Effective Date: Friday, 31.02.2023
The protection of your personal data is important to us. It is a principal part of our development and sales activity. GEZEITEN collects and uses your personal data exclusively in the framework of the provisions of data protection law which apply in the Federal Republic of Germany. The following explanations provide information about the way in which personal data (hereinafter referred to as “data”) is collected and used as well as the extent of such collection and use and its purpose. This information can be read at any time on our website.

This Website is published by GEZEITEN GmbH, Pappelweg 8, 74081 Heilbronn (Germany).

In the following, you will receive an initial overview of the types of data that are processed, and the subjects affected by this processing.

We collect and use your personal data where this is necessary to enable you to use our Internet service and to settle charges for the same (usage data). These include but are not limited to characteristics used to identify you as well as information about the times at which you start and finish using our service and the extent to which you make use of it. If you have provided us with personal data we only use such data in response to your queries, to process contracts concluded with you and for technical administration. Your personal data shall only be disclosed to third parties or otherwise communicated if this is necessary for the purpose of performing the contract - including but not limited to communicating order data to suppliers - and of making settlement or if you have consented in advance. You have the right to revoke your consent with effect for the future at any time.

Stored personal data is deleted whenever you revoke your consent to this storage, whenever knowledge of such data is no longer required to meet the purpose of which the data has been stored or if such data cannot be stored for any other legal reasons.

If you subscribe to our newsletter your e-mail address will be used for internal advertising purposes until such time as you cancel your subscription to the newsletter. Subscriptions can be cancelled at any time.

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk, Article 32 GDPR. The security measures we take include, in particular, the following.

Secure Sockets Layer | Transport Layer Security (SSL):We use SSL / TLS for encrypted transmission of data between the end devices of our visitors and our server. In this way, the risk of unauthorized viewing of the transmitted data is significantly reduced.

HTTP Strict Transport Security (HSTS):
Our server transmits an instruction to the end device of our users in the header of its response to request it to exclusively communicate encrypted via SSL / TLS. This prevents so-called HTTP downgrade attacks.

In the course of our processing of personal data, it may happen that the data is transferred to or is disclosed to other bodies, companies, legally independent organizational units, or persons. The recipients of this data may include, in particular:

IT-Service Providers:
This includes service providers for the provision of hosting, mail services and server technology.

Payment Service Providers:
Service providers who cooperate with us to process payments. 

Shipping Service Providers:
Service providers who perform logistical tasks for us. These include, in particular, parcel service providers.

Authorities:
Government agencies with which we exchange data in order to fulfill orders or for legal reasons.

In such a case, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to adequately protect the data. We carefully and conscientiously select third parties to whom we disclose data. Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Insofar as we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or the processing is carried out by third parties outside this area, this processing is only carried out in accordance with the applicable legal provisions. Subject to the express consent of the data subjects or legally required transfers, we only process data or have data processed in third countries with an adequate level of protection. This includes, in particular, countries that process data on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent to its processing has been revoked or other permissions (e.g. legitimate interests, legal obligations, etc.) cease to apply. If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. Further information on the deletion of personal data is provided, where applicable, under the individual points of this data protection declaration.

In the following, we will inform you about the legal basis of the German General Data Protection Regulation (GDPR), on the basis of which we process personal data. In addition to the regulations of the GDPR, national regulations of the respective user’s country of residence or domicile may apply.

Legitimate Interests (Art. 6 para. 1 p.1 lit. f GDPR):

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Contract Performance and Pre-contractual Inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR):

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal Obligation (Art. 6 para. 1 p. 1 lit. c. GDPR):Processing is necessary for compliance with a legal obligation to which the controller is subject.

Protection of Vital Interests (Art. 6 para. 1 p. 1 lit. d. GDPR):

Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

Application Procedure as a Pre-Contractual or Contractual Relationship (Art. 9 para. 1 p. 1 lit. b GDPR):

(Insofar as special categories of personal data within the meaning of Article 9 (1) of the GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in the context of the application process so that the controller or the data subject can exercise the rights accruing to him or her under labor law and social security and social protection law and fulfill his or her obligations in this regard, their processing shall be carried out in accordance with Article 9 (2) b. GDPR, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. GDPR or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. GDPR. In the case of communication of special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. GDPR.).

Data Processing for Purposes of the Employment Relationship (§ 26 BDSG):

We process (special) types of personal data in the employment relationship on the basis of the statutory provision for the purpose of establishing, implementing and terminating the employment relationship.

Consent (if requested) (Art. 6 para. 1 p. 1 lit. a GDPR):

The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Storing information in the End User's Terminal Device with the End User's Consent (§ 25 para. 1 p. 1 TTDSG):

We use memory areas of the terminal device of our users for certain functions with the explicit and informed consent of the same.

Storing Information in the End User's Terminal Device out of Necessity. (§ 25 para. 2 No. 2 TTDSG):

Unless we have asked for your permission when you visit our website or use individual functions, we use the memory of your terminal device for the technical presentation and delivery of our telemedia service if this is technically necessary.

Processing for the Exercise of a Public Interest (Art. 6 para. 1 lit. e GDPR):

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The affected subjects have rights, which we inform you about below.

Right of Objection (Art. 21 GDPR):

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) (GDPR), including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right of Access (Art. 15 GDPR):

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information. 

Right of Rectification (Art. 16 GDPR):

You subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Erasure and to Restriction of Processing (Art. 17, 18 GDPR):

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, or alternatively, to have the right to obtain from the controller restriction of processing of the data in accordance with the statutory provisions.

Right to Data Portability (Art. 20 GDPR): The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. 

Right to Lodge a Complaint With a Supervisory Authority (Art. 77 GDPR):

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. 

Right to Withdrawal of Consent (Art. 7 para.3 GDPR): 

The data subject shall have the right to withdraw his or her consent at any time.