Privacy policy – Data protection

Information on the collection of personal data – data protection

1.
In the following, we provide information on data protection when collecting personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

2.
Responsible person acc. Art. 4 No. 7 EU General Data Protection Regulation (GDPR) is

CFG Fischer GmbH
Gambrinusstr. 16
01159 Dresden

Phone: 0351 49766390
Fax: 0351 49766392
E-mail: info@christstollen-shop.com

3.
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer required or restrict the processing if there are legal retention obligations. The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR.

4.
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we also state the specified criteria for the storage period.

Your data protection rights

1.
You have the following rights with respect to us regarding personal data concerning you:

  • Right to information,
  • Right to rectification or deletion,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability.

2.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

Collection of personal data when visiting our website

1.
In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Data volume transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

2.
In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which the entity that sets the cookie (in this case by us) receives certain information. Cookies cannot run programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.

3.
Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies (for this b)
  • Persistent cookies (in addition c).

b) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a predefined duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that in this case you may not be able to use all functions of this website.

e) We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

Objection or revocation against the processing of your data

1.
If you have given your consent to the processing of your data, you can revoke this consent at any time. Such revocation will affect the permissibility of processing your personal data after you have expressed it to us.

2.
Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the factual situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

3.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your advertising objection using the above contact details.

Use of our webshop under the aspect of data protection

1.
If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information necessary for the processing of contracts is marked separately, other information is voluntary. We process the data you provide to process your order. The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR.

You can voluntarily create a customer account, through which we can store your data for future purchases. When creating an account, the data you provide will be stored revocably. You can always delete all other data, including your customer account. Deletion of your customer account is possible at any time and can be done by sending a message to the contact option above.

2.
For the fulfillment of the contract according to Art. 6 para. 1 p. 1 lit. b DS-GVO, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we will pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves, insofar as you create an account there. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider shall apply.

3.
We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data will only be used to comply with legal obligations.

4.
To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.

Hosting services through a third party provider

As part of processing on our behalf, a third-party provider provides the services for hosting and displaying the website on our behalf. This serves to protect our legitimate interests in the correct presentation of our offer, which outweigh our interests in accordance with Art. 6 Para. 1 p. 1 lit. f GDPR. All data collected during the use of this website or in forms provided for this purpose in the webshop as described below will be processed on its servers. Processing on other servers only takes place within the framework explained here.

This service provider is located within a country of the European Union or the European Economic Area.

YouTube video integration

1.
We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website.

These are all embedded in “enhanced privacy mode”, which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos, the data mentioned in number 2 are transmitted. We have no influence on this data transmission.

2.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

3.
For more information on the purpose and scope of data collection and processing by YouTube, please see the privacy policy. There you will also receive further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Use of Google Adwords Conversion

1.
We use the offer of Google Adwords to draw attention to our offers with the help of advertising media (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of displaying advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

2.
These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords stores a cookie in your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

3.
These cookies allow Google to recognize your Internet browser. Provided that a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user has clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked through the websites of Adwords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

4.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address.

5.
You can prevent participation in this tracking process in several ways:

a) by an appropriate setting of your browser software, in particular the suppression of third-party cookies leads to the fact that you do not receive ads from third-party providers;
b) by disabling cookies for conversion tracking by setting your browser to block cookies for conversion tracking, https://www.google.de/settings/ads, which setting will be deleted when you delete your cookies;
c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies;
d) by permanently deactivating it in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin.

We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

6.
The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f GDPR.
You can find more information about data protection at Google here: http://www.google.com/intl/de/policies/privacy
and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

This post is also available in: German