World of Retail Services
respects your Privacy

Privacy Policy

In accordance with the legal requirements of data protection law (in particular in accordance with the New German Privacy Act (BDSG n.F.) and the European General Data Protection Regulation (GDPR)), we hereby inform you of the nature, scope and purpose of the processing of personal data by our organisation. This privacy policy also applies to our websites and social media profiles. For definition of terms such as "personal data" or "processing", please refer to Art. 4 GDPR.

NAME AND CONTACT DETAILS OF THE CONTROLLER(S)

Responsible for data processing in the sense of Art. 4 (7) GDPR (hereinafter "controller") is: 

World of Retail Services GmbH
Angerstrasse 7
37073 Goettingen
Germany 

Managing Directors: David Roth and Nima Christian Walber 

Commercial Registration No.: HRB 205284
Court of Registration: Göttingen 

E-mail address: info@retail-services.net 

TYPES OF DATA, PURPOSES OF PROCESSING AND CATEGORIES OF DATA SUBJECTS

In the following paragraphs, we inform you of the type, scope and purpose of the collection, processing and use of personal data in our organisation.

Types of data processed

Usage data (access times, websites visited, etc.), master data (name, address, etc.),
contact data (telephone number, e-mail, fax, etc.), communication data (IP address, etc.) 

Purposes of the processing according to Art. 13 (1 c) GDPR

Processing of contracts, use as/preservation of evidence, technical and commercial optimisation of the website. Provision of easy access to the website, fulfilment of contractual obligations, contact in the event of legal claims by third parties, fulfilment of legal obligations regarding data retention, optimisation and statistical evaluation of our services, supporting commercial use of the website, improving user experience, making the website user-friendly, cost-effective advertising and operation of the website, marketing/sales/advertising, compilation of statistics, determining the probability of parts of texts being copied and/or plagiarised, preventing SPAM and abuse, handling of job applications, customer service and customer care, handling contact requests, providing the individual web pages with functions and content, security measures, uninterrupted secure operation of the website.

Categories of data subjects according to Art. 13 (1 e) GDPR

Visitors to/users of the website, customers, suppliers, interested parties, employees, job applicants, employees of customers or suppliers. 

The data subjects are collectively referred to as "Users". 

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The legal basis for the processing of personal data is as follows:

  1. If we have obtained your consent for the processing of personal data, Art. 6 (1.1 a) GDPR is the legal basis.
  2. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures which are carried out in response to your request, then Art. 6 (1.1 b) GDPR is the legal basis.
  3. If the processing is necessary for the fulfilment of a legal obligation to which we are subject (e.g. legal obligations to retain records), then Art. 6 (1.1 c) GDPR is the legal basis.
  4. If the processing is necessary in order to protect the vital interests of the data subject or another natural person, the legal basis is Art. 6 (1.1 d) GDPR.
  5. If the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not take precedence, then Art. 6 (1.1 f) GDPR is the legal basis. 

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES AND PROCESSORS

As a general principle, we do not transfer any data to third parties without your consent. However, if this should become necessary, the disclosure will be made on the basis of the aforementioned legal regulations. Data may be disclosed, for example, to online payment providers for the purpose of fulfilment of an existing contract, as a result of a court order, because of a legal obligation to release the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights. 

We also use processors (external service providers, e.g. for hosting of our websites and databases) to process your data. If data are transferred to the processors, they become part of a contract processing agreement, where the requirements of Art. 28 GDPR are always included. We select our processors carefully, monitor them regularly and have been granted the right to issue instructions to them regarding the data. In addition, the processors must have taken appropriate technical and organisational measures and must comply with the data protection regulations according to BDSG n.F. and GDPR. 

DATA TRANSFER TO THIRD COUNTRIES

The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data is therefore predominantly processed by organisations within the scope of the GDPR. If, however, processing is carried out utilising the services of third parties outside the European Union or the European Economic Area, the special requirements of Art. 44 ff. GDPR must be met. The processing then takes place on the basis of specific guarantees, such as official recognition on the part of the European Commission of a level of data protection commensurate with the EU level of protection, or the observance of mutually agreed and binding special contractual obligations, referred to as "standard contractual clauses". 

Pursuant to Art. 49 (1.1 a) GDPR, insofar as we obtain your express consent to the transfer of data to the USA, we draw attention to the risk of covert access by US authorities and the use of the data for surveillance purposes, possibly without any legal remedy for EU citizens, as a result of the invalidity of the so-called "Privacy Shield". 

DELETION OF DATA AND STORAGE PERIOD

Unless expressly stated to the contrary in this Privacy Policy, your personal data will be deleted or blocked as soon as you revoke your consent to the processing, or if the original purpose of the storage no longer applies, or the data is no longer required for the purpose, unless continued storage of the data is necessary for evidentiary purposes or the deletion would be contrary to statutory data retention obligations. This includes, for example, retention obligations under commercial law with regard to business correspondence in accordance with Section 257 (1) of the German Commercial Code (HGB) (6 years) and retention obligations under German tax law for receipts in accordance with Section 147 (1) of the German Fiscal Code (AO) (10 years). When the prescribed retention period expires, your data will be blocked or deleted unless the storage is still essential for the conclusion or fulfilment of a contract.

AUTOMATED DECISION MAKING

We do not make use of automated decision making or profiling.

OPERATION OF OUR WEBSITE AND CREATION OF LOGFILES

  1. If you only use our website for information purposes (i.e. without registration on the website or other transfer of information), we only collect the personal data that your browser transmits to our server. In other words, when you open our website, we collect the following data:

    - IP address;
    - Internet service provider of the user;
    - Date and time of access;
    - Browser type;
    - Language and browser version;
    - Content of the retrieval;
    - Time zone;
    - Access status/HTTP status code;
    - Data volume;
    - Websites from which the request came;
    - Operating system.
    The server logfiles created using these anonymised data are stored separately from all other personal data provided by any affected person.
  2. These data serve the purpose of user-friendly, functional and secure operation of our website with its functions and content, as well as optimisation and statistical evaluation of such functions and content.
  3. The legal basis is our legitimate interest in data processing in accordance with Art. 6 (1.1 f) GDPR. 
  4. We store these data in server logfiles for a storage period of several days for reasons of security. After this period, they are automatically deleted unless we need to retain them for evidential purposes in the event of attacks on the server infrastructure or other legal violations. 

We use cookies
Cookie preferences
Below you may find information about the purposes for which we and our partners use cookies and process data. You can exercise your preferences for processing, and/or see details on our partners' websites.
Analytical cookies Disable all
Functional cookies
Other cookies
We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. Learn more about our cookie policy.
Change preferences Accept all
Cookies