The following privacy notice applies to the use of our online offering www.paatz.com (subsequently „Website“).
We attach great importance to data security. Your personal data are collected and processed in accordance with applicable
data security laws, especially the General Data Protection Regulation (GDPR).
The data controller responsible for the collection, processing and use of your personal data according to Art. 4 Nr. 7 GDPR is
PAATZ Viernau GmbH
OT Viernau
Hergeser Weg 1
98587 Steinbach-Hallenberg
Tel.: 036847 / 351 2400
Email: info@paatz.com
In case of objection to the collection, processing or use of your data by us as described in this privacy notice as a whole or to
individual measures, please direct this objection to the data controller.
datenschutz@paatz.com
You can save or print out this privacy notice at any time.
We use personal data for the purpose of operaing this website
3.1 Hosting
We use hosting services to provide the following services: infrastructure and platform services, calculating capacity, memory space and database services,
security and technical maintenance services used for running this website.
To this end, we or our hosting provider process stock data, contact data, content data, contract data, usage data, metadata and communication data of
customers, prospective customers and visitors on this website on the basis of our legitimate interest in the efficient and secure provision of
our website according to Art. 6 par. 1 p. 1 f) GDPR in conjunction with Art. 28 GDPR.
3.2 Access Data
We collect information on you if you use this website. We automatically gather information about your usage patterns and interaction with us and are logging data pertaining to your computer or mobile device. We gather, save, and use data every time our website is accessed (so-called server log files). Examples of access data include:
We use these protocol data for statistical evaluation without attaching them to you as a person or other forms of profile generation for website operation, security, and optimization, as well as for anonymous tracking of the number of visitors to our website (traffic) as well as the extent and type of use of our website and services, as well as for billing purposes in order to measure the number of clicks received from cooperating partners. Based on this information we can offer personalized and geographically targeted content and analyze data traffic, track and eliminate errors, and optimize our services.
This constitutes a legitimate interest as defined in Art. 6, par. 1, p. 1p GDPR.
We reserve the right to retroactively analyze protocol data if tangible evidence raises a legitimate suspicion of illegal use. We save IP addresses in our log files for a limited time if security purposes or the provision or billing of services renders it necessary, e.g. if you use one of our offerings. After aborting the order process or after payment is received, we delete the IP address if it is no longer needed for security purposes. We also save IP addresses in case of tangible suspicion of a crime in the context of using our website. We also record the date of your last visit in your account (e.g. on registration, login, following links etc.)
3.3 Cookies
We use so-called session cookies to optimize our website. A session cookie is a small text file sent from the respective server on visiting a
website, which is cached on your hard disk. This file per se contains a so-called session ID enabling us to assign several of your
browser requests to one single session. In this way, your computer can be recognized once you return to our website. These cookies are
deleted after you shut down your browser. One purpose they serve is that they enable you to use the shopping cart function across several
pages.
On a small scale, we also use persistent cookies (likewise small tex files deposited on your terminal device) that stay on your device and allow us
to recognize your browser on your next visit. These cookies are saved to your hard disk and are deleted automatically after a given time.
Their lifetimes vary between 1 month and 10 years. In this way, we can present you with a more user-friendly, effective and secure
offering and e.g. show you information specific to your interests on our website.
Our legitimate interest in using cookies as defined in Art. 6, par. 1, p. 1p GDPR is to make our website more user-friendly, effective, and secure..
The following data and information are examples of what is saved in cookies:
On activation of a cookie it is assigned an identification number. Your personal data are not assigned to this identification number. Your
name, IP address or similar data that would facilitate an assignment of the cookie to you as a person are not saved within the
cookie. Using cookie technology, we only receive pseudonymized information, e.g. on what pages of our shop were visited, what products
were viewed etc.
You can configure your browser to inform you prior to placing a cookie so you can decide on a case-by-case basis to deny the receipt of
cookies in certain cases or generally, or the complete refusal of cookies. This can limit the functionality of the website.
3.4 Data Needed to Fulfill Our Contractual Obligations
We process personal data needed to fulfill our contractual obligations, e.g. name, address, email address, products ordered, billing and
payment data. The gathering of this data is a prerequisite for contract conclusion.
Data are deleted after all warranty and legal retention periods have expired. Data connected with a user account (see below) will always
be retained for the duration of maintenance of said account.
The legal basis for the processing of these data is Art. 6, par. 1, p. 1b GDPR, as we need these data to fulfill our contractual obligations
to you.
3.5 User Account
You can create a user account on our website. If you so desire, we need the personal data collected at login time. For later logins, only your
email addres or user name and the password chosen by you are required.
At registration time of a new user we gather account data (e.g. name, address), communication data (e.g. email address) and payment data
(bank details) as well as access data (user name and password).
To safeguard a proper login process and prevent unauthorized logins by third parties we send you and activation link by email after registration
to activate your account. The data submitted by you is only saved permanently in our system after registration is complete.
You can have us delete a user account you created at any time without any charge save the cost for transferring that information to us at
base rate. A written notice to the contact specified in No. 1 (e.g. by email, fax, letter) is sufficient. We will then delete all personal
data on you that is saved in our system if they are no longer needed to process orders or legal retention orders.
The legal basis for the processing of these data is your aggreement as defined in Art. 6, par. 1, p. 1 a GDPR.
3.6 Newsletter
To sign up for the newsletter the data gathered during the registration process are required. The signup for the newsletter is logged.
After signing up a message is sent to the provided email address asking you to confirm the subscription ("double opt-in"). This is
required so third parties cannot sign up using your email address.
You can always withdraw your consent to receive the newsletter and thus cancel your subscription.
We save subscription data for as long as they are needed to dispatch the newsleter. We save the subscription log and target address as long
as interest in the consent initially given persists. As a rule, these are the limitation periods for claims under civil law, i.e.
three years maximum.
The legal basis for dispatch of the newsleter is your consent according to Art. 6, par. 1, p. 1a GDPR in conjunction with § 7, par. 2, no. 3 UWG.
The legal basis for logging your subscription is our legitimate interest in proving that dispatch has occurred with your consent.
You can revoke your subscription anytime without any charge save the cost for transferring that information to us at
base rate. A written notice to the contact specified in No. 1 (e.g. by email, fax, letter) is sufficient. As a matter of course, you
will find an unsubscription link within each newsletter.
3.7 Product Recommendations
Independent of the newsletter, we will regularly send you product recommendations by email. In this manner we inform you about products from
our selection that could be of interest to you based on your most recent purchases of goods or services from us. Doing this, we strictly
adhere to legal guidelines. You can object to this anytime without any charge save the cost for transferring that information to us at
base rate. A written notice to the contact specified in No. 1 (e.g. by email, fax, letter) is sufficient. As a matter of course, you
will find an unsubscription link within each email.
The legal basis for this is the legal permission in Art. 6, par. 1, p. 1 f GDPR in conjunction with § 7, par. 3 UWG.
3.8 Email Contact
If you contact us (e.g. by contact form or email), we process your information in order to answer your request and in case subsequent questions
arise.
In case data is processed to carry out tasks based on your request prior to contract conclusion or, if you are an existing customer of ours,
in order to fulfill the contrac, the legal basis for this data processing is Art. 6, par. 1, p. 1 b GDPR.
We only process other personal data with your consent (Art. 6, par. 1, p. 1 a GDPR) or if we have a legitmate interest in the processing of your
data (Art. 6, par. 1, p. 1 f GDPR). An example of legitimate interest is responding to your email.
We use Google Analytics, a web analysis service by Google Inc. ("Google"). Google Analytics uses so-called "Cookies", text files saved to your
computer that enable the analysis of your usage of the website. The information on the use of this website by visitors generated by the
cookie are usually transferred to a Google server in the USA and saved there.
This is also within our legitimate interest as defined in Art. 6, par. 1, p. 1 f GDPR.
Google is subject to the Privacy Shield treaty between the European Union and the USA and has obtained certification. Therefore Google is
obliged to maintain the standards and provisions of European data privacy law. You can obtain further information using the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We have activated IP anonymization for this website (anonymizeIp). With this feature, Google will truncate your IP address on servers in European Union member states and other states bound by the Treaty on the European
Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On our
behalf, Google will use tis information to evaluate your use of the website to create reports on the activities on the website and to
provide other services in the context of website and internet usage to us.
The IP address transferred by your browser in the context of Google Analytics will not be pooled with other Google data. You can prevent cookies from
being saved by the corresponding setting in your browser software; however, we advise you that in this case you may not be able to use all the
features of this website to the fullest.
Furthermore you can prevent the transfer of data on your use of the website generated by the cookie (including your IP address) to Google as well as the
processing of these data by Google by downloading and installing the browser plugin available at the following link:http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or on browsers on mobile devices you can click on the following link to set an opt-out cookie that will
prevent logging by Google Analytics on this website in the future (this opt-out cookie will only work in this browser and for this
domain. If you delete your browser's cookies, you will need to click on this link again): [Deactivate Google Analytics]
If not expressly stated, we only save personal data for the timespan sufficient to fulfill the purposes pursued.
In some case the retention of personal data is demanded by law, e.g. in tax and trade law. In these cases we only keep the data on file for these
legal purposes, but will not otherwise process them. After the expiration of the legal retention period, your data will be deleted.
According to applicable laws you are entitled to certain rights to your personal data. If you would like to exercise these rights, please send your
request by email or mail to the address mentioned under no. 1, identifying yourself unambiguously.
The following paragraphs shall provide an overview over your rights.
6.1 Right to Verification and Disclosure
You are entitled to clear and concise information on the processing of your personal data.
This means in detail:
You are entitled to receive a confirmation from us at any time whether personal data on you are being processed. If this is the case,
you have the right to receive information on your personal data on our files free of charge, as well as a copy of these data.
Furthermore, you are entitled to the following information:
If personal data are transfered to third-party countries or international organizations, you have the right to be notified of suitable guarantees governing the transfer according to Art. 46 GDPR.
6.2 Right to Correction
You are entitled to the right to demand from us the correction and, if applicable, completion of personal data pertaining to you.
This means in detail:
You have the right to demand from us the immediate correction of incorrect personal data pertaining to you. Considering the purposes of
data processing you have the right to demand the completion of incomplete personal data – even if this necessitates a supplementary
declaration.
6.3 Right to Deletion ("Right to be Forgotten")
In a number of cases we are obliged to delete personal data pertaining to you.
This means in detail:
According to Art. 18, par. 1 GDPR, you have the right to demand from us the immediate deletion of personal data pertaining to you, and we
are obliged to immediately delete personal data if one of the following reasons applies:
In case of our public disclosure of personal data and our obligation to delete them according to Art. 17, par. 1 GDPR, we will take adequate measures, including technical ones, considering available technology and the cost of implementation, to inform the individuals responsible for data processing who process personal data, that you have demanded from them the deletion of all links to these personal data and of copies and duplicates of these personal data.
6.4 Right to Limit Processing
In a number of cases you are entitled to demand from us a limitation of the processing of your personal data.
This means in detail:
You have the right to demand from us the limitation of processing your personal data in case one of the following conditions is met:
6.5 Right to Data Transferability
You have the right to receive, transfer, or to have transferred by us, personal data pertaining to you in machine-readable format.
This means in detail:
You have the right to receive personal data pertaining to you that you have supplied to us, in a structured, widespread, and machine-readable
format, and you have the right to transfer these data to another data controller without our interference if
When exercising your right to data transferability according to par. 1 you have the right to have us transfer the personal data directly to another data controller to the extent of technical feasibility.
6.6 Right to Object
You have the right to object to the lawful processing of your personal data by us if your unique situation justifies this and our interest in
processing these data does not outweigh yours.
This means in detail:
You have the right to object to the processing of personal data pertaining to you based on Art. 6, par. 1 , p. 1 e or f GDPR at any time, for
reasons grounded in your unique situation; this also applies to profiling based on these provisions. We will not continue to process
these personal data unless we can prove compelling reasons for processing requiring protection that outweigh your interest, rights, and
freedoms, or unless the processing serves the assertion, exercise, or defense of legal claims.
If we process personal data for purposes of direct marketing, you have the right to object to the processing of personal data pertaining to
you for the purposes of such advertising at any time; this also applies to profiling in the context of such direct advertising.
You have the right to object to the processing of personal data pertaining to you that is performed for scientific, historical, or statistical
purposes according to Art. 89, par. 1 GDPR for reasons based in your unique situation, unless the processing is required to fulfill
a task in the public interest.
6.7 Automated Decisions including Profiling
You have the right to not be subjec to a decision solely based on automated processing – including profiling – that affects you legally or is
cause for a similar considerable impairment.
We do not use automated decision-making based on the personal data gathered.
6.8 Right to Revoke Agreements Concerning Data Protection
You have the right do revoke any agreement concerning the processing of personal data at any time.
6.9 Right to File Complaints with a Regulatory Authority
If you opine that the processing of personal data pertaining to you is illegal, you have the right to file a complaint with a regulatory authority, especially in the member state where you reside, work, or where the alleged infringement has taken place.
We go to great lengths to safeguard the security of your data within the framework of applicable data protection laws and technological possibilities.
We transfer your personal data in an encrypted format. This applies to your orders and to your customer login. We use the encryption system SSL
(Secure Socket Layer), but remind you that there may be security gaps associated with data transfer over the Internet (e.g. in email communication).
Complete protection of data from access by third parties is therefore not possible.
We have technical and organizational safeguards in place for the security of your data that are continually updated to the current state of
technology, consistent with Art. 32 GDPR.
We furthermore do not guarantee that our offering will be available at any given time; outages, interruptions or errors cannot be excluded. The servers
we use are painstakingly protected on a regular basis.
Generally we only use your personal data within our company.
If we involve third parties in the fulfillment of contracts (e.g. logistics providers), and to the extent that we do, these parties receive personal
data only to the extent necessary to fulfill their respective service.
In case we outsource certain data processing tasks ("delegated procssing"), third party processors are contractually obligated to utilize personal
data only in ways consistent with th demands of data privacy laws and to guarantee the protection of the rights of the relevant person.
We do not transfer data to offices or persons outside of the EU, with the exception of the case mentioned in no. 4 of this privacy notice, and
do not plan to do so.
If you have any questions or concerns regarding privacy and data protection, please contact our data security officer:
Daniel Schwope
Tel.: 036847 / 351 2400
E-Mail: info@paatz.com