KARL MAYER Holding GmbH & Co. KG, Industriestrasse 1, 63179 Obertshausen, Germany
Represented by the Managing Directors Mr. Dipl. Ing. (BA) Arno K.-H. Gärtner, Dr. Helmut Preßl
Phone: +49 6104/402-0
Fax: +49 6104/402 73 600
for the websites under the following domains: www.karlmayer.com
2. Data protection officer
You can contact the data protection officer of the Controller at:
Data Protection Officer
c/o KARL MAYER Holding GmbH & Co. KG,
Industriestrasse 1, 63179 Obertshausen, Germany
3. Personal data, purposes of data processing, legal bases, recipients
3.1. Scope of processing of personal data
Personal data is information that can reveal or disclose the identity of the user. We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
3.2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR shall serve as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Where the processing of personal data is necessary to fulfil a legal obligation to which KARL MAYER is subject, Article 6(1)(c) GDPR serves as the legal basis.
Where the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR shall serve as the legal basis.
If processing is necessary to safeguard a legitimate interest of KARL MAYER or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for processing.
3.3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data subject is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3.4. Data processing for advertising purposes
3.4.1. Postal advertising
We may use your information for marketing purposes. We collect the following data for our own marketing purposes and for marketing purposes of third parties: e-mail address, first name, surname, postal address, year of birth. This data is stored in your customer account for the duration of the contract.
We are also entitled to store further personal data collected about you in compliance with legal requirements for our own marketing purposes. The aim is to provide you with advertising that is solely oriented towards your actual or supposed needs and not to bother you with unnecessary advertising.
In addition, the Controller pseudonymises / anonymises personal data collected about you for the purpose of using the pseudonymised / anonymised data for his own marketing purposes. The pseudonymised / anonymised data can also be used to advertise you individually online, whereby the advertising can be outsourced by a service provider / agency.
The legal basis for the use of personal data for marketing purposes is Article 6(1)(f) GDPR.
Reference to the right of objection:
You can use your personal data for the aforementioned advertising purposes at any time free of charge with effect for the future at email@example.com. If you file an objection, your data will be blocked for further promotional data processing. We would like to point out that in exceptional cases advertising material may still be sent even after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.
On our web pages we offer you the possibility to register for our newsletter. In order to be sure that no mistakes were made when entering the email address, we use the so-called double opt-in procedure: After you have entered your e-mail address in the registration field and transferred it to us, we will send you a confirmation link to this e-mail address. Only when you click on this confirmation link, your email address will be added to our mailing list for sending our newsletters.
The legal basis for this data processing is Article 6(1)(a) DSGVO. The email address is stored for the purpose of sending the newsletter as long as the subscription to the newsletter is active.
Reference to the right of withdrawal:
You can revoke your consent at any time with effect for the future by unsubscribing at the end of each newsletter (by clicking on the link contained therein).
3.5. Data processing for online presence and website optimization
If you have agreed to the so-called geolocalisation in your browser or in the operating system or other settings of your respective device, we use this function to be able to offer you individual services related to your current location (e.g. the location of the nearest branch). We process your location data processed in this way exclusively for this function. If you stop the use, the data will be deleted.
The legal basis for this data processing is Article 6(1)(f) GDPR.
You have the option of changing your browser or your operating system or the relevant location settings of your respective device in such a way that no location-related data is transmitted to us.
3.5.2. Cookies - General Information
Most of the cookies we use are deleted after the end of the browser session (so-called session cookies). With these we can offer you e.g. a shopping cart display across all websites, in which you can read how many articles are currently in your shopping cart and how high your current shopping value is. Other cookies remain on your computer and enable us to recognize your computer on your next visit (so-called permanent or cross-session cookies). These cookies in particular serve to make our webshop user-friendly, more effective and safer. Thanks to these files, it is possible, for example, to display information on the site that is specifically tailored to your interests.
If you have a customer account and are logged in or activate the "stay logged in" function, the information stored in cookies is assigned pseudonymised under a cookie ID.
The specific cookie usage is displayed on our website at first use by means of a cookie banner via Cookiebot (see section 3.5.9.), explained and your consent is requested. Your given consent will then be stored as specifically mentioned under section 6.
You can set your browser so that it does not place our cookies on your hard drive. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie or how to delete all cookies already received and block them for all others.
To do this, please proceed as follows:
With Internet Explorer
- Select "Internet Options" from the "Tools" menu.
- Click on the "Privacy" tab.
- Now you can make the security settings for the Internet zone. Here you can set whether and which cookies should be accepted or rejected.
- Confirm your setting with "OK".
- Select Settings from the "Tools" menu.
- Click on "Privacy".
- Select "Create according to user-defined settings" from the drop-down menu.
- Now you can set whether cookies should be accepted, how long you want to keep these cookies and add exceptions to which websites you always or never want to allow cookies to be used.
- Confirm your setting with "OK".
On Google Chrome:
- Click the Chrome menu on the browser toolbar.
- Now select "Settings".
- Click on "Show advanced settings".
- Under "Privacy", click on "Content Settings".
- Under "Cookies" you can make the following settings for cookies: delete cookies, block cookies by default, delete cookies and website data by default after closing the browser
- Allow exceptions for cookies from certain websites or domains
However, we would like to point out that in this case you may not be able to use all functions of this webshop to their full extent.
If these cookies and/or the information they contain are containing personal data, the legal basis for data processing is Article 6(1)(f) GDPR. Our interest in optimizing our webshop is to be regarded as justified in the sense of the aforementioned regulation.
3.5.3. Google Analytics
- Browser type/version
- The operating system used
- Referrer URL (the previously visited page)
- Host name of the accessing computer (IP address)
- Time of the server request.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this webshop. The opt-out cookie is only valid in this browser and only for our webshop and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found on the Google Analytics website.
We have concluded a data processing agreement with Google for this data processing.
3.5.4. Google Tag Manager
Our webshop uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The tool Tag Manager itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.
And use the browser plugin available under „Doubleclick deactivation extension“. Alternatively, you can disable the Doubleclick cookies on the Digital Advertising Alliance site by following this link: http://www.aboutads.info/choices/
To protect input forms on our site, we use the "reCAPTCHA" service from Google. By using this service it can be differenciated whether the corresponding input is of human origin or is abusive through automated machine processing. The legal basis for this data processing is Article 6(1)(f) GDPR.
To our knowledge, the referrer URL, the IP address, the behaviour of webshop visitors, information about operating system, browser and dwell time, cookies, display instructions and scripts, the user's input behaviour and mouse movements in the "reCAPTCHA" checkbox area are transmitted to "Google". Google uses the information obtained in this way, among other things, to digitize books and other printed matter and to optimize services such as Google Street View and Google Maps (e.g. house number and street name recognition).
The IP address transmitted within the scope of "reCAPTCHA" will not be merged with other Google data unless you are logged in to your Google account at the time you use the "reCAPTCHA" plug-in. If you wish to prevent Google from transmitting and storing data about you and your behaviour on our webshop, you must log out of Google before you visit our site or use the reCAPTCHA plug-in.
3.5.7. Appeal/opt-out possibility
In addition to the described deactivation methods, you can also generally prevent the described targeting technologies by means of a corresponding cookie setting in your browser (see also 3.5.2). You also have the option of deactivating preference-based advertising using the preference manager which can be accessed here.
3.5.8. Social media links
We have our own social media pages at the third-party providers that can be reached via links from these websites. By using these links you can access the respective websites of the third party providers (e.g. Facebook, YouTube, LinkedIn, Instagram) and can also share our content. No data transfer takes place when you call up our websites. As soon as you have called up the page of the third party provider, you are in the area of responsibility of the respective third party provider, so that their data protection declaration or their declarations on the use of data also apply. We have no influence on this, but to avoid unnecessary data transfer, we recommend that you log out from the respective third-party provider before using a link, so that the use of the link does not lead to the creation of user profiles by the third-party provider.
On our website a web service from the company Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (cookiebot.com) is loaded. We use this data to ensure the full functionality of our website.
In this context, your browser may transmit personal data to cookiebot.com. The legal basis for data processing is Art. 6 (1)(f) GDPR.
The legitimate interest lies in an error-free function of the website. The data will be deleted as soon as the purpose of their collection has been fulfilled.
You can prevent the collection and processing of your data by cookiebot.com by deactivating the execution of script code in your browser (see section 3.5.2) or by installing a script blocker in your browser.
3.6 Data processing Contact
You have the possibility to get in contact with us in several ways. By e-mail, by phone, by web contact form or by mail. If you contact us, we use the personal data that you voluntarily provide us with in this context solely for the purpose of contacting you and processing your request.
The legal basis for this data processing is Article 6(1)(a), Article 6(1)(b), Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Your data will be deleted once the respective purpose has been achieved.
3.7 Data processing Customer ratings / comments / other user content
If users leave comments or other contributions on KARL MAYER's websites, their IP addresses will be deleted on the basis of our legitimate interests within the meaning of Art. 6 (1)(f) GDPR for 7 days. This is done for our security, in case someone leaves unlawful content in comments and contributions (insults, prohibited political propaganda, etc.).
You also have the option of publishing your own content on KARL MAYER's websites in various places (e.g. product evaluations, comments, etc.). If you make a comment, a recommendation or a rating on products, brands and styles, we process the personal data which you voluntarily enter as part of the comment or rating. You can publish content on KARL MAYER's websites under your first name and abbreviated surname.
The legal basis for these data processing(s) is Article 6(1)(f) GDPR.
3.8 Data processing Preparation, establishment, execution and/or termination of a contract
3.8.1 Data processing when using the webshop / conclusion of contract / customer account
If you register with our web shop, use the web shop or conclude a contract with us, we process the data required for the preparation, conclusion, implementation or termination of a contract with you. This includes:
- First name, surname,
- billing and delivery address,
- e-mail address
- billing and payment data
- date of birth, if applicable
- telephone number, if applicable
If you use the Web Shop but do not make a purchase, we will transmit the data of your Web Shop session by push message to our local sales partner responsible for you so that he can consult with you for the purpose of coordination, consultation and clarification of your individual needs.
The legal basis for this is Article 6 (1)(b) GDPR, i.e. you provide us with the data on the basis of the respective contractual relationship (e.g. maintenance of your customer account, preparation or processing of a sales contract) between you and us. For the processing of your e-mail address in the case of a purchase via our web shop, we are also obliged to send an electronic order confirmation due to legal requirements in the German Civil Code (BGB). In this respect, the legal basis also results from article 6 (1)(c) GDPR.
As far as we do not use your data for advertising purposes, we store the data collected for the contract processing until the expiry of the legal or possible contractual warranty and guarantee rights. After the expiry of this period, we will retain the information required under commercial and tax law for the contractual relationship for the legally specified periods. For this period, the data will be processed again solely in the event of a review by the tax authorities.
To provide you with the greatest possible convenience, we offer you the permanent storage of your personal data in a password-protected customer account.
Only if you want to place orders via our webshop, the opening of a customer account is necessary for the processing of the contract. After opening a customer account no new data entry is necessary. In addition, you can view and change the data stored about you in your customer account at any time.
In addition to the data requested when placing an order, you must enter a password of your own choice in order to set up a customer account. This password, together with your e-mail address, is used to access your customer account. Please treat your personal access data confidentially and do not make them available to unauthorised third parties. Please note that even after leaving our website you will remain logged in automatically unless you actively log out. You have the possibility to delete your customer account at any time. Please note, however, that this does not mean that the data visible in the customer account will be deleted once you have placed an order with us.
For the processing of a sales contract via our web shop, the data processing according to the following section 3.8.2. is also required.
3.8.2 Data Processing Identity, Creditworthiness, Payment Processing, Fraud Prevention, Transport, Collection, Counter Terrorism
126.96.36.199. Identity verification
If necessary, we will verify your identity by using information from service providers. The legal basis for this is Article 6 (1)(b) and (f) GDPR. The justification for this is based on the protection of your identity and the avoidance of attempts at fraud at our expense. The circumstance and the result of our inquiry will be added to your customer account for the duration of the contractual relationship.
188.8.131.52. Credit assessments
If you have given us your consent to do so, we are entitled to use information received in connection with the order to calculate a probability of default (internal scoring). The calculation of the probability of default by means of internal scoring is based on a recognised mathematical and statistical method. The data used in the internal scoring process results in particular from a combination of the following data categories: Address data, age, desired payment conditions, order path and assortment groups. Within the scope of internal scoring, only such data is used as the customer has provided to us.
If you have given us your consent to do so, we are also entitled to obtain credit information about you from an external credit agency. We cooperate with the following external credit agencies:
SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden; phone: +49 (0)611-9278-0;
Creditreform Boniversum GmbH, Hellersbergstrasse 11, 41460 Neuss; phone: +49 (0)2131-109-501;
mediafinanz AG, white width 5, 49084 Osnabrück; phone +49 (0)541 2029-0;
Bürgel Wirtschaftsinformationen GmbH & Co KG, Gasstraße 18, telephone: +49 (0)40-89803-0;
arvato infoscore GmbH, Rheinstraße 99, 76532 Baden-Baden; phone: +49 (0)5241-527600-0;
Deltavista GmbH, Freisinger Landstrasse 74, 80939 Munich, Germany, telephone: +49 (0)89-724488-0.
For the purpose of calling up creditworthiness information, the following data is transmitted to the aforementioned external credit agency: First name, surname, postal address, date of birth. Furthermore, these data may also be transmitted to the aforementioned external credit agency for the purpose of personal and address validation.
Within the framework of credit assessment, we can decide on the establishment, execution or termination of the contractual relationship by means of an automated process. For example, if a negative credit report is submitted by a credit agency or if an insufficient score is calculated within the framework of internal scoring, the desired payment method can be rejected automatically. You can assert the right towards us according to section 4.4.
The processing of your data within the framework of the credit assessment is based on Article 6 (1)(b) GDPR and Article 6 (1)(a) GDPR. The circumstance and the result of our inquiry will be added to your customer account for the duration of the contractual relationship.
184.108.40.206. Payment processing
Your credit card data will only be passed on to our payment service provider Ingenico Payment Services GmbH (Am Gierath 20, 40885 Ratingen, Germany ("Ingenico/Ogone")), which will collect, process and store it in encrypted form. The legal basis for this data processing is Art. 6 (1)(a), Art. 6 (1)(b), GDPR and Art. 6 (1)(f) GDPR.
In our online shop Java-Script code from Ingenico/Ogone is loaded. If you have activated Java-Script in your browser and have not installed a Java-Script blocker, your browser may transmit personal data to Ingenico/Ogone. We do not know which data Ingenico/Ogone links to the data received and for what purposes Ingenico/Ogone uses these data.
The data will be stored and automatically deleted once the aforementioned purposes have been achieved.
220.127.116.11. Fraud prevention
The data you provide when placing an order can be used to check whether an atypical ordering process exists (e.g. simultaneous ordering of a large number of goods to the same address using different customer accounts). We have a legitimate interest in carrying out such a check.
The legal basis for the processing is Article 6(1)(f) of the GDPR. The data will be stored and automatically deleted once the above-mentioned purposes have been achieved.
18.104.22.168. Transport service providers
For the purpose of delivering ordered goods we work together with logistics service providers/transport companies and/or shipping partners.
In order to ensure that the goods are delivered according to your wishes, we will transmit your e-mail address, first name, surname, address and, if necessary, telephone number to the logistics company and/or shipping partner commissioned by us, who will take over the delivery. If necessary, they will contact you in advance of the delivery in order to coordinate the details of the delivery with you.
The legal basis of the processing is Article 6(1)(b) of the GDPR. The data will be stored and automatically deleted once the above-mentioned purposes have been achieved.
22.214.171.124 Defence against terrorism
For the purpose of ensuring compliance with the legal provisions of the Foreign Trade Act and the European Anti-Terrorism Ordinance, we are obliged, in particular, to comply with the prohibition on making customer data available for booking-relevant activities by comparing it with the annexes to the Anti-Terrorism Ordinance.
The legal basis of the processing is Article 6(1)(c) and (f) of the GDPR. The data will be stored and automatically deleted once the above-mentioned purposes have been achieved.
4. Your statutory rights
Below you will find your rights that you can assert.
4.1. Overview of the individual statutory rights under Article 15 et seq. GDPR
In addition to the right to revoke your consent given to us, you have the following further rights if the respective legal requirements are met:
- the right to obtain information about your personal data stored by us (Art. 15 GDPR), in particular you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the origin of your data if these were not collected directly from you;
- the right to correct inaccurate or complete correct data (Art. 16 GDPR),
- the right to delete your data stored with us (Art. 17 GDPR), as far as no legal or contractual retention periods or other legal obligations or rights for further storage are to be observed by us,
- the right to restrict the processing of your data (Art. 18 GDPR) if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete it; the data controller no longer needs the data, but you need them to assert, exercise or defend legal claims or you have filed an objection to the processing in accordance with Art. 21 GDPR,
- the right to tranfer data in accordance with Art. 20 GDPR, i.e. the right to receive selected data stored by us about you in a common, machine-readable format, or to request the transfer to another Controller.
You can assert the above-mentioned rights under firstname.lastname@example.org
4.2. Right to object
Under the conditions of Art. 21 (1) GDPR, data processing may be objected for reasons arising from the special situation of the data subject.
You can exercise this right at email@example.com
4.3. Right of withdrawal
Insofar as we process data on the basis of a consent given by you, you have the right to revoke the consent given at any time. The revocation of the consent does not mean that the data processing carried out on the basis of the consent up to the time of the revocation becomes ineffective.
You can exercise this right at firstname.lastname@example.org
4.4. Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State of your place of residence, employment or suspected infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.