Privacy Notice
Privacy Policy
Protecting your privacy is very important to us. We carry out all data processing procedures (such as collection, processing and transmission) in accordance with European and German data protection law.
This Policy provides an overview of what data is requested by our website, in what way this data is used and transferred, how you can request information about the data provided to us and what security measures we use to protect your data.
1. Who is your contact (controller) for data protection issues?
The controller in terms of data protection law for all data processing procedures which take place via our website is:
Kümmel & Co. GmbH
Lochweg 19
97318 Kitzingen
Germany
Telephone: +49 9321 38 78 0
Fax: +49 9321 38 78 33
Email: info@dress-for-school.de
Data Protection Officer:
Data Protection Officer c/o Kümmel & Co. GmbH, Lochweg 19, 97318 Kitzingen, Germany
Email: datenschutz@dress-for-school.de
Please send any questions regarding data protection and asserting your rights (see below) to the above address for the attention of the Data Protection Officer.
2. What data do we require from you in order to use our website? What data is collected and stored during use?
Personal data is all information which relates to an identifiable or non-identifiable natural person (“data subject”), such as your name, address, telephone number, date of birth, bank details and IP address.
We only collect and use the personal data of our users to the extent this is required to provide a functional website and the content and services of our website. Personal data of our users is only collected and used with the user’s consent. An exception is made in cases where it is not possible to obtain prior consent for factual reasons and the data processing is permitted by law.
Usage data
The following data is logged solely for internal system-related and statistical purposes (usage data) when using our website:
1. Information about the browser type and the version used
2. The user's operating system
3. The user's IP address
4. Date and time of the request
5. The website visited before our website
The data is stored in our system as log files. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) General Data Protection Regulation (GDPR).
It is necessary for the system to temporarily store the IP address to enable the website to be displayed on the user's computer. To do so the user’s IP address must remain stored for the duration of the session.
Log files are stored to ensure the functionality of the website. In addition the data serves to optimise the website and ensures the security of our IT systems. The data is not evaluated for marketing purposes.
These purposes also form the basis of our legitimate interest for data processing in accordance with Article 6 (1) (f) GDPR.
Data is erased when it is no longer required to fulfil the purpose for which it was collected. If data has been collected to display the website this is the case at the end of the respective session.
If data has been stored in log files it is erased after seven days at the latest. Further storage is possible. In this case the user’s IP address is erased or distorted so that assigning the requesting client is no longer possible.
Collecting data to display the website and storing data in log files is absolutely necessary to operate the website. The user may not object to such processing.
Registering
Users are able to provide personal data in order to register on our website. Data is entered in the entry fields and transmitted to and stored by us. This data is not forwarded to third parties. The following data is processed as part of the registration process:
· First name and surname
· Email address
· Password
· Telephone number and fax number (providing a fax number is optional)
· Full address
The following data is stored when you register:
· Date and time of registration
The legal basis for the processing of data with the user’s consent is Article 6 (1) (a) GDPR.
If registration is carried out for the performance of a contract entered into with the user or to take steps prior to entering into a contract the additional legal basis for processing is Article 6 (1) (b) GDPR.
Registration by a user is necessary for the performance of a contract entered into with the user or to take steps prior to entering into a contract.
Data is erased when it is no longer required to fulfil the purpose for which it was collected.
For the registration process to perform a contract or to take steps prior to entering into a contract, this is the case when the data is no longer required for the performance of the contract. After the conclusion of the contract it may be necessary to store the personal data of the contractual partner in order to comply with contractual or legal obligations.
Users may de-register at any time by sending an email to info@dress-for-school.de requesting this. You may make changes to the data saved about yourself at any time.
If data is necessary for the performance of a contract or to take steps prior to entering into a contract it is only possible to erase data prematurely if there are no contractual or legal obligations which oppose such an erasure.
3. How and for what purpose is my data used and, if applicable, disclosed to third parties?
Your personal data provided by yourself is used to answer your queries, process your orders in our online shop and for the technical administration of our website.
Your personal data is only disclosed, sold or otherwise transferred to third parties if such disclosure is required for the purpose of processing the contract, for accounting purposes or to collect payment, (for example shipping companies and payment providers) or you have given your express consent. In addition we are entitled to disclose personal data for debt collection purposes and reserve the right to exchange data with credit information agencies (e.g. Schufa); this is only carried out if the legal requirements for such an action have been met.
The legal basis for the disclosure of data to third parties for the purpose of processing the contract or for accounting purposes is Article 6 (1) (b) GDPR.
Disclosure prescribed by law
Please note that in individual cases we are permitted to disclose data upon request by the responsible public bodies provided it is required for the purpose of law enforcement, hazard prevention by the police authorities of the state, to fulfil the statutory tasks of federal and state authorities in defence of the constitution, the Federal Intelligence Agency or military counter intelligence, or to enforce intellectual property rights.
4. What security measures have been taken to protect your data?
We have implemented many security measures in order to adequately protect your personal data to a reasonable extent.
Our databases are protected by physical, technical and procedural measures which only allow specifically authorised persons to access information in accordance with this Privacy Policy. Our information system is located behind a firewall in order to prevent access from other networks which are connected to the Internet. Only employees who require the information to fulfil a specific task are granted access to personal data. Our employees receive security and data protection training.
Our web pages use the industry-standard SSL encryption technology when collecting and transferring data. Personal data transferred as part of the order process is transferred using SSL encryption which can be recognised by the padlock symbol in your browser and the prefix “https://” on the web address.
Your password to access our website must never be shared with third parties and it should be changed regularly. Furthermore you should not choose the same password to access our website that you use to access other password protected websites (email account, online banking etc.). When you leave our website you should log out and close your browser in order to avoid unauthorised users gaining access to your user account.
We cannot guarantee the complete security of data sent by email.
5. When using our website a cookie will be placed on your computer. What does this mean?
We use cookies on our website. Cookies are text files containing a small amount of data which the web server sends to your browser. These are only saved on your hard drive. Cookies can only be read by the server which sent them and receive information about what you viewed on a website and when you viewed it. Cookies themselves only identify the IP address of your computer and do not store any personal information such as your name. Data stored in cookies is not linked to your personal data (name, address etc.).
We use cookies to improve the user-friendliness of our website. Some elements of our website require that your browser can be identified even after changing pages.
Only the session ID and your registration data will be saved in the cookies during this session. This data is not assigned to the user. The data is not stored together with other personal data of the user.
You can decide yourself whether to accept cookies. By changing your browser settings you have the choice to accept cookies, to be notified when cookies are placed or to reject cookies (this can normally be found under “Options” or “Settings” in the browser’s menu).
Cookies which are technically necessary are used to make it easier for users to use our website. Some functions of our website may not be able to be offered without the use of cookies. For this your browser must be able to be re-recognised after the page has been changed.
The user data collected by the technically necessary cookies is not used to create user profiles.
These purposes also form the basis of our legitimate interest for processing personal data in accordance with Article 6 (1) (f) GDPR.
Cookies are stored on the user’s computer and transmitted to our website. Therefore the user has complete control over the use of cookies. By changing your browser settings you can deactivate or restrict the transmission of cookies. Cookies that have already been stored may be erased at any time. This can also happen automatically. If cookies are deactivated for our website this may mean that you are no longer able to fully use all the functions of the website.
6. Use of services for marketing and analysis purposes
We do not use any services for marketing and analysis purposes in addition to the technically necessary session cookies.
7. Rights of the data subject
If your personal data is processed you are a data subject in terms of the General Data Protection Regulation and you have the following rights against the controller:
Access, rectification, restriction of processing and erasure
You have the right to access your personal data saved by us free of charge at any time, to be informed of the origin and recipients, and the purpose for which your data is processed via our website. In addition you have the right to require the rectification, erasure and restriction of processing of your personal data if the legal requirements for such an action have been met.
Right to data portability
You have the right to receive the personal data concerning yourself that you have provided to us as the controller in a structured, commonly used and machine-readable format. We can comply with this right by providing you with a csv export of your processed customer data.
Right to information
If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller is obligated to inform all recipients to whom your personal data was disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or would involve disproportionate expenditure.
You have the right to be informed of these recipients by the controller.
Right of withdrawal
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is carried out on the basis of Article 6 (1) (e) or (f) GDPR.
The controller will no longer process your personal data, unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If your personal data is processed for the purposes of direct marketing you have the right to object at any time to the processing of your personal data for the purpose of such marketing.
If you object to processing for the purpose of direct marketing your personal data will no longer be processed for this purpose.
Withdrawing declarations of consent made under data protection law
You also may withdraw your consent for the future by contacting us using the contact details below.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the EU General Data Protection Regulation.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
8. Changes to this Privacy Policy
We reserve the right to make changes to this Privacy Policy when necessary without notice. Please check this page regularly for any potential changes to this Privacy Policy.
As at May 2018
