INTRODUCTION AND GENERAL INFORMATION
Thank you for your interest in our website. Protecting your personal data is very important to us. In the following, you will find information on how we handle the data collected through your use of our website. Your data will be processed in accordance with the statutory data protection regulations.
Controller within the meaning of the GDPR
SMB International GmbH
Managing directors: Andreas Heckel, Dr. Arne Dethlefs
Tel.: +49 4106/123 88-0
Registry court: Pinneberg District Court
Register number: HRB 5830
Our data protection officer
Server log files
When you visit our website, data must be transmitted to our web server via your web browser for technical reasons. The following data is collected while there is an ongoing connection between your web browser and our web server:
- The date and time of the request
- The name of the requested file
- The page from which the file was requested
- The access status
- The web browser and operating system used
- The (full) IP address of the requesting computer
- The amount of data transferred
We collect this data in order to ensure a smooth connection to the website and to allow users to conveniently use our website. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of data or the log files is Article 6 (1) (f) of the GDPR.
We store this data for a short period of time for technical security reasons, particularly with respect to countering attempted attacks on our web server. This data is not sufficient for us to draw any conclusions about individuals. The data is anonymised after 24 hours at the latest by shortening the IP address at the domain level so that it is no longer possible to link it to an individual user.
The data may also be processed anonymously for statistical purposes. This data is never stored together with other personal data relating to the user, nor is it compared with other data or shared with third parties.
This website is hosted by an external service provider (Mittwald CM Service GmbH & Co. KG). This website is hosted in Germany. The personal data collected on this website is stored on the host’s servers. This information primarily includes IP addresses, contact requests, meta and communication data, instances of website access and other data generated via a website.
We have concluded a data processing agreement with the provider in accordance with the requirements of Article 28 of the GDPR, through which we require it to protect the data of our customers and not to share it with third parties.
Our website uses "cookies". Cookies are small text files that are either temporarily saved on your device for the duration of your session (session cookies) or saved permanently (permanent cookies). Session cookies are automatically deleted after your visit. Permanent cookies stay saved on your device until you delete them yourself or your web browser automatically deletes them.
Cookies have different functions. Numerous cookies are required for technical reasons as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.
Cookies required for technical reasons are saved in accordance with Article 6 (1) (f) of the GDPR. We have a legitimate interest in saving cookies to provide our services in the best possible way that is free from technical errors. Other cookies are only saved with your consent in accordance with Article 6 (1) (a) of the GDPR. Consent can be withdrawn at any time with effect for the future. The legal basis may also be based on Article 6 (1) (b) of the GDPR if processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
You can change your browser settings so that you
- are notified if cookies are saved;
- only allow cookies on a case-by-case basis;
- reject cookies in certain cases or generally reject them; or
- enable the automatic deletion of cookies when you close the browser.
You can manage the cookie settings for each browser by clicking on the following links:
You can also individually manage cookies that are used by many companies and features used for advertising. To do so, please use the corresponding user tools which are available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also use a "do not track" feature. When this feature is enabled, the respective browser tells ad networks, websites, and applications that you do not wish to be tracked for advertising based on your browsing behaviour, etc.
Information and instructions on how to make changes to this feature are available via the links below, depending on your browser provider:
Please note that the functionality of our website may be restricted if cookies are disabled.
Changing cookie settings
You can cancel or change your cookies settings at any time. To do so, go to the cookie settings again using our integrated thumbprint. You can find this in the bottom left corner of the website at any time.
Contact form and getting in touch by email
If you send us requests via the contact form or by email, we store your details from the request form or your email, including personal data provided by you in it, for the purposes of processing the request and responding to any follow-up questions. It is necessary for you to provide an email address as well as your first name and last name so that we can get in touch. You may provide your telephone number on a voluntary basis. We do not share this data without your consent under any circumstances. However, you consent to the storage of your contact details. The legal basis for processing your data is your consent, Article 6 (1) (a) of the GDPR and, if applicable, Article 6 (1) (b) of the GDPR, provided that the objective of your request is to conclude a contract. Your data is erased after your request has been processed, provided that there are no statutory retention requirements. With respect to Article 6 (1) (a) of the GDPR, you can object to the processing of your personal data at any time.
If you wish to receive the newsletter offered on the website, which contains regular information regarding our offers and products, we require your email address. This is mandatory information.
Additional data may be provided to be able to personally address you in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.
We use the "double opt-in procedure" to send newsletters. This means that we will only send you our newsletter by email if you have explicitly confirmed with us that you consent to newsletters being sent. In the first step, you will receive an email containing a link that you can use to confirm that you, as the owner of the relevant email address, wish to receive newsletters in the future. By confirming, you consent to us using your personal data for the purpose of sending the requested newsletter, in accordance with Article 6 (1) (a) of the GDPR.
When you register for the newsletter, in addition to the email address required for sending, we store the IP address you used to register for the newsletter, as well as the date and time of registration and confirmation to be able to trace potential misuse at a later point in time.
You can unsubscribe from the newsletter at any time by clicking on the link contained in each newsletter or by sending an email to the controller mentioned above. Once you unsubscribe, your email address will be immediately erased from our newsletter distribution list, unless you have explicitly consented to the continued use of the data collected or continued processing is otherwise legally permissible.
Our email newsletters are sent via a technical service provider with which we share the data you provided when you registered for the newsletter. We have concluded a data processing agreement with our email service provider in which we oblige it to protect our customers’ data and to not share such data with third parties.
Service provider: Sendinblue GmbH
Address: Köpenicker Str. 126, 10179 Berlin
The service provider uses information from the newsletter registration to send and statistically evaluate the newsletter on our behalf. For the analysis, the emails sent contain "web beacons" or "tracking pixels", which are one-pixel files that are stored on our website. This allows us to determine whether a newsletter has been opened and which links, if any, have been clicked on. Using "conversion tracking", an analysis can also be carried out regarding whether a previously defined action (e.g., the purchase of a product on our website) took place after a link in the newsletter was clicked on. Technical information is also collected (e.g., time of access, IP address, browser type and operating system). The data is exclusively collected in pseudonymised form and is not linked to your other personal data; a direct link cannot be made to information relating to your personal identity. This data is used exclusively for the statistical analysis of newsletter campaigns. The findings of these analyses can be used to better adapt future newsletters to the interests of recipients.
If you wish to object to data analysis for statistical evaluation purposes, you are required to unsubscribe from the newsletter.
Data sharing and recipients
Your personal data is not shared with third parties unless:
- we have explicitly indicated this in the description of the respective data processing;
- you have explicitly consented to this under Article 6 (1) (a) of the GDPR;
- sharing is necessary for the assertion, exercise or defence of legal claims under Article 6 (1) (f) of the GDPR and there is no reason to assume that you have an overriding legitimate interest in your data not being shared with third parties;
- there is a legal obligation to share the data under Article 6 (1) (c) of the GDPR; or
- this is required to process contractual relationships with you, in accordance with Article 6 (1) (b) of the GDPR.
We also use external service providers for service processing. We have carefully selected such providers, commissioned them in writing and concluded data processing agreements with them in accordance with Article 28 of the GDPR, if required. They are bound by our instructions and are regularly reviewed by us. These include service providers for web hosting, email mailing as well as the maintenance and servicing of our IT systems, etc. Service providers will not share such data with third parties.
Our website uses Google Analytics, which is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses "cookies".
Google will use this information to evaluate your use of the website and to compile reports on website activity on behalf of the operator of this website. Google will also use this information to provide the website operator with other services relating to the use of the website and the internet. The IP address sent by your browser as part of Google Analytics will not be merged with other Google data. In accordance with Article 6 (1) (a) of the GDPR, processing takes place on the basis of your consent.
We use only Google Analytics with IP anonymisation enabled. This means that your IP address will only be processed by Google in an abbreviated form.
We have concluded a data processing agreement with the service provider in which we oblige it to protect our customers’ data and to not share such data with third parties.
As personal data is transferred to the USA, further protective mechanisms are required to ensure the same level of data protection applicable in the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Article 46 (2) (c) of the GDPR. These oblige the data recipient in the USA to process the data in line with the same level of protection applicable in Europe. In cases in which this cannot be ensured even with this contractual extension, we shall strive to agree upon additional regulations and obtain commitments from the recipient in the USA.
The data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. The erasure of data at user and event level, where such data is linked to cookies, user IDs (e.g., username) and advertising IDs (e.g., DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) takes place no later than 14 months after collection.
You can prevent cookies from being saved by changing your browser software settings accordingly. However, we would like to point out that in this case, you may be unable to use all of the features of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and from analysing your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de.
In accordance with Article 32 of the GDPR, taking into account the state of technological knowledge, implementation costs and the type, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
Storage period for personal data
The storage period for personal data is based on the relevant statutory retention periods (e.g., from commercial law and tax law). Once the respective period expires, the relevant data is routinely erased. If data is required for contractual fulfilment or initiation or if we have a legitimate interest in further storage, the data will be erased if it is no longer required for these purposes or if you exercise your right of withdrawal or right to object.
In the following, you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with respect to the processing of your personal data:
The right to request information about your personal data that is processed by us, in accordance with Article 15 of the GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom the data has been or is being disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and meaningful information regarding the details of this, where applicable.
The right to request that incorrect or incomplete personal data stored by us is immediately rectified in accordance with Article 16 of the GDPR.
The right to request that your personal data stored by us is erased in accordance with Article 17 of the GDPR, provided that processing is not required to exercise the right of freedom of expression and information, to comply with a legal obligation, to perform a task carried out in the public interest or to assert, exercise or defend legal claims.
The right to request that the processing of your personal data is restricted in accordance with Article 18 of the GDPR, if the accuracy of the data is disputed by you or processing is unlawful, and you have objected to such data being erased and we no longer require the data, but you require it to assert, exercise or defend legal claims, or you have objected to processing in accordance with Article 21 of the GDPR.
The right to request that you receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format or that it is transmitted to another controller, in accordance with Article 20 of the GDPR.
The right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace for this purpose.
The right to withdraw consent you have previously given in accordance with Article 7 (3) of the GDPR: you have the right to withdraw previously given consent to the processing of data at any time with effect for the future. If you withdraw consent, we will immediately delete the data, provided that there is no legal basis for further processing without consent. By withdrawing your consent, the lawfulness of processing previously carried out on the basis of consent will not be affected by this.
Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) (f) of the GDPR, you have the right to object against your personal data being processed in accordance with Article 21 of the GDPR, provided that there are reasons that relate to your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the requirement to specify a particular situation.
If you wish to assert your right of withdrawal or your right to object, please simply send an email to firstname.lastname@example.org.
The provision of personal data for a decision regarding the conclusion of a contract, the fulfilment of the contract or steps prior to entering into a contract is voluntary. However, we can only make a decision within the framework of contractual measures if you provide personal data that is necessary for the conclusion of the contract, the fulfilment of the contract or steps prior to entering into a contract.
We do not carry out automated decision-making or profiling within the meaning of Article 22 of the GDPR.
Subject to change