for Manufactum GmbH, Hiberniastraße 5, D-45731 Waltrop Germany, Date: 2020-01-09
D-45731 Waltrop Germany
Telephone: +49 (2309) 939-095
Fax: +49 (2309) 939-850
E-Mail address: email@example.com
Manufactum is represented by its managing director Max Heimann
You may reach our data protection officer at:
Dr. Thorsten B. Behling
WTS Legal Rechtsanwaltsgesellschaft mbH
D-50677 Köln Germany
3 The purpose of data processing, legal bases and legitimate interests pursued by the controller or a third party as well as categories of recipients and origin of data
When visiting websites/opening applications the respective internet browser on your device sends information to the server hosting our website and temporarily saved to log files. The datasets saved in the process contain the following data which is stored until automatically erased: Date and time accessed, name of the page visited, IP address of the requesting device, referrer URL (URL of the page which redirected you to our page), the data volume transferred, loading time, as well as product and version information of the browser being used, your operating system, and the name of your access provider.
The legal basis for processing the IP address is Article 6(1)(f) GDPR. Our legitimate interest is
ensuring a good connection,
- ensuring convenient use of our website/application,
- analysing system security and stability.
The information does not enable, nor do we attempt to identify you directly. You may object to processing of your personal data in our legitimate interests at any time as explained under Item 5.3.
Data is stored and automatically erased after achieving the specified purposes. The defined periods for erasure are based on the criterion of necessity.
Our website uses so-called cookies, tracking tools, targeting methods and social media plugins. The precise methods and how your data is used for this purpose is detailed under Item 3.4 below.
When registering on our website and/or concluding an additional contract with us, we process the data required for conclusion, performance or termination of the contract with you. This includes:
- first name, last name
- billing and delivery address
- e-mail address
- billing and payment data
- telephone number
- bank data and,
- if applicable, date of birth.
The legal basis for this is Article 6(1)(b) GDPR, i.e. the data is provided by you based on the respective contractual relationship (e.g. maintaining your customer/user account, fulfilling a sales contract) between you and us. When placing a purchase order through our website according to statutory provisions of the German Civil Code (BGB) obliging us to send you an electronic order confirmation we are further obliged to process your e-mail address (Article 6(1)(c) GDPR).
Provided this data will not be used by us for advertising purposes (see 3.3. below), the data collected for performance of contract is stored for the term of the contract and until expiry of statutory or possible contractual warranty and guarantee rights. Upon expiry of this period the information arising from the contractual relationship required under commercial and tax law is stored for the periods specified by law. During this period the data will solely be processed again in the event of a tax audit.
Fulfilling a sales contract through our website/applications further requires data processing as follows:
We transmit your payment data to payment service providers assigned by us to process the payment(s). We share your delivery address information with logistics companies and shipping partners assigned by us. To ensure despatch meets your wishes we share your e-mail address and, if necessary, the telephone number with the logistics company and/or shipping partner assigned by us carrying out delivery. These may contact you prior to delivery to coordinate delivery with you. The respective data is transmitted solely for the specified purposes and erased following delivery.
The data provided by you in connection with a purchase order may be used to verify if the order process is abnormal (e.g. simultaneous order for variety of products to the same address using different customer account). This review on principle constitutes our legitimate interest. The legal basis for processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the ability to prevent fraud attempts at our expense, thus preventing economic disadvantages for us.
We work with logistics providers logistics providers/transport companies and/or shipping partners for delivery of the goods ordered: The following data may be shared with these for the purpose of delivering the goods ordered or to notify you: First name, last name, postal address, e-mail address, telephone number (e.g. for delivery notice).
The legal basis for processing is Article 6(1)(b) GDPR.
We generally have a legitimate interest in using your data for marketing purposes. We process the following data for our own marketing purposes and for third-party marketing purposes: First name, last name, postal address, if necessary the year of birth.
We are further entitled to store additional personal data, collected in compliance with the law, along with said data for our own marketing purposes and for third-party marketing purposes. The goal is to provide you with advertising solely based on your actual or perceived needs and not to inconvenience you with useless advertising.
The additional data stored is not transmitted to third parties. Manufactum further pseudonymises/anonymises your personal data collected for the purpose of using the pseudonymised/anonymised data for our own marketing purposes and third-party marketing purposes (advertisers).
The pseudonymised/anonymised data may also be used to show online advertisements tailored to your needs, in which case the advertising may be controlled by third-party service providers and/or agencies. The legal basis for using personal data for marketing purposes is Article 6(1)(f) GDPR. Our legitimate interest is enabling us to provide you with advertising tailored to you and thus presenting our company specific to your personal preferences.
Notice of your right to object
You may at any time object to your personal data being used for the above marketing purposes free of charge with future affect by contacting firstname.lastname@example.org.
Upon objecting, your data will be blocked from further data processing for advertising. Please note, in some cases we may temporarily still send you advertisings after receiving your objection. This is for technical reasons due to the lead time required during selection and does not mean your objection has not been implemented.
Our website/applications feature an option to subscribe to our newsletter. We use the so-called double opt-in method (DOI method) to verify no mistakes occurred when entering the e-mail address: After entering your e-mail address in the registration field and consenting to receive our newsletters we will send a confirmation link to the address provided. Your e-mail will not be added to our newsletter distribution list until the confirmation link has been clicked. The legal basis for this data processing is Article 6(1)(f) GDPR in each case.
Our newsletters include an image one pixel in size (pixel counter) which the server fetches when opening the newsletter. Fetching this collects technical information such as information about your browser or system as well as your IP address and the time accessed. This information is used to make technical improvements to our services. The statistical inquiries include determining whether the newsletter is opened, when they are opened and which links are clicked. This serves the purpose of determining the reading behaviours of our users and tailoring our contents to this, or to deliver different contents based on the interests of our users.
The legal basis for this data processing is Article 6(1)(f) GDPR.
If you do not wish we process usage data related to our newsletters received by you as described above, you can prevent us from receiving the respective information, thus exercising your right to object - notwithstanding items 5.2 and 5.3 - as follows:
- Information about newsletter delivery:
Unsubscribing the newsletter (see note below)
- Information about opening the newsletter:
Blocking images in your e-mail client. The help function of your e-mail client can typically provide detailed information related to this topic.
- Information about clicks from the newsletter:
Avoid clicking images and links in a newsletter.
- Your surfing behaviour on our website after clicking an offer in a newsletter:
1. Configure your browser to block cookies. For detailed information please refer to Item 3.4.1. Please note, blocking cookies may prevent you from being able to make full use of the functions on our website.
2. You can alternatively object to tracking your surfing behaviour here (external link) .
- Device used including e-mail client and operating system:
Block images in your e-mail client and avoid clicking on images and links in a newsletter. Please note, even after taking these measures we still receive information about your operating system when visiting our website.
Right to object
You may withdraw your consent at any time with future effect by writing to email@example.com or click the unsubscribe link at the end of every newsletter.
As an existing customer of our web shop we routinely send you recommended products by e-mail. You will receive these product recommendations regardless if you have subscribed to a newsletter. We therefore use the e-mail address provided by you when placing an order to advertise our products and/or services similar to those you have previously purchased from us. The legal basis for this data processing is Article 6(1)(f) GDPR.
Right to object
You may object to our product recommendations at any time with future effect by writing to firstname.lastname@example.org.
If you enter a contest held by Manufactum, we will use the data provided when entering for the purpose of implementing the participation contract, particularly to notify winners and, where applicable, to advertise our offers and/or offers of our contest partners. For detailed information please refer to the eligibility requirements for the respective contest. The legal bases for this data processing are Article 6(1)(a) GDPR, Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.
Most cookies used by us are deleted at the end of the browser session (so-called session cookies). These allow us to provide you with e.g. displaying the basket on different pages, providing you with information about how many items are currently in your basket and your current order total. Other cookies remain on your computer and allow us to recognise your computer the next time you visit our website (so-called permanent or persistent cookies). These cookies are specifically used to make our offering user-friendly, more effective and more secure. These files allow us to for example display information on the page specifically tailored to your interests.
You can certainly configure your browser to block our cookies from being saved to your device. The help function in the menu bar in most browsers explains how to prevent your browser from accepting new cookies, to have your browser notify you of new cookies, or how to delete existing cookies and block all future cookies.
Use the following steps to do so:
- In the "Extras" menu select "Internet Options".
- Click on the "Privacy" tab.
- You can now change the security settings for the Internet zone. Here you can configure if and which cookies to accept or block.
- Click "OK" to confirm your settings.
- In the "Extras" menu, select Options.
- Click "Privacy & Security".
- In the drop-down menu select "custom".
- You can now configure whether to accept cookies, how long the cookie will be stored and add exceptions for websites for which you always or never want to allow cookies.
- Click "OK" to confirm your settings.
- Click on the Chrome menu in the browser toolbar.
- Now click "Settings".
- Click "Advanced".
- Under "Privacy and security" click "Content settings".
- Click "Cookies" for the following settings:
- Clearing cookies
- Blocking all cookies
- Always clearing website data when exiting the browser
- Allowing cookies from specific websites or domains
- However, please note that in this case you may not be able to make full use of all functions on this website.
- If these cookies and/or the information they contain pertain to personal data, the legal basis for data processing is Article 6(1)(f) GDPR. Our interest to optimise our website is the legitimate interest as defined by the above provision.
18.104.22.168 Legal basis for data processing using cookies
If these cookies and/or the information they contain are personal data, Manufactum will process these as permitted under the data protection law. In this respect, processing will on one hand be based on Article 6 (1) (f) GDPR (legitimate interest in optimising our offering). On the other hand, certain cookies will only be used based on your consent (Article 6 (1) (a) GDPR), so Manufactum will only process your data to that effect with your consent. The respective legal basis is listed below in the information regarding the respective service. If Manufactum bases data processing using cookies on consent, you give your consent to that effect by clicking on this website (except clicking the link "Terms", "Privacy"/"Data Protection" and "Legal Notice") whilst a banner linking to this item 3.4.1 is displayed or by clicking the "OK" button shown in the banner. In both cases, you give your consent to your data being processed as per items 3.4.6 and 3.4.8 below. You may withdraw your consent as specified under item 22.214.171.124 below. If you do not with to give your consent in the first place, please click the link "Decline here" in the link.
126.96.36.199 Withdrawing consent
You may withdraw your consent specified under item 188.8.131.52 at any time for future transactions without specifying a reason here by following the instructions. Withdrawing consent does not affect data processed prior to such time. Please also note the information provided.
We use Google Analytics, a web analysis service of Google LLC ("Google") for the purpose of user-friendly design and continuously optimising our website on the basis of Article 6 (1) (f) GDPR. Google Analytics uses so-called "cookies", text files which are stored on your computer, allowing your use of the website to be analysed. We anonymise data collection when data is collected using Google Analytics. Meaning your IP address is anonymised and masked once the data is transmitted to the Google Analytics data collection network, before they are saved or processed by Google.
At the request of the operator of this website, Google provides said with a system for analysing the anonymised website activity. The data collected through Google Analytics are not merged with other Google data. You can configure your browser software to prevent storing these and other cookies; however, please be aware that in this case, you may not be able to make full use of all functions of this website. You can further prevent the collection of data generated by the cookie and restricted to your use of the website by Google and this data being processed by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Our website uses the service Google Ads. Google Ads is an online advertising program by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). No personal information related to user identity is passed on.
We further use so-called Conversion Tracking in line with use of the Google Ads service. When clicking on an advertisement of Google, a Conversion Tracking cookie is saved to your computer/device. These cookies expire after 30 days, do not contain personal information, thus do not serve for personal identification. Information obtained using the conversion cookie are used to measure success and to optimise our activity level in the Google Ads advertising program.
The legal basis for this data processing is Article 6 (1) (f) GDPR.
You can prevent cookies from being stored by configuring your browser software accordingly; however, please be aware that in this case, you may not be able to use all functions of this website to the full extent.
Our website uses the Bing Ads service. Bing Ads is an online advertising program by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Not personal information identifying the user is transmitted
A pixel for Facebook Ireland Ltd. is embedded in our website (so-called Website Custom Audience Pixel). This pixel collects pseudonymised information about your use of this website (e.g. information about items viewed). The collected information can be used to show custom advertisements e.g. in your Facebook account. You can click here to object to this information being collected.
The legal basis for this data processing is Article 6(1)(a) GDPR.
The legal basis for processing is Article 6 (1) (f) GDPR.
We work with advertising partners to make online offers on our site even more interesting for you. Cookies from our advertising partners (so-called third-party cookies) are therefore also added when visiting our site. The cookies from our advertising partner also collect pseudonymised information about your user behaviour and your interests when visiting our website. They also collect some information related to your visit to other sites before visiting our website. This information is used to show you interest-based advertisements from our advertising partners. No personal data will be saved, nor will usage profiles be merged with your personal data.
You can change your cookie settings in your browser to prevent interest-based advertisements from our advertising partners.
This website uses ADITION adserving technology by ADITION technologies AG, Oststraße 55, 40211 Düsseldorf (www.adition.com) (hereinafter 'Adition') to collect and save data for marketing and optimisation purposes. This data can be used to for example create pseudonymised user profiles. Cookies may be used for this purpose. Adition does not use the data collected through ADITION ad serving technology to personally identify the visitor to this website.
We further also commissioned Performance Media Deutschland GmbH ('Performance Media'), which implements online marketing campaigns through the Adition ad server system. The following explanation about objecting/opting out with respect to Adition therefore also applies with respect to services provided by Performance Media.
"The legal basis for the data processing as described above is your consent, in accordance with Art. 6, paragraph 1 letter a) of GDPR, if you have given it. Your consent to this data collection and storage can be revoked at any time with effect for the future, as described in section 184.108.40.206."
In addition to the disabling options described above, you can also block the specified technologies in general by changing the cookie settings in your browser. You can further disable preference-based advertising with this preference manager.
For maximum convenience you can permanently store your personal data in a password-protected customer account/user account.
Creating a customer account is generally voluntary. When creating a customer account the data collected in this respect is processed based on Article 6(1)(b) GDPR. After creating a customer account you do not need to re-enter your data. You can further view and change the personal data saved to your customer account at any time.
Creating a customer account is only required for performance of contract when placing an order through our website/application.
In addition to the data required when placing an order, you will need to choose a password when creating a customer account. This will be required along with your e-mail address to access your customer account. Please keep your personal login data confidential and do not allow unauthorised third parties to access it. Please note, you will automatically remain logged in after leaving our website unless you log out of your account.
You may delete your customer account at any time. However, please note if you have previously purchased from us, this will not delete the data shown in the customer account. Your data is deleted after expiry of the retention periods under commercial and tax law to which we are subject. The legal basis for this further data processing is Article 6(1)(c) GDPR and Article 6(1)(f) GDPR, with our legitimate interest being retaining the data for any applicable legitimate reasons for storage.
We offer different options to contact us. Via e-mail, telephone, using the contact form, or by post. When contacting us we use any personal data freely provided by you in this respect for the sole purpose of contacting you and processing your inquiry.
The legal basis for this data processing is Article 6(1)(a), Article 6(1)(b), Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. When processing data based on Article 6(1)(f) our required legitimate interest for responding to your inquiry is to allow us to present our company in a positive light and ensure a high level of satisfaction among customer/prospective customers.
If you decide to apply for a vacancy posted under 'Jobs' by post or by e-mail, we will process your basic personal data (e.g. salutation and name), your contact data (e.g. e-mail address, telephone number), your address data and your application data (e.g. cover letter, résumé, diplomas/certificates) to determine whether to employ you and, where applicable, to justify, implement and terminate said. We will only process data beyond the above types of data if and where suitable to establish your qualification for the position. The legal basis for this is Article 88 GDPR in conjunction with Article 26(1)(1) BDSG.
When submitting your application by e-mail (preferably in PDF format), please ensure it is encrypted adequately, as data transmission by e-mail is not secure and can therefore be intercepted by third parties. Please further note the maximum file size is 7MB.
When submitting application documents for another person, e.g. acting as a recruitment consultant, you are obliged to comply with all requirements related to data protection law. For details please see Item 3.9.
We generally only collect your personal data from you. In exceptions where this is not the case we will specifically notify you. However, we may also receive data from others, namely the person entering it in the respective areas of our website (e.g. creating an account, using the contact form).
When transmitting personal data concerning a third party to us through our website you are obliged to comply with all of the requirements under data protection law, particularly under Article 5 to 9 as and 12 GDPR. Otherwise we do not have your consent to collection with respect to the data provided and reserve the right to take legal action against you.
- Public authorities to which data must be transmitted by virtue of statutory provisions (e.g. fiscal and supervisory authorities)
- Internal departments involved in carrying out tasks (e.g. Sales, IT, IT Security)
- Vendors (e.g. IT service providers)
- Our data protection officer
With the exception of the following processing we do not share your data with recipients domiciled outside the European Union or the European Economic Area. The specified processing includes data transmission to the server of the provider of tracking or targeting technologies assigned by us. These servers are located in the USA. Data is transmitted based on the so-called EU standard contract clauses of the EU commission and the principles of the so-called Privacy Shield.
You may exercise your rights against us under this Item 5 directly with us or with our data protection officer. Please refer to Item 1 and Item 2 for the respective contact information.
In addition to the right to withdraw your consents you have granted us you are entitled to the following additional rights if the following respective legal requirements apply:
- the right to obtain information about the personal data concerning you stored by us (Article 15 GDPR), and can specifically obtain information about the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, where the personal data are not collected from the data subject, any available information as to their source;
- the right to rectification of inaccurate personal data (Article 16 GDPR),
- the right to erasure of personal data concerning you we have stored (Article 17 GDPR), unless required for compliance with statutory or contractual retention periods or other legal obligations or rights to further storage by us,
- the right to restriction of processing of your data (Article 18 GDPR), provided the accuracy of the personal data is contested by you, the processing is unlawful and you oppose the erasure of the personal data; we no longer need the data but they are required by you for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Article 21(1) GDPR,
- the right to data portability under Article 20 GDPR, i.e. the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to request transmission of those data to another controller
- the right to lodge a complaint with a supervisory authority. You can typically lodge contact the supervisory authority of your habitual residence, place of work or of our place of business.
You have the right to object to data processing on grounds relating to your particular situation subject to the requirements of Article 21(1) GDPR.
Provided we are processing data based on your consent, you have the right to withdraw consent at any time. Withdrawing your consent does not invalidate data processing based on consent prior to withdrawal.
Your personal data processed will not be used for automated decision-making which produces legal effects concerning you or similarly significantly affects you.
However, your personal data processed will be used to provide you with personal recommendations on our website using pseudonymised usage profiles. With your consent this personalisation may also be used in our newsletters.
Moreover, should you use e.g. technical measures to prevent us from receiving data required to use our website (see in particular Item 3.4), you may not be able to use our website or use it to the full extent.
We are unfortunately also unable to provide you the respective service without the required data (e.g. related to contact or when participating in a contest).