Data protection and Privacy Policy
This Privacy Policy, as of 19.5.2018, informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions and content. (collectively referred to as "online offer"). With regard to the terminology used, e.g. "Personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Responsible:
Company / Name: backlight4you, Stefan Kächele
Street No.: Alter Rank 1
Postcode, City, Country: 79725 Laufenburg, Germany
Managing Director: Stefan Kächele
Phone: +49-7763-917508
E-mail address: dsb@backlight4you.com
Types of processed data:
-Inventory data (e.g., name, address, postal ID, VAT ID, WEB URL).
-Contact information (e.g., e-mail, phone numbers, fax number).
-Content data (e.g., text input, spreadsheets, pictures, videos, WEB links).
-Contract data from all data sources (for example, time, subject matter of the contract, payment service provider, payment information, customer categories, special customer or supplier requests).
-Usage data (e.g., websites visited, access times).
-Meta / communication data (e.g., IP addresses, telecom logbook).
Processing of special categories of data (Article 9 (1) GDPR):
It will probably surprise you. but we do not process special categories of data.
Categories of data subjects:
Customers, prospects, suppliers. Visitors and users of the online offer.
Purpose of processing:
- Establishment, implementation and termination of purchase contracts.
- Provision of the online offer, its contents and functions.
-Answering contact requests and communicating with users.
-Creation of security measures.
-Fulfillment of legal obligations.
-Service, customer care and troubleshooting technical issues.
1. Relevant legal bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing.
Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR.
2. Changes and updates to the privacy policy
We ask you to inform yourself regularly about the content of our privacy policy. We will adjust the privacy policy as soon as the changes in the data processing or legal requirements we make are required. We will notify you as soon as the changes require your participation (eg consent) or other individual notification.
3. Security measures
We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the enjoyment of data subject rights, data erasure and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings taken into account (Article 25 GDPR).
The security measures include in particular the SSL encrypted transmission of data between your browser and our server.
4. Cooperation with contract processors and third parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties, as required by payment service providers or shipping service providers in accordance with Art. 6 (1) (b) GDPR), you have consented to a legal obligation or based on our legitimate interests (eg the use of agents, webhosters, etc.).
If we commission third parties to process data on the basis of a so-called "contract processing contract", this is done on the basis of Art. 28 GDPR.
5. Transfers to third countries
If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. That the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
6. Rights of the persons concerned
You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
You have accordingly. Art. 16 GDPR the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with Art. 17 GDPR, they have the right to demand that the relevant data be deleted immediately or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible.
You have gem. Art. 77 GDPR the right to file a complaint with the competent supervisory authority.
7. Right of withdrawal
You have the right to revoke consent in accordance with. Art. 7 para. 3 GDPR with effect for the future.
8. Right of objection
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes.
9. Cookies
Cookies are information transmitted from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
We use "session cookies" that are only stored for the duration of the current visit to our online presence (for example, to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies can not save any other data. Session cookies will be deleted if you have finished using our online offer and you have e.g. log out or close the browser.
If you do not want cookies to be stored on your computer, you will be asked to disable the corresponding option in the system settings of your browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
10. Deletion of data
The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. That means that the data is blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial, customs or tax reasons.
According to legal requirements, the storage takes place in particular for 10 years in accordance with § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
11. Provision of contractual services
We process inventory data (e.g., names and addresses as well as user contact information), contract data (e.g., services used, contact names, billing information) to fulfill our contractual obligations pursuant to art. Art. 6 para. 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
As a user, you can optionally create a user account, in particular by being able to see your orders. As part of the registration, you will be notified of the required mandatory information. The user accounts are not public and can not be indexed by search engines. If you have terminated your user account, their data will be deleted with regard to the user account, subject to their retention is for commercial, customs or tax law reasons according to Art. 6 para. 1 lit. c GDPR necessary. It is up to you to secure your data upon termination prior to the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
As part of the registration and re-registration and use of our online offer, we will store your IP address and the time of each user action. The storage is based on our legitimate interests, as well as your protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c GDPR.
The deletion takes place after the expiration of legal warranty and similar obligations, the necessity of keeping the data is checked every three years. In the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
Information in your customer account remains until it is deleted.
12. Contact
When contacting us (by letter, FAX, contact form, e-mail or by phone) your details for processing the contact request are processed acc. Art. 6 para. 1 lit. b) GDPR.
13. Comments and posts
If you leave comments or other contributions on our online offer, your IP address will be stored for 7 days based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR.
This is for our own safety, if someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
14. Collection of access data and logfiles
Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR we collect data on every access to the server on which our online offer is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 190 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
15. Newsletter
With the following information we inform you about the content of our newsletter as well as the registration and transit procedure as well as your right of objection.
By subscribing to our newsletter, you agree to the receipt and the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. Insofar as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletters contain information about our products, offers, promotions and our company.
Double opt-in and logging: Registration for our newsletter is done in a so-called double-opt-in procedure. That After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, the changes to your data stored at the e-mail delivery service will be logged.
Credentials: To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to give a name in the newsletter for personal address.
The dispatch of the newsletter takes place on the basis of a consent of the recipients acc. Art. 6 para. 1 lit. a, Art. 7 GDPR in connection with § 7 Abs. 2 Nr. 3 UWG or on the basis of the legal permission according to Art. § 7 Abs. 3 UWG.
The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f GDPR and serves as proof of consent to the receipt of the newsletter.
Termination / Revocation: You can terminate the receipt of our newsletter at any time, i. Revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. If the users have only subscribed to the newsletter and terminated this registration, their personal data will be deleted.
16. Integration of services and content of third parties
If you use the payment services of third parties (such as PayPal, PayPal Express, Klarna, Wirecard), the terms and conditions and the privacy notices of the respective third party providers, which are available within the respective websites, or transactional applications apply.