Privacy
Privacy policy
The person responsible for data processing is:
Andreas Morgenstern
Mühlbachstr. 20
78351 Bodman-Ludwigshafen
+49 7773 932 910
info@sonnenleder.com
Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data.
1. Access data and hosting.
You can visit our websites without providing any personal information. Each time you access a website, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the access, the amount of data transferred and the requesting provider (access data) and documents the access.
This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. In accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, this serves to protect our legitimate interests in the correct presentation of our offer, which outweigh our interests in the context of a balancing of interests. All access data is deleted at the latest seven days after the end of your visit to the site.
Hosting services by a third-party provider.
As part of processing on our behalf, a third-party provider provides hosting and website display services for us. This serves to protect our legitimate interests in the correct presentation of our offer, which outweigh our interests in the context of a balancing of interests. All data collected in the course of using this website or in forms provided for this purpose in the online shop as described below are processed on its servers. Processing on other servers only takes place within the framework explained here.
This service provider is located within a country of the European Union or the European Economic Area.
2. Data collection and use for contract processing, contacting
We collect personal data if you voluntarily provide it to us in the context of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, as we need the data in these cases to process the contract or to process your contact and you cannot send the order or contact without providing it. Which data is collected can be seen from the respective input forms. We use the data you provide in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for contract processing and processing your enquiries. If you have given your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO by deciding to open a customer account, we will use your data for the purpose of opening a customer account. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.
3. Data transfer
In order to fulfil the contract in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the data protection declaration of the respective payment service provider applies.
The same applies to the transfer of data to our manufacturers or wholesalers in cases where they take over the shipping for us (drop shipment).
4. Email Newsletter
E-mail advertising with newsletter registration
If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO.
Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After you have unsubscribed, we will delete your e-mail address, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration.
The newsletter is sent by a service provider as part of processing on our behalf, to whom we pass on your e-mail address for this purpose.
This service provider is based in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.
5. Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any collected reviews as well as to offer Trusted Shops products to buyers after an order.
This serves to safeguard our overriding legitimate interests in optimal marketing by enabling secure shopping in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of an order processing by a CDN provider (Content Delivery Network). Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on data protection at Trusted Shops GmbH can be found here.
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call, amount of data transferred and the requesting provider (access data) and documents the call. Individual access data is stored in a security database for analysis of security issues. The log files are automatically deleted no later than 90 days after creation.
Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered to use them. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you are already registered as a buyer to use the product is automatically checked using a neutral parameter, the e-mail address hashed using a one-way cryptographic function. Before it is sent, the e-mail address is converted into this hash value, which Trusted Shops cannot decrypt. After checking for a match, the parameter is automatically deleted.
This is necessary for the fulfillment of our and Trusted Shops’ overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services in accordance with Article 6 (1) sentence 1 lit. f GDPR. Further details, including objections, can be found in the Trusted Shops data protection declaration linked above and in the Trustbadge.
6 Cookies and web analysis.
In order to make visiting our website more attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages, insofar as you have given your consent to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO.
Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit (persistent cookies). You can find out how long they are stored in the overview in the cookie settings of your web browser. You can set your browser in such a way that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. Diese finden Sie für die jeweiligen Browser unter den folgenden Links:
Microsoft Edge™: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
Safari™: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome™: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Firefox™ https://support.mozilla.org/de/products/firefox/protect-your-privacy/cookies
Opera™ : https://help.opera.com/de/latest/web-preferences/#cookies
Furthermore, you can withdraw your consent at any time by sending a message to the contact option described in the privacy policy.
Use of Google (Universal) Analytics for web analysis.
Insofar as you have given your consent in accordance with Art. 6 (1) p. 1 lit. a DSGVO, this website uses Google (Universal) Analytics for the purpose of website analysis. The web analytics service is provided by Google Ireland Limited, a company incorporated and operated under the laws of Ireland, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The information automatically collected about your use of this website is generally transferred to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. After the end of the purpose and the end of the use of Google Analytics by us, the data collected in this context will be deleted.
Soweit Informationen auf Server von Google in den USA übertragen und dort gespeichert werden, ist die amerikanische Gesellschaft Google LLC unter dem EU-US-Privacy Shield zertifiziert. Ein aktuelles Zertifikat kann hier eingesehen werden. Aufgrund dieses Abkommens zwischen den USA und der Europäischen Kommission hat letztere für unter dem Privacy Shield zertifizierte Unternehmen ein angemessenes Datenschutzniveau festgestellt.
Sie können Ihre Einwilligung jederzeit mit Wirkung für die Zukunft widerrufen, indem sie das unter dem folgenden Link verfügbare Browser-Plugin herunterladen und installieren: https://tools.google.com/dlpage/gaoptout?hl=de. Hierdurch wird die Erfassung der durch das Cookie erzeugten und auf Ihre Nutzung der Website bezogenen Daten (inkl. Ihrer IP-Adresse) sowie die Verarbeitung dieser Daten durch Google verhindert.
Alternativ zum Browser-Plugin können Sie diesen Link klicken, um die Erfassung durch Google Analytics auf dieser Website zukünftig zu verhindern. Dabei wird ein Opt-Out-Cookie auf Ihrem Endgerät abgelegt. If you delete your cookies, you will be asked again to give your consent.
Google Maps
This website uses Google Maps for the visual representation of geographic information. Google Maps is an offer from Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to protect our overriding legitimate interests in an optimized presentation of our offer and easy accessibility of our locations in accordance with Article 6 (1) (f) GDPR.
When using Google Maps, Google transmits or processes data about the use of the Maps functions by website visitors, which may include in particular the IP address and location data. We have no influence on this data processing.
Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.
In order to deactivate the Google Maps service and thus prevent data transmission to Google, you must deactivate the Java Script function in your browser. In this case, Google Maps cannot be used or can only be used to a limited extent.
Further information about data processing by Google can be found in the data protection information from Google. The terms of use for Google Maps contain detailed information about map service.
The data processing takes place on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR, which you here.
Google reCAPTCHA
For the purpose of protecting our web forms from misuse and spam, we use the Google reCAPTCHA service for some forms on this website. Google reCAPTCHA is an offer from Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). By verifying a manual entry, this service prevents automated software (so-called bots) from performing abusive activities on the website. In accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR, this serves to safeguard our legitimate interests in protecting our website from misuse and in ensuring that our online presence is presented free of disruptions.
Google reCAPTCHA uses a code embedded in the website, a so-called JavaScript, as part of the verification process that enables an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website, including your IP address, is usually transferred to a Google server in the USA and stored there. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA.
A reading or saving of personal data from the input fields of the respective form does not take place.
Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.
You can prevent the data generated by the JavaScript or the cookie and related to your use of the website (including your IP address) being sent to Google and the processing of this data by Google by deactivating the execution in your browser settings prevent JavaScript or the setting of cookies. Please note that this may limit the functionality of our website for your use.
You can find more information about Google’s data protection policy here.
Our online presence on Facebook, Instagram
Our presence on social networks and platforms serves to improve, active communication with our customers and prospects. We provide information there about our products and current special offers.
When you visit our online presence in social media, your data can be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. Cookies are usually used on your end device for this purpose. Visitor behavior and user interests are stored in these cookies. According to Art. 6 (1) lit. f GDPR, this serves to protect our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties. If you are asked by the respective social media platform operators for your consent (consent) to the data processing, e.g. with the help of a checkbox, the legal basis for the data processing is Article 6 Paragraph 1 lit.
Insofar as the aforementioned social media platforms are headquartered in the USA, the following applies: The European Commission has issued an adequacy decision for the USA. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.
For detailed information on the processing and use of the data by the providers on their websites as well as a contact option and your rights in this regard and setting options to protect your privacy, in particular options to object (opt-out), please refer to the providers’ data protection notices linked below. If you still need help in this regard, you can contact us.
Facebook: https://www.facebook.com/about/privacy/</ a>
Data processing takes place on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum</ a>
Instagram: https://help.instagram.com/519522125107875
Possibility of objection (opt-out):
Facebook: https://www.facebook.com/settings?tab=ads
Instagram: https://help.instagram.com/519522125107875
7. Send review reminders by email
Review reminder by Trusted Shops
If you have given us your express consent to this during or after your order in accordance with Article 6 Paragraph 1 Sentence 1 lit. a GDPR, we will transmit your e-mail address to Trusted Shops GmbH, Subbelrather Str (www.trustedshops.de) so that they can send you a rating reminder by email.
This consent can be revoked at any time by sending a message to the contact option described below or directly to Trusted Shops.
8. Contact options and your rights
As a data subject, you have the following rights:
- according to Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent specified there;
- according to Art. 16 GDPR, you have the right to immediately request the correction of incorrect or incomplete personal data stored by us;
- according to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless further processing is required
– to exercise the right to freedom of expression and information;
– to fulfill a legal obligation;
– for reasons of public interest or
– to assert, exercise or defend legal claims
is required; - according to Art. 18 GDPR the right to demand the restriction of the processing of your personal data, insofar as
– the accuracy of the data is disputed by you;
– the processing is unlawful but you oppose its erasure;
– we no longer need the data, but you need them to assert, exercise or defend legal claims or
– You have lodged an objection to the processing in accordance with Art. 21 GDPR; - according to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible;
- according to Art. 77 GDPR the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.
If you have any questions about the collection, processing or use of your personal data, information, correction, restriction or deletion of data, as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details in our imprint.
**************************************** ******************************
Right to object
Insofar as we process personal data as explained above in order to protect our legitimate interests, which prevail in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you can exercise this right at any time as described above. If the processing is for other purposes, you only have the right to object if there are reasons that arise from your particular situation.
After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is necessary for the establishment, exercise or defense of serves legal claims.
This does not apply if the processing is for direct marketing purposes. Then we will no longer process your personal data for this purpose. **************************************** ******************************