Privacy policy
We are delighted that you have chosen to visit our website at www.concept-s-design.com and appreciate your interest in our company.
The protection of your personal data, such as your date of birth, name, telephone number, address and other personal information, is of great importance to us.
The purpose of this Privacy Policy is to inform you about the processing of your personal data that we collect when you visit our website. Our data protection practices comply with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This Privacy Policy is intended to fulfil the information obligations arising from the GDPR, including, in particular, those set out in Articles 13 and 14 et seq. GDPR..
Data Controller
For the purposes of Article 4(7) of the General Data Protection Regulation (GDPR), the data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
With regard to this website, the data controller is:
Concept S Ladenbau u. Objekt Design GmbH
Steinbeisstraße 8
73614 Schorndorf
Germany
E-Mail: info@concept-s-design.com
Tel.: +49 7181 99371-0
Fax: +49 7181 99371-62
Provision of the Website and Creation of Log Files
Each time our website is accessed, our system automatically collects data and information from the device used to access the website (e.g. computer, mobile phone, tablet or other end device).
What personal data is collected and to what extent is it processed?
(1) Information about the browser type and version used;
(2) The operating system of the accessing device;
(3) The hostname of the accessing computer;
(4) The IP address of the accessing device;
(5) The date and time of access;
(6) Websites and resources (images, files and other page content) accessed on our website;
(7) Websites from which the user’s system reached our website (referrer tracking);
(8) A notification indicating whether the access request was successful;
(9) The volume of data transmitted
This data is stored in the log files of our system. It is not stored together with the personal data of any specific user. Consequently, individual visitors to the website cannot be identified from this information.
Legal Basis for the Processing of Personal Data
Article 6(1)(f) GDPR (legitimate interests). Our legitimate interest lies in ensuring the achievement of the purpose described below.
Purpose of the Data Processing
The temporary (automated) storage of this data is necessary to enable the proper operation and delivery of the website during your visit. The storage and processing of personal data also serve to maintain the compatibility of our website for as many visitors as possible, to prevent misuse, and to detect and remedy technical faults. For these purposes, it is necessary to log the technical data of the accessing device to identify and respond as early as possible to display errors, attacks on our IT systems and/or malfunctions affecting the functionality of our website. In addition, the data is used to optimise our website and to ensure the overall security of our information technology systems.
Retention Period
The technical data referred to above will be deleted as soon as it is no longer required to ensure the compatibility of our website for all visitors and, in any event, no later than three (3) months after your access to our website.
Right to Object and Right to Erasure
You have the right to object to the processing of your personal data at any time in accordance with Article 21 GDPR and to request the erasure of your personal data in accordance with Article 17 GDPR. Details of the rights available to you and information on how to exercise them can be found in the section below of this Privacy Policy..
Special Features of Our Website
Our website offers various features through which we collect, process and store personal data. Below, we explain how this data is handled:
Order Form
-
What personal data is collected and to what extent is it processed?
The data you enter into the form fields, such as your address, surname, first name and other information, will be processed by us for the purpose set out below.
-
Legal Basis for the Processing of Personal Data
Article 6(1)(b) GDPR (performance of pre-contractual measures and performance of a contract).
-
Purpose of the Data Processing
The purpose of the data processing is to handle your order so that we can perform pre-contractual measures and process existing or potential contractual relationships with you.
-
Retention Period
The data will be deleted as soon as it is no longer required for processing your order and provided that no statutory retention obligations apply. As a rule, this will be after ten (10) years (see Section 147(3) in conjunction with Section 147(1) Nos. 1, 4 and 4a of the German Fiscal Code (AO) and Section 14b(1) of the German Value Added Tax Act (UStG).
-
Right to Object and Right to Erasure
Details of the rights available to you and information on how to exercise them can be found in the section below of this Privacy Policy.
-
Requirement to Provide Personal Data
The information requested in the order form is neither contractually nor legally mandatory. However, it is required in order to conclude a contract. If you do not complete the mandatory fields, or do not complete them in full, the order you wish to place cannot be processed or completed.
Review Function
-
What personal data is collected and to what extent is it processed?
The data you enter into the fields of our review form will be processed by us for the purpose set out below.
-
Legal Basis for the Processing of Personal Data
Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR (consent given by a clear affirmative act or conduct, or explicit consent in the case of special categories of personal data).
-
Purpose of the Data Processing
The purpose of the data processing is to receive and publish your review on our website and – where you have given your explicit consent – also on the online platforms of our review service providers.
-
Retention Period
Your review will be stored and published for an indefinite period. We reserve the right to remove it at any time without stating reasons and without prior or subsequent notification.
-
Right to Object and Right to Erasure
You may withdraw your consent to the publication of your review at any time in accordance with Article 7(3) GDPR. However, any processing carried out prior to the withdrawal of your consent shall remain unaffected. For information about your other rights, please refer to the overview provided at the end of this Privacy Policy.
-
Requirement to Provide Personal Data
Providing information in the review function is entirely voluntary and is neither contractually nor legally required. Furthermore, the information is not necessary for the conclusion of a contract. However, if you do not complete the mandatory fields, or do not complete them in full, your review cannot be published on our platform.
Kontaktformular(e)
-
What personal data is collected and to what extent is it processed?
The data you enter our contact form(s) via the input fields provided will be processed by us for the purpose set out below.
-
Legal Basis for the Processing of Personal Data
Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR (consent given by a clear affirmative act or conduct, or explicit consent in the case of special categories of personal data).
-
Purpose of the Data Processing
The data submitted via our contact form(s) will be used solely for the purpose of processing the specific enquiry received through the respective contact form.
-
Retention Period
The data collected will be deleted without undue delay once your enquiry has been processed, provided that no statutory retention obligations apply.
-
Right to Object and Right to Erasure
The rights to object and to request erasure are governed by the general provisions on the right to withdraw consent and the right to erasure under data protection law, as set out below in this Privacy Policy.
-
Requirement to Provide Personal Data
The use of our contact form(s) is entirely voluntary and is neither contractually nor legally required. You are under no obligation to contact us via the contact form and may instead use any of the other contact options provided on our website. However, if you choose to use our contact form, you must complete all fields marked as mandatory. If the required information is not provided, you may be unable to submit your enquiry or, if submitted, we may unfortunately be unable to process it.
Login Area
-
What personal data is collected and to what extent is it processed?
The registration and login details you provide will be processed by us for the purpose set out below.
-
Legal Basis for the Processing of Personal Data
Article 6(1)(b) GDPR (performance of pre-contractual measures and performance of a contract).
-
Purpose of the Data Processing
Our website provides you with the option to access a dedicated login area. In order to verify your authorisation to use the protected area and/or access protected documents, you must enter your login credentials (email address or username and password) into the relevant login form.
-
Retention Period
The data collected will be retained for as long as you maintain a user account with us.
-
Right to Object and Right to Erasure
Details of the rights available to you and information on how to exercise them can be found in the section below of this Privacy Policy.
-
Requirement to Provide Personal Data
Use of the login area on our website is contractually required in order to access the protected section. Access to the content secured by the login area is not possible without providing the required personal data. If you wish to use our login area, you must complete all fields marked as mandatory (username and password). Entering these details requires that you already have an active user account. Login is not possible if the information you provide is incorrect. If the required data is entered incorrectly or not entered at all, access to the protected area cannot be granted. The remainder of the website can continue to be used without logging in.
Newsletter Subscription Form
-
What personal data is collected and to what extent is it processed?
By subscribing to the newsletter on our website, we collect the email address you provide in the subscription form and, where applicable, any additional contact details that you voluntarily supply through the newsletter registration form.
-
Legal Basis for the Processing of Personal Data
Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR (consent given by a clear affirmative act or conduct, or explicit consent in the case of special categories of personal data).
-
Purpose of the Data Processing
The data collected through our newsletter subscription form is used exclusively for sending you our newsletter, in which we provide information about our products, services and the latest company news. After registering, you will receive a confirmation email containing a link that you must click in order to complete your subscription to our newsletter (double opt-in procedure).
-
Retention Period
You may unsubscribe from our newsletter at any time by clicking the unsubscribe link included in every newsletter. Once you unsubscribe, your personal data will be deleted by us without undue delay. Likewise, if the subscription process is not completed, your data will be deleted promptly. We reserve the right to delete data at our discretion without stating reasons and without prior or subsequent notification.
-
Right to Object and Right to Erasure
You may withdraw your consent at any time in accordance with Article 7(3) GDPR. Any processing carried out prior to the withdrawal of your consent shall remain unaffected by such withdrawal. For information about your other rights, please refer to the overview provided at the end of this Privacy Policy.
-
Requirement to Provide Personal Data
If you wish to subscribe to our newsletter, you must complete all fields marked as mandatory and confirm your email address by clicking the link contained in the double opt-in confirmation email. The information requested for newsletter registration is neither required to enter a contract with us nor mandated by law. It is used exclusively for the purpose of sending you, our newsletter. If you do not provide the required information or fail to complete the double opt-in confirmation process, we will unfortunately be unable to provide you with our newsletter service.
Automated Credit Assessment / Credit Scoring
If you wish to enter into a contract with us, we reserve the right to carry out an exclusively automated processing of your personal data for the purpose of assessing your creditworthiness. We are entitled to make such an automated decision pursuant to Article 22(2)(a) GDPR. Whether or not a contract can be concluded may depend on the outcome of this automated credit assessment. As part of the credit assessment, statistical probabilities of payment default are calculated. The credit report may include probability values (so-called score values), which are determined using scientifically recognised mathematical and statistical methods. In doing so, a variety of factors – such as income, address details, occupation, marital status and previous payment behaviour – may be taken into account in order to assess the customer's future risk of default. The result is expressed in the form of a payment score ("score"). The information obtained in this way forms the basis for our decision on whether to establish, perform or terminate a contractual relationship. If you believe that you have been unfairly refused the conclusion of a contract as a result of the credit assessment, you may contact us by email to explain your position. In such cases, we will review the automated decision on an individual basis in accordance with Article 22(3) GDPR. For the purpose of carrying out the credit assessment, we are entitled to store and process your personal data in accordance with Article 6(1)(b) GDPR.
As part of the prospective contractual relationship, we may transfer your personal data to the following provider(s) in the cases listed below:
-
Automatic identity and creditworthiness check when selecting the “PayPal” payment method
-
What personal data is collected and to what extent is it processed?
If you select “PayPal” as your chosen payment method, we will transfer the personal customer data collected during the ordering process to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) for the purpose of processing the payment. Where you have given your consent, the following data may be included in the transfer: your first and last name, street address, house number, postcode, city, date of birth, telephone number, as well as data relating to your order.
-
Legal Basis for the Processing of Personal Data
Article 6(1)(b) GDPR (performance of pre-contractual measures and performance of a contract).
-
Purpose of the Data Processing
When the “PayPal” payment method is selected, PayPal carries out a creditworthiness assessment. In doing so, PayPal uses mathematical and statistical methods to calculate a rating regarding the likelihood of payment default (so-called credit scoring). The calculated score is used by PayPal as the basis for its decision on whether to make the selected payment method available. The calculation of the score is performed using recognised scientific methods. For further information, please refer to PayPal’s Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
-
Retention Period
We will retain the data relevant to the processing of the payment for as long as is necessary to complete the transaction. Where the data is subject to statutory retention obligations, it will be deleted after the applicable retention period has expired.
The retention period for data processed by PayPal is governed by PayPal’s Privacy Policy, which is available at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full -
Right to Object and Right to Erasure
You have the right to object to the processing of your personal data at any time in accordance with Article 21 GDPR and to request the erasure of your personal data in accordance with Article 17 GDPR. Details of the rights available to you and information on how to exercise them can be found in the section below of this Privacy Policy.
-
Statistical Analysis of Visits to This Website – Web Tracking
When this website or individual files on this website are accessed, we collect, process and store the following data: IP address, the website from which the requested file was accessed, the name of the requested file, the date and time of access, the volume of data transferred, and the notification indicating whether the request was successful (so-called web logs). We use this access data exclusively in an anonymised form for the continuous improvement of our website and for statistical purposes. For the statistical analysis of visits to this website, we also use the following web tracking technologies:
-
Custom Audience
We use the Custom Audiences service provided by Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, email: impressum-support@support.facebook.com, website: http://facebook.com/. Personal data may also be transferred to the United States. With regard to such transfers, the European Commission has adopted an adequacy decision for the EU–US Data Privacy Framework (DPF) pursuant to Article 45 GDPR (hereinafter referred to as the DPF: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The provider of this service is certified under the DPF, meaning that transfers of personal data are subject to the level of protection required by the GDPR.
The legal basis for the processing of your personal data is your consent in accordance with Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR, which you have provided on our website.
Facebook Custom Audiences is an advertising tool provided by Meta that enables targeted advertising campaigns to be delivered to visitors of our website.
The provider’s certification under the EU–US Data Privacy Framework can be viewed at: https://www.dataprivacyframework.gov/list
You may withdraw your consent at any time. Further information on how to withdraw your consent can be found either in the relevant consent request itself or at the end of this Privacy Policy.
Further information on how the transferred data is handled can be found in the provider’s Privacy Policy at: https://www.facebook.com/privacy/policy/.
The provider also offers an option to opt out of data processing at: https://www.facebook.com/privacy/policy/
-
Facebook Connect
We use the Facebook Connect service provided by Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, email: impressum-support@support.facebook.com, website: http://www.facebook.com/ . Personal data may also be transferred to the United States. Regarding such transfers, the European Commission has adopted an adequacy decision for the EU–US Data Privacy Framework (DPF) pursuant to Article 45 GDPR. The provider of this service is certified under the DPF.
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR.
Purpose of processing: Facebook Connect enables users to use their Facebook profile to simplify the registration and login process for other online services.
DPF certification: https://www.dataprivacyframework.gov/list
Provider’s Privacy Policy: https://www.facebook.com/privacy/policy/
-
Google
We use services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF).
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR.
Purpose of processing: We use Google to enable the loading and operation of additional Google services on our website.
Provider’s Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de
-
Google Ads
We use the Google Ads service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF).
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR.
Purpose of processing: Google Ads is an online advertising platform that enables us to display advertisements on external websites across the internet. Subject to your consent, your data may also be used for remarketing purposes, allowing relevant advertisements to be shown to you based on your previous interactions with our website.
Provider’s Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de
-
Google Analytics
We use Google Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF).
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR.
Purpose of processing: Google Analytics is a web analytics service that analyses the behaviour of website visitors and their interactions with our website. It provides us with reports and insights regarding the use, performance and popularity of the content and products available on our website. The data collected is generally deleted after a maximum period of 12 months.
Provider’s Privacy Policy: https://policies.google.com/privacy
-
Google Maps
We use Google Maps, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF).
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR.
Purpose of processing: On our behalf, Google uses the information collected through Google Maps to display interactive maps and related content to you. In relation to Google Maps, we have entered into a joint controller agreement with Google. The terms of this arrangement are available at: https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.
Provider’s Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de
-
Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF).
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR.
Purpose of processing: Google Tag Manager provides a technical platform that enables us to deploy, manage and control other web tools and web tracking services centrally by means of so-called “tags”.
Provider’s Privacy Policy https://policies.google.com/privacy
-
Gstatic
We use Gstatic, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF).
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR.
Purpose of processing: Gstatic is a background service used by Google to retrieve static content to reduce bandwidth usage and preload required resource files. In particular, the service loads background resources for Google Fonts and Google Maps.
Provider’s Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de
-
YouTube
We use YouTube, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF).
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR.
Purpose of processing: We embed videos from the YouTube platform on our website. This integration enables us to display YouTube videos directly within our website and provide you with multimedia content without requiring you to leave our site.
Provider’s Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de
Integration of External Web Services and Processing of Data Outside the EU
Our website uses active content provided by external service providers (so-called web services). When you access our website, these external providers may receive personal information relating to your visit to our website. In this context, personal data may also be processed outside the European Union. You can prevent such processing by installing an appropriate browser plug-in or by disabling the execution of scripts in your browser. Please note that doing so may result in functional restrictions on the websites you visit.
We use the following external web services:
-
Chatra Chatbot
We use the service Chatra.io, provided by Roger Wilco LLC, 501 Silverside Rd, Suite 105, Wilmington, DE 19809, United States.
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR. We have integrated the Chatra.io service into our website to provide a powerful live chat solution, enabling real-time communication between visitors and our customer service team.
Provider’s Privacy Policy: https://chatra.com/de/ -
Google Cloud APIs
We use Google APIs, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF). Legal basis: Your consent pursuant to Article 6(1)(a) GDPR. We use Google APIs to enable additional Google services on our website, in particular for the display of Google Fonts and the provision of Google Maps.
Provider’s Privacy Policy: https://policies.google.com/privacy -
Google Fonts
We use Google Fonts, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF).
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR. We use Google Fonts to incorporate attractive and consistent typefaces into our website, ensuring an improved visual appearance and user experience.
Provider’s Privacy Policy: https://policies.google.com/privacy -
Google reCaptcha
We use Google reCAPTCHA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data may also be transferred to the United States, where the provider is certified under the EU–US Data Privacy Framework (DPF).
Legal basis: Your consent pursuant to Article 6(1)(a) GDPR. We use Google reCAPTCHA on our website for security purposes in order to distinguish between human users and automated bots and to prevent automated programs from carrying out interactions on our website.
Provider’s Privacy Policy: https://policies.google.com/privacy -
PayPal
We use the PayPal service provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. Personal data is transferred exclusively to servers located within the European Union. Legal basis: Article 6(1)(b) GDPR (performance of pre-contractual measures and performance of a contract). We integrate this service into our online shop in order to display the PayPal payment button and enable you to use PayPal as a payment method during the checkout process.
Provider’s Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE -
Legal Text Snippets and Modules
We use the services of Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, email: support@website-check.de, website: https://www.website-check.de/. Personal data is transferred exclusively to servers located within the European Union.
Legal basis: Article 6(1)(c) GDPR (compliance with a legal obligation). This service is used to dynamically load and display the legal texts and legal content modules on our website.
Provider’s Privacy Policy: https://www.website-check.de/datenschutzerklaerung/ -
Website-Check Seal
We use the services of Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany. Personal data is transferred exclusively to servers located within the European Union. Legal basis: Article 6(1)(f) GDPR (legitimate interests). The script provided by Website-Check GmbH is used for the technical integration and display of the Website-Check Seal on our website.
Provider’s Privacy Policy: https://www.website-check.de/datenschutzerklaerung/ -
Social Plug-In – „Facebook by META"
-
What personal data is collected and to what extent is it processed?
We have integrated a social plug-in of the “Facebook by Meta” social network on our website, which is operated by Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland. When you access a page containing such a plug-in, your browser automatically establishes a background connection to the servers of Facebook by Meta. The content of the plug-in is transmitted directly by Facebook by Meta to your browser and is then integrated into our website. As a result of this integration, Facebook by Meta receives information that your browser has accessed a specific page of our website.
-
Legal Basis for the Processing of Personal Data
Legal basis: Article 6(1)(a) GDPR (where you are registered with Facebook by Meta and have given your consent) and Article 6(1)(f) GDPR (where you are not registered with Facebook by Meta, based on our legitimate interest in integrating social media functionality)..
-
Purpose of the Data Processing
The primary purpose of collecting this data is to provide you with a social interaction feature that is connected to Facebook by Meta, enabling you to engage with content and services through the Facebook platform. For further information, please refer to the provider’s Privacy Policy: https://www.facebook.com/privacy/policy/
-
Retention Period
Facebook by Meta will retain the data required for the provision of the web service for as long as necessary to fulfil that purpose. Where such data is subject to statutory retention obligations, it will be deleted once the applicable retention period has expired.
-
Right to Object and Right to Erasure
If you do not wish the Facebook by Meta social plug-in to be executed, you can prevent its operation by installing an appropriate browser add-on or script blocker. If you do not want Facebook by Meta to associate the data collected via our website with your Facebook profile, you must log out of your Facebook by Meta account before visiting our website.
-
Information on the Use of Cookies
-
What personal data is collected and to what extent is it processed?
On various pages of our website, we integrate and use cookies to enable certain functions of the website and to incorporate external web services. So-called “cookies” are small text files that your browser may store on the device you use to access our website.
-
Legal Basis for the Processing of Personal Data
Where cookies are processed on the basis of consent pursuant to Article 6(1)(a) GDPR, such consent shall also be deemed to constitute consent within the meaning of Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG) for the storage of cookies on the user’s terminal device.
-
Purpose of the Data Processing
Cookies are set either by our website or by the external web services we use in order to ensure the full functionality of our website, improve user experience, or fulfil the specific purposes for which you have given your consent.
-
Retention Period
The cookies we use remain stored until they are deleted from your browser or, in the case of a session cookie, until the session has expired. Further details are provided in the table below.
-
Right to Object and Right to Removal
You can configure your browser according to your preferences to prevent the storage of cookies altogether. If you have expressly given us your consent to process your personal data, you may withdraw that consent at any time with future effect.
| Cookie Name | Server | Provider | Purpose | Legal Basis | Retention Period | Type |
|---|---|---|---|---|---|---|
| LAST_RESULT_ENTRY_KEY | www.youtube-nocookie.com | YouTube | Stores user preferences when accessing a YouTube video embedded on external websites. | Art. 6(1)(a) GDPR (Consent) | Session | Convenience |
| SOCS | .google.com | Stores the user's cookie preferences. | Art. 6(1)(c) GDPR (Legal obligation) | Approx. 13 months | Cookie Banner | |
| TESTCOOKIESENABLED | www.youtube-nocookie.com | YouTube | Used to track user interaction with embedded content. | Art. 6(1)(a) GDPR (Consent) | Approx. 100 seconds | Analytics |
| __Secure-ENID | .google.com | Stores the time of the last login and uses this information together with the Google ID to help prevent misuse of login credentials. | Art. 6(1)(f) GDPR (Legitimate interests) | Approx. 13 months | Configuration | |
| __cf_bm | www.paypal.com | PayPal | Cloudflare places the __cf_bm cookie on end-user devices accessing customer websites protected by Bot Management or Bot Fight Mode. | Art. 6(1)(f) GDPR (Legitimate interests) | Approx. 31 minutes | Security |
| __csrf_token-1 | www.concept-s-design.com | Website Operator | Identifies each client request to the server to ensure that the request originates from the client. | Art. 6(1)(f) GDPR (Legitimate interests) | Session | Security |
| _cfuvid | www.paypal.com | PayPal | Part of Cloudflare services and used for rate limiting to distinguish users sharing the same IP address. | Art. 6(1)(a) GDPR (Consent) | Session | Configuration |
| _fbp | .concept-s-design.com | Facebook Connect | Used by Facebook to display advertising products and attribute advertising clicks to users. | Art. 6(1)(a) GDPR (Consent) | Approx. 3 months | Marketing |
| _ga | concept-s-design.com | Google Analytics | Assigns a unique ID to a user so that the web tracker can group user actions under that ID. | Art. 6(1)(a) GDPR (Consent) | Approx. 24 months | Analytics |
| _ga_* | concept-s-design.com | Google Analytics | Stores a unique identifier for website visitors in connection with Google Analytics or Google Tag Manager and tracks website usage. | Art. 6(1)(a) GDPR (Consent) | Approx. 24 months | Analytics |
| _gat | www.concept-s-design.com | Google Analytics | Used to throttle the request rate of the web tracker. | Art. 6(1)(a) GDPR (Consent) | Approx. 90 seconds | Analytics |
| _gcl_au | concept-s-design.com | Google Tag Manager | Used by Google AdSense to improve advertising efficiency. | Art. 6(1)(a) GDPR (Consent) | Approx. 3 months | Marketing |
| _gid | www.concept-s-design.com | Google Analytics | Assigns a unique ID to a user so that the web tracker can group user actions under that ID. | Art. 6(1)(a) GDPR (Consent) | Approx. 24 hours | Analytics |
| acrisCookie | www.concept-s-design.com | Website Operator | Stores selected user preferences for the current and future visits. | Art. 6(1)(a) GDPR (Consent) | Session | Configuration |
| cf_clearance | www.paypal.com | Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA) | Used as part of Cloudflare website protection and stores proof that a security challenge has been successfully completed. | Art. 6(1)(f) GDPR (Legitimate interests) | Approx. 12 months | Configuration |
| mnd-cookie-accepted-wwwconceptsdesigncom1 | www.concept-s-design.com | Website Operator | Stores selected user preferences for the current and future visits. | Art. 6(1)(a) GDPR (Consent) | Approx. 31 days | Configuration |
| nextId | www.youtube-nocookie.com | YouTube | Assigns a unique identifier to the user, allowing collection of website visitor behaviour data. | Art. 6(1)(a) GDPR (Consent) | Session | Marketing |
| nocache | www.concept-s-design.com | Website Operator | Controls the website cache to optimise loading performance. | Art. 6(1)(f) GDPR (Legitimate interests) | Approx. 30 seconds | Convenience |
| requests | www.youtube-nocookie.com | YouTube | We embed videos from our official YouTube channel using YouTube's privacy-enhanced mode. This mode may set cookies when you click on the YouTube video player. | Art. 6(1)(a) GDPR (Consent) | Session | Configuration |
| session-1 | www.concept-s-design.com | Website Operator | Controls the shopping cart functionality of the shop system and is required to add products to the shopping basket. | Art. 6(1)(b) GDPR (Performance of a contract or pre-contractual measures) | Session | Configuration |
| testcookie | www.concept-s-design.com | Website Operator | Set and read to determine whether the browser permits cookies to be stored. | Art. 6(1)(f) GDPR (Legitimate interests) | Session | Configuration |
| x-cache-context-hash | www.concept-s-design.com | Website Operator | Stores a hash value of the applicable customer group to display the correct prices and tax calculations for the visitor. | Art. 6(1)(a) GDPR (Consent) | Approx. 30 seconds | Configuration |
| x-ua-device | www.concept-s-design.com | Website Operator | Determines the screen resolution for which the website should be displayed to the visitor. | Art. 6(1)(f) GDPR (Legitimate interests) | Session | Configuration |
Data Security and Data Protection – Communication by Email
Your personal data is protected by appropriate technical and organisational measures during collection, storage and processing to ensure that it is not accessible to unauthorised third parties. Please note that, when communicating by unencrypted email, we cannot guarantee complete data security during transmission to our IT systems. For information requiring a particularly high level of confidentiality, we therefore recommend using encrypted communication or sending correspondence by post.
Right of Access and Requests for Rectification – Erasure and Restriction of Processing – Withdrawal of Consent – Right to Object
Right of Access
You have the right to request confirmation as to whether we process personal data concerning you. Where this is the case, you have the right to obtain access to the information referred to in Article 15(1) GDPR, provided that the rights and freedoms of other persons are not adversely affected (see Article 15(4) GDPR). Upon request, we will also be pleased to provide you with a copy of the personal data undergoing processing.
Right to Rectification
Pursuant to Article 16 GDPR, you have the right to request the correction of any inaccurate personal data we hold about you (such as your address, name or other personal details) at any time. You also have the right to request that any incomplete personal data stored by us be completed. Any such correction or completion will be carried out without undue delay.
Right to Erasure
You have the right, pursuant to Article 17(1) GDPR, to request the erasure of the personal data we have collected about you if:
- the data is no longer necessary for the purposes for which it was collected or otherwise processed;
- the legal basis for the processing no longer applies due to your withdrawal of consent and there is no other legal basis for the processing;
- you have objected to the processing and there are no overriding legitimate grounds for the processing;
- your personal data has been processed unlawfully; or
- erasure is required in order to comply with a legal obligation or the data was collected in relation to information society services pursuant to Article 8(1) GDPR.
The right to erasure does not apply pursuant to Article 17(3) GDPR where processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation requiring the processing of personal data;
- for reasons of public interest;
- or for the establishment, exercise or defence of legal claims.
Right to Restriction of Processing
Pursuant to Article 18(1) GDPR, you have the right to request the restriction of the processing of your personal data in certain circumstances.This right applies where
- you contest the accuracy of the personal data, for a period enabling us to verify its accuracy;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- we no longer require the personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims; or
- you have objected to the processing pursuant to Article 21(1) GDPR, pending verification of whether our legitimate grounds override yours.
Right to Withdraw Consent
If you have given us your explicit consent to process your personal data (Article 6(1)(a) GDPR or Article 9(2)(a) GDPR), you may withdraw that consent at any time. Please note that the withdrawal of your consent does not affect the lawfulness of any processing carried out on the basis of your consent before its withdrawal.
Right to Object
Pursuant to Article 21 GDPR, you have the right to object at any time to the processing of your personal data where such processing is based on Article 6(1)(f) GDPR (processing carried out on the basis of our legitimate interests). This right applies where there are grounds relating to your particular situation that justify your objection to the storage and processing of your personal data.
How Can You Exercise Your Rights?
You may exercise your rights at any time by contacting us using the following details:
Concept S Ladenbau u. Objekt Design GmbH
Steinbeisstraße 8
73614 Schorndorf
Germany
E-Mail: info@concept-s-design.com
Tel.: +49 7181 99371-0
Fax: +49 7181 99371-62
Right to Data Portability
Pursuant to Article 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.Upon request and in accordance with Article 20(1) GDPR, we will provide you with the following categories of data:
- Personal data that has been collected on the basis of your explicit consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR;
- Personal data that we have received from you in the context of existing contractual relationships pursuant to Article 6(1)(b) GDPR; and
- Personal data that has been processed by automated means.
Where technically feasible, we will transmit your personal data directly to another controller designated by you. Please note, however, that pursuant to Article 20(4) GDPR, we are not permitted to transfer personal data where such transfer would adversely affect the rights and freedoms of other individuals.
Right to Lodge a Complaint with a Supervisory Authority pursuant to Article 77(1) GDPR
If you believe that your personal data is being processed unlawfully on our website, you are, of course, entitled to seek judicial clarification of the matter at any time. You also have access to any other legal remedies available to you. In addition, pursuant to Article 77(1) GDPR, you have the right to lodge a complaint with a supervisory authority. This right may be exercised with the supervisory authority in the EU Member State of your habitual residence, your place of work, or the place of the alleged infringement. You are therefore free to choose the supervisory authority to which you submit your complaint. The supervisory authority with which the complaint has been lodged will inform you of the progress and outcome of your complaint, including the possibility of seeking a judicial remedy pursuant to Article 78 GDPR.
Prepared by:
© DURY LEGAL Rechtsanwälte – www.dury.de
© Website-Check GmbH – www.website-check.de