Use of our online shops

If you wish to order goods from our online shop, a contract can only be concluded with us if you provide the personal data we require for the purpose of processing your order.

A. Data processing when ordering products

Mandatory information is labelled as such; all other information is voluntary. The processed data categories are contact data, company data, customer data, personal data, order data, delivery data, invoice data and payment data. We will process data you have provided for processing contract initiation, orders and order processing. The legal basis here is section 6(1)(1)(b) GDPR.

Your data will be processed for as long as is required for the existing customer relationship. Irrespective of this, we are required under commercial and tax law to store your data for a period of up to ten years.

B. Payment information

If you select payment type “Credit Card”, your credit card data will be processed. For this purpose, we are transmitting your data to our payment service provider Adyen.

Payment processing follows the highest security requirements. All data is transmitted encrypted up to 256 Bit SSL and thereby protected from unauthorised access by third parties. We will process your payment information for the purpose of payment processing.

In cooperation with Adyen (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ in Amsterdam; Netherlands), the payment is processed with the selected payment method. Adyen acts as the responsible party. Payment service provider Adyen hereby checks the creditworthiness and handles the financial processing of the order. We hereby transmit the following data to Adyen:identity data, address data, contact data, payment information, IP address.

For details on processing your personal data by Adyen, please view the Datenschutzhinweisen von Adyen.

C) Transmission of data to transport service providers

We are transmitting your personal data and delivery data to the transport service provider to process your order and deliver your order. Legal basis here is section 6(1)(1)(b) GDPR.

The transport service provider is the responsible party for processing within the framework of the delivery.

We are using suitable technical and organisational security measures to protect your data from incidental or intentional manipulations, partial or complete loss, destruction or unauthorised access by third parties (e.g. TLS encryption for our website) under consideration of the state of the art, implementation costs and the nature of the scope, context and purpose of processing as well as the existing risks of a data breach (including its probability and effects for the affected person. We are continuously improving our security measures according to the technological development.

We will be happy to provide you with further information upon request. Please contact our Data Protection Officer (see under General Information (2)).