Sect. 1 General
Sect. 2 Data processing for the performance of contracts
(1) Purpose of data processing
Your personal data you provide us during the ordering process are necessary for the conclusion of a contract with us. You are not obliged to provide your personal data. However, we would not be able to send you the goods without your address. For some payment methods we ask for the necessary payment data in order to pass them on to a payment service provider commissioned by us. Hence, the processing of your data collected during the ordering process is soley for the purpose of contract performance.
If you send us a request by e-mail or by using the contact form, etc. before concluding the contract, we process the obtained data to carry out pre-contractual measures and answer your questions about e.g. our products.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (b) of the GDPR.
(3) Recipient categories
Payment service provider, shipping service provider, hosting provider, if necessary merchandise management system, suppliers if necessary (drop-shipping).
(4) Duration of Storage
We store the data required for contract execution until the statutory warranty and, if applicable, contractual warranty periods expire.
We store the data required under commercial and tax law for the statutory periods, generally ten years (cf. § 257 German Commercial Code (HGB), § 147 Regulation of Taxation (AO)).
The data processed for the execution of pre-contractual measures will be deleted as soon as the measures have been carried out and the contract cannot be concluded.
Sect. 3 PayPal-transactions
Sect. 4 Information about cookies
(1) Purpose of data processing
This website uses technically necessary cookies. These are small text files that are stored in or by your Internet browser on your computer system. These cookies are employed, for example, when several products must be inserted in a shopping basket.
Other cookies remain stored permanently and recognize your browser on your next visit. These cookies are employed, for example, to store permanently your passwords for a customer account.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR.
(3) Duration of Storage
The technically necessary cookies are usually deleted when the browser is closed. Permanently stored cookies remain stored from a few minutes to several years.
(4) Right of revocation
Your consent to persistent cookies can be withdrawn at any time by deleting the cookies in your browser settings.
Sect. 5 Your rights as a data subject
If your personal data is being processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards us, the controller:
1. Right to information
You may request us to provide information about your personal data processed by us under Article 15 of the GDPR.
2. Right to rectification
If your personal data provided to us is not up to date or not accurate you have the right to ask for modifications to your personal data under Article 16 of the GDPR. You also have the right to request us to complete an incomplete data.
3. Right to erasure
You have the right to have your personal data erased and ask for deletion of your data under Article 17 of the GDPR.
4. Right to restriction of processing
You have the right to restrict the processing your personal data under Article 18 of the GDPR.
5. Right to data portability
You have the right referred to in Article 20 of the GDPR to receive your personal data provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
6. Right to revoke the consent given under data protection law
You have the right referred to in paragraph 3 of Article 7 to withdraw your given consent based on the data protection provisions at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
7. Right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data relating to you infringes the GDPR, you have the right referring to in Article 77 of the GDPR to complain to the supervisory authority against the processing of your personal data (in particular in the Member State of your habitual residence, place of work or place of the alleged infringement ).
Please also note your right of objection under Article 21 GDPR:
a) In general: reasoned objection required
If the processing of personal data concerning you takes place in order
- to perform our overriding legitimate interest (legal basis: Article 6 (1f) GDPR)
- to safeguard the public interest (legal basis: Article 6 (1e) GDPR),
you are entitled to object to the processing at any time for reasons arising from your particular situation; this also applies to profiling based on the provisions of the GDPR.
In the event of objection, we will no longer process the personal data concerning you unless we can prove compelling grounds for processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims;
b) Special case of direct marketing: simple objection is sufficient
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing and without stating reasons; this includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Responsible for data processing:
XYZ Machinery GmbH
Am Hummelbach 36
Phone: +49 2137 9277-747