Data protection declaration according to the GDPR
This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our website.
I. Name and address of the person responsible
The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Managing Directors: Ina Fischer and Christian Jähnel
Register: Charlottenburg Local Court, HRB 164410 B
Phone: 030 54 88 40 53
II. General information on data processing
1. Scope of the processing of personal data
We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.
We process inventory data (e.g. name, address and e-mail address), contract data (e.g. services used, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.
2. Legal basis for the processing of personal data
As we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Ordinance (GDPR) serves as the legal basis. In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. As the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, article 6(1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
3. Data erasure and storage time
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
4. Cooperation with contract processors and third parties
If we transfer data to other persons and companies (contractors or third parties) within the scope of our processing or otherwise grant them access to the data, this is only on the basis of a legal permission, you have consented, a legal obligation this provides, the processing of contractual relationships with you or we have a legitimate interest in the data transmission (e.g. when using agents, web hosters, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of art. 28 GDPR.
5. Data security
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
6. Company profiles in social media
We operate company profiles within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
III. provision of the website and creation of log files
When you visit our website https://www.pattydoo.de, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
- Information about the browser type and version used
- The user's operating system
- The user's Internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system reaches our website
- Websites accessed by the user's system through our website
- Protocol (GET or POST)
- Status code (200 or 500)
The mentioned data will be processed by us for the following purposes:
- Ensuring a smooth connection of the website,
- Ensure comfortable use of our website,
- evaluation of system security and stability as well as
- for other administrative purposes.
The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may prevent führen from allowing you to use all functions of our website.
V. Email contact
Contact with us is possible via the e-mail address email@example.com provided. In this case, the user's personal data transmitted by e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b GDPR.
The processing of the personal data from the e-mail serves us only for the treatment of the establishment of contact. This also includes the necessary legitimate interest in the processing of the data.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail (firstname.lastname@example.org), he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
VI. contact form
If you have any questions, we offer you the opportunity to contact us by using the form provided on the website. The following personal data is required: e-mail address. So that we know who sent the request and can answer it. The data will be processed for the purpose of contacting us in accordance with Art. 6 Par. 1 S. 1 lit. f GDPR. The personal data collected by us using the contact form will be automatically deleted after your request has been processed.
You can subscribe to a free newsletter on our website. When registering for the newsletter, the following data from the input mask is transmitted to us:
- E-mail address (required)
- First name (optional)
- Last name (optional)
In the course of the registration process, your consent is obtained for the processing of the data and reference is made to this data protection declaration. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. The changes to your data stored with the shipping service provider are also logged.
The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level, information on this here.
Furthermore, Mailchimp can use this data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, Mailchimp does not use the data of our newsletter recipients to write them down or pass them on to third parties.
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file which is retrieved from the server of the shipping service when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR. The collection of the user's e-mail address serves to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. This also makes it possible to revoke the consent to the storage of personal data collected during the registration process. Alternatively, you are welcome to send your unsubscription request at any time to: email@example.com
VIII Tracking Tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet requirements and is continually optimised. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our website für These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
1. Google Analytics
For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies (see point IV) are used. The information generated by the cookie about your use of this website such as
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
XI. Rights of the data subject
If personal data are processed by you, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1. Right of information
You can ask the person in charge to confirm whether personal data concerning you will be processed by us.
If such processing has taken place, you can request information from the person responsible about the following information:
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- the planned duration of the storage of personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to have your personal data concerning you corrected or deleted, a right to have the data controller restrict processing or to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
2. The right of correction
You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.
3. Right of limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
- if you have filed an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the limitation of the processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right of cancellation
a) Duty of Erasure
You can demand that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately, if one of the following reasons applies:
- the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- you revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
- you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
- the personal data concerning you have been processed unlawfully.
- the deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- the personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
The right to cancellation does not exist insofar as the processing is necessary
- to exercise freedom of expression and information;
- for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
- to assert, exercise or defend legal claims.
5. Right of information
If you have exercised your right to have the processing corrected, deleted or restricted, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the person responsible to be informed about these recipients.
6. Right of objection
You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR for reasons arising from their particular situation; this also applies to profiling based on these provisions. The person responsible no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of objection in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
7. Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
8. right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of having infringed the GDPR, if you believe that the processing of personal data concerning you is contrary to it. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Version: May 2018