Data protection declaration

 

The party responsible for data processing is:

Torwegge GmbH & Co. KG

Oldermanns Hof 6

33719 Bielefeld

Bielefeld, Germany

Email: info@torwegge.de

 

Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about the handling of your data.

1. Access data and hosting

You can visit our website without providing any personal data. Each time a website is accessed, the web server merely automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is analysed exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. This serves to safeguard our legitimate interests, which predominate in the context of a weighing of interests, in the correct presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. All access data will be deleted no later than fourteen days after the end of your visit to our website.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in the forms provided on this website will be processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

2. data processing for contract processing and for making contact

2.1 Data processing for contract processing

For the purpose of contract processing (including enquiries about and processing of any existing warranty and service disruption claims as well as any statutory updating obligations) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are labelled as such, as in these cases we need the data to process the contract and we cannot send the order without it. Which data is collected can be seen from the respective input forms.

Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and dispatch processing, can be found in the following sections of this privacy policy. After completion of the contract, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

Merchandise management system

We use merchandise management systems from external service providers to process orders and contracts. Our service providers work for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision USA

There is a decision by the European Commission on an adequate level of data protection for the USA as a basis for a third country transfer, provided that the respective service provider is certified. Until certification by our service providers, the data transfer continues to be based on this basis: Standard data protection clauses of the European Commission.

2.2 Customer account

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account and storing your data for further future orders on our website. It is possible to delete your customer account at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

We collect personal data if you provide it to us voluntarily when opening a customer account. Mandatory fields are labelled as such, as in these cases we require the data to open the customer account and you cannot complete the account opening process without providing it. Which data is collected can be seen from the respective input forms. We use the data provided by you for contract processing and processing your enquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. You can delete your customer account at any time, either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.3 Making contact

In the context of customer communication, we collect personal data to process your enquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR if you voluntarily provide us with this data when contacting us (e.g. via contact form or e-mail). Mandatory fields are labelled as such, as in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. After your enquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

 Userlike live chat tool

For the purpose of customer communication, we use the live chat tool of Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany (‘Userlike’). This serves to safeguard our overriding legitimate interests in effective and improved customer communication in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Userlike acts on our behalf.

3. Data processing for the purpose of dispatch processing

In order to fulfil the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they take over the dispatch for us (drop shipment). These are deemed to be shipping service providers within the meaning of this privacy policy.

Data transfer to shipping service providers for the purpose of shipping notification

If you have given us your express consent to this during or after your order, we will pass on your e-mail address and telephone number to the selected shipping service provider in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR so that they can contact you before delivery for the purpose of delivery notification or coordination.

Consent can be revoked at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

 

DHL Paket GmbH

Sträßchensweg 10

53113 Bonn

Deutschland

 

Hellmann Worldwide Logistics

Friedrich-Hagemann-Straße 40

33719 Bielefeld

Deutschland

 

DPD Deutschland GmbH

Wailandtstraße 1

63741 Aschaffenburg

Deutschland

4. data processing for payment processing

We work with the following partners to process payments in our online shop: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who work for us as part of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves the fulfilment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

If you have any questions about our partners for payment processing and the basis of our cooperation with them, please use the contact option described in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes

If necessary, we provide our service providers with further data, which they use together with the data necessary for processing the payment as our processors for the purpose of fraud prevention and the optimisation of our payment processes (e.g. invoicing, processing of disputed payments, accounting support). In accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, this serves to safeguard our legitimate interests in our protection against fraud and in efficient payment management, which outweigh our interests.

4.3 Credit assessment

If we make advance payments (when purchasing on account), we obtain identity and credit information from specialised service providers (credit agencies). For this purpose, we transmit your personal data required for a credit check to:

Dun & Bradstreet

103 John F Kennedy Pkwy

NJ 07078

This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, in assessing the creditworthiness and willingness to pay of our potential customers in the run-up to the conclusion of the contract and thus avoiding purchase price defaults, and is necessary for the conclusion of the contract in accordance with Art. 22 para. 2 lit. a GDPR. Appropriate measures to safeguard your rights, freedoms and legitimate interests are taken into account. You have the opportunity to express your point of view and contest the decision by contacting the contact option described in this privacy policy. Once the contract has been fully processed, your data processed for this purpose will be deleted, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision USA

There is a decision by the European Commission on an adequate level of data protection for the USA as a basis for a third country transfer, insofar as the respective service provider is certified. Until certification by our service providers, the transfer of data will continue to be based on this basis: standard data protection clauses of the European Commission.

5. advertising by e-mail, post, telephone

5.1 E-mail newsletter with registration and newsletter tracking

If you subscribe to our newsletter, we will use the data required for this or separately provided by you to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this purpose, we also analyse your interaction with our newsletter by measuring, storing and evaluating opening rates and click rates for the purpose of designing future newsletter campaigns (‘newsletter tracking’).

For this analysis, the emails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. In particular, we link the following ‘newsletter data’ for the analyses

• the page from which the page was requested (so-called referrer URL)

• the date and time of the request

• the description of the type of web browser used

• the IP address of the requesting computer

• the e-mail address,

• the date and time of registration and confirmation

and the single-pixel technologies with your e-mail address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.

If you do not wish to receive newsletter tracking, you can unsubscribe from the newsletter at any time as described above.

The information will be stored for as long as you are subscribed to the newsletter.

5.2 Email Newsletter Without Registration and Your Right to Object

If we receive your email address in connection with the sale of a product or service and you have not objected, we reserve the right to send you regular offers via email for similar products from our range, based on Section 7 (3) UWG. This serves to protect our legitimate interests in advertising communication with our customers, which outweigh other considerations within the context of a balancing of interests.

You can object to the use of your email address at any time by sending a message to the contact details provided in this privacy policy or via a dedicated link in the promotional email, without incurring any costs other than the transmission costs according to the basic rates.

After you unsubscribe, your email address will be removed from the recipient list, unless you have expressly consented to further use of your data in accordance with Article 6 (1) Sentence 1 (a) GDPR or we reserve the right to use your data for purposes that are legally permitted and about which we inform you in this policy.

5.3 Sending Review Requests via Email

If you have expressly consented to this during or after your order in accordance with Article 6 (1) Sentence 1 (a) GDPR, we will use your email address to request a review of your order through our implemented review system. You may revoke this consent at any time by sending a message to the contact details provided in this privacy policy or via a designated link included in the review request.

5.4 Postal Advertising and Your Right to Object

We also reserve the right to use your first and last name as well as your postal address for our own advertising purposes, such as sending you interesting offers and information about our products by mail. This is to protect our legitimate interests in advertising communication with our customers, which outweigh other considerations within the context of a balancing of interests, in accordance with Article 6 (1) Sentence 1 (f) GDPR.

You can object to the storage and use of your data for these purposes at any time by sending a message to the contact details provided in this privacy policy.

5.5 Telephone Advertising

If you have provided your consent in accordance with Article 6 (1) Sentence 1 (a) GDPR, we will use the necessary data or any other information you have provided separately for our own advertising purposes, such as informing you about interesting offers and our products.

You may revoke your consent at any time by sending a message to the contact details provided in this privacy policy or by verbally notifying us during any call. After revocation, we will delete your telephone number unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes that are legally permitted and about which we inform you in this policy.

6. Cookies and Other Technologies

6.1 General Information

To make your visit to our website more appealing and to enable the use of certain features, we use technologies, including so-called cookies, on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of your browser session, i.e., when you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser during your next visit (persistent cookies).

Protection of Privacy on End Devices

When using our online services, we implement strictly necessary technologies to provide the expressly requested telemedia service. Storing information on your device or accessing information already stored on your device does not require consent in such cases.

For non-essential functions, storing information on your device or accessing information already stored on your device requires your consent. Please note that parts of the website may not be fully functional if consent is not granted. Any consent you provide remains valid until you adjust or reset the respective settings on your device.

Subsequent Data Processing by Cookies and Other Technologies

We use technologies that are essential for the functionality of certain features on our website, such as the shopping cart function. These technologies collect and process information such as your IP address, the time of your visit, device and browser details, and information about your use of our website, such as the contents of your shopping cart. This processing is based on our legitimate interests in providing an optimized display of our offerings, in accordance with Article 6 (1) Sentence 1 (f) GDPR.

In addition, we use technologies to fulfill legal obligations to which we are subject, such as the ability to document consents for the processing of your personal data. These technologies are also employed for purposes of web analysis and online marketing. Further information, including the respective legal basis for data processing, can be found in the following sections of this privacy policy. Additionally, we may use technologies that are not explicitly listed in this privacy policy. Detailed information about these technologies, including the respective legal basis for data processing, can be accessed via the Usercentrics platform by clicking on the fingerprint button located at the bottom right or left corner of the page.

The cookie settings for your browser can be accessed using the following links: Microsoft Edge™, Safari™, Chrome™, Firefox™, or Opera™.

If you have provided your consent for the use of technologies in accordance with Article 6 (1) Sentence 1 (a) GDPR, you may withdraw your consent at any time by sending a message to the contact details provided in this privacy policy. Alternatively, you can withdraw your consent by clicking on the fingerprint button located at the bottom right or left corner of the page. Please note that declining cookies may result in limited functionality of our website.

6.2 Use of Usercentrics Consent Management Platform for Managing Consents

We use the Usercentrics Consent Management Platform (“Usercentrics”) on our website to inform you about the cookies and other technologies we use and to obtain, manage, and document your consent to the processing of your personal data by these technologies, as required by law. This is necessary under Article 6 (1) Sentence 1 (c) GDPR to fulfill our legal obligation in accordance with Article 7 (1) GDPR to provide proof of your consent to the processing of your personal data.

Usercentrics is a service provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, which processes data on our behalf. When you visit our website, the Usercentrics web server stores a server log file that includes your anonymized IP address, the date and time of your visit, device and browser information, and details about your consent behavior. Your data will be

deleted after three years unless you have expressly consented to further use of your data in accordance with Article 6 (1) Sentence 1 (a) GDPR or we reserve the right to use your data for purposes permitted by law, as described in this privacy policy.

Our service providers operate and/or use servers in the following countries, which have been determined by the European Commission to provide an adequate level of data protection: the USA.

The basis for the transfer of data to a third country is a decision by the European Commission confirming an adequate level of data protection for the USA, provided that the respective service provider is certified. Such certification exists.

7. Use of Cookies and Other Technologies

If you have provided your consent in accordance with Article 6 (1) Sentence 1 (a) GDPR, we use the following cookies and other technologies from third-party providers on our website. Once the purpose for using these technologies has been fulfilled and their use by us has ended, the data collected in this context will be deleted. You can revoke your consent at any time with future effect. For more information on how to withdraw your consent, please refer to the section "Cookies and Other Technologies."

Further details, including the basis of our collaboration with individual providers, can be found in the information about each technology. If you have any questions regarding the providers and the basis of our collaboration with them, please contact us using the contact information provided in this privacy policy.

7.1 Use of Adobe Services

We use the following technologies provided by Adobe Systems, Software Ireland Limited, Ireland, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (“Adobe”). Information automatically collected about your use of our website through Adobe technologies is typically transmitted to and stored on servers of Adobe, Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA. If your IP address is collected through Adobe technologies, it is either shortened or replaced with a generic IP address before being stored on Adobe’s servers, depending on the activation of specific settings.

Our service providers operate and/or use servers in countries that have been determined by the European Commission to provide an adequate level of data protection, including the USA.

A decision by the European Commission confirming an adequate level of data protection for the USA serves as the basis for data transfer to third countries, provided that the respective service provider is certified. Certification exists for these service providers.

Some of our service providers operate and/or use servers in countries outside the EU and the EEA that do not have an adequacy decision from the European Commission. In these cases, our collaboration is based on the European Commission’s standard contractual clauses.

Adobe Fonts

To ensure a uniform display of content on our website, the script code “Adobe Fonts” from Adobe, Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA (“Adobe”) collects data such as your IP address, the time of your visit, and device and browser information. This data is transmitted to Adobe and subsequently processed by them. We have no influence over this subsequent data processing. The data processing is based on an agreement between joint controllers pursuant to Article 26 GDPR.

7.2 Use of Google Services

We use the following technologies provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Information automatically collected about your use of our website through Google technologies is typically transmitted to and stored on servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Unless otherwise stated for specific technologies, data processing is carried out based on an agreement between joint controllers in accordance with Article 26 GDPR. Further details about Google’s data processing can be found in Google’s privacy policy.

Our service providers operate and/or use servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection.

Some of our service providers operate and/or use servers in countries outside the EU and the EEA that do not have an adequacy decision from the European Commission. In these cases, our collaboration is based on the European Commission’s standard contractual clauses.

Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data such as your IP address, the time of your visit, device and browser information, and information about your use of our website. Using this data, usage profiles are created under pseudonyms. Cookies may also be employed for this purpose. If you access our website from within the EU, your IP address is stored on a server located in the EU to determine location data and is then immediately deleted before the traffic is forwarded for further processing on other Google servers. The data processing is carried out based on a data processing agreement with Google.

To optimize the marketing of our website, we have enabled data sharing settings for "Google products and services." This allows Google to access data collected and processed by Google Analytics and subsequently use it to improve Google services. Data sharing with Google under these data-sharing settings is based on an additional agreement between joint controllers. We have no influence over the subsequent data processing carried out by Google.

Google Ads

For advertising purposes in Google search results and on third-party websites, the Google Remarketing Cookie is set when you visit our website. This cookie automatically collects and processes data such as your IP address, the time of your visit, device and browser information, and details about your use of our website. Using a pseudonymous Cookie ID and the pages you have visited, it enables interest-based advertising. Further data processing only occurs if you have activated the "personalized advertising" setting in your Google account. In this case, if you are logged into Google while visiting our website, Google uses your data in combination with Google Analytics data to create and define audience lists for cross-device remarketing.

YouTube Video Plugin

To integrate third-party content, the YouTube Video Plugin collects data such as your IP address, the time of your visit, and device and browser information when you play a video. These data are transmitted to and processed by Google. The plugin operates in the enhanced privacy mode we use, which means data is only collected and processed when you actively play a video.

7.3 Use of Facebook Services

Use of Facebook Pixel

We use the Facebook Pixel as part of the technologies provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”), described below. The Facebook Pixel automatically collects and stores data such as your IP address, the time of your visit, device and browser information, and information about your use of our website based on predefined events (e.g., visiting a page or signing up for a newsletter). Using this data, pseudonymous usage profiles are created. When you visit our website, the Facebook Pixel automatically sets a cookie that enables the recognition of your browser through a pseudonymous Cookie ID during future visits to other websites.

Facebook (by Meta) may combine this information with additional data from your Facebook account and use it to generate reports on website activities as well as to provide further services related to website usage, particularly personalized and group-based advertising.

The information automatically collected about your use of our website through Facebook (by Meta) technologies is typically transmitted to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Further details about data processing by Facebook (by Meta) can be found in Facebook's (by Meta) privacy policy.

Our service providers are located in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: the USA, Canada, Japan, South Korea, New Zealand, the United Kingdom, and Argentina.

A decision by the European Commission confirming an adequate level of data protection for the USA serves as the basis for data transfers to third countries, provided that the respective service provider is certified. Such certification exists.

Our service providers are also located in and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, and Mexico. For these countries, no adequacy decision by the European Commission exists. Our collaboration with these providers is based on the following safeguards: the European Commission’s standard contractual clauses.

8. Integration of the Trusted Shops Trustbadge and Other Widgets

To display Trusted Shops services (e.g., the trustmark and collected reviews), Trusted Shops widgets are integrated into this website.

This serves to protect our legitimate interests in optimal marketing by enabling a secure shopping experience in accordance with Article 6 (1) Sentence 1 (f) GDPR. The Trustbadge and the services promoted through it are provided by Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"). In this context, we act as joint controllers with Trusted Shops under Article 26 GDPR. Below, we provide information about the key aspects of our agreement under Article 26 (2) GDPR.

As part of the joint responsibility between us and Trusted Shops AG, you are encouraged to address any data protection inquiries or exercise your rights by contacting Trusted Shops directly using the contact details provided in their privacy policy. However, you are also free to contact either controller of your choice. If necessary, your inquiry will be forwarded to the other controller for further handling.

8.1 Data Processing for Integration of the Trustbadge and Other Widgets

The Trustbadge is provided by a U.S.-based Content Delivery Network (CDN) provider. An adequate level of data protection is ensured by an adequacy decision from the European Commission, which applies to the U.S. and is accessible here. Service providers in the U.S. are generally certified under the EU-U.S. Data Privacy Framework (DPF). Additional information about this framework can be found here. If a service provider is not certified under the DPF, standard contractual clauses have been implemented as an appropriate safeguard.

When the Trustbadge is accessed, the web server automatically stores a server log file containing your IP address, the date and time of access, the amount of data transmitted, and the requesting provider (access data), which documents the access. The IP address is anonymized immediately after being collected, ensuring that the stored data cannot be linked to you personally. The anonymized data is primarily used for statistical purposes and error analysis.

8.2 Data Processing After Order Completion

After an order is completed, order information (such as order total, order number, and possibly the purchased product) as well as your email address, hashed using a cryptographic one-way function, are transmitted to Trusted Shops. The legal basis for this is Article 6 (1) Sentence 1 (f) GDPR. This process serves to verify whether you are already registered for services with Trusted Shops and is necessary to fulfill our and Trusted Shops' overriding legitimate interests in providing transactional review services linked to the specific order in accordance with Article 6 (1) Sentence 1 (f) GDPR.

If you are registered, further processing is carried out based on the contractual agreement between you and Trusted Shops. If you are not yet registered, you will have the opportunity to do so after the order is completed. Further processing following registration will also be governed by your agreement with Trusted Shops. If you choose not to register or do not provide your consent to receive review invitations, all transmitted data will be automatically deleted by Trusted Shops, making it impossible to associate the data with any individual.

Trusted Shops uses service providers for hosting, monitoring, and logging purposes. The legal basis for this is Article 6 (1) (f) GDPR to ensure the smooth operation of services. Data processing may occur in third countries (such as the USA and Israel). An adequate level of data protection is guaranteed by adequacy decisions from the European Commission, available for the USA here and for Israel here. Service providers in the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Additional information can be found here. If a service provider is not certified under the DPF, standard contractual clauses have been implemented as an appropriate safeguard.

9. Social Media

9.1 Social Buttons for Facebook (by Meta), X (formerly Twitter), Instagram (by Meta), Pinterest, Xing, AddThis, WhatsApp

Our website uses social buttons for various social networks. These buttons are embedded as simple HTML links, meaning no connection to the servers of the respective providers is established when you visit our website.

When you click on one of these buttons, the website of the corresponding social network opens in a new window in your browser. There, you can, for example, use the Like or Share buttons to interact with the content.

9.2 Our Online Presence on Facebook (by Meta), X (formerly Twitter), Instagram (by Meta), YouTube, Pinterest, LinkedIn, Xing

If you have provided your consent to the respective social media operator in accordance with Article 6 (1) Sentence 1 (a) GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the aforementioned social media platforms. Using this data, pseudonymous user profiles are created, which can be used to display advertisements inside and outside the platforms that are likely to match your interests. Cookies are typically employed for this purpose.

For detailed information on how your data is processed and used by each social media operator, as well as their contact details, your rights, and available privacy settings, please refer to the privacy policies of the respective providers linked below. If you need further assistance in this regard, you are welcome to contact us.

Facebook (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is typically transmitted to and stored on a server operated by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing related to visits to a Facebook (by Meta) fan page is conducted based on a joint controller agreement pursuant to Article 26 GDPR. Further details, including information about Insights data, can be found here.

Our service providers operate and/or use servers in the following countries, which have been deemed by the European Commission to provide an adequate level of data protection: the USA, Canada, Japan, South Korea, New Zealand, the United Kingdom, and Argentina.

For data transfers to the USA, an adequacy decision by the European Commission ensures an appropriate level of protection, provided the respective service provider is certified. Such certification exists.

Some of our service providers also operate and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, and Mexico. For these countries, no adequacy decision by the European Commission exists. Our collaboration with these providers is based on the European Commission’s standard contractual clauses as appropriate safeguards.

X is a service provided by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X”). Information automatically collected by X about your use of our online presence on X is typically transmitted to and stored on a server operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Our service providers operate and/or use servers in countries outside the EU and the EEA, where the European Commission has determined an adequate level of data protection.

Some of our service providers also operate and/or use servers in countries outside the EU and the EEA that do not have an adequacy decision from the European Commission. Our collaboration with these providers is based on the European Commission’s standard contractual clauses as appropriate safeguards.

Instagram (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is typically transmitted to and stored on a server operated by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing related to visits to an Instagram (by Meta) fan page is conducted based on a joint controller agreement pursuant to Article 26 GDPR. Further details, including information about Insights data, can be found here.

Our service providers operate and/or use servers in the following countries, which the European Commission has determined to provide an adequate level of data protection: the USA, Canada, Japan, South Korea, New Zealand, the United Kingdom, and Argentina.

For data transfers to the USA, an adequacy decision by the European Commission ensures an appropriate level of protection, provided the respective service provider is certified. Such certification exists.

Some of our service providers also operate and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, and Mexico. For these countries, no adequacy decision by the European Commission exists. Our collaboration with these providers is based on the European Commission’s standard contractual clauses as appropriate safeguards.

YouTube is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Information automatically collected by Google about your use of our online presence on YouTube is typically transmitted to and stored on a server operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Our service providers operate and/or use servers in countries outside the EU and the EEA, where the European Commission has determined an adequate level of data protection.

Some of our service providers also operate and/or use servers in countries outside the EU and the EEA that do not have an adequacy decision from the European Commission. Our collaboration with these providers is based on the European Commission’s standard contractual clauses as appropriate safeguards.

Pinterest is a service provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). Information automatically collected by Pinterest about your use of our online presence on Pinterest is typically transmitted to and stored on a server operated by Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA.

Our service providers operate and/or use servers in countries outside the EU and the EEA, where the European Commission has determined an adequate level of data protection.

Some of our service providers also operate and/or use servers in countries outside the EU and the EEA that do not have an adequacy decision from the European Commission. Our collaboration with these providers is based on the European Commission’s standard contractual clauses as appropriate safeguards.

LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). Information automatically collected by LinkedIn about your use of our online presence on LinkedIn is typically transmitted to and stored on a server operated by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Our service providers operate and/or use servers in the following countries, which the European Commission has determined to provide an adequate level of data protection: the USA.

An adequacy decision by the European Commission serves as the basis for data transfers to the USA, provided the respective service provider is certified. Until certification by our service providers is complete, data transfers continue to rely on the European Commission's standard contractual clauses as an appropriate safeguard.

Xing is a service provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Since the service operates within Germany, all data processing is subject to the provisions of the General Data Protection Regulation (GDPR) and German data protection laws.

10. Contact Options and Your Rights

10.1 Your Rights

As a data subject, you have the following rights:

• Right of Access (Article 15 GDPR): You have the right to request information about your personal data processed by us, as specified in Article 15 GDPR.
• Right to Rectification (Article 16 GDPR): You have the right to request the immediate correction of inaccurate personal data or the completion of incomplete personal data stored by us.
• Right to Erasure (Article 17 GDPR): You have the right to request the deletion of your personal data stored by us, provided that further processing is not necessary:
  • To exercise the right to freedom of expression and information;
  • To fulfill a legal obligation;
  • For reasons of public interest; or
  • For the establishment, exercise, or defense of legal claims.
• Right to Restriction of Processing (Article 18 GDPR): You have the right to request the restriction of processing of your personal data if:
  • You contest the accuracy of the data;
  • The processing is unlawful, but you oppose the deletion of the data;
  • We no longer need the data, but you require it to establish, exercise, or defend legal claims; or
  • You have objected to the processing pursuant to Article 21 GDPR.
• Right to Data Portability (Article 20 GDPR): You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller.
• Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with a supervisory authority. You can usually contact the supervisory authority at your habitual place of residence, your workplace, or the location of our company headquarters.

Right to Object

If we process your personal data to protect our legitimate interests as part of a balancing of interests, as explained above, you have the right to object to this processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. If the processing is for other purposes, your right to object applies only if there are reasons arising from your particular situation.

Once you exercise your right to object, we will cease processing your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

10.2 Contact Options

If you have any questions about the collection, processing, or use of your personal data, or if you need information, rectification, restriction, or deletion of data, or wish to revoke any consent you have given or object to a specific use of your data, please contact us directly using the contact details provided in our legal notice.

Data Protection Officer:

 

Dieselstraße 12

32791 Lage

Germany

 

Email: datenschutz@torwegge.de

This privacy policy was created using the Trusted Shops Legal Text Generator.