Data protection
Personal data to be protected
The processing of personal data (e.g. name, address, e-mail address or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to us.
With the following privacy policy, we would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. This privacy policy also informs data subjects of their rights.
As the person responsible for processing, we have implemented numerous technical and organizational measures to ensure that personal data processed via our website is protected as completely as possible. However, data transmissions over the Internet can generally contain security gaps. 100% protection cannot therefore be guaranteed. Therefore, any data subject can of course also provide us with personal data as an alternative, e.g. by telephone.
1. Definitions
This privacy policy is based on the definitions used by the European legislator when adopting the GDPR (Article 4 GDPR). This privacy policy should be both easy to read and easy to understand for everyone. To ensure this, we would first like to explain the terms used. This privacy statement uses, among other things, these definitions:
- ”personal data“any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that person are a natural person;
- ”person concerned“any identified or identifiable natural person whose personal data is processed by the controller.
- ”workmanship“any process or series of operations carried out with or without the aid of automated processes relating to personal data, such as the collection, collection, organization, ordering, storage, adjustment or alteration, reading, querying, use, disclosure through transmission, dissemination or other form of provision, reconciliation or linking, restriction, deletion or destruction;
- ”Restriction of processing“the marking of stored personal data with the aim of restricting their processing in the future;
- ”profiling“any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or movement of that natural person;
- ”person responsible“the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- ”transceivers“a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities that may receive personal data as part of a specific investigation mandate under Union or Member State law are not considered recipients; the processing of such data by those authorities is carried out in accordance with applicable data protection rules in accordance with the purposes of the processing;
- ”third“a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorised to process personal data;
- ”consent“to the data subject, any voluntary, informed and unequivocal statement of intent in the specific case, in the form of a statement or other clear affirmative act by which the data subject indicates that he or she agrees to the processing of personal data concerning him or her.
2. Name and contact details of the person responsible for processing
This privacy policy applies to data processing by:
InformMe GmbH, Schmied-Kochel-Strasse 6, 81371 Munich, kontakt@informme.info
3. Collection and storage of personal data and the nature and purpose of their use
a) When you visit the website
In principle, you can use our website without revealing your identity. When you visit our website, the browser used on your device automatically sends information to our website's server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the retrieved file,
- website from which access is made (referrer URL),
- browser used and, if applicable, the operating system of your computer and the name of your access provider.
The above data is processed by us for the following purposes:
- ensuring a smooth connection to the website,
- ensuring convenient use of our website,
- evaluation of system security and stability, and
- for further administrative purposes.
The legal basis for data processing is Article 6 (1) (f) GDPR. Our legitimate interest results from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about you.
We also use cookies and analysis services when you visit my website. You can find more detailed explanations of this under sections 5 and 7 of this privacy policy.
b) When using our contact form
If you have any questions, we offer you the opportunity to contact us using a form provided on our website. A valid email address is required so that we know who sent the request and to be able to answer it. Further information can be provided voluntarily. It is up to you to decide whether you want to enter this data as part of the contact form.
Data processing for the purpose of contacting us is carried out in accordance with Article 6 (1) (a) GDPR on the basis of your voluntary consent.
The personal data collected by us for using the contact form will be automatically deleted after the request you have made has been completed.
c) When ordering via our website
Through our website, you can either place orders as a guest without registering, or register as a customer in our shop for future orders. Registration has the advantage for you that, in the event of a future order, you can log in to our shop directly with your email address and password without having to re-enter your contact details.
Your personal data is entered into an input mask and transmitted to us and stored. If you place an order via our website, we will first collect the following data both in the event of a guest order and in the event of registration in the shop:
- title, first name, last name,
- a valid email address
- address,
- Telephone number (landline and/or mobile)
This data is collected
- to be able to identify you as our customer;
- to be able to process, fulfill and fulfill your order;
- to correspond with you;
- for invoicing;
- to process any liability claims that may exist, and to assert any claims against you;
- to ensure the technical administration of our website;
- to manage our customer data.
As part of the ordering process, consent is obtained from you to process this data.
Data processing is carried out upon your order and/or registration and is required in accordance with Article 6 (1) (b) GDPR for the stated purposes for the appropriate processing of your order and for the mutual fulfilment of obligations under the purchase contract.
The personal data collected by us to process your order will be stored until the legal storage obligation expires and then deleted, unless we are obliged to store it for a longer period of time in accordance with Article 6 (1) (c) GDPR due to tax and commercial storage and documentation obligations (from HGB, StGB or AO) or you are required to store it for a longer period of time in accordance with Art. 6 para. 1 p. 1 lit. a have consented to the GDPR.
Sharing data
Your personal data will only be passed on by us to third parties to the service partners involved in the processing of the contract, such as the logistics company responsible for delivery and the bank charged with payment matters. However, in cases where your personal data is passed on to third parties, the scope of the transmitted data is limited to the minimum necessary.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or “purchase on account” via PayPal, we pass on your payment details to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). PayPal reserves the right to carry out a credit report for the payment methods credit card via PayPal, direct debit via PayPal or “purchase on account” via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical process. Address data, among other things, is used to calculate the score values. Further data protection information can be found in the PayPal data protection principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Your personal data will not be transferred to third parties for purposes other than those mentioned above.
We will also only share your personal information with third parties if:
- you have given your express consent to this in accordance with Article 6 (1) (a) of the GDPR
- the transfer is necessary in accordance with Article 6 (1) (f) GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal obligation to transfer data in accordance with Article 6 (1) (c) GDPR, and
- This is legally permitted and is required in accordance with Article 6 (1) (b) GDPR to process contractual relationships with you.
As part of the ordering process, consent is obtained from you to transfer your data to third parties.