Responsible for data processing in the sense of Art. 4 (7) GDPR (hereinafter "controller") is:
World of Retail Services GmbH
Managing Directors: David Roth and Nima Christian Walber
Commercial Registration No.: HRB 205284
Court of Registration: Göttingen
E-mail address: email@example.com
In the following paragraphs, we inform you of the type, scope and purpose of the collection, processing and use of personal data in our organisation.
Types of data processed
Usage data (access times, websites visited, etc.), master data (name, address, etc.),
contact data (telephone number, e-mail, fax, etc.), communication data (IP address, etc.)
Purposes of the processing according to Art. 13 (1 c) GDPR
Processing of contracts, use as/preservation of evidence, technical and commercial optimisation of the website. Provision of easy access to the website, fulfilment of contractual obligations, contact in the event of legal claims by third parties, fulfilment of legal obligations regarding data retention, optimisation and statistical evaluation of our services, supporting commercial use of the website, improving user experience, making the website user-friendly, cost-effective advertising and operation of the website, marketing/sales/advertising, compilation of statistics, determining the probability of parts of texts being copied and/or plagiarised, preventing SPAM and abuse, handling of job applications, customer service and customer care, handling contact requests, providing the individual web pages with functions and content, security measures, uninterrupted secure operation of the website.
Categories of data subjects according to Art. 13 (1 e) GDPR
Visitors to/users of the website, customers, suppliers, interested parties, employees, job applicants, employees of customers or suppliers.
The data subjects are collectively referred to as "Users".
The legal basis for the processing of personal data is as follows:
- If we have obtained your consent for the processing of personal data, Art. 6 (1.1 a) GDPR is the legal basis.
- If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures which are carried out in response to your request, then Art. 6 (1.1 b) GDPR is the legal basis.
- If the processing is necessary for the fulfilment of a legal obligation to which we are subject (e.g. legal obligations to retain records), then Art. 6 (1.1 c) GDPR is the legal basis.
- If the processing is necessary in order to protect the vital interests of the data subject or another natural person, the legal basis is Art. 6 (1.1 d) GDPR.
- If the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not take precedence, then Art. 6 (1.1 f) GDPR is the legal basis.
As a general principle, we do not transfer any data to third parties without your consent. However, if this should become necessary, the disclosure will be made on the basis of the aforementioned legal regulations. Data may be disclosed, for example, to online payment providers for the purpose of fulfilment of an existing contract, as a result of a court order, because of a legal obligation to release the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights.
We also use processors (external service providers, e.g. for hosting of our websites and databases) to process your data. If data are transferred to the processors, they become part of a contract processing agreement, where the requirements of Art. 28 GDPR are always included. We select our processors carefully, monitor them regularly and have been granted the right to issue instructions to them regarding the data. In addition, the processors must have taken appropriate technical and organisational measures and must comply with the data protection regulations according to BDSG n.F. and GDPR.
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data is therefore predominantly processed by organisations within the scope of the GDPR. If, however, processing is carried out utilising the services of third parties outside the European Union or the European Economic Area, the special requirements of Art. 44 ff. GDPR must be met. The processing then takes place on the basis of specific guarantees, such as official recognition on the part of the European Commission of a level of data protection commensurate with the EU level of protection, or the observance of mutually agreed and binding special contractual obligations, referred to as "standard contractual clauses".
Pursuant to Art. 49 (1.1 a) GDPR, insofar as we obtain your express consent to the transfer of data to the USA, we draw attention to the risk of covert access by US authorities and the use of the data for surveillance purposes, possibly without any legal remedy for EU citizens, as a result of the invalidity of the so-called "Privacy Shield".
We do not make use of automated decision making or profiling.
- If you only use our website for information purposes (i.e. without registration on the website or other transfer of information), we only collect the personal data that your browser transmits to our server. In other words, when you open our website, we collect the following data:
- IP address;
- Internet service provider of the user;
- Date and time of access;
- Browser type;
- Language and browser version;
- Content of the retrieval;
- Time zone;
- Access status/HTTP status code;
- Data volume;
- Websites from which the request came;
- Operating system.
The server logfiles created using these anonymised data are stored separately from all other personal data provided by any affected person.
- These data serve the purpose of user-friendly, functional and secure operation of our website with its functions and content, as well as optimisation and statistical evaluation of such functions and content.
- The legal basis is our legitimate interest in data processing in accordance with Art. 6 (1.1 f) GDPR.
- We store these data in server logfiles for a storage period of several days for reasons of security. After this period, they are automatically deleted unless we need to retain them for evidential purposes in the event of attacks on the server infrastructure or other legal violations.