Privacy policy agreement – PROFINESS Onlineshop

1. Privacy policy

Data protection information
We take the protection of your personal data seriously and comply with the rules of the applicable data protection laws, in particular the EU General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG), as well as this data protection notice. We process personal data of our users only to the extent necessary to provide a functional website and our content, services, offers, etc. Personal data is any information relating to an identified or identifiable natural person. The data protection information provides you with an overview of what type of personal data is processed and for what purpose. In addition, this data protection notice specifies how we ensure the protection of your personal data.

2. Name and contact details of the controller

This data protection information applies to data processing by the following responsible party:

PROFINESS GmbH
Duisburg Local Court HRB 23344
Geschäftsführer: Michael Schreiber
Phone: +49 (0) 208 309 61 9-0
Fax: +49 (0) 208 309 61 9-09

3. Collection and storage of personal data and the nature and purpose of their use

a) When you visit our website
You can visit our website www.profiness.de and www.profiness-shop.de without having to provide us with any personal information (who you are). If you use our website for purely informational purposes, i.e. if you do not register or otherwise provide us with information about yourself, we only collect the personal data that your browser transmits to our server. When you visit our website www.profiness.de and www.profiness-shop.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

– IP address of the requesting computer
– Date and time of access
– Name and URL of the retrieved file
– Website from which the access is made (referrer URL)
– the browser used and, if applicable, the operating system of your computer as well as the name of your access provider, language and version of the browser software.

We process the specified data for the following purposes:
– Ensuring a smooth connection to the website
– Ensuring a comfortable use of our website
– Evaluation of system security and stability and
– Evaluation of system security and stability and

The legal basis for data processing is Art. 6 para. 1 S. 1 lit. f) EU-DSGVO. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. We also use cookies when you visit our website. Cookies do not damage your computer and do not contain viruses. You can find more detailed explanations on this in section 5 of this data protection notice.

b) Bei Nutzung unseres Webshops
When you use our web shop, e.g. by placing your offers, by accepting our offers, by registering or through other communication, we process the personal data you provide exclusively for the purpose of initiating or fulfilling the contract.

The legal basis for data processing is Art. 6 para. 1 S. 1 lit. b) EU-DSGVO. According to this, data processing is necessary for the conclusion or fulfilment of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

When you use our web shop, we process the following personal data transmitted by you:
– First name and surname (for companies: company)
– address
– Telephone number (landline number and/or mobile phone number)
– Fax number (only if available)
– E-mail address
– PayPal data

In addition, we collect the data relating to your
Order, i.e. which products you have ordered and at what price
(order data).

This data is processed for the purpose of fulfilling the contractual obligations, in particular for the dispatch of the goods, for processing the payment incl. the delivery of the goods. invoicing, for processing any warranty claims and for any related correspondence with you.

You can also create a customer account if you wish, in which we can store your personal data for future purchases. When you create an account under “User account”, the data you enter there is stored on a revocable basis. All other data, including your user account, can be deleted at any time in the customer area.

c) Processing based on legitimate interests If this is required for our business purposes, we process your data – apart from the initiation or fulfilment of a contract and your express consent – to protect the legitimate interests of our company, unless a consideration in individual cases shows that your legitimate fundamental rights and freedoms, which require the protection of personal data, prevail (see Art. 6 para. 1 lit. f) EU GDPR). Zu berechtigten Interessen unseres Unternehmens gehört: Direktwerbung, es sei denn, dass Sie der Nutzung Ihrer personenbezogenen Daten widersprochen haben.

Die Rechtsgrundlage für diese Datenverarbeitung ist Art. 6 Abs. 1 S. 1 lit. f) EU-DSGVO. Our legitimate interest arises on the one hand from the aim of giving users of our website the opportunity to comment on our posts, and on the other hand to prevent misuse of our comment function by processing the mandatory information and to be able to contact you if third parties should object to the content of the comment you have created and published as infringing the law.

When you provide a comment, your IP address and the time (date and time) at which the comment was sent are also processed.

The legal basis for this data processing is Art. 6 para. 1 S. 1 lit. f) EU-DSGVO. Our legitimate interest follows from the aim of preventing misuse of our comment function.

Your personal data will be processed as long as the comment function is provided and your comment is published there.

4. Transfer of data to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below. In particular, your data will not be passed on to third parties, e.g. for advertising purposes, without your express consent. We only pass on your personal data to third parties if:

– You have given your consent in accordance with Art. 6 para. 1 S. 1 lit. a) EU-DSGVO have given express consent to this
– this according to Art. 6 para. 1 S. 1 lit. b) EU-DSGVO is required for the processing of contractual relationships with you, e.g. to credit institutions for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods incl. shipment tracking, in the event of non-fulfilment of contractually agreed payments for the purposes of legal enforcement to lawyers and legal service providers
– in the event that the disclosure pursuant to Art. 6 para. 1 S. 1 lit. c) EU-DSGVO a legal obligation exists; or
– the disclosure pursuant to Art. 6 para. 1 S. 1 lit. f) EU GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data.

Among other things, we offer payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, (“PayPal” for short). If you wish to make payments via PayPal, we will provide the following personal data (title, first name and surname, for companies: company, address (street, house number)) as part of the contractual payment processing (Art. 6 para. 1 sentence 1 lit. b) EU GDPR): Company, address (street, house number, postcode, city, country), telephone number (landline and/or mobile phone number) and email address) to PayPal. Further information on the processing of this personal data by PayPal can be found in the PayPal Privacy Policy, which is available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full available.

5. Storage period and data erasure
In particular, your personal data will be erased as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed (Art. 17 para. 1 lit. a) EU-DSGVO). The data will then be erased unless, for example, storage is necessary for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject (Art. 78 GDPR). 17 para. 3 lit. b) EU GDPR), or is necessary for the establishment, exercise or defence of legal claims (Art. 17 para. 3 lit. e) EU GDPR). The statutory retention obligations represent a legal obligation, e.g. according to § 147 para. 1 No. 4, para. 3 sentence 1 AO, a retention period of 10 years for accounting data incl. Order and payment data and in accordance with § 257 para. 1 No. 2, 3, para. 4 HGB stipulates a retention period of 6 years for commercial correspondence, e.g. e-mail messages. The data will be blocked for the duration of the retention period, after which it will be deleted.

6. rights of data subjects
You have the right
– according to Art. 7 para. 3 EU-GDPR to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. The legality of the data processing carried out up to the revocation remains unaffected by your revocation

– to request information about your personal data processed by us in accordance with Art. 15 EU GDPR. You can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details

– in accordance with Art. 16 EU GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us

– to request the erasure of your personal data stored by us in accordance with Art. 17 EU GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims

– in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR

– in accordance with Art. 20 EU GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller

– to lodge a complaint with a supervisory authority in accordance with Art. 77 EU GDPR. The competent supervisory authority is the state data protection officer of the federal state in which our company is based. An overview of the state data protection officers and their contact details can be found at BFDI – State data protection authorities.

7. right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 S. 1 lit. f) EU GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR on grounds relating to your particular situation. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.

If you wish to exercise your right of cancellation or objection, simply send an e-mail to info@profiness.de.

8. Data security We use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

Our security measures are continuously improved in line with technological developments. You can recognise an encrypted connection by the prefix “https://” in the address line of the browser and the lock symbol in front of the browser line.

9. status and possible amendment of this data protection notice This data protection notice was last updated in June 2020. Due to technical developments and/or changes in legal or regulatory requirements, it may be necessary to amend this data protection notice. You can recognise whether changes have been made if the “Status” of the document has been updated in the first paragraph of this section 10. You can access and print out the current data protection information at any time on our website at – www.profiness.de – www.profiness-shop.de.

2. Additions to the privacy policy

a) When using PayPal
If you use the PayPal payment service, you should, for example, formulate the following in the privacy policy – under the heading “Disclosure of data to third parties” after the disclosure offences listed there: Among other things, we offer payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, (“PayPal” for short). If you wish to make payments via PayPal, we will provide the following personal data (title, first name and surname, for companies: company, address (street, house number)) as part of the contractual payment processing (Art. 6 para. 1 sentence 1 lit. b) EU GDPR): Company, address (street, house number, postcode, city, country), telephone number (landline and/or mobile phone number) and email address) to PayPal. Further information on the processing of this personal data by PayPal can be found in the PayPal Privacy Policy, which is available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full available.

b) Other
Further additions are in preparation and will be made available soon

3. information when collecting data (Art. 13 GDPR) Information and a sample on this topic can be found here

4. Technical and organizational measures (TOMs; Art. 32 GDPR) The sample form (please change company details) can be found here

5. Notification from a company data protection officer
In Art. 37 para. 7 GDPR is regulated: “The person responsible or the processor publishes the contact details of the data protection officer and communicates this data to the supervisory authority.” The supervisory authorities have announced that they will provide (online) reporting forms for this purpose. A preliminary version has e.g. B. the LDI Rhineland-Palatinate created a web form: To the form. The LDI Baden-Württemberg has published its online reporting form here. The LDI NRW reporting portal is currently (as of June 2, 2018) not yet functional. If you have to register a data protection officer, you should check the website of the responsible state data protection authority or ask the authority whether there is a form and which form is required.

6. Verpflichtungserklärung für Mitarbeiter
You can find an example provided by the LDI Bavaria here

7. Confidentiality Agreement
A template for a non-disclosure agreement is being prepared and will be made available shortly

8. List of processing activities
a) List of responsible persons
You can find the pattern here
b) List of processors
You can find the pattern here
c) Directory specifically for online Shops
You can find the pattern here

9. Deletion concept
Further information on a deletion concept can be found here, for example

10. Password concept
Detailed information on a password concept can be found here

11. Visitor Log Book
You can find a template for a visitor log book here

12. Correspondence with claimants a) Sample for information according to Art. 15 EU-GDPR
, lbYou can find the sample here
b) Information on the deadline for providing information in accordance with Art. 15 EU GDPR
You can find the information here

13. Request to provide data protection information
If you, as a natural person (note: legal entities are not covered by the GDPR), would like to request information about whether and which data another (natural or legal) person uses about you, this could be formulated as follows:

Request for information under data protection law

Dear (..), I hereby request that you provide information about whether and, if so, what data you have stored about me. The right to information is anchored in Article 15 GDPR. Its scope results from Article 15 paragraph. 1 and 2 GDPR. Thereafter, the data subject has the right to receive this information:

– Personal data that the controller processes about the data subject
– Processing purposes
– Categories of personal data processed
– Recipients or categories of recipients of the personal data processed
– Storage period or criteria for determining the storage period
– Reference to the data protection rights of the data subject
– Reference to the right to lodge a complaint with a supervisory authority
– Information about the origin of the data
– Informationen über die Herkunft der Daten
– Information about the appropriate guarantees in accordance with. – Information about the appropriate guarantees in accordance with.

According to Art. 12 Para. 3 S. 1 GDPR, you as the person responsible are obliged to process my application immediately.