PRIVACY POLICY

Privacy Notice for DIEZ OFFICE Onlineshop 

We attach maximum importance to protecting your data and safeguarding your privacy. Therefore, we provide information below regarding collection and use of personal data while using our website.

A. Controller 

Responsible for the processing of personal data is:

DIEZ OFFICE
Owner: Stefan Diez
Geyerstraße 20
80469 Munich, Germany

Tel: +49 (89) 55 29 45 13
Mail: mail@diezoffice.com

B. Data processing absolutely essential for the provision of the website

1. Logs

When you visit our website, we store certain access data, e.g. browser type and version, operating system used, the previously visited website, access date and time of the server request and the client’s file request (file name and URL). We use this data anonymously for statistical evaluations.

The data processing is absolutely necessary to defend against cyber attacks and to ensure the retrievability and correct display of the website on your terminal device. The legal basis for the data processing is § 25 para. 2 no. 2 of the German Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (hereinafter TTDSG).

2. To provide the website 

Cookies, i.e. small text files, can be stored on your computer for the shopping cart function and the execution of the order process. The shop software WooCommerce used on our site sets the following cookies:

• woocommerce_cart_hash (storage time: session)

Helps WooCommerce detect when the contents of the shopping cart change. This is a session cookie.

• woocommerce_items_in_cart (storage time: session)

This cookie also helps WooCommerce detect when the contents of the shopping cart change. This is a session cookie.

• woocommerce_recently_viewed (storage duration: session)

As the name of this cookie suggests, it is responsible for the functioning of the WooCommerce widget that displays the most recently viewed products. This is a session cookie.

• store_notice[notice id] (storage duration: session)

With WooCommerce, a shop message can be activated. If users hide it, this is saved. Otherwise, this message would be displayed over and over again. This is a session cookie.

• wp_woocommerce_session_ (storage time: 2 days)

This cookie contains a unique code for each customer so that WooCommerce knows where to find the shopping cart data in the database for each customer. This is a cookie with a retention period of two days.

The data processing by these cookies is absolutely necessary so that you can move around the website without restrictions and use all functions. The legal basis for the data processing is § 25 para. 2 no. 2 TTDSG.

C. Data processing when contacting us 

Read here what data is processed when you contact us or use functions of the website.

1. Contact 

We collect personal data when you provide it to us. This can be, for example, data that you transmit to us in the course of contacting us. The processing of this data is based on Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as this is necessary for the execution of a measure requested by you. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 sentence 1 lit. f GDPR).

2. Orders

If you would like to place an order on our website, we need to process some mandatory data to process your order. The legal basis of the data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

3. Payment processing 

Read here which options are available for payment processing and which personal data are processed in each case.

3.1 PayPal

Payments can be processed via the PayPal service. The provider of the service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).

Payment processing via the service is only possible if you have activated it at PayPal. By selecting the PayPal payment option, you will be redirected to the PayPal website. In the process, data is transmitted to PayPal; in particular, PayPal receives information about your purchase. The data transmission is absolutely necessary in order to provide you with the payment option you have selected. The legal basis of the data processing is § 25 para. 2 no. 2 TTDSG.

We have no influence on the data processing subsequently carried out by PayPal. This is rather based on the provisions agreed between you and PayPal. PayPal is solely responsible for the protection and handling of the data collected by PayPal. Further information on data processing by PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

3.2 Klarna instant bank transfer

Payments can be processed via the Klarna service. The provider of the service is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”).

By selecting the payment option Klarna you will be redirected to the website of Klarna. In the process, data is transmitted to Klarna; in particular, PKlarna receives information about your purchase. The data transmission is absolutely necessary to provide you with the payment option you have selected. The legal basis for the data processing is Section 25 (2) No. 2 TTDSG.

We have no influence on the data processing subsequently carried out by Klarna. This is rather governed by the provisions of Klarna. Klarna is solely responsible for the protection and handling of the data collected by Klarna. For more information on data processing by Klarna, please visit: https://www.klarna.com/de/datenschutz/

4. Advertising measires

We have a legitimate interest in the use of your data for the purposes of direct advertising within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.

Insofar as you have consented to this (Art. 6 para. 1 sentence 1 lit. a GDPR), we also use your data for sending an e-mail newsletter. The newsletter is technically designed so that we can track whether you have opened it. In addition, information on click behaviour is stored and processed. The information obtained is used to make the newsletter even more attractive to you in the future. Your consent also refers to this tracking.

You can revoke your consent to the sending of the newsletter as well as to the newsletter tracking at any time via the link provided for this purpose in every e-mail newsletter or by sending a message to the contact details given above. Furthermore, you can object to the processing of your personal data for advertising purposes with effect for the future in writing, by e-mail or by telephone. For the objection, only the transmission costs according to the base rates are incurred. The lawfulness of the data processing operations already carried out remains unaffected by this.

The dispatch of the newsletter is carried out by a service provider bound by instructions, who is obliged in accordance with the data protection regulations and is not allowed to use the data for any other purpose.

D. Data processing on our social media company pages 

We operate a so-called “company page” on the following social media platforms in joint responsibility with the respective provider of the platform, on which we inform about news from our company as well as events:

• “Facebook”: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
• “Instagram”: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
• “Pinterest”: Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

1. General information on company pages, legal basis

When visiting a company page, the respective provider collects information that enables it to recognize users and comprehensively analyze user behavior. Based on the data collected in this way, the operator of the social media platform can also create user profiles. If you are logged in with your corresponding social media account when visiting a company page, the respective provider can also assign this visit to your account.

The respective provider merely provides us with an anonymized statistical evaluation of the use of our company website based on the information obtained. This enables us to make our contributions even more targeted in the future. In this respect, we have a legitimate interest in collecting and processing this information. In addition, we have a legitimate interest in being able to use as many communication options as possible and thus reach as many interested parties personally as possible. The legal basis for the operation of a company page is in this respect Art. 6 para. 1 sentence 1 lit. f GDPR.

We do not ourselves pass on to third parties any personal data that we collect via our company pages. However, we can neither influence nor exclude the possibility that the named providers transmit the collected data to third parties – in particular to their partner companies, which may also be based in countries outside the EU. In many third countries outside the EU, there is currently no level of data protection that corresponds to the EU.

In principle, you can assert your data subject rights (see also under E.3) with regard to data processing by our company pages both against us and against the respective provider. However, we would like to point out that these can be asserted most effectively with the respective provider. This is because only the respective provider has access to the users’ data and can take appropriate measures and provide information directly.

For more information on data processing by the respective provider, see:

Facebook:

• www.facebook.com/settings?tab=ads
• www.facebook.com/policies/cookies
• en-en.facebook.com/about/privacy

Pinterest:

• https://policy.pinterest.com/de/privacy-policy
• https://policy.pinterest.com/de/cookies
• https://policy.pinterest.com/de/terms-of-service

2. Agreements according to Art. 26 DSGVO

We have concluded an agreement with Facebook pursuant to Art. 26 GDPR in which the data protection obligations arising from the operation of our company website are divided between us and the respective provider. The providers have thereby assumed a large part of the data protection obligations, such as the fulfillment of the data subject rights pursuant to Art. 12-23 GDPR, the obligation to provide suitable technical and organizational measures to protect the security of personal data, and the reporting and notification obligations in the event of a data protection breach. If you contact us regarding your data subject rights, we will immediately forward your request to the respective provider. We are obligated to do so under the agreement with the respective provider.

For more information on the agreement between us and the provider, please see:

• https://www.facebook.com/legal/terms/page_controller_addendum

E. General Information

1. Disclosure of data to third parties

Your personal data will only be disclosed to third parties if this is permitted by data protection law, in particular if you have consented to the disclosure (§ 25 para. 1 sentence 1 TTDSG or Art. 6 para. 1 sentence 1 lit. a GDPR), the disclosure is necessary for the purpose of contract performance (Art. 6 para. 1 sentence 1 lit. b GDPR) or is absolutely essential in order to provide you with an expressly requested service (§ 25 para. 2 no. 2 TTDSG).

In addition to the categories of recipients of personal data already mentioned in this data protection information, address data collected via the shop is passed on to shipping service providers in order to send ordered goods to the recipient. Our hoster WebhostOne can also potentially view personal data collected via the website. The latter is a service provider bound by instructions and may not use the data for other, own purposes.

2. Storage period 

The personal data processed by us will be stored for as long as required for the respective purpose – in particular the processing of your request or your contract – in compliance with the statutory retention periods (e.g. in accordance with the German Commercial Code and the German Fiscal Code, ten years for tax-relevant documents and six years for other business letters) (Art. 6 para. 1 sentence 1 lit. c GDPR). Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or § 25 para. 1 sentence 1 TTDSG or the purpose of the data processing has not yet ceased.

3. Your rights 

3.1 Disable and delete cookies

Some of the processing operations explained above use cookies. You can deactivate the storage of cookies on your hard drive in your browser settings. In addition, you can delete cookies stored in your browser settings at any time. However, in this case you may not be able to use all the functions of our website to their full extent.

3.2 Right of objection

You may object to the use of personal data for direct marketing purposes at any time; you may also object to the use of personal data on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR for reasons arising from your particular situation at any time with effect for the future, without incurring any transmission costs other than those according to the basic rates.

3.3 Right of access, rectification, erasure or restriction and portability

Under the conditions of Art. 15 to 20 GDPR, you have the right to receive information free of charge about the data we have stored about you, to have incorrect data rectified and to demand erasure, restriction of precessing and portability of your personal data. In some cases, however, we are not allowed to delete user data completely due to legal retention obligations.

3.4 Right of appeal

You have a right of appeal to a supervisory authority. The data protection authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

****

Last updated 12/2021