Thank you for visiting our website www.tsatsas.com and your interest in our company and our offers. We do not assume any liability for external links to external content, despite careful control of the content, because we did not initiate the transmission of this information, did not select or change the addressee of the transmitted information and did not select or change the transmitted information itself.
The protection of your personal data during the collection, processing and use on the occasion of your visit to our Internet pages is an important concern for us and is carried out within the framework of the legal regulations, about which you can find out more information e.g. at https://www.bfdi.bund.de.
In the following, we explain to you which information we collect during your visit to our website and how this information is used.
1. COLLECTION AND STORAGE OF PERSONAL DATA AND THE NATURE AND PURPOSE OF THEIR USE
A) When visiting the website
Every time a customer (or other visitor) accesses our website, information is automatically sent to the server of our website by the Internet browser used on your terminal device (computer, laptop, tablet, smartphone, etc.). This information is temporarily stored in a so-called log file.
The following data is recorded without your intervention and stored until it is automatically deleted:
— (pseudonymised) IP address of the requesting computer, as well as device ID or individual device identification and device type,
— Name of the retrieved file and transferred data volume, as well as date and time of the retrieval,
— Message about successful retrieval,
— Requesting domain,
— Description of the type of Internet browser used and, if applicable, the operating system of your terminal device and the name of your access provider,
— Your browser history and your standard weblog information,
— Location data, including location data from your mobile device. Please note that on most mobile devices, you can control or disable the use of location services in the mobile device’s settings menu.
— Referrer (previously visited website)
Our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR to collect data is based on the following purposes:
— To ensure a smooth connection and comfortable use of the website,
— Evaluation of system security and stability and
— For other administrative purposes.
Under no circumstances do we use the collected data for drawing conclusions about your person.
B) On conclusion of a contractual relationship
When concluding a contractual relationship on our website when purchasing in our online shop or by registration as a customer, we ask you to provide the following personal data:
— Data that identifies you personally such as name and e-mail address, address, billing and delivery address/ and telephone number,
— Data that identifies your company, such as company name, address, communication data (e-mail address, telephone, fax number), VAT ID or tax number, if applicable,
— The information about your means of payment,
— Other personal data, which we are legally obliged or entitled to collect and process and which we need for your authentication, identification or to check the data we have collected.
The aforementioned data will be processed for handling the contractual relationship and – if necessary – passed on to the transport company commissioned with the delivery. The processing of the data takes place on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR. The storage period is limited to the purpose of the contract and, if applicable, legal and contractual storage obligations.
The personal data collected by us for the order will be blocked for further use after complete processing of the contract. Your data will be stored until the expiry of the statutory warranty period and deleted thereafter, unless we are obliged to store the data for a longer period in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR on the basis of tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to storage beyond this period in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
For the processing of your orders we work with 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, on the basis of an agreement on order processing.
C) Use of payment service providers
To process your order we also work together with the following payment service provider(s). Within the scope of payment processing, we will pass on your order data to the payment service provider selected by you – earmarked for the payment – if this is necessary for payment processing. You can select the following payment service providers for payment with us. The legal basis for the transfer of data is in each case Art. 6 para. 1 sentence 1 lit. b GDPR.
D) When registering for our newsletter
If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to send you our newsletter on a regular basis.
You can unsubscribe at any time, for example by clicking on a link at the end of a newsletter. Alternatively, you can send your unsubscription request at any time to firstname.lastname@example.org by e-mail (preferably with the subject: “Unsubscribe newsletter”).
2. DISCLOSURE OF PERSONAL DATA
Your data will not be transferred to third parties for purposes other than those listed below.
We will only pass on your data to third parties if:
— You have given your explicit consent to do so in accordance with (Art. 6 para. 1 sentence 1 lit. a GDPR),
— This is necessary for the processing of contractual relationships with you (Art. 6 para. 1 sentence 1 lit. b GDPR),
— There is a legal obligation to disclose (Art. 6 para. 1 sentence 1 lit. c GDPR),
— The disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data (Art. 6 para. 1 sentence 1 lit. f GDPR).
In these cases, however, the scope of the transmitted data is limited to the necessary minimum.
Our data protection regulations are in accordance with the applicable data protection regulations and the data is only processed in the Federal Republic of Germany. However, we also work together with third parties who can process the data outside the EU. All third-party providers with whom we work are listed in our data protection declaration.
3. RIGHTS OF DATA SUBJECTS
On request, we will be pleased to inform you whether and which personal data relating to your person are stored (Art. 15 GDPR), in particular about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data if they have not been collected by us, and the existence of automated decision making including profiling.
You also have the right to have any incorrectly collected personal data corrected or incompletely collected data completed (Art. 16 GDPR).
Furthermore, you have the right to demand that we restrict the processing of your data, provided that the legal requirements for this are met (Art. 18 GDPR).
You have the right to receive the personal data concerning you in a structured, common and machine-readable format or to demand that it be transferred to another person responsible for the data (Art. 20 GDPR).
In addition, you have the so-called “right to be forgotten”, i.e. you can demand that we delete your personal data, provided that the legal requirements are met (Art. 17 GDPR).
Irrespective of this, your personal data will be automatically deleted by us if the purpose for which the data was collected ceases to apply or if the data processing is unlawful.
According to Art. 7 para. 3 GDPR, you have the right to revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future.
You also have the right to object to the processing of your personal data at any time, provided that a right of objection is provided for by law. In the event of an effective revocation, your personal data will also be automatically deleted by us (Art. 21 GDPR).
If you wish to exercise your right of revocation or objection, simply send an e-mail to email@example.com.
In the event of infringements of the data protection regulations, you have the opportunity to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR. The competent supervisory authority is both the State Commissioner for Data Protection of Hesse (https://datenschutz.hessen.de/datenschutz/datenschutzbeauftragte) and any other supervisory authority.
4. DURATION OF DATA STORAGE
The data collected will be stored by us for as long as is necessary to execute the contracts entered into with us or if you have not exercised your right to deletion or your right to transfer data to another company.
These cookies are set as so-called first-party cookies (“own cookies”) or third-party cookies (“third-party cookies”). First-party cookies are set by the website you are currently on and are not made available by browsers across domains. A third party cookie, on the other hand, is set by a third party, i.e. not by the actual website you are currently on.
Furthermore, cookies are divided into technically necessary and technically unnecessary cookies. On our website, both technically necessary cookies and technically unnecessary cookies are set in accordance with the following paragraphs.
A) Technically necessary cookies
Technically necessary cookies are absolutely necessary for the operation of our website and lead, for example, to certain functions being made possible for you in the first place. These technically necessary cookies, which are only required and set for the individual necessary online session, are automatically deleted after leaving our website.
The legal basis for the use of these technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR.
B) Technically not necessary cookies
If you have given your consent, we use so-called technically not necessary cookies on our website. The technically not necessary cookies are mainly used to evaluate the use of the website as well as user behaviour, to compile reports on the activities of visitors to the website and to provide further services associated with the use of the website.
Java applets and Java script are used in the provision of our Internet offer. If, for security reasons, you do not wish to use these auxiliary programs or active contents, you should deactivate the corresponding setting in your browser.
6. ONLINE MARKETING-/ ANALYSIS MEASURES
With the statistical recording through online marketing measures, we want to design our website to meet the needs of you, our user, and continually adapt and optimise its use.
The use of the online marketing and tracking measures we use is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
A) Google Analytics
If you have given your consent, this website uses Google Analytics, a web analysis service provided by Google Ireland Limited “Google”. The use includes the operating mode “Universal Analytics”; this makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyse the activities of a user across devices.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide further services to the website operator in connection with website and internet use.
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
The recipient of the collected data is Google. The personal data is transferred to the USA under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission. The certificate can be downloaded here https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
You can revoke your consent at any time with effect for the future by preventing the storage of cookies through a corresponding setting in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent Universal Analytics from collecting data across multiple devices, you must opt-out on all systems in use. If you click here https://tools.google.com/dlpage/gaoptout?hl=en, the opt-out cookie will be set to disable Google Analytics.
For sending a newsletter we use the services of MailChimp, an offer from Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service that can be used to organize and analyse the sending of newsletters, among other things. If you enter data for of subscribing to the newsletter (e.g. e-mail address), this data is stored on the servers of MailChimp in the USA. MailChimp is certified according to the “EU-US-Privacy-Shield”. The “Privacy-Shield” is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA.
With the help of MailChimp we can analyse our newsletter campaigns. When you open an e-mail sent with MailChimp, a file contained in the e-mail (so-called web-beacon) connects to the servers of MailChimp in the USA. This allows us to determine whether a newsletter message has been opened and which links have been clicked on, if any. Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). We cannot assign this information to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns. We can use the results of these analyses to better adapt future newsletters to the interests of the recipients.
If you do not want to receive any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose we provide a link in every newsletter message.
The data processing is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR), which you can revoke at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
We have concluded a so-called “Data-Processing-Agreement” with MailChimp, in which we commit MailChimp to protect the data of our customers and not to pass them on to third parties.
7. 1&1 WEBANALYTICS
8. LINKS TO OUR INTERNET PRESENCE IN SOCIAL NETWORKS
On our website, we have included links to our websites in social networks (Facebook, Instagram and Pinterest). We would like to point out that these are only links that lead to our website in the mentioned networks; they are not so-called plugins with which you could, for example, “share” or “link” information on our website in the networks. As far as we are aware, it is not technically possible for social networks to collect personal data on our website via the mere links. For the purpose and scope of data collection after forwarding, please refer to the data protection information of the respective network.
We would like to point out that data of our website visitors can also be processed outside the area of the European Union. This can result in risks for the users, because the enforcement of the users’ rights could be made more difficult. With regard to US providers certified under the Privacy Shield, we would like to point out that they have undertaken to comply with the data protection standards of the EU.
Furthermore, it is possible that user data may be processed by third parties for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the social networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and interests of the users are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective social network and are logged in to it).
The processing of the users’ personal data is based on our legitimate interests in effective information of the users and communication with the users according to Art. 6 para. 1 sentence 1 lit. f). GDPR. If users are asked by the respective providers to give their consent to data processing (i.e. to give their consent, e.g. by ticking a check box or confirming a button), the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a) GDPR.
For a detailed presentation of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information of the respective providers. Also in the case of requests for information or the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively in the social networks. Only these have access to the data of their users and can take appropriate measures and provide information directly. Should you nevertheless need help, please contact us.
9. DATA SECURITY
We make every effort to take all necessary technical and organisational security measures to store your personal data in such a way that they are not accessible to third parties or the public. Should you wish to contact us by e-mail, we would like to point out that the confidentiality of the information transmitted cannot be completely guaranteed with this method of communication. We therefore recommend that you send us confidential information exclusively by post.
10. TOPICALITY AND AMENDMENT OF THIS DATA PROTECTION DECLARATION
This data protection declaration is currently valid and is dated May 2020.
It may become necessary to amend this data protection declaration as a result of the further development of our website and offers above or due to changes in legal or official requirements. You can access and print out the current data protection declaration at any time on the website at https://www.tsatsas.com/privacy-policy.
11. NAME AND CONTACT DETAILS OF THE DATA CONTROLLER
This privacy information applies to data processing by:
Esther Schulze-Tsatsas and Dimitrios Tsatsas GbR
Last update: 01.05.2020