Privacy Policy

Privacy Policy of aperlen Matthias Krause

Thank you for your interest in our company. We take data protection seriously.

You can generally use our website without providing any personal data. However, if a data subject wishes to make use of services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will always obtain consent from the data subject.

The processing of personal data (e.g., name, address, email address, or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to us.

With this Privacy Policy, we would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this Privacy Policy informs data subjects about their rights.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, data transmissions over the Internet may generally contain security vulnerabilities. Therefore, absolute protection cannot be guaranteed. For this reason, every data subject is also free to transmit personal data to us by alternative means, for example, by telephone.

1. Definitions

This Privacy Policy is based on the terms used by the European legislators in the adoption of the GDPR (Article 4 GDPR). Our Privacy Policy is intended to be easy to read and understand for everyone. To ensure this, we will first explain the terminology used. This Privacy Policy uses, inter alia, the following terms:

“Personal data”: all information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

“Data subject”: any identified or identifiable natural person whose personal data is processed by the data controller;

“Processing”: any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;

“Restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future;

“Profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

“Controller”: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Recipient”: a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

“Third party”: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

“Consent”: of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Name and Contact Details of the Controller

This privacy notice applies to data processing by:

Controller: Matthias Krause, Email: info@aperlen.de, Telephone: +49 (0)2163 – 5712924

3. Collection and Storage of Personal Data and Purpose of Use

a) When you visit the website

You can generally use our website without revealing your identity. When you access our website, your browser automatically transmits information to the server of our website. This information is temporarily stored in a so-called log file.

The following information is collected without your intervention and stored until automated deletion:

IP address of the requesting computer,

Date and time of access,

Name and URL of the retrieved file,

Website from which access is made (referrer URL),

Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

The aforementioned data are processed by us for the following purposes:

Ensuring a smooth connection setup of the website,

Ensuring comfortable use of our website,

Evaluation of system security and stability, as well as

for further administrative purposes.

The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

Additionally, we use cookies and analytics services when you visit our website. More details can be found in Sections 5 and 7 of this Privacy Policy.

b) When using our contact form

For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. A valid email address is required so that we know who the inquiry is from and to answer it. Additional information may be provided voluntarily. It is up to you whether you wish to enter this data in the contact form.

Data processing for the purpose of contacting us takes place in accordance with Art. 6 (1) sentence 1 lit. a GDPR on the basis of your voluntarily given consent.

The personal data collected by us for the use of the contact form will be automatically deleted after your inquiry has been dealt with.

c) When placing orders through our website

You can place orders on our website either as a guest without registering or by registering as a customer for future orders. Registration offers the advantage of logging in with your email address and password for future orders, without having to re-enter your contact details.

Your personal data is entered into an input mask and transmitted to us and stored. When you place an order via our website—whether as a guest or as a registered customer—we collect the following data:

Title, first name, last name,

A valid email address,

Address,

Telephone number (landline and/or mobile).

We collect this data in order to:

Identify you as our customer,

Process, fulfill, and conclude your order,

Correspond with you,

Invoice you,

Handle any existing liability claims and assert any claims against you,

Ensure technical administration of our website,

Manage our customer data.

During the ordering process, we obtain your consent for the processing of this data.

The data processing is carried out in response to your order and/or registration and is necessary under Art. 6 (1) sentence 1 lit. b GDPR for the aforementioned purposes for the appropriate processing of your order and for the mutual fulfillment of obligations arising from the purchase contract.

The personal data collected by us for the processing of your order will be stored until the expiry of the statutory retention period and then deleted unless we are obliged to store it for a longer period under Article 6 (1) sentence 1 lit. c GDPR due to tax and commercial retention and documentation obligations (from HGB, StGB, or AO) or you have consented to further storage under Article 6 (1) sentence 1 lit. a GDPR.

4. Disclosure of Data

Your personal data will only be disclosed by us to third parties involved in the execution of the contract, such as the logistics company assigned to deliver goods and the credit institution responsible for payment matters. In any case, the extent of data transmitted is strictly limited to the necessary minimum.

If payment is made via PayPal, credit card via PayPal, direct debit via PayPal, or "purchase on account" via PayPal, your payment data will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal") for payment processing. For credit card payments via PayPal, direct debit via PayPal, or "purchase on account" via PayPal, PayPal reserves the right to carry out a credit check. The result of the credit check in relation to the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit information may contain probability values (so-called score values). If score values are included in the credit check result, these are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, are input into the calculation of the score values. Further information on data protection can be found in the PayPal Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

No further transmission of your personal data to third parties for purposes other than those mentioned above will take place.

Your personal data will only be disclosed to third parties if:

you have given your express consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR,

the disclosure is necessary to assert, exercise, or defend legal claims in accordance with Art. 6 (1) sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

in the event that there is a legal obligation for disclosure under Art. 6 (1) sentence 1 lit. c GDPR, or

this is legally permissible and required under Art. 6 (1) sentence 1 lit. b GDPR for the settlement of contractual relationships with you.

Your consent to the transfer of data to third parties is obtained during the ordering process.

5. Use of Cookies

We use cookies on our website. These are small files automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device, contain no viruses, trojans, or other malware.

Information is stored in the cookie, which is generated in relation to the specific device used. However, this does not mean we gain immediate knowledge of your identity.

Cookies are used to make our offering more pleasant for you to use. We use so-called session cookies to recognize that you have already visited individual pages of our site. These are automatically deleted after you leave our website.

Furthermore, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a defined period. If you revisit our site to use our services, it will automatically recognize that you have visited us before and what entries and settings you made so that you do not need to re-enter them.

We also use cookies to record the use of our website statistically and to evaluate it for the purpose of optimizing our offering (see Section 7). These cookies enable us to automatically recognize that you have already visited our site when you return. These cookies are automatically deleted after a defined time.

The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser not to store any cookies on your computer, or to always display a warning before a new cookie is created. However, completely deactivating cookies may result in you not being able to use all functions of our website.

6. Links to Third-Party Websites

The links published on our website are carefully researched and compiled. However, we have no influence on the current and future design and content of linked pages. We are not responsible for the content of linked pages and expressly do not adopt their content as our own. The provider of the linked website is solely liable for illegal, incorrect, or incomplete content, as well as for damages resulting from the use or non-use of the information. Liability of the party merely referring to the publication via a link is excluded. For third-party references, we are only responsible if we have positive knowledge of them, including potentially illegal or criminal content, and if it is technically possible and reasonable for us to prevent their use.

7. Analytics and Tracking Tools

The tracking measures we use listed below are carried out on the basis of Art. 6 (1) sentence 1 lit. f GDPR. We want to ensure a demand-oriented design and the continuous optimization of our website with the tracking measures we use. We also use tracking measures to record the use of our website statistically and to evaluate it for the purpose of optimizing our offering. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

a) Google Analytics

For demand-oriented design and ongoing optimization of our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). In this context, pseudonymized usage profiles are created and cookies (see Section 5) are used. The information generated by the cookie about your use of this website such as:

Browser type/version,

Operating system used,

Referrer URL (previously visited page),

Hostname of the accessing computer (IP address),

Time of server request,

is transmitted to and stored on a Google server in the USA. This information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties where required by law or where such third parties process the information on Google's behalf. On no account will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You can prevent the installation of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, particularly for browsers on mobile devices, you can also prevent collection by Google Analytics by clicking on the link provided above. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie only applies to this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must reset the opt-out cookie.

Further information on data protection in connection with Google Analytics can be found in Google Analytics Help: https://support.google.com/analytics/answer/6004245?hl=en

b) Google AdWords Conversion Tracking

To statistically record the use of our website and evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google AdWords sets a cookie (see Section 5) on your computer if you have accessed our website via a Google ad.

These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the website of an AdWords customer and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

Each AdWords customer receives a different cookie. Cookies cannot, therefore, be tracked across AdWords customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to identify users personally.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this purpose—for example, via browser settings that generally deactivate the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". Google’s privacy policy on conversion tracking can be found here: https://services.google.com/sitestats/en.html.

8. Social Media Plugins

We use social plugins from social networks (e.g., Facebook, Twitter, Google+) on our website on the basis of Art. 6 (1) sentence 1 lit. f GDPR to raise awareness of our company. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation is to be ensured by their respective providers. The integration of these plugins by us is carried out using the so-called two-click method to protect visitors to our website best.

a) Facebook

Our website features social-media plugins from Facebook to make their use more personal. For this, we use the "LIKE" or "SHARE" button, which is an offering from Facebook.

When you access a page of our website containing such a plugin, your browser establishes a direct connection with Facebook's servers. The contents of the plugin are transmitted directly by Facebook to your browser and integrated into the site.

Through the integration of the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged into Facebook, Facebook can directly assign the visit to our website to your Facebook account. If you interact with the plugins (for example, use the "LIKE" or "SHARE" button), this information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and shown to your Facebook friends.

Facebook may use this information for purposes of advertising, market research, and demand-oriented design of Facebook pages. For this purpose, Facebook creates usage, interest, and relationship profiles, e.g., to evaluate your use of our website with regard to the ads shown to you on Facebook, to inform other Facebook users of your activities on our website, and to provide further services associated with the use of Facebook.

If you do not want Facebook to associate the information collected via our website with your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of data collection and further processing and use of data by Facebook as well as your related rights and settings options for the protection of your privacy can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/

b) Twitter

Plugins of the short message network Twitter Inc. (Twitter) are integrated on our website. Twitter plugins (tweet-button) can be recognized by the Twitter logo on our site. An overview of tweet buttons is available here: https://dev.twitter.com/web/tweet-button

When you access a page on our website that contains such a plugin, a direct connection is established between your browser and Twitter’s server. Twitter receives the information that you have visited our site with your IP address. If you click the "tweet" button while logged into your Twitter account, you can link the contents of our pages to your Twitter profile. This enables Twitter to assign your visit to our pages to your user account. We point out that we, as providers of the pages, have no knowledge of the content of the transmitted data and their use by Twitter.

If you do not want Twitter to assign the visit to our pages, please log out of your Twitter user account.

Further information can be found in Twitter’s privacy policy: https://twitter.com/en/privacy

c) Google "+1" Button

Our website uses the "+1" button of the Google+ social network, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. The button is identified by the "+1" symbol.

The "+1" button is a shortcut for "this is pretty cool" or "check this out". The button is not used to track your visits across the web.

When a web page on our site contains the "+1" button, your internet browser loads and displays that button from the Google server. The page you visit on our site is automatically communicated to the Google server. When displaying a +1 button, Google does not permanently log your browsing history, but only for up to two weeks.

Google maintains this data about your visit for system maintenance and troubleshooting purposes. However, this data is not structured according to individual profiles, user names, or URLs. These info are also not accessible to web publishers or advertisers. The use of this information is only for maintenance and troubleshooting in Google’s internal systems. Your visit to a page with a +1 button is also not evaluated otherwise by Google in any other way.

Giving +1 itself is a public action; anyone who performs a Google search or views content on the web to which you have given +1 can potentially see that you have given that content a +1. You should only give a +1 if you are sure you want to share this recommendation with the whole world.

A click on this +1 button serves as a recommendation for other users in Google’s search results. You can publicly share that you like our website, that you agree with our site or that you can recommend our website. If you have registered and are logged in to Google+, the "+1" button will turn blue when you click on it. Furthermore, the "+1" will be added to your "+1" tab in your Google profile. On this tab, you can manage your "+1"s and decide whether you want to make the "+1" tab public.

In order for your +1 recommendation to be saved and made publicly accessible, Google collects information about the URL you are recommending, your IP address, and other browser-related information via your profile. If you withdraw your +1, this information is deleted. All your "+1" recommendations are listed on the "+1" tab in your profile.

For more information and the applicable privacy policies of Google, visit: https://www.google.com/policies/privacy/. Further information from Google regarding the "+1" button can be found at: https://developers.google.com/+/web/buttons-policy

9. Rights of Data Subjects

You have the right to:

Request information about your personal data processed by us pursuant to Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if not obtained from us, as well as the existence of automated decision-making, including profiling, and, where appropriate, meaningful information about their details;

Request the correction of incorrect or completion of your personal data stored by us without delay in accordance with Art. 16 GDPR;

Request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising or defending legal claims;

Request that the processing of your personal data be restricted in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you oppose their erasure and we no longer need the data, but you require them for the establishment, exercise, or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR;

Receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller (Art. 20 GDPR);

Withdraw your consent at any time pursuant to Art. 7 (3) GDPR. As a result, we may no longer continue to process data based on this consent in the future;

Lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you may contact the supervisory authority of your usual place of residence or workplace or our company’s seat.

10. Right to Object

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided that there are grounds arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we implement without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an email to: info@aperlen.de

11. Data Security

We use the widely-used SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser during your visit to the website. Typically, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether a single page of our website is encrypted by the closed key or lock symbol in the bottom status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved as technology advances.

12. Validity and Changes to this Privacy Policy

This Privacy Policy is currently valid and dated March 2018.

Due to the further development of our website and offers or as a result of changes in legal or regulatory requirements, it may become necessary to change this Privacy Policy. The current Privacy Policy may be accessed and printed at any time from our website at:

http://www.aperlen.de/epages/61415986.sf/de_DE/?ObjectPath=/Shops/61415986/Categories/PrivacyPolicy

-------------------------------------------------------------------------------------------------------------------------------

1 Data protection authorities require the conclusion of a data processing agreement for the lawful use of Google Analytics. Google offers a corresponding template at http://www.google.com/analytics/terms/de.pdf.

Source: Sample privacy policy created by attorney Andreas Gerstel (http://www.anwaltblog24.de/)