Name and address of the person responsible
The person responsible within the meaning of the EU General Data Protection Regulation and other data protection regulations is:
Breitenfelder Str. 12
We respect your data
We are pleased that you are interested in our website. The trust of all visitors and customers, the security of your data and the protection of your privacy are of central importance to us. Your personal data will therefore be treated by us in accordance with the applicable statutory data protection regulations and this data protection declaration. Personal data is information that can be used to determine your identity, such as your real name, address or telephone number.
If you view and use our site without registering or otherwise expressly providing us with information, we process the data that is sent to us with each request from your browser (see log data). If you expressly send us personal data, this is done exclusively for the purpose of the inquiry or the respective order. We would like to point out that data transmission on the Internet can never be completely protected against access by third parties.
In the following we would like to explain to you in more detail which data we process when and for what purpose. It explains how the services we offer work and how the protection of your personal data is guaranteed.
Legal basis for processing personal data
If we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) GDPR serves as the legal basis.
Article 6(1)(b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures. If processing of personal data is required to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 Letter d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for data processing.
Data Erasure and Storage Duration
The personal data of the person concerned will be deleted as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by European or national laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the regulations mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
The automatic collection and storage of log data by the provider of the Internet service (provider) takes place because the processing of this data is technically necessary to display our website to you and to ensure stability and security. The log data includes the following information:
- Date and time of the respective request
- Internet address (URL) that was requested
- URL that the visitor visited immediately before
- Browser and language used
- perating system used and its interface
- Visitor's IP address and hostname
- Access status / http status code
- Amount of data transferred in each case
This data is transmitted to us automatically and cannot be assigned to you personally with a reasonable effort. The legal basis for the processing of this data is our legitimate interest in accordance with Art. 6 Paragraph 1 Sentence 1 lit. f GDPR, because this data processing is necessary for the operation and display of the website. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your end device and that store certain information for exchange with our system. The legal basis for the processing of this data is Article 6 Paragraph 1 Clause 1 Letter f GDPR. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (transient cookies). These include in particular session cookies. These store a unique identifier (session ID). This session ID can be used to assign various requests from your browser to a common session. This allows your end device to be recognized when returning to our website during a session. Session cookies are also deleted when you log out.
Other cookies remain on your end device for a specified period of time and enable us to recognize your browser or end device on your next visit (persistent cookies).
Please note that certain cookies are set as soon as you enter our website. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases, in particular cookies from third parties (third party cookies) or in general. If you do not accept cookies, the functionality of our website may be restricted for you.
Configuration of cookie settings in the browser
You have the option of preventing cookies from being saved on your computer by making the appropriate browser settings. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:
Internet Explorer™: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Article 6 (1) (b) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been finally processed, this is the case if it can be inferred from the circumstances
Basic information on handling personal data
SIn principle, you can visit our website without us collecting any personal data from you. Personal data is only collected if you provide it to us to execute a contract, open a customer account or contact us. Without your express consent, this data will only be used to process the contract and to process your inquiries. After the contract has been completed, your data will be stored with regard to the retention periods under tax and commercial law, but will be blocked for other purposes and deleted after these periods have expired, unless you have expressly consented to the further use of your data.
Encryption by SSL
For security reasons, our website uses SSL encryption (Secure Sockets Layer). This protects transmitted data and cannot be read by third parties. You can recognize successful encryption by the fact that the protocol designation in the browser's status bar changes from "http://" to "https://" and that a closed padlock symbol is visible there.
Who receives your data?
Within the company
Within the company, only those people/departments who need your data to protect our legitimate interests or to fulfill our contractual and legal obligations have access to it.
Outside the company
In principle, we guarantee that the data is transmitted in accordance with the data protection requirements and that your personal data is protected. We ensure that only third parties have access to personal data that is necessary for the performance of individual tasks. Under no circumstances do we sell your personal data to third parties.
In order to fulfill our contractual obligations, we work together with other companies. These include:
- Logistics service provider: Names, contact and address information as well as information about the ordered products and payment method are transferred to handle the delivery of the ordered goods and to handle returns.
- Payment service provider: In order to check and determine the payment options offered and to process the payment, personal information is transmitted as part of the implementation of the contractual obligations. In this context, Eheizung24 GmbH works with the following payment service providers: PayPal
As part of the cooperation with PayPal, PayPal (Europe) S.à.rl et Cie; SCA; 22-24 Boulevard Royal; L-2449 Luxembourg, this is not an order processing relationship, as PayPal is not a data processor for merchants. PayPal only processes the personal data received from the buyer to process the payment, always on the buyer's instructions, i.e. not on behalf of the dealer (Eheizung24 GmbH).
If you choose the PayPal payment method, the following personal data will be collected from you:
- Registration and Usage Information
- Information about transactions and experiences
- Personal Data of Transaction Participants
- Personal data about friends and contacts
WeYou can find more information about how PayPal processes your personal data at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
External web hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the host's servers. This can primarily be IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para 1 lit. f GDPR). Our hoster will only process your data to the extent that this is necessary to fulfill his performance obligations and will follow our instructions in relation to this data.
Conclusion of a contract for order processing
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.
Web analytics services
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server in the USA and stored there. This website uses Google Analytics exclusively with the "_anonymizeIp()" extension, which ensures that the IP address is anonymized by shortening it and excludes direct personal reference. As a result of the extension, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. In these exceptional cases, this processing takes place in accordance with Article 6 Paragraph 1 Letter b GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plugin or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent future detection by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain, delete your cookies in this browser, you must click this link again): Disable Google Analytics Google LLC, based in the USA, is certified for the US-European data protection agreement "Privacy Shield", which the Compliance with the data protection level applicable in the EU is guaranteed. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. In your customer account under "My data", "Personal Data" disable cross-device analysis of your usage. You can find more information on how Google Analytics handles user data in the Google data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de
It is pointed out that this website uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed further in abbreviated form in order to rule out direct personal reference.
Our website uses Google Conversion Tracking. If you have reached our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad served by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. This means that cookies cannot be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to To create conversion statistics for ads customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified
If you do not wish to participate in the tracking, you can reject the setting of a cookie required for this - for example by means of a browser setting that generally deactivates the automatic setting of cookies or set your browser so that cookies from the "googleleadservices.com" domain are blocked. Please note that you may not delete the opt-out cookies as long as you do not want measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
Facebook Conversion Tracking, the so-called "Facebook Pixel" of the social network Facebook, is used on our website for the purpose of analyzing and optimizing our website. The provider of these services is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If you are based in the EU, the provider of the services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”).
By using the Facebook pixel, Facebook is able to identify and determine visitors to our website as a potential target group for the display of ads (so-called “Facebook ads”). So we use the Facebook pixel to only display the Facebook ads we have placed to those Facebook users who have also shown an interest in our website or who have certain characteristics (interests that are determined based on websites visited, etc.). By using the Facebook pixel, we want to ensure that our Facebook ads correspond to the potential interest of the visitor and are not perceived as a nuisance. By using the Facebook pixel, we can understand the effectiveness of the Facebook ads statistically and for market research purposes. We analyze whether visitors are redirected to our website after clicking on a Facebook ad, i.e. whether a so-called "conversion" takes place. General information on how Facebook processes data can be found here: https://www.facebook.com/policy.php
Further information and details on the Facebook pixel can be found here: https://www.facebook.com/business/help/651294705016616
Facebook is certified under the Privacy Shield and thus offers a guarantee of compliance with European data protection standards (https://www.facebook.com/about/privacyshield). You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. In order to set which types of advertisements are displayed to you within Facebook, you can call up the page set up by Facebook and follow the instructions for setting usage-based advertising there: https://www.facebook.com/ds/preferences/?entry_product=ad_settings_screen&expand_ad_settings=1
The settings are platform-independent, ie they are adopted for all devices, such as desktop computers or mobile devices. We use our Pixelmate plugin. You can object to the use of the Facebook pixel if you opt out when you visit the website. The legal basis for this processing of the data is our legitimate interest in accordance with Article 6 Paragraph 1 lit..
System and information security
We secure our website and our other systems through technical and organizational measures against loss, destruction, access, modification or distribution of the stored data by unauthorized persons. However, despite controls, complete protection against all hazards is not possible. Simply because of the connection to the Internet and the resulting technical possibilities, no guarantee can be given that the content and the flow of information will not be viewed and recorded by third parties.
You have a right to free information about the data we have stored about you and, if necessary, a right to correction, restriction of processing or deletion of this data. You also have the right to data portability. Please contact us using the following email address: firstname.lastname@example.org. Finally, you also have the right to complain to the data protection supervisory authority about the processing of your personal data by us.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. An informal message by e-mail to email@example.com is sufficient. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION ACCORDING TO ART. 21 (2) GDPR).
Right of appeal to the competent supervisory authority
In the case of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done to the extent that it is technically feasible.
Last Update: May 2021"