Privacy statement

Controller within the meaning of Article 4 of the General Data Protection Regulation (GDPR) 

C. Disselkamp Schlafraumsysteme GmbH

Frau Dr. Christine Disselkamp, Herr Claus Disselkamp

Dieselstraße 41-47

33442 Herzebrock-Clarholz - Germany

Phone: (0 52 45) 44 09 0

Fax: (0 52 45) 44 09 40

E-Mail: info-at-disselkamp.de

Data Protection Officer

HMC.services UG (haftungsbeschränkt)

Contact: datenschutz@disselkamp.de

Scope of application

This privacy statement will advise you of the nature, scope and purpose of the processing of your personal data carried out by C. Disselkamp Schlafraumsysteme GmbH.

As of May 25, 2018, the legal basis for data protection is set out in the General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), and the current German Telemedia Act (Telemediengesetz – TMG).

Definitions

What are personal data?

'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What is processing of personal data?

'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

What is profiling?

'Profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

What is pseudonymization?

'Pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Who is the controller?

'Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Who is a third party?

'Third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

What is a consent?

'Consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

What data is collected?

When you access our website/home page, information is automatically collected by us or our service provider. This information only pertains to data stored in server logs or log files that cannot identify you as an individual, as it does not contain any personal information related to you.

The following data may be collected when visiting our website: 

The version of web browser you are using, your operating system, the domain name of your Internet provider, the name of the website, the files, the date and the amount of any data uploaded or downloaded, the web browser, the IP address and the referrer URL (i.e. the website from which you were transferred to our website).

It is necessary to collect this data or information to make it technically feasible to display the contents of our website to you. We use the anonymous information provided to us to improve our website’s user-friendliness. If there is a reason to suspect that our online offer is being used for illegal purposes, we reserve the right to inspect the log files retrospectively.

These purposes thus also represent our legitimate interest in data processing on the basis of Art. 6 (1) (f) of the GDPR.

This data is likewise stored in the log files on our system; however, it is not stored together with other personal user data. 

Data is deleted as soon as it is no longer needed for the purpose for which it was collected. Where data is collected for the provision of the website, it is deleted when the respective session has ended. The legal basis for the temporary storage of data is Art. 6 (1) (f) of the GDPR.

If data is stored in log files, it is deleted after seven days at the latest. Data may be stored for longer, but in this case, the users’ IP addresses are deleted or anonymized so they can no longer be allocated to the requesting client.

Because the collection of the aforementioned data is essential for the provision of our website, and the temporary storage of data in log files is likewise necessary for the operation of our website, there is no option to opt out of data processing as described. 

How is personal data handled?

Typical personal data includes your first name or last name, your telephone number or address, as well as information such as your personal interests gleaned from the websites you visited. 

We only collect, use and process this data when it is explicitly and expressly permitted by law or you have given your verifiable prior consent to processing your personal data.

We take state-of-the-art organizational, contractual and technical security measures to ensure compliance with the provisions of data protection laws and to protect data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. 

One of the security measures we use in particular is the encrypted transfer of data between your browser and our server.

Use of contact forms on our website

Your personal data is collected when you enter your contact details in the contact form on our website to receive personalized information. We require your last name, email address and your reason for contacting us in order to process your request. You may also voluntarily provide your postal address. 

The following data is also stored in the background:

  • Your IP address 
  • Date and time of the query

Alternatively, you can contact us using the email addresses we have provided. In this case, the personal data transferred with the email is stored. 

Your data is not passed on to third parties. Please use the contact details listed in this privacy statement for inquiries pertaining to the storage, rectification and erasure of your personal data.

Provided you have given your consent, the legal basis for processing this data is Art. 6 (1) (a) of the GDPR.

The legal basis for processing data transmitted via email is Art. 6 (1) (f) of the GDPR. Where your email contains the intention of entering into a contract, this is a further legal basis for processing pursuant to Art. 6 (1) (b) of the GDPR.

We use the personal data you provide in the contact form exclusively to process your inquiry. Where contact is made by email, we have a necessary, legitimate interest in data processing.

Any other personal data that is processed when you send us your inquiry is used to prevent abuse of the contact form and to protect the security of our IT systems.

Your data is deleted as soon as it is no longer needed for the purpose for which it was collected. The personal data collected from the contact form and that which was sent to us by email is deleted when correspondence with you has come to an end.  Correspondence has come to an end when the circumstances indicate that the relevant matter has been dealt with definitively. 

The data collected in the contact form may also be subject to statutory retention periods and will thus be deleted from our systems at the latest following the expiry of these periods. 

Any additional personal data collected when sending your inquiry is deleted at the latest following a period of seven days.

On request, we would be happy to advise you about your personal data we have stored and, if you so desire, we will erase or correct this data, provided that there are no statutory retention periods that would prevent erasure. However, we would like to point out that if you request this, correspondence with you may not be continued.

Server log files

Our website provider also automatically collects and stores information in server log files, which your browser automatically transmits to us. These include:

• Browser type and version

• User’s operating system

• Referrer URL

• Hostname of the accessing computer

• Time of the server request

• IP address

This data is not merged with data obtained from other sources.

The legal basis for data processing is Art. 6 (1) (f) of the GDPR, which allows for data processing for the performance of a contract or to take steps prior to entering into a contract.

Use of the retailer search functionality on our website

When you enter the zip code and country of your search area in the search form on our website to receive information about furniture stores in your area that work with us, this data is collected. This data is not passed on to third parties. The following data is also collected when searching for retailers:

  • Your IP address
  • Date and time of the request

During the request process, you will be asked to provide consent to processing this data. 

Provided you have given your consent, the legal basis for processing this data is Art. 6 (1) (a) of the GDPR. 

The data is deleted as soon as it is no longer needed for the purpose for which it was collected.

Use of the retailer login on our website

We offer you as a user the option of tracking the current delivery status of your order by providing your customer number and order confirmation number. The data is entered in an input screen and transmitted to us and stored. The following data is collected during the registration process:

At the time of the request, the following data is also stored:

  • Your IP address
  • The date and time of the registration

During the request process, you will be asked to provide consent to processing this data.

Provided you have given your consent, the legal basis for processing this data is Art. 6 (1) (a) of the GDPR. Where registration entails the performance of a contract to which you are a contracting party, or in order to take steps prior to entering a contract, there is an additional legal basis for processing pursuant to Art. 6 (1) (b) of the GDPR.

The data is deleted as soon as it is no longer needed for the purpose for which it was collected.

The data collected during the request process to perform a contract or to take steps prior to entering into a contract is deleted when the data is no longer needed to perform the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contracting party in order to fulfill contractual or statutory obligations.

As a user, you have the option of canceling your request at any time. You may also revise the stored data about you at any time by contacting us via the contact options provided. If the data is required for the performance of a contract or to take steps prior to entering into a contract, data may only be deleted prematurely in the absence of contractual or statutory obligations to the contrary.

Integration of services and content from third parties

Some of the content and services on our website are provided by third-party providers, including maps provided by Google Maps or graphics and pictures from other websites. Your IP address must be transmitted for your browser to display this content. The third-party providers we use may therefore be aware of your IP address. 

Although we endeavor only to use third-party providers who use the IP address solely for the delivery of the respective content, unfortunately we have no influence over whether your IP address is stored with a third-party provider. If we become aware that a third-party provider of ours stores your IP address, we will inform you of this in this privacy statement. 

Google Maps

Google Maps API, a map service of Google Inc. (Google), is used on our website to display an interactive map as part of our contact information and when conducting a retailer search. By using Google Maps, information about your use of this website (including your IP address) may be transmitted to and stored on a Google server in the United States.

Google may transfer the information obtained by Google Maps to third parties if this is required by law or if third parties process this data on Google’s behalf.

It is understood that Google does not associate your IP address with other data it holds. Nevertheless, it would be technically feasible for Google at least to identify individual users based on the data received. Google could also process your personal data and personality profile from the website for other purposes over which we have no influence, nor can we exert any influence.

You can deactivate the service provided by Google Maps and therefore prevent the data transmission to Google by deactivating JavaScript in your browser. However, we would like to point out that if you do so, the map will not be displayed.

You can find more information on the terms of service for Google Maps at https://maps.google.com/help/terms_maps.html

Cookies

We use cookies on our website. These are small text files that are stored on your terminal device that contain information on your browser, your IP address, the Internet connection and your operating system. We will not pass this information to third parties or associate it with personal data without your consent.

These cookies are used to present the information and offers on our website in a more user-friendly manner to make your user experience of our website as convenient as possible. 

We use cookies to make our website more user-friendly. Some elements on our website require that the requesting browser be identifiable even after you leave the page.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Items in a shopping cart
  • Login information

We also use cookies on our website to analyze the user’s surfing behavior. For this we use the analyzing tool Silktide (Silktide Ltd., Brunel Parkway, Pride Park, Derby – Great Britain).

The following data may be transmitted using cookies:

  • Entered search terms
  • Frequency of site visits
  • Retention period on our website
  • Use of website functionality

The legal basis for processing personal data when using cookies is Art. 6 (1) (f) of the GDPR.

The purpose of using technically necessary cookies is to make it easier for users to use websites. Some of the functionality of our website cannot be offered without using cookies. To enable this functionality, the browser must be able to be identified even after leaving the page.

The user data collected using cookies that are technically necessary is not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its contents. Analysis cookies enable us to learn how the website is used and thus to continuously optimize our offer.

These purposes thus also represent our legitimate interest in data processing on the basis of Art. 6 (1) (f) of the GDPR. 

You can prevent the use of cookies by our website at any time by disabling them in the web browser you use, thereby opting out of the use of cookies indefinitely. Cookies that have already been stored can be deleted through your web browser or other software programs (e.g. anti-virus software). However, we would like to point out that if you disable the cookie functionality, you may not be able to use of the full scope of the functionality on our website. 

You can find more information on the terms of dataprotection of Silktide at:

https://silktide.com/privacy-policy/

Legal basis for data processing

Consent to data processing

If you have given your consent, processing your personal data is carried out on the basis of Art. 6 (1) (a) of the GDPR. 

Necessity of data processing

If processing your personal data is necessary, for example for the performance of a contract with you as contracting party, or for the provision of a service, such as the delivery of goods to your address, then processing your personal data is based on Art. 6 (1) (b) of the GDPR. If processing is necessary to take steps prior to entering into a contract, such as to address inquiries about our products, Art. 6 (1) (b) of the GDPR also applies.

Compliance with legal obligations

Where processing personal data is necessary for compliance with a legal obligation, such as to comply with tax obligations, processing is carried out on the basis of Art. 6 (1) (c) of the GDPR. 

Protecting vital interests

Where processing your personal data is necessary to protect your vital interests, processing is based on Art. 6 (1) (d) of the GDPR. 

Legitimate interest

If none of the aforementioned bases for processing are applicable to processing your personal data, processing on the basis of Article 6 (1) (f) of the GDPR may be possible. If our company has a legitimate interest in processing your data and this interest has been weighed carefully against your legitimate interest, your data may also be processed on this basis (Recital 47 Sentence 2 of the GDPR). 

Data minimization

We will store your personal data only for as long as necessary or prescribed by law in accordance with the principles of data avoidance and data minimization (retention and storage periods). If the purpose for collecting the information no longer applies or if the storage period expires, we block or erase your data.

Your rights to information, correction, blocking, erasure and objection

On request, you have the right free of charge to obtain information about your personal data we have stored and/or to request this data be corrected, blocked or erased. Exceptions: Data is stored specifically for business transactions or the data is subject to the statutory retention obligation.

In these cases, please contact our Data Protection Officer using the contact options provided in this privacy statement.

Right to information

If your personal data is processed, you can request information on the following:

(1) The purposes for which personal data is processed;

(2) The categories of personal data being processed;

(3) The recipient or the categories of recipients to whom personal data concerning you has been disclosed or will be disclosed;

(4) The envisaged period for which personal data concerning you will be stored, or if specific information is not available in this regard, the criteria used to determine that period;

(5) The existence of the right to request rectification or erasure of personal data concerning you, to restrict processing of personal data by the controllers, or to object to this processing; 

(6) The right to lodge a complaint with a supervisory authority;

(7) Any available information as to the source of the data, where personal data has not been obtained from the data subject;

(8) The existence of automated decision-making, including profiling pursuant to Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain information as to whether the personal data concerning you is transferred to a third country or an international organization. Where this occurs, you may request to be informed of the appropriate safeguards in place relating to the transfer pursuant to Art. 46 of the GDPR.

Right to rectification or completion

You have the right to rectification and/or completion by us if the personal data concerning you that has been processed is incorrect or incomplete. 

Right to restriction of processing

You may request the restriction of processing personal data concerning you under the following conditions:

(1) If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) Processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

(3) The controller no longer needs the personal data for the purposes of processing, but you require the data for the establishment, exercise or defense of legal claims, or

(4) If you have objected to processing pursuant to Article 21(1) of the GDPR and not yet verified whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, this data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted based on the aforementioned conditions, we will inform you before the restriction of processing is lifted.

Right to erasure

Erasure obligation

You may request that the personal data concerning you is erased without undue delay. We are then obliged to erase this data without undue delay where one of the following grounds applies:

(1) The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which processing is based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR and where there is no other legal grounds for processing. 

(3) You object to processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Art. 21 (2) of the GDPR. 

(4) The personal data concerning you has been unlawfully processed. 

(5) The personal data concerning you must be erased for compliance with a legal obligation in accordance with Union or Member State law to which the controller is subject. 

(6) The personal data concerning you has been collected in relation to the offer of information society services pursuant to Article 8 (1) of the GDPR.

Information to third parties

Where we have made the personal data concerning you public and we are obliged pursuant to Art. 17 (1) of the GDPR to erase it, then, taking into account the available technology and the cost of implementation, we shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure of any links to, or copy or replication of, this personal data by such controllers. 

Exceptions

The right to erasure does not apply to the extent that processing is necessary:

(1) To exercise the right of freedom of expression and information;

(2) For compliance with a legal obligation which requires processing in accordance with Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) For reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) as well as Art. 9 (3) of the GDPR;

(4) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) of the GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing;

(5) For the establishment, exercise or defense of legal claims.

The data must be stored in a lock file for control purposes so that the data can be locked at any time. You can also request that the data be erased, as long as there is no legal archiving obligation. Otherwise, we block your data on request.

Right of notification

If you have exercised your right of rectification, erasure or restriction against us, we are obliged to inform all recipients to whom personal data concerning you has been disclosed of this rectification or erasure of data or restriction of processing unless this proves impossible or involves disproportionate effort.

You have the right to be notified by us about these recipients.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format. You also have the right to have the data transmitted to another controller without hindrance from the controller to which the personal data has been provided, where:

(1) Processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR or on a contract pursuant to Art. 6 (1) (b) of the GDPR, and

(2) Processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of others.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions. 

You have the right to withdraw your privacy consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

Your right to lodge a complaint before a supervisory authority

As the data subject for the purpose of data privacy, you also have the right to lodge a complaint with the competent data privacy supervisory authority. The supervisory authority with which the complaint is lodged shall inform you of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Updates to our privacy statement

We reserve the right to update our privacy statement from time to time to ensure that our privacy statement always complies with current statutory requirements and our scope of services. The current version of the privacy statement is valid at the time you visit our website.

Contact information for the data protection officer

E-Mail: datenschutz@disselkamp.de

 

As of: May 2018