1 Responsible entity
The responsible party for the collection, processing and use of your personal data within the meaning of the GDPR is
HLash & Rainer GmbH
Welserstrasse 10 E
+49 (0) 22 03 /92 29 70
+49 (0) 22 32 /99 33 112
+49 (0) 22 03 /92 29 75
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or in respect of individual measures, you may address your objection to the above-mentioned responsible office.
2 General use of the website
2.1 Access data
We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, store and use data about each access to our online offer (so-called server log files). The access data includes the name and URL of the retrieved file, date and time of retrieval, amount of data transferred, notification of successful retrieval (HTTP response code), browser type and version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.
We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of operating, securing and optimizing our online offering, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. This information allows us to provide personalized and location-based content and to analyze traffic, troubleshoot and improve our services. We reserve the right to review the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is required for security purposes or necessary for the provision of services or the billing of a service, e.g. if you use one of our offers. After the order process has been cancelled or after payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking links, etc.).
2.2 E-mail contact
If you contact us (e.g. by contact form or e-mail), we store your information for processing the request and in case follow-up questions arise. We only store and use further personal data if you consent to this or if this is legally permissible without special consent.
2.3 Legal basis and storage period
The legal basis for data processing in accordance with the above paragraphs is Art 6 (1) (f) GDPR. Our interests in data processing are in particular to ensure the operation and security of the website, to study the way visitors use the website, and to facilitate the use of the website.
Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued.
3 Your rights as a person affected by data processing
According to the applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address mentioned in point 1.
Below you will find an overview of your rights.
3.1 Right to confirmation and information
You have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to obtain from us, free of charge, information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:
- the purposes of processing.
- the categories of personal data processed.
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations.
- if possible, the period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period.
- the existence of a right to request from the controller access to and rectification or erasure of personal data or restriction of processing your personal data or to object to processing as well as the right to data portability.
- the right to lodge a complaint with a supervisory authority.
- if the personal data is not collected from you, any available information about the origin of the data.
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
If personal data are transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
3.2 Right to rectification
You have the right to request that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3.3 Right to erasure (“right to be forgotten”)
You have the right to request that we erase personal data relating to you without undue delay, and we are obliged to erase personal data without undue delay, if one of the following grounds applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- you withdraw your consent on which the processing was based according to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR and there is no other legal ground for the processing.
- you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
- the personal data have been unlawfully processed.
- the personal data have to be erased for compliance with a legal obligation under Union or Member State law to which we are subject.
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If we have made the personal data public and we are obliged to erase it, taking account of available technology and costs of implementation, we shall take reasonable steps, including technical measures, to inform data controllers who process the personal data that you have requested that they erase any links to, or copy or replications of, those personal data.
3.4 Right to restriction of processing
You have the right to obtain restriction of processing from us, where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
- the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data.
- we no longer need the personal data for the purposes of processing, but you required the data for the establishment, exercise or defense of legal claims; or
- you have objected to the processing pursuant to Article 21(1) GDPR, pending the verification whether the legitimate grounds of the controller override yours.
3.5 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us, where
- the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
- the processing is carried out by automated means.
In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
3.6 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on points (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific research purposes or statistical purposes pursuant to Article 89(1) GDPR, you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
3.7 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.
3.8 Right to revoke consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time.
3.9 Right to complain to a supervisory authority
You have the right to lodge a complaint with a single supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, you believe that the processing of personal data concerning you is unlawful.
4 Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data will be transmitted encrypted. This applies to your orders as well as to the customer login. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
To protect your data, we maintain technical and organizational security measures, which we constantly adapt to the state of the art.
We also do not guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
5 Automated decision making
Automated decision-making based on the personal data collected does not take place.
6 Disclosure of data to third parties, no data transfer to non-EU countries.
In principle, we use your personal data only within our company.
If and to the extent that we involve third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing (“commissioned processing”), we contractually oblige commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
Data transfer to entities or persons outside the EU does not take place and is not planned.