Data protection
In the following we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply. If more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data during data processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.
Newsletters and electronic notifications
We send newsletters, e-mails and other electronic notifications (hereinafter "newsletter") only with the consent of the recipient or legal permission. If the content of the newsletter is specifically described when registering for the newsletter, it is decisive for the consent of the user. Incidentally, our newsletters contain information about our services and us.
To register for our newsletters, it is generally sufficient to provide your email address. However, we can ask you to provide a name for the purpose of addressing you personally in the newsletter, or to provide further information if this is necessary for the purposes of the newsletter.
Double opt-in procedure: The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else's e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes saving the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
Deletion and restriction of processing: We can save the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to save the e-mail address in a blacklist (so-called "blocklist") for this purpose alone.
The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving that it has proceeded properly. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.
Notes on legal bases: The newsletter is sent on the basis of the recipient's consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of advertising to existing customers. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded based on our legitimate interests to demonstrate that it was carried out in accordance with the law.
Contents: Information about us, our services, promotions and offers.
Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta / communication data (e.g. device information, IP addresses).
Affected persons: communication partner.
Purposes of processing: direct marketing (e.g. by email or post).
Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Opposition option (opt-out): You can cancel the receipt of our newsletter at any time, ie revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably e-mail.
Presence in social networks (social media)
We maintain an online presence within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because it could make it more difficult to enforce the users' rights, for example.
Furthermore, the data of the users within social networks are usually processed for market research and advertising purposes. For example, usage profiles can be created on the basis of user behavior and the interests of the users resulting therefrom. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.
Facebook: We are together with Facebook Ireland Ltd. responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see “Things You and Others Do and Provide” in the Facebook Data Policy: https: // www.facebook.com/policy), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook data policy declaration: https://www.facebook.com/policy). As explained in the Facebook data policy under "How do we use this information?", Facebook also collects and uses information to provide analysis services, so-called "page insights", for website operators so that they can obtain information about how people use their pages and interact with the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and which Facebook itself has agreed to fulfill the rights of the data subject (ie users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data).
Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device Information, IP addresses).
Affected persons: users (e.g. website visitors, users of online services).
Purposes of processing: contact inquiries and communication, tracking (e.g. interest- / behavior-related profiling, use of cookies), remarketing, range measurement (e.g. access statistics, recognition of returning visitors).
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers:
Instagram: social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Data protection declaration: https://instagram.com/about/legal/privacy.
Facebook: social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/about/privacy; Opposition option (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=ads.
Responsible person
Dominik Roser, Black Forest Detail
Ludiwg-Blum-Strasse 15
77716 Haslach in the KinzigtalAuthorized representatives: Management Dominik Roser
Email address: blackforestdetail@gmx.de
Telephone: 01573/3252864