: info@askoe-online.de
Further information on options for objection and rectification regarding the aforementioned payment service providers can be found at:
PayPal
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Visa
https://www.visa.de/legal/privacy-policy.html
MasterCard
https://www.mastercard.de/de-de/datenschutz.html#usePersonalInfo.
giropay
https://www.giropay.de/agb/index.html.
KLARNA Sofortüberweisung
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
IX. Social media
1. Description, scope and purpose of data processing
On some pages of our website you will find link, share or play buttons, which allow you to visit our pages on the various platforms
· Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland),
· Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland),
· YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
These buttons are embedded as links. When you visit our pages, the button does not yet establish a direct connection between your browser and the server of the respective social media provider. Only when you click on the corresponding button will you be redirected to the website of the social media provider. In this way, the provider can, among other things, gain knowledge that our website has been accessed from the user's IP address. Your IP address can also be linked to your account with the respective social media provider if you are logged into your account there when you visit our website. It should be noted that we cannot rule out that the respective social media provider may use your profile and behavioural data to analyse your habits, personal relationships, preferences, etc. We have no control over the processing of your data by the respective social media provider. Furthermore, please be aware that your personal data may be transferred and processed outside the European Union, especially in the United States. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will either not be possible at all or may be more difficult.
In addition, a distinction must be made between our data processing, i.e. processing that takes place in our area of responsibility, and processing that is carried out exclusively in the area of responsibility of the social media provider. In addition, there may also be processing activities conducted in joint responsibility with the respective social media provider.
a) Our data processing
We use our presence on the respective social media platforms to provide additional information about our company. We process all interactions, such as messages, likes and content, which are transmitted to us by users on our pages across the various social media platforms.
b) Data processing by the social media provider
The social media provider provides us with aggregated data without personally identifiable information, which allows us to evaluate the success of our presence on the respective social media platform and to use it to improve our posts.
We have no control over the creation and provision of this data by the respective social media provider. This data processing takes place exclusively in the area of responsibility of the respective social media provider.
The nature and scope of data provided by visitors of the respective social media platform to the operators of that social media platform, the purposes of data processing, its lawfulness, as well as information on exercising data subjects' rights, can be found in the privacy policies and further information provided by the respective social media provider:
·
Facebook:
https://www.facebook.com/about/privacy/update and
https://www.facebook.com/legal/terms/page_controller_addendum
·
Instagram:
https://www.instagram.com/legal/privacy/
https://www.facebook.com/legal/terms/page_controller_addendum
·
YouTube:
https://www.youtube.com/privacy
c) Shared responsibility with Facebook:
We operate a Facebook fan page of the social media platform Facebook. In this regard, we share joint responsibility with Facebook for the operation of the page. We primarily use this page as a communication platform with customers, and we also receive generic information from Facebook about the performance of our posts (such as the number of page views and likes). It is the responsibility of Facebook how this data is collected and processed. This includes the processing of data exclusively for Facebook's purposes. The obligations resulting from the joint responsibility of the data controllers can be found by following the link below:
https://www.facebook.com/legal/terms/page_controller_addendum
Controllers:
Controllers as defined by Article 26 EU GDPR are:
(1) Primary controller: Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
(2) ASKÖ GmbH
Managing Director: Theo Maier
Adolph-Kolping-Str. 6
D-72393 Burladingen
Telephone number: 0 74 75 / 95 00 0 – 0
Fax number: 0 74 75 / 95 00 0 - 29
email address: info@askoe-online.de
Data processing by Facebook:
Facebook is responsible for the generation and provision of the "Insights data” (https://www.facebook.com/business/a/page/page-insights), as a fan page operator, we have no influence on the generation and provision of this data. The processing of personal data associated with this takes place exclusively through Facebook.
The nature and scope of the information transmitted by visitors of the fan page to Facebook, the purposes of data processing, its lawfulness, as well as information on exercising the rights of data subjects, can be found in the privacy policy and further information provided by Facebook regarding the processing of "insights data." You can refer to the following link for more details: https://de-de.facebook.com/policy.php.
information on page statistics can be found at https://www.facebook.com/business/a/page/page-insights.
Data subjects can exercise their rights regarding the processing of "insights data" by Facebook by directly contacting Facebook. Registered and logged-in Facebook users can access further information about these rights in their user accounts. Data subjects can also contact Facebook at www.facebook.com.
2. Legal basis for data processing
If we have obtained your consent prior to using the service, it forms the legal basis for data processing under Article 6 (1) (a), Article 49 (1) (a) GDPR. Furthermore, the inclusion of links to the respective social media platforms is necessary to optimise the design of our website and it constitutes our legitimate interest in data processing under Article 6 (1) (f)) GDPR. The legal basis for data processing related to our presence on the respective social media platforms is also Article 6 (1) (f)) GDPR, as it is our legitimate interest to engage in public relations for our company and to communicate with you. The legal basis for using the data provided by the respective social media platforms is also Article 6 (1) (f) GDPR, as it is our legitimate interest to evaluate the reach of our social media presence and to improve our content.
3. Duration of storage, right to object and other rights
Personal data will only be stored for as long as is necessary for the purposes for which the data are processed, for example, until the expiry of any statute of limitations and statutory retention periods, unless otherwise specified in our privacy policy.
If you wish to object to certain data processing over which we have control, you can contact info@askoe-online.de.
X. Confidentiality of applications and data protection during the recruitment process
1. Description and scope of data processing
In order for us to involve you in the application process for a specific position, personal and contact information, as well as comprehensive application documents including a cover letter, curriculum vitae, and relevant certificates and references (hereinafter referred to as "application documents"), are necessary for us to gain insights into your personality profile and qualifications. We process the application documents for this purpose.
If you send us the application documents by email, this data will also be processed by our hosting or email provider as our processor.
2. Legal basis for data processing
The legal basis for processing the application documents is Article 88 GDPR in conjunction with Section 26 of the German Federal Data Protection Act (BDSG), Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR, (e.g, enquiry with the Federal Employment Agency to determine the availability of suitable disabled applicants), Article 6 (1) (f) GDPR (e.g., in the case of legal disputes, our legitimate interest is the establishment, exercise or defence of legal claims) as well as your consent pursuant to Article 6 (1) (a) GDPR. You have the right to withdraw your consent at any time,
3. Purpose of data processing
We will only use your application documents for the purpose of making a hiring decision regarding the specific position you have applied for. During the application process, additional personal data may be collected from you personally or from publicly available sources for this information purpose. However, if you submit a speculative application that does not relate to a specific position, we may use your application documents for decision-making purposes for all positions under consideration.
4. Duration of storage
If the application process does not result in your hiring, we will delete and destroy your application documents in accordance with regular procedures once all application processes, for which your application documents have been considered, are completed and a period of six months has elapsed since then.
If the application process leads to your hiring, we will include your application documents in your personnel file based on Article 6 (1) (b) GDPR, Section 26 (1) BDSG. In this case, we will inform you separately, through a separate privacy policy, about the further processing purposes and the relevant retention periods.
5. Right to object
The user has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, which is based on Article 6 (1) (e) or (f) GDPR, The controller shall then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
The objection can be sent to the following email address: info@askoe-online.de
XI. Disclosure of data
We will not transfer your personal data to third parties for purposes other than those listed in this privacy policy.
We will only disclose your personal data to third parties if:
· you have given your express consent as provided for under Article 6 (1) (a) GDPR,
· the disclosure is necessary in accordance with Article 6 (1) (f) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in non-disclosure of your data,
· the processing is necessary for compliance with a legal obligation as laid down in Article 6 (1) (c) GDPR,
· it is legally permissible and necessary for the performance of a contract to which you are party in accordance with Article 6 (1) (b) GDPR,
XII. Rights of data subjects
If personal data of a user is processed, the user is a "data subject" under GDPR. Under the relevant statutory provisions, the data subject has the following rights in relation to us as the controller:
- Right of access
- Right to rectification
- Right to restriction of processing
- Right to erasure
- Right to information
- Right to data portability
- Right to object
- Right to withdraw consent to data processing
- Right to lodge a complaint with a supervisory authority
If you wish to object to the use of your personal data or if you wish to withdraw your consent, please send an email to info@askoe-online.de.
Information on the withdrawal of consent:
A data subject has the right to withdraw their consent under data protection laws and regulations at any time. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Information on complaints to a supervisory authority:
Without prejudice to any other administrative or judicial remedy, a data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if they consider that the processing of personal data relating to them infringes GDPR.