1 GENERAL NOTICE AND MANDATORY INFORMATION
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. In accordance with Art. 13 DSGVO, this data protection declaration informs you which data we process and for what purpose.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) may involve security risks. Complete protection of data against unauthorised access by third parties is not possible.
1.1 Designation of the responsible body
The responsible body for data processing on this website is:
Colour of Stone GmbH
31135 Hildesheim / GERMANY
The responsible body decides alone or jointly with others on the purposes and means of the processing of personal data (e.g. names, contact details or similar).
1.2 Withdrawal of your consent to data processing
Some data processing operations are only possible with your express consent. You can revoke your consent at any time. An informal communication by e-mail is enough for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
1.3 Right to complain to the competent supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority regarding data protection issues is the State Data Protection Commissioner of the federal state in which our company’s registered office is located. The following link provides a list of data protection officers and their contact details:
1.4 Right to data portability
You have the right to have data that we process automatically based on your consent or in fulfilment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
1.5 Right to information, correction, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if applicable, the right to correction, blocking or deletion of this data. In this regard and for further questions about personal data, you can contact us at any time via the contact options listed in the imprint.
2 DATA PROCESSING
2.1 SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.
2.2 Server log files
In server log files, the provider of the website automatically collects and stores information that your browser automatically transmits to us. These are:
– Visited page on our domain
– Date and time of the server request
– Browser type and browser version
– Operating system used
– Referrer URL
– Host name of the accessing computer
This data is not merged with other data sources. The data processing is based on Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.3 Data transmission upon conclusion of a contract for the purchase and shipment of goods
Personal data will only be transmitted to third parties if there is a necessity in the context of the execution of the contract. Third parties can be, for example, payment service providers or logistics companies. No further transmission of data will take place or only if you have expressly consented to this.
The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.4 Registration on this website
You can register on our website to use certain functions. The transmitted data is used exclusively for the purpose of using the respective offer or service. Mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.
In the event of important changes, for example for technical reasons, we will inform you by e-mail. The e-mail will be sent to the address given during registration.
The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a DSGVO). You may revoke your consent at any time. An informal communication by e-mail is enough for the revocation. The legality of the data processing already carried out remains unaffected by the revocation.
We store the data collected during registration for the period that you are registered on our website. Your data will be deleted if you cancel your registration. Legal retention periods remain unaffected.
2.5 What data we collect and store
We collect personal data in order to receive and process your orders and to be able to answer your to be able to answer any questions you may have.
We collect the following data from you:
– First name
– Company name
– Address for delivery and invoice
– Ordered goods
– Indication of which means of payment you use
– Data of the means of payment
– E-mail address
– Telephone number
Furthermore, the respective payment provider (e.g. credit card company) stores information on your means of payment.
Some cookies are “session cookies.” Such cookies are deleted automatically at the end of your browser session. On the other hand, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognise you when you return to our website.
With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when the program is closed. Disabling cookies may result in limited functionality of our website.
The setting of cookies that are necessary to carry out electronic communication processes or the provision of certain functions desired by you (e.g. shopping cart) is based on Art. 6 para. 1 lit. f DSGVO. As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these are dealt with separately in this data protection declaration.
3 THIRD PARTY TOOLS, ANALYSIS AND APPLICATION
Matomo cookies remain on your terminal device until you delete them. The setting of Matomo cookies is based on Art. 6 para. 1 lit. f DSGVO. As the operator of this website, we have a legitimate interest in the anonymised analysis of user behaviour in order to optimise both our website and, where applicable, advertising.
The information stored in the Matomo cookie about the use of this website is not passed on. The setting of cookies by your web browser can be prevented. However, some functions of our website may be restricted as a result.
3.2 Order processing
In order to fully comply with the legal data protection requirements, we have concluded an order processing contract with the internet provider All-inkl.com.
We create a device ID based on your device data, which can be used to recognise your access device (e.g. PC, tablet or laptop) when you visit our website again. We also set a cookie for this purpose (see also below under “Cookies”). The cookie contains the device ID, but no personal usage or transaction data about you. This means that your access device can be recognised without identifying you by name and linking it to your device ID.
4 PAYMENT PROVIDERS
Our website enables payment via PayPal. The payment service provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
When you pay with PayPal, the payment data you enter is transmitted to PayPal.
The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You may revoke your consent at any time. Data processing operations in the past remain effective in the event of a revocation.
Our website enables payment via Klarna. The payment service provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
The transfer of your data to Klarna is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You may revoke your consent at any time. Data processing operations in the past remain effective in the event of a revocation.
Our website enables payment via “Sofortüberweisung.” The provider of the payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich.
With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations.
When paying by “Sofortüberweisung”, your PIN and TAN are transmitted to Sofort GmbH. The payment provider then logs into your online banking account, automatically checks your account balance and makes the transfer. This is followed by an immediate transaction confirmation. Your turnover, the credit limit of your overdraft facility and the existence of other accounts and their balances are also checked automatically after logging in.
In addition to PIN and TAN, the transmission to Sofort GmbH also includes payment data and personal data. Your personal data includes first and last name, address, telephone number(s), e-mail address, IP address and, if necessary, other data required for payment processing. This data transfer is necessary in order to establish your identity beyond doubt and to prevent fraud attempts.
The transmission of your data to Sofort GmbH is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the fulfilment of a contract). You may revoke your consent at any time. Data processing operations in the past remain effective in the event of a revocation.
On this website we offer, among other things, payment with the services of Stripe. The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).
The transmission of your data to Stripe takes place on the basis of Art. 6 (1) lit. b DSGVO (contract processing) as well as on the basis of our legitimate interest in using reliable and secure payment processes (Art. 6 (1) lit. f DSGVO).