Privacy Policy

1. Introduction and general information

Thank you for your interest in our website. Protecting your personal data is important to us. Below, we inform you about which personal data is processed when you use our website, for what purposes this happens, and what rights you have as a data subject.

The processing of your personal data takes place in accordance with legal provisions, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications-Digital Services Data Protection Act (TDDDG).

1.1 Controller in the sense of the GDPR

STOBO technische Vertriebsgesellschaft mbH

Managing Director: Dominik Bongers

Bahnstr. 149

50858 Cologne

Phone: 02234 990900

E-Mail: info@stobo.de

1.2 Contact details of the data protection officer

If a data protection officer has been appointed, you can reach them at:

[Name/Company of Data Protection Officer]

[Address]

E-Mail: [Email address]

Please refrain from attaching sensitive information (e.g., copies of identification) to your request.

(Note: If no data protection officer has been appointed, this passage should be replaced accordingly with: "No data protection officer has been appointed, as there is no legal obligation to do so.")

1.3 Definitions

This privacy policy uses the terms of the GDPR. The definitions result in particular from Art. 4 GDPR.

2. Contact options, customer account, orders

2.1 Registration in our online shop / customer account

You have the option to create a customer account in our online shop to place orders. As part of the registration, we process the following personal data in particular:

· First and last name, and title if applicable

· Email address

· Address

· Date and time of registration

· Password (stored encrypted)

Voluntary information (e.g., phone number) can be provided additionally. Mandatory fields are marked accordingly in the input mask.

Legal basis for the processing of data required for setting up the customer account and processing orders is Art. 6 para. 1 lit. b GDPR.

Insofar as voluntary information is provided, processing is based on Art. 6 para. 1 lit. a GDPR (consent).

The data will be deleted as soon as the user account is deleted, provided that no legal retention obligations prevent this. Changes can be made in the user account or initiated by notifying the controller.

2.2 Billing and payment options

If you purchase goods or services subject to charges via our web shop, we process the billing and transaction data required for contract processing (e.g. name, billing address, order and payment amount, time of payment, payment method).

Payment processing usually takes place via external payment service providers (e.g. Shopify Payments, PayPal). Complete payment data (e.g. credit card numbers or complete bank details) are generally not processed or stored by us, but exclusively by the respective payment service provider. We only receive the information required to carry out and document the payment (e.g. payment status, transaction number).

The legal basis is Art. 6 para. 1 lit. b GDPR.

2.3 Shipping process

As part of the shipping process, the address data of the package recipient are transmitted to and processed by warehouse and logistics service providers, to the extent necessary for delivery.

The legal basis is Art. 6 para. 1 lit. b GDPR.

2.4 Order and contract-related emails

We will contact you as part of the purchase process and contract fulfillment, particularly through:

· Order confirmation

· Shipping confirmation

· Payment and billing information

· Notifications about delivery status or necessary queries

This specifically involves the processing of your name, email address, and order and transaction data.

The legal basis is Art. 6 para. 1 lit. b GDPR.

These emails are necessary for proper contract processing and cannot be unsubscribed from.

2.5 Customer retention advertising

In individual cases, we process customer data to conduct direct advertising with existing customers (e.g., review requests).

The legal basis is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG.

You have the right to object to the processing for direct marketing purposes at any time. This also applies to any profiling associated with direct marketing. In the event of an objection, your data will no longer be processed for advertising purposes.

2.6 Contact

If you contact us by email or phone, we process your information, including your contact details (name, email address, phone number), to handle your inquiry and any follow-up questions.

To process inquiries, we use the services of Freshworks GmbH, Neue Grünstraße 17, 10179 Berlin.

We have concluded a data processing agreement with Freshworks in accordance with Art. 28 GDPR.

The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication).

Insofar as your inquiry is aimed at concluding or performing a contract, the legal basis is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as the purpose of the processing no longer applies. Mandatory statutory retention periods remain unaffected. We regularly store inquiries with potential legal relevance until the expiry of the statutory limitation period (usually three years from the end of the calendar year).

3. Processing activities on our website

3.1 Accessing and storing information on terminal equipment (cookies and similar technologies)

When using our website, it may be necessary to store information on your terminal equipment or access already stored information (e.g., through cookies or similar technologies).

Insofar as this is strictly necessary to provide the website and its basic functions (e.g., shopping cart, checkout, login, security functions), access or storage is based on Section 25 para. 2 no. 2 TDDDG.

Insofar as this is not strictly necessary, access or storage takes place exclusively on the basis of your consent in accordance with Section 25 para. 1 TDDDG.

The subsequent processing of personal data is governed by the provisions of the GDPR and is explained in more detail in the following sections.

3.2 Server log files

When you visit our website, data is automatically collected by the hosting provider or web server:

· Date and time of the request

· Name of the requested file

· Page from which the file was requested

· Access status

· Browser type and operating system

· IP address

· Amount of data transferred

The processing is carried out to ensure a smooth connection, system security, and technical administration.

The legal basis is Art. 6 para. 1 lit. f GDPR.

The data is stored for a limited period for security reasons and anonymized or deleted after 90 days at the latest.

3.3 Cookies

Our website was created using the Shopify e-commerce platform. Shopify uses cookies and similar technologies (e.g., pixels, tags) that can be stored on your terminal equipment or used to access already stored information.

Cookies are small text files that are stored on your terminal equipment and contain certain information.

The use of cookies and similar technologies is based on the following principles:

(1) Technically necessary cookies

Insofar as cookies are strictly necessary to enable you to use our website and its basic functions (in particular shopping cart, checkout, login, security functions and storing your cookie settings), access to information on your terminal equipment or its storage is based on Section 25 para. 2 no. 2 TDDDG.

Insofar as personal data is processed in this context, this is done on the basis of Art. 6 para. 1 lit. b GDPR (performance of a contract or implementation of pre-contractual measures) and – if necessary – on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure and functional provision of our online offer).

(2) Cookies not technically necessary (analysis/statistics/marketing)

Insofar as cookies are not strictly necessary, in particular for purposes of analysis, statistics, marketing measurement or the demand-oriented design of our website, access to information on your terminal equipment or its storage takes place exclusively on the basis of your consent in accordance with Section 25 para. 1 TDDDG.

The subsequent processing of personal data is based on Art. 6 para. 1 lit. a GDPR (consent).

You can revoke a given consent at any time with effect for the future. The revocation does not affect the legality of the processing carried out up to that point.

You can set your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or generally, and to activate the automatic deletion of cookies when closing the browser. Please note that the functionality of our website may be limited if technically necessary cookies are deactivated.

3.3.1 Technically necessary cookies (Essential cookies)

We use cookies that are absolutely necessary for the proper operation of the website, the execution of the ordering and checkout process, the management of user and session information, and to ensure IT security and fraud prevention.

These include in particular cookies that

· store the shopping cart and ensure its integrity,

· enable and secure the checkout process,

· provide login, authentication and customer account functions,

· manage regional settings,

· serve for fraud prevention and system security,

· store the implementation of your cookie and data protection preferences.

Access to information on your terminal device and/or storage is based on Section 25 (2) No. 2 TDDDG.

Insofar as personal data is processed, this is done on the basis of Art. 6 para. 1 lit. b GDPR and - if necessary - Art. 6 para. 1 lit. f GDPR.

3.3.2 Cookies for analysis and statistics

If you have given your consent, we use cookies that serve to analyze user behavior, for statistical evaluation and to optimize our website.

Access to information on your terminal device is based on Section 25 (1) TDDDG, and the subsequent processing of personal data is based on Art. 6 para. 1 lit. a GDPR.

3.3.3 Cookies and technologies for marketing and advertising

If you have given your consent, we use cookies and tracking technologies to display targeted advertising and measure marketing campaigns.

Access to information on your terminal device is based on Section 25 (1) TDDDG, and the subsequent processing of personal data is based on Art. 6 para. 1 lit. a GDPR.

3.3.4 Social media, content and CDN services

Our website integrates content and functions from external providers (e.g. videos, fonts, social media functions, CDN).

If cookies or similar technologies that are not absolutely necessary are used, access to information on your terminal device is exclusively based on your consent in accordance with Section 25 (1) TDDDG. In this case, the processing of personal data is based on Art. 6 para. 1 lit. a GDPR.

If the integration is technically absolutely necessary, access is based on Section 25 (2) No. 2 TDDDG. The processing of personal data then takes place on the basis of Art. 6 para. 1 lit. f GDPR.

3.3.5 Managing your cookie settings

Your cookie preferences are stored using consent management mechanisms.

Access to information on your terminal device and/or storage is based on Section 25 (2) No. 2 TDDDG.

Insofar as personal data is processed, this is done on the basis of Art. 6 para. 1 lit. f GDPR.

3.3.6 Storage period

The storage period of the cookies used depends on their purpose and can range from a session to several years.

4. Processing by individual providers

4.1 Google Services

4.1.1 Google Analytics 4 (GA4) / Google Consent Mode

We use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In particular, the following data may be processed in the course of use:

· IP address (usually shortened/anonymized)

· Device information

· Usage data (page views, clicks, dwell time)

· Approximate location data (region)

· Referrer URL

· Interaction data (events)

Processing is only carried out with consent.

Legal basis: Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR.

Google Consent Mode ensures that Google services are either deactivated or operated in a restricted manner depending on your consent.

Storage period of Analytics data: regularly up to 14 months.

4.1.2 Google Ads

We use Google Ads (Google Ireland Limited) to display advertisements.

Processing is only carried out with consent.

Legal basis: Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR.

4.1.3 Google Ads Conversion Tracking

We use Google Ads Conversion Tracking to measure the success of advertisements.

Processing only takes place with consent.