1) Information on the collection of personal data and contact information of the data controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below you will find information about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 Data controller for the data processing on this website in the sense of the General Data Protection Regulation (GDPR) is RollArt GmbH, Westerburger Weg 43, 26197 Huntlosen, Germany, Tel: 044876649523, email: firstname.lastname@example.org. The controller of personal data shall be the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the responsible person). You can recognize an encrypted connection by the character string "https://" and the lock symbol in the URL field.
2) Data collection when visiting our website
If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you: Our visited website Date and time at the time of access Amount of data sent in bytes Source/reference from which you came to the page Browser used Operating system used IP address used (if applicable: in anonymised form) Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data shall not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are specific indications of illegal use.
These can be found for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that if cookies are not accepted, the functionality of our website may be restricted.
If you contact us (e.g. via contact form or email), your personal data is collected. Which data is collected in the case of a contact form shall be apparent from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after the final processing of your request, this is the case if the circumstances indicate that the matter in question has been conclusively clarified and provided there are no legal obligations to retain data.
5) Data processing when opening a customer account and for contract processing
Pursuant to Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected in the case of a contact form shall be apparent from the respective contact form. A deletion of your customer account is possible at any time and can be requested by sending a message to the data controller’s address, found above. We store and use the data provided by you for contract processing. After complete completion of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data from our side was reserved, about which we inform you below accordingly.
6) Data processing for order processing
6.1 In the processing of your order we work together with the following service provider(s) who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information. The personal data collected by us is passed on to the transport company commissioned with the delivery within the framework of contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. The legal basis for the transfer of the data is Art. 6 para. 1 lit. b GDPR.
6.2 Use of payment service providers
Heidelpay When paying by credit card via Heidelpay, payment is processed via the payment service provider Heidelberger Payment GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany (hereinafter "Heidelpay"), to whom we forward your data provided during the ordering process exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR. This transfer shall only take place to the extent that it is actually necessary for the payment processing. Heidelpay will transmit your data to HUELLEMANN & STRAUSS ONLINESERVICES S.A., 1, Place du Marché, 6755 Grevenmacher, Luxembourg for the purpose of making the payment - if necessary - in accordance with Art. 6 para. 1 lit. b GDPR. If you select the payment method "Purchase invoice via Heidelpay" or "Direct debit via Heidelplay", you will be asked to enter your personal data (first and last name, street, house number, postcode, city, date of birth, email address and telephone number) during the ordering process. In order to safeguard our legitimate interest in determining the solvency of our customers, we shall forward this data to Heidelberger Payment GmbH, Vangerowstr. 18, 69115 Heidelberg, Germany (hereinafter referred to as "Heidelpay"), in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of a credit assessment. On the basis of the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experience), Heidelpay checks whether the payment option selected by you can be granted with regard to payment and/or bad debt risks. Pursuant to Art. 6 para. 1 lit. f GDPR, identity or credit information from the following credit agencies may also be included in the decision on the establishment or performance of a contractual relationship: - SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden - CRIF Bürgel GmbH, Gasstraße 18, 22761 Hamburg - Arvato Infoscore GmbH, Rheinstraße 99, 76532 Baden-Baden - Deltavista GmbH, Kaiserstraße 217, 76133 Karlsruhe - UNIVERSUM Business GmbH, Hugo-Junkers-Straße 3, 60386 Frankfurt am Main - Bisnode International Group, Robert-Bosch-Straße 11, 64293 Darmstadt - Regis24 GmbH, Wallstraße 58, 10179 Berlin - Creditreform AG, Hellersbergstraße 12, 41460 Neuss The credit report may contain probability values (known as "creditworthiness" scores). As far as scores enter into the result of the creditworthiness information, these have their basis in a scientifically recognized mathematical-statistical procedure. Address data, among other things but not exclusively, is included in the calculation of the scores. You can object to this processing of your data at any time by sending a message to the data controller or to Heidelpay. However, Heidelpay may still be entitled to process your personal data if this is necessary to process payment in accordance with the contract.
7) Rights of the data subject
7.1 The data controller grants you, in accordance with applicable data protection law, comprehensive rights (information and intervention rights) about which we inform you below: Right to information pursuant to Art. 15 GDPR: In particular, you have a right of access to your personal data processed by us, the purposes for which it is processed, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or storage period to which your data is to be and/or the criteria for determining the storage period, the existence of a right to rectification, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected by us from you, the existence of automated decision-making including profiling and, where applicable, meaningful information on the logic involved and the scope and desired effects of such processing concerning you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR in the event of transfer of your data to third countries; Right to rectification pursuant to Art. 16 GDPR: You have the right to have any incorrect data concerning you corrected and/or your incomplete data stored by us completed without delay; Right to rectification pursuant to Art. 17 GDPR: You have the right to demand the deletion of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right shall not apply in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims; Right to rectification pursuant to Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data as long as the correctness of your data which you dispute is verified, if you refuse to delete your data due to unauthorised data processing and instead demand the restriction of the processing of your data, if you need your data for the assertion, exercise or defence of legal claims after we no longer need this data after purpose has been achieved or if you have lodged an objection due to reasons of your particular situation, as long as it is not yet known whether our legitimate reasons prevail; Right to rectification pursuant to Art. 19 GDPR: If you have exercised your right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, cancellation or limitation, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of such recipients. Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data which you have provided to us, in a structured, common and machine-readable format or to request the transmission to another responsible person as far as this is technically feasible; Right to revoke consents granted pursuant to Art. 7 para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent.The revocation of the consent shall not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation; Right to lodge a complaint with a supervisory authority, pursuant to Art. 77 GDPR: If you believe that the processing of your personal data is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are located, at your place of work or at the place where the alleged infringement is alleged, without prejudice to any other administrative or judicial remedy.
7.2 RIGHT TO OBJECTION
IF WE PROCESS YOUR PERSONAL DATA AS PART OF A WEIGHING OF INTERESTS ON THE BASIS OF OUR PREDOMINANTLY LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU MAKE USE OF YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING GROUNDS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH THEIR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS. IF YOUR PERSONAL DATA IS PROCESSED BY US IN ORDER TO CONDUCT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE OBJECTION AS DESCRIBED ABOVE. IF YOU MAKE USE OF YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKTING PURPOSES.
8) Duration of storage of personal data
The duration of the storage of personal data shall be determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted if they are no longer required for contract fulfilment or contract initiation and/or if we do not continue to have a justified interest in further storage.