Privacy Policy
Thank you for visiting our website. Compliance with data protection regulations is of particular importance to us. The aim of this data protection declaration is to inform you as a user of the website about the nature, scope and purpose of the processing of personal data and the rights that exist for you, insofar as you are deemed to be a data subject within the meaning of Article 4 No. 1 of the General Data Protection Regulation.
Responsible party
This website and the range of services are operated by:
BRANDIDENT Vertrieb & Produktions GmbH
Alexander-Meißner-Str. 62
12526 Berlin
Germany
Phone: +49(0)30 76 23 970-0
E-Mail: info@brandident.de
General
We have designed the website to collect as little data from you as possible. In principle, it is possible to visit our website without providing any personal data. Only if you decide to use certain services (e.g. use of the contact form) will it be necessary to process personal data. In doing so, we always ensure that your personal data is only processed in accordance with a legal basis or with your consent. We adhere to the regulations of the General Data Protection Regulation (GDPR), which has been in force since 25.5.2018, and the respective applicable national regulations, such as the Federal Data Protection Act, the Telemedia Act or other more specific laws on data protection.
Purpose and legal basis of the processing of personal data
We always process your personal data for a specific purpose.
In summary, we process your personal data for the following purposes:
In order to be able to process your request in the event of contact enquiries (e.g. e-mail address, first name, last name);
For the technical realisation of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information).
To be able to conclude and process contracts with you for the services we offer (e.g. purchase contract via our online shop).
To be able to provide you with a customer account in our web shop.
To be able to receive and process an application from you for one of our job offers.
The specific purposes are described for the processing operations described here (e.g. contact form, web analysis, ordering process, etc.).
Regarding the legal basis for the processing of your personal data:
We process personal data that is required for the justification, implementation or processing of our range of services (contract processing) on the legal basis of Art. 6 (1) lit. b GDPR. Insofar as we obtain consent from you for the processing of your personal data, the consent pursuant to Art. 6 (1) lit. a GDPR forms the legal basis for the data processing. Data processing is also permissible if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data are not overridden. Insofar as we use external service providers within the scope of commissioned data processing, the processing is carried out on the legal basis of Art. 28 GDPR.
Personal data collected and processed
Within the scope of our website, we collect and process certain personal data from you. You can see which data is actually processed by the data you have to provide when filling in forms on the website (e.g. contact form or order form) and we also inform you about the data processed for the processing operations described here in each case.
In summary, we collect and process the following data from you via our website:
General contact data via the contact form:
Name, first name*
Company*
e-mail address*
Content of the message
Payment data:
Name, first name*
Company*
Credit institution*
Bank details*
Registration with customer account:
Name, first name*
Company
E-mail address*
Address*
VAT number
Telephone number
We will only collect and process your data for the purposes stated in this data protection declaration. Any use beyond the purposes listed requires your express consent. The same applies to the transfer and transmission of your data to third parties.
Collection of personal data when visiting our website
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request came
- browser
- Operating system and its interface
- Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. You can find further information on this under the point "Cookies" in this data protection declaration.
Integration of services from other providers
Our website uses contents, services and performances of other providers. These are, for example, services for statistical evaluation of the use and visit of our website. In order for this data to be called up and displayed in the user's browser, the transmission of the user's IP address to this third-party provider is mandatory.
Even though we endeavour to use only third-party providers that only require the IP address in order to deliver content or even work with anonymised IP addresses, we have no influence on whether the IP address may be stored. Information on the third-party providers used can be found below in this privacy policy.
Cookies
Do you use cookies?
Cookies are small text files that are sent by us to the browser of your end device when you visit our website and stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, however, enable us to carry out various analyses, so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.
We provide information about the respective services for which we use cookies in the individual processing procedures. You can find detailed information on the cookies used in the cookie settings or in the Consent Manager of this website.
Contact
You can contact us by e-mail. In this case, we store the personal data you send us in order to process your request and to contact you to handle your request. The voluntary information is used to specify your request and to improve the processing of your request. The data requested is transmitted to us by you on a purely voluntary basis.
Depending on the type of enquiry, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for enquiries that you yourself make as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f GDPR if your enquiry is of a different nature. The legitimate interest follows from the purposes mentioned under point 3 a.). If personal data is requested that we do not need for the fulfilment of a contract or for the protection of legitimate interests, the transfer to us is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
Online-Shop
If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. We process the data you provide to process your order. For this purpose, we may pass on your payment details to our house bank.
You can voluntarily create a customer account, through which we can save your data for future purchases. When you create an account under "My account", the data you provide will be stored revocably. If you decide to create a customer account, the following personal data will be collected and processed during registration.
Name, first name
Delivery address / billing address (if different)
Credit card information, bank details
E-mail address
Password
You can always correct or delete your data, including your user account, in the customer area. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with technical information.
We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data is only used to comply with legal obligations.
To prevent unauthorised access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.
Personal data which is absolutely necessary for the delivery of the goods or the processing of the contract is passed on to service providers commissioned by us. These are the following categories of service providers:
Shipping service provider
UPS,
DHL,
DHL EXPRESS,
FedEx
The processing of the aforementioned personal data for the purposes stated here is carried out on the legal basis of Art. 6 Para. 1 lit. b GDPR.
Data transmission upon conclusion of a contract for the purchase and shipment of goods
Personal data is only transmitted to third parties if it is necessary for the execution of the contract. Third parties can be, for example, payment service providers or logistics companies. No further transmission of data will take place or only if you have expressly consented to this.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Encrypted payment transactions on this website
If there is an obligation to transmit your payment data (e.g. account number in the case of direct debit authorisation) to us after the conclusion of a contract with costs, this data is required for payment processing.
Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
With encrypted communication, the payment data you transmit to us cannot be read by third parties.
Payment service provider
We use external payment service providers through whose platforms users and we can make payment transactions (e.g., each with a link to the privacy policy, Paypal
(https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Visa (https://www.visa.de/datenschutz),
Mastercard (https://www.mastercard.de/de-de/datenschutz.html),
In the context of the performance of contracts, we use the payment service providers on the basis of Art. 6 para. 1 lit. b. GDPR. Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The details are required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e. we do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.
The terms and conditions and data protection information of the respective payment service providers apply to the payment transactions and can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.
PayPal
Type and scope of processing
We have integrated components of Paypal Analytics on our website. Paypal Analytics is a service of PayPal Pte. Ltd. and offers online payment solutions worldwide.
Paypal Analytics uses cookies and other browser technologies to evaluate user behaviour. This information is used, among other things, to verify the authenticity of payments.
Purpose and legal basis
The service is used on the basis of the performance of a contract, i.e. for the processing of payment transactions in accordance with Art. 6 para. 1 lit. b. GDPR.
Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by PayPal Pte. Ltd. Further information can be found in the privacy policy for Paypal Analytics: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.
Google Analytics
Type and scope of processing
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of times our online offer is called up, sub-pages visited and the length of time visitors spend on the site.
Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users.
This information is used, among other things, to compile reports on website activity.
Purpose and legal basis
We process data with the help of Google Analytics for the purpose of optimising our website and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.
Rights of the data subject
You have the right to:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to demand the immediate correction of inaccurate or incomplete personal data stored by us;
- in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller (data portability);
- to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future; and
- complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to datenschutz@brandident.de.
Disclosure of your personal data
Your personal data will be passed on as described below.
The website is hosted by an external service provider in Germany. In doing so, we ensure that data processing takes place solely in Germany. This is necessary for the operation of the website, as well as for the establishment, implementation and processing of the existing user contract and is also possible without your consent.
Data is also passed on if we are entitled or obliged to pass on data due to legal provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
If your data is passed on to service providers to the extent necessary, they will only have access to your personal data to the extent that this is necessary for the fulfilment of their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR.
Beyond the aforementioned circumstances, we generally do not transfer your data to third parties without your consent. In particular, we do not pass on any personal data to a body in a third country or to an international organisation.
Data security
Unfortunately, the transmission of information via the Internet is never 100% secure, which is why we cannot guarantee the security of data transmitted to our website via the Internet.
However, we secure our website by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons.
In particular, we transmit your personal data in encrypted form. We use the SSL/TLS (Secure Sockets Layer/ Transport Layer Security) coding system for this purpose. Our security measures are continuously improved in line with technological developments.
Storage period for personal data
With regard to the storage period, we delete personal data as soon as their storage is no longer necessary for the fulfilment of the original purpose and there are no longer any legal retention periods. The statutory retention periods ultimately form the criterion for the final duration of the storage of personal data. After expiry of the period, the corresponding data is routinely deleted. If retention periods exist, processing is restricted in the form of blocking the data.
References and links
When calling up Internet pages referred to within the framework of our website, information such as name, address, e-mail address, browser properties etc. may be requested again. This privacy policy does not govern the collection, disclosure or handling of personal data by third parties.
Third party service providers may have different and their own regulations regarding the collection, processing and use of personal data. It is therefore advisable to inform yourself on the websites of third parties about their practices for handling personal data before entering personal data.
Change to the privacy policy
We are constantly developing our website in order to provide you with an ever-improving service. We will keep this privacy statement up to date and adapt it accordingly if and when this should become necessary.
Data protection officer
We have appointed a data protection officer.
Ms Carolin Leja
Hafenstraße 1a
23568 Lübeck
E-mail: datenschutz[at]brandident.de
Status: May 2021