Privacy Policy
The protection of your personal data (hereinafter also referred to as "data") is very important to us. The processing of your personal data during your visit of our website and online shop is carried out exclusively within the scope of the applicable data protection regulations.
1. Name and contact details of the data controller
Responsible within the meaning of the General Data Protection Regulation (hereinafter "GDPR"), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
Abrasive Imaging GmbH
Scharpenberg 40
D-45468 Mülheim an der Ruhr
Legally represented by the Managing Director: Matthias Stange
Tel: +49 (0)176 22621439
Fax: +49 (0) 208 20584814
E-mail: info@abrasive-imaging.de
Imprint: http://www.abrasive-imaging.com/IMPRINT/
2. Overview of the processing activities
The following overview summarises the purposes for which the personal data are processed, the categories of personal data, the categories of data subjects and the legal basis. The details of the individual processing activities can be found in the other sections of this privacy policy:
Purposes for which the personal data are processed:
• Ensure a smooth connection of the website
• Ensure a comfortable use of our website
• Evaluation of system security and stability
• Other administrative purposes
• Enabling or simplifying the use of the online shop
• Establishing contact and communication
• Provision of contractual services
• Documentation of orders
Categories of personal data:
• Usage data (e.g. sub-pages visited, access times, etc.)
• Meta and communication data (e.g. device information, IP address)
• Shopping cart content
• Inventory data (e.g. first name, last name, address, telephone)
• Contact data (e.g. e-mail address, telephone number)
• Content of the request
• Order data (e.g. order history)
• Payment data (e.g. bank details, payment history, e-mail address)
• Contract data (e.g. subject matter of the contract)
Categories of data subjects:
• Visitors to the website / online shop
• Communication partners
• Customers
Legal bases:
• Consent (Art. 6 para. 1 s. 1 letter a) GDPR): The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
• Performance of a contract and pre-contractual requests (Art. 6 para. 1 s. 1 letter b) GDPR): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• Legitimate interests (Art. 6 para. 1 s. 1 letter f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
3. Details of the processing activities
In this section we describe the processing activities in detail.
a) Provision of the website / online shop
Each time you visit our website or the online shop, your browser automatically sends information to the server of our website and temporarily stores it in a so-called log file.
The following data is collected without your intervention and stored until automatic deletion:
• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each request
• Website from which the request came
• Browser type
• Operating system and its interface
• Language and version of the browser software.
The above data will be processed by us for the following purposes:
• Ensure a smooth connection of the website
• Ensure a comfortable use of our website
• Evaluation of system security and stability
• Other administrative purposes
• Purposes of processing: Ensure a smooth connection of the website, Ensure a comfortable use of our website, evaluation of system security and stability, Other administrative purposes
• Categories of personal data: Usage data (e.g. sub-pages visited, access times, etc.), Meta and communication data (e.g. device information, IP address)
• Categories of data subjects: Visitors to the website / online shop
• Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 letter f) GDPR):
b) Use of cookies
We use cookies. Cookies are text files that are stored in your internet browser or by it on your computer or similar system. If you visit a website, a cookie may be stored on your operating system. This cookie contains a specific string of characters that enables the browser to be uniquely identified when the website is visited again.
We use cookies to enable the use of our online shop and to make it more user-friendly. The shopping basket of our online shop requires that the accessing browser can be identified even after a page change. The items in the shopping cart are stored in the cookies.
• Purposes of processing: Enabling or simplifying the use of the online shop
• Categories of personal data: Shopping cart content
• Categories of data subjects: Visitors to the website / online shop, Customers
• Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 letter f) GDPR)
c) Contact via contact form / e-mail / telephone
You have the option of contacting us via a contact form, by e-mail or telephone. The data processing is carried out for the purpose of contacting and communicating with you and is based on your request. We process the data of the person making the request as long as this is necessary to answer the contact request.
• Purposes of processing: Establishing contact and communication
• Categories of personal data: Contact data (e.g. e-mail address, telephone number), Content of the request
• Categories of data subjects: Communication partners
• Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 s. 1 letter b) GDPR), Legitimate interests (Art. 6 para. 1 s. 1 letter f) GDPR)
d) User account
You have the option of creating a user account. As part of the registration process, you must provide the required mandatory information. These are processed for the purpose of providing the user account on the basis of a contractual obligation. All information is required for the performance of contracts.
If you delete your user account, the data stored in the user account will be deleted except where legally permitted, required or consented to by you.
• Purposes of processing: Provision of contractual services; Documentation of orders
• Categories of personal data: First name, last name, email address, password, address, phone, order history
• Categories of data subjects: Customers
• Legal bases: Consent (Art. 6 para. 1 s. 1 letter a) GDPR), Performance of a contract and pre-contractual requests (Art. 6 para. 1 s. 1 letter b) GDPR)
e) Orders
You can order products in our online shop. You can place an order either as a guest or after logging into your user account. You must select the desired products as part of the order process. Payment is made directly in the online shop using the payment methods offered in the ordering process.
We process the data collected during the order process in order to enable you to place the order, including payment and, if applicable, delivery. If this is necessary for the order, we use service providers. For example, this may occur in the context of payment processing or the delivery of products.
If you have an user account, the data collected as part of the order will be stored in your user account so that an order history is created. This data is deleted when the user account is deleted, unless there are legal obligations to retain data.
• Purposes of processing: Provision of contractual services; Documentation of orders
• Categories of personal data: Inventory data (e.g. first name, last name, address, telephone), Payment data (e.g. e-mail address), Contact data (e.g. e-mail address), Order data (e.g. order history)
• Categories of data subjects: Customers
• Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 s. 1 letter b) GDPR)
f) Payment methods
For payment during an order process, we use the service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).
PayPal regularly processes inventory data (e.g. first name, last name), bank data (e.g. account number, credit card number) as well as the data resulting from the order that are relevant for the payment. The data relevant for the payment are processed exclusively by PayPal and remain there. We only receive feedback as to whether a payment was successful or not.
The General Terms and Conditions and the data protection information of PayPal apply to the execution of payments. These can be found on the website https://www.paypal.com/en. You can find the data protection information here: https://www.paypal.com/webapps/mpp/ua/privacy-full
• Purposes of processing: Provision of contractual services
• Categories of personal data: Inventory data (e.g. first name, last name), Payment data (e.g. bank details, payment history), Contract data (e.g. subject matter of the contract)
• Categories of data subjects: Customers
• Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 s. 1 letter b) GDPR), Legitimate interests (Art. 6 para. 1 s. 1 letter f) GDPR)
4. Categories of recipients of the data
In the context of the above-mentioned processing activities, we cooperate with various service providers who receive personal data in individual cases. In detail, these are the following categories of possible recipients:
• IT service provider
• Telecommunication service provider
• Payment service provider
• Shipping service provider
• Communication service provider
Your personal data will only be transferred to third parties if
• you have given your express consent to this (Art. 6 para. 1 s. 1 letter a) GDPR)
• the transfer is legally permissible and necessary for the processing of contractual relationships with you (Art. 6 para. 1 s. 1 letter b) GDPR)
• there is a legal obligation to transfer data (Art. 6 para. 1 s. 1 letter c) GDPR)
• the transfer is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-transfer of your data (Art. 6 para. 1 s. 1 letter f) GDPR).
The hosting provider of our website and the technical operator of the CMS and the online shop is Strato AG, Pascalstraße 10, D-10587 Berlin, www.strato.de.
The legal basis for the use of the hosting provider and technical operator is Art. 6 para. 1 s. 1 letter f) GDPR. Our legitimate interest lies in not having to technically operate our own server and our own CMS and online shop for our website.
5. Third country transfer
If we process your data ourselves or have it processed by a service provider in a third country (i.e. outside the European Union [EU] or outside the European Economic Area [EEA]), we always comply with the legal requirements.
Unless express consent to the transfer has been given, the transfer is not necessary for the performance of a contract or due to legal requirements, we only transfer data to a third country if the third country offers an adequate level of protection (adequacy decision of the EU Commission) or suitable and appropriate safeguards (e.g. EU standard contractual clauses or binding corporate rules on data protection) are in place (cf. Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en). Copies of any guarantees can be requested from the controller mentioned in section 1.
6. Deletion of the data
We delete the processed personal data after the storage is no longer necessary. The need for storage shall no longer apply, in particular, in the event of withdrawal of a given consent or discontinuation of other permissions (e.g. discontinuation of the purpose of the processing or if the processing is no longer necessary for the purpose).
Alternatively, we restrict processing if there are legal obligations to retain data (e.g. obligations to retain data under commercial or tax law) or rights to retain data.
This data protection declaration may contain more detailed information on the duration of storage and deletion of personal data for individual processing operations. This information always takes precedence over the general statements.
7. Rights of the data subject
You have the following rights in respect of personal data relating to you:
• Right to object (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 s. 1 letter e) or f) GDPR; this also applies to profiling based on these provisions. If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
• Right to withdraw consent (pursuant to Art. 7 para. 3 GDPR): Consent given by you for the processing of personal data may be withdrawn in whole or in part at any time. The withdrawal does not affect the lawfulness of the processing of data that took place until the withdrawal. The only consequence of the withdrawal is that we may no longer continue the data processing based on this consent in the future.
• Right of access (pursuant to Art. 15 GDPR): You can request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data that are or have been processed, the recipients or categories of recipients to whom your data are or have been disclosed, the planned storage period, the existence of a right to rectification, erasure or restriction of processing or a right to object, the existence of a right of appeal to a supervisory authority, the origin of your data if it has not been collected by us as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you.
• Right to rectification (pursuant to Art. 16 GDPR): You may without undue delay obtain the rectification of any inaccurate personal data concerning you or the completion of your personal data stored by us if it is incomplete.
• Right to erasure (pursuant to Art. 17 GDPR): You may request the erasure of your personal data stored by us. This does not apply insofar as the processing of your data is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or for the establishment, exercise or defence of legal claims.
• Right to restriction of processing (pursuant to Art. 18 GDPR): You may obtain the restriction of the processing of your personal data. This applies insofar as the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure of the data and instead request the restriction of data use, we no longer need the data, but you require the data for the establishment, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 para. 1 GDPR.
• Right to data portability (pursuant to Art. 20 GDPR): You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.
• Right to lodge a complaint with a supervisory authority (pursuant to Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.
8. Data security
In order to ensure a level of protection appropriate to the risk, we shall implement appropriate technical and organisational measures, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
9. Status and update of this privacy policy
This Privacy Policy is current as of 08.11.2022. We may update the Privacy Policy in due course to improve and/or adapt data protection.