Privacy Policy
Data collected when visiting our website
You can visit our website without providing any personal information. We only store access data in so-called server log files, such as the name of the requested file, date and time of retrieval, amount of data transferred, and the requesting provider. These data are used solely to ensure the smooth operation of the site and to improve our services, and they do not allow us to draw any conclusions about your identity. If personal or business data (such as email addresses, names, or postal addresses) can be entered within our online offering, this is done expressly on a voluntary basis by the user. The use and payment of all offered services is – as far as technically possible and reasonable – also permitted without providing such data, or by using anonymized data or a pseudonym. The use of contact data published within the imprint or similar information (such as postal addresses, telephone or fax numbers, and email addresses) by third parties for sending unsolicited information is prohibited. Legal action against senders of so-called spam emails in violation of this prohibition is expressly reserved.
Responsible entity
Hermann Georgi GmbH Zum Bibersberg 4 08237 Steinberg Email: georgi-buerstenfabrik@t-online.de
The responsible entity decides alone or together with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).
Types of processed data
Inventory data (e.g. names, addresses)
Contact data (e.g. email, phone numbers)
Content data (e.g. text entries, photographs, videos)
Usage data (e.g. visited websites, interest in content, access times)
Meta/communication data (e.g. device information, IP addresses)
Purpose of processing
Provision of the online offering, its functions and content
Responding to contact requests and communication with users
Security measures
Reach measurement/marketing
Legal basis
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. Unless otherwise stated in this privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing to fulfill our services and contractual measures as well as responding to inquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. If processing personal data is necessary to protect vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.
Security measures
In accordance with Art. 32 GDPR, and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. These measures include safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transfer, availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and response to data threats. We also take into account the protection of personal data during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
Data transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosure/transfer of data to third parties, this will only take place if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or allow data to be processed in a third country only under the special conditions of Art. 44 ff. GDPR. This means that processing takes place, for example, on the basis of special guarantees such as an officially recognized level of data protection equivalent to that of the EU (e.g. for the USA under the “Privacy Shield”), or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Consent to data processing
Certain data processing operations are only possible with your express consent. You may revoke your consent at any time. A simple email notification is sufficient. The legality of data processing carried out until the revocation remains unaffected.
Right to lodge a complaint with the competent supervisory authority
In the event of a data protection violation, you have the right to lodge a complaint with the competent supervisory authority. The competent authority for data protection matters is the data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to yourself or to third parties. The provision is made in a machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.
Right of withdrawal
According to Art. 7(3) GDPR, you have the right to withdraw consent once given.
Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of withdrawal or objection, simply send an email to: shop@georgi-buersten.de
Cookies and right to object to direct marketing
“Cookies” are small files stored on users’ computers when using the website. Various information can be stored in cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. A distinction is made between temporary and permanent cookies. Temporary cookies are deleted after a user leaves an online offering and closes their browser. Such a cookie may, for example, store the contents of a shopping cart in an online shop or a login status. Permanent cookies remain stored after the browser is closed. For example, a login status can be saved if users revisit the site after several days. Likewise, user interests can be stored in such a cookie, which may be used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online offering (otherwise, if only their own cookies are used, they are referred to as “first-party cookies”).
We may use both temporary and permanent cookies and provide information about this in our privacy policy.
If you do not want cookies stored on your computer, please disable the corresponding option in your browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Disabling cookies may limit the functionality of this online offering.
A general objection to the use of cookies for online marketing purposes can be declared for many services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. . Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that not all functions of this online offering may then be available.
Right of Access, Rectification, Blocking, Deletion
Within the framework of applicable legal provisions, you have the right at any time to receive free information about your stored personal data, their origin, recipients, and the purpose of data processing, as well as the right to rectification, blocking, or deletion of these data. For this purpose, and for further questions regarding personal data, you may contact us at any time using the contact details provided in the imprint.
The data we process are deleted or restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, stored data will be deleted as soon as they are no longer required for their intended purpose and no legal retention obligations prevent deletion. If data cannot be deleted because they are required for other legally permissible purposes, their processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons. According to statutory requirements in Germany, retention is particularly for 10 years pursuant to §§ 147(1) AO, 257(1) Nos. 1 and 4, (4) HGB (books, records, management reports, booking receipts, commercial books, documents relevant for taxation, etc.) and 6 years pursuant to § 257(1) Nos. 2 and 3, (4) HGB (commercial letters).
SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This ensures that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser bar.
Server Log Files
You can generally use our website without disclosing your identity. When accessing our website, information is automatically transmitted to our server by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
These data are not merged with other data sources. The legal basis for data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
Hosting and Email Delivery
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services that we use for the purpose of operating this online offering.
In doing so, we and our hosting provider process inventory data, contact data, content data, contract data, usage data, and meta/communication data of customers, prospects, and visitors to this online offering based on our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
Links
This privacy policy does not extend to external links provided on our website. We strive to ensure that the links listed comply with applicable data protection and security standards. However, we have no influence on the compliance of other providers with data protection and security regulations. Please therefore also inform yourself about the privacy policies provided on the websites of other providers.
Contact Form
Data transmitted via the contact form, including your contact details, are stored in order to process your inquiry or to be available for follow-up questions. These data will not be passed on without your consent. The processing of data entered into the contact form is based exclusively on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time. A simple email notification is sufficient. The legality of data processing carried out until the revocation remains unaffected. Data transmitted via the contact form remain with us until you request deletion, revoke your consent to storage, or the purpose of data storage no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.
Google reCAPTCHA
Our website uses the Google service “reCAPTCHA” to determine whether the form provided on this website is being completed by a natural person or abusively by an automated program. This involves sending the IP address and, if necessary, other data required by Google for reCAPTCHA to Google. The differing privacy policies of Google apply, which you can find at: https://www.google.com/intl/en/policies/privacy. . By using the website, you implicitly agree to these privacy policies. Please do not use our website if you do not agree with these privacy policies.
Orders via Our Website
You can place orders via our website either as a guest without registering, or by registering in our shop as a customer for future orders. Registration offers the advantage that you can log in directly with your email address and password for future orders, without having to re-enter your contact details.
Your personal data are entered into an input form, transmitted to us, and stored. When placing an order via our website, we collect the following data, both for guest orders and for registered customers:
Title, first name, last name
A valid email address
Delivery and billing address
Selected payment method
These data are collected in order to:
Identify you as our customer
Process, fulfill, and manage your order
Correspond with you
Issue invoices
Handle any liability claims and assert possible claims against you
Ensure the technical administration of our website
Manage our customer data
As part of the ordering process, your consent to the processing of these data is obtained.
Data processing is carried out based on your order and/or registration and is necessary pursuant to Art. 6(1)(b) GDPR for the purposes mentioned, to properly process your order and to fulfill mutual obligations under the purchase contract.
The personal data collected by us for processing your order are stored until the expiry of the statutory retention period and then deleted, unless we are obliged to longer storage pursuant to Art. 6(1)(c) GDPR due to tax and commercial law retention and documentation obligations (from HGB, StGB, or AO), or you have consented to further storage pursuant to Art. 6(1)(a) GDPR.
Disclosure of Data
Your personal data will only be disclosed to third parties involved in the execution of the contract, such as the logistics company responsible for delivery and the credit institution responsible for payment matters. In cases where personal data are disclosed to third parties, the scope of the transmitted data is limited to the necessary minimum.
For payments via PayPal, credit card via PayPal, direct debit via PayPal, or “purchase on account” via PayPal, we transmit your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or “purchase on account” via PayPal. The result of the credit check regarding the statistical probability of default is used by PayPal to decide on the provision of the respective payment method. The credit check may contain probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data are also included in the calculation of score values. Further data protection information can be found in PayPal’s privacy principles: https://www.paypal.com/webapps/mpp/ua/privacy-full
Your personal data will not be transferred to third parties for purposes other than those mentioned above.
We only share your personal data with third parties if:
You have given your express consent pursuant to Art. 6(1)(a) GDPR,
The transfer is necessary pursuant to Art. 6(1)(f) GDPR for the establishment, exercise, or defense of legal claims, and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
There is a legal obligation to transfer pursuant to Art. 6(1)(c) GDPR, or
It is legally permissible and necessary pursuant to Art. 6(1)(b) GDPR for the performance of contractual relationships with you.
As part of the ordering process, your consent to the transfer of your data to third parties will be obtained.
YouTube
For the integration and display of video content, our website uses plugins from YouTube. The provider of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you access a page with an integrated YouTube plugin, a connection to YouTube’s servers is established. YouTube is thereby informed which of our pages you have visited. If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out beforehand.
The use of YouTube is in the interest of presenting our online offerings in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Details on how YouTube handles user data can be found in YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy..
Legal Validity of this Privacy Policy
This privacy policy is to be regarded as part of our website offering. If parts or individual formulations of this text do not, no longer, or not fully comply with the applicable legal situation, the remaining parts of the document remain unaffected in their content and validity.
Status: November 2020