Data protection statement
The security of personal data such as names, addresses, telephone numbers and email addresses is one of our key concerns. For this reason, we carry out all our online activities in accordance with data protection and data security laws. In the following, you will learn about which information we collect where necessary and how we treat said information.
1. Name and contact details of the controller in charge of data processing and of the data protection officer
This privacy notification applies to data processing by:
FRIWO Gerätebau GmbH
Phone +49 2532 81-0
Fax +49 2532 81-112
The data protection officer of FRIWO Gerätebau GmbH may be contacted at the address above or the following:
Data Protection Officer
DSB Münster GmbH
48153 Münster, Germany
Phone +49 251 71879-0
Fax +49 251 71879-290
2. PERSONAL DATA
Personal data is defined as all information that relates to an identified or identifiable natural person. This includes information such as their real name, their address, their telephone number and their date of birth.
Because this data enjoys special protection, we only collect it if it is technically necessary. In accordance with our duties, we will explain in the following which information we collect while you visit our website and how this information is used.
3. Collection and storage of personal data, as well as the type and purpose of its use
a) When visiting the website
When you access our website www.friwo-shop.com, the browser used on your device automatically sends information to our website’s server. This information is temporarily saved in a log file. The following details are recorded without any action on your part and stored until they are automatically deleted:
• IP address of the computer accessing the website
• the date and time of access
• the name and URL of the retrieved file
• the website from which access occurs (referrer URL)
• the browser used and, where applicable, the operating system of your computer, as well as the name of your access provider
We use the data described for the following purposes:
• to ensure the trouble-free establishment of a connection to the website
• to ensure the convenient use of our website
• to analyse system security and stability
• for administrative purposes
The legal basis for data processing is provided by Art. 6 (1) Clause 1 (f) of the General Data Protection Regulation (GDPR). Our legitimate interest stems from the data collection purposes listed above. In no instance do we use the collected data for identifying you as a person.
b) When registering for our newsletter
If you would like to receive the newsletter, we require a valid email address and information from you that allows us to verify that you are the owner of the email address / that its owner agrees to receiving the newsletter. Provided that you have given your express consent under Art. 6 (1) Clause 1 (a) GDPR, we use your email address to regularly send you our newsletter. The valid email address is only used to send the newsletter and is not passed on to any third parties.
We only use the data collected in our newsletter’s registration mask to send our newsletter, where we provide information about all of our services. Once you have registered, we will send you a confirmation email containing a link that you must click on to complete the registration process for our newsletter (double opt-in).
When you register for the newsletter, we save your IP address and the date of registration. The only purpose that saving this information serves is to provide proof in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorised party.
You can, at any time, revoke the consent you have given us to save your data and email address and to use them to send the newsletter. You may unsubscribe at any time, for example by clicking on a link in the newsletter itself or in your profile area, or by sending a message to the points of contact named above.
The newsletter is distributed through MailChimp, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter subscribers as well as other data of theirs described within the scope of this notice are stored on MailChimp’s servers in the United States. Acting on our behalf, MailChimp uses this information to distribute and analyse the newsletter. Based on its own information, MailChimp may also use this data to optimise or improve its own services, e.g. for the technical optimisation and presentation of the newsletter or for business purposes to determine which countries subscribers are from. However, MailChimp does not use the data of our newsletter subscribers to write to them itself, nor does it share the data with third parties.
The newsletter contains what is known as a web beacon, which is a file the size of a pixel that MailChimp’s server retrieves when the newsletter is opened. As part of the retrieval process, technical information about such things as the browser and your system, as well as your IP address and the time of the visit, is first collected. This information is then used for making technical improvements to services by means of the technical data or the target groups and their reading behaviour based on where they accessed the newsletter from (which can be ascertained via the IP address) or access times.
The statistical data collected also includes whether the newsletters are opened, when and which links readers click on. While it is technically possible to match this information with individual newsletter subscribers, it is not our intention or that of MailChimp to monitor individual users. Rather, the analyses serve to help us understand our users’ reading habits and tailor our content to them or to send differing content in line with our users’ interests.
c) When using our contact form
We provide you with the opportunity to contact us with questions of any kind using a form that is available on the website. In order to use this form, it is necessary for users to enter a valid email address so that we know who the enquiry is from and can respond to it. Other information may be provided voluntarily.
Data processing for the purpose of establishing contact with us is carried out in accordance with Art. 6 (1) Clause 1 (a) GDPR based on your consent, which you provide voluntarily.
The personal data that we collect in relation to the use of this contact form is automatically deleted once your enquiry has been addressed.
4. Online shop
You can visit the pages of our online shop without us collecting personal data from you. Personal data is only collected if you share it with us to perform a contract, open a customer account or establish contact. In each case, this data is used without your express consent solely for the purposes of performing the contract or processing your enquiries. Once the contract has been fully executed, your data is stored in accordance with retention periods specified under tax and commercial law; however, it is blocked from being used for any other purposes and is deleted after expiry of these retention periods, provided you have not expressly consented to the further use of your data.
a) Data processing when opening a customer account and for performing contracts
Pursuant to Art. 6 (1) (b) GDPR, personal data is further collected and processed if you share it with us for performing a contract or when opening a customer account. Exactly which information is collected is apparent from the respective forms with input fields. You may delete your customer account at any time by sending a message to the aforementioned address of the controller. We store and use the data you share with us for performing the contract. Once the contract has been fully executed or your customer account has been deleted, your data is blocked in accordance with retention periods specified under tax and commercial law and deleted after expiry of these retention periods, provided you have not expressly consented to the further use of your data or provided we have not reserved the right to some legally permissible further use of the data, about which we inform you below.
b) Data processing for order processing
To process your order, we work with the following service provider(s), who assist us in whole or in part to perform contracts that have been concluded. In accordance with the following information, certain personal data is transmitted to these service providers.
The personal data that we collect within the scope of performing a contract is shared with the carrier charged with delivery, provided it is necessary to do so to deliver the product. As part of payment processing, we share your payment information with the bank charged with this task, provided it is necessary to do so to process the payment. In cases where payment service providers are used, please refer to the details below, where we explicitly inform you about this. The legal basis here for sharing data is Art. 6 (1) (b) GDPR.
Notice regarding international orders:
In the case of international orders, we reserve the right to pass on the orderer’s data to one of our commercial representatives/distributors for the purposes of future contract execution. The legal basis for passing on this information is Article 6 (1)(f) GDPR.
aa) We work with external shipping agents to fulfil our contractual obligations with respect to our customers. We share your name and your delivery address with a shipping agent that we choose solely for the purposes of delivering goods under Art. 6 (1) (b) GDPR.
(1) Sharing personal data with shipping providers - DHL
If delivery is handled by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany), we share your email address with DHL pursuant to Art. 6 (1) (a) GDPR prior to the delivery of goods or the delivery of letters for the purpose of coordinating a delivery date or for shipment notification, as well as business correspondence, provided you have expressly consented to this in the order process. Otherwise, we only provide DHL with the recipient’s name and delivery address for the purpose of delivery pursuant to Art. 6 (1) (b) GDPR. This information is shared only if it is necessary to do so for delivering the goods. In this case, coordinating the delivery date in advance with DHL or a shipment notification is not possible. Consent may be revoked at any time vis-à-vis the controller designated above or the transport service provider DHL with future effect.
(2) Sharing personal data with shipping providers - UPS
If delivery is handled by the transport service provider United Parcel Service Deutschland S.à r.l. & Co. OHG (Görlitzer Straße 1, 41460 Neuss, Germany), we share your email address with UPS pursuant to Art. 6 (1) (a) GDPR prior to the delivery of goods for the purpose of coordinating a delivery date or for shipment notification, provided you have expressly consented to this in the order process. Otherwise, we only provide UPS with the recipient’s name and delivery address for the purpose of delivery pursuant to Art. 6 (1) (b) GDPR. This information is shared only if it is necessary to do so for delivering the goods. In this case, coordinating the delivery date in advance with UPS or a shipment notification is not possible. Consent may be revoked at any time vis-à-vis the controller designated above or the transport service provider UPS with future effect.
(3) Sharing personal data with shipping providers – Jet-Speed GmbH
If delivery is handled by the transport service provider Jet-Speed GmbH (Münster-Osnabrück location, Von-Liebig-Str. 11, 48346 Ostbevern, Germany; registered office: Thomas-Dachser-Str. 2, 87439 Kempten, Germany), we share your email address with Jet-Speed GmbH pursuant to Art. 6 (1) (a) GDPR prior to the delivery of goods for the purpose of coordinating a delivery date or for shipment notification, provided you have expressly consented to this in the order process. Otherwise, we only provide Jet-Speed GmbH with the recipient’s name and delivery address for the purpose of delivery pursuant to Art. 6 (1) (b) GDPR. This information is shared only if it is necessary to do so for delivering the goods. In this case, coordinating the delivery date in advance with Jet-Speed GmbH or a shipment notification is not possible. Consent may be revoked at any time vis-à-vis the controller designated above or the transport service provider Jet-Speed GmbH with future effect.
c) Use of payment service providers - PayPal
If you pay via PayPal, using a credit card via PayPal, through direct debit via PayPal or – if offered – on account or through instalments via PayPal, we share your payment details with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) within the scope of payment processing.
This information is shared pursuant to Art. 6 (1) (b) GDPR and only to the extent that it is necessary to do so for processing payment.
PayPal reserves the right to perform a credit check for the payment methods of credit card via PayPal, direct debit via PayPal and – if offered – on account and instalments via PayPal. If applicable, your payment details are shared with credit agencies for this purpose pursuant to Art. 6 (1) (f) GDPR on the basis of PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result from the credit check concerning the statistical probability of default for the purpose of deciding whether to offer the respective payment method. The credit report may contain probabilities known as scores. Any scores included in the result of the credit report are based on a scientifically recognised statistical method grounded in mathematics. Among other details, address information is included, although not exclusively, in the calculation of scores.
You can object to the processing of your data at any time by sending a message to PayPal. However, PayPal shall remain entitled to process your personal data, provided it is necessary to do so for processing payment in line with the contract.
d) Use of payment service providers - Giro solutions
If you pay by credit card, we will pass on your payment details to GiroSolution GmbH, Hauptstrasse 27, 88699 Frickingen/Germany (hereinafter referred to as "GiroSolution GmbH") within the scope of payment processing.
The disclosure is made in accordance with sect. 6 para. 1 lit. b GDPR and only insofar as this is necessary for the payment process.
Girosolution reserves the right to credit information for credit card payments. If necessary, your payment data will be forwarded to credit agencies in accordance with sect. 6 para. 1 lit. f GDPR in the legitimate interest of Girosolution to determine your solvency. The result of the credit check with regard to the statistical probability of debt default is used by Girosolution for the purpose of deciding on the provision of the respective payment method. The credit information can contain probability values (so-called score values). Insofar as score values are included in the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. The assessment of score values includes, but is not limited to, address data.
You can object to the processing of your data at any time by sending a corresponding message to Girosolution. Girosolution, however, may continue to be entitled to process your personal data if this is necessary for the contractual payment process.
5. Forwarding of data
Your personal data is not transmitted to third parties for any purposes other than those listed below.
• We share your personal data with third parties only if:
• you have expressly consented to this in accordance with Art. 6 (1) Clause 1 (a) GDPR;
• the sharing of this data under Art. 6 (1) Clause 1 (f) GDPR is necessary for establishing, exercising or defending legal claims and there is no reason to assume that you have an overriding interest requiring protection in your data not being shared;
• The disclosure of data under Article 6 (1)(f) GDPR to a contractually bound commercial representative is necessary for the purposes of our legitimate interests or those of the commercial representative if there is no reason to believe that the data subject has compelling legitimate interest in the non-disclosure of their data.
• there is a legal obligation to share the data under Art. 6 (1) Clause 1 (c) GDPR;
• it is legally permissible and necessary under Art. 6 (1) Clause 1 (b) GDPR for performance of a contract to which you are party.
Information is stored in the cookie which is generated in connection with the specific device used. However, this does not mean that we gain direct knowledge of your identity through this information.
We also use temporary cookies to optimise user-friendliness. Temporary cookies are stored for a certain period of time on your device. If you visit our website again to use our services, the temporary cookies automatically recognise that you were here once before and can recall your previous entries and settings so that you do not have to enter them again.
The data processed by cookies is necessary for the purposes described for safeguarding our legitimate interests as well as those of third parties under Art. 6 (1) Clause 1 (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or a message appears before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all of our website’s functions.
7. Analysis tools (tracking tools)
The tracking measures that we employ, which are listed below, are carried out on the basis of Art. 6 (1) Clause 1 (f) GDPR. We aim to design our website in line with users’ needs and ensure its ongoing optimisation through the tracking measures employed. We also employ tracking measures to compile statistics on the use of our website and analyse them for the purpose of optimising it. The interests are regarded as legitimate as per the provision cited above.
The respective data processing purposes and data categories may be found in the corresponding tracking tools.
We use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; hereinafter referred to as “Google”) for the purpose of designing our web pages in line with users’ needs and the pages’ ongoing optimisation. In this context, pseudonymised user profiles are created and cookies (refer to Section 10) are used. The information generated by the cookie about your use of this website, such as
• browser type/version,
• operating system used,
• referrer URL (the previously visited page),
• host name of the computer accessing the site (IP address) and
• time of the server request
is transmitted to a Google server in the United States and stored there. The information is used to analyse use of the website, to compile reports about website activity and to perform other services related to website and internet use for the purposes of market research and designing these web pages in line with users’ needs.
This information may also potentially be transmitted to third parties if required by law or if third parties are charged with processing it. Under no circumstances is your IP address combined with other data by Google. IP addresses are anonymised so that linking it to a specific user is not possible (IP masking). You may refuse to allow the installation of cookies by selecting the appropriate settings in the browser software. However, please note that, in this case, it may not be possible to use all of the functions of this website to their full extent.
You can also prevent the collection of the information generated by the cookie pertaining to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, particularly with regard to browsers on mobile devices, you can also prevent the collection of data by Google Analytics by clicking on https://tools.google.com/dlpage/gaoptout. An opt-out cookie is created that prevents your data from being collected in future when visiting this website. The opt-out cookie applies only to this browser and only to our website, and is placed on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.
Additional information on data protection in connection with Google Analytics is available for example from Google Analytics support (https://support.google.com/analytics/answer/6004245?hl=de).
8. Integration of social networks
On our website, in line with art. 6, subs. 1 lit. f GDPR, we employ social networking services of Facebook and Youtube to raise the profiles of our companies and our website and to interact with our target groups. The responsibility for the privacy-compliant use of these services is guaranteed by the respective provider. Visitors of our website are pointed to these services by link for optimum monitoring of personal privacy.
Individual content can be transmitted to Facebook by using the corresponding icon for local postings (so-called "sharing"). If you click a link on our website, your browser will directly connect you with the Facebook servers. The URL of the last visited website will then be transferred directly to Facebook.
This tells Facebook that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are currently not logged in to Facebook. The information (including your IP address) is transmitted from your browser directly to a Facebook server in the US and stored there. If you are logged in to Facebook, Facebook can add the visit to our website directly to your Facebook account.
Facebook may use this information for advertising, market research and entity-specific Facebook pages. For this purpose, Facebook gathers user, interest and relationship profiles, e.g. to evaluate your visit to our website in relation to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook.
If you do not want Facebook to add any data collected via our website to your Facebook account, you should log out of Facebook before visiting our website.
aa) Facebook Conversion Tracking
To point potential users and customers towards our online offerings, we use the online advertising program "Facebook Advertising" and Facebook Advertising's Conversion Tracking, an analysis service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). A cookie is set by Facebook on your computer ("conversion cookie"), provided you have reached our website via a Facebook ad. These cookies become invalid after 30 days and are not used for personal identification. If you visit specific pages of our website, and the cookie has not yet expired, both we and Facebook can recognize that someone has clicked the ad, was redirected to our site, and has carried out an action. The information gathered by the conversion cookie is used to generate conversion statistics. We get the total number of users who clicked on the ad and who were redirected to a conversion tracking tag page. However, we do not receive any information that personally identifies users. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example, via a corresponding browser setting that generally disables the automatic setting of cookies.
bb) Facebook Remarketing
If you are not interested in supplying content for remarketing, you can hide any content by using the proper controls of the respective page. Just follow the Facebook link (ttp://www.facebook.de/settings/ads) and disable the use of remarketing ads, provided you are logged in to Facebook. Alternatively, users can disable the use of third-party cookies by visiting the opt-out page of the Network Advertising Initiative (http://www.networkadvertising.org/choices/). By using our content, you agree to the processing of your data by Facebook in the manner described and for the purpose stated above. Please note that Facebook has its own privacy policies that are independent of ours. We do not assume any responsibility or liability for these policies and procedures.
9. Google Maps
This website uses the Google Maps API to visually depict geographic information. When people use Google Maps, Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) also collects, processes and uses data about the use of the map functions by web page visitors. When you use Google Maps, information about the way that you use FRIWO’s website, including your IP address, is transmitted to and stored by Google on a server in the United States. The transmission of data to the United States entails risks relating to data protection law, which is why you have the option to deactivate the Google Maps service and prevent data from being transmitted to Google.
10. Rights of the data subject
You have the right:
• pursuant to Art. 15 GDPR to obtain information about your personal data that we process. In particular, you have the right to obtain information about the purposes of the processing; the category of personal data concerned; the categories of recipient to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored; the existence of the right to request rectification or erasure of personal data or restriction of processing or to object to such processing; the right to lodge a complaint; information as to the source of the personal data when we were not the ones to collect it; and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about particulars;
• pursuant to Art. 16 GDPR to obtain without undue delay the rectification of inaccurate personal data that we have stored or to have incomplete personal data completed;
• pursuant to Art. 17 GDPR to obtain the erasure of your personal data that we have stored, to the extent that processing is not necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims;
• pursuant to Art. 18 GDPR to obtain restriction of processing, insofar as you contest the accuracy of the personal data; the processing is unlawful, but you oppose the erasure of the personal data; we no longer need the personal data, but you require it for the establishment, exercise or defence of legal claims; or you have objected to processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to have that data transmitted to another controller;
• pursuant to Art. 7 (3) GDPR to withdraw at any time the consent you gave to us. Doing so means that we will no longer be permitted in future to continue with the data processing based on this consent;
• pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual place of residence, place of work or our registered office.
11. Right to object
If your personal data is processed based on legitimate interests as defined under Art. 6 (1) Clause 1 (f) GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data insofar as there are grounds for doing so relating to your particular situation or are directed against direct marketing purposes. In the case of the latter, you have a general right to object that we will honour without you having to cite a particular situation.
To exercise your right to withdraw consent or to object, simply send an email to firstname.lastname@example.org.
12. Data security
For your visit to our website, we use the widespread Secure Socket Layer (SSL) method, together with the highest encryption level supported by your browser. This usually entails 256-bit encryption. If your browser does not support 256-bit encryption, then we use 128-bit v3 technology instead. You can tell whether an individual page of our website has been transmitted in encrypted fashion by the image of a closed key or lock symbol in the lower status bar of your browser.
We also employ appropriate technical and organisational security measures to protect your data against incidental or intentional manipulation, partial or complete loss, destruction and against unauthorised third-party access. We continually enhance our security measures in line with technological developments.
13. Links to other websites
The FRIWO websites contain links to other websites. FRIWO Gerätebau GmbH is not responsible for the data protection strategies or the content of those other websites.