Privacy Statement - 01. September 2023
This Privacy Statement informs you about the nature, scope and purpose of the processing of personal data (hereinafter in short: ‘data’) as part of our online presence and the related websites, functions and other online activities, such as our social media profile (hereinafter jointly referred to as ‘online content’). With regard to the terms used, e.g. ‘personal data’ and their ‘processing’, we refer to the definitions in article 4 of the General Data Protection Regulation (GDPR).
78315 Radolfzell / Germany
Managing Director: Fabian Meister
Telephone number: +49 (0) 7732 806 0
Email address: firstname.lastname@example.org
Registry court: Amtsgericht Freiburg i.Br.
Company registration number: HRB 550198
UID: DE 142779447
Data Protection Officer:
Email address: email@example.com
Type of data processed:
Processing of special categories of data (Article 9(1) GDPR):
- Inventory data
- Contact data
- Content data
- Contract data
- Payment data
- Usage data
- Meta/Communication data
Categories of data subjects affected by the processing:
- In principle, no special categories of data are processed, unless they are provided by users for processing, e.g. by means of online forms.
Purpose of processing:
- Customers / Prospective customers / Suppliers.
- Visitors and users of the online content.
The persons concerned are hereinafter jointly referred to as ‘users’.
- Provision of the online content, its content and functions.
- Provision of contractual performance, services and customer care.
- Reply to contact questions and communication with users.
- Marketing, advertising and market research.
- Security measures.
- Relevant legal bases
We herewith inform you about the legal basis for our data processing pursuant to Article 13 GDPR. Unless the legal basis is not indicated in this Privacy Statement, the following shall apply: the legal bases for obtaining consent are point (a) of Article 6(1) and Article 7 GDPR, the legal basis for the processing of data to deliver our services and to carry out contractual measures, as well as to reply to enquiries is point (b) of Article 6(1) GDPR, the legal basis for processing to fulfil our legal obligations is point (c) of Article 6(1) GDPR, and the legal basis for the processing to pursue our legitimate interests is point (f) of Article 6(1) GDPR. If vital interests of the data subject or of another natural person require the processing of personal data, point (d) of Article 6(1) GDPR serves as the legal basis.
- Changes and updates to the Privacy Statement
We ask you to regularly check the content of our Privacy Statement. We will adapt the Privacy Statement if any changes we make to data processing so require. We will inform you if the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
- Security measures
Pursuant to Article 32 GDPR and with regard to the current technology, the cost of implementation, the type, scope, circumstances and the purposes of the processing, as well as the varying likelihood of occurrence and the severity of the risk for the rights and liberties of natural persons, we adopt suitable technical and organisations measures to ensure an appropriate level of protection commensurate to the risk; these measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data to minimise the possibility that data will be accessed inappropriately, as well as by controlling the input or disclosure of the data and by ensuring their availability and separation. Furthermore, we have established procedures that ensure that the rights of data subjects are safeguarded, and procedures for the erasure of data and the response to hazards for the data. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection through the design of the technology and through privacy-friendly default settings (Article 25 GDPR).
The security measures include in particular the encrypted transmission of data between your browser and our servers.
- Cooperation with processors and third parties
If we disclose or transmit data to other persons and companies (processors or third parties), or allow them access to the data in any other way as part of our processing, we will do so only based on a statutory permission (e.g. if the data are transmitted to third parties such as payment service providers, pursuant to point (b) of Article 6(1) GDPR to execute a contract), if you have consented, if it is so provided for by a legal obligation or based on our legitimate interests (e.g. when using representatives, webhosters, etc.).
If we commission third parties to process data based on a ‘contract for data processing on behalf of another’, this shall be done based on Article 28 GDPR.
- Transfer to third countries
If we process data in a third country (i.e. outside Switzerland and the European Union (EU) or the European Economic Area (EEA)), or if this is done as part of the services commissioned from third parties and/or as part of the disclosure or transfer of data to third parties, this will be done only if necessary to fulfil our (pre-)contractual obligations, based on your consent, in terms of a legal obligation or in pursuit of our legitimate interests. Subject to statutory or contractual permissions, we process or have the data processed in a third country only if the special conditions of Article 44 et seq. GDPR apply. This means that the data are processed based on special guarantees, such as the officially acknowledged determination of a data protection level corresponding to the EU (e.g. for the US, by means of the ‘Privacy Shield’), or compliance with officially acknowledged, special contractual obligations (‘standard contractual clauses’).
- Rights of the data subject
You have the right to obtain confirmation about whether data concerning you are being processed and to obtain access to these data, as well as to further information and a copy of the data pursuant to Article 15 GDPR.
In accordance with Article 16 GDPR, you have the right to completion of the data concerning you or rectification of inaccurate data concerning you.
Pursuant to Article 17 GDPR, you have the right to the erasure of data concerning you without undue delay or, alternatively, pursuant to Article 18 GDPR, a restriction of the processing of the data.
You have the right to receive the data concerning you, which you have provided to us, pursuant to Article 20 GDPR and to demand their transmission to another controller.
Furthermore, pursuant to Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
- Right of withdrawal
You have the right to withdraw your consent with effect for the future pursuant to Article 7(3) GDPR.
- Right to object
You can object at any time to the future processing of data concerning you pursuant to Article 21 GDPR. The objection can be raised specifically against processing for the purposes of direct marketing.
- Cookies and the right to object to direct marketing
A general objection to the use of the cookies deployed for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, you can prevent the saving of cookies by disabling them in your browser settings. Please note that in this case, you may not be able to use all functions of this online content.
- Erasure of data
The data processed by us are erased, or their processing is restricted, pursuant to Articles 17 and 18 GDPR. Unless expressly stipulated as part of this Privacy Statement, the data we save are deleted as soon as they are no longer necessary for their intended purpose and if no statutory retention obligations oppose the erasure of the data. If data are not erased because they are required for other, legally admissible purposes, their processing is restricted. This means that the data are blocked and are not processed for other purposes. This applies, for example, to data that are retained on statutory commercial or fiscal grounds.
- Pursuant to statutory requirements, the information is stored for 6 years pursuant to section 257(1) of the German Commercial Code [HGB] (accounting ledgers, inventory, opening balance sheets, annual financial statements, business correspondence, accounting records, etc.), as well as for 10 years pursuant to section 147(1) of the German Fiscal Code [AO] (accounts, recordings, management reports, accounting records, commercial and business correspondence, tax-relevant records, etc.).Provision of contractual services.
- Provision of contractual services
We process inventory data (e.g. names and addresses, as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) to satisfy our contractual obligations and services pursuant to point (b) of Article 6(1) GDPR. The input indicated as mandatory in online forms is required for the conclusion of the contract.
Users can optionally create a user account, allowing them to view their orders in particular. In the course of the registration, users are informed about the required mandatory input. The user accounts are not public and cannot be indexed by search engines. When users have terminated their user account, the data in connection with the user account are erased, unless their retention is required on legal commercial or fiscal grounds pursuant to point (c) of Article 6(1) GDPR. It is up to the users to back up their data in the event that the contract is terminated before the contract end date. We are entitled to irretrievably erase all user data stored during the term of the contract.
As part of the registration process and when logging in, as well as when using our online services, we save the IP address and the time of the relevant user activity. The data are saved based on our legitimate interest, as well as on the user’s interest in protection against abuse and other unauthorised usage. These data are generally not disclosed to third parties, except if they are necessary to pursue our claims, or if a statutory obligation to do so exists pursuant to point (c) of Article 6(1) GDPR.
We process usage data (e.g. the online content on our websites that you have visited, interest in our products) and content data (e.g. input in the contact form or user profile) for advertising purposes in a user profile to show users product information, for example, based on the services used previously.
Data are erased upon expiry of statutory warranty and comparable obligations; the need for retention of the data is reviewed every three years. In the case of statutory archiving duties, the data are erased after the archiving obligations have expired (the statutory commercial retention obligation ends after 6 years and the fiscal retention obligation ends after 10 years); information in the customer account is retained until they are erased.
When contacting us (via contact form or email), the user’s information is processed to handle the enquiry and is processed pursuant to point (b) of Article 6(1) GDPR.
The user’s information can be saved in our customer relationship management system (‘CRM System’) or comparable means of organising enquiries.
We delete the enquiries as soon as they are no longer required. We review the need to do so every two years; enquiries by customers who have a customer account are permanently saved; for erasure purposes, we refer to the information about the customer account. In the case of statutory archiving obligations, they are erased upon their expiry - 6 years in the case of the statutory commercial obligation and 10 years in the case of the fiscal retention obligation.
- Collection of access data and log files
We collect data about all access to the server on which this service is located (‘server log files’) based on our legitimate interests pursuant to point (f) of Article 6(1) GDPR. The access data include the name of the retrieved website, file, date and time of the retrieval, transferred data volume, report about successful retrieval, type and version of browser, the operating system of the user, the referrer URL (the website previously visited), country of access and IP address as well as the requesting provider.
Log file information is stored for security reasons (e.g. to investigate instances of misuse or fraud) for a maximum period of seven days and then deleted. Data that have to be retained for evidentiary purposes are excluded from erasure until the relevant incident has been fully resolved.
- Online presence on social media
Based on our legitimate interests pursuant to point (f) of Article 6(1) GDPR, we maintain an online presence within social networks and platforms to communicate with active customers, prospective customers and users engaged there and to inform them there about our services. When retrieving the respective networks and platforms, the general terms and conditions and the data processing guidelines of the respective operators shall apply.
Unless otherwise stated as part of our Privacy Statement, we process user data if users communicate with us through social networks and platforms, e.g. by commenting on our online presence or sending us messages.
- Cookies & measurement of reach
Cookies are information that is transmitted to the web browsers of users by our webservers or webservers of third parties and saved there for later retrieval. Cookies can be small files or other types of information storage.
We use ‘session cookies’, which are saved only for the period of the current visit to our online presence (e.g. to save your log-in status or the shopping cart function, and thus to allow for the use of our online content in the first place). A session cookie includes a randomly generated, unique identification number, a so-called session ID. Furthermore, a cookie includes information about its origin and the duration of storage. These cookies cannot save any other data. Session cookies are deleted after you have stopped using our online content, e.g. by logging out or closing the browser.
If users do not want cookies to be saved on their computers, they are requested to disable the corresponding option in the system settings of their browsers. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional restrictions of this online content.
- Google Analytics
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).
Google will use this information on our behalf in order to evaluate the use of our online content by users to compile reports on the activities occurring as part of this online content and to provide us with additional services related to the use of this online content. In so doing, pseudonymous usage profiles of users may be created from the data processed.
We use Google Analytics only to display advertising generated by the advertising services of Google and their partners only to those users who have shown interest in our online content, or who show certain characteristics (e.g. interest in certain subjects or products determined based on the websites visited), which we have transmitted to Google (i.e. ‘Remarketing’ or ‘Google Analytics Audiences’). With the help of Remarketing Audiences, we seek to ensure that our advertising is consistent with the potential interests of users and not irritating.
We use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases will the entire IP address be transferred first to a Google server in the US and then truncated there.
The IP address sent by your browser will not be merged with other data from Google. Users can prevent cookies from being stored by configuring their browser software accordingly; in addition, users can prevent Google from collecting the data generated by the cookie regarding their use of the online content and can prevent Google from processing these data by downloading and installing the browser plugin available here: https://tools.google.com/dlpage/gaoptout?hl=de.
For other information on the use of data by Google, or options for settings and objection, please see the websites of Google: https://www.google.com/intl/en/policies/privacy/partners (‘How Google uses information from sites or apps of our partners’), https://policies.google.com/technologies/ads (‘Use of data for advertising’), https://adssettings.google.com/authenticated (‘Managing data that Google uses to display advertising to you’).
In all other respects, personal data are anonymised or erased upon expiry of 26 months.
- Google re/marketing services
Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online content within the meaning of point (f) of Article 6(1) GDPR), we use the marketing and remarketing services (in short: ‘Google Marketing Services’) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (‘Google’).
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to display targeted advertising for and on our website, in order to show users only advertising that is potentially consistent with their interests. ‘Remarketing’ means the display of advertisements for products in which the user has shown an interest on other websites. For these purposes, when a user visits our and other websites on which Google Marketing Services are enabled, a code is directly executed by Google and ‘remarketing tags’ (invisible graphics or code, also referred to as ‘web beacons’) are integrated in the website. With their help, an individual cookie, i.e. a small file, is saved on the user’s device (instead of cookies, comparable technologies can be used). The cookies can be placed by various domains, such as by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user visits, the content in which they took an interest, the content on which the user has clicked, as well as technical information about the browser and operating system, referring websites, visiting times and other information about the use of the online content. In addition, the IP address of the user is recorded; in this connection, as part of Google Analytics, we transmit the information that the IP address was truncated within a member state of the European Union or other party to the Agreement on the European Economic Area and is transmitted entirely to a Google server only in exceptional cases and truncated there. The IP address will not be merged with data of the user within other Google services. Google can also link the aforementioned information with such information from other sources. If a user subsequently visits other websites, tailored advertising can be displayed in accordance with his or her interests.
The user data are processed under a pseudonym as part of Google Marketing Services. This means that Google does not save and process the name or email of the user, but instead processes the relevant data of each specific cookie within pseudonymised user profiles. This means that from the perspective of Google, the adverts are not managed and displayed for a specifically identified person, but for the owner of the cookie, irrespective of the identity of the cookie. This does not apply if a user expressly permits Google to process the data without this pseudonymisation. The information collected by Google Marketing Services about users are transferred to Google and saved on Google servers in the US.
The Google Marketing Services used by us include the ‘Google AdWords’ online advertising program. With Google AdWords, each AdWords customer receives a different ‘conversion cookie’. This means that cookies cannot be tracked via the websites of AdWords advertisers. The information obtained with the help of the cookie serves to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. AdWords advertisers are provided with the total number of users who have clicked on their advert and were directed to the webpage using the conversion tracking tag. The advertisers do not, however, obtain any information that can be used to identify users personally.
Furthermore, we can use the ‘Google Tag Manager’ to integrate and manage the Google analysis and marketing services in our website.
For further information on the use of data for marketing purposes by Google, please see the overview page: https://policies.google.com/technologies/ads, the Google Privacy Statement can be retrieved from https://policies.google.com/privacy.
If you wish to object to interest-related advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated.
- Use of third-party services and content
Within our online content and based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online content within the meaning of point (f) of Article 6(1) GDPR), we use content or services of third-party providers, such as videos or fonts (hereinafter referred to uniformly as ‘content’). This is always conditional on the third-party providers of this content recognising users’ IP address, as they cannot transmit the content to their browsers without it. Hence the IP address is required for the display of this content. We strive to use only content from providers which use the IP address only to deliver the content. Third-party providers may use ‘Pixel Tags’ (invisible graphics, also referred to as ‘Web Beacons’) for statistical or marketing purposes. Pixel Tags can be used to analyse information, such as visitor traffic on the pages of this website. The pseudonymous information can also be saved in cookies on the user’s device and may include technical information on the browser and operating system, referring websites, visiting times and other information on the use of our online content, and can be linked with that information from other sources.
- The following enumeration gives an overview of third-party providers and their content, as well as links to their privacy statements, which include further information on the processing of data and objection options, partly referred to above (‘Opt-out’):
If our customers use the payment services of third parties (e.g. PayPal or direct transfer), the general terms and conditions and the privacy provisions of the respective third parties apply, which can be retrieved as part of the respective websites or transaction applications.
External fonts by Google, LLC., https://www.google.com/fonts (‘Google Fonts’). Google Fonts are integrated through server access by Google (typically in the United States). Privacy Statement: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated.
Maps from the Google Maps service provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Statement: https://www.google.com/policies/privacy/, Opt-out: .
- A plugin of the tool "CalendarApp", operated by Tool Loft UG, Bessemerstraße 24-26, 12103 Berlin, Germany, is integrated on our pages. You can find the tool on our website under the following link https://www.meisterschmuck.ch/aktion/. When you visit our pages, a direct connection is established between your browser and the CalendarApp server via the plugin. ToolLoft UG thereby receives the information that you have visited our site with your IP address. Your personal data (e.g. name, address, e-mail, etc.) is only transmitted if you voluntarily enter it yourself beforehand. This data is stored on the server of Tool Loft UG. They will not be passed on to third parties or processed in any other way by Tool Loft UG. The data is only accessed by us for the purpose of processing and managing your booking request.