Data privacy policy
We take the
protection of your personal data very seriously and apply the utmost care and
highest security standards to protect your personal data from unauthorized
access. We process your personal data exclusively in accordance with the
applicable data protection regulations, in particular the General Data
Protection Regulation (DS-GVO) and the Federal Data Protection Act (BDSG), as
well as on the basis of this privacy policy.
This
privacy policy informs you in accordance with Art. 12 et seq. DSGVO about the
handling of your personal data when using our website. In particular, it
explains which data we collect and what we use it for. Through this, we would
like to provide you with all the information you need to review and exercise
your rights regarding data protection.
1. Responsible
Responsible
for the processing of your personal data on this website is:
PUSTEFIX
GmbH
Bahnhofstraรe
29
72072
Tuebingen
Germany
Phone:
0049-7071-79 10 06
E-Mail:
bubbles@pustefix.de
2.
Data protection officer
You can reach our data protection officer at:
PUSTEFIX
GmbH
– Data protection officer –
Bahnhofstraรe 29
72072 Tuebingen
Germany
E-Mail: bubbles@pustefix.de
3.
Data processing when visiting our website
For the purpose of the technical provision of the
website, it is necessary that we process certain information automatically
transmitted by your browser so that our website can be displayed in your
browser and you can use the website. This information is automatically
collected each time our website is called up and automatically stored in so-called
server log files:
– IP address of the requesting computer
– Host name of the accessing computer
– Identification data of the browser and operating
system used
– Date and time of access
– Website from which the access is made (referrer
URL)
This data is processed for the purpose of enabling
the use of the website (connection establishment), system security, technical
administration and network infrastructure. In addition to the aforementioned
purposes, we use server log files solely for the purpose of designing and
optimizing our website in line with demand, purely statistically and without
any inference to your person.
The access data collected in the course of using our
website is only stored for the period of time for which this data is required
to achieve the aforementioned purposes. Your IP address is stored on our web
server for a maximum of 7 days for IT security purposes.
Insofar as you visit our website in order to obtain
information about our range of products and services or to use them, the legal
basis for the temporary storage and processing of access data is Art. 6 para. 1
p. 1 lit. b DSGVO, which permits the processing of data for the performance of
a contract or for the implementation of pre-contractual measures. In addition,
Art. 6 (1) sentence 1 lit. f DSGVO serves as the legal basis for the temporary
storage of technical access data. Our legitimate interest here is to be able to
provide you with a technically functioning and user-friendly website and to
ensure the security of our systems.
4.
Newsletter mailing
If
you subscribe to our e-mail newsletter, we will send you information about our
offers on a regular basis. Mandatory information for sending the newsletter is
only your e-mail address. The provision of any other data is voluntary and will
be used to address you personally. For sending the newsletter we use the
so-called double opt-in procedure. This means that we will only send you an
e-mail newsletter if you have expressly confirmed that you consent to the
sending of newsletters. We will then send you a confirmation e-mail asking you
to confirm that you wish to receive future newsletters by clicking on an
appropriate link.
By
activating the confirmation link, you give us your consent for the use of your
personal data in accordance with Art. 6 (1) lit. a DSGVO.
When
you register for the newsletter, we store your IP address entered by your
Internet service provider (ISP) as well as the date and time of registration in
order to be able to track any possible misuse of your e-mail address at a later
date. We also store your registration in order to be able to prove that you
have registered and agreed.
For
the processing for the purpose of proving consent, the legal basis is Art. 6
(1) lit. f DSGVO, whereby our legitimate interest is to defend ourselves
against possible legal claims.
The
data collected by us when you register for the newsletter will be used
exclusively for promotional purposes by way of the newsletter. You can
unsubscribe from the newsletter at any time via the link provided for this
purpose in the newsletter or by sending a corresponding message to the person
responsible mentioned at the beginning. After unsubscribing, your e-mail
address will be deleted from our newsletter distribution list immediately, unless
you have expressly consented to further use of your data or we reserve the
right to use your data in a manner that goes beyond this, which is permitted by
law and about which we inform you in this declaration.
For
the purpose of sending the newsletter, we will store your data until you revoke
your consent or until we finally discontinue sending the newsletter. For the
purpose of proving consent until March 31 of the fourth calendar year following
the last promotional e-mail dispatch.
For
the purpose of statistical analysis of the newsletters, we use so-called web
beacons or tracking pixels in the newsletters, which are single-pixel image
files stored on our website. This makes it possible to determine whether a
newsletter message has been opened and which links, if any, have been clicked
on.
The
legal basis for the data processing is your consent pursuant to Art. 6 (1) lit.
a DSGVO.
With
the help of so-called conversion tracking, it can also be analyzed whether a
predefined action (e.g. purchase of a product on our website) has taken place
after clicking on the link in the newsletter. In addition, technical
information is recorded (e.g. time of retrieval, IP address, browser type and
operating system).
The
data is collected exclusively in pseudonymous form and is not linked to your
other personal data; direct personal reference is thus excluded. This data is
used exclusively for the statistical analysis of newsletter campaigns. The
results of these analyses can be used to better adapt future newsletters to the
interests of the recipients.
You
can revoke your consent to data analysis for statistical evaluation purposes at
any time by unsubscribing from the newsletter.
5. Contact
On our
website you will find inquiry or contact forms as well as postal addresses,
telephone numbers and e-mail addresses that you can use to contact our company.
The personal data you provide for this purpose (such as your name, e-mail
address, telephone number or address) will be processed solely for the purpose
of handling your inquiry and communicating with you.
We base the
processing on our legitimate interest in contacting and communicating with you
(Art. 6 para. 1 p. 1 lit. f DSGVO). If you are interested in our offers, we
base the processing on the implementation of pre-contractual measures (Art. 6
para. 1 p. 1 lit. b DSGVO).
We process
the data you provide in the course of contacting and communicating with us
until the purpose for the processing no longer applies (e.g. after processing
of your inquiry has been completed) and no mandatory legal provisions (e.g.
retention periods) prevent deletion.
6. Processing when shopping in our webshop / customer account
In case of
an order in our webshop you have the choice to order as a guest or to create a
customer account. Registration is not required for an order.
If you
purchase products from us in our webshop at www.pustefix.de, we process your
personal data (such as your name, e-mail address, or address) to fulfill our
contractual obligations.
The legal
basis for the data processing is Art. 6 para. 1 lit. b DSGVO.
We store
your data as long as this is necessary for the execution of the purchase
contract, including invoicing. In order to comply with statutory retention
obligations, we store your data in the case of business and commercial letters
and other tax-relevant documents until March 31 of the seventh calendar year
after they arise, and in the case of accounting documents of the eleventh
calendar year after they arise. There is no legal or contractual obligation to
provide the personal data. However, the provision is necessary for the
conclusion of the contract. Failure to provide the data will mean that no
contract can be concluded.
As far as
permissible, further processing of your personal data for marketing purposes is
based on our legitimate interest in direct marketing (Art. 6 para. 1 lit. f
DSGVO). In this case, the data may also be passed on to service providers. You
have the right to object to the use of your personal data for the purpose of
direct marketing at any time. In the event of an objection, your personal data
will no longer be processed for marketing purposes.
You can
create a password-protected customer account on our website. For this purpose,
your data required for the use of the webshop will be processed. This is your
inventory data (name, address, e-mail, telephone number, etc.), your access
data (e-mail address, password) and data about your completed, open and
recently shipped orders. You can update this data at any time and also close
the customer account.
Within the
scope of registration and subsequent logins and uses of the customer account,
we store the IP addresses of the customers along with the access times in order
to prove the registration and to be able to prevent any misuse of the customer
account.
The legal
basis for data processing is Art. 6 para. 1 sentence 1 lit. b, f DSGVO.
We store
your data until you delete your user account or until legal retention
obligations prevent the deletion of your data. Shopping carts of non-registered
users are deleted after 2 hours. Contractual data is processed until the
statute of limitations of possible post-contractual obligations.
7. Lotteries
If you
participate in sweepstakes conducted by us, you declare your consent to the
processing of the data entered by you by the person responsible under data
protection law for the purpose of conducting the sweepstakes on the basis of
the sweepstakes contract concluded with it (Art. 6 (1) lit. b DSGVO) until the
completion of the sweepstakes.
There is no
legal or contractual obligation to provide the personal data. However, the
provision is necessary for participation in the sweepstakes. Failure to provide
the data will only result in you not being able to participate in the
competition.
There will
be further processing of the data, which is compatible with the original
processing purpose, on the basis of our legitimate interest in direct marketing
(Art. 6 para. 1 lit. f DSGVO), such as the addressed postal dispatch of
advertising, until objection is made. In this case, the data will be forwarded
to the shipping service provider. You have the right to object to the use of
your personal data for the purpose of direct advertising at any time by written
notification. In the event of objection, your personal data will no longer be
processed for the purpose of direct advertising.
8. Cookies
If you
agree, this website uses cookies. Cookies do not harm your computer and do not
contain viruses. Cookies make websites more user-friendly and efficient for the
user. A cookie is a small text file that is used to store information. When a
website is visited, the website may place a cookie on the website visitor’s
computer. If the user visits the website again later, the website can read the
data from the previously stored cookie and thus determine, for example, whether
the user has visited the website before and which areas of the website the user
was particularly interested in.
9. Change cookie settings
How the web
browser handles cookies, which cookies are allowed or rejected, can be defined
by the user in the web browser settings. Where exactly these settings are
located depends on the respective web browser. Detailed information on this can
be accessed via the help function of the respective web browser. If the use of
cookies is restricted, not all functions of this website may be fully usable.
10. Cookies on our website
Most of the
cookies we use are so-called “session cookies”. They are
automatically deleted after the end of your visit or your browser session
(so-called transient cookies). Other cookies remain stored on your terminal
device for a specified period of time or until you delete them (so-called persistent
cookies). These cookies allow us to recognize your browser on your next visit.
Some of the
cookies we use on our website come from third parties that help us analyze the
impact of our website content and visitors’ interests, measure the power and
performance of our website, or serve customized advertising and other content
to our or other websites.
The
cookie-based data processing is carried out on the basis of your consent
pursuant to Art. 6 (1) sentence 1 lit. a DSGVO or to protect our legitimate
interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO. Our legitimate
interests here lie in particular in being able to provide you with a
technically optimized website that is user-friendly and tailored to your needs,
as well as to ensure the security of our systems.
You can
revoke any consent you have given us at any time, e.g. by deactivating the
cookie-based tools/plugins listed in detail in the following overview. By
making the appropriate settings, you can also object to processing based on
legitimate interests.
Our website
processes cookies described below (see cookie settings).
11. Google Analytics
If
you agree, this website uses Google Analytics, a web analytics service provided
by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin,
D04 E5W5, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA).
Google
Analytics uses “cookies”, which are text files placed on your
computer, to help the website analyze how users use the site. The cookies are
stored by Google on your computer for a period of up to two years. The
information generated by the cookie about your use of this website is usually
transmitted to a Google server in the USA and stored there. We have extended
Google Analytics on this website with the code “gat._anonymizeIp();”
to ensure that your IP address is not recorded in full length, but only in
shortened form (so-called IP masking). Although this makes it more difficult to
identify you, it cannot be ruled out that Google may link your IP address with
other identifiers and assign them to you.
The
legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.
By consenting to the processing, you consent at the same time pursuant to Art.
49 para. 1 sentence 1 lit. a DSGVO that your data is processed in the USA. The
USA is assessed by the European Court of Justice as a country with an
insufficient level of data protection according to EU standards. Therefore, it
cannot be ruled out that US security authorities may issue orders to our
service provider to gain access to data. In addition, legal protection options
are currently only available to a limited extent.
Information
about how Google processes your data can be found in Google’s privacy policy: https://policies.google.com/technologies/partner-sites?hl=de
and https://policies.google.com/privacy
12. Google Tag Manager
On
our website, if you agree, we use the “Google Tag Manager” of Google
Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5,
Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View,
CA 94043, USA).
Through
this service, website tags can be managed via an interface. Tags are small
pieces of code on a website that are used to measure visitor traffic and
behavior on our website, track the impact of online advertising and social
channels, and test and optimize the website. Google Tag Manager implements tags
and uses a set of triggering rules that determine when these tags should be
used on a website. When you visit our website, the specified tags are triggered
and the corresponding cookies are loaded into your browser. However, Google Tag
Manager does not access this data. By using Google Tag Manager, your use of our
website will be more efficient and faster, as managing the correct tags will
speed up our website. If a deactivation of Google Tag Manager has been made at
the domain or cookie level, it will remain in place for all tracking tags
insofar as they are implemented with Google Tag Manager.
The
legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.
By consenting to the processing, you consent at the same time pursuant to Art.
49 para. 1 sentence 1 lit. a DSGVO that your data is processed in the USA. The
USA is assessed by the European Court of Justice as a country with an insufficient
level of data protection according to EU standards. Therefore, it cannot be
ruled out that US security authorities may issue orders to our service provider
to gain access to data. In addition, legal protection options are currently
only available to a limited extent.
Information
on how Google processes your data can be found in Google’s privacy policy: https://policies.google.com/technologies/partner-sites?hl=de
and https://policies.google.com/privacy
13. Google
AdSense
If
you agree, this website uses Google AdSense, a service provided by Google
Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5,
Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View,
CA 94043, USA) to embed advertisements.
Google
AdSense uses cookies, which are stored on your computer for a period of 365
days and which allow an analysis of the use of the website. Google AdSense also
uses so-called web beacons (invisible graphics). Through these web beacons,
information such as visitor traffic to these pages can be analyzed.
The
information generated by cookies and web beacons about the use of this website
(including your IP address) and delivery of advertising formats will be
transmitted to and stored by Google on servers in the United States. This
information may be passed on by Google to contractual partners of Google.
You
may also refuse the use of cookies by selecting the appropriate settings on
your browser, however please note that if you do this you may not be able to
use the full functionality of this website.
The
legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.
By consenting to the processing, you consent at the same time pursuant to Art.
49 para. 1 sentence 1 lit. a DSGVO that your data will be processed in the USA.
The USA is assessed by the European Court of Justice as a country with an
insufficient level of data protection according to EU standards. Therefore, it
cannot be ruled out that US security authorities may issue orders to our
service provider to gain access to data. In addition, legal protection options
are currently only available to a limited extent.
14. Hotjar
If
you agree, this website uses Hotjar, a web analytics service provided by Hotjar
Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St
Julian’s STJ 3141, Malta, Europe (hereinafter “Hotjar”) to analyze
the usage behavior of our website.
Hotjar
enables us to log and evaluate your usage behavior on our website, such as your
mouse movements or mouse clicks. However, your visit to our website is
anonymized. In addition, Hotjar analyzes information about your operating
system, your Internet browser, incoming or outgoing links, the geographical
origin as well as the type and trigger of the terminal device you are using and
processes this information for statistical purposes. Likewise, Hotjar may
obtain direct feedback from you.
The
legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.
For
more information about privacy at Hotjar, please visit: https://www.hotjar.com/privacy
and https://help.hotjar.com/hc/en-us/sections/360007812474-Compliance.
15. YouTube
If
you agree, this website uses the YouTube button of the social network YouTube,
which is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San
Bruno, CA 94066, USA (“YouTube”); parent company: Google LLC, 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA.
When
you call up the embedded video, a connection is established to the servers of
the provider YouTube in the USA and certain information (e.g. your IP address)
is sent to the provider, even if you are not logged in to the provider. We do
not obtain knowledge of the type and scope of the data collected by YouTube and
have no influence on its use. The purpose and scope of the data collection and
the further processing and use of the data by YouTube, as well as your rights
in this regard and setting options for protecting your privacy, can be found in
the privacy notices of Google: https://policies.google.com/privacy.
The
cookies used when using YouTube are stored for a period of up to one year.
The
legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.
By consenting to the processing, you consent at the same time pursuant to Art.
49 (1) sentence 1 lit. a DSGVO that your data is processed in the USA. The USA
is assessed by the European Court of Justice as a country with an insufficient
level of data protection according to EU standards. Therefore, it cannot be
ruled out that US security authorities may issue orders to our service provider
to gain access to data. In addition, legal protection options are currently
only available to a limited extent.
Information
on how Google processes your data can be found in Google’s privacy policy: https://policies.google.com/technologies/partner-sites?hl=de
16.
Google Maps /Google Earth
If
you agree, our website uses Google Maps/ Google Earth of Google Ireland
Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
(parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA
94043, USA).
When
using Google Maps, Google also collects, processes and uses data about the use
of the Maps functions by visitors to the websites. The terms of use for Google
Maps can be found at https://www.google.com/intl/de_DE/help/terms_maps/,
Google’s privacy policy at https://policies.google.com/technologies/partner-sites?hl=de
The
storage period of the cookies set for Google Maps is up to six months. The
legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.
By consenting to the processing, you consent at the same time pursuant to Art.
49 para. 1 sentence 1 lit. a DSGVO that your data is processed in the USA. The
USA is assessed by the European Court of Justice as a country with an
insufficient level of data protection according to EU standards. Therefore, it
cannot be ruled out that US security authorities may issue orders to our
service provider to gain access to data. In addition, legal protection options
are currently only available to a limited extent.
17. Microsoft Advertising Conversion-Tracking
If
you agree, this website uses Microsoft Advertising Converison tracking, an
analysis service of Microsoft Corporation (One Microsoft Way, Redmond, WA
98052-6399, USA; “Microsoft Advertising”). Microsoft Advertising sets
a cookie on your computer (“conversion cookie”) if you have accessed
our website via a Microsoft Advertising ad. These cookies lose their validity
after 30 days and are not used for personal identification.
When
you visit our website, we and Microsoft Advertising can recognize which ad
directed you to our site. The information collected using the conversion cookie
is used to compile statistics. We can thus evaluate the total number of users
who clicked on our ad. However, we do not receive any information with which
users can be personally identified.
Further
information and the privacy policy of Microsoft Advertising can be found at: https://privacy.microsoft.com/de-de/privacystatement.
The
legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.
By consenting to the processing, you consent at the same time pursuant to Art.
49 para. 1 sentence 1 lit. a DSGVO that your data will be processed in the USA.
The USA is assessed by the European Court of Justice as a country with an
insufficient level of data protection according to EU standards. Therefore, it
cannot be ruled out that US security authorities may issue orders to our
service provider to gain access to data. In addition, legal protection options
are currently only available to a limited extent.
18.
Facebook Pixel
If you
agree, this website uses the so-called “Facebook pixel” of Meta
Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2
(parent company: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA)
(“Facebook”). In the process, a cookie is set on your computer
(“conversion cookie”) if you have reached our website via a Microsoft
Advertising ad.
In
particular, the Facebook pixel allows us to track users’ actions after they
have seen or clicked on a Facebook ad. This process is used to evaluate the
effectiveness of Facebook ads for statistical and market research purposes and
can help optimize future advertising efforts.
With the
help of the Facebook pixel, it is also possible for Facebook to determine the
users of our website as a target group for the display of ads (“Facebook
Ads”).
We also use
the Facebook pixel in this respect in order to display the advertising placed
by us only to those users on Facebook and the partners cooperating with
Facebook who also have an interest in our online offering or who have certain
characteristics transmitted by us.
We
cannot draw any conclusions about the identity of the users based on the data
collected. However, the data is processed by Facebook, so that a connection to
the respective user profile is possible and Facebook can use the data for its
own advertising purposes, in accordance with the Facebook data usage policy
(https://www.facebook.com/about/privacy/).
For
more information and details about the Facebook Pixel and how it works, please
visit https://www.facebook.com/business/help/742478679120153?id=1205376682832142.
The
legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.
By consenting to the processing, you consent at the same time pursuant to Art.
49 para. 1 sentence 1 lit. a DSGVO that your data will be processed in the USA.
The USA is assessed by the European Court of Justice as a country with an
insufficient level of data protection according to EU standards. Therefore, it
cannot be ruled out that US security authorities may issue orders to our
service provider to gain access to data. In addition, legal protection options
are currently only available to a limited extent.
19.
More recipients
In order for us to process your data in accordance
with the purposes described above, it may also be necessary to transfer your
data to other recipients for processing.
We may transfer personal data to other companies
within our group of companies or grant them access to this data. Where this
transfer is for administrative purposes, the transfer of data is based on our
legitimate business and business interests or is made where it is necessary for
the performance of our contract-related obligations or where there is consent
from the data subjects or legal permission.
We process your personal data with the support of
order processors who assist us in providing the services (e.g. web hosters,
e-mail newsletter dispatch service, merchandise management system, content
management system, store system, payment service providers, web agencies).
These processors are obliged to strictly protect your personal data and are not
allowed to process your personal data for any other purpose than the provision
of our services.
Insofar as we use external service providers to
process your data, these have been carefully selected and commissioned by us
and are regularly monitored.
We ensure that personal data is used in accordance
with instructions by concluding appropriate processing contracts with
commissioned service providers.
Your personal data is only passed on to service
providers typical for the economy, such as banks (in the case of bank transfers
to you), tax advisors (if you are included in our accounting), shipping service
providers (in the case of shipping to you) and comparable service providers.
We limit the transfer of your personal data to what
is necessary, taking into account the requirements of data protection law.
19.1 Forwarding
for the purpose of payment processing
When
ordering in our webshop, it may be necessary, depending on the payment option
you have chosen, that we transmit your data to the commissioned credit institution
or the respective payment service provider for the purpose of payment
processing.
Legal
bases for these transfers are Art. 6 para. 1 lit. b and f DSGVO.
19.2 Forwarding for the purpose of
sending newsletters via Sendinblue
Our
email newsletter is sent via the technical service provider Sendinblue GmbH,
Kรถpernicker Str. 126, 10179 Berlin (“Sendinblue”), to whom we pass on
the data you provided when registering for the newsletter.
This
transfer is based on Art. 6 (1) lit. f DSGVO and serves our legitimate interest
in using an effective advertising, secure and user-friendly newsletter system.
We
have concluded an order processing agreement with Sendinblue to ensure that
your personal data is used strictly in accordance with instructions.
For
more information on Sendinblue’s data protection, please refer to Sendinblue’s
privacy policy at https://de.sendinblue.com/legal/privacypolicy/.
20. Data
transfer to a country outside the European Economic Area
In the case of data transfers to a country outside the EU or the EEA,
contractual provisions generally guarantee that a level of data protection
equivalent to that of the European Union is maintained.
We would like to point out that there is no adequate level of data
protection in the USA comparable to that in the EU. Therefore, there is a risk
for you of governmental access to this data. In addition, there are currently
only limited possibilities for legal protection. This risk may also exist with
regard to other third countries. The permissibility of these data transfers to
the USA and other affected third countries follows from Art. 49 (1) sentence 1
lit. a DSGVO.
21. Duration of storage
We process and store your personal data as long as it is necessary for
the fulfillment of our contractual and legal obligations or otherwise the
purposes pursued with the processing, i.e., for example, for the duration of
the entire business relationship (from the initiation, processing to the
termination of a contract).
On this basis, personal data is regularly deleted in the context of the
fulfillment of our contractual and/or legal obligations, unless its temporary
further processing is necessary for the following purposes:
–
Fulfillment of statutory
retention obligations, which arise, for example, from the German Commercial
Code (sections 238, 257 (4) HGB) and the German Fiscal Code (section 147 (3),
(4) AO). The retention and documentation periods specified there are up to ten
years.
–
Preservation of evidence,
taking into account the statute of limitations. According to Sections 194 et
seq. of the German Civil Code (BGB), these limitation periods can be up to 30
years, with the regular limitation period being three years.
22. Security measures
We take
appropriate technical and organizational measures in accordance with the legal
requirements, taking into account the state of the art, the implementation
costs and the nature, scope, circumstances and purposes of the processing, as
well as the different probabilities of occurrence and the extent of the threat
to the rights and freedoms of natural persons, in order to ensure a level of
protection appropriate to the risk.
We use the
so-called SSL security system (Secure Socket Layer) for any data transfer in
connection with our online store and thus also in connection with the input of
personal data. This technology offers a high level of security and is therefore
also used, for example, by banks for data protection in online banking.
Nevertheless, we would like to point out that data transmission on the Internet
(e.g. when communicating by e-mail) can have security gaps. A complete
protection of the data against access by third parties is therefore not
possible.
23. Your rights
23.1 General
information
Within the scope of the data protection law
applicable to you and as far as provided therein (such as in the case of the
GDPR), you are entitled to the following statutory data subject rights,
provided that their requirements are met:
–
Right to information about your data stored by us (Art. 15 DSGVO).
–
Right to correction of inaccurate data (Art. 16 DSGVO)
–
Right to delete the data stored by us (Art. 17 DSGVO)
–
Right to restrict the processing of data stored by us (Art. 18 DSGVO)
–
Right to data portability (Art. 20 DSGVO)
–
Right to revoke any consent given to us at any time with effect for the future,
–
Right to lodge a complaint with a competent supervisory authority if you
believe that the processing of personal data concerning you violates provisions
of the DSGVO.
23.2 Right
of objection (Art. 21 DSGVO)
You
have the right to object at any time to the processing of your data that is
carried out on the basis of Art. 6 (1) sentence 1 lit. f DSGVO (data processing
on the basis of a balance of interests) or Art. 6 (1) sentence 1 lit. e DSGVO
(data processing in the public interest), if there are grounds for doing so
that arise from your particular situation.
If
you object, we will no longer process your personal data unless we can
demonstrate compelling legitimate grounds for the processing that override your
interests, rights and freedoms, or the processing serves to assert, exercise or
defend legal claims.
The
objection can be made form-free and should preferably be addressed to:
PUSTEFIX GmbH
Bahnhofstraรe 29
72072 Tuebingen
Germany
E-Mail: bubbles@pustefix.de
23.3 Advertising
objection
Insofar
as a contractual relationship has been established between you and us, as an
existing customer you will receive information from us about similar products
or invitations to satisfaction surveys via the e-mail address you have
provided, based on our legitimate interest in direct advertising. You can
object to this use of your e-mail address at any time, either in total or for
individual processing, without incurring any costs other than the transmission
costs according to the basic rates. The data processing is carried out on the
legal basis of Art. 6 para. 1 lit. f DSGVO in conjunction with. ยง Section 7 (3)
UWG.
The
objection can be made form-free and should preferably be addressed to:
PUSTEFIX GmbH
Bahnhofstraรe 29
72072 Tuebingen
Germany
E-Mail: bubbles@pustefix.de
24. Obligation
to provide data
In principle, you are not obliged to provide us with your personal data.
However, if you do not do so, we will not be able to provide you with
unrestricted access to our website or answer your inquiries to us. Personal
data that we do not absolutely require for the above-mentioned processing
purposes are marked accordingly as voluntary information.
25. Modification and update of the privacy policy
This
privacy policy is currently valid and has the status May 2022.
Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy.