1 GENERAL NOTICE AND MANDATORY INFORMATION
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. In accordance with Art. 13 DSGVO, this data protection declaration informs you which data we process and for what purpose.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) may involve security risks. Complete protection of data against unauthorised access by third parties is not possible.
1.1 Designation of the responsible body
The responsible body for data processing on this website is:
Colour of Stone GmbH
31135 Hildesheim / GERMANY
The responsible body decides alone or jointly with others on the purposes and means of the processing of personal data (e.g. names, contact details or similar).
1.2 Withdrawal of your consent to data processing
Some data processing operations are only possible with your express consent. You can revoke your consent at any time. An informal communication by e-mail is enough for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
1.3 Right to complain to the competent supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority regarding data protection issues is the State Data Protection Commissioner of the federal state in which our company’s registered office is located. The following link provides a list of data protection officers and their contact details:
1.4 Right to data portability
You have the right to have data that we process automatically based on your consent or in fulfilment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
1.5 Right to information, correction, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if applicable, the right to correction, blocking or deletion of this data. In this regard and for further questions about personal data, you can contact us at any time via the contact options listed in the imprint.
2 DATA PROCESSING
2.1 SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.
2.2 Server log files
In server log files, the provider of the website automatically collects and stores information that your browser automatically transmits to us. These are:
– Visited page on our domain
– Date and time of the server request
– Browser type and browser version
– Operating system used
– Referrer URL
– Host name of the accessing computer
This data is not merged with other data sources. The data processing is based on Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.3 Data transmission upon conclusion of a contract for the purchase and shipment of goods
Personal data will only be transmitted to third parties if there is a necessity in the context of the execution of the contract. Third parties can be, for example, payment service providers or logistics companies. No further transmission of data will take place or only if you have expressly consented to this.
The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.4 Registration on this website
You can register on our website to use certain functions. The transmitted data is used exclusively for the purpose of using the respective offer or service. Mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.
In the event of important changes, for example for technical reasons, we will inform you by e-mail. The e-mail will be sent to the address given during registration.
The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a DSGVO). You may revoke your consent at any time. An informal communication by e-mail is enough for the revocation. The legality of the data processing already carried out remains unaffected by the revocation.
We store the data collected during registration for the period that you are registered on our website. Your data will be deleted if you cancel your registration. Legal retention periods remain unaffected.
2.5 What data we collect and store
We collect personal data in order to receive and process your orders and to be able to answer your to be able to answer any questions you may have.
We collect the following data from you:
– First name
– Company name
– Address for delivery and invoice
– Ordered goods
– Indication of which means of payment you use
– Data of the means of payment
– E-mail address
– Telephone number
Furthermore, the respective payment provider (e.g. credit card company) stores information on your means of payment.
Some cookies are “session cookies.” Such cookies are deleted automatically at the end of your browser session. On the other hand, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognise you when you return to our website.
With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when the program is closed. Disabling cookies may result in limited functionality of our website.
The setting of cookies that are necessary to carry out electronic communication processes or the provision of certain functions desired by you (e.g. shopping cart) is based on Art. 6 para. 1 lit. f DSGVO. As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these are dealt with separately in this data protection declaration.
3 THIRD PARTY TOOLS, ANALYSIS AND APPLICATION
3.1 Google Analytics
Our website uses functions of the web analysis service Google Analytics. The provider of the web analytics service is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses “cookies.” These are small text files that your web browser stores on your end device and enable an analysis of website usage. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. The server is usually located in the USA.
Google Analytics cookies are set based on Art. 6 Para. 1 lit. f DSGVO. As the operator of this website, we have a legitimate interest in analysing user behaviour in order to optimise our website and, if necessary, our advertising.
3.2 IP anonymisation
We use Google Analytics in conjunction with the IP anonymisation function. It ensures that Google truncates your IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before transmitting it to the USA. There may be exceptional cases where Google transfers the full IP address to a server in the USA and truncates it there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by Google Analytics is not merged with other Google data.
3.3 Browser Plugin
The setting of cookies by your web browser can be prevented. However, some functions of our website may be restricted as a result. You can also prevent the collection of data relating to your website use, including your IP address and subsequent processing by Google. This is possible by downloading and installing the browser plug-in accessible via the following link:https://tools.google.com/dlpage/gaoptout?hl=de.
3.4 Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to our website: Deactivate Google Analytics.
3.5 Order processing
In order to fully comply with the legal data protection requirements, we have concluded an order processing agreement with Google and with the internet provider All-inkl.com.
3.6 Demographic characteristics with Google Analytics
Our website uses the “demographic characteristics” function of Google Analytics. It can be used to create reports that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. It is not possible to assign the data to a specific person. You can deactivate this function at any time. This is possible via the ad settings in your Google account or by generally prohibiting the collection of your data by Google Analytics, as explained in the item “Objection to data collection”.
We create a device ID based on your device data, which can be used to recognise your access device (e.g. PC, tablet or laptop) when you visit our website again. We also set a cookie for this purpose (see also below under “Cookies”). The cookie contains the device ID, but no personal usage or transaction data about you. This means that your access device can be recognised without identifying you by name and linking it to your device ID.
3.8 Google AdWords and Google Conversion Tracking
Our website uses Google AdWords. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
AdWords is an online advertising programme. As part of the online advertising programme, we work with conversion tracking. After a click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your end device. Google AdWords cookies lose their validity after 30 days and are not used to personally identify users. The cookie allows Google and us to recognise that you have clicked on an ad and have been redirected to our website.
Each Google AdWords customer receives a different cookie. The cookies are not traceable through AdWords customers’ websites. Conversion cookies are used to create conversion statistics for AdWords customers who use conversion tracking. AdWords customers learn how many users clicked on their ad and were redirected to pages with a conversion tracking tag. However, AdWords customers do not receive any information that enables personal identification of users. If you do not wish to participate in tracking, you can object to its use. In this case, the conversion cookie must be deactivated in the user settings of the browser. In this way, it will not be included in the conversion tracking statistics.
The storage of “conversion cookies” is based on Art. 6 para. 1 lit. f DSGVO. As the website operator, we have a legitimate interest in analysing user behaviour in order to optimise our website and our advertising.
With a modern web browser, you can monitor, restrict or disable the setting of cookies. Disabling cookies may result in limited functionality of our website.
4 PAYMENT PROVIDERS
Our website enables payment via PayPal. The payment service provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
When you pay with PayPal, the payment data you enter is transmitted to PayPal.
The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You may revoke your consent at any time. Data processing operations in the past remain effective in the event of a revocation.
Our website enables payment via Klarna. The payment service provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
The transfer of your data to Klarna is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You may revoke your consent at any time. Data processing operations in the past remain effective in the event of a revocation.
Our website enables payment via “Sofortüberweisung.” The provider of the payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich.
With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations.
When paying by “Sofortüberweisung”, your PIN and TAN are transmitted to Sofort GmbH. The payment provider then logs into your online banking account, automatically checks your account balance and makes the transfer. This is followed by an immediate transaction confirmation. Your turnover, the credit limit of your overdraft facility and the existence of other accounts and their balances are also checked automatically after logging in.
In addition to PIN and TAN, the transmission to Sofort GmbH also includes payment data and personal data. Your personal data includes first and last name, address, telephone number(s), e-mail address, IP address and, if necessary, other data required for payment processing. This data transfer is necessary in order to establish your identity beyond doubt and to prevent fraud attempts.
The transmission of your data to Sofort GmbH is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the fulfilment of a contract). You may revoke your consent at any time. Data processing operations in the past remain effective in the event of a revocation.
On this website we offer, among other things, payment with the services of Stripe. The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).
The transmission of your data to Stripe takes place on the basis of Art. 6 (1) lit. b DSGVO (contract processing) as well as on the basis of our legitimate interest in using reliable and secure payment processes (Art. 6 (1) lit. f DSGVO).