The following privacy notice applies to the use of our online offering (subsequently „Website“).
We attach great importance to data security. Your personal data are collected and processed in accordance with applicable data security laws, especially the General Data Protection Regulation (GDPR).

1 Controller

The data controller responsible for the collection, processing and use of your personal data according to Art. 4 Nr. 7 GDPR is

PAATZ Viernau GmbH
OT Viernau
Hergeser Weg 1
98587 Steinbach-Hallenberg
Tel.: 036847 / 351 2400

In case of objection to the collection, processing or use of your data by us as described in this privacy notice as a whole or to individual measures, please direct this objection to the data controller.
You can save or print out this privacy notice at any time.

2 General Purpose of Data Processing

We use personal data for the purpose of operaing this website

3 What Data Do We Use And Why?

3.1 Hosting

We use hosting services to provide the following services: infrastructure and platform services, calculating capacity, memory space and database services, security and technical maintenance services used for running this website.
To this end, we or our hosting provider process stock data, contact data, content data, contract data, usage data, metadata and communication data of customers, prospective customers and visitors on this website on the basis of our legitimate interest in the efficient and secure provision of our website according to Art. 6 par. 1 p. 1 f) GDPR in conjunction with Art. 28 GDPR.

3.2 Access Data

We collect information on you if you use this website. We automatically gather information about your usage patterns and interaction with us and are logging data pertaining to your computer or mobile device. We gather, save, and use data every time our website is accessed (so-called server log files). Examples of access data include:

We use these protocol data for statistical evaluation without attaching them to you as a person or other forms of profile generation for website operation, security, and optimization, as well as for anonymous tracking of the number of visitors to our website (traffic) as well as the extent and type of use of our website and services, as well as for billing purposes in order to measure the number of clicks received from cooperating partners. Based on this information we can offer personalized and geographically targeted content and analyze data traffic, track and eliminate errors, and optimize our services.

This constitutes a legitimate interest as defined in Art. 6, par. 1, p. 1p GDPR.

We reserve the right to retroactively analyze protocol data if tangible evidence raises a legitimate suspicion of illegal use. We save IP addresses in our log files for a limited time if security purposes or the provision or billing of services renders it necessary, e.g. if you use one of our offerings. After aborting the order process or after payment is received, we delete the IP address if it is no longer needed for security purposes. We also save IP addresses in case of tangible suspicion of a crime in the context of using our website. We also record the date of your last visit in your account (e.g. on registration, login, following links etc.)

3.3 Cookies

We use so-called session cookies to optimize our website. A session cookie is a small text file sent from the respective server on visiting a website, which is cached on your hard disk. This file per se contains a so-called session ID enabling us to assign several of your browser requests to one single session. In this way, your computer can be recognized once you return to our website. These cookies are deleted after you shut down your browser. One purpose they serve is that they enable you to use the shopping cart function across several pages.

On a small scale, we also use persistent cookies (likewise small tex files deposited on your terminal device) that stay on your device and allow us to recognize your browser on your next visit. These cookies are saved to your hard disk and are deleted automatically after a given time. Their lifetimes vary between 1 month and 10 years. In this way, we can present you with a more user-friendly, effective and secure offering and e.g. show you information specific to your interests on our website.

Our legitimate interest in using cookies as defined in Art. 6, par. 1, p. 1p GDPR is to make our website more user-friendly, effective, and secure..

The following data and information are examples of what is saved in cookies:

On activation of a cookie it is assigned an identification number. Your personal data are not assigned to this identification number. Your name, IP address or similar data that would facilitate an assignment of the cookie to you as a person are not saved within the cookie. Using cookie technology, we only receive pseudonymized information, e.g. on what pages of our shop were visited, what products were viewed etc.
You can configure your browser to inform you prior to placing a cookie so you can decide on a case-by-case basis to deny the receipt of cookies in certain cases or generally, or the complete refusal of cookies. This can limit the functionality of the website.

3.4 Data Needed to Fulfill Our Contractual Obligations

We process personal data needed to fulfill our contractual obligations, e.g. name, address, email address, products ordered, billing and payment data. The gathering of this data is a prerequisite for contract conclusion.

Data are deleted after all warranty and legal retention periods have expired. Data connected with a user account (see below) will always be retained for the duration of maintenance of said account.

The legal basis for the processing of these data is Art. 6, par. 1, p. 1b GDPR, as we need these data to fulfill our contractual obligations to you.

3.5 User Account

You can create a user account on our website. If you so desire, we need the personal data collected at login time. For later logins, only your email addres or user name and the password chosen by you are required.

At registration time of a new user we gather account data (e.g. name, address), communication data (e.g. email address) and payment data (bank details) as well as access data (user name and password).

To safeguard a proper login process and prevent unauthorized logins by third parties we send you and activation link by email after registration to activate your account. The data submitted by you is only saved permanently in our system after registration is complete.

You can have us delete a user account you created at any time without any charge save the cost for transferring that information to us at base rate. A written notice to the contact specified in No. 1 (e.g. by email, fax, letter) is sufficient. We will then delete all personal data on you that is saved in our system if they are no longer needed to process orders or legal retention orders.

The legal basis for the processing of these data is your aggreement as defined in Art. 6, par. 1, p. 1 a GDPR.

3.6 Newsletter

To sign up for the newsletter the data gathered during the registration process are required. The signup for the newsletter is logged. After signing up a message is sent to the provided email address asking you to confirm the subscription ("double opt-in"). This is required so third parties cannot sign up using your email address.

You can always withdraw your consent to receive the newsletter and thus cancel your subscription.

We save subscription data for as long as they are needed to dispatch the newsleter. We save the subscription log and target address as long as interest in the consent initially given persists. As a rule, these are the limitation periods for claims under civil law, i.e. three years maximum.

The legal basis for dispatch of the newsleter is your consent according to Art. 6, par. 1, p. 1a GDPR in conjunction with § 7, par. 2, no. 3 UWG. The legal basis for logging your subscription is our legitimate interest in proving that dispatch has occurred with your consent.

You can revoke your subscription anytime without any charge save the cost for transferring that information to us at base rate. A written notice to the contact specified in No. 1 (e.g. by email, fax, letter) is sufficient. As a matter of course, you will find an unsubscription link within each newsletter.

3.7 Product Recommendations

Independent of the newsletter, we will regularly send you product recommendations by email. In this manner we inform you about products from our selection that could be of interest to you based on your most recent purchases of goods or services from us. Doing this, we strictly adhere to legal guidelines. You can object to this anytime without any charge save the cost for transferring that information to us at base rate. A written notice to the contact specified in No. 1 (e.g. by email, fax, letter) is sufficient. As a matter of course, you will find an unsubscription link within each email.

The legal basis for this is the legal permission in Art. 6, par. 1, p. 1 f GDPR in conjunction with § 7, par. 3 UWG.

3.8 Email Contact

If you contact us (e.g. by contact form or email), we process your information in order to answer your request and in case subsequent questions arise.

In case data is processed to carry out tasks based on your request prior to contract conclusion or, if you are an existing customer of ours, in order to fulfill the contrac, the legal basis for this data processing is Art. 6, par. 1, p. 1 b GDPR.

We only process other personal data with your consent (Art. 6, par. 1, p. 1 a GDPR) or if we have a legitmate interest in the processing of your data (Art. 6, par. 1, p. 1 f GDPR). An example of legitimate interest is responding to your email.

4 Google Analytics

We use Google Analytics, a web analysis service by Google Inc. ("Google"). Google Analytics uses so-called "Cookies", text files saved to your computer that enable the analysis of your usage of the website. The information on the use of this website by visitors generated by the cookie are usually transferred to a Google server in the USA and saved there.
This is also within our legitimate interest as defined in Art. 6, par. 1, p. 1 f GDPR.

Google is subject to the Privacy Shield treaty between the European Union and the USA and has obtained certification. Therefore Google is obliged to maintain the standards and provisions of European data privacy law. You can obtain further information using the following link:

We have activated IP anonymization for this website (anonymizeIp). With this feature, Google will truncate your IP address on servers in European Union member states and other states bound by the Treaty on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On our behalf, Google will use tis information to evaluate your use of the website to create reports on the activities on the website and to provide other services in the context of website and internet usage to us.

The IP address transferred by your browser in the context of Google Analytics will not be pooled with other Google data. You can prevent cookies from being saved by the corresponding setting in your browser software; however, we advise you that in this case you may not be able to use all the features of this website to the fullest.

Furthermore you can prevent the transfer of data on your use of the website generated by the cookie (including your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plugin available at the following link:

As an alternative to the browser plugin or on browsers on mobile devices you can click on the following link to set an opt-out cookie that will prevent logging by Google Analytics on this website in the future (this opt-out cookie will only work in this browser and for this domain. If you delete your browser's cookies, you will need to click on this link again): [Deactivate Google Analytics]

5 Duration of Retention

If not expressly stated, we only save personal data for the timespan sufficient to fulfill the purposes pursued.

In some case the retention of personal data is demanded by law, e.g. in tax and trade law. In these cases we only keep the data on file for these legal purposes, but will not otherwise process them. After the expiration of the legal retention period, your data will be deleted.

6 Your Rights as a Data Subject

According to applicable laws you are entitled to certain rights to your personal data. If you would like to exercise these rights, please send your request by email or mail to the address mentioned under no. 1, identifying yourself unambiguously.
The following paragraphs shall provide an overview over your rights.


6.1 Right to Verification and Disclosure

You are entitled to clear and concise information on the processing of your personal data.
This means in detail:

You are entitled to receive a confirmation from us at any time whether personal data on you are being processed. If this is the case, you have the right to receive information on your personal data on our files free of charge, as well as a copy of these data. Furthermore, you are entitled to the following information:

  1. the purposes of processing;
  2. the categories of personal data being processed;
  3. the recipiens or categories of recipients the personal data have been or will be disclosed to, especially concerning recipients in third-party countries or international organizations;
  4. if possible, the projected duration personal data will be saved for or, if that is not possible, the criteria for the determination of said duration;
  5. the existence of a right to correction or deletion of personal data pertaining to you or to its processing by the data controller or the right to object to this processing;
  6. the existence of the right to file complaints with a regulatory authority;
  7. all available information on the source of personal data if it has not been gathered from you directly;
  8. the existence of automated decision-making including profiling as defined in Art. 22, par. 1 and 4 GDPR and – at leat in these cases – meaningful information on the logic involved as well as the reach and intended consequences of this type of processing on you.

If personal data are transfered to third-party countries or international organizations, you have the right to be notified of suitable guarantees governing the transfer according to Art. 46 GDPR.

6.2 Right to Correction

You are entitled to the right to demand from us the correction and, if applicable, completion of personal data pertaining to you.

This means in detail:
You have the right to demand from us the immediate correction of incorrect personal data pertaining to you. Considering the purposes of data processing you have the right to demand the completion of incomplete personal data – even if this necessitates a supplementary declaration.

6.3 Right to Deletion ("Right to be Forgotten")

In a number of cases we are obliged to delete personal data pertaining to you.

This means in detail:
According to Art. 18, par. 1 GDPR, you have the right to demand from us the immediate deletion of personal data pertaining to you, and we are obliged to immediately delete personal data if one of the following reasons applies:

  1. The personal data are no longer necessary for the purposes they have been gathered or otherwise processed for.
  2. You have revoked your agreement the processing was based on according to Art. 6, par. 1, p. 1 a GDPR or Art. 9, par. 2 a GDPR, absent further legal basis for its processing.
  3. You object to the processing of your data according to Art. 21, par. 1 GDPR absent any overriding legitimate reasons for processing, or you object to the processing of your data according to Art. 21, par. 2 GDPR.
  4. Personal data has been processed illegally.
  5. The deletion of personal data is necessary to comply with a legal obligation according to European Union law or legislation of member states we are subject to.
  6. Personal data have been gathered in context of information society services offered according to Art. 8, par. 1 GDPR.

In case of our public disclosure of personal data and our obligation to delete them according to Art. 17, par. 1 GDPR, we will take adequate measures, including technical ones, considering available technology and the cost of implementation, to inform the individuals responsible for data processing who process personal data, that you have demanded from them the deletion of all links to these personal data and of copies and duplicates of these personal data.

6.4 Right to Limit Processing

In a number of cases you are entitled to demand from us a limitation of the processing of your personal data.

This means in detail:
You have the right to demand from us the limitation of processing your personal data in case one of the following conditions is met:

  1. You dispute the correctness of personal data for an adequate timespan for us to verify the correctness of personal data;
  2. The processing is unlawful and you have declined the deletion of personal data, instead demanding the limitation of use of these personal data;
  3. Although we no longer require these personal data for processing purposes, however, you require them to assert, exercise, or defend legal claims; or
  4. You have objected to data processing according to Art. 21, par. 1 GDPR, however, it has not yet been determined if our company's legitimate reasons for processing these data outweigh yours.

6.5 Right to Data Transferability

You have the right to receive, transfer, or to have transferred by us, personal data pertaining to you in machine-readable format.

This means in detail:
You have the right to receive personal data pertaining to you that you have supplied to us, in a structured, widespread, and machine-readable format, and you have the right to transfer these data to another data controller without our interference if

  1. the processing is based on an agreement according to Art. 6, par. 1, p. 1 a GDPR or Art. 9, par. 2 a GDPR, or a contract according to Art. 6, par. 1, p. 1 b GDPR and
  2. processing is performed using automated protocols.

When exercising your right to data transferability according to par. 1 you have the right to have us transfer the personal data directly to another data controller to the extent of technical feasibility.

6.6 Right to Object

You have the right to object to the lawful processing of your personal data by us if your unique situation justifies this and our interest in processing these data does not outweigh yours.

This means in detail:
You have the right to object to the processing of personal data pertaining to you based on Art. 6, par. 1 , p. 1 e or f GDPR at any time, for reasons grounded in your unique situation; this also applies to profiling based on these provisions. We will not continue to process these personal data unless we can prove compelling reasons for processing requiring protection that outweigh your interest, rights, and freedoms, or unless the processing serves the assertion, exercise, or defense of legal claims.

If we process personal data for purposes of direct marketing, you have the right to object to the processing of personal data pertaining to you for the purposes of such advertising at any time; this also applies to profiling in the context of such direct advertising.
You have the right to object to the processing of personal data pertaining to you that is performed for scientific, historical, or statistical purposes according to Art. 89, par. 1 GDPR for reasons based in your unique situation, unless the processing is required to fulfill a task in the public interest.

6.7 Automated Decisions including Profiling

You have the right to not be subjec to a decision solely based on automated processing – including profiling – that affects you legally or is cause for a similar considerable impairment.

We do not use automated decision-making based on the personal data gathered.

6.8 Right to Revoke Agreements Concerning Data Protection

You have the right do revoke any agreement concerning the processing of personal data at any time.

6.9 Right to File Complaints with a Regulatory Authority

If you opine that the processing of personal data pertaining to you is illegal, you have the right to file a complaint with a regulatory authority, especially in the member state where you reside, work, or where the alleged infringement has taken place.

7 Data Security

We go to great lengths to safeguard the security of your data within the framework of applicable data protection laws and technological possibilities.

We transfer your personal data in an encrypted format. This applies to your orders and to your customer login. We use the encryption system SSL (Secure Socket Layer), but remind you that there may be security gaps associated with data transfer over the Internet (e.g. in email communication). Complete protection of data from access by third parties is therefore not possible.

We have technical and organizational safeguards in place for the security of your data that are continually updated to the current state of technology, consistent with Art. 32 GDPR.

We furthermore do not guarantee that our offering will be available at any given time; outages, interruptions or errors cannot be excluded. The servers we use are painstakingly protected on a regular basis.

8 Sharing of Data with Third Parties, No Data Transfer to Non-EU Countries

Generally we only use your personal data within our company.
If we involve third parties in the fulfillment of contracts (e.g. logistics providers), and to the extent that we do, these parties receive personal data only to the extent necessary to fulfill their respective service.

In case we outsource certain data processing tasks ("delegated procssing"), third party processors are contractually obligated to utilize personal data only in ways consistent with th demands of data privacy laws and to guarantee the protection of the rights of the relevant person.
We do not transfer data to offices or persons outside of the EU, with the exception of the case mentioned in no. 4 of this privacy notice, and do not plan to do so.

9 Data Security Officer

If you have any questions or concerns regarding privacy and data protection, please contact our data security officer:
Daniel Schwope
Tel.: 036847 / 351 2400