Data Protection Statement
in accordance with the EU General Data Protection Regulation (GDPR)
(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC in the Official Journal of the European Union, OJEU L 119/1; effective date: 25 May 2018).
to the website www.berentzenshop.de
At Der-Berentzen-Hof GmbH in Haselünne we are very serious about protecting your personal data. We treat your personal data confidentially in conformity with statutory data protection regulations under German and European law and with the following Statement.
This Data Protection Statement relates to our website alone. If you are forwarded to other websites via links on our website, please seek information from those other websites about how they handle and process your data.
The legal basis for data processing, including on websites, is essentially the following provisions and legal regulations:
Based on the principles of data avoidance and data economy, we process personal data only as long as this is necessary within the meaning of the Statement below or prescribed by legislators (statutory storage period). If the purpose or right to process the collected personal data no longer exists or if the permitted storage period expires, we will lock or erase the data; that is, unless their further processing — with a time limit — is required, particularly for the following purposes:
To allow for a data lock at any time, it is necessary to keep the data in a lock file for control purposes. If there is no statutory duty to archive, you can also demand the erasure of such data. If a statutory duty to archive exists, we will lock these data if you wish. If providing personal data is mandated by law or contract, or is necessary for conclusion of a contract, we refer to the adverse consequences for not providing them.
In particular, the following terms used in this agreement are defined according to Art. 4 GDPR as follows:
For further definitions, please refer to Art. 4 GDPR ( https://dejure.org/gesetze/DSGVO ).
1. Name and contact data of the controller responsible for the processing and of the internal Data Protection Officer
This Data Protection Statement is valid for data processing by the responsible operator of this website: Der Berentzen Hof GmbH, Ritterstraße 7, 49740 Haselünne, Germany (hereinafter: Berentzen Hof), e-mail: email@example.com, phone: +49 (0)541600-15-30, fax: +49 (0)5961/502-268.
Der Berentzen Hof's internal Data Protection Officer can be reached as follows:
Phone: +49(0) 5961/502-0
Fax: +49(0) 5961/502-268
E-mail address: firstname.lastname@example.org
2. Collection and storage of personal data, nature and purpose of use
a. Call-up of the website (server log files)
When this website www.berentzenshop.de is called up, information is automatically sent by the browser used on your terminal device to the server of this website. This information is stored temporarily in a log file. The following information is recorded without your doing anything and is stored until it is automatically deleted:
It is not possible to deduce your identity from this automatically generated information. The aforementioned data are processed for the following purposes:
The legal basis for this data processing is provided by Art. 6 para. 1 sentence 1 lit. f of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as: GDPR). Our legitimate interest follows from the data collection purposes listed above. In no case will we use the collected data for the purpose of drawing conclusions as to your identity.
b. Order process/conclusion of contract/performance of contract
The personal data that you provide us in the ordering process of our Online-Shop are required in order to enter into and then perform the contract. On principle, your personal data are shared voluntarily and according to your wish. For any product deliveries, however, we need, for example, in any case your full first and last name and your full mailing address; for some methods of payment we also need the required payment data (especially credit card data), particularly to pass on to our payment service provider, and perhaps other data for our shipping provider, supplier, etc.
If you contact us before the possible conclusion of the contract, we process the data that you provide to us in order to organise any necessary pre-contractual workflows or, for example, to answer your potential questions in advance. We erase data processed in this way if a contract evidently does not come about.
The legal basis for this processing is Art. 6 para. 1 lit. b GDPR.
c. Age verification
If an age verification takes place, no specific personal data are processed by us for this purpose beyond the data mentioned above under subsection 2.a. Age verification takes place fundamentally in order to check whether you are permitted to have access to the content of our website based on your age (e.g. only 18+).
A cookie is placed, which stores the existence of the age verification (see under section 4. below); this is so that the age verification does not have to be performed every time our website is called up (for comfort and convenience).
d. Newsletter subscription
If you have explicitly consented under Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to send you our newsletter regularly. To receive the newsletter, it is enough to give us an e-mail address and your first and last name.
When you subscribe to the newsletter, we store the IP address for the PC system you use to subscribe, which is provided by the Internet service provider (ISP), as well as the date and time of subscription. Collection of these data is required in order to trace any possible misuse of your e-mail address.
The personal data collected for subscribing to the newsletter will be used exclusively for the sending of our newsletter. In addition, you can obtain information by e-mail if this is required for the operation of the newsletter service or a registration in relation to this, e.g. in case of a change to the newsletter service. The personal data collected by the newsletter service will not be shared with third parties. A link is provided in the newsletter for the purpose of withdrawing consent.
Unsubscribing is possible at any time, e.g. via the link at the end of the newsletter. Alternatively, you can also send your unsubscription request that you fill out then to email@example.com at any time by e-mail. The consent to the storage of personal data that you gave us for the sending of the newsletter can be withdrawn at any time, likewise under firstname.lastname@example.org.
e. Use of contact form/initiation of contact/image upload
We make it possible for you to contact us on this website using a form. You must provide a valid e-mail address for us to know from whom the inquiry is coming and to respond to it. In addition, it is necessary to indicate your gender (for the form of address), first and last name, and phone number. Additional information can be provided voluntarily, especially via the message box.
You can set up a customer account for yourself with our Online-Shop. We will process the following data of yours for this purpose: Private or business customer, gender (for the form of address), first and last names, e-mail address and phone number as well as billing address (street address, postal code, city, country). Alternatively you can also place orders in our Online-Shop as a guest – thus without personalised login data; of course, the data that we need to make delivery to you (e.g. postal address) will need to be collected.
You can contact us by post or via email@example.com(see Contact and Regulatory Information). In that case, we will process accordingly the data that you send us in your contact initiation; besides purely technical data (see 2.a. above), these can also include real names (first/last name), user-names, addresses (street address, city, postal code), phone numbers or e-mail addresses.
You can upload images for special labels in our Online-Shop. If personal data can be derived from this (e.g. portrait pictures), we process the data transmitted to us in this way purely for the purpose you requested (preparation of a special label).
We process your data received in the contact initiation to provide a proper reply.
The data collected by us and received from you in your contact initiation will be automatically erased after your inquiry has been taken care of, unless a justified interest exists for – time-limited – further retention (e.g. applicant data).
The data processing for the purpose of initiating contact with us is done on the basis of your freely given consent according to Art. 6 para. 1 sentence 1 lit. a GDPR.
3. Sharing of data
Any transfer of your data to third parties will take place only for the purposes listed below.
We share your personal data with third parties only
If we should form the intention to use the personal data for a purpose other than those mentioned above, prior to this further processing we will make available to you information about this other purpose and all other relevant information according to Art. 13 para. 2 GDPR.
We use the following cookies:
- Google Analytics cookies (see below under subsection 5.a.)
- Shopware cookies (see below under subsection 5.b.)
- Nosto cookies (see below under subsection 5.c.)
- Session cookies (age verification, see below under subsection 2.c.)
In a cookie, information is deposited that arises in connection with the specific terminal device used. But that does not mean that we obtain direct knowledge of your identity from this.
You can prevent the use and placement of cookies by blocking the placement of cookies in the browser (you will find information about this in the Help function of the browser). Opt-out cookies prevent the future recording of data when visiting this website. However, we would like to point out that in this case perhaps not all functions of this website can be used in full.
The deployment of cookies helps in particular to make the use of our website offering convenient for you. We use the following cookies specifically:
a. Session cookies, to detect that you have already visited individual pages of our website. They are only stored in the random access memory of the user's computer. In a session cookie, a randomly generated, unique identification number is deposited, a so-called session ID. In addition, a cookie contains the information about its source and a storage time-limit. These cookies cannot store any other data. Session cookies are deleted when the session of use of the website is ended.
b. Temporary cookies, which are stored on your terminal device for a certain defined period of time. When you visit our site again to use our services, it is automatically recognised that you were on our site before, and what inputs and settings you made, so that you do not have to enter them again.
c. Cookies for statistical recording and for the purpose of optimising our website offering (see section 5). These cookies also make it possible, when your visit our website again, to recognise automatically that you had already visited our website. These cookies are automatically erased after a period of time defined for each.
The data processed by cookies are required for the aforementioned purposes to protect our legitimate interests and that of third parties under Art. 6 para. 1 sentence 1 lit. f GDPR.
Most browsers accept cookies automatically. But you can set up your browser so that no cookies are stored on your computer or so a notice appears every time before a new cookie is placed. However, complete deactivation of cookies can lead to your not being able to use all the functions of our website. Session cookies (see above 4.a.) normally cannot be suppressed.
5. Tracking tools
The tracking measures listed below and deployed by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. By means of the deployed tracking measures, we want to ensure a demand-oriented design and ongoing optimisation of our website. Secondly, we use tracking measures to record the use of our website statistically and analyse this use for the purpose of optimising our website offering. These interests are to be viewed as legitimate within the meaning of the aforementioned regulation.
The respective data processing purposes and data categories can be inferred from the corresponding tracking tools.
a. Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The use encompasses the Universal Analytics operating standard. This makes it possible to associate data, sessions and interactions with a pseudonymised user ID across multiple devices and thus to analyse the activities of a user across devices (incl. cross-device tracking).
In this context, pseudonymised use profiles are prepared and cookies (see 4. above) are used. The information generated by the cookie about your use of this website, such as
is usually transmitted to a Google server in the United States and stored there.
If IP anonymisation is activated on this website, however, the IP address will be abbreviated beforehand by Google in the territory of Member States of the European Union or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and abbreviated there. The IP address that the used browser transmits in the context of Google Analytics will not be combined with other data of Google. By order of the operator of this website, Google will use this information to analyse the use of the website, to compile reports on the website activities and to provide other services connected with the use of the website and the Internet to the operator of the website. These purposes in the present case also include the legitimate interest in the data processing. The legal basis for the deployment of Google Analytics is Art. 6 para. 1 lit. f GDPR. Sessions and campaigns are ended after a certain length of time expires. As a standard practice, sessions are ended after 30 minutes with no activity and campaigns are ended after six months. The time-limit for campaigns can be no longer than two years.
Besides the possibility of preventing the storage of cookies by setting the browser software accordingly (in that case an opt-out cookie is placed that prevents the future recording of your data when you visit this website; the opt-out cookie is valid only within this browser and only for our website and is deposited on your device; if you erase the cookies in this browser, you have to replace the opt-out cookie), you can prevent the recording to Google of the data generated by cookies and related to the use of the website (incl. IP address), and the processing of these data by Google, by downloading and installing the https://tools.google.com/dlpage/gaoptout?hl=de browser-add-on (deactivation add-on). To prevent recording by Universal Analytics across different devices, you must complete the opt-out on all the systems used. The opt-out cookie is placed by this route: Disabling Tracking. To prevent recording by Universal Analytics across different devices, you must complete the opt-out on all the systems used. We would like to point out that, if you opt-out, you may not be able to use all the functions of this website in full.
This information will perhaps also be transferred to third parties insofar as this is prescribed by law or to the extent that third parties are hired to process these data (see 3. above). In no case will your IP address be combined with other Google data. The IP addresses are anonymised, so that an association is not possible (IP masking, anonymizeIP).
You will find further information on data protection in connection with Google Analytics under Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
We use Shopware on our site, which is open source software to improve and optimise the use of our Online-Shop.
Shopware stores cookies in your browser to guarantee the basic functions of the Online-Shop. Using cookies makes it possible, for example, to keep track of your login status and the contents of your shopping cart, and even to provide CSRF protection. If cookies are not allowed by your browser, Shopware cannot be used. Shopware only stores IDs in your browser; the association with the respective information occurs within the domain of the application.
Based on session cookies, Shopware determines whether you have an active shopping cart and whether you are logged in. Thus, it serves as the identification between your browser and the server. Except for the session ID, no other information is stored in the browser. The handling of session cookies is managed on the server side via PHP and is to be viewed as independent from Shopware.
Moreover, Shopware generates an individual CSRF cookie when you visit the Shop, so that you can use the various areas of the Shop.
In addition, an SLT cookie is placed that makes it possible to recognise you again when you return to our Online-Shop, even if the session has already expired. The SLT cookie can be deactivated in the basic settings of your browser.
If you place a product on the shopping list, a cookie is placed with the name "sUniqueID" to store the content of the shopping list. The stored products are placed in the table called s_order_notes.
The browser's local storage is also where information on "recently viewed items" is stored.
The Shopware tool uses the analysis tool NOSTO to personalise your shopping experience in our Online-Shop. You can find more detailed information on NOSTO under http://pages.nosto.com/rs/339-ZHG-780/images/DE-Nosto_GDPR_Factsheet-24-04-2018.pdf
d. Google AdWords Conversion Tracking
In order to statistically record the use of our website and to optimize our website, we use Google AdWords Conversion Tracking. In doing so, Google Adwords sets a cookie (see section 4) on your computer if you have been directed to our website via a Google ad.
After 30 days these cookies lose their validity and are not used for personal identification. If you use certain pages of the website and the Adwords cookie has not expired yet, Google and we may recognize that you have clicked on the ad and have been redirected to this page.
Every Adwords customer receives a different cookie. Cookies can not be traced back via the websites of Adwords customers. The information gathered through the conversion cookies is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tagged website. They do not receive information that personally
6. Social media plug-ins
We deploy on our website social plug-ins of social networks and comparable functions of social media channels to increase awareness of our company, based on Art. 6 para. 1 sentence 1 lit. f GDPR. The promotional purpose behind it counts as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation is to be guaranteed by the respective provider.
Plug-ins are identified by the logo (or another symbol) of the respective network. When you call up a page of our website that contains one of these plug-ins, your browser usually already establishes a direct connection with the servers of the network. The content of the plug-in is then transmitted from the network directly to your browser, and integrated by the browser into the website. In any case, a connection is established with the network, and personal data are forwarded to it if you activate the plug-in button.
If you are logged in at the time of use of the plug-in, your visit to this website will be directly associated with your user account. If you have an account with the social network, the data can be linked to it and thus become public. If you do not want this to happen, you can log out on the network's page before visiting this website.
Before the plug-in can be used, you will usually be notified of the consequences once again – depending on the plug-in deployed – and you must confirm that you consent to the forwarding of the personal data. The exact purpose and scope of the data collection by the respective network and the further use of the data, as well as potential optional settings with regard to the user account, can also be learned from the data protection statement of the respective network.
On this website, we use elements from YouTube, an Internet video portal, that enables its users to upload, view and comment on video clips at no charge. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
When you call up our website, your browser is automatically triggered to download a representation of the YouTube components. You can find more detailed information on YouTube under https://www.youtube.com/yt/about/de/. If you use them, YouTube and Google receive information about which subpage of our website you visited.
If you are logged into YouTube at the same time, then when a subpage is called up that contains a YouTube video, YouTube recognises which subpage of our website you visited. This information is gathered by YouTube and Google and associated with your YouTube account.
If you are logged into YouTube at the time you call up our website, YouTube and Google receive the information that you visited our website; this will happen regardless of whether you click on a YouTube video. You can prevent the transmission of this information by logging out of your YouTube account before you call up our website.
You will find YouTube's data protection provisions under https://www.google.de/intl/de/policies/privacy/.
We use components of PayPal on this website. PayPal is an online payments service provider. Payments are transacted via PayPal accounts that represent virtual private or business accounts. PayPal also offers the ability to make virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, so that there is no classic account number. PayPay makes it possible to initiate online payments and to receive such payments. In this process, PayPal assumes fiduciary functions and offers buyer protection services.
The European operator company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you select "PayPal" as the payment option during the order process in our Online-Shop, your data will automatically be transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required to process the payment.
The personal data transmitted to PayPal is mostly your first and last name, address, e-mail address, IP address, phone number, mobile phone number or other data necessary to transact the payment. Personal data connected with the respective order are also necessary for transacting the purchase contract.
The object of transmission of the data is to transact the payment and prevent fraud. The controller responsible for the processing will transmit personal data to PayPal particularly when it has a legitimate interest. The personal data exchanged between PayPal and the controller responsible for the processing may also be sent to credit reporting agencies under some circumstances. The object of this transmission is to verify identity and creditworthiness.
PayPal may possibly share the personal data with affiliated companies and service providers or subcontractors, if this is necessary to perform its contractual obligations or if the data are processed under contract.
You have the ability at any time to withdraw your consent from PayPal for the handling of your personal data. A withdrawal will not have effect for personal data that absolutely must be processed, used or transmitted to transact payments.
7. Rights of data subjects
You have the right, free of charge,
To assert the rights of a data subject, please send an e-mail to firstname.lastname@example.org .
8. Right of Objection and Withdrawal
Insofar as your personal data are processed on the basis of legitimate interests under Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to file an objection against the processing of your personal data under Art. 21 GDPR.
Insofar as your personal data on the basis of your explicit consent in accordance with. Art. 6 para. 1 sentence 1 lit. a GDPR are processed, you can revoke them - as long as there are reasons for this which arise from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.
If you would like to make use of your right of objection or withdrawal, an e-mail sent to email@example.com will suffice.
9. Data protection
Within the website visit, we use the prevalent SSL method (Secure Sockets Layer) in combination with the highest encryption level that your browser supports. Generally, this is 256-bit encryption. You can tell whether a specific page on our website is transmitted in encrypted form by the locked image of the key or lock symbol in the lower status bar of your browser.
In addition, we use suitable technical and organisational security measures to protect your data against random or deliberate manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are continually enhanced in step with technological developments.
10. Up-to-dateness and amendment of this Data Protection Statement
This Data Protection Statement is currently valid and is updated as of 25 May 2018 (effective date of the GDPR).
On account of the further development of our website and offerings made via the website, or due to changes to legal or regulatory requirements, it may become necessary to amend this Data Protection Statement.