Data Protection Policy
General information
The following information provides an overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. Further information on the subject of data protection can be found in this data protection policy, in accordance with the General Data Protection Regulation (GDPR) of the EU.
SSL or TLS encryption
This website uses SSL (“Secure Sockets Layer”) or TLS (“Transport Layer Security”) encryption for security reasons and to protect the transmission of any privacy-related content that you send to us, such as orders or e-mail conversations. You can recognize an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol in the browser address bar.
Responsible body
zenolicht GmbH
Nernststrasse 63
28357 Bremen
Germany
Tel.: +49 (0)421 5229211
E-mail: info@zenolicht.de
According to GDPR Article 37(4) and Section 38 No. 1 of the BDSG (Federal Data Protection Act, as amended on 25.05.2018), we are not obliged to appoint a data protection officer.
Scope of processing of personal data
We only process personal data of our users insofar as this is necessary to provide a functional website and to deliver our content and services. Processing of the personal data of our users takes place as a rule only after the consent of the user has been obtained. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is party, GDPR Article 6(1)(b) serves as the legal basis. This also applies to processing steps that are necessary prior to entering into a contract.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, GDPR Article 6(1)(c) serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, GDPR Article 6(1)(f) serves as the legal basis for processing.
Data erasure and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the operating system of the calling computer.
The following data are collected:
- Information about the browser type and version used
- User’s operating system
- User’s internet service provider
- Anonymized IP address of the user
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites accessed by the user's system via our website
The data are also stored in the log files of our system. The IP addresses of the user or other data that enable the assignment of the data to a particular user are not affected by this. These data are not stored together with other personal data of the user.
Legal basis for data processing
The legal basis for the temporary storage of data is GDPR Article 6(1)(f).
Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this, the IP address of the user must remain stored for the duration of the session.
Our legitimate interest in data processing in accordance with GDPR Article 6(1)(f) also lies in this purpose.
Duration of storage
The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest.
Possibility of objection and elimination
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
Use of cookies
Our website uses “cookies”. Cookies are small text files that are stored within the browser or by the browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is called up again.
We use cookies that are technically necessary to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page change.
The following data are stored and transmitted in the cookies:
- Language settings of a unique user until the end of the session for the shop (shopping cart, order process)
- Items in a shopping cart (stored in a database)
Legal basis for the use of cookies
The legal basis for the processing of personal data using technically necessary cookies is given by GDPR Article 6(1)(f).
Purpose of the use of cookies
The purpose of using technically necessary cookies is to simplify the use of websites for the users. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page change.
We need cookies for the following applications:
- Identification of the language setting
- Identification of a unique user until closing of the browser window for the shop (shopping cart, order process)
The user data collected by technically necessary cookies are not applied to create user profiles.
For this purpose, our legitimate interest also lies in the processing of personal data in accordance with GDPR Article 6(1)(f).
Duration of storage; possibility of objection and elimination
Cookies are stored on the user’s computer and then transmitted to our website. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, however, it may no longer be possible to use all functions of the website to their full extent.
Contact form and e-mail contact
On our website, there are contact forms that can be used for initiating electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:
- E-mail address of the user
- Web address of the user (only in the supplier contact form)
At the time the message is sent, the following data are also stored:
- IP address of the user
- Date and time of registration
For the processing of the data, reference is made to this data protection policy as part of the sending process.
Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data that were transmitted by e-mail will be stored. In this context, the data will not be passed on to third parties. The data are used exclusively for processing the conversation.
Legal basis for data processing
The legal basis for the processing of data is GDPR Article 6(1)(a) if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is GDPR Article 6(1)(f). If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is GDPR Article 6(1)(b).
Purpose of data processing
The processing of the personal data from the input mask serves us only to initiate the contact. In the case of contact via e-mail, this is also the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage
The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data obtained from the input mask of the contact form and those sent by e-mail, this is the case when the corresponding conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the facts in question have been finally clarified.
The additional personal data collected during the sending process will be erased after a period of seven days at the latest.
Possibility of objection and elimination
The user has the possibility of revoking his consent to the processing of personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any stage. In such a case, the conversation cannot be continued.
Please send an e-mail to us at datenschutz@zenolicht.de
All personal data stored in the course of contacting us will be erased immediately in this case.
Payment services
On our website, we offer payment via PayPal, amongst others. The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg.
If you choose to pay via PayPal, the payment details you enter will be sent to PayPal.
Your data will be transmitted to PayPal on the basis of GDPR Article 6(1)(a) and GDPR Article 6(1)(b). You have the possibility of revoking your consent to data processing at any time. Revocation has no effect on the effectiveness of data processing operations that have taken place in the past.
Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights towards the data controller and you can request confirmation from the controller as to whether personal data concerning you are processed by us.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate guarantees pursuant to GDPR Article 46 in connection with the transmission of data.
Right to rectification
You have a right to rectification and/or completion towards the data controller if the personal data processed concerning you are incorrect or incomplete. The controller must make the correction without undue delay.
Right to restriction of processing
If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent, or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been obtained according to the above conditions, you will be informed by the controller before the restriction of processing is lifted.
Right to erasure
You may request the data controller to erase the personal data relating to you without delay, and the data controller is obliged to erase these data without undue delay.
The right to erasure does not apply to the extent that processing is necessary
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
- for the establishment, exercise or defense of legal claims.
Right to notification
If you have exercised your right of rectification, cancellation or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you, such as your shoe size, have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about such recipients by the controller.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format. In addition, you have the right to pass those data on to another controller without obstruction by the controller to whom the personal data were provided, where
- the processing is based on consent pursuant to GDPR Article 6(1)(a) or GDPR Article 9(2)(a) or on a contract pursuant to GDPR Article 6(1)(b); and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one data controller to another, insofar as this is technically feasible. A requirement is that this does not adversely affect the freedoms and rights of other persons.
The right to data portability do not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you on the basis of point (e) or (f) of GDPR Article 6(1).
Please send an e-mail to us at datenschutz@zenolicht.de
The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to GDPR Article 78.
Bremen, 25 May 2018