Privacy policy
With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender-specific.
Status: February 15, 2021
Table of contents
1. controller
2. overview of the processing operations
3 Relevant legal bases
4. security measures
5. data processing in third countries
6. use of cookies
7. making contact
8. online marketing
9. presence in social networks (social media)
10. deletion of data
11. modification and updating of the privacy policy
12. definitions of terms
1. responsible person
Liliana Toro
Staelsfeld 62A
45259 Essen, Germany
E-mail address: info@liebekiste.de
2. overview of the processing operations
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
Inventory data (e.g. names, addresses).
Content data (e.g. entries in online forms).
Contact data (e.g. e-mail, telephone numbers).
Meta/communication data (e.g. device information, IP addresses).
Usage data (e.g. websites visited, interest in content, access times).
Categories of data subjects
Interested parties.
Communication partners.
Users (e.g. website visitors, users of online services).
Purposes of the processing
Conversion measurement (measurement of the effectiveness of marketing measures).
Interest-based and behavioral marketing.
Contact requests and communication.
Profiling (creation of user profiles).
Remarketing.
Reach measurement (e.g. access statistics, recognition of returning visitors).
Tracking (e.g. interest/behavioral profiling, use of cookies).
3. Relevant legal bases
In the following, we inform you of the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, the national data protection regulations in your or our country of residence and domicile may apply. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.
*Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.
*Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
*Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. The data protection laws of the individual federal states may also apply.
4. Security Measures
In accordance with the legal requirements, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability and separation. We have also put in place procedures to ensure that the rights of data subjects are exercised, that data is deleted and that data is endangered. We also take into account the protection of personal relationships.
5. Data processing in third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Subject to explicit consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).
6. Use of cookies
Cookies are text files containing data from visited websites or domains that are stored on the user's computer by a browser. A cookie is primarily used to store information about a user during or after his visit within an online offer. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or the place where a video was watched. The term cookies also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also known as "user IDs").
The following types of cookies and functions are distinguished:
* Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.
* Persistent cookies: Persistent cookies remain stored even after you close your browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Similarly, the interests of users used for reach measurement or marketing purposes may be stored in such a cookie.
* First-party cookies: First-party cookies are set by ourselves.
* Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
* Necessary (also: essential or absolutely necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).
* Statistics, marketing and personalisation cookies: Furthermore, cookies are usually also used in the context of reach measurement and when a user's interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used to show users, for example, content that corresponds to their potential interests. This procedure is also known as "tracking", i.e. tracking the potential interests of users. If we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or as part of obtaining consent.
Information on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or if the use of cookies is necessary to fulfil our contractual obligations.
Storage period: Unless we provide you with explicit information on the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.
General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out"). You can first declare your objection by means of the settings of your browser, e.g. by deactivating the use of cookies (whereby this may also limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further objection notices as part of the information on the service providers used and cookies.
Processing of cookie data on the basis of consent: We use a cookie consent management procedure in which the consent of the users to the use of cookies, or the processing and providers mentioned in the context of the cookie consent management procedure, can be obtained, as well as managed and revoked by the users. In this case, the declaration of consent is stored in order not to have to repeat its query again and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. A pseudonymous user identifier is formed and stored at the time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used.
* Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
* Data subjects: Users (e.g. website visitors, users of online services).
* Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
7. Contacting us
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the details of the enquiring persons will be processed insofar as this is necessary to answer the contact enquiries and any measures requested.
The response to contact enquiries within the framework of contractual or pre-contractual relationships is carried out in order to fulfil our contractual obligations or to answer (pre-)contractual enquiries and otherwise on the basis of the legitimate interests in answering the enquiries.
* Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
* Data subjects: Communication partners.
* Purposes of processing: contact requests and communication.
* Legal bases: Performance of a contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
8. Online marketing
We process personal data for online marketing purposes, which may include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar processes are used to store the information about the user relevant to the presentation of the aforementioned content. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on times of use. If users have consented to the collection of their location data, this can also be processed.
The IP addresses of the users are also stored. However, we use available IP masking methods (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of the users (such as e-mail addresses or names) is stored in the context of the online marketing process, but pseudonyms. This means that we, as well as the providers of the online marketing methods, do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by similar methods. These cookies can later be read out and analysed for the purpose of displaying content on other websites that use the same online marketing process, as well as supplemented with further data and stored on the server of the online marketing process provider.
Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing methods we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent during registration.
As a matter of principle, we only have access to aggregated information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e. e.g., to the conclusion of a contract with us. Conversion measurement is used solely to analyze the success of our marketing efforts.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
Notes on legal bases: If we ask users for their consent to the use of the third-party providers, the legal basis for processing data is consent. Otherwise, the users' data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
* Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
* Data subjects: Users (e.g. website visitors, users of online services), interested parties.
* Purposes of processing: Tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, conversion measurement (measuring the effectiveness of marketing measures), interest-based and behavioural marketing, profiling (creating user profiles), reach measurement (e.g. access statistics, recognition of returning visitors).
* Security measures: IP masking (pseudonymization of the IP address).
Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
* Opt-out: We refer to the data protection information of the respective providers and the options for objection provided for the providers (so-called "opt-out"). Unless an explicit opt-out option has been specified, there is the possibility that you switch off cookies in the settings of your browser. However, this may limit the functions of our online offer. We therefore also recommend the following opt-out options, which are offered collectively for the respective territories: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territorial: https://optout.aboutads.info.
Services and service providers used:
* Google Analytics: online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.
9. Presence in social networks (social media)
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the area of the European Union. This can result in risks for users, for example, because it could make it more difficult to enforce the rights of users.
Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on the user behavior and the resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the user's usage behaviour and interests are stored. Furthermore, data may also be stored in the user profiles regardless of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.
* Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
* Data subjects: Users (e.g. website visitors, users of online services).
* Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing.
* Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
10. Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents to processing are revoked or other permissions cease to apply (e.g. if the purpose of the processing of this data has ceased to apply or if it is not necessary for the purpose).
Unless the data is deleted because it is necessary for other and legally permissible purposes, its processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or the storage of which is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
Further information on the deletion of personal data can also be provided in the individual data protection notices of this privacy policy.
11. Changes and updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as the changes in the data processing we carry out make it necessary. We will inform you as soon as the changes require you to cooperate (e.g. consent) or other individual notification.
If we provide addresses and contact information for companies and organizations in this data protection declaration, please note that the addresses may change over time and ask you to check the information before contacting us.
12. Definitions of terms
This section provides an overview of the terms used in this data protection declaration. Many of the terms are taken from the law and are defined primarily in Article 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily to provide understanding. The terms are sorted alphabetically.
* IP masking: “IP masking” is a method in which the last octet, i.e. the last two numbers of an IP address, is deleted so that the IP address can no longer be used to uniquely identify a person Therefore, IP masking is a means of pseudonymizing processing procedures, especially in online marketing
* Interest-based and behavioral marketing: Interest- and/or behavioral marketing occurs when users' potential interests in advertisements and other content are predetermined as accurately as possible. This is done based on information about their previous behavior (e.g. visiting and staying on certain websites, purchasing behavior or interaction with other users), which is stored in a so-called profile. Cookies are usually used for these purposes.
* Conversion measurement: Conversion measurement (also known as “visit action evaluation”) is a procedure that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures take place and then accessed again on the target website. For example, we can understand whether the advertisements we placed on other websites were successful.
* Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
* Profiling: "Profiling" refers to any type of automated processing of personal data, which consists in using these personal data to identify certain personal aspects relating to a natural person (depending on the type of profiling, this may include information relating to age, gender, location data and movement data, interaction with websites and their content, shopping behavior, social interactions with other people) to analyze, evaluate or predict them (e.g. interests in certain content or products, click behavior on a website or the location). Cookies and web beacons are often used for profiling purposes.
* Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include the behavior or interests of visitors in certain information, such as the content of websites. With the help of reach analysis, website owners can, for example, identify at what time visitors visit their website and what content they are interested in. This allows you, for example, to better adapt the content of the website to the needs of your visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyzes of the use of an online offering.
* Remarketing: “Remarketing” or “retargeting” is used when, for example, for advertising purposes, it is noted which products a user was interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements .
* Tracking: “Tracking” refers to when the behavior of users can be tracked across multiple online offerings. As a rule, behavioral and interest information is stored in cookies or on the servers of the tracking technology providers with regard to the online offerings used (so-called profiling). . This information can then be used, for example, to show users advertisements that are likely to match their interests.
* Responsible person: The “responsible person” is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
* Processing: “Processing” means any operation or series of operations relating to personal data, carried out with or without the aid of automated procedures. The term is wide-ranging and includes practically every handling of data, be it collecting, evaluating, storing, transmitting or deleting.
Questions for the data protection officer
If you have any questions about data protection, please email us.
The data protection declaration was created using the data protection declaration generator from datenschutz-generator.de.