Secure and Capable

I. Controller within the meaning of data protection

1. Data processing controller

The controller in accordance with Article 4(7) of the General Data Protection Regulation (GDPR), other national data protection laws of the Member States and other legal data protection provisions is:

MEYER-HOSEN Aktiengesellschaft
Hauptstraße 30
51580 Reichshof-Denklingen
Germany

Telephone: +49 (0)2296 9812-0
Fax: +49 (0)2296 8950
[email protected]
www.meyer-hosen.com

www.meyer-hosen.com/en/imprint

2. Name and address of the data protection officer

DataCo GmbH

Thomas Regier
Dachauer Straße 65
80335 München

Tel.: 089740045840

E-mail: [email protected]

II. Operation of the website and creation of log files

1. Description and scope of data processing

Every time our website is visited, our system automatically records data and information from the system of the requesting computer.

The following data is collected in this way:

(1) Information on the browser type and version used

(2) The user’s operating system

(3) The user’s IP address

(4) The date and time of access

The data is also stored in our system’s log files. This data is not stored together with the user’s other personal data.

2. Purpose and legal basis of the data processing

It is necessary for the system to store the IP address temporarily to enable the website to be sent to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. An analysis of the data for marketing purposes is not carried out in this context.

The legal basis for the temporary storage of the data and log files is Article 6(1)(f) GDPR.

3. Period of storage and erasure

The data will be erased as soon as it is no longer required to achieve the purpose of its collection in accordance with Article 17(1)(a) GDPR. When data is collected to operate a website, this is the case when the relevant session ends.

When data is stored in log files, this is the case after six months at the latest. Extended storage is possible. In this case, users’ IP addresses will be erased or distorted so that assignment to the requesting client is no longer possible.

4. Right to object and right to rectification

Recording data to operate the website and storing the data in log files is essential for running the website. Therefore, the user does not have any right to object.

III. Online shop

1. Description and scope of data processing

To conclude a contract for an order in the online shop, you must, as the user, provide your personal data. Mandatory details required to process contracts are marked specifically, other details are optional.

We process the following personal data for your order:

(1) Name

(2) Address (invoicing and shipping)

(3) E-mail address

(4) Company

(5) Title

(6) Telephone number, fax number

We will share your personal data only with service providers employed in the execution of your order. These are limited to

Distributor
DPD Deutschland GmbH
Wailandtstraße 1
63741 Aschaffenburg

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn, Germany

Payment-Service Provider
GFKL PayProjekt GmbH
Am Europa-Center 1b
45145 Essen

Heidelberger Payment GmbH
Gaisbergstr. 11 – 13
69115 Heidelberg

Web Support
SIRUP GmbH
Brunnenstraße 181
10119 Berlin, Germany

To prevent unauthorised access of your personal data by third parties, the order process is sent over the Internet using SSL encryption. You can recognise connections that are encrypted in this manner from the prefix https://” in the address bar of your browser.

Credit card details are not saved, rather they are processed directly by our payment service provider. You should always treat your login details confidentially and close browser windows when you have finished communicating with us, especially if you share the computer with others.

The payment service provider that processes your personal data during the order process is

Heidelberger Payment GmbH
Gaisbergstr. 11 – 13
69115 Heidelberg

The following personal data is sent to our payment service provider for your order:

(1) Name

(2) Address

(3) E-mail address

(4) Title

(5) Telephone number

(6) Buyer ID

(7) Transaction ID

Details of the payment method (credit and debit card, Paypal, SOFORT transfer) are not processed by us, rather they are recorded by the payment service provider via an interface (iFrame).

2. Purpose and legal basis of the data processing

MEYER-HOSEN AG processes your data for the processing of your order and any future warranty procedures.

You can also opt to create a customer account through which MEYER-HOSEN AG can save your data for future purchases.

The legal basis for processing personal data is Article 6(1)(b) GDPR.

3. Period of storage and erasure

The data will be erased as soon as it is no longer required to achieve the purpose of its collection in accordance with Article 17(1)(a) GDPR.

Due to requirements under commercial and tax law, MEYER-HOSEN AG undertakes to store your address, payment and order data for a period of ten years. However, after two years we restrict processing, i.e. your data will only be used to comply with legal obligations.

4. Right to object and right to rectification

If you want to modify your stored data, please send an email to [email protected].

IV. Registration

1. Description and scope of data processing

On our website we give users the option to register by providing personal data. When doing so, the data is entered into an entry form, transferred to us and stored. The following data is collected as part of the registration process:

(1) Name

(2) Address (invoicing and shipping)

(3) E-mail address

(4) Company

(5) Title

(6) Telephone number, fax number

We will share your personal data only with service providers employed in the execution of your order. These are limited to

Web Support
SIRUP GmbH
Brunnenstraße 181
10119 Berlin, Germany

The following data is also stored at the time of registration:

(1) The user’s IP address

(2) The date and time of registration

2. Purpose and legal basis of the data processing

If registration is required to fulfil a contract, the contractual party to which is the user or the performance of precontractual measures, the additional legal basis for processing data is Article 6(1)(b) GDPR.

3. Period of storage and erasure

The data will be erased as soon as it is no longer required to achieve the purpose of its collection in accordance with Article 17(1)(a) GDPR.

This is the case to fulfil a contract or perform precontractual measures during the registration process, if the data is no longer required to perform the contract. After conclusion of the contract, it may be necessary to store the contractual partner’s personal data to fulfil contractual or legal obligations .

MEYER-HOSEN AG reserves the right to irrevocably delete your user account and data without giving a reason in the event of misuse.

4. Right to object and right to rectification

As a user, you have the option to cancel the registration and to object to the processing of your personal data. You can modify the stored data we have about you.

If the data is required to fulfil a contract or to perform precontractual measures, advance deletion of the data is possible insofar as there are no contractual or legal obligations for deletion that contradict this. You can send a request to delete your data to [email protected].

V. Newsletter

1. Description and scope of data processing

On our website there is the option to subscribe to a free newsletter. When signing up for the newsletter, data from the entry form is transferred to us.

(1) E-mail address

(2) First name and surname (only for newsletter registration during an order or from the user dashboard)

In addition, the following data is collected on registration:

(1) The date and time of registration

Your consent for processing the data will be obtained during the registration process and you will be referred to this data protection statement.

No data is disclosed to third parties in connection with data processing for the sending of newsletters. This data shall only be used to send the newsletter.

2. Purpose and legal basis of the data processing

Collection of the user’s e-mail address is used to send the newsletter.

The legal basis for the processing of data after registration for the newsletter by the user if consent has been obtained is Article 6(1)(a) GDPR.

3. Period of storage and erasure

The data will be erased as soon as it is no longer required to achieve the purpose of its collection in accordance with Article 17(1)(a) GDPR. The user’s e-mail address shall be stored as long as the newsletter subscription is active.

4. Right to Revocation

As a user, there is always the possibility to revoke your approval to the advertising mail according to art. 7 paragraph 3 DSGVO with effect for the future. In every newsletter, there is a corresponding link to unsubscribe.

VI. Customer ratings

1. Description and scope of data processing

You have the option to rate your own performance on our website. To do this, if you have given your consent we will send your e-mail address to the customer rating system that we use.

Following an order, the Trusted Shops Trustbadge is incorporated into this web page in order to display our Trusted Shops trustmark and the rating collected, as well as to offer Trusted Shops products for buyers.

Personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops after completing an order or if you have already signed up to use the products. The following data will be sent on your consent:

(1) IP address

(2) Date and time of access

(3) E-mail address

(4) Order information

(5) Payment method

The contact details for the rating service provider are:

Trusted Shops GmbH
Subbelrather Str. 15 c
50823 Cologne
Tel. 0221 77 53 65
www.trustedshops.de

2. Purpose and legal basis of the data processing

The customer ratings serve as a trust-building measure and confirm the service quality. In addition, the customer is covered by buyer protection up to €100.

The legal basis for the processing of data when the user’s consent has been obtained is Article 6(1)(a) GDPR.

3. Period of storage and erasure

The server log files are deleted automatically no later than six months after the end of your visit.

In addition, the personal data processed for the purpose stated above is deleted in accordance with Article 17(1)(a) insofar as this is no longer required.

4. Right to object and right to rectification

As a user you have the option at any time to withdraw your consent to transfer the personal data with effect for the future in accordance with Article 7(3) GDPR. Send any queries in this regard to [email protected].

VII. Contact form

1. Description and scope of data processing

On our website there is a contact form that can be used to contact us electronically. If a user chooses this option, the data entered into the entry form will be transmitted to us and stored. This data is:

(1) Name

(2) E-mail address

(3) Telephone number

The following data is also stored at the time of sending the message:

(1) Date and time of contact

Alternatively, you have the option to contact us via the e-mail address [email protected]. In this case, the user’s personal data transmitted with the e-mail will be stored.

We will not distribute the data to third parties in this context. The data is solely used to process the conversation.

2. Purpose and legal basis of the data processing

We only process the personal data entered in the contact form to facilitate contact. This is also the necessary legitimate interest in processing the data.

The other personal data processed during submission is used to prevent misuse of the contact form and ensure the security of our IT systems.

The legal basis for processing data is Article 6(1)(f) GDPR. If the aim of contact is to conclude a contract, Article 6(1)(b) GDPR is also a legal basis for processing.

3. Period of storage and erasure

The data will be erased as soon as it is no longer required to achieve the purpose of its processing in accordance with Article 17(1)(a) GDPR. For personal data from the contact form and that which has been sent by e-mail, this is the case when the conversation with the user ends. The conversation is considered to have ended when it is clear from the circumstances that the matter in hand has been fully clarified.

Additional personal data collected during submission will be erased as soon as the purpose has expired.

4. Right to object and right to rectification

As a user, you have the option at any time to withdraw your consent to the processing of personal data in accordance with Article 7(3) GDPR with effect for the future. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. Send any queries in both cases to [email protected]. The conversation cannot be continued in such a case.

In this case, all personal data stored during contact will be erased.

VIII. Information on credit checks

1. Description and scope of data processing

For payments on account, we obtain credit rating information using mathematical/statistical methods to safeguard our legitimate interests in accordance with Article 6(1)(f) GDPR. Credit rating information is data that offers a conclusion about the creditworthiness of a customer. To do this, the data required for this is transferred to the credit rating agency and on the basis of the evaluation a decision is made as to whether or not purchases on account are permitted.

The credit rating agency from whom we obtain customer credit rating information is:

GFKL PayProjekt GmbH
Am Europa-Center 1b
45145 Essen

We send the following personal data to the credit rating agency

(1) Name

(2) Address

(3) E-mail address

(4) Order information

(5) IP address

The scoring method used takes account of the following information:

Age check: Is the entered date of birth >= 18 years
Collection list GPP
Blocked address list
Repeat order with the same IP 3x in 3 hours
Repeat order with the same address 3x in 3 hours
Repeat order with the same address 5x in 30 days
Address check: Bürgel
Credit check: Bürgel

The decision on the option to use the payment on account method is based on an automatic decision by our online shop system. A manual check of your documents is carried out by an employee of MEYER-HOSEN AG. To safeguard integrity, personal data is always processed in compliance with the state of the art.

2. Purpose and legal basis of the data processing

To minimise risks, the processing of personal data is justified as part of credit checks for payments on account. By performing a credit check, MEYER-HOSEN AG protects itself against possible payment defaults.

The legal basis for processing personal data is Article 6(1)(f) GDPR.

3. Period of storage and erasure

The data will be erased as soon as it is no longer required to achieve the purpose of its collection in accordance with Article 17(1)(a) GDPR.

4. Right to object and right to rectification

As a user you have the option at any time to object to the processing of personal data in accordance with Article 21(1) GDPR. Send any queries in this regard to [email protected].

If you object to the transfer of your personal data to the credit rating agency, payment on account will not be possible.

IX. Use of session cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files which are saved in the user’s web browser or by the user’s web browser on their computer system. When a user visits a website, a cookie may be saved on their operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is visited.

When visiting our website, users are informed of the use of cookies. Reference is also made to this data protection notice in this regard.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified even after changing pages.

The following data is stored using cookies:

(1) Shopping basket information

(2) Accessed product pages

(3) Wish list

(4) Checkout data for guest orders

2. Purpose and legal basis of the data processing

The purpose of using the cookies that are required for technical matters is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.

Cookies are required for the following applications:

(1) Displaying the shopping basket

(2) Displaying the product pages accessed

(3) Displaying the wish list

(4) Displaying checkout data for guest orders

The user data collected by cookies that are required for technical matters is not used to generate user profiles.

The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) GDPR.

3. Length of storage, erasure and right of objection and deletion

Cookies are stored on the user’s computer and transmitted from it to our website. You, as the user, therefore have full control over the use of cookies. You can disable or restrict the transmission of cookies by adjusting the settings in your web browser. Cookies which have already been saved may be deleted at any time. This can also be done automatically. If you disable cookies for our website, it may no longer be possible to fully use all the website’s functions.

 

X. Rights of data subjects

If your personal data is processed, you are the data subject in accordance with the GDPR and you have the following rights vis-à-vis the controller:

1. The right to information

In accordance with Article 15 GDPR, as a data subject within the meaning of GDPR you have the right of access vis-à-vis the controller to the respective personal data, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object to processing in accordance with Article 21 GDPR and the right to data portability in accordance with Article 20 GDPR. The limitations according to Sections 34 and 35 BDSG (new version) apply to the right of access and the right to erasure.

You have a right of access for the purposes of processing, the categories of processed personal data, the categories of recipients of your personal data, and complaints to a supervisory authority in accordance with Article 77(1) GDPR.

You also have the right to request information on whether personal data concerning you will be transferred to a third country or to an international organisation. In this regard, you can request information on the appropriate safeguards in accordance with Article 46 GDPR related to transfer.

To safeguard your right to information, please write, identifying yourself clearly, to:

MEYER-HOSEN AG
Hauptstraße 30
51580 Reichshof-Denklingen
E-mail: [email protected]
Fax: +49 2296 8950

2. Limitation of the right to erasure

The right to erasure is not granted in accordance with Article 17(3) GDPR if the processing is necessary

(1) to exercise the right of freedom of expression and information;

(2) to fulfil a legal obligation which requires processing in accordance with the law of the Union or the Member States to which the controller is subject to or to perform a task that is carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons in the public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR, if the right provided in (a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or

(5) to establish, exercise or defend legal claims.

3. Right to information

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged in accordance with Article 19 GDPR to inform all recipients to whom the personal data concerning you was disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or would involve a disproportionate effort.

You have the right vis-à-vis the controller to information on these recipients.

4. Automated individual decision-making, including profiling

You have the right under Article 22(1) GDPR not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or similar significant adverse effects for you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permissible under the law of the Union or the Member States to which the controller is subject, and this law provides adequate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) is made with your express consent.

However, these decisions may not be based on special categories of personal data in accordance with Article 9(1) GDPR, unless Article 9(2)(a) or (g) applies and suitable steps to protect rights and freedoms and your legitimate interests have been taken.

In the cases stated in (1) and (3), the controller will take suitable steps to safeguard rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

 

XI. Minors

Minors must not transmit any personal data to us without the consent of their legal guardians. As part of our online presence, we do not process any knowingly acquired personal data of minors.

 

XII. Voucher Offers

In order to select voucher offers that are currently of interest to you, we transmit the pseudonymised hash value of your email address and your IP address in encrypted form to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (Sovendus) (Art. 6 (1) (f) GDPR). The pseudonymised hash value of your email address is used to take account of a possible existing objection to receiving Sovendus marketing (Art. 21 (3), Art. 6 (1) (c) GDPR). The IP address is used exclusively for data protection purposes by Sovendus and is generally anonymised after seven days (Art. 6 (1) (f) GDPR). For billing purposes, we also transmit the pseudonymised order number, order value with currency, session ID, coupon code and time stamp to Sovendus (Art. 6 (1) (f) GDPR). If you are interested in a voucher offer from Sovendus, there is no objection to marketing for your email address and you click on the voucher banner, which is only displayed in this case, your encrypted title, name, postcode, country and email address are transmitted to Sovendus by us in order for your voucher to be prepared (Art. 6 (1) (b, f) GDPR).
For more information on how your data is processed by Sovendus please read the online privacy policy at www.sovendus.com/en/online-privacy-notice.