VAT cut
Due to the coronavirus pandemic and the resulting decline in purchasing power, the German Federal Government has reduced its VAT rate.
We’re delighted to pass on this tax cut to you.

Dear customers, please note that the delivery times are currently longer than normally due to inventory. We appreciate your understanding.

 

Language
Language
Cart
Cart

Data privacy notice

 

1. General information about the collection of personal data

 

(1) In the following data privacy notice, we explain how we handle the personal data that is communicated to us when you use our websites and/or our services. “Personal data” means all information that relates to you as an individual, such as name, address, e-mail address, or user behaviour.

(2) Data controller in accordance with Art. 4(7) of the General Data Protection Regulation (GDPR):

Brauns-Heitmann GmbH & Co. KG
Lütkefeld 15
34414 Warburg, Germany
Phone: +49 5641 95-0
Fax: +49 5641 95-141
E-mail: info@brauns-heitmann.de

(3) You can contact our company data protection officer by e-mailing datenschutz@simplicol.de or by writing to the above address with the addition of the words “Der Datenschutzbeauftragte” (the data protection officer).

 

 

2. Rights of the data subject

 

(1) In your relationship with Brauns-Heitmann, you have the following rights with regard to the personal data relating to you:

  • Right of access (Art. 15 GDPR) to your personal data as processed by us.
  • Right to rectification (Art. 16 GDPR) or to complete personal data relating to you that is processed by us.
  • Right to erasure (Art. 17 GDPR) of personal data relating to you that is processed by us unless such processing is necessary in the exceptional circumstances outlined in Art. 17(3) GDPR.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to notification (Art. 19 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to withdraw consent that has previously been given to us (Art. 7(3) GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

(2) Furthermore, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data by us is unlawful. In this case, you can contact the data protection commissioner for the respective German federal state. You will find the appropriate contacts listed, for example, on the following website: https://datenschutz.saarland.de/datenschutz/zustaendigkeiten/#c139.

(3) Right to object to the processing of your personal data

If we base the processing of your personal data on a balance of interests, you may object to this processing operation. This applies when the processing operation is not specifically required to fulfil a contract with you, as outlined by us in the corresponding description of each operation. If you choose to exercise this right to object, we will ask you to give reasons why you do not wish us to process your personal data as we have done previously. If we receive a justified objection from you, we will examine the situation and either stop or adjust the data processing operation or alternatively present you with our compelling legitimate grounds for continuing our processing operation. You can, of course, object to the processing of your personal data for marketing and data analysis purposes at any time. Please use the following contact information to enquire about your right to object: Brauns-Heitmann GmbH & Co. KG, Lütkefeld 15, 34414 Warburg, Germany; phone: +49 5641 95-0; fax: +49 5641 95-141; e-mail:  info@brauns-heitmann.de

 

 

3. Data security

 

Because the security of your data is important to us, your personal data is transmitted via a secure SSL- or TLS-encryption system/connection. TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols used to encrypt online data transmissions. We use these to protect your personal data against third-party access. When your browser bar shows the abbreviation “https//:” or the padlock symbol, you can see that the connection is encrypted.

To provide additional security on our website and other systems, we have technical and organisational measures in place to protect your data from being lost, destroyed, accessed, modified, or distributed by unauthorised persons. However, despite regular inspections, it is not possible to guarantee complete protection against all risks.

 

 

4. Visiting our website

 

If you only use our website for information purposes—i.e. you do not register with us or otherwise provide us with information—we collect only the personal data that your browser transmits to our server. As soon as you request a data file from our website, access data is collected and stored by default.

These records consist of:

  • The page from which the data file was requested
  • The name of the data file
  • The date and time of the request
  • The amount of data transmitted in each case
  • The access status/HTTP status code (such as whether or not the data file was transmitted or if it was not found, etc.)
  • A description of the type and version of the web browser used
  • The IP address used

We need this information to show you our website and to ensure its stability and security. We also analyse this information for internal statistical purposes and to support the technical administration of the website. Our lawful basis for these processing operations is Art. 6(1) sentence 1(f) GDPR. Our legitimate interest results from the stated purposes of data collection.

 

 

5. Use of our online shop

 

(1) If you wish to place an order in our online shop, you must provide personal data in the course of the ordering process. This includes the following:

  • Name
  • Address
  • E-Mail address

The specific data being collected can be seen in each individual input screen, where mandatory entries are specially marked. All other information is voluntary.

The submission of your personal data serves the purpose and is necessary to the extent that it is required to conclude the contract and to process your order. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR.

(2) You have the option of creating a customer account. For the purpose of using your personal data for additional, subsequent orders, the data provided by you is revocably stored and processed. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR.

(3) Under commercial and tax law we are required to store your address, payment, and order data for a period of ten years. Your data will therefore not be completely deleted, even when it is no longer necessary to save it for the concluded contract. Processing will, however, be limited to the degree necessary to comply with statutory obligations. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

(4) We will use the data that you provided to us in the course of your order exclusively for processing your order. We make use of the external service providers named below for processing the order.

  (a) Your address data must be forwarded to our parcel delivery service for the shipping of goods. They are obligated to treat your data as confidential, to save and use it exclusively for the purpose of delivery, and to delete it upon completion of the delivery. In this case, our lawful basis for the forwarding of data is Art. 6(1) sentence 1(b) GDPR.

  (b) Your payment data is forwarded to the contracted credit institute or selected payment service provider for payment processing. In this case, our lawful basis for the forwarding of data is Art. 6(1) sentence 1(b) GDPR.

Your payment data is transmitted to the appropriate payment service provider for the means of payment that you selected. The payment service provider is responsible for your payment data. You can obtain information, particularly about the controlling location of the payment service providers and the categories of personal data processed by the payment service providers, at the following Internet address:

  • PayPal:
    For payment via PayPal, your data required for payment will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. Further information can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

(5) You can also pay for your order on account or by direct debit. We hereby inform you that when you select this method of payment, we will evaluate the risk of default on the basis of statistical mathematical methods (scoring) with credit agencies. The personal data required for the credit check, including your address data, will also be sent to the credit agency. This data is collected, stored, and forwarded for the purpose of checking creditworthiness to avoid default. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and Art. 6(1) sentence 1(f) GDPR. A statistical probability of credit default, and therefore your ability to pay, is calculated on the basis of this information. If the result of the credit check is positive, payment on account is possible. If the result of the credit check is negative, then our shop system will not offer you the option of payment on account.

The decision as to whether payment on account is possible is based solely on an automated calculation by our online shop system, performed by the credit agency engaged by us. A separate manual review of your documentation is not performed by one of our employees.

Your consent with respect to this automated decision reads:

  • By checking this box and clicking the “Continue order process” button, you consent to the automated decision-making process explained below. We will process your personal data with respect to the automated decision as to whether the purchase contract for payment on account can be concluded with you. This decision is based solely on the automated processing of your personal data as part of the scoring indicated above. If the result of the credit check is positive, then it is possible to order on account. If the result of the credit check is negative, then our shop system will not offer you the option of payment on account. The decision is thus made without one of our employees reviewing your interest in payment on account or other effects on the decision-making process. Wherever particular probability values are used for the automated decision, they are based on scientifically accepted statistical mathematical methods. You can withdraw this consent at any time. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

You can decline transmission of your data to the credit agency at any time. However, in this case it will no longer be possible to place orders on account through our website. Scoring and the automated decision are limited solely to whether an order on account can be placed. We use the score (and the automated decision of our shop system) solely to protect ourselves against potential payment defaults.

In addition, we may transmit information to the credit agency about behaviour not related to receivables that undermines your trustworthiness (such as credit card fraud). This is done in accordance with legal requirements to the extent necessary to protect our legitimate interests and the legitimate interests of third parties, and there is no reason to assume that you have prevailing interests or fundamental rights and freedoms that require the protection of your personal data. This data is collected, stored, and forwarded for the purpose of fraud prevention, and our lawful basis for these processing operations is Art. 6(1) sentence 1(f) GDPR.

 

 

6. Subscribing to our newsletter

 

(1) By subscribing to our newsletter, you agree to our use of your e-mail address for our own marketing purposes (direct marketing).

(2) We use a double opt-in process for subscriptions to our newsletter. This means that, after signing up, you will first receive an e-mail with an activation link that you must use to confirm your subscription. Your subscription is only active once you have clicked on the activation link. As part of the subscription process, we store your IP address and the times when you signed up and confirmed, as well as your e-mail address. This enables us to detect any misuse of third-party data at a later date and to verify your subscription.

(3) If your initial sign-up is not confirmed via the activation link within 24 hours, we automatically delete the data that was saved as part of the subscription process

(4) Subscription to the newsletter requires only your e-mail address. Any disclosure of additional, separately identified data is voluntary and used to enable us to address you personally. Upon receipt of your confirmation, we store your e-mail address for the purpose of sending you the newsletter in which we will inform you about products and services. Your consent forms our lawful basis for processing your personal data in accordance with Art. 6(1) sentence 1(a) GDPR.

(5) You can withdraw your consent to the storage and use of your e-mail address for the purpose of sending you our newsletter at any time and with effect for the future and unsubscribe from the newsletter, for example by sending an E-Mail to: datenschutz@simplicol.de or by clicking on the relevant link at the bottom of any newsletter.

 

 

7. Contacting us by e-mail or using the contact form

 

(1) When you contact us by e-mail or via the contact form on our website, we collect and store your personal data. The particular personal data collected if you contact us via the contact form is indicated on the form itself. When you contact us by e-mail, we collect and store the following personal data: e-mail address and text in the e-mail body in addition to any further data that is voluntarily provided.

(2) We process the data you provide only in order to deal with your contact enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

 

 

8. Use of the live chat function

 

(1) When you contact us via the live chat function to obtain answers to live enquiries, we will collect and store additional personal data (as well as the data indicated under point 4), such as the name you give us and the content of your messages.

(2) We process the data you provide only to deal with your live enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

 

 

9. Reviewing our products

 

You have the option of reviewing and commenting on our products. Your review and your comments will be published in connection with the relevant product together with your stated username. We recommend that you use a pseudonym instead of your real name. When you submit a comment, we store the data you have entered as well as your IP address, which we delete after one week. We need to store this information to be able to defend ourselves against liability claims in the event of any possible publication of illegal content. Our lawful bases for these processing operations are Art. 6(1) sentence 1(b) and (f) GDPR. Comments are not checked before publication. We reserve the right to delete any comments if third parties claim that they are unlawful.

 

 

10. Review e-mail from Trusted Shops

 

If you have given us particular, explicit consent in the course of or after the ordering process, we will transmit your e-mail address to the review platform Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany (www.trustedshops.co.uk). You will then receive a review reminder by e-mail. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(a) GDPR.

You can withdraw your consent to the storage and use of your e-mail address for the purpose of sending you review reminders at any time and with effect for the future by sending a message to us or Trusted Shops, for example by sending an e-mail to datenschutz@simplicol.de.

 

 

11. Cookies

 

(1) This website uses cookies. Cookies are small text files that your web browser stores on your device (PC, laptop, tablet, smartphone, etc.). They serve to provide a more enjoyable and convenient experience when using our services, or for analytical purposes. When you call up the relevant page again, the cookies help to recognise your device. This means that, for example, data you have previously entered can be retrieved when you fill out the form again or that you can continue to place an order for items you have already put in your shopping basket. If the cookies are used for the purpose of concluding or executing a contract, our lawful basis is Art. 6(1) sentence 1(b) GDPR. If the cookies are used to safeguard our legitimate interests in ensuring the enjoyable and convenient functionality of our website and to analyse and improve said website, your consent forms our lawful basis in accordance with Art. 6(1) sentence 1(a) GDPR. Where cookies are used that are required for the operation of the website, our lawful basis for these processing operations is Art. 6(1) sentence 1(f) GDPR. The operation of our website constitutes our legitimate interest in this respect.

(2) This website uses the following types of cookies:

  • We mainly use cookies that are automatically deleted from your hard disk at the end of your browser session or when you log out (transient cookies, particularly session cookies).
  • Other cookies remain on your computer and ensure that we recognise your device when you next visit (known as persistent or permanent cookies). Your system automatically deletes these cookies after a predetermined period of time, which differs from cookie to cookie.

(3) Content and services from other providers (such as YouTube and Google) are embedded in this website. These providers use their own cookies and active components. In this respect, we refer to the information provided below.

(4) You can modify the way cookies are stored by changing your browser settings at any time. For example, you can accept all cookies, accept third-party cookies (cookies that are set by a third party, i.e. not by the actual website that you are browsing), refuse to accept individual cookies, or delete cookies. Please note, however, that if you refuse or delete cookies from our website, you may not be able to use all of its functions. To protect your privacy, we recommend that you regularly delete cookies from your device and browser history.

 

 

12. Analysis tools

 

Our website uses the following so-called tracking measures, which enable us to analyse usage of our website and regularly improve it. The statistics we collect allow us to enhance our services and make them more attractive for you as a user. They also help us to measure the success of and optimise our advertising activities. In addition, this allows us to send you personalised marketing information. Our lawful basis for these processing operations is Art. 6(1) sentence 1(a) GDPR.

 

 

Google Analytics

 

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies (see the “Cookies” section of this data privacy notice above), which are text files that are stored on your computer and used to analyse your use of the website.

The information generated by the cookie about your use of this website is usually transferred to and stored on a Google server in the USA. Should IP anonymisation be activated on this website, your IP address will, however, first be truncated by Google within the member states of the European Union or in other countries party to the European Economic Area Agreement. Please note that this website uses Google Analytics with the extension “_anonymizeIp()”, which means that IP addresses are only used in their shortened form and it is therefore not possible to identify individuals.

On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator, and providing other services to the website operator relating to website activity and Internet usage. The IP address transmitted by your browser as part of the Google Analytics process will not be merged with any other data held by Google. You can prevent the storage of cookies by changing the browser settings on your computer. However, please note that if you do so, you might not be able to make full use of all the functions on this website.

Furthermore, you can prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in provided at the following link: https://tools.google.com/dlpage/gaoptout/.

You can also prevent Google Analytics from collecting data by clicking on the link below. This sets an opt-out cookie, which prevents your data from being collected when you visit this website:

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union (see https://www.privacyshield.gov/EU-US-Framework/).

You will find more information about Google’s terms of use and privacy policy at https://www.google.com/analytics/terms/gb.html and at https://policies.google.com/privacy?hl=en-GB/.

 

 

13. Incorporation of other tools

 

Embedded YouTube videos

 

Our online presence includes embedded YouTube videos that are stored at http://www.youtube.com and can be played back directly from our website. The provider is YouTube, a service that belongs to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

All of these videos are embedded in privacy-enhanced mode. This means that no data about you as a user is transmitted to YouTube if you do not play the videos. The data indicated in the following paragraph is transmitted only when you play the videos. We have no control over this data transmission.

YouTube sets cookies to analyse your behaviour as a user. When you visit our website, YouTube is informed that you have opened the relevant subpage of the website. The data we collect as stated above under “Visiting our website” (section 4) is also transmitted. This is independent of whether or not you are logged in to a YouTube user account. If you are logged in to Google, your data will be directly linked to your account. If you do not want YouTube to link to your profile, you must log out before clicking the button.

YouTube/Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for YouTube/Google is Art. 6(1) sentence 1(a) GDPR, whereby the legitimate interests of YouTube/Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact YouTube/Google to exercise this right.

Because YouTube videos are embedded in our site, a connection to Google’s DoubleClick advertising network is established the moment a page is called up, regardless of whether the video is played.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union (see https://www.privacyshield.gov/EU-US-Framework).

Further information about the purpose and extent of data collection and data processing by YouTube is available in its privacy policy. You will also find more information here about your rights and settings options to help you protect your privacy: https://policies.google.com/privacy?hl=en-GB/.

 

 

Embedded Google Maps

 

This website uses the Google Maps service. As a result, we are able to show you interactive maps directly on our website and you can easily use the mapping function. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

When you visit our website, Google is informed that you have opened the relevant subpage of our website. The data as stated above under “Visiting our website” (section 4) is also transmitted. This is independent of whether or not you are logged in to a Google user account. If you are logged in to Google, your data will be directly linked to your account. If you do not want Google to link to your profile, you must log out before clicking the button.

Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for Google is Art. 6(1) sentence 1(f) GDPR, whereby the legitimate interests of Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact Google to exercise this right.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union (see https://www.privacyshield.gov/EU-US-Framework).

Further information about the purpose and extent of data collection and data processing by the plug-in provider is available in the provider’s privacy policies. This is also where you can find out more about your applicable rights and settings options to help you protect your privacy (see https://policies.google.com/privacy?hl=en-GB/).

 

 

14. Marketing tools

 

Facebook Custom Audiences

 

This website utilises the remarketing function “Custom Audiences” provided by Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (“Facebook”). This allows users of the website to see advertisements based on their interests (“Facebook ads”) when visiting the Facebook social networking site or other websites that also make use of the process. In using this service, we are pursuing our interest in showing you advertising that is of interest to you in order to make our website more appealing to you. Your consent forms our lawful basis for processing your data in accordance with Art. 6(1) sentence 1(f) GDPR.

Owing to the embedded marketing tool, your browser automatically establishes a direct connection to Facebook’s server. We have no control over the extent and further use of the data that is collected through Facebook’s use of this tool and therefore provide you with the following information on the basis of our understanding. Because we have embedded Facebook Custom Audiences, Facebook is informed that you have accessed the relevant page of our website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can link your visit to your account. Even if you are not registered with Facebook or are not logged in to its services, the provider may still ascertain and store your IP address and further identifiers.

Users who are logged in may deactivate the Facebook Custom Audiences function at https://www.facebook.com/settings/?tab=ads#/.

Further information about data processing by Facebook is available at https://www.facebook.com/about/privacy/.

Facebook also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union (see https://policies.google.com/privacy?hl=en-GB/).

 

 

DoubleClick by Google

 

This website also uses the online marketing tool DoubleClick by Google, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). DoubleClick sets cookies in order to display advertisements that are relevant to users, improve campaign performance reports, or prevent a user from seeing the same advertisements more than once. Google uses a cookie ID to track which advertisements are displayed in which browsers and can thus prevent them from being shown multiple times. In addition, DoubleClick may use cookie IDs to collect conversions related to advertisement requests. This is the case, for example, when a user sees a DoubleClick advertisement and later visits the advertiser’s website with the same browser and buys something there. Your consent forms the lawful basis for processing your data in accordance with Art. 6(1) sentence 1(a) GDPR.

Owing to the embedded marketing tool, your browser automatically establishes a direct connection to Google’s server. We have no control over the extent and further use of the data that is collected through Google’s use of this tool and therefore provide you with the following information on the basis of our understanding. Because we have embedded DoubleClick, Google is informed that you have accessed the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can link your visit to your account. Even if you are not registered with Google or are not logged in to its services, the provider may still ascertain and store your IP address.

You can prevent your participation in this tracking process in the following ways:

  • By deactivating the cookies for conversion tracking by setting your browser so that cookies from the domain “www. googleadservices.com” are blocked (https://www.google.de/settings/ads), a setting that will be deleted when you delete your cookies.
  • By modifying your browser settings. For example, you can accept all cookies, accept third-party cookies (cookies that are set by a third party, i.e. not by the actual website that you are browsing), refuse to accept individual cookies, or delete cookies.

Further information about DoubleClick by Google can be found at https://www.google.com/doubleclick and http://support.google.com/adsense/answer/2839090 in addition to general information about data protection in connection with Google at https://policies.google.com/privacy?hl=en-GB/. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union (see https://policies.google.com/privacy?hl=en-GB/).

 

 

Trusted Shops Trustbadge

 

The Trusted Shops Trustbadge is integrated into this website in order to display our Trusted Shops trustmark and any customer reviews collected as well as to offer Trusted Shops products to buyers after they place an order.

In the context of a balancing of interests, this serves to protect our overriding legitimate interests in the optimal marketing of our offer in accordance with Art. 6(1) sentence 1(f) GDPR. The Trustbadge and the services it is used to advertise are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.

When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which contains various data, such as your IP address, the date and time of the request, the volume of data transferred, and the requesting provider (access data), and documents the request. This access data is not analysed and is automatically overwritten no later than seven days after the end of your visit to the website.

Other personal data is transferred to Trusted Shops only if you have given your consent for this, you have decided to use Trusted Shops products after placing an order, or you have already registered to use said products. In such a case, the contractual agreement concluded between you and Trusted Shops applies.

 

 

15. How long personal data is stored

 

The duration of storage of personal data is dependent on the respective statutory retention period (e.g. retention periods in accordance with commercial and tax legislation). When the statutory retention periods expire, we delete the respective personal data as long as and insofar as the personal data is not necessary for the performance or initiation of a contract or we no longer have a legitimate interest in storing the data.

 

 

16. Other ways in which we share data

 

(1) In some cases, we use external hosting providers to process your data and make this website available. We have carefully selected and commissioned these providers; they are bound by our instructions and regularly monitored. The lawful basis for this is provided by Art. 28 GDPR.

(2) In addition to the cases mentioned above, we share your personal data with third parties only in the following cases:

  • When you have given us your explicit consent for this in accordance with Art. 6(1) sentence 1(a) GDPR, or
  • When there is a legal obligation to disclose the information in accordance with Art. 6(1) sentence 1(c) GDPR, such as in connection with a criminal prosecution, or
  • Where disclosure in accordance with Art. 6(1) sentence 1(f) GDPR is necessary for the purpose of establishing or defending legal claims or exercising such rights, and where it cannot be assumed that disclosure is contrary to an overriding protectable interest on the part of the data subject.



1. General information about the collection of personal data

(1) In the following data privacy notice, we explain how we handle the personal data that is communicated to us when you use our websites and/or our services. “Personal data” means all information that relates to you as an individual, such as name, address, e-mail addresses, or user behaviour.

(2) Data controller in accordance with Art. 4(7) of the General Data Protection Regulation (GDPR):

Brauns-Heitmann GmbH & Co. KG
Lütkefeld 15
34414 Warburg, Germany

Phone: +49 5641 95-0
Fax: +49 5641 95-141

E-mail: datenschutz@simplicol.de

2. Rights of the data subject

(1) In your relationship with Brauns-Heitmann, you have the following rights with regard to the personal data relating to you:

  • Right of access (Art. 15 GDPR) to your personal data as processed by us.
  • Right to rectification (Art. 16 GDPR) or to complete personal data relating to you that is processed by us.
  • Right to erasure (Art. 17 GDPR) of personal data relating to you that is processed by us unless such processing is necessary in the exceptional circumstances outlined in Art. 17(3) GDPR.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to notification (Art. 19 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to withdraw consent that has previously been given to us (Art. 7(3) GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

(2) Furthermore, you have the right to lodge a complaint with a data protection supervisory authority, if you believe that the processing of your personal data by us is unlawful. These authorities are the data protection commissioners for the respective German federal states. You will find the appropriate contacts listed, for example, on the following website: https://datenschutz.saarland.de/datenschutz/zustaendigkeiten/#c139.

(3) Right to object to the processing of your personal data

If we base the processing of your personal data on a balance of interests, you may object to this processing operation. This is the case when the processing operation is not specifically required to fulfil a contract with you, as outlined by us in the corresponding description of each operation. If you choose to exercise this right to object, we will ask you to give reasons why you do not wish us to process your personal data as we have done previously. If we receive a justified objection from you, we will examine the situation and either stop or adjust the data processing operation or alternatively present you with our compelling legitimate grounds for continuing our processing operation. You can, of course, object to the processing of your personal data for marketing and data analysis purposes at any time. Please use the following contact information to enquire about your right to object to marketing: datenschutz@simplicol.de

3. Data security

Because the security of your data is important to us, your personal data is transmitted via a secure SSL or TLS encryption system/connection. TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols used to encrypt online data transmissions. We use these to protect your personal data against third-party access. When your browser bar shows “https//:” or the padlock symbol, you can see that the connection is encrypted.

To provide additional security on our website and other systems, we have technical and organisational measures in place to protect your data from being lost, destroyed, accessed, modified, or distributed by unauthorised persons. However, despite regular inspections, it is not possible to guarantee complete protection against all risks.

4. Visiting our website

If you only use our website for information purposes—i.e. you do not register with us or otherwise provide us with information—we collect only the personal data that your browser transmits to our server. As soon as you request a data file from our website, access data is collected and stored by default.

These records consist of:

  • The page from which the data file was requested
  • The name of the data file
  • The date and time of the request
  • The amount of data transmitted in each case
  • The access status/HTTP status code (i.e. whether or not the data file was transmitted or if it was not found, etc.)
  • A description of the type and version of the web browser used
  • The IP address used

We need this information to show you our website and to ensure its stability and security. We also analyse these records for internal statistical purposes and to support the technical administration of the website. Our lawful basis for these processing operations is Art. 6(1) sentence 1(f) GDPR. Our legitimate interest results from the stated purposes of data collection.

5. Subscribing to our newsletter

(1) By subscribing to our newsletter, you agree to our use of your e-mail address for our own marketing purposes (direct marketing).

Consent to receive the newsletter

“I would like to receive regular information by e-mail from Brauns-Heitmann about attractive offers on goods or services. I can withdraw my consent for the use of my e-mail address at any time. The newsletter is distributed in compliance with our data privacy notice.”

(2) We use a double opt-in process for subscriptions to our newsletter. This means that, after signing up, you will first receive an e-mail with an activation link that you must use to confirm your subscription. Subscription is only complete once you have clicked on the activation link. As part of the subscription process, we store your IP address and the times when you signed up and confirmed, as well as your e-mail address. This enables us to detect any misuse of third-party data at a later date and to verify your subscription.

(3) If your initial sign-up is not confirmed via the activation link within 24 hours, we automatically delete the data that was saved as part of your subscription.

(4) Subscription to the newsletter requires only your e-mail address. Any disclosure of additional, separately identified data is voluntary and used to enable us to address you personally. Upon receipt of your confirmation, we store your e-mail address for the purpose of sending you the newsletter in which we will inform you about our products and services. Your consent forms our lawful basis for processing your personal data in accordance with Art. 6(1) sentence1(a) GDPR.

(5) You can withdraw your consent to the storage and use of your e-mail address for the purpose of sending you our newsletter at any time and with effect for the future and unsubscribe from the newsletter by sending an e-mail to: datenschutz@simplicol.de or by clicking on the link at the bottom of any newsletter.

6. Contacting us by e-mail or using the contact form

(1) When you contact us by e-mail or via the contact form on our website, we collect and store your personal data. The particular personal data collected if you contact us via the contact form is indicated on the form itself. When you contact us by e-mail, we collect and store the following personal data: e-mail address and text in the e-mail body in addition to any further data that is voluntarily provided.

(2) We process the data you provide only in order to deal with your contact enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

7. Use of the live chat function

(1) When you contact us via the live chat function to obtain answers to live enquiries, we will collect and store additional personal data (as well as the data indicated under point 4), such as the name you give us and the content of your messages.

(2) We process the data you provide only to deal with your live enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.

8. Cookies

(1) This website uses cookies. Cookies are small text files that your web browser stores on your device (PC, laptop, tablet, smartphone, etc.). They serve to provide a more enjoyable and convenient experience when using our services or for analytical purposes. When you open the relevant page again, the cookies help to recognise your device. This means that, for example, data you have previously entered can be retrieved when you fill out the form again or that you can continue to place an order for items already placed in your shopping basket. If the cookies are used for the purpose of concluding or executing a contract, our lawful basis is Art. 6(1) sentence 1(b) GDPR. If the cookies are used to safeguard our legitimate interests in ensuring the enjoyable and convenient functionality of our website and to analyse and improve said website, our lawful basis is Art. 6(1) sentence 1(f) GDPR.

(2) This website uses the following types of cookies:

  • We mainly use cookies that are automatically deleted from your hard disk at the end of your browser session or when you log out (transient cookies, in particular session cookies).
  • Other cookies remain on your computer and ensure that we recognise your device when you next visit (known as persistent or permanent cookies). Your system automatically deletes these cookies after a predetermined period of time, which differs from cookie to cookie.

(3) Content and services from other providers (such as YouTube) are embedded in this website. These providers use their own cookies and active components. In this respect, we refer to the information we provide below.

(4) You can modify the way cookies are stored by changing your browser settings at any time. For example, you can accept all cookies, accept third-party cookies (cookies that are set by a third party, i.e. not by the actual website that you are browsing), refuse to accept individual cookies, or delete cookies. Please note, however, that if you refuse or delete cookies from our website, you may not be able to use all of its functions. To protect your privacy, we recommend that you regularly delete cookies from your device and browser history.

9. Analysis tools

Our website uses the following so-called tracking measures, which enable us to analyse usage of our website and regularly improve it. The statistics we collect allow us to enhance our services and make them more attractive for you as a user. They also help us to measure the success of and optimise our advertising activities. Ultimately, they also allow us to send you personalised marketing information. Our lawful basis for these activities is Art. 6(1) sentence 1(f) GDPR, whereby our legitimate interest results from the previously stated purposes.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies (see the “Cookies” section of this data privacy notice, above), which are text files that are stored on your computer and used to analyse your use of the website.

The information the cookie generates about your use of this website is usually transferred to and stored on a Google server in the USA. Should IP anonymisation be activated on this website, your IP address will, however, first be truncated by Google within the Member States of the European Union or in other countries party to the European Economic Area Agreement. Please note that this website uses Google Analytics with the extension “_anonymizeIp()”, which means that IP addresses are only used in their shortened form and it is therefore not possible to identify individuals.

On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator, and providing other services to the website operator relating to website activity and Internet usage. The IP address transmitted by your browser as part of the Google Analytics process will not be merged with any other data held by Google. You can prevent the storage of cookies by changing the browser settings on your computer. However, please note that if you do so, you might not be able to make full use of all the functions on this website.

Furthermore, you can prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in provided at the following link: https://tools.google.com/dlpage/gaoptout/.

You can also prevent Google Analytics from collecting data by clicking on the following link. This sets an opt-out cookie, which prevents your data from being collected when you visit this website.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

You will find more information about Google’s terms of use and privacy policy at: https://www.google.com/analytics/terms/gb.html and at https://policies.google.com/privacy?hl=en-GB/.

10. Incorporation of other tools

Embedded YouTube videos

Our online presence includes embedded YouTube videos that are stored at http://www.YouTube.com and can be played back directly from our website. The provider is YouTube, a service that belongs to Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

All of these videos are embedded in privacy-enhanced mode. This means that no data about you as a user is transmitted to YouTube when you do not play the videos. The data indicated in the following paragraph is transmitted only when you play the videos. We have no control over this data transmission.

YouTube sets cookies to analyse your behaviour as a user. When you visit our website, YouTube is informed that you have opened the relevant subpage of the website. The data we collect as stated above under point 4, “Visiting our website”, is also transmitted. This is independent of whether or not you are logged in to a YouTube user account. If you are logged in to Google, your data will be directly linked to your account. If you don’t want YouTube to link to your profile, you must log out before clicking the button.

YouTube/Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for YouTube/Google is Art. 6(1) sentence1(f) GDPR, whereby the legitimate interests of YouTube/Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact YouTube/Google to exercise this right.

Because YouTube videos are embedded in our site, a connection to Google’s DoubleClick advertising network is established when a page is opened, regardless of whether the video is played.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework.

Further information about the purpose and extent of data collection and data processing by YouTube is available in its privacy policy. You will also find more information here about your rights and settings options to help you protect your privacy: https://policies.google.com/privacy?hl=en-GB/.

Embedded Google Maps

This website uses the Google Maps service. As a result, we are able to show you interactive maps directly in our website and you can easily use the mapping function. The provider is Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit our website, Google is informed that you have opened the relevant subpage of our website. The data we collect as stated above under point 4 of this notice, “Visiting our website”, is also transmitted. This is independent of whether or not you are logged in to a Google user account. If you are logged in to Google, your data will be directly linked to your account. If you don’t want Google to link to your profile, you must log out before clicking the button.

Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for Google is Art. 6(1) sentence 1(f) GDPR, whereby the legitimate interests of Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact Google to exercise this right.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

Further information about the purpose and extent of data collection and data processing by the plug-in provider is available in the provider’s privacy policies. You can also find out more here about your applicable rights and settings options to help you protect your privacy: https://policies.google.com/privacy?hl=en-GB/.

11. Marketing tools

Facebook Custom Audiences

This website utilises the remarketing function “Custom Audiences” provided by Facebook Inc. (“Facebook”), 1601 S California Ave, Palo Alto, California 94304, USA. This allows users of the website to see advertisements based on their interests (“Facebook ads”) when visiting the Facebook social networking site or other websites that also make use of the process. In using this service, we are pursuing our interest in showing you advertising that is of interest to you in order to make our website more appealing to you. The lawful basis for processing your data is Art. 6(1) sentence 1(f) GDPR, whereby the legitimate interest results from the previously stated purposes.

Owing to the embedded marketing tool, your browser automatically establishes a direct connection to Facebook’s server. We have no control over the extent and further use of the data that is collected through Facebook’s use of this tool and therefore provide you with the following information on the basis of our understanding. Because we have embedded Facebook Custom Audiences, Facebook is informed that you have accessed the relevant page of our website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can link your visit to your account. Even if you are not registered with Facebook or are not logged in to its services, the provider may still ascertain and store your IP address and further identifiers.

Users who are logged in may deactivate the Facebook Custom Audiences function at: https://www.facebook.com/settings/?tab=ads#/.

Further information about data processing by Facebook is available at: https://www.facebook.com/about/privacy/.

Facebook also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

12. How long personal data is stored

The duration of storage of personal data is dependent on the respective statutory retention period (e.g. retention periods in accordance with commercial and tax legislation). When the statutory retention periods expire, we delete the respective personal data as long as and insofar as the personal data is not necessary for the performance or initiation of a contract or we no longer have a legitimate interest in storing the data.

13. Other ways in which we share data

(1) In some cases, we use external hosting providers to process your data and make this website available. We have carefully selected and commissioned these providers; they are bound by our instructions and regularly monitored. The lawful basis for this is provided by Art. 28 GDPR.

(2) Over and above this action, we share your personal data with third parties only in the following cases:

  • When you have given us your express consent for this in accordance with Art. 6(1) sentence 1(a) GDPR, or
  • When there is a legal obligation to disclose the information in accordance with Art. 6 (1) sentence 1(c) GDPR, such as in connection with a criminal prosecution, or
  • Where disclosure in accordance with Art. 6(1) sentence 1(f) GDPR is necessary for the purpose of establishing or defending legal claims or exercising such rights, and where it cannot be assumed that disclosure is contrary to an overriding protectable interest on the part of the data subject.