Data Privacy Statement
The team from Toni Weber GmbH welcomes you to our website. Responsibly handling and protecting your personal data is very important to us.
The following describes which personal data according to the General Data Protection Regulation (hereafter called DSGVO) we process and use when you pay a visit to our website.
Personal data is defined as any information which refers to an identified or identifiable natural person (hereafter called data). This includes, for example, IP address, address, name, email address or phone number.
Regarding the terminology in use, we refer to § 4 DSGVO.
-
Name and contact details of the data controller
Toni Weber GmbH
Industriestraße 25,
66129 SaarbrückenManager: Frank Weber
Email: datenschutz@toni-weber.de
Phone: 06805/91189-0
Fax: 06805/91189-20 -
Collection and storage of personal data as well as the nature and purpose of their use
-
When visiting the website
-
When you visit our website www.ToniWeber.com, the browser used on your device automatically sends information to the server of our website. This also applies if you do not log in and only use the website for information purposes. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address of the computer making the request or of other devices
- Date and time of access / request
- Time zone difference to GMT
- Name and URL of the accessed file
- Volume of data transferred each time
- Content of the request
- Access status / HTTP status code
- Website from which access is made (referrer URL)
- Browser used
- Language and version of the browser software
- Operating system of your computer / device as well as its surface and the name of your access provider
- Website and resources (images, files, more page content) that were accessed on our website
The data listed will be processed by us for the following purposes:
- Ensuring a smooth connection to the website
- Ensuring convenient use of our website
- Evaluation of the security and stability of the system
-
Legal basis
The legal basis is § 6(1)(1) lit.f DSGVO. Our legitimate interest in data collection arises from the purposes listed above. Under no circumstances will we use the collected data to draw conclusions about you.
When visiting our website, we additionally use cookies and analysis services. Further details can be found in points 5 and 6 of this Data Privacy Policy.
-
Length of time until deletion
If log files are stored, they will be deleted after 3 days; if they are stored beyond this, your IP address will be anonymized so that a later assignment to the client is no longer possible.
-
Options for revocation and removal
The collection of the data for the provision of the website and for the storage of the data log files is absolutely necessary for the operation of the website. Consequently, there is no opt-out option for the user.
-
-
When using our contact form respectively contact by email
-
If you have any questions, we offer you the opportunity to contact us via contact form provided on the website. The following data are stored and processed by us:
- Master data and contact details (title, first name, last name, email address, address, contact person, phone number, etc.)
- Content data (e.g. Information that you have given us and which are necessary to answer your inquiries, your specific concerns, subject)
It is definitely necessary to provide a valid email address and your salutation as well as your first and last name so that we know who sent the request and thus are able to answer it. Further information (phone number, fax number, etc.) can be provided voluntarily. We will then process all the data you provide, e.g. contact data, content data (text input, specific questions, etc.).
The processing of data enables us to deal with your specific request.
Alternatively, you can contact us via the email address provided. In this case, the data transmitted by the email will be processed accordingly.
-
Legal basis
Data processing for the purpose of contacting us is carried out in accordance with § 6 (1)(1) lit. a DSGVO on the basis of your voluntarily given consent, which can be revoked at any time.
The legal basis for data processing is also § 6(1) lit. f respectively § (1) lit. b DSGVO if your request aims at a conclusion of a contract (e.g. placing an order with us).
Our mutual (legitimate) interest in this data processing results from the aim of answering your inquiries.
-
Length of time until deletion
The personal data collected by us for the use of the contact form will be automatically deleted after your inquiry has been dealt with, provided that there are no statutory retention requirements.
-
-
Registration on our website
-
There is a possibility to register on our website or to create a customer account in order to process orders faster or to be able to communicate more easily with us. However, this option is voluntary and not necessary to use the website. You have to enter personal data, which are transmitted to us and which are being stored.
When registering and using this customer account, the following data is stored and processed:
- Master data and contact details (e.g. salutation, first name, last name, company name, delivery and billing address, age, date of birth, contact person, phone number, fax number, email address, VAT ID, user name and password)
- Bank details (e.g. account data, bank name)
- Contract data (e.g. specific orders, reserved items, your shopping cart)
- Content data (e.g. Information that you have given us and which are necessary to answer your inquiries; your specific concerns; subject)
- Metadata / communication data (e.g. date and time of registration / use of your online account, IP address of your computer, passwords)
- Your consent to our GTC and to the data protection information with date and time
The purpose of data processing is to provide and use a customer account to process orders faster and to make communication with us easier.
-
Legal basis
The legal basis for this is your consent in accordance with § 6(1)(1) lit. f DSGVO. Otherwise § 6 (1) lit. b DSGVO, that means you provide us with data on the basis of the contractual relationship (specific orders, shipping, invoicing) between you and us or in advance of this.
If the IP address and time of your registration / use are processed, this is done on the basis of our legitimate interests according to § 6(1)(1) lit. a DSGVO as well as for your protection against abuse and other unauthorized use.
-
-
Online shop
-
It is possible to place orders through our website. For this purpose, it is mandatory for us to process some of your data in order to enable you to select and order the products you want, as well as to enable you to conduct the payment and have the products delivered. The mandatory information is marked with an asterisk in the ordering process and shown separately, all other information is optional. It is obligatory for us to process the following data:
- Master data and contact details (title, first name, last name, company name, delivery and billing address, contact person, number, email address, customer number)
- Content data (e.g. data about your order, for example ordered item number etc.)
- Payment details (e.g. bank details such as account details, bank name, data on PayPal usage)
- Contract data (e.g. Subject of the contract, term)
- Metadata / communication data (e.g. date and time of registration / use of your online account, IP address of your computer, passwords))
- Your consent to our GTC and to the data protection information with date and time
The processing takes place for the purpose of providing contractual services within the operation of our online shop (specific order processes), billing and delivery as well as customer service. We use session cookies for storing the contents of the shopping cart and permanent cookies for storing the login status.
If you like, you can create a customer account (see point 3) which enables us to store your data for future purchases.
For the cookie’s declaration see point 8.
-
Legal basis
We process the above named personal data when initiating contracts or when concluding and processing the contract according to § 6(1)(1) lit. b DSGVO.
-
Length of time until deletion
We process the data provided in the order form as part of the order process. They will be deleted immediately as soon as the order process has been completed.
This does not apply however, if the European or national legislator decides a longer storage period for ordinances, laws or other regulations to which we are subject, e.g. the obligation of storage and documentation in terms of commercial law (HGB, StGB or AO) This applies in particular to the invoice data, address, payment and order data, which we have to store for a period of 10 years.
-
-
Analytical tools
-
We have decided to use Universal Analytics as so-called analytical tool.
This web analysis service is provided by Google Inc. (hereinafter referred to as Google).
This web analysis service is provided by Google Inc. (hereinafter referred to as Google). This analysis tool works on the basis of cookies (see point 8).
Google uses the information we provide for the following purposes: to evaluate the use of our website and to create reports on website activity. Thus we can recognize usage preferences, length of stay and popular areas of our website, in order to adapt our offer to the needs of our customers.
The cookie used by Google generates the following information for the use of our website:
- Version and type of browser
- Referrer-URL (previously visited page)
- IP address of your computer
- Time of the server request
- Operating system used
The information generated in the cookie is transmitted to a Google server in the USA and stored there.
However, we use the Google function anonymizelP, with which your IP address is shortened by Google within member states of the European Union or the European Economic Area and is solely being transmitted anonymously to the USA. Therefore, it is not possible to assign the data. This information may also be transferred to third parties, if legally required, or if third parties process the data by order.
We have additionally concluded a data processing contract with Google to protect your data. To the best of our knowledge, your IP addresses will under no circumstances be merged with other data from Google.
-
Legal basis
The legal basis for this is your given consent according to § 6(1)(1) lit. a DSGVO which must be available so that Google Analytics can be used or our legitimate interests according to § 6(1)(1) lit. f DSGVO
You can, however, revoke your consent at any time and object to the use of Google Analytics and the installation of cookies by Google using the following link:
The collection and storage of data via the user-ID can also be objected to at any time with effect for the future. To do this, you must deactivate Google Analytics on all systems you use, for example in another browser or on your mobile device.
You can also prevent the installation of cookies and thus the use of Google analytics by setting your browser accordingly (see point 4). Please note however, that in this case you may not be able to use all features of this website to their full extent. .
If you do not want your data to be saved, you can also download the de-activation tool provided by Google at:
https://tools.google.com/dlpage/gaoptout?hl=de -
Length of time until deletion
This user and analysis data are automatically deleted after 14 months.
-
-
Google Tag Manager
This website uses Google Tag Manager which is a solution operated by Google Inc., that allows companies to manage website tags through a web interface. The 'Tag Manager' tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data under certain circumstances. We hereby point this out separately. The Google Tag Manager does not access these data. If a deactivation occurs at domain or cookie level, it remains in use for all tracking tags implemented by Google Tag Manager.
-
Disclosure of data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if:
- you have expressly consented to this per § 6(1)(1) lit. a DSGVO
- the disclosure in accordance with § 6(1)(1) lit. f DSGVO to assert, exercise or defend legal claims and there is no reason to believe that you have a mainly legitimate interest in not disclosing your data
- in case that the disclosure according to § 6(1)(1) lit. c DSGVO is a legal obligation
- this is legally permissible and necessary per § 6(1)(1) lit. b DSGVO for the processing of contractual relationships with you.
After placing an order with us in our shop, we will definitely pass on the following data:
-
Haulage services:
For the purpose of delivering ordered goods, we work together with logistics service providers / forwarders. The following data can be transferred to them for the purpose of delivery of ordered goods or for the announcement of their arrival: first name, last name, postal address, e-mail address, phone number (e.g. for forwarding announcements).
The legal basis for the transfer is § 6(1)(1) lit. b DSGVO.
-
for payments by credit card or Sepa direct debit mandate
If you have purchased a product from the shop, we will transfer your payment information in order to process your payment. Depending on the payment method, we will forward your payment information to third parties (e.g. for credit card payments to your credit card provider and to our main bank for Sepa mandates).
The legal basis for this transfer is § 6(1)(1) lit. a DSGVO, § 6(1)(1) lit. b DSGVO as well as § 6(1)(1) lit. f DSGVO.
-
for payments via PayPal
When paying via PayPal, your payment details will be transferred to PayPal (Europe) S.ä.r.l. et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal reserves the right to conduct a credit check for the payment methods: credit card via PayPal, direct debit via PayPal or – if offered – "invoicing" via PayPal. For this purpose, your payment data will be processed to credit agencies according to § 6(1)(1) lit. f DSGVO on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of statistical non-payment risks for deciding whether to provide the respective payment method or not. The credit report can contain probability values (so-called score values). When score values are included in the results of the credit check, they are based on a scientifically established mathematical and statistical method. Among others, address data are included in the calculation of the score values. Please refer to the Privacy Policy of PayPal for further information on the data protection law and on credit agencies used:https://www.paypal.com/de/webapps/mpp/ua/privacy-full
The legal basis for disclosure is § 6(1)(1) lit. b DSGVO.
-
Cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when visiting our site. Cookies don´t do any damage to your end device, do not contain viruses, trojans or other malware.
Information arising from the context of the specifically used devices is stored in the cookie. However, this does not provide us with direct information about your identity.
The use of cookies helps to make the use of our offer more pleasant for you, to statistically record the use of our website and to evaluate it to optimize our offer for you.
We use so-called session cookies in order to recognize that you have already visited single pages on our website or to enable you to see how many articles you have already added to your shopping cart and to indicate the value of goods. They will be deleted automatically after leaving our website.
In addition, we also use temporary cookies that are stored on your device for a specified period of time to optimize user-friendliness. If you re-visit our website to use our services, it will automatically be recognized that you have already visited us. The inputs and settings you have made are also recognized, so that you do not have to enter them again. These cookies are automatically deleted after a defined period of time.
The data processed by cookies are required for the purposes mentioned for the protection of our legitimate interests as well as of third parties according to § 6(1)(1) lit. f DSGVO.
The data processing also takes place in accordance with § 6(1)(1) lit. a DSGVO based on your voluntarily given, revocable consent.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a message appears at all times before a new cookie is created. The complete deactivation of cookies, however, may result in you being unable to use all the features of our website.
-
Rights of data subjects
You have the right:
- to request information about the personal data we have processed about you according to § 15 DSGVO. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if they have not been collected by us, as well as the existence of automated decision-making including profiling and, where appropriate, informative information about its details
- to demand the immediate correction of incorrect or incomplete personal data stored about it according to § 16 DSGVO
- to demand the deletion of the personal data saved by us (according to § 17 DSGVO) unless its further processing is necessary to exercise the right to freedom of expression and information, to fulfill legal obligations, for reasons of public interest, or to assert, exercise, or defend potential legal claims
- to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims (according to § 18 DSGVO). You may also have requested an objection against the processing according to § 21 DSGVO
- to receive a copy of the personal data you have provided in a structured, current, and machine-readable format or to request the transfer to another controller, according to § 20 DSGVO
-
to revoke your consent given to us once at any time according to § 7 (3) DSGVO. As a result, we would then no longer be allowed to continue processing the data obtained previously on the basis of this consent
If you would like to exercise one of the aforementioned rights, you can contact us any time at:
Toni Weber GmbH
Industriestraße 25,
66129 SaarbrückenManager: Frank Weber
Email: datenschutz@toni-weber.de
Phone: 06805/91189-0
Fax: 06805/91189-20 - to file a complaint to a supervisory authority according to § 77 DSGVO. Usually, you can contact the supervisory authority at your usual place of residence respectively your workplace or our legal office
-
Right to object
If your personal data are processed on the basis of legitimate interests according to § 6(1)(1) lit. f DSGVO, you have the right according to § 21 DSGVO to object to the processing of your personal data for reasons relating to your specific situation or because you want to oppose to direct marketing. In the latter case, you have a general right of objection, which we will implement without the need for you to specify a particular situation.
If you would like to exercise your right of objection, you can contact us at any time:
Toni Weber GmbH
Industriestraße 25,
66129 SaarbrückenManager: Frank Weber
Email: datenschutz@toni-weber.de
Phone: 06805/91189-0
Fax: 06805/91189-20 -
Deletion of data
The data processed by us will be deleted or restricted in their processing in accordance with the legal requirements. Unless expressly stated in this Data Privacy Policy, the data we store will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.
If data is not deleted because they are required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies for example for data that must be kept for commercial or tax law reasons.
-
Data security
We use the most common SSL (Secure Socket Layer) method together with the highest level of encryption supported by your browser. The transmission of a single page of our website in encrypted form is indicated on our website by the display of a closed key or lock icon in the bottom status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our safety measures are continuously improved according to technical developments.
In the case of unencrypted email communication, we cannot guarantee complete data security en route to our IT systems, so we recommend encrypted communication or postal mail for information requiring a high degree of confidentiality.
-
Topicality and amendments to this Data Privacy Policy
This Data Protection Policy is currently valid and was last updated in October 2020.
As a result of the development of our website and offers thereof or due to changed legal or regulatory requirements, it may be necessary to change this data privacy policy. You can access and print out the current data privacy policy at any time on our website at www.ToniWeber.de .
-