privacy

  1. Introduction

With the following information, we would like to provide you, as a "data subject," with an overview of how we process your personal data and your rights under data protection laws. In principle, you can use our website without providing any personal data. However, if you wish to use special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to "Datenschutz Consulting GmbH". This privacy policy is intended to inform you about the scope and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. However, internet-based data transmissions can fundamentally have security vulnerabilities, meaning absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or mail.

  1. Responsible

The controller within the meaning of the GDPR is:

Daniel Dill
Railway Route 3
91785 Pleinfeld
Germany
dill@warenpoint.de

  1. Data Protection Officer

You can contact our data protection officer via this FORM or via the contact details above, addressed to the data protection officer.

Affected persons can contact us or our data protection officer at any time with any questions or suggestions regarding data protection.

  1. Legal basis for processing

Article 6 paragraph 1 letter a GDPR (in conjunction with Section 15 paragraph 3 TMG) ​​serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, then the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, such as in cases of inquiries about our products or services.

If our company is subject to a legal obligation which necessitates the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details, or other vital information had to be disclosed to a doctor, hospital, or other third party. In such a case, the processing would be based on Article 6(1)(d) GDPR.

Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted in particular because they have been specifically mentioned by the European legislator. The legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, second sentence, GDPR).

  1. Transfer of data to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

  1. You have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  2. The transfer of your data is permissible under Article 6(1)(f) GDPR for the purposes of our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred.
  3. in the event that there is a legal obligation to disclose the data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, as well as
  4. This is legally permissible and necessary for the performance of a contract with you in accordance with Article 6(1)(b) GDPR.

To protect your data and, if necessary, to allow us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the standard contractual clauses of the European Commission.

  1. Technology

6.1 SSL/TLS encryption

This page uses for Warranty For the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that "https://" appears in the browser's address bar instead of "http://" and by the padlock symbol in your browser's address bar.

We use this technology to protect your transmitted data.

6.2 Data collection when visiting the website

When you use our website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (in so-called "server log files"). Our website collects a range of general data and information each time a page is accessed by you or an automated system. This general data and information is stored in the server's log files. The following data may be collected:

  1. browser types and versions used
  2. the operating system used by the accessing system,
  3. the website from which an accessing system reaches our website (so-called referrer),
  4. the subpages which are accessed via an accessing system on our website,
  5. the date and time of access to the website,
  6. a shortened Internet Protocol address (anonymized IP address),
  7. the Internet service provider of the accessing system.

We do not draw any conclusions about you personally when using this general data and information. Rather, this information is needed to

  1. to deliver the content of our website correctly,
  2. to optimize the content of our website and the advertising for it,
  3. to ensure the continued functionality of our IT systems and the technology of our website, as well as
  4. to provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes of data collection listed above.

  1. Cookies

7.1 General information about cookies

We use cookies on our website. These are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie stores information related to the specific device being used. However, this does not mean that we thereby gain direct knowledge of your identity.

The use of cookies serves, among other things, to make your use of our website more convenient. For example, we use so-called session cookies to recognize that you have already visited certain pages of our website. These are automatically deleted when you leave our site.

Furthermore, we also use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specific, predetermined period. When you revisit our site to use our services, it is automatically recognized that you have already been here and what entries and settings you have made, so you don't have to enter them again.

Secondly, we use cookies to statistically record the use of our website and to evaluate this data in order to optimize our services for you. These cookies allow us to automatically recognize that you have already visited our site when you return. These cookies are automatically deleted after a defined period of time.

7.2 Legal basis for the use of cookies

The data processed by cookies, which are required for the proper functioning of the website, are therefore necessary to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a GDPR.

  1. Content of our website

8.1 Data processing when opening a customer account and for contract processing

In accordance with Article 6(1)(b) of the GDPR, personal data is collected and processed when you provide it to us for the performance of a contract or when opening a customer account. The specific data collected is evident from the respective input forms. You can delete your customer account at any time by sending a message to the data controller's address provided above. We store and use the data you provide for contract processing. After complete contract fulfillment or deletion of your customer account, your data will be blocked in accordance with tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use your data as permitted by law, about which we will inform you accordingly below.

8.2 Contact / Contact Form

When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected via a contact form is indicated on the form itself. This data is stored and used solely for the purpose of responding to your inquiry, contacting you, and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry, pursuant to Article 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted after your inquiry has been fully processed. This is the case when it is clear from the circumstances that the matter has been resolved and provided that no statutory retention obligations apply.

10. Your rights as a data subject

10.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

10.2 Right of access Art. 15 GDPR

You have the right to obtain from us, at any time and free of charge, information about the personal data stored about you and a copy of this data in accordance with the legal provisions.

10.3 Right to rectification Art. 16 GDPR

You have the right to request the correction of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

10.4 Deletion Art. 17 GDPR

You have the right to request that we delete your personal data without undue delay, provided that one of the legally stipulated grounds applies and insofar as the processing or storage is not necessary.

10.5 Restriction of processing Art. 18 GDPR

You have the right to request that we restrict the processing of your data if one of the legal requirements is met.

10.6 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

10.7 Objection Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) of Article 6(1) (processing in the public interest) or point (f) of Article 6(1) (processing based on legitimate interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

In certain cases, we process personal data for direct marketing purposes. You can object to the processing of your personal data for such marketing at any time. This also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Furthermore, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free, in connection with the use of information society services and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

10.8 Revocation of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

10.9 Complaint to a supervisory authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

11. Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by the legal regulations to which our company is subject.

If the purpose for which the data was stored ceases to exist or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

12. Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective statutory retention period. After this period expires, the corresponding data is routinely deleted, unless it is still required for the performance of a contract or for initiating a contract.

13. Updates and Changes to the Privacy Policy

This privacy policy is currently valid and was last updated in April 2021.

Due to the ongoing development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be viewed on the website at any time.