Dated: October 2021
This privacy statement explains which personal data are being collected in the frame of
- your visit on our website http://www.goufrais.com
- your order via our Goufrais online shop http://goufrais.com/shop/ („Goufrais-Shop“),
- The opening of a client account in our Goufrais shop,
- Your login to the client account in our Goufrais shop,
- The registration for our newsletter,
- The use of the contact form
And for which purpose we use such data and how we use them in order to optimise our services for you.
A. Basic information:
1. Basic information
(1) You can print or save this document by using the usual functionality of your browser (here, it is usually referred to as 'File' or 'Save as').
(2) Unless otherwise described in the following sections, the legal basis for the processing of your personal data arises from the need to handle it in order to provide the functionalities requested by you on this website (art. 6 para. 1b EU General Data Protection Regulation (GDPR)).
2. Person responsible according to para. 27 GDPR
(1) The person responsible according to para. 4 No 7 GDPR is
Owner Michael Keller
Eimeldinger Weg 38
79576 Weil am Rhein
hereinafter called “CMF” or also “we” or “us”. Please find further information about the person responsible in our Imprint.
3. Types of the processed data, categories of concerned individuals, purposes
3.1 Type of the processed data
- Master data (e.g., customer master data such as names, addresses)
- Account data (Login, PW # Hash)
- Contact data (e.g., e-mail, phone number)
- Communication data and history
- Content data (e.g., text entries, photographs, videos)
- Contract data (e.g., subject matter of the contract, term, customer category)
- Payment data (e.g. bank details, payment history)
- Usage data (e.g. sites visited, interest in contents, access times)
- Meta-/communication data (e.g. device information, IP addresses)
- Data according to fig. 4 and 5
- Data according to paragraph B
3.2 Categories of persons concerned
- Visitors and users of the website and of online offers
- Customers, interested parties and business partners
- Newsletter subscribers and direct marketing in existing customer relationships
- Other communication partners
(Hereinafter, we mutually refer to the persons concerned also as “Users”.)
3.3 Purpose of the processing
We use your personal data
- To make the website and the online offer, its functions and contents available.
- To create and manage your personal customer account.
- To identify you as contracting parts
- To answer contact requests and communications with users.
- To assert, enforce, exercise or defend of and against legal claim(s) and legal dispute(s), as well as to detect, investigate and avoid crimes
- For safety measures
- For range measurement
- For the purpose of the direct marketing, e.g. in the form of an e-mail newsletter or postal advertising.
4. Provision of the website and log files
(1) When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser automatically sends to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website and to ensure its stability and security (the legal basis is art. 6 para. 1 sentence 1f GDPR)
- IP address
- Date and time of the request
- Time zone difference to the Greenwich Mean Time (GMT)
- Contents of the demand (specific page)
- Access status/HTTP status code
- Respectively transferred data quantity
- Website the request has come from
- Operating system and its interface
- Language and version of the browser software.
(2) The IP addresses of users will be deleted or made anonymous after the end of use. In the case of an anonymization, IP addresses are changed in such a way that the individual details of personal or factual circumstances can no longer be attributed to a specific or determinable natural person, or can only be attributed to a specific or determinable natural person with a disproportionate amount of time, money and labour.
(1) In addition to the log files data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned and stored on your hard disk, related to the browser you are using. Through the browser, certain information (hereafter 'cookies') is sent to the site that sets the cookie (in this case by us). Cookies cannot execute programs or transfer viruses to your computer. They are used to make the overall Internet presence more user-friendly and effective.
This website uses the following types of cookies, the scope and function of which are explained below:
- Session Cookies (refer to a)
- Persistent Cookies (refer to b).
a) Session cookies will be automatically deleted as soon as you close the browser. They store a so-called session ID, with which various requests can be assigned to the shared session from your browser. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
a) Settings and function
When you visit our website, the country and language selection which you have determined or chosen is stored in cookies in order to save you having to make a new selection on subsequent visits. In advance, we check whether your browser supports cookies and this information is stored in another cookie. Afterwards, you will be shown contact information localised by country and language, which will also be saved. The legal basis for this is art. 6 para. 1 sentence 1b GDPR.
d) Online marketing
We use the online marketing tool DoubleClick by Google in order to continuously improve the internet presence for our customers and interested parties. By using these cookies, we receive information from Google about the use of our website. For example, we learn how often and in which order the individual pages were called up and how much time you spend on our websites on average. We also find out whether you have visited our websites before. The legal basis for this is art. 6 para. 1 sentence 1f GDPR.
Technically necessary cookies
Technically necessary cookies allow the use of our website, by allowing basic functions such as site navigation and access to secure areas of the website. Without such cookies, the visit of our website will not work properly.
Session Cookies - will be deleted by closing the browser.
Services (e.g. browser of the user), representation and preferences
Cookies are used when using our website (e.g. to recognise the browser), to improve the performance (e.g. quicker loading of contents). When you visit our website, the country and language selection which you have determined or chosen is stored in cookies in order to save you having to make a new selection on subsequent visits. In advance, we check whether your browser supports cookies and this information is stored in another cookie. Afterwards, you will be shown contact information localised by country and language, which will also be saved. The legal basis for this is art. 6 para. 1 sentence 1f GDPR.
Session Cookies - will be deleted by closing the browser.
Advertising cookies (Marketing)
We use advertising cookies to be able to assess our advertising measures and derive optimisations hereof. The legal basis for this is art. 6 para. 1 sentence 1f GDPR.
Permanent Cookies - remain, but will be automatically deleted latest after 26 months, if the website has not been visited any more, unless shorter terms apply in the individual case.
(5) Control over cookies
You can configure your browser settings according to your wishes and, for example, control or reject the acceptance of all cookies as you wish. You can delete existing cookies via the browser settings. Please note that you may not be able to use all of the functions of this website if you do so.
6. Contact form and e-mail contact
(1) A contact form is available on our website. If you use this option, the data entered in the input screen will be transmitted to us and stored. The data of the contact form will be transmitted in an encrypted format. The corresponding data can be seen directly on the respective input screen.
At the time of sending, the following data is also stored:
- Your IP address
- Date and time of sending the contact form
(2) For the processing of the data, your consent is always obtained in the course of the sending process and reference is made to this data protection declaration. Alternatively, it is possible to contact us using the e-mail addresses provided. In this case your personal data that is transmitted with the e-mail will be stored. The data will be exclusively used for the processing of the enquiry.
(3) The legal basis for the processing of the data is art. 6 para. 1a GDPR if your consent has been obtained. The legal basis for the processing of data transmitted in the course of sending an e-mail is art. 6 para. 1f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is art. 6 para. 1b GDPR. If the contact inquiry or e-mail contact serves to initiate an employment relationship, especially in the context of an online application, the legal basis for processing is art. 26 GDPR.
(4) For us, the processing of the personal data from the input screen is solely to process the contact request. In the event that you contact us by e-mail, this is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process act to prevent misuse of the contact form and to ensure the security of our information technology systems.
(5) The data will be deleted as soon as they are no longer required for the purpose for which they were collected. This is the case for personal data from the input screen of the contact form and data sent by e-mail when the respective conversation with you has ended. The conversation is finished when from the circumstances, it can be concluded that the matter in question has been finally clarified. At the latest, the additional personal data collected during the sending process will be deleted after a period of seven days.
7. Use of the Goufrais shop
(1) If you would like to order from our Goufrais shop, it is necessary that you provide your personal data for the processing of your order. You do not need to register in order to place your order in the Goufrais shop. You can place an order as a guest or as a registered customer (see point 9). Mandatory information necessary for the processing of the order is marked separately with *. Further information is voluntary. After an examination by us, an order confirmation or the ordered goods will be sent. The legal basis for data processing in order to process your order is art. 6 para. 1 sentence 1b GDPR.
(2) If you buy products from us, we may, in the future, send you information e-mails for similar goods from our product range. The legal basis for this is art. 7 para. 3 Unfair Competition Act. The information e-mails are sent in accordance with our data protection statement. You can object at any time and request that we no longer send you such e-mails.
(3) Under commercial and tax law, we are obliged to store your address as well as payment and order data for a period of ten years. However, after the statutory limitation periods have expired, we will restrict the processing, i.e. your data will only be used to comply with the statutory storage obligations.
(4) In order to prevent unauthorised access to your personal data by third parties, especially financial data, the ordering process is encrypted using SSL technology!
8. Registration function
(1) In our Goufrais shop we offer you the possibility to simplify the ordering process by creating a customer account. Your personal data will then be permanently stored in a password-protected customer account. We need your consent for this. We use the double opt-in procedure for this. After creating a customer account no new data entry is necessary. In addition, you can view and change the data stored about you in your customer account at any time or delete your customer account.
(2) The corresponding data can be seen directly on the respective input screen. Mandatory data is marked with *. The data entered during registration will be used for the purpose of using the Goufrais shop. You can be informed by e-mail about information relevant to offers, the registration process and technical circumstances. If you have deleted your customer account, the personal data stored in it will be deleted. Data which must be retained for reasons under commercial law or tax law in accordance with art. 6 para. 1c GDPR. It is incumbent on you to secure your data before the end of the contract if deletion has taken place. We are entitled to irretrievably delete all of your data stored during the term of the contract after the statutory retention periods have ceased to apply.
(3) We store the IP address and the time of the respective user action within the framework related to the usage of our registration functions and the usage of the customer account. The storage is based on our legitimate interests as well as the legitimate interests of the users concerning protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with art. 6 para. 1c GDPR. The IP addresses are anonymised or deleted after 7 days at the latest.
9. Forwarding to third parties
(1) In the frame of the hosting of our website we will process your data processed by us due to an order processing contract.
(2) We will process the data given by you to execute your order. To perform the contract we will forward your data to the carrier commissioned with our order, insofar as this is necessary to deliver the ordered goods. Furthermore, we will forward the payment data collected for the settlement of payments to the credit institute commissioned by you and if applicable to the payment service provider commissioned by us or to the selected payment service. Partially, the selected payment providers will also collect such data themselves, insofar as you have set up an account. In this case, you have to log on the ordering process with you access data with the payment provider. Insofar, the data protection declaration of the respective payment service provider applies. We are entitled to forward such personal data according to art. 6 para. 1 lit. b) GDPR. Our service providers may only process or use your data for the purpose, for the fulfilment of which they have been transferred to you, if required. You may access the data at any time. As far as data are forwarded to external service providers, we have ensured by technical and organisational measures, that the provisions of the data protection are respected
(3) In case of the use of web analysis service and third-party providers, the data will be transferred in the scope described herein, refer to paragraph B.
10. Storage period
We process and save your personal data, as long as it is necessary to fulfil our contractual and legal obligations. We will delete your personal data as soon as they are no longer required for the above mentioned purposes. At this, it may happen, that personal data are stored for the time, during which claims may be asserted against our companies (statutory limitation periods of three to thirty years). Furthermore, we will save your personal data, insofar as we are legally bound. Respective proof and retention requirements are resulting of labour, tax and social security issues.
11. Automated decision making
As a matter of principle, in order to establish and conduct the business relationship, we do not use fully automated decision making in accordance with art. 22 GDPR.
In order to be able to inform and advise you about products in a targeted manner, we or service providers may use web analysis services, especially tracking technology, on our behalf. This enables communication and advertising to be tailored to your needs. Concerning this matter, we refer to paragraph B.
B. Data processing by third-party providers
(1) For advertising purposes, i.e. sending information related to products and services, company news, invitations to trade fairs and events (hereinafter referred to as a 'newsletter') by e-mail, we ask interested parties for their express consent and agreement to this data protection statement.
(2) We use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided during registration. In this e-mail, we will ask you to confirm that you wish to receive the newsletter by e-mail. If you do not confirm your registration within 72 hours, your personal data will be blocked and automatically deleted after one month (hereinafter referred to as the 'double opt-in procedure'). In addition, we store your addresses and the time of registration and confirmation. The purpose of this procedure in order to provide proof of your registration and, if necessary, in order to clarify any possible misuse of your personal data.
(3) After your confirmation, we save your e-mail address for the purpose of sending the newsletter. The legal basis for this is art. 6 para. 1 sentence 1a GDPR.
(4) You can revoke and cancel your consent to receive the newsletter at any time. You can revoke your consent by clicking on the link provided in each e-mail or by sending a message to the contact details in the Imprint.
(5) We use CleverReach to send newsletters. The company CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede is the provider. CleverReach is a service which allows to organise and analyse the newsletter dispatch. The data (e.g. e-mail address) entered for the purpose of newsletter receipt will be saved on the servers of CleverReach in Germany or Ireland. Our newsletters sent with CleverReach allow to analyse the behaviour of the newsletter recipient. In doing so, it may be analysed among others, how many recipients have opened the newsletter message and how often somebody has clicked on which link in the newsletter. With the help of the so-called conversion tracking it may furthermore be analysed, if a predefined action (e.g. Purchase of a product on our website) has taken place after clicking on the link in the newsletter. Please find futher information about the data analysis by the CleverReach newsletter under: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. If you do not want any analysis by CleverReach, you have to unsubscribe from the newsletter. The data which are stored with us for the purpose of the Newsletter receipt will be saved by us until your removal from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after unsubscribing from the newsletter. Any data which have been saved with us for any other purposes (e.g. e-mail addresses for the member area) remain unaffected hereof.
Please find further information from the data protection regulations of CleverReach on: https://www.cleverreach.com/de/datenschutz/.
14. Google Tag Manager
(1) On our website, we are using the "Google Tag Manager", a service provided by Google. For the European area, the company Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland is responsible (hereinafter called "Google").
(2) Google Tag Manager allows us as marketer to manage website tags on an interface. The Tool Google Tag Manager, which implements tags, is a domain without cookies and does not collect any personal data itself. The Google Tag Manager provides for the release of other tags, which might themselves collect data. The Google Tag Manager does not access such data. If a deactivation has been performed on the domain or cookie level, it will remain for all tracking tags, which are implemented with the Google Tag Manager.
(3) Please find the purpose and scope of the data collection and the further processing and usage of the data by Google as well as you rights and setting options relating thereto to protect your privacy of Google on: https://www.google.com/intl/de/policies/privacy/ .
15. Integration of YouTube
(1) We have integrated YouTube videos into our online presence, which is stored at http://www.YouTube.com and can be played directly from our website. These videos are all embedded in 'enhanced privacy mode', which means that no data about you as a user is transferred to YouTube if you do not play the videos. It is only when you play the videos that the data mentioned in point 13, paragraph 2 will be transmitted. We have no influence regarding this data transfer.
(2) By visiting the website, YouTube receives information that you have called up the corresponding subpage of our website. In addition, the data mentioned under point 3 of this statement is transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be directly assigned to your account. If you don't want the assignment to your profile on YouTube, you have to log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an evaluation is especially carried out (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles. For this, you must contact YouTube in order to exercise this right.
(3) For further information concerning the purpose and scope of data collection and processing by YouTube, please refer to the data protection statement. There, you will also find further information concerning your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy . Google also processes your personal data in the USA and has complied with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framevvork .
16. Facebook Pixel
(1) On our website we are using "Facebook-Pixel", a service of the Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter called “Facebook").
(2) Facebook-Pixel allows Facebook to display our advertisement on Facebook, so-called "Facebook-Ads", only to such Facebook users, who have visited our website, in particular those who have been interested in our online offer or in certain topics or products. Facebook-Pixel allows to check if a user has been forwarded after clicking on the Facebook-Ads on our website. Facebook-Pixel uses among others cookies, i.e. small text files, which are locally saved in the buffer of your web browser on your terminal. If you are logged on Facebook with your user account, the visit of our online offer will be noted down in your user account. The collected data are anonymous for us, i.e. they do not give any indication of the personal identities of the users. However, it is possible to link such data of Facebook to your user account there. We do not have any influence on the scope and further usage of data, which are collected by using Facebook-Pixel by Facebook. To our knowledge Facebook receives the information that you have called up the corresponding part of our website or have clicked on one of our advertisements. If you have a user account with Facebook and if you are registered, Facebook can allocate the visit to your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook would find out your IP address, and if applicable, finds out and saved other identifiers.
(3) We use Facebook-Pixel for marketing and optimisation purposes, in particular to place relevant and interesting ads for you with Facebook, and to improve our offer in this way, to make it more interesting for you as a user, and to avoid nuisance ads. The legal basis for this is art. 6 para. 1 sentence 1a GDPR (approval).
(4) You may withdraw your approval to the above described collection by Facebook-Pixel as well as the usage of your data to represent Facebook-Ads at any time. However, you may make any settings on which kind of ads are being displayed within Facebook on the following webseite of Facebook: https://www.facebook.com/settings?tab=ads. We would like to point out that this setting will be deleted when you delete your cookies. Furthermore, you may also deactivate any cookies, which serve the range measurement and advertising purposes on other websites:
We would like to point out that this setting will also be deleted when you delete your cookies.
(5) Information of the third-party provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
(6) For further information concerning the purpose and scope of data collection and processing by Facebook, please refer to the data protection statement. There, you will also find further information concerning your rights and setting options to protect your data: https://www.facebook.com/about/privacy.
C. Rights of the persons concerned
17. Your rights
If personal data are processed by you, you are a data subject in terms of GDPR and you are entitled to the following rights with respect to us as the controller.
a) Rights according to art. 15 seq. GDPR
(1) The person concerned has the right to demand a confirmation from the person responsible, if they will process the corresponding personal data; if so, he/she has a right of information about such personal data and of the information mentioned in detail in art. 15 GDPR. Under certain statutory conditions you have the right of rectification under art. 16 GDPR, the right to restrict processing under art. 18 GDPR and the right of deletion ('right to be forgotten') under art. 17 GDPR. In addition, you have the right to have the data you provide released in a structured, common and machine-readable format ('right to data transferability') in accordance with art. 20 GDPR, provided that the processing is carried out using automated procedures and is based on consent in accordance with art. 6 para. 1a) or art. 9 para 2a) or based on a contract in accordance with art. 6 para. 1b) GDPR.
b) Withdrawal of a consent according to art. 7 para. 3 GDPR
If the processing is based on consent, you can revoke the given consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
c) Right of appeal
You have the option, to contact us or a data protection supervisory authority with a complaint (Article 77 GDPR). In Baden-Wuerttemberg the responsible supervisory authority is: The Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Postfach 10 29 32, 70025 Stuttgart, Phone: +49 711/615541-0, Fax: +49 711/615541-15, e-mail: email@example.com.
d) Right to object according to article 21 GDPR
In addition to the rights mentioned above, you have the right to object as follows:
Right of objection in individual cases
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you. This is carried out on the basis of article 6 para. 1 lit. e) GDPR (data processing for the public benefit) and article 6 para. 1 lit. f) GDPR (data processing based on a balancing of interests); this also applies to proﬁling based on this provision as defined by art. 4, paragraph 4 of the GDPR.
If you lodge an objection, we will no longer process your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
Right of objection against the processing of data for advertising purposes
In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object, at any time, to the processing of personal data concerning you for the purposes of such direct marketing. This also applies to proﬁling, insofar as it is connected with such direct advertising. If you object to processing for the purposes of direct advertising, we will no longer process your personal data for those purposes.
D. Final clauses
(1) We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all third parties involved in data processing are obliged to comply with the Federal Data Protection Act and to handle personal data confidentially.
(2) In the event of the collection and processing of personal data via the contact form of the web shop, the information is transmitted in encrypted form to prevent misuse of the data by third parties.
19. Changes to our data protection regulations
We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments. In such cases we will also adapt our data protection statement accordingly. Therefore, please note the current version of our data protection statement.