Section 1 Information about the Collection of Personal Data
(1) In the following we inform you about the collection of personal data when using our website. Personal data means all data that relate directly to you, for example, your name, address, email addresses and user behaviour.
(2) The controller according to Art. 4(7) EU General Data Protection Regulation (GDPR) is Merkur Expo Logistics GmbH, Rheinstrasse 2, 65760 Eschborn, managing director Gernot Iven (see our imprint).
(3) When you contact us by email or using a contact form, we will store the data provided by you (your email address, your name and your telephone number, if applicable) to answer your questions. We delete the data collected in this context after its storage is no longer required, or limit processing if there are statutory retention obligations.
(4) If we use commissioned service providers for individual functions of our offering or would like to use your data for advertising purposes, we will inform you below in detail about the respective transactions. At the same time, we will also state the specified criteria for the retention period.
Section 2 Your Rights
(1) With regard to your personal data, you have the following rights towards us:
- right of access,
- right to rectification or erasure,
- right to the restriction of processing,
- right to object to processing,
- right to data portability.
(2) You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.
Section 3 Collection of Personal Data when Visiting our Website
(1) If the use of our website is merely informative, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website we collect the following data, which is technically necessary to enable us to display our website and ensure its stability and security (legal basis is point (f) of Art. 6(1) GDPR):
- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of the request (specific page)
- access status/HTTP status code
- data volume transferred in each instance
- website from which the request originates
- operating system and its interface
- language and version of the browser software.
(2) In addition to the aforementioned data, cookies will be saved on your computer when you use our website. Cookies are small text files that are stored on your hard drive, as assigned accordingly by the browser that you use, and which allow the entity that places the cookie (in this case, us) to then receive certain information. Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make the overall web offering more user-friendly and effective.
- a) This website uses the following types of cookies, the scope and functionality of which are explained as follows:
o transient cookies (see b)
o persistent cookies (see c).
- b) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called “session ID”, by which various requests from your browser can be assigned to the shared session. This will allow your computer to be recognised if you return to our website. Session cookies are erased as soon as you log out or close your browser.
- c) Persistent cookies are automatically erased after a set period of time, which may differ depending on the cookie. In the security settings of your browser you can delete cookies at any time.
- d) You can configure your browser setting according to your requirements and can, for example, decline the acceptance of third-party cookies or any cookies at all. Please note that in this case, you may not be able to use all the functions of this website.
- e) Furthermore, we use HTML5 storage objects, which are stored on your terminal. These objects store the necessary data independent of the browser you’re using, and do not have an automatic expiry date. You can prevent the use of HTML5 storage objects by setting your browser to private browsing mode. We additionally recommend that you regularly erase your cookies and browser history manually.
Section 4 More Functions and Offers of our Website
(1) Besides the use of our website for mere information purposes, we offer different services that you can use if you are interested. To do so, you usually have to provide more personal data that we use to render the relevant service and to which the data processing principles specified above apply.
(2) To process your data, we sometimes make use of external service providers. These service providers have been carefully selected and commissioned by us, are bound by our instructions, and are checked at regular intervals.
(3) Apart from that, we may forward your personal data to third parties if we offer the participation in campaigns, competitions, contract conclusions or similar services together with partners. More detailed information is provided when you provide your personal data, or below in the description of the offer.
(4) If our service providers or partners have their registered office in a state outside the European Economic Area (EEA), we shall inform you on the consequences of that in the description of the offer.
Section 5 Objection or Withdrawal of Consent to the Processing of Your Data
(1) If you have provided us with your consent to the processing of your data, you may withdraw that consent at any time. Such a withdrawal affects the legitimacy of the processing of your personal data after it has been declared.
(2) Where we justify the processing of your personal data on the basis of a weighing of interests, you may submit an objection to the processing. This is particularly relevant to cases in which the processing is not necessary for fulfilling a contract with you, which we will clarify in each case in the following description of the functions. When exerting such right to object, we ask you to explain the reasons why we should not process your personal data as we do. In the case of your justified objection, we check the facts and either discontinue the data processing, and/or adjust it, or give you our compelling legitimate grounds, on the basis of which we shall continue the processing.
(3) It goes without saying that you can object to the processing of your personal data for marketing and data analysis purposes at any time. You can inform us of your objection to processing for advertising purposes via the following contact details: email@example.com
Section 6 Using our Online Shop
(1) If you would like to place an order in our online shop, it is absolutely necessary for contract conclusion that you provide us with the personal data we require to process your order. The mandatory fields necessary for processing the contracts are marked; other information can be given voluntarily. We use the data provided by you to process your order. To do so, we may pass on your payment data to our bank or our payment service provider. The legal basis here is point (b) of Art. 6(1) GDPR.
We may also use the data provided by you to inform you of other interesting products from our range or to send you emails with technical information.
(2) Due to commercial and tax law provisions, we are obliged to retain your address, payment and order data for a period of ten years. Nevertheless, we restrict processing after two years, i.e. your data will be used only for compliance with the legal obligations.
(3) To prevent unauthorised third-party access to your personal data, in particular financial data, the order process is encrypted using TLS technology (T 1.2).
(4) The processing of credit card payments or immediate transfer is carried out by our external payment service provider, Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany, telephone: +49 69 7922-0, fax: +49 69 7922-4500, email: firstname.lastname@example.org, represented by their managing directors Jana Brendel and Carsten Höltkemeyer. Concardis GmbH is an international payment institution in the sense of the Zahlungsdiensteaufsichtsgesetz(ZAG)[German Payment Service Supervision Act] and is approved and supervised by the German Federal Financial Supervisory Authority (Registry number: 122964). In the course of this, the data required to process payment (first and last name, street, house number, postcode, location, telephone number) as well as data in connection with the order is forwarded to Concardis. All payment data as well as data on potential reversals is only stored for as long as is necessary to process payment (including the processing of possible return debits and the collection of receivables) and for anti-abuse measures. In general, the data is erased at the latest 13 months after collection. Furthermore, additional storage may be carried out, if and for as long as is required in order to comply with the statutory retention period or to prosecute a specific case of abuse. The legal basis for data processing is point (f) of Art. 6(1) of the General Data Protection Regulation. You can request access and, if appropriate, rectification or erasure as well as the restriction of the processing of your data and/or object to the processing of your data. Should you have questions about the data processing carried out by Concardis or wish to assert your aforementioned rights, you can contact the Data Protection Officer at the address referred to or by email at Datenschutzbeauftragter@concardis.com.
In addition, you have the right to lodge a complaint with a supervisory authority (in Germany with the State Data Protection Officer). Please note that the provision of payment data is neither required by law nor by contract. You may use an alternative payment method (e.g. cash) if you do not wish to provide your payment details.