1) Information about the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.
1.2 Responsible for the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is ROCK AND STEEL GERMANY GmbH, Hanne-Mertens-Weg 5, 22455 Hamburg, Germany, Tel .: 01743534089, email: firstname.lastname@example.org . The person responsible for the processing of personal data is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transfer of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https: //" and the lock symbol in your browser line.
2) Data collection when visiting our website
When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source / reference from which you came to the page
Operating system used
IP address used (if necessary: in anonymous form)
Processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are specific indications of illegal use.
Hosting by ShopifyWe use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop Basis for processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned Shopify services, data can also be processed as part of further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc .or Shopify (USA) Inc. In the event of data being transmitted to Shopify Inc. in Canada, the adequacy decision of the European Commission guarantees the appropriate level of data protection. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA are certified for the us-European data protection convention "Privacy Shield", which ensures compliance with the data protection level applicable in the EU Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz Any further processing on servers other than those mentioned by Shopify will only take place within the framework communicated below.
4) Content delivery network
To make the visit to our website attractive and the use to enable certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable you to recognize your browser the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to the individual extent. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings in your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the content of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of a given consent or according to Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
Please note that you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookiesFirefox: https://support.mozilla.org/de/kb/cookies-erlauben -and-rejectChrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=enSafari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac /10.14Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Please note that the functionality of our website may be restricted if cookies are not accepted.
6) Contact us
When contacting us (e.g. via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter concerned has been finally clarified and provided that there are no statutory retention requirements.
7) Data processing when opening a customer account and for contract processing
According to Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. It is possible to delete your customer account at any time and can send a message to the above. Address of the person responsible. We save and use the data you provide for contract processing. After completion of the contract or deletion of your customer account, your data will be blocked with due regard to tax and commercial law retention periods and deleted after the expiry of these deadlines, unless you have expressly consented to further use of your data or a legally permitted further data use on our part is reserved has been.
8) Use of your data for direct advertising
Based on our legitimate interest in personalized direct mail, we reserve your first and last name, your postal address and - insofar as we have received this additional information from you within the contractual relationship - your title, academic degree, year of birth and your professional, Industry or Business name in accordance with Art. 6 Para. 1 lit. f GDPR and use it to send interesting offers and information about our products by post.
You can object to the storage and use of your data for this purpose at any time by sending a message to the person responsible.
9) Data processing for order processing
9.1 In order to process your order, we work with the following service provider (s) who support us in whole or in part in the execution of contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as far as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of the data is Art. 6 Para. 1 lit. b GDPR.
9.2 Use of special service providers for order processing and processing
- Easybill The order processing (in particular the billing) takes place via the service provider "easybill" (easybill GmbH, Düsselstr. 21, 41564 Kaarst). Name, address and any other personal data, if any, are provided in accordance with Art. b GDPR passed on to easybill exclusively for processing the online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order. Details on easybill's data protection and easybill's data protection declaration can be viewed on the easybill website at easybill.de.
9.3 Use of payment service providers (payment services)
- Klarna If you choose a Klarna payment service, payment will be processed via Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable payment to be processed, your personal data (first and last name, street, house number, postcode, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, item, delivery type) passed on to Klarna for the purpose of identity and credit check, provided that you have given it in accordance with Art. 6 Para. 1 lit. a GDPR have expressly consented to as part of the ordering process. To which credit agencies your data can be forwarded can be viewed here: https: //cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies The credit rating information can contain probability values (so-called score values ). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is used, among other things, but not exclusively, to calculate the score values. Klarna uses the information received about the statistical probability of a payment default to make a balanced decision on the establishment, implementation or termination of the contractual relationship.You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for the contractual payment processing. Klarna.com/1.0/shared/content/legal/terms/0/de_de/privacybzw. for those affected with their registered office in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacyehandelt.- Paypal when paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "Purchase on account" or "installment payment" via PayPal, we give your payment details to PayPal (Europe) Sarl as part of the payment processing et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment details may be processed in accordance with Art. 6 para. 1 lit. f GDPR based on PayPal's legitimate interest in determining your solvency in Auskunftei passed on. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is used, among other things, but not exclusively, to calculate the score values. For more information on data protection law, including information on the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You can process this data at any time by sending a message to Disagree with PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.- Shopify PaymentsWe use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you If you choose a payment method offered by the payment service provider Shopify Payments, the payment is processed by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we provide the information you provided during the ordering process the information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) according to Art. 6 Para. 1 lit. b Pass on GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this. You can find more information on the data protection of Shopify Payments at the following Internet address: https://www.shopify.com/legal/privacy. Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
10) Online marketing
10.1 Use of Google Ads Conversion Tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use the offer of Google Ads to draw attention to our attractive offers on external websites with the help of advertising materials (so-called Google Adwords). We can use the data from the advertising campaigns to determine how successful the individual advertising measures are. We are pursuing the goal of showing you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred.
The cookie for conversion tracking is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Every Google Ads customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users. If you do not want to participate in tracking, you can block this use by deactivating the Google Conversion Tracking cookie via your internet browser under the keyword "user settings". You will then not be included in the conversion tracking statistics. We use Google Ads based on our legitimate interest in targeted advertising in accordance with Art. 6 para. 1 lit. f GDPR. As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC. come in the US.
In the event of transmission of personal data to Google LLC. based in the United States, Google LLC. certified for the US-European data protection convention "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https: // www.privacyshield.gov/list
You can find more information about Google's data protection regulations at the following Internet address: https://www.google.de/policies/privacy/
You can permanently deactivate cookies for advertisements by preventing them by making the appropriate settings in your browser software or by downloading and installing the browser plug-in available under the following link: https: //www.google.com/settings/ads/plugin ? hl = de
As far as legally required, we have given your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
10.2 Google Marketing Platform
This website uses the online marketing tool Google Marketing Platform by the operator Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("GMP").
In addition, GMP can use cookie IDs to record conversions related to ad requests. This is the case, for example, if a user sees a GMP ad and later accesses the advertiser's website when using the same browser and buys something via this website. According to Google, GMP cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge as follows: By integrating GMP, Google receives the information that you are using the corresponding part of our website Accessed the website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and save your IP address. As part of the use of GMP, personal data may also be transmitted to the servers of Google LLC. come in the US.
If you would like to object to the participation in this tracking process, you can deactivate cookies for conversion tracking by setting your browser so that cookies from the domain www.googleadservices.com are blocked (see https: // www. google.de/settings/ads), whereby this setting will be deleted if you deactivate your cookies. Alternatively, you can get information from the Digital Advertising Alliance at www.aboutads.info about the setting of cookies and make your desired settings. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted.
In the event of transmission of personal data to Google LLC. based in the United States, Google LLC. certified for the US-European data protection convention "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
You can find more information about the data protection regulations of GMP by Google at the following Internet address: https://www.google.de/policies/privacy/
As far as legally required, we have given your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
11) Web analytics services
Google (Universal) Analytics
Google (Universal) AnalyticsThis website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called "cookies", which are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transferred to a Google server and stored there, which can also be transmitted to the servers of Google LLC. come in the USA.This website uses Google (Universal) Analytics only with the extension "_anonymizeIp ()", which ensures anonymization of the IP address by shortening and excludes a direct personal reference. The extension will shorten your IP address from Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google LLC server in the USA and shortened there. In these exceptional cases, this processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to do more with website and internet use to provide related services to us. The IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly. However, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https: //tools.google.com/dlpage/gaoptout? hl = de As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that In future, Google Analytics will prevent data from being recorded on this website (this opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click this link again): Deactivate Google Analytics Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=deFor the transmission of personal data to Google LLC. based in the United States, Google LLC. certified for the US-European data protection convention "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list As far as legally required, we have your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
12) Tools and other
We use the service of the cloud-based accounting software "lexoffice" from Haufe-Lexware GmbH & Co. KG, Munzinger Strasse 9, 79111 Freiburg to handle the accounting, Lexoffice automatically processes incoming and outgoing invoices and, if applicable, the bank movements of our company to record, to match the transactions and from this to create the financial accounting in a semi-automated process. If personal data are also processed here, the processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in the efficient organization and documentation of our business processes. More information on lexoffice, the automated processing of data and data protection regulations can be found at https://www.lexoffice.de/datenschutz/
13) Rights of the data subject
13.1 The applicable data protection law grants you comprehensive data protection rights (information and intervention rights) to the person responsible with regard to the processing of your personal data, about which we inform you below:
Right to information according to Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of the processed person related data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, Complaint to a supervisory authority, the origin of your data if we did not collect it from you, the existence of automated decision-making including profiling and, if necessary, meaningful information about the logic involved and the scope that affects you and the intended effects of such processing, as well as Your right to be informed of the guarantees under Art. 46 GDPR when your data is forwarded to third countries;
Right to correction in accordance with Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and / or completion of your incomplete data stored by us;
Right to deletion in accordance with Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the correctness of your data, which you disputed, is checked, if you reject the deletion of your data due to unauthorized data processing and instead the Request restriction of the processing of your data if you need your data for the establishment, exercise or defense of legal claims, after we no longer need this data after the purpose has been achieved or if you have objected for reasons of your special situation, as long as it is not certain whether our legitimate ones Reasons outweigh;
Right to information in accordance with Art. 19 GDPR: If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he or she is obliged to correct or delete the data to all recipients to whom the personal data concerning you have been disclosed Notify restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible, insofar as this is technically feasible;
Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with future effect. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal;
Right to lodge a complaint in accordance with Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the, without prejudice to any other administrative or judicial remedy Member State of your whereabouts, your place of work or the place of the alleged violation.
13.2 RIGHT TO OBJECT
IF WE IN AN INTEREST CONSIDERATIONS YOUR PERSONAL DATA DUE TO OUR OVERRIDING INTEREST IN PROCESS, YOU HAVE THE ALL-TIME RIGHT FOR REASONS ARISING OUT OF THEIR SITUATION SHOWN AGAINST THE PROCESSING CONFLICT WITH EFFECT FOR THE FUTURE EINZULEGEN.MACHEN OFF YOUR RIGHT OF USE , WE WILL END PROCESSING THE AFFECTED DATA. PROCESSING IS SUBJECT TO BE PROVIDED IF WE CAN PROVIDE OBLIGATORY PROTECTED REASONS FOR THE PROCESSING, WHICH EXERCISE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND BASIC FREEDOMS, OR IF THE PROCESSING, PUBLICITY, PUBLICITY.
IF YOUR PERSONAL DATA IS PROCESSED BY US TO OPERATE DIRECT ADVERTISEMENT, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESS PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE CONTRADICTION AS DESCRIBED ABOVE.
If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
14) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and - if relevant - also on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of express consent in accordance with Art. 6 Para. 1 lit. a DSGVO, this data is stored until the data subject withdraws their consent.
Are there statutory retention periods for data that are part of legal or similar legal obligations on the basis of Art. 6 Para. 1 lit. b GDPR are processed, this data will be routinely deleted after the retention periods have expired, provided that they are no longer required to fulfill the contract or initiate a contract and / or we do not have a legitimate interest in further storage.
When processing personal data on the basis of Art. 6 Para. 1 lit. f GDPR, this data is stored until the data subject exercises his right to object pursuant to Art. 21 Para. 1 GDPR, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Art. 6 Para. 1 lit. f GDPR, this data is stored until the data subject exercises his right to object pursuant to Art. 21 Para. 2 GDPR.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted if it is used for the purposes for which it was collected or for other purposes processed in a way that is no longer necessary.