KARL MAYER WEBSHOP
KARL MAYER Holding GmbH & Co KG, Brühlstrasse 25, 63179 Obertshausen, Germany
Represented by the Managing Directors Mr. Dipl. Ing. (BA) Arno K.-H. Gärtner, Dr. Helmut Preßl
Phone: +49 6104/402-0
Fax: +49 6104/402 73 600
for the following webshop: https://shop.karlmayer.com
2. Data protection officer
You can contact the data protection officer of the Controller at
Data Protection Officer
c/o KARL MAYER Holding GmbH & Co KG,
Brühlstraße 25, 63179 Obertshausen, Germany
3. Personal data, purposes of data processing, legal bases, recipients
3.1 Scope of processing of personal data
Personal data is information that can reveal or disclose the identity of the user. We only process personal data of our users if this is necessary to provide a functional webshop as well as our contents and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
3.2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR shall serve as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Where the processing of personal data is necessary to fulfil a legal obligation to which KARL MAYER is subject, Article 6(1)(c) GDPR serves as the legal basis.
Where the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR shall serve as the legal basis.
If processing is necessary to safeguard a legitimate interest of KARL MAYER or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for processing.
3.3 Data deletion and storage time
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data subject is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3.4 Data processing when accessing our webshop
Every time you access our webshop, information is sent to the server of our webshop through the respective Internet browser of your respectivedevice and temporarily stored in log files. The data records stored in this way contain the following data, which is stored until automatic deletion: Date and time of access, name of the page accessed, IP address of the requesting device, referrer URL (source URL from which you accessed our webshop), the amount of data transferred, loading time, as well as product and version information of the browser used and the name of your access provider.
The legal basis for processing the IP address is Article 6(1)(f) GDPR.
Our legitimate interest arises from the ensuring a smooth connection setup; ensuring comfortable use of our webshop and the evaluation of system safety and stability.
A direct conclusion on your identity is not possible on the basis of the information and will not be extract by us.
The data will be stored and automatically deleted once the aforementioned purposes have been achieved. If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the visiting client is no longer possible.
3.5 Preparation, conclusion, execution and/or termination of a contract
3.5.1 Data processing at using the webshop / contract conclusion / customer account
If you register with our webshop and use it or conclude a contract with us, we process the data required for the preparation, conclusion, execution or termination of a contract with you. These include:
•first name, Last name
•Invoice and delivery address
•invoice and payment data
•date of birth, if applicable
•telephone number (if applicable)
If you use the webshop but do not conclude a purchase, we will send the necessary data of your webshop session via push notification to our local sales partner responsible for you, so that he can consult with you for the purpose of coordination, consultation and clarification of your individual needs.
The legal basis for this is Article 6(1)(b) GDPR, i.e. you provide us with the data on the basis of the respective contractual relationship (e.g. management of your customer account, preparation or processing of a purchase contract) between you and us. We are also obliged by law in the German Civil Code (BGB) to send an electronic order confirmation to process your e-mail address in the event of a purchase via our webshop. In this respect, the legal basis also arises from Article 6(1)(c) GDPR.
As far as we do not use your data for advertising purposes, we store the data collected for contract processing until the expiry of the statutory or possible contractual warranty and guarantee rights. Upon expiry of this period, we shall retain the information of the contractual relationship required by commercial and tax law for the periods specified by law. For this period, the data will be reprocessed solely in the event of an audit by the tax authorities.
To provide you with the greatest possible convenience, we offer you the permanent storage of your personal data in a password-protected customer account.
Only if you want to place orders via our webshop, it is necessary to open a customer account to process the contract. After setting up a customer account, no further data entry is required. In addition, you can view and change the data stored about you in your customer account at any time.
In addition to the data requested when placing an order, you must enter a password of your choice when setting up a customer account. This, together with your e-mail address, is used to access your customer account. Please treat your personal access data confidentially and in particular do not make them accessible to any unauthorized third parties. Please note that you will remain logged in automatically after leaving our webshop, unless you actively log out. You have the possibility to delete your customer account at any time. Please note, however, that this will not also delete the data that can be viewed in the customer account once you have placed an order with us.
Furthermore, data processing in accordance with the following section 3.5.2. is required to process a purchase contract via our webshop.
3.5.2 Identity, creditworthiness, payment processing, fraud prevention, transport and collection
126.96.36.199 Identity check
Where necessary, we verify your identity using information from service providers. The legal basis for this is Article 6(1)(b) and 6(1)(f) GDPR. The right to do so results from the protection of your identity and the avoidance of fraud attempts at our expense. The circumstance and the result of our inquiry will be stored in your customer account for the duration of the contractual relationship.
188.8.131.52 Credit assessments
If you have given us your consent, we are entitled to use information received in connection with the order to calculate a probability of default (internal scoring). The calculation of the probability of default using internal scoring is based on a recognised mathematical-statistical procedure. The data used in internal scoring results in particular from a combination of the following data categories: Address data, age, desired payment conditions, ordering method and assortment groups. In the context of internal scoring, only data that the customer has provided to us himself will be used.
If you have given us your consent, we are also entitled to obtain credit information about you from an external credit agency. We cooperate with the following external credit agencies:
SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden; Phone: +49 (0)611-9278-0;
Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss; Phone.: +49 (0)2131-109-501;
mediafinanz AG, Weiße Breite 5, 49084 Osnabrück; Phone +49 (0)541 2029-0;
Bürgel Wirtschaftsinformationen GmbH & Co. KG, Gasstraße 18, Phone: +49 (0)40-89803-0;
arvato infoscore GmbH, Rheinstraße 99, 76532 Baden-Baden; Phone: +49 (0)5241-527600-0;
Deltavista GmbH, Freisinger Landstraße 74, 80939 München, Phone: +49 (0)89-724488-0.
For the purpose of calling up creditworthiness information, the following data is transmitted to the aforementioned external credit agency: First name, last name, postal address, date of birth. These data can also be transmitted to the aforementioned external credit agency for the purpose of personal and address validation.
We can decide on the establishment, execution or termination of the contractual relationship as part of the credit assessment using an automated process. For example, when a negative credit report is transmitted by a credit agency or when an insufficient score value is calculated as part of internal scoring, the desired payment type can be automatically rejected. You may assert the right pursuant to Section 4.4. against us.
Your data will be processed within the framework of the credit assessment on the basis of Article 6(1)(b) GDPR and Article 6(1)(a) GDPR. The circumstance and the result of our inquiry will be stored in your customer account for the duration of the contractual relationship.
184.108.40.206 Payment processing
Your credit card data will only be passed on to our payment service provider Ingenico Payment Services GmbH (Am Gierath 20, 40885 Ratingen, Germany ("Ingenico/Ogone")), collected, processed and stored in encrypted form. The legal basis for this data processing is Art. 6(1) (a), Art. 6(1) (b) and Art. 6 (1) (f) GDPR.
In our webshop Java-Script code from Ingenico/Ogone is loaded. If you have Java-Script activated in your browser and no Java-Script-Blocker installed, your browser may transmit personal data to Ingenico/Ogone. We do not know what data Ingenico/Ogone links to the data received and for what purposes Ingenico/Ogone uses this data.
The data will be stored and automatically deleted once the aforementioned purposes have been achieved.
220.127.116.11 Fraud prevention
The data you provide in the context of an order can be used to check whether there is an atypical ordering process (e.g. simultaneous ordering of a large number of goods to the same address using different customer accounts). We have a legitimate interest in carrying out such a review.
The legal basis for processing is Article 6(1)(f) GDPR. The data will be stored and automatically deleted once the aforementioned purposes have been achieved.
18.104.22.168 Transport service providers
For the purpose of delivering ordered goods, we cooperate with logistics service providers/transport companies and/or shipping partners.
In order to ensure that the goods are delivered according to your wishes, we transmit your e-mail address, your first name, surname, address and, if applicable, the telephone number to the logistics company and/or shipping partner commissioned by us who will take over the delivery. They may contact you prior to delivery to discuss delivery details.
The legal basis for processing is Article 6(1)(b) GDPR. The data will be stored and automatically deleted once the aforementioned purposes have been achieved.
3.6 Data processing for advertising purposes
3.6.1 Postal advertising
We may use your information for marketing purposes. We collect the following data for our own marketing purposes and for marketing purposes of third parties: e-mail address, first name, surname, postal address, year of birth. This data is stored in your customer account for the duration of the contract.
We are also entitled to store further personal data collected about you in compliance with legal requirements for our own marketing purposes. The aim is to provide you with advertising that is solely oriented towards your actual or supposed needs and not to bother you with unnecessary advertising.
In addition, the Controller pseudonymises / anonymises personal data collected about you for the purpose of using the pseudonymised / anonymised data for his own marketing purposes. The pseudonymised / anonymised data can also be used to advertise you individually online, whereby the advertising can be outsourced by a service provider / agency.
The legal basis for the use of personal data for marketing purposes is Article 6(1)(f) GDPR.
Reference to the right of objection:
You can use your personal data for the aforementioned advertising purposes at any time free of charge with effect for the future at firstname.lastname@example.org. If you file an objection, your data will be blocked for further promotional data processing. We would like to point out that in exceptional cases advertising material may still be sent even after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.
In our webshop we offer you the possibility to register for our newsletter. In order to be sure that no mistakes were made when entering the email address, we use the so-called double opt-in procedure: After you have entered your e-mail address in the registration field and transferred it to us, we will send you a confirmation link to this e-mail address. Only when you click on this confirmation link, your email address will be added to our mailing list for sending our newsletters.
The legal basis for this data processing is Article 6(1)(a) GDPR. The email address is stored for the purpose of sending the newsletter as long as the subscription to the newsletter is active.
Reference to the right of withdrawal:
You can revoke your consent at any time with effect for the future by unsubscribing at the end of each newsletter (by clicking on the link contained therein).
3.7 Data processing for online presence and webshop optimization
If you have agreed to the so-called geolocalisation in your browser or in the operating system or other settings of your respective device, we use this function to be able to offer you individual services related to your current location (e.g. the location of the nearest branch). We process your location data processed in this way exclusively for this function. If you stop the use, the data will be deleted.
The legal basis for this data processing is Article 6(1)(f) GDPR.
You have the option of changing your browser or your operating system or the relevant location settings of your respective device in such a way that no location-related data is transmitted to us.
3.7.2 Cookies - General Information
Most of the cookies we use are deleted after the end of the browser session (so-called session cookies). With these we can offer you e.g. a shopping cart display across all websites, in which you can read how many articles are currently in your shopping cart and how high your current shopping value is. Other cookies remain on your computer and enable us to recognize your computer on your next visit (so-called permanent or cross-session cookies). These cookies in particular serve to make our webshop user-friendly, more effective and safer. Thanks to these files, it is possible, for example, to display information on the site that is specifically tailored to your interests.
If you have a customer account and are logged in or activate the "stay logged in" function, the information stored in cookies is assigned pseudonymised under a cookie ID.
You can set your browser so that it does not place our cookies on your hard drive. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie or how to delete all cookies already received and block them for all others.
To do this, please proceed as follows:
With Internet Explorer
Select "Internet Options" from the "Tools" menu.
Click on the "Privacy" tab.
Now you can make the security settings for the Internet zone. Here you can set whether and which cookies should be accepted or rejected.
Confirm your setting with "OK".
Select Settings from the "Tools" menu.
Click on "Privacy".
Select "Create according to user-defined settings" from the drop-down menu.
Now you can set whether cookies should be accepted, how long you want to keep these cookies and add exceptions to which websites you always or never want to allow cookies to be used.
Confirm your setting with "OK".
On Google Chrome:
Click the Chrome menu on the browser toolbar.
Now select "Settings".
Click on "Show advanced settings".
Under "Privacy", click on "Content Settings".
Under "Cookies" you can make the following settings for cookies: delete cookies, block cookies by default, delete cookies and website data by default after closing the browser
Allow exceptions for cookies from certain websites or domains
However, we would like to point out that in this case you may not be able to use all functions of this webshop to their full extent.
If these cookies and/or the information they contain are containing personal data, the legal basis for data processing is Article 6(1)(f) GDPR. Our interest in optimizing our webshop is to be regarded as justified in the sense of the aforementioned regulation.
3.7.3 Google Analytics
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this webshop. The opt-out cookie is only valid in this browser and only for our webshop and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found on the Google Analytics website.
We have concluded a data processing agreement with Google for this data processing.
3.7.4 Google Tag Manager
Our webshop uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The tool Tag Manager itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.
And use the browser plugin available under „Doubleclick deactivation extension“. Alternatively, you can disable the Doubleclick cookies on the Digital Advertising Alliance site by following this link: http://www.aboutads.info/choices/
To protect input forms on our site, we use the "reCAPTCHA" service from Google. By using this service it can be differenciated whether the corresponding input is of human origin or is abusive through automated machine processing. The legal basis for this data processing is Article 6(1)(f) GDPR.
To our knowledge, the referrer URL, the IP address, the behaviour of webshop visitors, information about operating system, browser and dwell time, cookies, display instructions and scripts, the user's input behaviour and mouse movements in the "reCAPTCHA" checkbox area are transmitted to "Google". Google uses the information obtained in this way, among other things, to digitize books and other printed matter and to optimize services such as Google Street View and Google Maps (e.g. house number and street name recognition).
The IP address transmitted within the scope of "reCAPTCHA" will not be merged with other Google data unless you are logged in to your Google account at the time you use the "reCAPTCHA" plug-in. If you wish to prevent Google from transmitting and storing data about you and your behaviour on our webshop, you must log out of Google before you visit our site or use the reCAPTCHA plug-in.
3.7.7 Possibility of disagreement/opt-out
In addition to the deactivation methods described above, you can also generally prevent the targeting technologies described by setting a corresponding cookie in your browser (see also 3.7.2). You can also deactivate preference-based advertising using the preference manager available here.
3.7.8 Social media links
3.8 How to contact us
You have the possibility to contact us in several ways. By e-mail, by phone, by web contact mask or by mail. When you contact us, we use the personal data that you voluntarily provide to us in this context solely for the purpose of contacting you and processing your request.
The legal basis for this data processing is Art. 6 (1)(a), Art. 6 (1)(b), Art. 6 (1)(c) and Art. 6 (1)(f) GDPR. Your data will be deleted once the intended purpose has been achieved.
3.9. Customer reviews / comments / other user content
If users leave comments or other contributions on KARL MAYER websites, their IP addresses will be stored on the basis of our legitimate interests within the meaning of Art. 6 (1)(f) GDPR for 7 days. This is done for our safety, if someone leaves illegal contents in comments and contributions (insults, forbidden political propaganda, etc.).
You can also publish your own content on KARL MAYER websites in various places (e.g. product evaluations, comments, etc.). When you make a comment, recommendation or rating on products, brands and styles, we process the personal data that you voluntarily provide as part of the comment or rating. You can publish content on KARL MAYER websites under your first name and abbreviated surname.
The legal basis for this data processing is Art. 6 (1)(f) GDPR.
4. Your statutory rights
Below you will find your rights that you can assert.
4.1 Overview of the individual statutory rights under Article 15 ff. GDPR
In addition to the right to revoke your consent given to us, you have the following further rights if the respective legal requirements are met:
• the right to obtain information about your personal data stored by us (Art. 15 GDPR), in particular you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the origin of your data if these were not collected directly from you;
• the right to correct inaccurate or complete correct data (Art. 16 GDPR),
• the right to delete your data stored with us (Art. 17 GDPR), as far as no legal or contractual retention periods or other legal obligations or rights for further storage are to be observed by us,
• the right to restrict the processing of your data (Art. 18 GDPR) if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete it; the data controller no longer needs the data, but you need them to assert, exercise or defend legal claims or you have filed an objection to the processing in accordance with Art. 21 GDPR,
• the right to tranfer data in accordance with Art. 20 GDPR, i.e. the right to receive selected data stored by us about you in a common, machine-readable format, or to request the transfer to another Controller.
You can assert the above-mentioned rights under email@example.com
4.2 Right to object
Under the conditions of Art. 21 (1) GDPR, data processing may be objected for reasons arising from the special situation of the data subject.
You can exercise this right at firstname.lastname@example.org
4.3 Right of revocation
Insofar as we process data on the basis of a consent given by you, you have the right to revoke the consent given at any time. The revocation of the consent does not mean that the data processing carried out on the basis of the consent up to the time of the revocation becomes ineffective.
You can exercise this right at email@example.com
4.4 Right to non-automated decision in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This shall not apply where the decision a) is necessary for the conclusion or performance of a contract between you and the Controller, or b) is admissible under Union or Member State law to which the Controller is subject and where such law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or c) is taken with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2)(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to above under a) and c), the Controller shall take reasonable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the Controller, to state his own position and to challenge the decision.
You can exercise this right at firstname.lastname@example.org
4.5 Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State of your place of residence, employment or suspected infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.
can be called up and printed out by you.