Notes on data protection

Thank you for your interest in our website. Data protection has a particularly high priority for us. The use of our website is possible without any indication of personal data. However, if a data subject wants to make use of special offers via our website, processing of personal data could become necessary. If the processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed.


I. Name and address of the controller 

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is: 

EFALOCK Professional Tools GmbH
Gattingerstr. 20
97076 Würzburg
GERMANY 

Phone: +49 (0)931 6 19 05-70
Fax: +49 (0)931 6 19 05-91
E-mail: info@efalock.de


If you have any questions or comments regarding data protection, you can reach our data protection officer at: 

Patric Rudtke
c/o EFALOCK Professional Tools GmbH
Gattingerstr. 20
97076 Würzburg
E-mail: datenschutz@efalock.de


II. Provision of the website and creation of log files 

1. Scope and description of processing of personal data
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- Information about the browser type and the version used.
- The operating system of the user
- The user's Internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites that are accessed by the user's system via our website 

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.  

2. Legal basis for the processing of personal data
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR. 

3. Purpose of the processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR. 

4. Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is usually the case after three months at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible. 

5. Objections and erasure
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user. 


III. Use of cookies 

We use cookies or similar technologies on our website according to the information you provide, or as required by us to provide website functionality.


Registration on this website 

You can register on our website to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration. For important changes, for example in the scope of the offer or for technically necessary changes, we use the e-mail address provided during registration to inform you in this way. The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke any consent you have given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation. The data collected during registration will be stored by us as long as you are registered on our website and will then be deleted. Legal retention periods remain unaffected.


Processing of data (customer and contract data) 

We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data about the use of our Internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user. The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.


Data transmission upon conclusion of the contract for online stores, dealers and shipment of goods

We transmit personal data to third parties only if this is necessary in the context of the contract, such as to the companies entrusted with the delivery of the goods or the credit institution entrusted with the payment processing. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. 

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.


Data transmission upon conclusion of the contract for services and digital content 

We transmit personal data to third parties only if this is necessary for the execution of the contract, for example, to the credit institution entrusted with the processing of payments. 

A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. 

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.


Notepad (Wishlist) 

1. Scope and description of processing of personal data
We offer you the possibility via our notepad functionality to keep your shopping wishes temporarily available for a certain period of time until the purchase beyond the current website visit. The personal data processed in the process are, in addition to the above-mentioned information on the basic visit to our website.

2. Legal basis for the processing of personal data
The legal basis for the processing is your consent according to Art. 6 para. 1 lit. a GDPR. 

3. Purpose of the processing
The functions of the notepad may provide you with convenient shopping experience. 

4. Storage period
The data of the processing described here are deleted usually after a storage period of 14 days. 

5. Objections and erasure
If you do not want the notepad function to be active, you can object to the consent-based processing in advance in the sense of not agreeing. In this case, however, you will not be able to use this function. 


StoreLocator via Google Maps 

1. Scope and description of processing of personal data
This website uses Google Maps on some subpages to display interactive maps and directions for and to dealers and sales partners. The map service Google Maps which is offered for users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (together "Google"). By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA. The data accruing in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we obtain your express consent for this data transfer via the cookie banner in accordance with Art. 49 (1) lit. a DSGVO. Basis for the third country transfer: Trans-Atlantic Data Privacy Framework. When you call up a web page on our website that contains Google Maps, your browser establishes a direct connection with Google's servers. The map content is transmitted by Google directly to your browser, which then integrates it into the website. Therefore, we have no influence on the scope of the data collected by Google in this way. If you call up the Google map service on our website while you are logged into your Google profile, Google may also link this event to your Google profile. If you do not want the association with your Google profile, it is necessary that you log out of Google before calling our contact page. Google stores your data and uses it for purposes of advertising, market research and personalized presentation of Google Maps. You can object to this data collection vis-à-vis Google. 

2. Legal basis for the processing of personal data
The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Art. 49 para. 1 lit. a GDPR based on our legitimate interest to integrate a map service for user convenience. 

3. Purpose of the processing
Google will use this information to display interactive maps and generate directions and provide related services to EFALOCK. 

4. Storage period
The data of the processing described here will be deleted by Google after a specifically defined storage period. You can find more information about this under https://mapsplatform.google.com/

5. Objections and erasure
If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings or object to the consent-based processing in advance. In this case, however, you will not be able to use the map display. The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and settings options for protecting your privacy, can be found in Google's privacy policy under www.google.com/intl/de/policies/privacy/


IV. E-mail contact, postal deliveries 

1. Scope and description of processing of personal data
Auf unserer Website ist eine Kontaktaufnahme über die bereitgestellte E-Mail-Adresse möglich. In diesem Fall werden die mit der E-Mail übermittelten personenbezogenen Daten des Nutzers gespeichert. Gleiches gilt analog für Postzusendungen. Es erfolgt in diesem Zusammenhang keine Weitergabe der Daten an Dritte. Die Daten werden ausschließlich für die Kommunikation mit dem Nutzer verwendet. 

2. Legal basis for the processing of personal data
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. The same applies analogously to postal deliveries. The provision of personal data is not required by law or contract, but may serve to conclude a contract for the reasons stated above. If you do not wish to provide the data, this will mean that we will not be able to contact you. 

3. Purpose of the processing
The processing of personal data is solely for the purpose of processing the contact. The same applies analogously to postal deliveries. 

4. Categories of recipients of personal data and data processing outside the European Union
As a matter of principle, we do not pass on personal data to third parties unless we are required to do so by law or have received consent to do so. An exception to this is the involvement of the service provider that enables the hosting of the website. Data processing outside the European Union does not take place as a matter of principle. 

5. Storage period
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by e-mail or postal mail, this is the case when the respective conversation with the user has ended. 

6. Objections and erasure
If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case, unless there are legal retention periods to the contrary. The same applies analogously to postal deliveries. 


V. Rights of the data subject 

If personal data of yours is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller: 

1. Right of access
You can request information from the responsible party at any time, subject to the requirements of Art. 15 GDPR, as to whether and how your personal data is processed by us. 

2. Right to rectification
In compliance with the requirements of Art. 16 GDPR, you have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller shall carry out the rectification without undue delay. 

3. Right to erasure (‘right to be forgotten’)
You may request the controller to erase your personal data and assert the right to be forgotten, subject to the requirements of Article 17 of the GDPR. 

4. Right to restriction of processing
You may request the controller to restrict processing, subject to the requirements of Art. 18 GDPR. 

5. Right to information (Notification obligation)
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. In accordance with Art. 19 of the GDPR, you have the right to be informed about these recipients. 

6. Right to data portability
Subject to the requirements of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. 

7. Right to object
Subject to the requirements of Article 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which has been processed on the basis of Article 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions. 


Security measures

We implement appropriate technical and organizational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity for the risk of the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of data, and response to data compromise. Furthermore, we already take the protection of personal data into account in the development and selection of hardware, software and processes, in accordance with the principle of data protection by design and data protection by default (Article 25 of the GDPR). 


Cooperation with processors and third parties 

Insofar as we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this shall only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is required for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 DSGVO.

Transfers to third countries 

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure, or transfer of data to third parties, this will only occur if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection that corresponds to the EU (e.g. for the USA through the " Trans-Atlantic Data Privacy Framework") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses"). 


Business related processing 

In addition, we process
- Contractual data (e.g., subject matter of the contract, term, customer category).
- Payment data (e.g., bank details, payment history) of our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.


VI. Right to complain to a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.


Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision)

Home address:

Promenade 18
91522 Ansbach
Germany


Postal address:  

Postal box code: 1349 
91504 Ansbach 
Germany

Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800 

E-Mail: poststelle@lda.bayern.de