Dear visitors, due to internal system changes, orders may be subject to delays. We apologize for any inconvenience and thank you for your understanding.

Language

Data privacy notice

1. General information about the collection of personal data

(1) In the following data privacy notice, we explain how we handle the personal data that is communicated to us when you use our websites and/or our services. “Personal data” means all information that relates to you as an individual, such as name, address, e-mail addresses, or user behaviour.

(2) Data controller in accordance with Art. 4(7) of the General Data Protection Regulation (GDPR):

Brauns-Heitmann GmbH & Co. KG
Lütkefeld 15
34414 Warburg, Germany

Phone: +49 5641 95-0
Fax: +49 5641 95-141

E-Mail: @simplicol.de datenschutz@simplicol.de

2. Rights of the data subject

(1) In your relationship with Brauns-Heitmann, you have the following rights with regard to the personal data relating to you:

  • Right of access (Art. 15 GDPR) to your personal data as processed by us.
  • Right to rectification (Art. 16 GDPR) or to complete personal data relating to you that is processed by us.
  • Right to erasure (Art. 17 GDPR) of personal data relating to you that is processed by us unless such processing is necessary in the exceptional circumstances outlined in Art. 17(3) GDPR.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to notification (Art. 19 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to withdraw consent that has previously been given to us (Art. 7(3) GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

(2) Furthermore, you have the right to lodge a complaint with a data protection supervisory authority, if you believe that the processing of your personal data by us is unlawful. These authorities are the data protection commissioners for the respective German federal states. You will find the appropriate contacts listed, for example, on the following website: https://datenschutz.saarland.de/datenschutz/zustaendigkeiten/#c139.

(3) Right to object to the processing of your personal data

If we base the processing of your personal data on a balance of interests, you may object to this processing operation. This is the case when the processing operation is not specifically required to fulfil a contract with you, as outlined by us in the corresponding description of each operation. If you choose to exercise this right to object, we will ask you to give reasons why you do not wish us to process your personal data as we have done previously. If we receive a justified objection from you, we will examine the situation and either stop or adjust the data processing operation or alternatively present you with our compelling legitimate grounds for continuing our processing operation. Please use the following contact information to enquire about your right to object to marketing: e-mail: datenschutz@simplicol.de

3. Data security

Because the security of your data is important to us, your personal data is transmitted via a secure SSL- or TLS-encryption system/connection. TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols used to encrypt online data transmissions. We use these to protect your personal data against third-party access. When your browser bar shows “https//:” or the padlock symbol, you can see that the connection is encrypted.

To provide additional security on our website and other systems, we have technical and organisational measures in place to protect your data from being lost, destroyed, accessed, modified, or distributed by unauthorised persons. However, despite regular inspections, it is not possible to guarantee complete protection against all risks.

4. Visiting our website

If you only use our website for information purposes—i.e. you do not register with us or otherwise provide us with information—we collect only the personal data that your browser transmits to our server. As soon as you request a data file from our website, access data is collected and stored by default.

These records consist of:

  • The page from which the data file was requested
  • The name of the data file
  • The date and time of the request
  • The amount of data transmitted in each case
  • The access status/HTTP status code (such as whether or not the data file was transmitted or if it was not found, etc.)
  • A description of the type and version of the web browser used
  • The IP address used

We need this information to show you our website and to ensure its stability and security. We also analyse these records for internal statistical purposes and to support the technical administration of the website. Our lawful basis for these processing operations is Art. 6(1) sentence 1(f) GDPR. Our legitimate interest results from the stated purposes of data collection.

5. Use of our online shop

(1) When you wish to place an order in our online shop, you must provide personal data, such as

  • Name
  • Address
  • E-mail address

in the course of the ordering process. Which data is collected can be seen in each input screen, where mandatory entries are specially marked. All other information is voluntary.

The submission of your personal data serves the purpose and is required to conclude the contract and to process your order. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR.

(2) You have the option of creating a customer account. For the purpose of using your personal data for additional, subsequent orders, the data provided by you is revocably stored and processed. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR.

(3) Under commercial and tax law we are required to store your address, payment, and order data for the duration of ten years. Your data will therefore not be completely deleted even when it is no longer necessary to save it for the concluded contract. Processing will, however, be limited to the degree necessary to comply with statutory obligations. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

(4) We will use the data that you provided to us in the course of your order exclusively for processing your order. We make use of the external service providers named below for processing the order.

(a) Your address data must be forwarded to our parcel delivery service for the shipping of goods. They are obligated to treat your data as confidential and to save and use it exclusively for the purpose of delivery, and to delete it upon completion of the delivery. In this case, our lawful basis for the forwarding of data is Art. 6(1) sentence 1(b) GDPR.

(b) We use the external payment service provider BS PAYONE GmbH ("Payone"), Lyoner Straße 9, 60528 Frankfurt/Main, on whose platform we and the users can conduct payment transactions.

In the context of fulfilling contracts, we use this payment service provider on the basis of Art. 6 clause 1 (b) GDPR. We also use the external payment service provider on the basis of our justified interests pursuant to Art. 6 Clause 1 (f) GDPR, in order to offer our users effective and safe payment options.

The data processed by the payment service provider include inventory data, such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and verification numbers, as well as sums, contractual details and recipient-related information. These data are necessary in order to conduct the transaction. However, the data provided is processed and stored only by the payment service provider. In other words, we do not receive any account or credit card-related information, but instead only information relating to the confirmation or rejection of a payment. In some circumstances, the data are forwarded by the payment service provider to credit agencies for the purpose of verifying identity and creditworthiness. On this point we refer to the general terms and conditions of the payment service provider, retrievable at: https://www.payone.com/allgemeine-geschaeftsbedingungen/. The privacy policy of Payone can be found here: https://www.payone.com/datenschutz/.

The general terms and conditions and privacy policy of the payment service provider apply for payment transactions. These can be found on the relevant websites or transaction applications.

(5) You can also pay for your order on account. We hereby inform you that when you select this method of payment we will evaluate the risk of default on the basis of statistical mathematical methods (scoring) from a credit agency[A1] . The personal data required for the credit check will also be sent to the credit agency, and your address data will also be considered. This data is collected, stored, and forwarded for the purpose of checking creditworthiness to avoid default. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and Art. 6(1) sentence 1(f) GDPR. A statistical probability of credit default, and therefore your ability to pay, is calculated on the basis of this information. If the result of the credit check is positive, payment on account is possible. If the results of the credit check is negative, then our shop system will not offer you the option of payment on account.

The decision as to whether payment on account is possible is based solely on an automated decision by our online shop system, performed by the credit agency engaged by us, so that no separate manual review of your documentation is performed by one of our employees.

You can decline transmission of your data to the credit agency at any time. However, in this case it will no longer be possible to place orders on account through our website. Scoring [and the automated decision] is limited solely to whether an order on account can be placed. We use the score [and the automated decision of our shop system] solely to protect ourselves against potential payment defaults.

In addition, we may transmit information to the credit agency about behaviour not related to receivables that undermines your trustworthiness (such as credit card fraud). This is done in accordance with legal requirements to the extent necessary to protect our justified interests and the justified interests of third parties, and there is no reason to assume that you have no prevailing interests or fundamental rights and liberties that require personal data protection. This data is collected, stored, and forwarded for the purpose of fraud prevention, and our lawful basis for these processing operations is Art. 6(1) sentence 1(f) GDPR.

6. Subscribing to our newsletter

(1) By subscribing to our newsletter, you agree to our use of your e-mail address for our own marketing purposes (direct marketing).

Consent to receive the newsletter

“I would like to receive regular information by e-mail from Brauns-Heitmann about attractive offers on goods or services. I can withdraw my consent for the use of my e-mail address at any time. The newsletter is distributed in compliance with our data privacy notice.”

(2) We use a double opt-in process for subscriptions to our newsletter. This means that, after signing up, you will first receive an e-mail with an activation link that you must use to confirm your subscription. Subscription is only complete once you have clicked on the activation link. As part of the subscription process, we store your IP address and the times when you signed up and confirmed, as well as your e-mail address. This enables us to detect any misuse of third-party data at a later date and to verify your subscription.

(3) If your initial sign-up is not confirmed via the activation link within 24 hours, we automatically delete the data that was saved as part of your subscription.

(4) Subscription to the newsletter requires only your e-mail address. Any disclosure of additional, separately identified data is voluntary and used to enable us to address you personally. Upon receipt of your confirmation, we store your e-mail address for the purpose of sending you the newsletter in which we will inform you about our products and services. Your consent forms our lawful basis for processing your personal data in accordance with Art. 6(1) sentence1(a) GDPR.

(5) You can withdraw your consent to the storage and use of your e-mail address for the purpose of sending you our newsletter at any time and with effect for the future and unsubscribe from the newsletter by sending an e-mail to: datenschutz@simplicol.de or by clicking on the link at the bottom of any newsletter.

 

7. Contacting us by e-mail or using the contact form

(1) When you contact us by e-mail or via the contact form on our website, we collect and store your personal data. The particular personal data collected if you contact us via the contact form is indicated on the form itself. When you contact us by e-mail, we collect and store the following personal data: e-mail address and text in the e-mail body in addition to any further data that is voluntarily provided.

(2) We process the data you provide only in order to deal with your contact enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

 

8. Orders outside of the online shop, e.g. by mail

 (1) When you wish to place an order without using our online shop, you must provide personal data, such as

  • Name
  • Address
  • E-mail address

in the course of the ordering process. In the course of the order, you will be informed which data is collected for this purpose. The submission of your personal data serves the purpose and is required to conclude the contract and to process your order. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR.

(2) You have the option of creating a customer account. For the purpose of using your personal data for additional, subsequent orders, the data provided by you is revocably stored and processed. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR.

(3) Under commercial and tax law we are required to store your address, payment, and order data for the duration of ten years. Your data will therefore not be completely deleted even when it is no longer necessary to save it for the concluded contract. Processing will, however, be limited to the degree necessary to comply with statutory obligations. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

(4) We will use the data that you provided to us in the course of your order exclusively for processing your order. We make use of the external service providers named below for processing the order.

(a) Your address data must be forwarded to our parcel delivery service for the shipping of goods. They are obligated to treat your data as confidential and to save and use it exclusively for the purpose of delivery, and to delete it upon completion of the delivery. In this case, our lawful basis for the forwarding of data is Art. 6(1) sentence 1(b) GDPR.

(b) Your payment data is forwarded to the contracted credit or financial institute for processing payment. In this case, our lawful basis for processing your personal data is Art. 6(1) sentence1(b) GDPR.

(5) For orders placed through our online shop, we refer to the corresponding data privacy notice at simplicol.de

9. Use of the live chat function

(1) When you contact us via the live chat function to obtain answers to live enquiries, we will collect and store additional personal data (as well as the data indicated under section 4), such as the name you give us and the content of your messages.

(2) We process the data you provide only to deal with your live enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

10. Evaluation e-mail from Trusted Shops

If you have given us particular, express consent in the course of or after the ordering process, we will transmit your e-mail address to the evaluation platform Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Köln, Germany (www.trustedshops.de). You will then receive an evaluation reminder by e-mail. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(a) GDPR.

You can withdraw your consent to the storage and use of your e-mail address for the purpose of sending you evaluation reminders at any time and with effect for the future by sending a message to ewondo or Trusted Shops, for example via e-mail to: datenschutz@simplicol.de.

11. Cookies

(1) This website uses cookies. Cookies are small text files that your web browser stores on your device (PC, laptop, tablet, smartphone, etc.). They serve to provide a more enjoyable and convenient experience when using our services or for analytical purposes. When you open the relevant page again, the cookies help to recognise your device. This means that, for example, data you have previously entered can be retrieved when you fill out the form again or that you can continue to place an order for items already placed in your shopping basket. If the cookies are used for the purpose of concluding or executing a contract, our lawful basis is Art. 6(1) sentence 1(b) GDPR. If the cookies are used to safeguard our legitimate interests in ensuring the enjoyable and convenient functionality of our website and to analyse and improve said website, our lawful basis is Art. 6(1) sentence 1(f) GDPR.

(2) This website uses the following types of cookies:

  • We mainly use cookies that are automatically deleted from your hard disk at the end of your browser session or when you log out (transient cookies, particularly session cookies).
  • Other cookies remain on your computer and ensure that we recognise your device when you next visit (known as persistent or permanent cookies). Your system automatically deletes these cookies after a predetermined period of time, which differs from cookie to cookie.

(3) Content and services from other providers (such as YouTube) are embedded in this website. These providers use their own cookies and active components. In this respect, we refer to the information provided below.

(4) You can modify the way cookies are stored by changing your browser settings at any time. For example, you can accept all cookies, accept third-party cookies (cookies that are set by a third party, i.e. not by the actual website that you are browsing), refuse to accept individual cookies, or delete cookies. Please note, however, that if you refuse or delete cookies from our website, you may not be able to use all of its functions. To protect your privacy, we recommend that you regularly delete cookies from your device and browser history.

12. Analysis tools

Our website uses the following so-called tracking measures, which enable us to analyse usage of our website and regularly improve it. The statistics we collect allow us to enhance our services and make them more attractive for you as a user. They also help us to measure the success of and optimise our advertising activities. Ultimately, they also allow us to send you personalised marketing information. Our lawful basis for these activities is Art. 6(1) sentence 1(f) GDPR, whereby our legitimate interest results from the previously stated purposes.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies (see the “Cookies” section of this data privacy notice above), which are text files that are stored on your computer and used to analyse your use of the website.

The information that the cookie generates about your use of this website is usually transferred to and stored on a Google server in the USA. Should IP anonymisation be activated on this website, your IP address will, however, first be truncated by Google within the member states of the European Union or in other countries party to the European Economic Area Agreement. Please note that this website uses Google Analytics with the extension “_anonymizeIp()”, which means that IP addresses are only used in their shortened form and it is therefore not possible to identify individuals.

On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator, and providing other services to the website operator relating to website activity and Internet usage. The IP address transmitted by your browser as part of the Google Analytics process will not be merged with any other data held by Google. You can prevent the storage of cookies by changing the browser settings on your computer. However, please note that if you do so, you might not be able to make full use of all the functions on this website.

Furthermore, you can prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in provided at the following link: https://tools.google.com/dlpage/gaoptout/.

You can also prevent Google Analytics from collecting data by clicking on the link below. This sets an opt-out cookie, which prevents your data from being collected when you visit this website:

Deactivate Google Analytics

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

You will find more information about Google’s terms of use and privacy policy at: https://www.google.com/analytics/terms/gb.html and at https://policies.google.com/privacy?hl=en-GB/.

Google Analytics deaktivierenGoogle verarbeitet Ihre personenbezogenen Daten auch in den USA und hat sich dem EU-US-Privacy-Shield unterworfen, welches die Einhaltung des in der EU geltenden Datenschutzniveaus sicherstellt, https://www.privacyshield.gov/EU-US-Framework.

Hotjar

We also use the Hotjar analysis service of Hotjar Ltd, St Julian's Business Centre 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe (hereinafter referred to as "Hotjar"). Hotjar is a tool for analysing user behaviour. Hotjar enables us to measure, evaluate and track the behaviour of visitors to our website, such as mouse movements, clicks and scroll height.

For this purpose, Hotjar uses cookies on the end devices of website visitors, among other things, and can store data from website visitors such as browser information, operating system, time spent on the site, etc. in anonymous form.

We have concluded an data processing agreement with Hotjar. By this agreement, Hotjar assures that they process the data in accordance with the EU General Data Protection Regulation and guarantee the protection of the rights of the person concerned.

You can prevent this data processing by Hotjar by deactivating the use of cookies in the settings of your web browser and deleting cookies that are already active. Another way to prevent data processing by Hotjar is to activate the "Do-Not-Track" function in your browser. You can find out how this can be set here.

For more information about privacy at Hotjar, please see its privacy policy.

13. Incorporation of other tools

Embedded YouTube videos

Our online presence includes embedded YouTube videos that are stored at http://www.youtube.com and can be played back directly from our website. The provider is YouTube, a service that belongs to Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

All of these videos are embedded in privacy-enhanced mode. This means that no data about you as a user is transmitted to YouTube when you do not play the videos. The data indicated in the following paragraph is transmitted only when you play the videos. We have no control over this data transmission.

YouTube sets cookies to analyse your behaviour as a user. When you visit our website, YouTube is informed that you have opened the relevant subpage of the website. The data we collect as stated above under section 4, “Visiting our website”, is also transmitted. This is independent of whether or not you are logged in to a YouTube user account. If you are logged in to Google, your data will be directly linked to your account. If you do not want YouTube to link to your profile, you must log out before clicking the button.

YouTube/Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for YouTube/Google is Art. 6(1) sentence1(f) GDPR, whereby the legitimate interests of YouTube/Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact YouTube/Google to exercise this right.

Because YouTube videos are embedded in our site, a connection to Google’s DoubleClick advertising network is established when a page is opened, regardless of whether the video is played.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

Further information about the purpose and extent of data collection and data processing by YouTube is available in its privacy policy. You will also find more information here about your rights and settings options to help you protect your privacy: https://policies.google.com/privacy?hl=en-GB/.

Embedded Google Maps

This website uses the Google Maps service. As a result, we are able to show you interactive maps directly in our website and you can easily use the mapping function. The provider is Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit our website, Google is informed that you have opened the relevant subpage of our website. The data we collect as stated above under section 4 of this notice, “Visiting our website”, is also transmitted. This is independent of whether or not you are logged in to a Google user account. If you are logged in to Google, your data will be directly linked to your account. If you do not want Google to link to your profile, you must log out before clicking the button.

Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for Google is Art. 6(1) sentence 1(f) GDPR, whereby the legitimate interests of Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact Google to exercise this right.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

Further information about the purpose and extent of data collection and data processing by the plug-in provider is available in the provider’s privacy policies. You can also find out more about your applicable rights and settings options to help you protect your privacy here: https://policies.google.com/privacy?hl=en-GB/.

14. Marketing tools

Facebook Custom Audiences

This website utilises the remarketing function “Custom Audiences” provided by Facebook Inc. (“Facebook”), 1601 S California Ave, Palo Alto, California 94304, USA. This allows users of the website to see advertisements based on their interests (“Facebook ads”) when visiting the Facebook social networking site or other websites that also make use of the process. In using this service, we are pursuing our interest in showing you advertising that is of interest to you in order to make our website more appealing to you. The lawful basis for processing your data is Art. 6(1) sentence 1(f) GDPR, whereby the legitimate interest results from the previously stated purposes.

Owing to the embedded marketing tool, your browser automatically establishes a direct connection to Facebook’s server. We have no control over the extent and further use of the data that is collected through Facebook’s use of this tool and therefore provide you with the following information on the basis of our understanding. Because we have embedded Facebook Custom Audiences, Facebook is informed that you have accessed the relevant page of our website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can link your visit to your account. Even if you are not registered with Facebook or are not logged in to its services, the provider may still ascertain and store your IP address and further identifiers.

Users who are logged in may deactivate the Facebook Custom Audiences function at: https://www.facebook.com/settings/?tab=ads#/.

Further information about data processing by Facebook is available at: https://www.facebook.com/about/privacy/.

Facebook also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

15. How long personal data is stored

The duration of storage of personal data is dependent on the respective statutory retention period (e.g. retention periods in accordance with commercial and tax legislation). When the statutory retention periods expire, we delete the respective personal data as long as and insofar as the personal data is not necessary for the performance or initiation of a contract or we no longer have a legitimate interest in storing the data.

16. Other ways in which we share data

(1) In some cases, we use external hosting providers to process your data and make this website available. We have carefully selected and commissioned these providers; they are bound by our instructions and regularly monitored. The lawful basis for this is provided by Art. 28 GDPR.

(2) Over and above this action, we share your personal data with third parties only in the following cases:

  • When you have given us your express consent for this in accordance with Art. 6(1) sentence 1(a) GDPR, or
  • When there is a legal obligation to disclose the information in accordance with Art. 6(1) sentence 1(c) GDPR, such as in connection with a criminal prosecution, or

Where disclosure in accordance with Art. 6(1) sentence 1(f) GDPR is necessary for the purpose of establishing or defending legal claims or exercising such rights, and where it cannot be assumed that disclosure is contrary to an overriding protectable interest on the part of the data subject.

1. General information about the collection of personal data

(1) In the following data privacy notice, we explain how we handle the personal data that is communicated to us when you use our websites and/or our services. “Personal data” means all information that relates to you as an individual, such as name, address, e-mail addresses, or user behaviour.

(2) Data controller in accordance with Art. 4(7) of the General Data Protection Regulation (GDPR):

Brauns-Heitmann GmbH & Co. KG
Lütkefeld 15
34414 Warburg, Germany

Phone: +49 5641 95-0
Fax: +49 5641 95-141

E-mail: datenschutz@simplicol.de

2. Rights of the data subject

(1) In your relationship with Brauns-Heitmann, you have the following rights with regard to the personal data relating to you:

  • Right of access (Art. 15 GDPR) to your personal data as processed by us.
  • Right to rectification (Art. 16 GDPR) or to complete personal data relating to you that is processed by us.
  • Right to erasure (Art. 17 GDPR) of personal data relating to you that is processed by us unless such processing is necessary in the exceptional circumstances outlined in Art. 17(3) GDPR.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to notification (Art. 19 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to withdraw consent that has previously been given to us (Art. 7(3) GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

(2) Furthermore, you have the right to lodge a complaint with a data protection supervisory authority, if you believe that the processing of your personal data by us is unlawful. These authorities are the data protection commissioners for the respective German federal states. You will find the appropriate contacts listed, for example, on the following website: https://datenschutz.saarland.de/datenschutz/zustaendigkeiten/#c139.

(3) Right to object to the processing of your personal data

If we base the processing of your personal data on a balance of interests, you may object to this processing operation. This is the case when the processing operation is not specifically required to fulfil a contract with you, as outlined by us in the corresponding description of each operation. If you choose to exercise this right to object, we will ask you to give reasons why you do not wish us to process your personal data as we have done previously. If we receive a justified objection from you, we will examine the situation and either stop or adjust the data processing operation or alternatively present you with our compelling legitimate grounds for continuing our processing operation. You can, of course, object to the processing of your personal data for marketing and data analysis purposes at any time. Please use the following contact information to enquire about your right to object to marketing: datenschutz@simplicol.de

3. Data security

Because the security of your data is important to us, your personal data is transmitted via a secure SSL or TLS encryption system/connection. TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols used to encrypt online data transmissions. We use these to protect your personal data against third-party access. When your browser bar shows “https//:” or the padlock symbol, you can see that the connection is encrypted.

To provide additional security on our website and other systems, we have technical and organisational measures in place to protect your data from being lost, destroyed, accessed, modified, or distributed by unauthorised persons. However, despite regular inspections, it is not possible to guarantee complete protection against all risks.

4. Visiting our website

If you only use our website for information purposes—i.e. you do not register with us or otherwise provide us with information—we collect only the personal data that your browser transmits to our server. As soon as you request a data file from our website, access data is collected and stored by default.

These records consist of:

  • The page from which the data file was requested
  • The name of the data file
  • The date and time of the request
  • The amount of data transmitted in each case
  • The access status/HTTP status code (i.e. whether or not the data file was transmitted or if it was not found, etc.)
  • A description of the type and version of the web browser used
  • The IP address used

We need this information to show you our website and to ensure its stability and security. We also analyse these records for internal statistical purposes and to support the technical administration of the website. Our lawful basis for these processing operations is Art. 6(1) sentence 1(f) GDPR. Our legitimate interest results from the stated purposes of data collection.

5. Subscribing to our newsletter

(1) By subscribing to our newsletter, you agree to our use of your e-mail address for our own marketing purposes (direct marketing).

Consent to receive the newsletter

“I would like to receive regular information by e-mail from Brauns-Heitmann about attractive offers on goods or services. I can withdraw my consent for the use of my e-mail address at any time. The newsletter is distributed in compliance with our data privacy notice.”

(2) We use a double opt-in process for subscriptions to our newsletter. This means that, after signing up, you will first receive an e-mail with an activation link that you must use to confirm your subscription. Subscription is only complete once you have clicked on the activation link. As part of the subscription process, we store your IP address and the times when you signed up and confirmed, as well as your e-mail address. This enables us to detect any misuse of third-party data at a later date and to verify your subscription.

(3) If your initial sign-up is not confirmed via the activation link within 24 hours, we automatically delete the data that was saved as part of your subscription.

(4) Subscription to the newsletter requires only your e-mail address. Any disclosure of additional, separately identified data is voluntary and used to enable us to address you personally. Upon receipt of your confirmation, we store your e-mail address for the purpose of sending you the newsletter in which we will inform you about our products and services. Your consent forms our lawful basis for processing your personal data in accordance with Art. 6(1) sentence1(a) GDPR.

(5) You can withdraw your consent to the storage and use of your e-mail address for the purpose of sending you our newsletter at any time and with effect for the future and unsubscribe from the newsletter by sending an e-mail to: datenschutz@simplicol.de or by clicking on the link at the bottom of any newsletter.

6. Contacting us by e-mail or using the contact form

(1) When you contact us by e-mail or via the contact form on our website, we collect and store your personal data. The particular personal data collected if you contact us via the contact form is indicated on the form itself. When you contact us by e-mail, we collect and store the following personal data: e-mail address and text in the e-mail body in addition to any further data that is voluntarily provided.

(2) We process the data you provide only in order to deal with your contact enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

7. Use of the live chat function

(1) When you contact us via the live chat function to obtain answers to live enquiries, we will collect and store additional personal data (as well as the data indicated under point 4), such as the name you give us and the content of your messages.

(2) We process the data you provide only to deal with your live enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

8. Cookies

(1) This website uses cookies. Cookies are small text files that your web browser stores on your device (PC, laptop, tablet, smartphone, etc.). They serve to provide a more enjoyable and convenient experience when using our services or for analytical purposes. When you open the relevant page again, the cookies help to recognise your device. This means that, for example, data you have previously entered can be retrieved when you fill out the form again or that you can continue to place an order for items already placed in your shopping basket. If the cookies are used for the purpose of concluding or executing a contract, our lawful basis is Art. 6(1) sentence 1(b) GDPR. If the cookies are used to safeguard our legitimate interests in ensuring the enjoyable and convenient functionality of our website and to analyse and improve said website, our lawful basis is Art. 6(1) sentence 1(f) GDPR.

(2) This website uses the following types of cookies:

  • We mainly use cookies that are automatically deleted from your hard disk at the end of your browser session or when you log out (transient cookies, in particular session cookies).
  • Other cookies remain on your computer and ensure that we recognise your device when you next visit (known as persistent or permanent cookies). Your system automatically deletes these cookies after a predetermined period of time, which differs from cookie to cookie.

(3) Content and services from other providers (such as YouTube) are embedded in this website. These providers use their own cookies and active components. In this respect, we refer to the information we provide below.

(4) You can modify the way cookies are stored by changing your browser settings at any time. For example, you can accept all cookies, accept third-party cookies (cookies that are set by a third party, i.e. not by the actual website that you are browsing), refuse to accept individual cookies, or delete cookies. Please note, however, that if you refuse or delete cookies from our website, you may not be able to use all of its functions. To protect your privacy, we recommend that you regularly delete cookies from your device and browser history.

9. Analysis tools

Our website uses the following so-called tracking measures, which enable us to analyse usage of our website and regularly improve it. The statistics we collect allow us to enhance our services and make them more attractive for you as a user. They also help us to measure the success of and optimise our advertising activities. Ultimately, they also allow us to send you personalised marketing information. Our lawful basis for these activities is Art. 6(1) sentence 1(f) GDPR, whereby our legitimate interest results from the previously stated purposes.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies (see the “Cookies” section of this data privacy notice, above), which are text files that are stored on your computer and used to analyse your use of the website.

The information the cookie generates about your use of this website is usually transferred to and stored on a Google server in the USA. Should IP anonymisation be activated on this website, your IP address will, however, first be truncated by Google within the Member States of the European Union or in other countries party to the European Economic Area Agreement. Please note that this website uses Google Analytics with the extension “_anonymizeIp()”, which means that IP addresses are only used in their shortened form and it is therefore not possible to identify individuals.

On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator, and providing other services to the website operator relating to website activity and Internet usage. The IP address transmitted by your browser as part of the Google Analytics process will not be merged with any other data held by Google. You can prevent the storage of cookies by changing the browser settings on your computer. However, please note that if you do so, you might not be able to make full use of all the functions on this website.

Furthermore, you can prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in provided at the following link: https://tools.google.com/dlpage/gaoptout/.

You can also prevent Google Analytics from collecting data by clicking on the following link. This sets an opt-out cookie, which prevents your data from being collected when you visit this website.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

You will find more information about Google’s terms of use and privacy policy at: https://www.google.com/analytics/terms/gb.html and at https://policies.google.com/privacy?hl=en-GB/.

10. Incorporation of other tools

Embedded YouTube videos

Our online presence includes embedded YouTube videos that are stored at http://www.YouTube.com and can be played back directly from our website. The provider is YouTube, a service that belongs to Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

All of these videos are embedded in privacy-enhanced mode. This means that no data about you as a user is transmitted to YouTube when you do not play the videos. The data indicated in the following paragraph is transmitted only when you play the videos. We have no control over this data transmission.

YouTube sets cookies to analyse your behaviour as a user. When you visit our website, YouTube is informed that you have opened the relevant subpage of the website. The data we collect as stated above under point 4, “Visiting our website”, is also transmitted. This is independent of whether or not you are logged in to a YouTube user account. If you are logged in to Google, your data will be directly linked to your account. If you don’t want YouTube to link to your profile, you must log out before clicking the button.

YouTube/Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for YouTube/Google is Art. 6(1) sentence1(f) GDPR, whereby the legitimate interests of YouTube/Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact YouTube/Google to exercise this right.

Because YouTube videos are embedded in our site, a connection to Google’s DoubleClick advertising network is established when a page is opened, regardless of whether the video is played.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework.

Further information about the purpose and extent of data collection and data processing by YouTube is available in its privacy policy. You will also find more information here about your rights and settings options to help you protect your privacy: https://policies.google.com/privacy?hl=en-GB/.

Embedded Google Maps

This website uses the Google Maps service. As a result, we are able to show you interactive maps directly in our website and you can easily use the mapping function. The provider is Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit our website, Google is informed that you have opened the relevant subpage of our website. The data we collect as stated above under point 4 of this notice, “Visiting our website”, is also transmitted. This is independent of whether or not you are logged in to a Google user account. If you are logged in to Google, your data will be directly linked to your account. If you don’t want Google to link to your profile, you must log out before clicking the button.

Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for Google is Art. 6(1) sentence 1(f) GDPR, whereby the legitimate interests of Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact Google to exercise this right.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

Further information about the purpose and extent of data collection and data processing by the plug-in provider is available in the provider’s privacy policies. You can also find out more here about your applicable rights and settings options to help you protect your privacy: https://policies.google.com/privacy?hl=en-GB/.

11. Marketing tools

Facebook Custom Audiences

This website utilises the remarketing function “Custom Audiences” provided by Facebook Inc. (“Facebook”), 1601 S California Ave, Palo Alto, California 94304, USA. This allows users of the website to see advertisements based on their interests (“Facebook ads”) when visiting the Facebook social networking site or other websites that also make use of the process. In using this service, we are pursuing our interest in showing you advertising that is of interest to you in order to make our website more appealing to you. The lawful basis for processing your data is Art. 6(1) sentence 1(f) GDPR, whereby the legitimate interest results from the previously stated purposes.

Owing to the embedded marketing tool, your browser automatically establishes a direct connection to Facebook’s server. We have no control over the extent and further use of the data that is collected through Facebook’s use of this tool and therefore provide you with the following information on the basis of our understanding. Because we have embedded Facebook Custom Audiences, Facebook is informed that you have accessed the relevant page of our website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can link your visit to your account. Even if you are not registered with Facebook or are not logged in to its services, the provider may still ascertain and store your IP address and further identifiers.

Users who are logged in may deactivate the Facebook Custom Audiences function at: https://www.facebook.com/settings/?tab=ads#/.

Further information about data processing by Facebook is available at: https://www.facebook.com/about/privacy/.

Facebook also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

12. How long personal data is stored

The duration of storage of personal data is dependent on the respective statutory retention period (e.g. retention periods in accordance with commercial and tax legislation). When the statutory retention periods expire, we delete the respective personal data as long as and insofar as the personal data is not necessary for the performance or initiation of a contract or we no longer have a legitimate interest in storing the data.

13. Other ways in which we share data

(1) In some cases, we use external hosting providers to process your data and make this website available. We have carefully selected and commissioned these providers; they are bound by our instructions and regularly monitored. The lawful basis for this is provided by Art. 28 GDPR.

(2) Over and above this action, we share your personal data with third parties only in the following cases:

  • When you have given us your express consent for this in accordance with Art. 6(1) sentence 1(a) GDPR, or
  • When there is a legal obligation to disclose the information in accordance with Art. 6 (1) sentence 1(c) GDPR, such as in connection with a criminal prosecution, or
  • Where disclosure in accordance with Art. 6(1) sentence 1(f) GDPR is necessary for the purpose of establishing or defending legal claims or exercising such rights, and where it cannot be assumed that disclosure is contrary to an overriding protectable interest on the part of the data subject.