Privacy Notice

Privacy policy

1. Preliminary remark

The following data protection declaration applies to the use of the website www.niggeloh-shop.de (hereinafter referred to as "website").

The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (DSGVO), which is the relevant legal basis for this from 25.05.2018. We collect and process your personal data in order to be able to offer you the above-mentioned website, combined with shopping in the online shop there. This statement describes how, for how long and for what purpose your data is collected and used and what choices (see chapter 10.) you have in connection with personal data.

Explanation of terms (selection, abbreviated, for simplicity we only quote the masculine form): "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject" or "user"), e.g. name, address, e-mail address or telephone number. According to the Federal Court of Justice ruling of May 2017, IP addresses are also personal data. "Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means.

For full definitions, see the Regulation.

2. name and address of the controller

The controllerwithin the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

 

Niggeloh GmbH
Kaiserstraße 155
42477 Radevormwald, Germany

Managing directors: Fritz Niggeloh and Michael Brügger
Tel.: 02195 92992-0
E-mail: kontakt@niggeloh-shop.de
Website: www.niggeloh-shop.de

Contact details of the company data protection officer:

Niggeloh GmbH
Data protection officer
Kaiserstraße 155
42477 Radevormwald
Tel.: 02195 92992-0
E-mail: datenschutz@niggeloh.de

3. General information on data processing

3.1 Scope of the processing of personal data

As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functioning web shop as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the users.

3.2 Storage period and legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", e.g. the web hoster who operates the server for this website, this is done on the basis of Art. 28 GDPR.
Unless specifically stated, we only store personal data for as long as necessary to fulfil the purposes pursued or as required by law.

4. Provision of the website and creation of log files

Each time our website is called up, our system automatically records data and information from the computer system of the calling computer. The storage in log files takes place in order to maintain the functionality of the website and to ensure the security of our information technology systems.

The following data is collected:

Information about the type of browser and the version used.
The user's operating system
Special actions, such as the submission of form entries
The IP address of the user and the user's internet service provider
Date and time of access
Websites from which the user's system accesses our website (referrer URL)
Websites accessed by the user's system via our website
This data is not stored together with other personal data of the user. We use this protocol data for statistical evaluations for the purpose of the operation, security and optimisation of our online offer, but also for the anonymous recording of the number of visitors to our website (traffic) and to determine the use of our website and services.

For security reasons (e.g. to investigate hacker attacks), we store these server log files for a maximum of 30 days, after which these log files are deleted. However, if there are concrete grounds for suspicion that require further storage to preserve evidence, such data are excluded from deletion until final clarification.

The legal basis for the temporary storage of the log files is Art. 6 para. 1 lit. f DSGVO. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

5. Use of cookies

5.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters (cookie ID) that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. For example, language settings or log-in data may be stored in cookies. Some elements of our website require that the calling browser can be identified even after a page change.

We also use cookies on our website that allow us to analyse the surfing behaviour of users. In this way, the following data can be transmitted, for example:

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

When calling up our website, the user is informed by an information banner about the use of cookies for statistical analysis purposes and is given the option to refuse. The info banner also contains a link to this privacy policy.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn which components of our website are used and how, and can thus continuously optimise our offer.
These purposes are also our legitimate interest in processing the personal data in accordance with Art. 6 Para. 1 lit. f GDPR.

5.2 Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his consent in this regard.

5.3 Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

You can find out how to manage (including deactivating) cookies in the most important browsers by clicking on the links below:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
Edge: https://microsoftedge.microsoft.com/addons/detail/disable-cookies/
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

6. Registration

6.1 Registration / creation of a customer account

In order to save you the repeated entry of your data for order processing for subsequent purchases on our website, you can register as a user on our website and create a password-protected customer account. The data is entered in an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process:

6.2 Orders via a guest account

You can also place an order on our website without registering and creating a customer account. In this case, only the information required to process the order (e.g. your first and last name, your delivery address and, if applicable, a different billing address, your e-mail address as well as required payment information, delivery modalities and order information) will be collected.

6.3 Purpose of data collection and storage period

The data provided by you is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures. Without this data, we cannot conclude the contract with you.

The data collected is also necessary in order to

No data is transferred to third parties, with the exception of the transfer to the processing bank / payment service provider for the purpose of debiting the purchase price, to the transport company / shipping company commissioned by us for the delivery of the goods and to our tax advisor for the fulfilment of our tax obligations.

 

6.4 Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. Since registration serves to initiate and subsequently fulfil a contract to which the user is a party, the additional legal basis for processing the data is Art. 6 para. 1 lit. b GDPR.

6.5 Storage period, possibility of objection and elimination

After the shopping process has been cancelled, the data stored by us will be deleted. In the event of a completed contract, all data from the contractual relationship will be stored until the expiry of the retention period under tax law. As a user, you nevertheless have the option of cancelling your registration, i.e. deleting your customer account, at any time under "my account". You can also change your data there. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

7. Contact form and e-mail contact

7.1 Description and scope of data processing

Our website contains a contact form which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us by e-mail and stored. These data are:

 

The processing of the personal data from the input mask serves us solely to process the contact and, if necessary, the further conversation. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

7.2 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

7.3 Possibility of objection and removal

The user has the possibility at any time to revoke his or her consent to the processing and storage of personal data by e-mail, via the contact form or by any other means of communication. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

8. Use of YouTube

On our website, we use the function for embedding YouTube videos of YouTube LLC. (901 Cherry Ave., San Bruno, CA 94066, USA; "YouTube").
YouTube is a company affiliated with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").

The function displays videos stored on YouTube in an iFrame on the website. The option "Extended data protection mode" is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video is information about it transmitted to YouTube and stored there.

For more information on the collection and use of data by YouTube and Google, your rights in this regard and ways to protect your privacy, please refer to YouTube's privacy policy (https://www.youtube.com/t/privacy).

9. rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:

10.1 Right of access

You are entitled to request information about your personal data processed by us. About the source of the data, processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data is disclosed, about the planned storage period and the criteria for determining the storage period. Likewise, you have the right to information about the existence of automated decision-making, including profiling, as well as information about what guarantees exist in accordance with Art. 46 of the GDPR when your data is transferred to third countries.

10.2 Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must make the rectification without undue delay.

10.3 Right to restriction of processing or blocking of your data

You have the right to request the restriction of the processing of personal data concerning you. Thereafter, this data may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

10.4 Right to erasure ("right to be forgotten").

You may request the controller to erase your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

10.5 Right to information

If you have exercised the right to rectification, erasure or restriction of processing, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

10.6 Right to data portability

You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

10.7 Right to revoke your declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

10.8 Right of objection

In the event that your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data, insofar as there are grounds for doing so which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to kontakt@niggeloh-shop.de.

10.9 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

10.10. Links to the supervisory authorities

Links to all state data protection commissioners can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

11. Data security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities. Your personal data is always transmitted in encrypted form. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Unfortunately, complete protection of data against access by third parties is not technically possible.

In order to secure your data and to maintain its confidentiality, we maintain technical and organisational security measures, which we constantly adapt to the state of the art.
However, we cannot guarantee that our online service will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.