Privacy policy

Privacy policy

Thank you for your interest in our website. The protection of your privacy when processing personal data and the security of all business data is an important concern for us, which we take into account in our business processes. Here we inform you in detail about how we handle your data.

RESPONSIBLE ACC. ART.4 ABS.7 EU GENERAL DATA PROTECTION REGULATION (GDPR)

Carl Stahl GmbH
Tobelstraße 2
73079 Süßen
Germany
Tel: +49 (0) 7162 / 4007 - 1000
E-Mail: exo@carlstahl.com
Website: store.noonee.com

DATA PROTECTION OFFICER OF THE CONTROLLER

Dr. Ralf W. Schadowski
E-Mail: datenschutz@carlstahl.com
Tel: +49 241 / 44688 25

  • 1 LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

(1) Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

(2) When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

(3) Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

(4) In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

(5) If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

  • 2 DATA DELETION AND STORAGE DURATION

(1) The personal data of the data subject shall be erased or blocked as soon as the purpose of storage ceases to apply.

(2) Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject.

(3) The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

  • 3 INFORMATION ON THE COLLECTION OF PERSONAL DATA

(1) In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

(2) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations.

(3) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.

Collection of personal data when visiting our website
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR):

  • IP address
  • Hostname
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes (referrer)
  • The specific pages you visit on our website
  • Browser: Type, version and set language
  • Operating system: type and version
  • JavaScript is also activated:
    • Screen resolution
    • Color depth
    • Size of the browser window
    • Installed browser plugins

Use of cookies

(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using and through which certain information flows to the place that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.

(2) The cookies are managed by the provider Cookiebot, represented by Usercentrics A/S, Havnegade 39, 1058 Copenhagen.
Privacy policy: https://www.cookiebot.com/de/privacy-policy/

Error: The domain WWW.CARLSTAHL.COM is not authorized to show the cookie declaration for domain group ID bc6df038-bc92-4312-aff2-6bd0c1e9975f. Please add it to the domain group in the Cookiebot Manager to authorize the domain.

  • 4 FURTHER FUNCTIONS AND OFFERS OF OUR WEBSITE

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you must generally provide additional personal data that we use to provide the respective service and to which the aforementioned data processing principles apply. Mandatory information is marked with an asterisk. Information in fields not marked in this way is purely voluntary.

(2) When you contact the service provider by e-mail or via the contact form, your e-mail address and, if you specify this, your name, telephone number, company and address will be stored by us in order to answer your questions.

(3) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

  • 5 RIGHTS OF THE DATA SUBJECT

Below we inform you about your rights as a data subject in accordance with Art. 15 GDPR. You can exercise these rights at any time by contacting us directly. If you assert these rights against us, we will examine them in detail, taking into account the associated legal requirements and conditions. We may request further information from you for this purpose. We will explain the results of our review and our approach to fulfilling your request in detail. It is possible that we will not be able to fully comply with your wishes in the manner you have requested.

This should not prevent you from asserting your rights against us or asking us about them. We will be happy to answer any questions you may have.

(1) Right to information
You have the right to request information from us at any time as to whether and which of your personal data is being processed by us. This also includes information on the purposes of the processing, any recipients to whom we have disclosed your data, the planned storage period and, if applicable, information on the origin of this data if we have not collected it directly from you. In addition, you have the right to a one-off copy of your personal data stored by us free of charge. We reserve the right to charge a reasonable administrative fee for the creation of the following copies.

(2) Right to rectification
You have the right to request that we rectify any inaccurate personal data that we have stored about you. This also includes the right to have incomplete personal data completed.

(3) Right to erasure
You have the right to request that we erase data that we have stored about you. If we have published data about you, this also includes our obligation to forward all links to this data and copies or replications of this data to other controllers responsible for processing this published personal data within
 the framework of the "right to be forgotten" in accordance with Art. 17 para. 2 GDPR, taking into account available technology and implementation costs.

(4) Right to restriction of processing
You have the right to request that we restrict the processing of data that we have stored about you. This data can then only be processed with your consent or for a few legally defined purposes.

(5) Right to object to processing
Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising via the contact channels listed above.

(6) Right to withdraw consent under data protection law
If you have given your consent to the processing of your data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.

(7) Right to data portability
You have the right to receive from us personal data that you have provided to us in a structured, commonly used and machine-readable format for the purpose of transfer to another controller. At your request and taking into account the available technical possibilities, this also includes the direct transfer from us to the other controller.

(8) Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data at any time.

(9) Automated decision-making including profiling
You have the right to obtain information on the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

  • 6 SPECIAL FORMS OF USE OF WEBSITES
  1. Use of the blog functions

(1) In our blog, in which we publish various articles on topics relating to our activities, you can make public comments. Your comment will be published with your specified user name next to the post. We recommend that you use a pseudonym instead of your real name. Your username and e-mail address are required, all other information is voluntary. If you leave a comment, we will continue to store your IP address, which we will delete after one week. This storage is necessary for us to be able to defend ourselves against liability claims in the event of possible publication of unlawful content. We need your e-mail address in order to contact you if a third party objects to your comment as unlawful. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b and f GDPR. Comments are not checked before publication. We reserve the right to delete comments if they are objected to as unlawful by third parties.

  1. Use of our webshop

(1) If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. We process the data you provide to process your order. For this purpose, we may forward your payment data to our house bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.

You can voluntarily create a customer account, which allows us to save your data for future purchases so that you do not have to re-enter your data each time you place an order. When you create an account, the data you provide will be stored on a revocable basis. If you wish to delete your account, please inform us by e-mail at carlstahl@carlstahl.com

We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

(2) Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data will only be used to comply with legal obligations.

(3) To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

  • 7 E-MAIL-BASED INFORMATION SERVICES
  1. Newsletter / Press mailing list

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail.

  • 8 WEB ANALYTICS

The legal basis for the use of all web analysis tools listed in this section is Art. 6 para. 1 sentence 1 lit. f GDPR, i.e. the protection of our legitimate interests in consideration of the interests of our website visitors. We are interested in analyzing the use of our website by our website visitors in order to use the statistics obtained to improve our offer and make it more interesting for you as a user. If the analysis tool used also serves other purposes or we use it for other interests of ours, we will inform you about this directly in the explanations of the respective analysis tool.

  1. Use of Google Analytics

(1) This website uses Google Analytics, a web analysis service of Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the use of cookies about your use of this website is generally transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are further processed in abbreviated form, thus excluding the possibility of personal references. If the data collected about you is personally identifiable, it will be excluded immediately and the personal data will be deleted immediately.

(5) For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001
Terms of use: http://www.google.com/analytics/terms/de.html
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
Privacy policy: http://www.google.de/intl/de/policies/privacy.

  • 9 SOCIAL MEDIA AND OTHER THIRD PARTY SERVICES
  1. Integration of YouTube videos

(1) We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transfer. By integrating YouTube videos, we are pursuing our interest in making our website more interesting and attractive for our visitors and achieving a better presentation of content and facts. The legal basis for the use of the plug-in is Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 5 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

(3) Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

  1. Integration of Google Maps

(1) We use the Google Maps service on this website. In doing so, we are pursuing our interest in increasing the attractiveness of our website by displaying interactive maps directly on our website and enabling you to use the map function conveniently. The legal basis for the use of the plug-in is Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 5 of this declaration will be transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

  1. Integration of Google ReCaptcha

We integrate the function for recognizing bots, e.g. for entries in online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy
Opt-out: https://adssettings.google.com/authenticated

  1. External payment service providers

(1) We use the external payment service providers Mastercard, Visa, Paypal, via whose platforms the users and we can carry out payment transactions.

(2) As part of the fulfillment of contracts, we use payment service providers on the basis of Art. 6 para. 1 lit. b. GDPR. In addition, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR in order to offer our users effective and secure payment options.

(3) The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related data. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment.Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.

(4) Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects.

(5) Addresses of the provider and URL with data protection information:

  1. a) Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium,
    Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html
  2. b) Visa Europe Services LLC, 1 Sheldon Square, London, W2 6WH, United Kingdom,
    Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
  3. c) Paypal S. PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg,
    Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
  1. Integration of other third-party services

(1) We also use offers from Google (fonts) on this website. By using these services, we can offer you a better user experience on our website. This serves our interest in increasing the attractiveness of our website. The legal basis for the use of these offers is Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) By visiting the website, the respective third-party provider receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 5 of this declaration will be transmitted. This occurs regardless of whether this third-party provider provides a user account through which you are logged in or whether no user account exists. If you are logged in with the third-party provider, your data will be assigned directly to your account. If you do not wish to be associated with your profile with the respective third-party provider, you must log out before activating the button. The third-party provider may store your data as a user profile and may use it for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective third-party provider to exercise this right.

(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy:

(4) Addresses of the respective providers and URL with their data protection notices:

  1. a) Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
  • 10 ONLINE ADVERTISING
  1. DoubleClick by Google

(1) This website also uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal information. By using this tool, we pursue the interest of showing you advertising that is of interest to you, increasing the attractiveness of our website for you and achieving a fair calculation of advertising costs. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.

(3) You can prevent participation in this tracking process in various ways:

  1. a) by setting your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive any ads from third-party providers,
  2. b) b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies,
  3. c) by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies,
  4. d) by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this website to their full extent.

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

(4) Further information on DoubleClick by Google can be found at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

  1. Google Tag Manager

(1) This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Google Tool Manager only implements tags. The Tag Manager is a cookie-free domain. This means that no cookies are used and no personal data is collected. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Privacy policy: http://www.google.de/tagmanager/use-policy.html

Last updated: 11 February 2019