Data Protection and Security
1. General Information
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to SUPERIORE.DE GmbH (e.g. the Federal Data Protection Act). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). The person in charge, within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with data protection character is:
Phone: +49 (0) 3523 53368-0
Use of the internet pages of the SUPERIORE.DE GmbH is basically possible without any indication of personal data. However, if an affected person wishes to use our company's special services through our website, personal data processing may be required. If the processing of personal data is required and there is no legal basis for such processing, we generally ask for the consent of the data subject.
As far as possible, session cookies are used on the above-mentioned pages. These cookies are automatically deleted when the data subject has left the websites. The data subject can prevent the setting of cookies through the websites at any time by means of a corresponding setting of the internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via the internet browser or other software programs. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of the SUPERIORE.DE GmbH internet pages may be fully usable.
3. Collection of general Data and Information
With each page view by a data subject or an automated system the website of SUPERIORE.DE GmbH collects a series of general data and information. It can record the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses the internet sites (so-called referrers), (4) the sub-websites, which are accessed via an accessing system on our website, (5) the date and time of access to the Internet pages, (6) an Internet Protocol address (IP address), (7) the Internet Service Provider of the accessing system and (8) other similar data and information used in the event of attacks on the information technology systems of the enterprise. If you use one of our contact options, your details, such as surname, first name, e-mail address and your message will be processed exclusively for the purpose of processing and handling your request. These data are processed by us on the basis of your consent in accordance with Art. 6 para. 1 f) GDPR.
When using this general data and information, SUPERIORE.DE GmbH does not draw any conclusions about the data subject. Rather, this information is required in order to (1) correctly deliver the content of our web pages, (2) to optimise the content of the web pages as well as to advertise them, (3) to ensure the long-term functioning of the information technology systems and the technology of the pages, and (4) to provide law enforcement with the necessary information for prosecution in the event of a cyberattack. This anonymously collected data and information is therefore statistically and further evaluated by SUPERIORE.DE GmbH with the aim of increasing data protection and data security in the company in order to ultimately ensure an optimal level of protection for the processed personal data. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
4. Registration on the Websites of SUPERIORE.DE GmbH
Users have the opportunity to register by providing personal information. Which personal data will be sent to the data controller depends on the respective input mask used for the registration. The personal data entered by the data subject shall be collected and stored solely for his/her own purposes and internal use by the data controller. The data controller may arrange for the disclosure to one or more external processors, such as parcel service or shipping agents, who also use the personal data only for internal use attributable to the data controller and only for the duration of the performance of the task.
By registering on the website of the data controller are also stored the IP address assigned by the Internet Service Provider (ISP) of the data subject, as well as the date and time of registration. The storage of this data takes place in the light of the fact that this is the only way to prevent the misuse of the services and performances offered and, if necessary, to use this data to investigate past crimes committed. In this respect, the storage of this data is required to secure the data controller. A disclosure of this data to third parties will not be made, as long as there is no legal obligation to disclose or the disclosure serves a legal prosecution.
The registration of the data subject, by voluntarily providing personal data, is used by the data controller to provide the data subject with the content, services or performances that by their very nature can only be offered to registered users. Registered persons are free to change the personal data given at the registration at any time or to delete it or have it deleted completely from the database by the data controller, provided that this does not conflict with statutory retention requirements. Furthermore, the data controller provides information on what personal data about the data subject is stored to each data subject at any time upon request.
5. Orders on SUPERIORE.DE GmbH Websites
If the data subject places an order on the Company's website, the data of the order will be processed solely for order processing. To provide a better service, SUPERIORE.DE GmbH will provide the data subject with the archived information of previous orders for a longer period of time, for example to make additional follow-up orders or to compare products. As part of the order processing, the data controller only transfers selected data to those service providers, i.e. to third parties that are absolutely necessary for the order processing. Such providers are for example postal service providers or forwarding companies that provide the customer contact data in question for the provision of transport services. Only in case of private delivery: Age and identity of the supplied person (youth protection act) will be transferred.
Payment service providers also receive the necessary data, exclusively for the handling of payment processing. For example, credit card details are only collected temporarily as far as it is necessary for the processing of payments and are stored neither temporarily nor permanently. By placing the order, the data subject gives consent that he/she can subsequently be contacted by email after receiving the ordered goods to rate the service and the products purchased. The consent to solicit this rating may be revoked at any time.
We explicitly declare that the data will not be transferred to other recipients or resold.
6. Youth Protection Act
The age must be specified during registration and before ordering. These data will be transmitted (in case of private delivery) to the logistics service provider in order to check and comply with the regulations of youth protection act.
7. Subscription to the Newsletter of the SUPERIORE.DE GmbH
SUPERIORE.DE GmbH offers the opportunity to subscribe to the company newsletter. Which personal data are transmitted to the data controller when the newsletter is ordered results from the input mask used for this purpose. This newsletter can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for sending the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by the data subject for the first time for newsletter mailing using the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address as the data subject authorised receipt of the newsletter.
When subscribing to the newsletter, the company also stores the IP address of the computer system used by the data subject as assigned by the Internet Service Provider (ISP) at the time of registration, as well as the date and time of the application. The collection of this data is necessary in order to be able to trace a (possible) misuse of the e-mail address of a data subject at a later date and therefore provides the legal safeguards for the data controller.
The personal data collected as part of a newsletter application will only be used to send it. Subscribers to the newsletter may also be notified by e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. There will be no transfer of the personal data, collected as part of the newsletter service, to third parties. The subscription to the newsletter may be terminated by the data subject at any time. The consent to the storage of personal data that the data subject has given to the newsletter can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe informally at any time from the receipt of the newsletter by e-mail, telephone or in writing.
8. Rights of Data Subjects
8.1. You have the right to request a confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
8.2. In accordance with Art. 16 GDPR you have the right, under consideration of the purpose of the processing, to ask for the completion of incomplete data concerning you or the immediate correction of the incorrect data concerning you.
8.3. In accordance with Art. 17 GDPR, you have the right to demand that data relating to you be deleted without delay, or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
8.4. You have the right to receive the data relating to you which you have provided to us in accordance with Art. 20 GDPR and to request their transmission to other responsible persons.
8.5. You have the right to object to the use of your data at any time in accordance with Art. 21 GDPR and to declare revocation of use in the event of consent pursuant to Art. 7 (3) GDPR.
8.6. According to Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.
9. Routine Deletion and Blocking of Personal Data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of the storage or, if so provided by the European legislator and/or legislator in laws or regulations governing the data controller. If the storage purpose is cancelled or if a storage period prescribed by the European directives and regulations or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions. In individual cases, the storage period can be up to 10 years.
The data controller has integrated into this website components of the company Facebook. Facebook is a social network, the operating company is the Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland is responsible for the processing of personal data, if a data subject lives outside the US or Canada.
Currently, there is only a link to the corporate page of the person responsible for Facebook on the individual pages of this website. If visitors of the pages use the link, then they leave the website and use the services of Facebook. Here the Facebook page of SUPERIORE.DE GmbH is displayed immediately. On this page, the data controller himself is subject to the rules and regulations of Facebook, so there is no possibility to check whether Facebook complies with the data protection regulations. Use of the link is at your own risk.
We use the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011.
On some of our web pages, we use plugins of the provider Vimeo. If you call up the Internet pages of our Internet presence provided with such a plugin, a connection is established to the Vimeo servers and the plugin is displayed. This transmits to the Vimeo server which of our Internet pages you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
Further information on data processing and notes on data protection by Vimeo can be found at https://vimeo.com/privacy.
Our internet presence uses Matomo (formerly: "PIWIK") on the server operated by us. Matomo is an open source software with which the use of our internet offer can be analysed. When calling up individual pages, your IP address, the URI, the referrer URL when changing to our website, your length of stay and the frequency of calls are processed. This data is only accessible to us and is not transferred to third parties. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis and optimisation of our website.
To protect your personal rights we use Matomo with the anonymisation function "Automatically Anonymize Visitor IPs". By shortening your IP address to only six instead of twelve digits, it is no longer possible to assign it to your Internet connection.
If you would like to deactivate the analysis of your usage behaviour on the part of Matomo in general, please use the following option. With activation a cookie is set, which deactivates the transmission. If you empty cookies, however, the option must be set again.
The data controller has integrated the component Google Analytics (with anonymization function) into this website. Among other things, this web analysis service collects data which website the data subject has come to a website from (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. The data controller uses the addition "_gat._anonymizeIp" for web analytics via Google Analytics. By means of this addition, the IP address of the internet connection of the data subject will be shortened and anonymised by Google, if the access to the websites of SUPERIOREDE GmbH happens from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area. The operating company of the Google Analytics component is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
Google Analytics uses a cookie (see above) on the information technology system of the person concerned. By setting the cookie Google is able to analyse the use of the web pages. Each time a single page of this website, operated by the data controller and incorporating a Google Analytics component, is accessed, the internet browser on the information technology system of the data subject is automatically led by the respective Google Analytics component to submit data to Google for the purpose of online analysis. As part of this technical process, Google will be aware of personal information, such as the IP address of the data subject. With the help of the cookie is stored personally identifiable information, such as access time, the location from which access was made, and the frequency of visits to our website by the data subject. Each time of visiting the website, the personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
SUPERIORE.DE GmbH uses Google AdWords, an internet advertising service that allows advertisers to run advertisements on both Google and Google Network search engine results. Google AdWords allows an advertiser to pre-set keywords that will display an advertisement on Google's search engine results only when the search engine retrieves a keyword-related search result. In the Google Network, advertisements are distributed on topically relevant websites using an automated algorithm and according to pre-defined keywords. The Google AdWords Services Operating Company is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
If a data subject accesses the internet pages of SUPERIORE.DE GmbH via a Google ad, a so-called conversion cookie (see above) will be stored on the data subjects information technology system by Google. A conversion cookie expires after thirty days and is not used to identify the data subject. If it is not yet expired, a conversion cookie traces whether certain sub-pages, such as the shopping cart from an online shop system, were accessed on our website. With the help of the conversion cookie, both the company and Google can understand whether a data subject, who has reached the SUPERIORE.DE GmbH website via an AdWords ad, has generated or cancelled a turnover, that is, a purchase.
The conversion cookie stores personally identifiable information, such as the web pages visited by the data subject. Each time of visiting the company’s website, the personal information, including the IP address of the internet connection used by the data subject, is transferred to Google Inc. in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
The data controller integrated Twitter components on this website. Twitter is a multilingual, publicly accessible microblogging service on which users can post and distribute so-called tweets. These short messages are available to anyone, including non-Twitter subscribers. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Twitter also allows you to address a broader audience through hashtags, links, or retweets. The operating company of Twitter is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
When selecting the above-mentioned payment method, the goods are usually shipped even before the invoice amount has been received on the SUPERIORE.DE GmbH account. The data controller transmits your data (name, address and date of birth) on a random basis to the following service provider for the purpose of credit assessment, the obtaining of information to assess the risk of non-payment on the basis of mathematical-statistical methods using address data: Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss.
The legal bases of these transfers are Article 6 (1) (b) and Article 6 (1) (f) of the GDPR. Transfers based on these provisions may only be made to the extent that this is necessary for the legitimate interests of SUPERIORE.DE GmbH or third parties and does not outweigh the interests of the data subject's fundamental rights and freedoms, which require the protection of personal data. Detailed information about the credit bureaus in the sense of Art. 14 European General Data Protection Regulation (EU GDPR), i.e. information on business purpose, for data storage purposes, data recipients, the right of self-information, the right to cancellation or correction, etc. can be found at the following link https://www.boniversum.de/EU-DSGVO/.
If a data transfer to the mentioned service provider(s) is to be avoided, the data controller recommends the selection of another payment method.
The data controller has integrated components of PayPal (Europe) S.à.r.l. & Cie. S.C.A. on this website. PayPal is an online payment service provider. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments through credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects PayPal as a payment option during the ordering process in the online shop of SUPERIORE.DE GmbH, data of the person concerned will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually a first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data in connection with the respective order are also necessary for the execution of the purchase contract. The purpose of the transmission of the data is payment processing and fraud prevention. The data controller will provide PayPal with personally identifiable information, in particular if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and the data controller may be transferred by PayPal to credit reporting agencies. This transmission aims at the identity and credit check. PayPal may disclose personal information to affiliates and service providers or subcontractors, as far as it is necessary to fulfil the contractual obligations or if the data is to be processed in the order. The applicable privacy policies of PayPal are available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
If a data transfer to the mentioned service provider is to be avoided, the data controller recommends the selection of another payment method.
SUPERIORE.DE GmbH uses the independent evaluation portal eKomi, which is managed by eKomi Ltd., Markgrafenstr. 11, 10969 Berlin, Germany. The person in charge would like to constantly improve the service of SUPERIORE.DE GmbH and therefore decided to use such a solution. It is therefore not possible for the responsible person to individually control or influence rating invitations. For each order after a reasonable period of time after receipt of the goods a message will be sent to the deposited e-mail address of the data subject, with a request for evaluation. Only in this way is it possible to guarantee a complete, independent assessment of the company and the services provided that can not be influenced by the person in charge. The data transferred to eKomi consists of the voluntary indication of the e-mail address, the actual evaluation for the order processing and in the second step the evaluation of the purchased product. In addition, the date of the order and the review will be saved and displayed later. These data are transferred to eKomi and are neither used by eKomi nor passed on to third parties. Only the rating will be sent to Google. The submission of a rating is basically free to the person concerned. By submitting the rating / feedback, the data subject agrees to eKomi's current communication rules. The applicable privacy policies of eKomi are available at https://www.ekomi.de/de/datenschutz/.
The SUPERIORE.DE GmbH uses the seal “EHI Certified Online-Shop”, a widget of the EHI Retail Institute GmbH, Spichernstraße 55, 50672 Cologne (EHI). When visiting the website, the EHI servers load dynamic content (current rating of the shop, certificate, etc.) into the widget. The following data of the data subject is transmitted to the servers of EHI: The IP address, the previously visited website, date and time of retrieval, amount of data transferred, browser type and version, operating system used and requesting provider (referrer data). Due to the predominantly legitimate interest of EHI, the processing is carried out to optimise the offer according to Art. 6 para. 1 f GDPR. The applicable privacy policies of EHI GmbH are available at https://ehi-siegel.de/datenschutz/.
20. Legal basis of processing
The basis for the data collection here is usually the consent under Article 6 paragraph 1 (a) GDPR. If data processing is necessary to fulfil the contract, the basis must be determined in accordance with Article 6 (1) (b) GDPR. However, the further basis of information provided pursuant to Article 6 (1) (c), (d), (e) and (f) GDPR are also applicable if the reasons or conditions are met. The purpose here is to offer a clear offer, a functioning online shop and to carry out orders. Further information on the current version of the General Data Protection Regulation (GDPR), which determines the rights and obligations in the European data protection law, can be found here: https://www.bfdi.bund.de/EN/Home/home_node.html
21. Supervisory Authority
The Supervisory Authority is the Saxon Data Protection Officer https://www.saechsdsb.de/
For questions about the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as the revocation of any given consent or objection to a particular use of the data, please contact SUPERIORE.DE GmbH at datenschutz superiore.de
Last Update: 25/02/2021