Privacy Policy
Communication relating to processing of personal data (data protection notices)
Welcome to the data protection area of ZWOD Vertriebs und Logistik GmbH. Thank you for your interest in our undertaking. We would like to provide you with this data protection information to inform you in detail about what data we collect, when we collect them and how they are processed.
Controller
The controller in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is:
- ZWOD Vertriebs und Logistik GmbH
- Ferdinand-Schultze-str. 91
- 13055 Berlin, Germany
- Telephone +49 30 915 08 245
- Fax +49 30 82071038
- Email sales@zwodltd.de
Data protection officer
The European Commission provides a platform for online dispute resolution (OS): https://ec.europa.eu/consumers/odr. Please find our email in the contact information.
We do not take part in online dispute resolutions at consumer arbitration boards.
General information on the collection of personal data
Below, we inform you transparently about the nature and scale of the processing of personal data
- collected within the framework of your visit to our website
- use of our online offers
- external online presence on social media platforms
- in the scope of application procedures
- our branch offices
- and for business transactions with clients and service providers
The requirements of the General Data Protection Regulation GDPR and the supplementary regulations of the new Federal Data Protection Act (Bundesdatenschutzgesetz neu; BDSG-neu) form the statutory basis for our data protection.
Purpose/legal basis of the processing
In such cases where we acquire your consent for processing activities concerning personal data, point (a) of Article 6 (1) GDPR serves as the legal basis.
During processing of personal data that is necessary to comply with a contract concluded between you and us, point (b) of Article 6 (1) GDPR serves as the legal basis. This also applies to processing activities that are necessary to carry out pre-contractual measures.
If processing of personal data is necessary to perform a legal obligation that we are subject to point (c) of Article 6 (1) GDPR serves as the legal basis.
If any vital interests of the data subject or any other natural person require processing of personal data, point (d) of Article 6 (1) GDPR is the legal basis.
If processing of personal data is required to maintain a legitimate interest of our undertaking or a third party and if your interests, fundamental rights and fundamental freedoms of the data subject do not override the former interest, point (f) of Article 6 (1) GDPR is the legal basis for processing.
Passing on personal data
If we transmit your personal data to any other bodies or disclose them to these within the framework of our processing activities, this will be done exclusively on the basis of one of the aforementioned legal bases. Recipients of these data may include, among other things, payment service providers within the framework of contract performance. In such cases, where we are obligated to do so by law or court order, we will be required to transmit your information to bodies with a right of access.
If any external service providers support us in processing your data (e.g. data analysis, newsletter dispatch), this is done within the framework of commissioned processing in accordance with Article 28 GDPR. This way, we only enter into corresponding contracts with service providers who offer sufficient guarantees that suitable technical and organisational measures ensure the protection of your data.
Data transmission to third countries
Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is in accordance with the statutory requirements. Subject to explicit consent or contractually or statutorily required transfer, we process or have the data processed only in third countries with a recognised level of the protection of personal data or according to Article 44 et seq. GDPR based on special guarantees, such as contractual obligation by standard protection clauses of the EU Commission (Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Storage of the data
As soon as the respective purpose for the storage no longer applies, we will delete or block your personal data. Your personal data will only be stored beyond this if special statutory retention periods (in particular commercial and tax retention obligations) on a national or European level prevent erasure.
Definitions
Our data protection notice is based on terms used in the GDPR and defined there. To ensure that our provisions on data protection are easy to read and understand, we would like to explain the most important terms in advance.
Personal data
"Personal data" are any data that refer to an identified or identifiable natural person (hereinafter: "Data Subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Controller
"Controller" means the natural or legal person, public authority, institution, or other body who/that determines the purpose and means of processing of personal data alone or jointly with others. If the purposes and means of this processing are specified by Union or the Member State law, the controller, or the specific criteria of its designation, may be specified according to Union law or the law of the Member States.
Pseudonymisation
"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not associated with an identified or identifiable natural person.
Processor
The "processor" is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.Recipient
The "recipient" is a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, independently of whether the recipient is a third party or not. Public authorities that may receive personal data within the framework of a specific inquiry under Union or Member State law are, however, not deemed recipients.
Third party
"Third parties" are any natural or legal person, public authority, agency, or other body, except for the data subject, controller, processor, and persons who, under the immediate authority of the controller or processor, are authorised to process personal data.
Consent
"Consent" is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by any other clear affirmative act, signifies agreement to the processing of personal data concerning him or her.
Profiling
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Rights of data subjects
Processing of personal data gives you, as the natural person who is the data subject, several rights that you may exercise against us at any time. These are:
- Right to withdraw a declaration of consent under data protection law in accordance with Article 7 (3) GDPR
- Right to communication of your personal data stored by us in accordance with Article 15 GDPR
- Right to rectification of inaccurate or completion of incomplete data in accordance with Article 16 GDPR
- Right to erasure of your data stored by us in accordance with Article 17 GDPR
- Right to restriction of processing of your data in accordance with Article 18 GDPR
- Right to data portability in accordance with Article 20 GDPR
- Right to object in accordance with Article 21 GDPR
- Right to data portability in accordance with Article 20 GDPR
- Objection right in accordance with Article 21 GDPR
- Automated decision-making in individual cases, including profiling, in accordance with Article 22 GDPR.
Right to information
You have the right to learn from us whether and – if so – which of your personal data we process and to demand copies of your personal data. Please note that your right of access may be restricted in specific circumstances in accordance with the statutory rules.
Right to rectification
If the information concerning you is not (or is no longer) correct, you have the right to demand rectification of the incorrect personal data concerning you without undue delay and, if necessary, completion of incomplete personal data.
Right to erasure
In accordance with the statutory provisions, you have the right to demand that data concerning you be erased without undue delay, e.g. if the data are no longer required for the purposes pursued and the statutory storage and archiving regulations do not prevent erasure.
Right to restriction of processing
Within the framework of the provisions of Article 18 GDPR, you have the right to demand restriction of the processing of the data concerning you, e.g. if you have objected to the processing, for the duration of the review of whether the objection can be accepted.
Right to data portability
You have the right to have any data provided to us by you transferred to you or a third party in a commonly used machine-readable format. If you demand direct transmission of the data to another controller, this shall be done only as far as it is technically feasible.
Right to withdrawal of the declaration of consent under data protection law
If processing of your personal data is based on consent given by you, you have the right to withdraw that consent at any time. The withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.
You may send your withdrawal without any requirements of form to: ZWOD Vertriebs und Logistik GmbH, Ferdinand-Schultze-str. 91,13055 Berlin, Germany, email: sales@zwodltd.de. Please note that your objection can also be made in further procedures or must be made for technical reasons. Further information on this can be found in the respective services described.
Right to object to processing
Under the conditions of Article 21 (1) GDPR, you may object to processing activities on the basis of Article 6 (1) (e) or (f) GDPR for reasons arising from your particular situation. This shall also apply to profiling based on these provisions. If you make use of your right to object, we shall no longer process your personal data concerned, except if we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or if processing serves to establish, exercise or defend legal claims.
You may send your objection without any requirements of form to: ZWOD Vertriebs und Logistik GmbH, Ferdinand-Schultze-str. 91,13055 Berlin, Germany, email: sales@zwodltd.de. Please note that your objection can also be made in further procedures or must be made for technical reasons. Further information on this can be found in the respective services described.
Right to lodge a complaint with the data protection authority
In accordance with Article 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that processing of your personal data is not done lawfully. The supervisory authority competent for our undertaking has the following address:
- The Hessian Data Protection Commissioner
- P.O. Box 3163
- 65021 Wiesbaden
- Phone: +496111408-119
- Fax: +49 611 1408-919
- Email: Poststelle@datenschutz.hessen.de
Automated decision-making in an individual case, including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which produces legal effect concerning you or similarly relevantly affects you.
Use of online services
Below, we will inform you when and in what context data are processed when you use our online services.
Collection of personal data during a visit to our website
If you use our website for information only, i.e. if you do not register or otherwise transmit any information to us, we will collect the personal data your browser transmits to our server exclusively. When you view our website, we collect the information listed below. These are technically necessary to display our website to you and to ensure the stability and security of the presentation (legal basis is point (f) of the first sentence of Article 6 (1) GDPR):
- IP address
- Date and time of the query
- Time-zone difference against Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Respective transmitted data volume
- Website from which the query was sent
- Right to data portability in accordance with Article 20 GDPR
- Browser
- Operating system and its interface
These data are temporarily stored in the log files of our system for a maximum duration of 90 days. Storage beyond this is possible. In such a case, the internet protocol addresses shall, however, be deleted or changed so that it can no longer be assigned to the calling client.
Use of cookies
In addition to the above data, cookies will be stored on your terminal device (e.g. PC, laptop, smartphone) when you use our website. Cookies are small text files that are stored on your terminal device associated with the browser you use and through which the body that sets the cookie (we, in this case) will receive specific information. Cookies cannot execute programs or transmit malware to your terminal devices. They serve to make the online offer as a whole more user-compatible and effective.
This website uses the following types of cookies, the scale and function of which are explained below:
Transient cookies
Transient cookies are automatically deleted when you close the browser. This in particular includes the session cookies. They store a session ID with which various queries of the browser can be assigned to a shared session. This makes it possible to recognise your computer when you return to our website. The session cookies will be deleted when you log out or close the browser.
Persistent cookies
Persistent cookies are deleted automatically after a specified duration that may differ depending on cookie. You may delete the cookies in the security settings of your browser at any time.
We use cookies on our website, which are generated by us as the website operator, and which are necessary for the full function and presentation of our offer on the website. We use these cookies for legitimate interest of securing our online offer according to point (f) of Article 6 (1) GDPR.
In addition to the cookies placed by us as the controller, cookies provided by other providers are also used. We process such cookies based on your consent pursuant to point (a) of Article 6 (1) GDPR and/or on the basis of our legitimate interests pursuant to point (f) of Article 6 (1) GDPR. Further information on the use of and cooperation with external service providers can be found in the data protection information of the respective online offers.
You may configure your browser settings according to your wishes and, e.g., refuse the acceptance of cookies from external providers, or all cookies. However, please note that you may not be able to use all features of this website. If you have agreed to accept cookies and would like to object to this for the future, you can delete the stored cookies in the settings of the browser you are using.
Cookie settings in web browsers
Web browsers can be set to notify you when a cookie is set, or to reject or disable cookies generally or partially. You can also withdraw any consent you have previously given by deactivating and deleting all cookies. If you disable or restrict cookies using your browser, certain features may not be provided for you on our website. You may use your web browser to delete stored cookies at any time, even automatically.
Use the following links to learn about this option for the most commonly used browsers:
If the cookie settings have not been restricted, cookies intended to allow and ensure the necessary technical features shall be stored on your terminal device until you close the browser; other cookies may remain on your terminal device for longer.
SSL- OR TLS encryption
Our website uses TLS encryption (formerly SSL) for security and to protect the transmission of confidential content. Orders or contact requests that you send to us are thus made via transport encryption. Depending on the browser type, you can recognise these either by the lock symbol and/or the https protocol in the address line.
Contact
Contact form
When you contact us via a contact form, the complete data disclosed by you (your email address, possibly your name, your address, and your phone number) will be stored by us in order to comply with your request. The data entered in the contact form shall be processed based on your consent in accordance with point (a) of Article 6 (1) GDPR. If your contact request is related to the carrying-out of a contract or the implementation of pre-contractual measures, we process your data on the basis of point (b) of Article 6 (1) GDPR. We will erase the data arising in this context after storage is no longer necessary, or we shall restrict processing if there are any statutory archiving obligations. You may withdraw your consent at any time. The lawfulness of the processing activities performed until the withdrawal shall remain unaffected by this.
Queries by email, phone, or fax
When you contact us by email, phone, or fax, the full personal data disclosed by you (your email address, possibly your name, address, and phone number) will be saved by us in order to answer your request. We will not pass on your data without your consent.
These processing activities will take place on the basis of point (b) of Article 6 (1) GDPR, provided that your query is connected to compliance with a contract or necessary to carry out pre-contractual measures. In any other case, we shall process your data on the basis of your consent pursuant to point (a) of Article 6 (1) GDPR and/or on the basis of our legitimate interests pursuant to point (f) of Article 6 (1) GDPR. Our legitimate interest is in particular in the effective processing of your request.
The data you submitted to us in contact requests will remain with us until you request that we erase them, withdraw your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been completely processed). Mandatory legal provisions – in particular statutory archiving periods – shall remain unaffected by this.
Chat queries
Userlike
For the efficient processing of your inquiries we use the live chat "Userlike" on our website. The provider is Userlike UG, Probsteigasse 44-46, D-50670 Cologne. Userlike uses cookies to enable you to have a personal conversation with us in the form of a real-time chat. Users do not have to sign in with their name to use the feature. They can use an anonymous chat. We use the privacy mode when using Userlike, i.e. your internet protocol address is stored in anonymous form in the cookies and is not used to identify you personally.
Processing of personal data on the basis of point (f) of Article 6 (1) GDPR is based on our legitimate interest in the commercial operation, optimised ability to communicate with users and security of our information technology systems.
Disclosure of any further personal data about yourself during the anonymous chat happens freely. The legal basis for processing of your data is the presence of your consent based on point (a) of Article 6 (1) GDPR.
The history of the live chats will be kept for 90 days for quality assurance purposes or in case of queries regarding requests (live chats). If you do not wish this, you can object to the storage. We will then erase saved chats without undue delay.
The information about your usage and related data of the live chat are collected, stored, and processed on servers of Userlike in Germany.
Processing of the data collected by Userlike is performed on our behalf and on the basis of a data processing contract.
For more information, please see Userlike's privacy policy: https://www.userlike.com/de/terms#privacy-policy.
Online shop
We provide an online shop for purchase of our products. In this context, we process your personal data on the basis of point (b) of Article 6 (1) GDPR. Mandatory information necessary for processing of the contracts is marked separately. Any other information is provided freely. Data necessary for the conclusion, carrying-out, or termination of a contract include:
- First name, last name
- Billing and delivery address
- Email address
- Billing and payment details
As far as we do not use your contact details for advertising purposes, we store the data collected for the processing of the contract until the expiration of the statutory requirements. Retention periods from commercial and tax law obligate us to store the necessary information for a period of ten years (after conclusion of the contract).
Within the framework of the order handling, we pass your necessary data (title, first name and surname, address, and email address) on for the purpose of the compliance with the contract (point (b) of Article 6 (1) GDPR) if necessary to the following third parties that will use these data for the carrying-out and distribution of the order. The third parties referred to are logistics service providers, shipment tracking services, returns processing, complaints services, etc.
Customer account/registration
You may freely set up a client account through which we may store your data for later further purchases. When you set up an account, the data indicated by you will be stored until withdrawal. At the same time, we then save the internet protocol address as well as the date and time of your registration. These data will not be passed on to any third parties.
The legal basis for processing of the data is the presence of your consent in accordance with point (a) of Article 6 (1) GDPR. If registration serves compliance with a contract the party of which you are or carrying-out of pre-contractual measures, the additional legal basis for processing of the data is point (b) Article 6 (1) GDPR.
In addition to the data requested when placing an order, you must indicate a password of your choice to set up a client account. This is used together with your email address to access your client account. Please treat your personal access data confidentially and in particular do not make them accessible to unauthorised third parties.
Your data will only be used as long as it is necessary for the existing client relationship. In addition, you can view and amend the data stored about you in your client account at any time. You have the option to cancel your user account at any time. In such a case, your data will be deleted unless we are obligated to retain it due to commercial and tax law requirements.
Payment systems/creditworthiness check/fraud prevention
You can choose between different payment methods in our online shop. For this purpose, we collect the respective payment-relevant data in order to be able to carry out your order as well as the payment processing. In addition to this, your internet protocol address is processed for technical necessity as well as for legal protection.
Specific personal data (mandatory data) without which we cannot carry out the contract will be transmitted to our payment service providers for payment processing, depending on the selected payment method.
The payment system we use applies TLS encryption to protect the transmission of your data.
Credit card payment
When paying by credit card, your necessary details, such as name, address as well as the purchase data will be forwarded to the respective credit card company.
As usual with credit card payments, the credit card information will be reviewed, and an authorisation is carried out by Mollie.com.
Advance payment
In the case of payment in advance, you will receive an invoice in advance. Once you have made this transfer to the specified bank account and the invoiced amount has been booked there, we will deliver the ordered items without undue delay.
PayPal
PayPal is an undertaking of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg. If you choose the payment option "PayPal" when ordering from our online sop, data on you will be automatically transmitted to PayPal. By selection of this payment option, you consent to transfer of personal data as required to process the payment. As a rule, the personal data transmitted to PayPal are: First name, last name, address, email address, internet protocol address, telephone number, mobile phone number necessary for payment processing. In order to process the purchasing contract, such personal data that are connected to the respective order are also necessary.
PayPal's applicable privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Direct transfer
On our website we offer, among other things, payment by way of "Sofortüberweisung" direct transfer. The provider of this payment service is Sofort GmbH, Theresienhöhe 12, D-80339 Munich. The "direct transfer" procedure will give us a payment confirmation from Sofort GmbH in real time, which allows us to start complying with our commitment without undue delay.
If you have chosen the payment type "direct transfer", you will transmit the PIN and a valid TAN to Sofort GmbH, to allow it to log in to your online banking account. Sofort GmbH will review your account balance automatically after logging in and perform the transfer to us using the TAN transmitted by you. They will then transmit a confirmation of the transaction to the service provider without undue delay. After logging in, your turnovers, the credit limit of the overdraft facility, and the presence of other accounts, as well as their balances, will be verified automatically.
In addition to the PIN and TAN, the payment details entered by you and details concerning your person will be transmitted to Sofort GmbH. The data concerning your person are: your first and last names, address, phone number(s), email address, internet protocol address, and any other data necessary for processing the payment. These data must be transferred to determine your identity without doubt and to prevent attempted fraud.
Transfer of your data to Sofort GmbH will be based on point (a) of Article 6 (1) GDPR (consent) and point (b) of Article 6 (1) GDPR (compliance with a contract). You have the option to withdraw your consent to processing activities at any time for the future. Withdrawal will not affect the effectiveness of any processing activities in the past.
For details on data protection in the case of payment by direct transfer, please refer to the following link: https://www.sofort.de/datenschutz.html..
Creditworthiness check
As far as we make any advance deliveries to you within the framework of our range of goods or services (e.g. by in principle allowing the option of payment by invoice), we reserve the right to obtain creditworthiness information from the following undertaking on the basis of mathematical statistical procedures in order to protect our legitimate interests:
Creditsafe Deutschland GmbH, Schreiberhauer Straße 30, D-10317 Berlin,
www.creditsafe.com
For this purpose, we transmit the personal data required for a credit assessment and use the information received about the statistical probability of a payment default. The credit rating may contain probability values (score values) that are calculated based on scientifically recognised mathematical-statistical procedures. For this, the future payment default risk of the client is concluded from a multitude of features, such as income, address data, profession, marital status, and previous payment behaviour. The outcome is expressed in the form of a payment value (score). The information received this way is the basis for our decision on establishing, carrying-out, and termination of the contractual relationship. The option to select one of the provided payment types does not depend on such information, however.
Processing activities for purposes of marketing
Direct marketing
If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing in accordance with Article 21 (2) GDPR, which includes profiling to the extent that it is connected to such direct marketing. If you object, your personal data will subsequently no
longer be used for the purpose of direct marketing.
Product recommendation by email
With your consent, you can subscribe to our newsletter in which we will inform you about current interesting offers. We will regularly report on product offers of our range, events/trade fairs, special sales actions, tips to our product ranges, offers of our cooperation partners.
We use the double opt-in procedure for subscribing to our newsletter. This means that we send an email to your indicated email address after your subscription, in which we ask you to confirm that you desire to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be locked and erased automatically after one month. Furthermore, we store the internet protocol addresses used by you from time to time and the times of registration and confirmation each. The purpose of this procedure is to demonstrate your registration and to investigate any possible misuse of your personal data.
The only mandatory information for transmission of the newsletter is your email address. Indication of further, separately marked data is done freely and used in order to contact your personally. After you confirm this, we will store your email address for the purpose of sending you the newsletter. The legal basis is point (a) of Article 6 (1) GDPR (consent).
Newsletter
With your consent, you can subscribe to our newsletter in which we will inform you about current interesting offers. We will regularly report on product offers of our range, events/trade fairs, special sales actions, tips to our product ranges, offers of our cooperation partners.
We use the double opt-in procedure for subscribing to our newsletter. This means that we send an email to your indicated email address after your subscription, in which we ask you to confirm that you desire to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be locked and erased automatically after one month. Furthermore, we store the internet protocol addresses used by you from time to time and the times of registration and confirmation each. The purpose of this procedure is to demonstrate your registration and to investigate any possible misuse of your personal data.
The only mandatory information for transmission of the newsletter is your email address. Indication of further, separately marked data is done freely and used in order to contact your personally. After you confirm this, we will store your email address for the purpose of sending you the newsletter. The legal basis is point (a) of Article 6 (1) GDPR (consent).
You may withdraw your consent to transmission of the newsletter at any time and unsubscribe from the newsletter. You may withdraw your consent by clicking the link (unsubscribe) provided in each newsletter email or by calling +49 561-95885-9.
We cooperate with the following email marketing provider:
CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, D-26180 Rastede, Germany
Data protection notices: https://www.cleverreach.com/de/datenschutz/
Conclusion of a contract on processing activities
We have entered into an order data processing contract with CleverReach. It obligates CleverReach to protect the data of our clients and not to pass them on to third parties.
Please note that we will evaluate your user behaviour when we send you the newsletter. For this evaluation, the emails sent contain web beacons or tracking pixels that are one-pixel picture files stored on our website. For the evaluations, we couple data and the web beacons to your email address and an individual ID. Links contained in the newsletter contain this ID as well.
The data are collected exclusively pseudonymised, the IDs are also not coupled to your further personal data; direct reference to a person is excluded.
You can object to this tracking at any time by clicking the separate link (unsubscribe) provided in each email. The information will be stored for as long as you have subscribed to the newsletter. After unsubscription, we will store the data purely statistically and anonymously.
Such tracking also is not possible when you have deactivated display of pictures in your email program by default. In such a case, the newsletter will not be displayed entirely and you may not be able to use all features. If you have the pictures displayed manually, the above tracking will take place.
Analysis tools
Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google"). Google Analytics uses “cookies". These are text files that are stored on your computer and that permit analysis of your use of the website. As a rule, the information produced by the cookie regarding your use of this website transmitted to servers of Google in the USA and stored there. If internet protocol address anonymisation (AnonymizeIP) was activated on this website, your internet protocol address will be shortened by Google, however, within the member states of the European Union or in other states that are party to the Treaty on the European Economic Area. Only in exceptional circumstances will your full internet protocol address be transmitted to servers of Google in the USA and abbreviated there. On the order of the provider of this website, Google will use this information to evaluate your use of the website, in order to compile reports on the website activities and to provide further services connected to website use and internet use towards the website provider.
The internet protocol address transmitted by your browser within the context of Google Analytics will not be combined with any other Data of Google. .
This website uses Google Analytics with the extension "Anonymize IP". This causes internet protocol addresses to be abbreviated before further processing; reference to a person can be virtually excluded this way. If the data collected about you have any personal reference, they will be erased at once. .
We use Google Analytics in order to analyse use of our website and regularly improve it. The statistics acquired enable us to improve our offer and to make it more interesting for you as the user. The legal basis for use of Google Analytics is our legitimate interest in product improvement in accordance with point (f) of Article 6 (1) GDPR. .
We also use Google Analytics for device-comprehensive analysis of visitor flows that is performed via a user ID. In your client account, under "My data", "Personal data", you can deactivate device-comprehensive analysis of your use. .
You may prevent storage of the cookies by making the corresponding settings in your browser software; however, note that you may not be able to fully use all features of the website in such a case. You may furthermore prevent recording of the data generated by the cookie and referring to your use of the website (incl. your internet protocol address) and processing of these personal data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. .
Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: https://www.google.com/analytics/terms/de.html, Data protection overview: https://support.google.com/analytics/answer/6004245?hl=de and the data protection policy: https://policies.google.com/privacy?hl=de&gl=de.. .
Marketing tools
Google Ads
This website uses "Google Ads" (formerly Google AdWords), a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads makes it possible to draw attention to attractive offers of already visited websites with the help of advertising media on external websites. This determines the success of individual advertising measures. These advertising means are delivered by Google via "Ad Servers". This is done using AdServer cookies through which certain parameters for measuring success, such as display of the ads or clicks by the users, can be measured. If you have reached our website through a Google ad, Google Ads will place a cookie on your terminal device. As a rule, these cookies are valid for 30 days. Cookies are not used to identify you personally. As a rule, this cookie stores the following information as analysis values: Unique cookie ID, number of Ad Impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wants to be contacted) will usually be saved as analysis values. These cookies allow Google to recognise your web browser. If the user visits specific contents or pages of the website of the Google Ads client and the cookie stored on his computer has not expired yet, Google and the client will be able to tell that the user has clicked the display and was forwarded to this website. A different cookie is associated with each Google Ads client. Cookies cannot thus be tracked via the website of Google Ads clients. We collect and process no personal data in the advertising measures named. We only receive statistical evaluations from Google that have been rendered anonymous. Based on these evaluations, we can see the effectiveness of the advertising measures used. We will not receive any further data from use of the advertising means, and in particular cannot identify the users based on this information. The marketing tools used will cause your browser to automatically establish a directly connection with the Google servers. We cannot influence the scale and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge Google is informed that you have called the corresponding part of our website or that you have clicked one of our ads. If you have a user account with Google and are registered, Google may assign the visit to your user account. Even if you are not registered with Google or not logged in, it is possible that Google will learn your internet protocol address, store it, and process it for other purposes.
We use Google Ads for marketing and optimisation purposes, in particular to provide you with relevant and interesting advertisements, to improve evaluations of campaign performance and to achieve a fair calculation of advertising costs. This also includes our legitimate interests in processing of the above data by third-party providers. The legal basis is point (f) of Article 6 (1) GDPR.
You may prevent the function of cookies by deleting present cookies and disabling the storage of new cookies in your web browser settings. However, please note that you may not be able to fully use all features of our website in such a case. You can also prevent cookies from being stored is also possible by setting your web browser to block cookies from the domain www.googleadservices.com via https://www.google.de/settings/ads. Please note that this setting will be deleted when you delete your cookies. You can also opt out of interest-based ads using the https://optout.aboutads.info link. Please note that this setting will be deleted as well when you delete your cookies in your web browser.
Information on the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland
Further information on data use by Google, setting and objection options, as well as data protection can be taken from the following websites of Google:
- Data protection policy: https://policies.google.com/privacy?hl=de&gl=de
- Google Website statistics: https://services.google.com/sitestats/de.html
Integrated third-party contents
Google Maps
On this website, we use the offer of Google Maps. This enables us to display interactive maps directly on the website and allows comfortable use of the map function for you.
By your visit to the website, Google will be informed that you have called up the corresponding sub-page of our website. In the process, metadata are transmitted to the service provider, which may be personal. Google will also obtain your internet protocol address. This is done independently of whether Google provides a user account through which you are logged in or whether you have no user account. If you are logged in to Google, your data will be associated with your account directly. If you do not wish association with your profile at Google, please log out before you activate the function. The information collected by Google is also transmitted to Google (Google Inc.) servers in the USA. Google will store your data as usage profiles and use them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall in particular take place (even for users who are not logged in) in order to provide demand-oriented marketing and in order to inform other users of the social network of your activities on our website. You have a right to object to the generation of these user profiles. In order to exercise this right, you must contact Google.
The legal basis for such processing of your data is point (f) of Article 6 (1) GDPR (legitimate interest). Our legitimate interest is in attractive presentation of our online offer and to make it easier to find the places indicated by us on the website.
Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Further information on the purpose and scale of data collection and processing by the plugin provider is available in the data protection statements of the provider. It also contains further information on your rights in this respect and setting options for protecting your privacy: https://policies.google.com/privacy?hl=de&gl=de.
YouTube
We have integrated YouTube videos into our online offer that are stored on http://www.youtube.com and that can be played directly from our website. All of these are integrated in the "extended data protection mode", i.e. so that no data concerning you as user will be transmitted to YouTube if you do not play the videos. According to YouTube, the data are only transferred when you play the videos. We cannot influence this data transmission.
By your visit to the website, YouTube will be informed that you have called the corresponding sub-page of our website. Additionally, metadata are transmitted to the service provider, which may be personal data. This is done independently of whether YouTube provides a user account through which you are logged in or whether you have no user account. If you are logged in to Google, your data will be associated with your account directly. If you do not wish association with your profile at YouTube, log out before you activate the function. YouTube will store your data in usage profiles and use them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall in particular take place (even for users who are not logged in) in order to provide demand-oriented marketing and in order to inform other users of the social network of your activities on our website. You have a right to object to the generation of these user profiles. In order to exercise this right, you must contact YouTube.
YouTube is used in the interest of attractive display of our online offer. This is a legitimate interest within the meaning of point (f) of Article 6 (1) GDPR.
Information on the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
For more information on data protection, please refer to Google's website below: https://policies.google.com/privacy?hl=de.
Google Fonts
We use "Google Fonts" on our website, a service of Google Ireland Limited, (hereinafter referred to as "Google"). The service allows us to use external fonts, so called Google Fonts. For this, the required Google Font is loaded into the browser cache by your browser when you call up our website. This is necessary so that your browser can display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display. The integration of these web fonts is done by a server call, as a rule at a Google server in the USA. This informs the server of which of our websites you have visited. The internet protocol address of the browser of your terminal device is also stored by Google. We cannot influence the scale and further use of the data collected and processed by Google through the use of Google WebFonts.
We use Google Web Fonts for optimisation purposes, in particular to improve the use of our website for you and to make its design more user-friendly. This also includes our legitimate interests in processing of the above data by third-party providers. The legal basis is Article point (f) of the first sentence of Article 6 (1) GDPR.
Information on the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland
For more information on data protection, please refer to Google's data protection policy: https://policies.google.com/privacy?hl=de&gl=de.
For further information on Google Web Fonts, see https://fonts.google.com/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1/ und https://www.google.com/fonts#AboutPlace:about.
Google ReCAPTCHA
This website uses the reCAPTCHA service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, to determine whether specific inputs are made by people or computers (bots). This is done by analysing the actions of website users (e.g. mouse movements or queries). Google uses the terminal device's IP address, the visited website with a CAPTCHA function, date, and the duration of the visit as well as the data of the browser and operating system used to recognise the input type. Data processing takes place based on point (f) of Article 6 (1) GDPR. The website operator has a legitimate interest in protecting their web offering from abusive automated spying and spam. Within the scope of the use of Google reCAPTCHA, it is possible that personal data are transferred to servers of Google LLC. in the USA. Further information on Google reCAPTCHA and the Google data privacy statement can be found under the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html
Social media
Information on social media
We operate publicly accessible profiles on social networks to draw attention to our services and products. There we would like to get in contact with you as a visitor and user of these pages as well as our website.
In the scope of this, user data may be processed outside the area of the European Union. This may lead to in risks for you as a user and may make it more difficult for you to enforce your rights. When selecting the social media platforms we use, we observe that the providers undertake to comply with EU data protection standards.
If you visit one of our social media sites (e.g. Facebook), we, ZWOD Vertriebs und Logistik GmbH, Ferdinand-Schultze-str. 91, 13055 Berlin, Germany, are joint controllers with the operator of the respective social media platform within the meaning of the GDPR and other regulations under data protection law.
Processing activities on social media platforms
We cannot influence the processing of personal data by the respective platform operator. For instance, social networks such as Facebook may use your data for market research and purposes of marketing. Among other things, they may analyse user behaviour and create a user profile from the resulting interests of the user. The social media providers use cookies for storage and further processing of this information. These are text files that are stored on the user's various terminal devices. If you have a profile on the respective social media platform and are logged in to it, the storage and analysis even takes place across devices. This way, you can be shown interest-specific marketing in and outside of the respective social media site. The processing activities may also concern persons who are not registered as users with the respective social media platform.
Via social media platforms, statistical data of different categories are available to us. These statistics are generated and provided by the social media provider. As the provider of the fan page, we have no influence on the generation and presentation. We use these data that are available in aggregate form (total page views, likes, page activity, post interactions, reach, video views, post reach, comments, shared content, replies, proportion of men and women, country and city origin, language, shop views and clicks, route planner clicks, phone number clicks), to make our posts and activities on our fan page more attractive to users. Due to the constant development of social media platforms, the availability and processing of data is changing. As a result, we refer to the data protection policies of the platforms for further details on this.
Legal basis
The operation of these fan pages, including the processing of personal data of users, is based on our legitimate interests in a timely and supportive information and interaction opportunity for and with our users and visitors pursuant to point (f) of Article 6 (1) GDPR. Under certain circumstances, you may also have given a platform operator your consent to processing activities. In such a case, point (a) of Article 6 (1) GDPR is the legal basis.
See the data protection policies and information provided by the operators of the respective networks for a comprehensive presentation of the respective processing activities and the possibilities of objection (opt-out).
Duration of storage
The data recorded by us immediately through the social media page shall be deleted from our systems as soon as the purpose for storage no longer applies, you request us to erase them, you withdraw your consent to storage. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular archiving periods – shall remain unaffected by this.
The data recorded by us immediately through the social media page shall be deleted from our systems as soon as the purpose for storage no longer applies, you request us to erase them, you withdraw your consent to storage. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular archiving periods – shall remain unaffected by this.
Assertion of rights
You may in principle assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both towards us and towards the provider of the respective portal (e.g. towards Facebook).
Please note that we do not have complete access to your personal data in spite of joint controllership. As a result, please contact the providers of the social media platforms directly for information requests and the assertion of data subject rights. Only the providers have access to the data of the users and can directly take measures and provide communication. Please contact us if you need any help: ZWOD Vertriebs und Logistik GmbH, Ferdinand-Schultze-str. 91, 13055 Berlin, Germany, Email: sales@zwodltd.de.
Our social networks
Facebook:
Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendu
Data protection policy: https://www.facebook.com/about/privacy
objection option (opt-out): https://www.facebook.com/settings?tab=ads
Instagram:
Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Data protection policy: http://instagram.com/about/legal/privacy
objection option (opt-out): http://instagram.com/about/legal/privacy
Xing:
Provider: XING AG, Dammtorstraße 29-32, D-20354 Hamburg, Germany
Data protection policy: https://privacy.xing.com/de/datenschutzerklaerung
objection option (opt-out): https://privacy.xing.com/de/datenschutzerklaerung
YouTube:
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data Protection Policy: https://policies.google.com/privacy https://policies.google.com/privacy
objection option (opt-out): https://adssettings.google.com/authenticated
Data protection in job applications
We offer you the opportunity to apply to us by email or by post. Below, we inform you about the scale, purpose, and use of your personal data collected within the framework of the application process.
Scale and purpose of data collection
In order for us to be able to consider you in the application process for a specific position, you are required to submit a customary and informative application with which you inform us about your personality profile and qualifications.
As a rule, the personal data you provide and send to us as part of your application include:
Cover letter, curriculum vitae with the usual personal details (first and last name, date of birth, address, telephone number, email address, photo) as well as supporting documents and certificates.
In principle, we will only use your application documents to decide whether to fill the position for which you have explicitly applied. We process the personal data provided to us only to the extent that this is necessary for the purpose of deciding whether to establish an employment relationship with us. The legal basis for this is point (b) of Article 6 (1) GDPR, Article 88 GDPR in conjunction with the first sentence of § 26 (1) BDSG (new), as far as it concerns information that we receive from you within the framework of the application process (name, contact details, date of birth, details of your professional qualifications and school education or details of further professional training). If you freely make further information available to us, we process this on the basis of your consent in accordance with point (a) of Article 6 (1) GDPR. In the course of the application process, further personal data may be collected from you personally and from generally accessible sources for this information purpose. Your personal data will only be forwarded to persons involved in processing of your application within our undertaking.
If we process personal data about you to defend legal claims asserted by you against us from the application process, we refer to point (f) of Article 6 (1) GDPR as the legal basis. The legitimate interest is, for instance, a burden of evidence in a procedure under the general law on equal treatment (Allgemeines Gleichbehandlungsgesetz; AGG).
Categories of recipients of the personal data
Your personal data will be transferred to third parties exclusively for the purposes referred to below. We will only disclose your personal data received within the framework of the application process to third parties if:
- you have explicitly given your consent to this according to point (a) of Article 6 (1) GDPR, § 26 BDSG (neu)
- forwarding is required according to point (f) of Article 6 (1) GDPR to assert, exercise or defend any legal claims, and if there is no reason to assume that you have an overriding legitimate interest in your data not being forwarded
- if there is any legal obligation to forward the data according to point (c) of Article 6 (1) GDPR and if this is permitted by law and required according to point (b) of Article 6 (1) GDPR, first sentence of § 26 (1) BDSG (neu) for processing of contractual relationships.
Furthermore, your data will be passed on to technical service providers who will use your data exclusively on our behalf and under no circumstances for their own business purposes on the basis of Article 28 GDPR.
Transfer of your data to third countries outside the EU or the European Economic Area is not intended.
Archiving duration of the data
If we cannot offer you a job, if you refuse a job offer, withdraw your application, withdraw your consent to processing activities or ask us to erase your data, the data transmitted by you, incl. any remaining physical application documents, will be stored or archived for up to 6 months after the end of the application proceedings (archiving period), in order to be able to track the details of the application process if there are any discrepancies (point (f) of Article 6 (1) GDPR).
You may consent to the use of your application documents to fill other vacancies. A simple note in your cover letter shall be sufficient for this. If you choose this option, we will include you in our talent pool in accordance with point (a) of Article 6 (1) GDPR. We will then store your application for up to 12 months until your withdrawal. You may withdraw your consent at any time, effective for the future. A justified withdrawal shall not influence data processing activities that have already taken place.
If any application procedure leads to employment, we shall integrate your application documents in your personnel file on the basis of point (b) of Article 6 (1) GDPR, § 26 (1) BDSG-neu, for the purpose of establishing the employment relationship as well as the personality profile described by you that underlies the employment and your stated qualifications.
Provision of data
Provision of your personal data is not required by law in the initiation phase of an employment relationship. However, provision of personal data will be required to conclude an employment contract. This means that if you do not provide your personal data to us when applying for a job, we cannot and will not enter into an employment relationship with you.
Automated decision making
There is no automated decision-making in individual cases in the sense of Article 22 GDPR. This means that we evaluate your application personally and the decision about your application is not based exclusively on automated processing.
Stationary business premises
Security cameras
We use video surveillance in our stores for the purposes of detection and prevention of criminal offences and protection of property and vandalism. Sound is not recorded. The legal basis is point (f) of Article 6 (1) GDPR. Use of video surveillance is marked by a clearly visible icon in the branches. The resulting footage from the security cameras is always deleted 72 hours after recording. If a criminal offence is committed, we reserve the right to store the image material until the purpose of the collection no longer applies. The image recordings are not transmitted to third parties, with the exception of investigating authorities who request the image recordings in the event of a criminal offence. For installation and maintenance, maintenance companies mandated by us may have access to stored data.
Cashless payment processing
When you pay by debit card, credit card, or use the contactless payment method (NFC), we as a vendor collect personal data via the payment terminal. We then transmit this collected data to the network operator. The network operator and the respective payment service providers for accepting and settling payment transactions (acquirers) will further process the data, in particular for payment processing, to prevent card misuse, to limit the risk of payment defaults, and for statutorily prescribed purposes, e.g. to comply with anti-money laundering and criminal prosecution provisions. Your data will also be transmitted to other responsible parties, such as your card-issuing bank for these purposes.
Controller
We as vendor and the network operator or acquirer are each responsible for the processing of the data.
As the payment recipient, we are responsible for operation of the payment terminal at the checkout and, if applicable, for our internal network up to the point of secure transfer via the Internet or telephone line to the network operator. Network operators and acquirers are responsible for the further processing of the data, in particular for the execution and settlement of payment transactions.
When using electronic payment methods, data are transferred to PaySquare SE, Hahnstraße 25, D-60528 Frankfurt am Main, email: info@de.paysquare.eu
as the network operator.
For information on processing activities by PaySquare SE, please see provisions on data protection at https://epayment.de.worldline.com/de/home/privacy.html
Nature and scale
We process your card data (IBAN or account number and BIC, card expiry date, and card serial number) and other payment data (amount, date, time, terminal ID, place, undertaking, and branch where you pay, your signature).
If a direct debit is not redeemed (e.g. in the case of withdrawal), we collect the data relating to the return debit note as well as the data associated with the outstanding debt (first and last names, address, the proof of purchase, bank charges incurred, dunning fees, and the reason for the return debit note).
Most of the above data are stored on your card. We receive these data when the card is read at the payment terminal. We will receive your PIN or signature from you. If a return debit note is issued, we may receive data from your credit institution or bank.
Purpose/legal basis
We process your data in particular for carrying-out of the purchase contract (legal basis: point (b) of Article 6 (1) GDPR), for the compliance with statutory obligations (legal basis: point (c) of Article 6 GDPR) and for the investigation of fraud and other criminal offences (point (f) of Article 6 (1) GDPR) and our legitimate interest to protect our assets and to prevent payment defaults.
PaySquare SE processes the data in particular for payment processing (legal basis: point (b) of Article 6 (1) GDPR), to prevent card misuse, to limit the risk of non-payment (legal basis: point (f) of Article 6 (1) GDPR, achievement of the legitimate interest of asset protection) and for statutory purposes, such as anti-money laundering and criminal prosecution (point (c) of Article 6 (1) GDPR). Please contact your payment service provider or bank for additional information.
Disclosure to third parties
We transmit your above data to PaySquare SE for the purpose of payment processing. PaySquare SE in turn will transmit these data to your involved bank or the credit card company. As far as it is necessary for the payment processing, a transfer of your data may take place within the framework of this payment processing to further involved service providers.
Transfer to third countries
We do not transmit your payment data to third countries or organisations outside the EU. Such transfer can only take place if you pay with a credit card and the credit card company is located outside the EU.
Provision of data
Your data are provided freely. You are neither statutorily nor contractually obligated to provide your data to us. However, you cannot make a card payment without disclosing the data.
Business relationships
The subsequent information shows you how we handle your data when you contact us, when contractual negotiations take place with us and/or when there are any contractual agreements with us.
Purpose of the processing and legal basis
Processing activities take place for the purpose of the contract processing. Processing of your data is necessary in accordance with point (b) of Article 6 (1) GDPR for initiation of and compliance with contracts.
Furthermore, processing of your personal data may be necessary on the basis of point (f) of Article 6 (1) GDPR to protect our legitimate interests. Our legitimate interests consist in the avoidance of commercial detriments through credit checks, the invitation to events, assertion of legal claims, and avoidance of legal detriments (e.g. in the case of insolvency), prevention of threats and liability claims and avoidance of legal risks, mails, prevention of criminal offences.
Category of data and origin
We process the following categories of data:
Master data and contact details: Salutation, name (first and last name), department and function in the undertaking, address, email, telephone, fax, date of birth, purchase history, contract details, settlement data.
The data from the above categories of data were transmitted to us directly by our clients and interested parties.
Recipient
We will not pass on your personal data to any third parties. This shall exclude our service partners if this is necessary for compliance with the contract, such as parcel and letter delivery companies, banks for the collection of direct debits, tax authorities, possibly further enumeration such as credit agencies etc.
Duration of storage
The data stored concerning your person be deleted after the contract has been complied with, provided that there are no further statutory obligations to retain the data. These are, for example, commercial law and financial law data. These will be deleted after ten years according to the legal rules, provided that no longer storage time limits are stipulated or necessary due to legitimate grounds. If you withdraw your consent to the use of your data, they will be erased without undue delay, provided that the above grounds do not oppose this.
Right to object
You have the right to object to processing. You may object to use of your data at any time for the future.
Provision of data
The provision of personal data is contractually required or necessary for the conclusion of a contract. If the necessary personal data are not provided, this would have the consequence of rendering us unable to enter into a business relationship with you.