- Home /
- Privacy Statement
Data Protection Statement
We attach the greatest importance to the protection of your data and the safeguarding of your privacy. As a consequence, we would now like to inform you about the collection and use of your personally identifiable data when using our web page.
This translation is for information purposes only and has no legal status. In the case of dispute, German Law will apply, unless superseded by European Law.
Below we inform you about the processing of your personal data by us. Personal data within the meaning of Article 4 GDPR is all information that relates to an identified or identifiable natural person (e.g. name, address, telephone number, e-mail, invoices, bank details, etc. and your user behavior). 1. Contact Information Name and contact details of the person responsible for processing This data protection information applies to data processing by: Responsible: Waphi GmbH Represented by: Stefan Hirsch, Christian Philipp Address: Wiesenweg 59, 52072 Aachen Email: email@example.com Telephone: +49 2407 5548676 2. Lawfulness of processing personal data In principle, we only collect and use personal data from our users to the extent that this is necessary to provide a functioning website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which prior consent cannot be obtained for actual reasons or the processing of the data is permitted by statutory provisions. According to Article 6 of the General Data Protection Regulation (GDPR), the processing of personal data is lawful if one or more of the following points are met: - You have given your express consent to the processing in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR, - the processing is necessary according to Article 6 Paragraph 1 S. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request, - there is a legal obligation on our part for the processing according to Article 6 Paragraph 1 Clause 1 Letter c GDPR, - the processing is necessary to protect your vital interests or those of another natural person, Article 6 (1) sentence 1 lit. d GDPR, - the processing is required pursuant to Art. 6 (1) sentence 1 lit. e GDPR for the performance of a task that is in the public interest or in the exercise of official authority that has been assigned to us, - the processing is necessary according to Article 6 Paragraph 1 Clause 1 Letter f GDPR to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail.
3. Collection and storage of personal data as well as type and purpose of their use As part of the use of our website, we can process personal data from the users of our website (this can be customers, interested parties and visitors to our website), such as contact data, usage data and communication data. This is done, among other things, for the purpose of providing a functioning online offer, communicating with the users of our website, processing contact requests or customer inquiries and for the purpose of fulfilling the contract. Furthermore, data can be collected and processed for marketing purposes. In the following we explain to you which of your data can be collected and processed and for what purpose.
Contract initiation/contract fulfillment We process such personal data that we receive as part of pre-contractual inquiries and as part of our business relationship. For example, the following personal data can be recorded and processed by us: title, first name and surname, address, telephone number, e-mail address, IBAN / credit card number and check digit (only if this is necessary to process the payments). Furthermore, data can be passed on to third parties (see point 5 "Transfer of data to third parties" in this data protection declaration). The processing and storage of your transmitted data takes place on the basis of Article 6 Paragraph 1 Sentence 1 lit. In the other cases, we process and store your data with your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR and based on our legitimate interest in processing the request addressed to us in accordance with Article 6 Paragraph 1 Clause 1 lit. f GDPR.
When using our contact form If you have any questions, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a first and last name and a valid e-mail address so that we know who sent the request and can answer it. If necessary, the telephone number can be given voluntarily. The processing and storage of your transmitted data takes place on the basis of Article 6 (1) sentence 1 lit. b GDPR for the purpose of processing your request. Furthermore, we process your data with your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR and based on our legitimate interest in processing the request addressed to us in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR. 4. Duration of Storage and Data Deletion In principle, we only store personal data until the purpose for which you have entrusted us with the data has been fulfilled. After that, the data will be permanently deleted. However, if there are legal retention periods for the storage of personal data, we store them for as long as we are legally obliged to do so. Such obligations regularly result from legal proof and storage obligations, which are regulated in the Commercial Code and the Tax Code, for tax purposes, e.g. ten years. After the legal retention period has expired, the data will be permanently deleted. Any consent given to the processing and storage of your personal data in accordance with Article 6 Paragraph 1 Sentence 1 lit. Further rights, through which we can be prohibited from processing your personal data, result from Art. 21 Para. 1 and Para. 2 DSGVO. Information on the resulting right of objection can be found in this data protection declaration under section 14 "Right of objection".
5. Disclosure of Data to Third Parties We only pass on your personal data to third parties if: - you have given your express consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR, - disclosure pursuant to Article 6 Paragraph 1 Clause 1 Letter f GDPR is necessary to protect our legitimate interests or those of a third party, such as for the exercise, defense or assertion of legal claims, unless your interests or fundamental rights and freedoms require protection of personal data prevail, - in the event that there is a legal obligation for the transfer according to Art. 6 Para. 1 S. 1 lit. c DSGVO, - This is permitted by law and is required according to Article 6 Paragraph 1 Sentence 1 lit. b GDPR for the processing of contractual relationships with you, such as the transfer of address data to a transport company. Likewise, data can be passed on to a drop shipper, who then sends the goods to you on our behalf. If you order goods that are to be sent to an address other than yours, this is done on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 lit - in accordance with Article 6 Paragraph 1 Clause 1 Letter b GDPR for the purpose of payment processing to the payment service provider commissioned with payment processing and in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR within the scope of our legitimate interests, reliable and to be able to offer secure payment processes. If necessary, an order processing contract was concluded with the service provider used in accordance with Article 28 (3) sentence 1 GDPR. In the event that the customer's personal data is processed in a third country (outside the EU), this is done within the framework of the customer's previously given consent, in the context of the fulfillment of the contract or due to existing legal obligations. The possible transfer takes place in compliance with the legal requirements. In particular, the provisions of Art. 44 to Art. 49 GDPR apply here.
6. Hosting This website is hosted by an external service provider. Personal information collected on this website is stored on the host's servers, possibly in the United States. This can be v. a. IP addresses, contact requests, communication data, contract data, contact data, website access and other data generated via a website. Our hoster will only process your data to the extent that this is necessary to fulfill its performance obligations and will follow our instructions in relation to this data. An order processing contract was concluded with the hoster in accordance with Article 28 Paragraph 3 Sentence 1 GDPR. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers in accordance with Article 6 Paragraph 1 lit. b GDPR and in the interest of a secure, fast and effective provision of our online offer in accordance with Article 6 Paragraph 1 Clause 1 lit. f GDPR. Hoster: maxcluster We host our website via the service provider maxcluster, maxcluster GmbH, Lise-Meitner-Str. 1b, 33104 Paderborn, Germany. You can find more information on maxcluster data protection at: https://maxcluster.de/datenschutz
8. Payment Providers The processing of personal data by a payment service provider takes place on the basis of Article 6 Paragraph 1 Clause 1 Letter b GDPR for the purpose of contract processing and only to the extent necessary and within the scope of our legitimate interests in accordance with Article 6 Paragraph 1 Clause. 1 lit. f GDPR to be able to offer you reliable and secure payment processes. The respective payment provider is responsible for the data protection-compliant handling of the data collected and processed by the payment provider. PayPal When paying using a payment method provided by PayPal (direct debit, credit card, installment payment or purchase on account), the payment is processed via the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal” for short). If you choose a PayPal payment method, you will be redirected to the PayPal website. For the use of this service, PayPal collects, processes and stores the transaction data, such as the amount paid, technical usage data and location data. PayPal reserves the right to carry out a credit check for the above payment methods. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR on the basis of PayPal's legitimate interest in determining your solvency. For more information on data protection law, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full Credit card When paying by credit card, we collect and process the personal data required to process the payment, such as your name, the credit card number, the validity period of the credit card and the check digit, and pass this on to your credit card company for billing.
debit charge With the direct debit payment option, you give us a SEPA direct debit mandate. The direct debit mandate must contain the following information: designation of the payee, a creditor identification number (CI), name of the customer (payer), Designation of the customer's bank (payer) and Customer identifier (IBAN of the payer). Based on the authorization you have given, we instruct our bank to collect the invoice amount from your account. Our bank reports the collection to your bank, which in turn initiates the corresponding credit. 9. Credit Checks In the case of the "invoice" payment method, we can call up creditworthiness information from specialized financial service providers (credit agencies) for the purpose of credit checking and creditworthiness monitoring when concluding contracts on the basis of Article 6 Paragraph 1 Sentence 1f GDPR. This interest is to be regarded as legitimate within the meaning of the aforementioned provision. The data stored by the respective credit agency is processed for legitimate reasons of creditor and credit protection, which regularly outweigh your interests, rights and freedoms, or serves to assert, exercise or defend legal claims.
10. Analytics Services The tracking measures listed below and used by us are carried out on the basis of your consent in accordance with Article 6 (1) sentence 1 lit. a GDPR or on the basis of our legitimate interests in accordance with Article 6 (1) sentence 1 lit. f DSGVO carried out. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. If necessary, an order processing contract was concluded with the service provider used in accordance with Article 28 (3) sentence 1 GDPR. Responsibility for data protection-compliant operation is to be guaranteed by their respective providers. You can prevent the storage of cookies by setting the browser software accordingly. However, we would like to point out that in this case not all functions of this website may be fully usable. If no other information is given on the storage period, the data will be stored for a period of two years and then deleted.
Google Analytics We use Google Analytics on our website. The company responsible is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies" (see Section 7 "Cookies"). The information generated by the cookies about the use of this website is transmitted directly to a Google server, possibly in the USA, and stored there. We have the IP -Anonymization activated on this website, so that the IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in transferred to the USA and shortened there.On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator as part of Google Analytics from your browser The IP address provided will not be merged with other Google data. The storage period of the collected personal data is 14 months. The data will be deleted after the storage period has expired. You can also prevent Google from collecting the data generated by the cookie and related to the use of the website (including the IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de If you do not agree to the display of advertising, you can deactivate it: https://www.google.com/settings/ads/onweb Further information on Google's data protection declaration and usage information is available at: https://policies.google.com/privacy
11. Social Media Services We use social media plugins on our website on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR in order to make our website better known. Responsibility for data protection-compliant operation is to be guaranteed by their respective providers. If you call up a page on our website that contains a social media plugin, your browser establishes a direct connection to the servers of the respective provider, possibly in the USA. The content of the plugin (including your IP address) is transmitted directly to your browser by the respective provider and integrated into the page. Through this integration, the provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have a customer profile or are not currently logged in to the respective provider. If you are logged in to a provider, they can immediately assign your visit to our website to your user account. If you interact with the plugins, for example by pressing a button, this information is also transmitted directly to a server of the respective provider and stored there. The information is also published on your user account and displayed to your contacts there. The respective provider can use this information for the purpose of advertising, market research and the needs-based design of its pages. If you do not want the provider to directly assign the data collected via our website to your user account, you must log out of the respective provider before you visit our website. We would like to point out that we, as the operator of the website, have no knowledge of the content of the data transmitted or how it is used by the respective provider.
13. Data subject rights You have the right: - to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details; - in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us; - to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required; - pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need them to assert them, You need to exercise or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR; - in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible; - according to Art. 7 Para. 3 DSGVO, to revoke your consent given to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future and - according to Art. 77 DSGVO to complain to a supervisory authority if you believe that the processing of your personal data has been unlawful. As a rule, you can contact the supervisory authority of your usual place of residence or work or our headquarters.
14. Right to Object IF YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTERESTS ACCORDING TO ART. 6 ABS. 1 p. 1 LIT. F DSGVO PROCESSED, YOU HAVE THE RIGHT ACCORDING TO ART. 21 ABS. 1 GDPR TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA, IF THERE ARE REASONS RESULTING FROM YOUR PARTICULAR SITUATION. SUBSEQUENTLY, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN PROVE COMPREHENSIVE REASONS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS. YOU CAN ALSO OBJECT IN ACCORDANCE WITH ART. 21 ABS. 2 GDPR AGAINST THE PROCESSING OF PERSONAL DATA BY US PURSUANT TO ART. 6 ABS. 1 p. 1 LIT. F GDPR WILL BE PROCESSED FOR DIRECT ADVERTISING PURPOSES WITH THE RESULT THAT WE NO LONGER PROCESS YOUR PERSONAL DATA FOR DIRECT ADVERTISING PURPOSES. IF YOU WOULD LIKE TO USE YOUR RIGHT OF REVOCATION OR OBJECTION, SEND AN EMAIL TO THE EMAIL ADDRESS SPECIFIED IN THE IMPRINT.
15. Data Security When you visit our website, we use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. 16. Updating and changing this data protection declaration This data protection declaration is currently valid and has the status of February 2022. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on this website.