Privacy Policy
Last updated: August 2024
We are pleased to welcome you to our website and thank you for your interest. Here, we would like to inform you about how your personal data are handled when using this website.
1. Data protection at a glance
General notes
The following information provides an overview of what happens to your personal data when you visit this website. Under GDPR, personal data (Art. 4 (1) GDPR) are all data relating to an identified or identifiable natural person. This includes, for example, your name or email address, but also the IP address used to access our services. Insofar as you provide information about your eyesight or other medical information required for the provision of corrective visual aids, such as contact lenses, in the context of using our services, this involves health data as defined in Art. 4 (15) GDPR and this information is specifically protected as personal data. For detailed information about data protection, please refer to our privacy policy, which is listed below this text.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Contact details are provided in the section "Information about the controller" in this data protection statement.
How do we collect your data?
On the one hand, your data are collected when you provide us with information. For example, this might involve data that you enter in a form.
Other data are collected automatically by our IT systems or after you have given consent when you visit the website. This mainly involves technical data (e.g. internet browser, operating system or time of page view). These data are collected automatically as soon as you access this website.
What do we use your data for?
Some data is collected to ensure the website can be provided without any errors. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipients and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can withdraw this consent at any time with future effect. You also have the right to request restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time about this and other data protection questions.
Third-party analytics and tools
When visiting this website, your surfing behavior can be statistically analyzed. This is done mainly with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.
2. Hosting & Content Delivery Network (CDN)
Hosting
This website is hosted externally. We use the system of OVH SAS, 2 rue Kellermann BP 80157 59100 Roubaix (‘OVHcloud’), for the purpose of hosting and displaying the site content on the basis of Data Processing Agreement. All data collected on our website is processed on OVHcloud's servers. As part of the aforementioned services, data may also be transferred to OVHcloud servers in France as part of further processing on our behalf. We have concluded a data processing agreement with OVHcloud (‘Data Processing Agreement’, available at https://us.ovhcloud.com/legal/data-processing-agreement), in which we oblige OVHcloud to protect our users' data and not to pass it on to third parties.
CDN
Through our host, we use the service "Cloudflare". The provider is Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA (hereinafter "Cloudflare").
Cloudflare offers a globally distributed content delivery network with DNS. This service means the information transfer between your browser and our website is technically routed through Cloudflare's network. This enables Cloudflare to analyse traffic between your browser and our website and to act as a filter between our servers and potentially malicious internet traffic. In providing this service, Cloudflare may also use cookies or other technologies to recognise internet users, however, these are used solely for the purpose described here.
The use of Cloudflare is based on our legitimate interest in providing a website that is as free from errors and as secure as possible (Art. 6 (1) (f) GDPR).
You can find more information about security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/.
3.General notes and mandatory information
Privacy
We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data means any data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how this is done and for what purpose.
Please note that online data transmission (e.g. communication via email) can have security vulnerabilities. Complete protection of data against third-party access is not possible.
Controller, data protection officer.
The controller for data processing on this website is:
Vision Group AG
Riedwiesenstrasse 23
8305 Dietlikon
SWITZERLAND
Phone: +43 800 783 294 (free of charge from the Austrian landline network)
Email: [email protected]
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the personal data processing (e.g. names, email addresses, etc.).
If you have any concerns regarding data protection, these can be addressed to our data protection officer at the following contact address: Data Protection Officer, Vision Group AG, Riedwiesenstrasse 23, 8305 Dietlikon, SWITZERLAND, or by email to [email protected] with the subject "Data protection".
Within the European Union we have the following branch:
Vision Group AG, Alt-Moabit 91b, 10559 Berlin
Storage period
Unless a more specific storage period is mentioned within this privacy policy, your personal data will be held by us until the purpose for data processing ceases to apply. If you assert a legitimate request for erasure or if you withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
Information on data transfer to third countries
We also transfer personal data to third parties or processors based in non-EEA countries. In this case, we ensure that the recipient either has an adequate level of data protection (e.g. based on an adequacy decision by the EU Commission for the respective country in accordance with Art. 45 GDPR or the agreement of so-called EU standard contractual clauses of the European Commission with the recipient in accordance with Art. 46 GDPR) before transferring the data.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can withdraw consent that you gave previously at any time. The legality of the data processing carried out until the withdrawal of consent remains unaffected.
Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)
If the data processing is based on Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The relevant legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your relevant personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (objection under Art. 21 (1) GDPR).
Where personal data are processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for these purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection under Art. 21 (2) GDPR).
Right of appeal to the competent supervisory authority
In the event of a breach of GDPR, data subjects shall have a right of appeal to a supervisory authority, specifically in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.
Right to data portability
For data that we process automatically based on your consent or to fulfil a contract, you have the right to have the data issued to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Access, erasure and rectification
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, the purpose of data processing and, if applicable, a right to rectify or erase these data. You can contact us at any time with regard to this and other questions about personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do this. The right to restrict processing exists in the following cases:
If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data is/was unlawful, you may request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need the data for the establishment, exercise or defence of legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
If you file an objection under Art. 21 (1) GDPR, a balance must be struck between your interests and ours. Until it has been determined whose interests prevail, you have the right to demand restriction of the processing of your personal data.
If the processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.
4. Data collection on this website
Cookies
Our website uses so-called "cookies". Cookies are small text files and do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain third-party company services (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary because certain website functionality would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.
Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functionality that you have requested (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies in order to eradicate technical errors and to optimise its service provision. Insofar as consent has been obtained to store cookies, the storage of the relevant cookies shall be based exclusively on this consent (Art. 6 (1) (a) GDPR); consent can be withdrawn at any time.
You can configure your browser settings so that you are informed about cookie storage and only allow cookies in individual cases, you can decline cookies in certain cases or in general, and you can enable automatic cookie deletion whenever the browser is closed. If cookies are disabled, the functionality of this website may be limited.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you about this separately as part of this privacy policy and, if necessary, obtain your consent.
Cookie consent with Usercentrics
Our website uses cookie consent technology from Usercentrics to obtain your consent to the storage of certain cookies on your device and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").
When you visit our website, a connection is established to the Usercentrics servers in order to obtain your consent and other declarations regarding cookie use. Usercentrics then saves a cookie in your browser, so that you can be linked with the granting or withholding of consent. The data collected in this way are stored until you request erasure, or you delete the Usercentrics cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Our use of the Usercentrics service enables us to obtain consent for the use of cookies as stipulated in law. The legal basis for this is Art. 6 (1) (f) GDPR.
Commissioned data processing
We have agreed a data processing contract (DP contract) with the aforementioned provider. This is a contract required under data protection legislation to ensure that the provider always follows our instructions and complies with GDPR when processing personal data pertaining to our website visitors.
Server log files
We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are
Browser type and browser version
Operating system
Referrer URL
Host name of the accessing computer
Time of the server enquiry
IP address
This data is not merged with other data sources.
This data is collected on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in the technically error-free presentation and optimisation of our website - the server log files must be recorded for this purpose.
Enquiry by email or telephone
If you contact us by email or telephone, your enquiry including all associated personal data (name, request) will be stored and processed by us for the purpose of dealing with your enquiry. We do not share these data without your consent.
The processing of these data is based on Art. 6 (1) (b) GDPR, insofar as your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of requests addressed to us (Art. 6 (1) (f) GDPR) or based on your consent (Art. 6 (1) (a) GDPR), if this has been obtained.
The data you send to us via contact requests will be held until you request its erasure, or withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions — especially statutory retention periods — remain unaffected.
Registration on this website
You can register on this website to use additional online features. The relevant data entered will only be used for the purpose of using whatever offer or service you registered for. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.
If there are important changes, for example in the scope of the offer or changes required for technical reasons, we will use the email address provided during registration to notify you.
The data entered during registration are processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 (1) (b) GDPR).
The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
Single sign-on with third-party providers
Instead of logging in to our website with your e-mail address, you can also use the social login function of our partners:
Meta (Facebook) or
Apple
If you already have an account with one of these providers, you can use it to register on our website. The providers will pass on data linked to your account to us. If you opt for the single sign-on option, your provider will inform you which data will be shared with us.
The data transmitted to us during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6(1)(b) GDPR).
5. Analysis tools and marketing
Data Sharing with Analytics and Marketing Partners
This website uses features from various analytics and marketing partners with your consent. You can find an overview of all partners in our Consent Management Platform (CMP): www.discountlens.at/en/cmp. You can agree to or decline the sharing of data with these partners for different purposes in the CMP. You can change this selection at any time. The CMP also provides further information about our partners, such as service descriptions, processed data, technologies used, legal basis, place of processing, storage duration, and additional privacy policy notes from our partners.
Customer Data Matching for Marketing Purposes
With your separate consent, we share "hashed" contact data with selected marketing partners. "Hashing" is a process where data is converted into an apparently random, but unique string of fixed length using a special algorithm. This string is referred to as a "hash value" or "hash" and functions similarly to a checksum. The hash value cannot be reverse-engineered. However, the recipient can check if they already have data in their own database that matches the same hash value. If so, the partner can establish a matching. In this way, our advertising partners can determine whether the person is already among their own contacts. However, they do not receive any new contact information from us that they do not already have from you. This matching helps us and the advertising partners deliver targeted advertising to you. The following data is shared with advertising partners with your consent:
Hash value of your email address
Hash value of your phone number
Hash value of your first name
Hash value of your last name
Hash value of your country
Hash value of the ZIP code
We currently share this data with the following partners with your consent:
Google (https://policies.google.com/privacy?hl=en-EU)
Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Meta (https://www.facebook.com/privacy/policy/)
Voucher marketing
In order to select a voucher offer that is currently of interest to you, the hash value of your email address and IP address are pseudonymized and encrypted and sent to Sovendus GmbH (Sovendus), Hermann-Veit-Str. 6, 76135 Karlsruhe (Art. 6 (1) (f) GDPR). The pseudonymized hash value of the email address is used in order to establish whether there is any objection to advertising by Sovendus (Art. 21 (3), Art. 6 (1) (c) GDPR). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymised after seven days (Art. 6 (1) (f) GDPR). In addition, for billing purposes, we transmit the pseudonymized order number, order value with currency, session ID, voucher code and time stamp to Sovendus (Art. 6 (1) (f) GDPR). If you are interested in a voucher offer from Sovendus and there is no advertising objection filed against your email address, and if you click on the voucher banner that will be displayed only if this is the case, your title, name, postcode, country and email address will be transmitted by us in encrypted form to Sovendus to prepare the voucher (Art. 6 (1) (b), (f) GDPR).
For more information about how Sovendus processes your data, please see the online privacy notice at https://www.sovendus.de/datenschutz.
Trusted Shops Trustbadge
To display our Trusted Shops seal of approval and to offer Trusted Shops membership to buyers after they have placed an order, the Trusted Shops Trustbadge is incorporated in this website.
This serves to protect our legitimate interest in the optimal marketing of our services, where this interest is considered to prevail in a balancing of interests, Art. 6 (1) (f) GDPR. The Trustbadge and associated services are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
Whenever the Trustbadge is used, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the usage, the amount of data transferred and the requesting provider (access data) and documents the usage. These access data are not evaluated and are automatically overwritten no later than seven days after the end of your visit to the site.
Further personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies.
6. Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the relevant email address and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use these details exclusively for sending the requested information and do not pass them on to third parties.
The processing of data entered via the newsletter registration form is based exclusively on your consent (Art. 6 (1) (a) GDPR). You can withdraw your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example by using the "unsubscribe" link in the newsletter. The legality of any data processing already carried out remains unaffected by the withdrawal of consent.
The data you provide for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to block or remove email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
7. Other plugins and tools
Google Web Fonts (local)
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers for this purpose.
For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=en-GB
Google Maps
This site uses the Google Maps service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps functionality, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is enabled, Google may use Google Web Fonts for the purpose of uniform font display. When you visit Google Maps, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.
Google Maps is used in the interest of presenting our online services in an attractive way and making it easy to find the locations indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If appropriate consent has been obtained, the processing is based exclusively on Art. 6 (1) (a) GDPR; consent can be withdrawn at any time.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and at https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.
Dixa
We use the CRM system Dixa to process user requests. The provider is Dixa ApS, Vimmelskaftet 41A, 1st Sal., 1161 Copenhagen, Denmark.
We use Dixa to process your requests quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
You can send requests that only specify the email address and without giving your name.
The messages you send us will be held until you request their deletion, or withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions (especially retention periods) remain unaffected.
If you are not comfortable with us processing your request through Dixa, you may alternatively communicate with us by email or phone.
For more information, please see Dixa's privacy policy: https://www.dixa.com/legal/privacy/.
Commissioned data processing
We have agreed a data processing contract (DP contract) with the aforementioned provider. This is a contract required under data protection legislation to ensure that the service provider always follows our instructions and complies with GDPR when processing personal data pertaining to our website visitors.
Storyblok
We use Storyblok as our content management system (CMS). The service provider is Storyblok GmbH, Peter-Behrens-Platz 2, Linz, AT 4020, Austria. The use of Storyblok enables us to create and operate the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Further information can be found on the website at https://www.storyblok.com/ or in Storyblok's privacy policy at https://www.storyblok.com/legal/privacy-policy.
8. Affiliate programmes
We participate in affiliate partner programmes. In affiliate partner programmes, advertisements from one company (advertiser) are placed on the websites of other companies in the affiliate partner network (publisher). If you click on one of these affiliate adverts, you will be redirected to the advertised offer. If you subsequently make a certain transaction (conversion), the publisher receives a fee for this. In order to calculate this remuneration, it is necessary for the affiliate network operator to be able to track which advert brought you to the respective offer and which predefined transaction you carried out. Cookies or comparable recognition technologies (e.g. device fingerprinting) are used for this purpose.
The data is stored and analysed on the basis of consent in accordance with Art. 6(1)(a) GDPR. Consent can be withdrawn at any time.
We participate in the following affiliate programmes:
WEBGAINS affiliate programme, service provider: Webgains GmbH, Frankenstraße 150C, 90461 Nuremberg, Germany.
Website: https://www.webgains.com/public/en/
Privacy policy: https://www.webgains.com/public/en/privacy-2/
9. Reorder service
If you have placed a successful contact lens order via our online shop, we will process your name, e-mail address, order date and information about the products you have ordered in order to offer you a re-order service. Depending on the quantity of products ordered, we calculate a sensible time for a repeat order. You will then receive a reminder email with the option to purchase the products you have ordered again. Only if you exercise this option will you be redirected to our website for a new ordering process. The legal basis for sending the reminder email is our legitimate interest (Art. 6(1)(f) GDPR) in carrying out direct advertising. Our interest outweighs your legitimate interests, as we can generally assume that a repeat order for the consumer product contact lenses is also in your interest. Your interests are also adequately protected by the fact that you can object to the further receipt of reminder emails at any time by clicking an ‘unsubscribe’ button, which is included in every reminder email. In this case, we will no longer process your data for the purposes of the reorder service. Further processing of the data for other purposes remains unaffected insofar as we have a legal basis for this.
10. eCommerce and payment providers
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent necessary for the establishment, definition or modification of the legal relationship (user data). This is done on the basis of Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. Insofar as health data are required for this purpose, the legal basis is Art. 9 (2) (h) GDPR (in conjunction with § 22 (1) (1) (b) German Federal Data Protection Act [BDSG]). We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable use of the service or for billing purposes.
The customer data collected will be deleted once the order is complete or when the business relationship is terminated. Statutory retention periods remain unaffected.
Data transmission for contract conclusion for online shops, retailers and shipping
We transmit personal data to third parties only if this is a necessary part of contract performance, for example to companies entrusted with the delivery of the goods or to the financial institution entrusted with payment processing. There is no further transmission of the data unless you have explicitly agreed to this. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.
The basis for the data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
In order to process your order, we work with the following service providers, who support us to varying extents in the performance of agreed contracts. Personal data are transferred to these service providers in accordance with the following information.
Use of special service providers for order processing and handling
Paqato
To enable shipment tracking after a customer has placed an order, we use the service provided by PAQATO GmbH, Johann-Krane-Weg 6, 48149 Münster ("Paqato").
On our behalf, Paqato sends shipment notifications and delivery status updates. For this purpose, pursuant to Art. 6 (1) (f) GDPR based on our legitimate interest in effective and informative customer communication as well as in transparent and reliable shipment processing (which is also in the customer's interest), we pass on certain customer data (email address, first and last name, postal address) and the shipment number to Paqato after the package has been dispatched.
The data will not be passed on to third parties by Paqato and will be processed exclusively for the aforementioned purpose. Once shipping has been completed, the data will be deleted by Paqato.
We have put in place a data processing agreement with Paqato, by which we oblige Paqato to protect our customers' data in accordance with the legal requirements.
Paqato's privacy policy can be viewed here: https://www.paqato.com/datenschutzerklaerung/
pixi
Order processing takes place via the service provider "pixi" (Descartes Systems (Germany) GmbH, Walter-Gropius-Str. 15, D-80807 Munich). In accordance with Art. 6 (1) (b) GDPR, name, address and potentially other personal data are provided to pixi exclusively for the purpose of processing the online order. Your data will only be disclosed to the extent actually necessary for order processing. Details about data protection at pixi and the privacy policy for Descartes Systems (Germany) GmbH can be viewed at the following link: https://www.pixi.eu/datenschutz
Transfer of personal data to shipping service providers
DHL
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany), we will disclose your email address to DHL in accordance with Art. 6 (1) (a) GDPR before delivery of the goods, so that DHL can arrange the delivery date or issue delivery notifications, provided you have explicitly consented to this in the ordering process. Otherwise, for the purpose of delivery pursuant to Art. 6 (1) (b) GDPR, we will only provide DHL with the name of the recipient and the delivery address. The disclosure of this information is made only insofar as is necessary for the delivery of goods. In this case, prior coordination of the delivery date with DHL and delivery notifications will not be possible.
Consent can be withdrawn at any time with future effect vis-à-vis the aforementioned controller or the transport service provider DHL.
GLS
If the goods are delivered by the transport service provider GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 - 7, 36286 Neuenstein), we will disclose your email address in accordance with Art. 6 (1) (a) GDPR before delivery of the goods, so that GLS can arrange the delivery date or issue delivery notifications, provided you have explicitly consented to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) (b) GDPR, we will only provide GLS with the name of the recipient and the delivery address. The disclosure of this information is made only insofar as is necessary for the delivery of goods. In this case, prior coordination of the delivery date with GLS and status updates regarding the delivery will not be possible.
Consent can be withdrawn at any time with future effect vis-à-vis the aforementioned controller or the transport service provider GLS.
Credit checks
In the case of a purchase on account or any other method of payment for which we offer credit, we may carry out a credit check (score). For this purpose, we transfer data you have submitted (e.g. name, address, age or bank details) to a credit agency. These data are used to calculate the probability of default. In the event of an excessive risk of non-payment, we may refuse the payment method in question.
The credit check is carried out for contract performance (Art. 6 (1) (b) GDPR) and to avoid payment defaults (legitimate interest according to Art. 6 (1) (f) GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 (1) GDPR); consent can be withdrawn at any time.
Payment services
We include third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of handling the payment. These transactions are subject to the relevant provider's contractual and data protection provisions. The use of payment service providers is based on Art. 6 (1) (b) GDPR (contract processing) and in the interest of a convenient, straightforward and secure payment process (Art. 6 (1) (f) GDPR). Insofar as your consent is obtained for certain actions, Art. 6 (1) (a) GDPR is the legal basis for data processing; consent can be withdrawn at any time with future effect.
We use the following payment services / payment service providers within this website:
PayPal
Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
For details, see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.Datatrans
The provider of this payment service is Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland. Further information on the payment service provider's data protection can be found at https://www.datatrans.ch/en/privacy-policy/.Debt collection service
If you do not pay outstanding invoices despite repeated reminders, we reserve the right to send the necessary data for debt collection to a debt collection service provider.
In addition, we may sell outstanding receivables to a debt collection service and, for this purpose, assign these receivables to the relevant service, which may then take responsibility for enforcing the claims against you under statutory provisions.
The legal basis for the transfer of data as part of debt collection is Art. 6 (1) (b) GDPR; the transfer of data in the context of the sale of receivables is based on Art. 6 (1) (f) GDPR.
In Germany, we work with the following debt collection service providers:
Arvato Financial Solutions, infoscore Forderungsmanagement GmbH, Rheinstr. 99, 76532 Baden-Baden.
11. Encryption
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content (such as orders or requests that you send to us as the site operator) this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the web address changes from "http://" to "https://" and by the appearance of the lock symbol in the browser address bar.
When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
After agreeing a contract for which there is a fee, if there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorization) these data are required for payment processing.
Payment transactions via standard payment methods (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the web address changes from "http://" to "https://" and by the appearance of the lock symbol in the browser address bar.
With encrypted communication, the payment data that you transmit to us cannot be read by third parties.