Privacy Policy
Unless otherwise stated below, the provision of your personal data is neither required by law or contract, nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it will have no consequences. This applies only to the extent that no other indication is made in subsequent processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.
Contact
Controller
Contact us on request. The person responsible for data processing is: Heiko Ebert, Talstr. 8, 08209 Auerbach, Germany, Tel. 03744 - 183653, Mail: webmaster@hedesign.de.
Initiating contact of the customer by e-mail
If you initiate business contact with us by e-mail, we will collect your personal data (name, e-mail address, message text) only to the extent provided by you. The data processing serves the processing and response to your contact request.
If the contact serves the implementation of pre-contractual measures (eg advice on purchase interest, offer preparation) or concerns a contract already concluded between you and us, this data processing is based on Art. 6 para 1 lit b DSGVO.
If the contact is made for other reasons, this data processing is based on Art. 6 para 1 lit f DSGVO from our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) DSGVO for reasons arising from your particular situation.
We will only use your e-mail address to process your request. Your data will then be deleted in compliance with legal retention periods, unless you have consented to further processing and use.
Collection and processing when using the contact form
When using the contact form, we collect your personal data (name, e-mail address, message text) only to the extent provided by you. The data processing serves the purpose of contacting you.
If the contact serves the implementation of pre-contractual measures (eg advice on purchase interest, offer preparation) or concerns a contract already concluded between you and us, this data processing is based on Art. 6 para 1 lit. b DSGVO.
If the contact is made for other reasons, this data processing is based on Art. 6 para 1 lit. f DSGVO from our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) DSGVO for reasons arising from your particular situation.
We will only use your e-mail address to process your request. Your data will then be deleted in compliance with legal retention periods, unless you have agreed to further processing and use.
Customer account orders
Customer account
When opening a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Art. 6 para. 1 lit. a DSGVO with your consent. You can revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. Your customer account will then be deleted.
Advertising
Use of e-mail address for sending newsletters
We use your e-mail address independently of the contract processing exclusively for our own advertising purposes for sending newsletters, provided that you have expressly consented to this. The processing is based on Art. 6 para. 1 lit. a DSGVO with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. To do so, you can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the distribution list.
Your data will be passed on to a service provider for e-mail marketing in the context of order processing. A transfer to other third parties does not take place.
Use of the e-mail address for sending direct advertising
We use your e-mail address, which we have received in the context of the sale of a good or service, for the electronic transmission of advertising for our own goods or services that are similar to those that you have already purchased from us, unless you have objected to this use. The provision of the e-mail address is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. The processing is based on Art. 6 (1) lit. f DSGVO from our overriding legitimate interest in direct advertising. You can object to this use of your e-mail address at any time by notifying us. The contact details for exercising the objection can be found in the imprint.You can also use the link provided for this purpose in the advertising e-mail. This does not incur other than the transmission costs according to the prime rates.
Enterprise Resource Planning
Use of an external enterprise resource planning system
We use an enterprise resource planning system for contract processing within the scope of order processing. For this purpose, your personal data collected in the course of the order will be transmitted to PrestaShop .
Payment service provider
Use of PayPal Express
We use the PayPal Express payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the PayPal Express payment service. To integrate this payment service, it is necessary for PayPal to collect, store and analyze data (e.g. IP address, device type, operating system, browser type, location of your device) when you call up the website. Cookies may also be used for this purpose. The cookies enable the recognition of your browser.
The processing of your personal data is based on Art. 6 (1) lit. f DSGVO from our overriding legitimate interest in a customer-oriented offer of various payment methods. You have the right to object to this processing of personal data relating to you at any time for reasons arising from your particular situation.
With the selection and use of PayPal Express, the data required for payment processing is transmitted to PayPal in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO. For more information on data processing when using the payment service PayPal Express, please refer to the associated privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS.
Use of PayPal Check-Out
We use the PayPal Check-Out payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the payment service. With the selection and use of payment via PayPal, credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO.
Credit card via PayPal, Direct debit via PayPal & "Pay later" via PayPal
For individual payment methods such as credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, PayPal reserves the right to obtain credit information on the basis of mathematical-statistical methods using credit agencies, if necessary. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a weighed decision on the establishment, implementation or termination of the contractual relationship. The credit information may include probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical methods and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for a contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO for our overriding legitimate interest in protecting against payment default when PayPal makes advance payments.
You have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) DSGVO for reasons arising from your particular situation by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide the data will result in the contract not being concluded with the payment method you have selected.
Third-party supplier
When paying via the payment method of a third-party provider, the data required for payment processing is transmitted to PayPal. This processing is based on Art. 6 para. 1 lit. b DSGVO. For the execution of this payment method, the data may then be forwarded by PayPal to the respective provider. This processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO. Local third-party providers may be, for example:
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany).
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany).
Purchase on account via PayPal
When paying via the payment method purchase on account, the data required for payment processing are first transmitted to PayPal. For the execution of this payment method, the data will then be transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO. If necessary, Ratepay carries out a credit check on the basis of mathematical-statistical procedures (probability or score values) using credit agencies according to the procedure already described above. The data processing serves the purpose of credit assessment for a contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO from our overriding legitimate interest in protecting against payment default when Ratepay makes advance payments. For more information on data protection and which credit agencies use Ratpay, see https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
For more information on data processing when using PayPal, please refer to the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Use of the payment service provider Stripe
We use the payment service Stripe of Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) on our website. The data processing serves the purpose of being able to offer you payment via the payment service. With the selection and use of Stripe, the data required for payment processing is transmitted to Stripe in order to be able to fulfill the contract with you with the selected payment method. This processing takes place on the basis of Art. 6 (1) lit. b DSGVO.
Stripe reserves the right, if necessary, to obtain credit information on the basis of mathematical-statistical methods using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship. The credit information may include probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical methods and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for a contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO for our overriding legitimate interest in protecting against payment default when PayPal makes advance payments.
You have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) DSGVO for reasons arising from your particular situation by notifying Stripe. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide it will result in the contract not being concluded with the payment method you have chosen. All Stripe transactions are subject to the Stripe privacy policy. You can find this at https://stripe.com/de/privacy.
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Use of CCM19
We use the consent management tool CCM19 by Papoo Software & Media GmbH (Auguststr. 4, 53229 Bonn, Germany; "CCM19") on our website.
The tool allows you to give consent to data processing via the website, in particular the setting of cookies, as well as to exercise your right to withdraw consent you have already given.
Data processing serves the purpose of obtaining and documenting required consents to data processing and thus complying with legal obligations.
Cookies may be used for this purpose. Among other things, the following information may be collected and transmitted to CCM19: Date and time of the page view, information about the browser you are using and the device you are using, anonymized IP address, opt-in and opt-out data. This data is not passed on to other third parties.
Data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) lit. c DSGVO.
You can find more information on data protection at Consentmanager at: https://www.ccm19.de/en/privacyclarification.html
Analysis
Use of Google Analytics
We use on our website the web analytics service Google Analytics of Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you have your habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller of your data. Accordingly, Google Ireland Limited is the company affiliated with Google that is responsible for processing your data and ensuring compliance with applicable data protection laws.
The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. To this end, Google will use the information obtained on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. In this context, the following information may be collected, among others: IP address, date and time of page view, click path, information about the browser you are using and the device you are using (device), pages visited, referrer URL (website from which you accessed our website), location data, purchase activities. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
Google Analytics uses technologies such as cookies, web storage in the browser and tracking pixels that allow an analysis of your use of the website. The information generated by this about your use of this website is usually transferred to a Google server in the USA and stored there. No adequacy decision of the EU Commission is available for the USA. The data transfer is based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, viewable at: https://policies.google.com/privacy/frameworks and https://business.safety.google/adsprocessorterms/. Both Google and US government agencies have access to your data. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google may have about you.
IP anonymization is enabled on this website. This means that your IP address will be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The processing of your personal data is based on Art. 6 (1) lit. f DSGVO from our overriding legitimate interest in the needs-oriented and targeted design of the website. You have the right to object to this processing of personal data relating to you at any time for reasons arising from your particular situation.
You may refuse the collection of data generated by Google Analytics and related to your use of the website (including your IP address). your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
To prevent data collection and storage by Google Analytics across devices, you can set an opt-out cookie. Opt-out cookies prevent future collection of your data when visiting this website. You must perform the opt-out on all systems and devices used for this to be fully effective. If you delete the opt-out cookie, requests will be sent to Google again. If you click here, the opt-out cookie will be set: Disable Google Analytics.
For more information on terms of use and privacy, please visit https://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/ and https://policies.google.com/technologies/cookies?hl=de.
Plug-ins and Miscellaneous
We use on our website the Google Tag Manager of Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you have your habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller of your data. Accordingly, Google Ireland Limited is the company affiliated with Google that is responsible for processing your data and ensuring compliance with applicable data protection laws.
This application manages JavaScript tags and HTML tags that are used to implement tracking and analysis tools in particular. The data processing serves the purpose of demand-oriented design and optimization of our website.
The Google Tag Manager itself neither stores cookies nor is personal data processed through this. However, it enables the triggering of other tags that can collect and process personal data.
More information on terms of use and privacy can be found here
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
The data processing serves the purpose of the uniform display of fonts on our website. In order to load the fonts, a connection to Google servers is established when the page is called up. Cookies may be used for this purpose. Among other things, your IP address and information about the browser you are using will be processed and transmitted to Google. This data is not linked to your Google account.
Your data may be transmitted to the USA. For the USA, there is no adequacy decision of the EU Commission. The data transfer is based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, viewable at: https://policies.google.com/privacy/frameworks.
The processing of your personal data is based on Art. 6 (1) lit. f DSGVO from our overriding legitimate interest in a user-friendly and aesthetic design of our website. You have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6 (1) lit. f DSGVO by notifying us.
For more information on data processing and data protection, please visit https://www.google.de/intl/de/policies/ as well as https://developers.google.com/fonts/faq.
Affected party rights and storage period
Duration of storage
After complete execution of the contract, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law retention periods and then deleted after the deadline, unless you have consented to further processing and use.
Rights of the data subject
You are entitled to the following rights in accordance with Art. 15 to 20 DSGVO if the legal requirements are met: right to information, to rectification, to deletion, to restriction of processing, to data portability.
In addition, according to Art. 21 (1) DSGVO, you have the right to object to processing based on Art. 6 (1) f DSGVO and to processing for the purposes of direct marketing.
Right to lodge a complaint with the supervisory authority
Pursuant to Art. 77 DSGVO the right to complain to the supervisory authority if you believe that the processing of your personal data is not carried out lawfully.
Right of objection
If the personal data processing listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO, you have the right, for reasons arising from your particular situation, to object to these processing operations at any time with effect for the future.
After the objection has been made, the processing of the data concerned will be terminated, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.
If the personal data processing is carried out for direct marketing purposes, you may object to this processing at any time by notifying us. After successful objection, we terminate the processing of the data concerned for the purpose of direct marketing.
Last update: 23.08.2023