This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions, and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). With regard to the terms used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (DSGVO).
Kimberly Kurz
Louise P. Schroeter Golfaccessoires
Josef-Führer-Str. 41
80997 München
Deutschland
kurz@golfschroeter.de
Inhaber: Kimberly Kurz
http://golfschroeter.com/impressum.php
Types of processed data:
Terms used
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal basesIn accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing. Unless the legal basis is mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art. 7 DSGVO, the legal basis for processing for the performance of our services and the execution of contractual measures as well as for responding to inquiries is Art. 6 (1) lit. b DSGVO, the legal basis for processing to comply with our legal obligations is Art. 6 (1) lit. c DSGVO, and the legal basis for processing to safeguard our legitimate interests is Art. 6 (1) lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d DSGVO serves as the legal basis.
Security measuresIn accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood and severity of the risk for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data as well as access, input, disclosure, availability, and separation. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, deletion of data, and response to data breaches. We also consider the protection of personal data in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Art. 25 DSGVO).
Cooperation with processors and third partiesIf, as part of our processing, we disclose data to other individuals and companies (processors or third parties), transmit them to them, or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as payment service providers, pursuant to Art. 6 (1) lit. b DSGVO is necessary for contract fulfillment), you have consented to it, a legal obligation provides for it, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
If we engage third parties to process data based on a so-called "data processing agreement," we do so on the basis of Art. 28 of the DSGVO.
Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or this happens as part of the use of third-party services or disclosure or transfer of data to third parties, this only happens if it is necessary to fulfill our contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. of the DSGVO are met. This means, for example, that processing is based on special guarantees, such as the officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the USA through the "Privacy Shield"), or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects
You have the right to request confirmation as to whether the data concerned are being processed and to receive information about this data as well as further information and a copy of the data in accordance with Art. 15 of the DSGVO.
You have the right under Art. 16 of the DSGVO to request the completion of incomplete personal data concerning you or the correction of inaccurate personal data concerning you.
According to Art. 17 DSGVO, you have the right to demand that relevant data be deleted immediately, or alternatively, according to Art. 18 DSGVO, to request a restriction of the processing of the data.
According to Art. 20 DSGVO, you have the right to receive the data concerning you that you have provided to us and to request its transmission to other responsible parties.
Furthermore, according to Art. 77 DSGVO, you have the right to lodge a complaint with the competent supervisory authority.
Right of Withdrawal
You have the right to revoke granted consent pursuant to Art. 7 (3) DSGVO with effect for the future.
Right to Object
You may object at any time to the future processing of data concerning you pursuant to Art. 21 DSGVO. Objection may in particular be made against processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
As "cookies" are referred to small files that are stored on users' computers. Different information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or even after their visit within an online offering. Cookies that are deleted after a user leaves an online offering and closes their browser are referred to as temporary cookies, or "session cookies" or "transient cookies." Such a cookie can store, for example, the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent." For example, the login status can be stored if users visit it after several days. The interests of the users can also be stored in such a cookie and used for reach measurement or marketing purposes. Cookies offered by other providers than the controller who operates the online offering are referred to as "third-party cookies" (otherwise, if they are only the controller's cookies, they are referred to as "first-party cookies").
We may use temporary and permanent cookies and inform about this in our privacy policy.
If users do not want cookies to be stored on their computer, they are requested to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies may result in functional limitations of this online service.
A general objection to the use of cookies for online marketing purposes, especially in the case of tracking, can be made through the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that this may prevent certain features of this online service from being used.
Deletion of Data
The data processed by us will be deleted or restricted in processing according to Articles 17 and 18 of the DSGVO. Unless expressly stated in this privacy policy, the data stored with us will be deleted as soon as it is no longer necessary for its intended purpose and there are no legal retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.
According to legal requirements in Germany, data must be stored in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.) and for 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters).
According to legal requirements in Austria, storage is carried out for 7 years in particular according to § 132 para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business documents, income and expenditure statements, etc.), for 22 years in connection with real estate, and for 10 years in relation to electronically provided services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.
Business-related processingIn addition, we process
Order processing in the online shop and customer accountWe process the data of our customers as part of the order process in our online shop in order to enable them to select and order the chosen products and services, as well as to pay for and deliver or execute them.
The processed data includes inventory data, communication data, contract data, payment data, and the persons affected by the processing include our customers, prospects and other business partners. The processing is carried out for the purpose of providing contractual services within the framework of operating an online shop, billing, delivery and customer service. Here, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
The processed data includes inventory data, communication data, contract data, payment data, and the persons affected by the processing are our customers, prospective customers, and other business partners. The processing is carried out for the purpose of providing contract services in the context of operating an online shop, billing, delivery, and customer services. In this process, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
The processing is carried out on the basis of Art. 6 para. 1 lit. b (performance of order processing) and c (legally required archiving) of the GDPR. The information marked as required is necessary for the establishment and fulfillment of the contract. We only disclose the data to third parties in the context of delivery, payment, or within the scope of legal permissions and obligations to legal advisors and authorities. The data will only be processed in third countries if this is necessary for the fulfillment of the contract (e.g. at the request of the customer for delivery or payment).
Users can optionally create a user account, where they can view their orders. As part of the registration, users will be informed about the necessary mandatory information. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data related to the user account will be deleted, subject to the retention period required for commercial or tax reasons in accordance with Art. 6 para. 1 lit. c DSGVO. Information in the customer account will remain until it is deleted, followed by archiving in the event of a legal obligation. It is up to the users to secure their data before the end of the contract in the event of termination.
As part of the registration, re-registration, and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the users' interest in protection against misuse and other unauthorized use. In principle, we do not pass on this data to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c DSGVO.
The deletion takes place after the expiration of statutory warranty and similar obligations; the necessity of data retention is reviewed every three years. In the case of legal archiving obligations, deletion occurs after their expiration (end of commercial (6 years) and tax (10 years) retention obligations).
External payment service providers: We use external payment service providers through whose platforms users and we can conduct payment transactions (e.g., with links to the privacy policy, Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)).
In fulfilling contracts, we use payment service providers based on Art. 6 para. 1 lit. b. DSGVO. Otherwise, we use external payment service providers based on our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO in order to provide our users with effective and secure payment options.
The data processed by the payment service providers include inventory data such as name and address, bank data such as account or credit card numbers, passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. The information is necessary to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. In other words, we do not receive any account or credit card-related information, but only information confirming or denying the payment. Under certain circumstances, the data may be transmitted to credit reporting agencies by the payment service providers. This transmission serves the purpose of identity and credit checks. We refer to the terms and privacy policies of the payment service providers for further information.
For payment transactions, the terms and conditions and privacy policies of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and to exercise withdrawal, information, and other data subject rights.
Administration, financial accounting, office organization, contact management: We process data in the context of administrative tasks as well as organization of our business, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, prospective customers, business partners, and website visitors are affected by the processing. The purpose and our interest in processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks, and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided in connection with these processing activities.
We disclose or transmit data to the tax authorities, consultants such as tax consultants or auditors, as well as other fee agencies and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, organizers, and other business partners, for example, for later contact. We generally store these mostly company-related data permanently.
ContactWhen contacting us (e.g. via contact form, email, telephone, or via social media), the user's details are processed in accordance with Art. 6 Para. 1 lit. b. (in the context of contractual/pre-contractual relationships), Art. 6 Para. 1 lit. f. (other inquiries) DSGVO for the purpose of processing the contact request and its handling. The users' information may be stored in a customer relationship management system ("CRM system") or a comparable request organization.
We delete the requests if they are no longer necessary. We review the necessity every two years. Furthermore, the statutory retention obligations apply.
NewsletterWith the following information, we inform you about the contents of our newsletter as well as the registration, dispatch, and statistical evaluation procedures and your right of objection. By subscribing to our newsletter, you declare that you agree to receive the newsletter and the described procedures.
Content of the newsletter: We only send newsletters, emails, and other electronic notifications containing advertising information ("newsletter") with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described as part of registration for the newsletter, they are decisive for users' consent. Otherwise, our newsletters contain information about our services and us.
Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent someone from registering with someone else's email address. The newsletter registrations are logged to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.
Registration data: To register for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for personal address in the newsletter.
The dispatch of the newsletter and the associated measurement of success are based on the consent of the recipients according to Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 no. 3 UWG, or if consent is not required, on the basis of our legitimate interests in direct marketing according to Art. 6 para. 1 lit. f DSGVO in conjunction with § 7 para. 3 UWG.
The logging of the registration process is based on our legitimate interests according to Art. 6 para. 1 lit. f DSGVO. Our interest lies in the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users, and also allows us to provide proof of consent.
Termination/Revocation - You can unsubscribe from our newsletter at any time, i.e. revoke your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to provide proof of previously given consent. The processing of this data is limited to the purpose of defending against any claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed.
Hosting and email delivery - The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services, which we use for the operation of this online offer.
In this context, we or our hosting provider process master data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer based on our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of a data processing agreement).
Erstellt mit Datenschutz-Generator.de von RA Dr. Thomas Schwenke
