Data Protection Information
- A. Data controller
- B. Processing of personal data
- C. Your rights
Where the text makes reference to persons of one specific gender for reasons of ease of reading, all other genders are also implied.
A. Data controller
The data controller, or the person responsible for processing of personal data, is:
DEHA Elektrohandelsgesellschaft mbH & Co. KG
Weilimdorfer Str. 74/2
Phone: +49 7156 9457 0
You can contact our data protection officer as follows:
DEHA Elektrohandelsgesellschaft mbH & Co. KG
Weilimdorfer Str. 74/2
Phone: +49 7156 9457 0
B. Processing of personal data
This section explains how we collect personal data, the purposes for which it is processed, the lawful basis for processing, the recipients with whom data may be shared and the purpose of sharing, and the circumstances in which data will be deleted.
1. Technical and functional provision of the website
We process personal data in order to provide our website in accordance with the statutory requirements and with as few technical and functional restrictions as possible.
a. Log files
When you access our website we save certain information about the access, including browser type and version, operating system, referring page, date and time of the request sent to the server, and the name and URL of the file requested. We use this information in an anonymised format for statistical evaluation with no reference to specific users.
The purpose of processing data in this way is to ensure that our website can be accessed and displayed correctly on your device and to optimise our site. We have a legitimate interest in doing this. The lawful basis for this processing is Article 6(1)f of the GDPR (the EU General Data Protection Regulation) and Section 15 of the TMG (the German Tele Media Act).
b. Configuration using the Consent Management Tool
In order to obtain and document your consent to data processing, our website uses various services of the Consent Management Tool (CMT) offered by consentmanager GmbH, Eppendorfer Weg 183, 20253 Hamburg, Germany.
When you access our website you are invited through CMT to confirm that you consent to individual types of processing. This consent is stored by CMT using cookies, which are small text files located on your computer.
The next time the website is accessed, the contents of the cookies are used to determine which forms of data processing you have consented to or not consented to. This means that you do not need to reselect these cookies each time you visit the website. However, if you do wish to make changes to your settings, you can do this using the data protection settings function at the bottom left. These settings can be accessed at any time by clicking or tapping the shield icon in the bottom left of any web page on our site.
We use CMT in order to obtain your consent to various data processing actions and to allow you to revoke consent that you have previously given. We have a statutory obligation to obtain and document your consent. The lawful basis for this data processing by CMT is Article 6(1)c of the GDPR.
c. Mandatory cookies
We use small text files that are stored on your computer, called cookies, to improve the functionality and usability of our website for you. These include cookies that store certain preferences (such as the language setting) so that this is “remembered” for the next time you access the website. We have a legitimate interest in seeking to provide visitors to our website with the most positive user experience possible. The lawful basis for this data processing using functional cookies is Article 6(1)f of the GDPR.
2. Contacting us
We collect your personal data when you share this with us. For example, this could include information that you enter in a contact form or that you send to us when you get in touch. When you use the contact form, certain fields are marked as mandatory; we use these fields to collect the data that is necessary for us to carry out the desired action. You are also welcome to provide us with additional data if you wish.
The lawful basis for processing this data is Article 6(1)b of the GDPR, as long as the data is processed in order to carry out the action requested by you. In all other cases, the lawful basis for processing this data is our legitimate interest in effective handling of all inquiries sent to us (Article 6(1)f of the GDPR).
3. Advertising, email newsletter
We may use your data for marketing purposes. We have a legitimate interest in using your information for the purpose of direct advertising (Article 6(1)f of the GDPR).
Provided you have given your consent (Article 6(1)a of the GDPR), we will also use your data to send you our email newsletter. The newsletter is designed to allow us to track whether or not you have opened it. We also save and process information including clicks, unsubscribe requests, information about your device and email client, and the click performance. The information we obtain is used to make the newsletter more appealing for you in the future.
You can revoke your consent to the email newsletter at any time by clicking or tapping on the “Unsubscribe” link contained in every copy of the newsletter or by sending a message to the contact details noted above. In addition, you can contact us in writing, by fax, by email or by telephone to revoke your consent to our future processing of your personal data at any time, without incurring any costs other than the typical costs of using your chosen means of communication. The lawfulness of any data processing previously carried out is not affected by this action.
Our newsletter is distributed by a contracted service provider that is bound by data protection laws and may not use the data for any other purpose.
4. Prize games
You are able to participate in prize games via our website. In order to contact the winners of these games we require participants’ first name, surname and email address. We also require physical addresses so that we can send out prizes. This can be provided subsequently if you win a prize. You are also welcome to provide us with additional data when submitting your entry, if you wish.
Your data will be processed solely for the purpose of the prize game and to distribute prizes. The lawful basis for this data processing is Article 6(1)b of the GDPR.
5. Additional processing of personal data on our website
a. Google services
To the extent that you have consented to this, the website employs services provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland (“Google”).
aa. General information about Google services, lawful basis
Google processes personal data in order to provide these services. Your consent forms the lawful basis for this data processing by the Google services, pursuant to Article 6(1)a of the GDPR.
Information collected by the Google services may also be transferred to and stored on a server operated by Google located in a third country, including servers owned by the parent company of Google, Google LLC with its headquarters at 1600 Amphitheatre Parkway, Mountain View, California, USA. Transfer of personal data to the USA entails specific risks for the data subject. Therefore, the integration of Google services and its subsequent processing of your data only occur after you have given your express consent. Further information on the transfer of data to third countries can be found in Section 7.
If you have a Google account and are logged in, Google may, depending on your account settings, be able to add information to your account and treat this as personal data, see also in particular https://policies.google.com/technologies/partner-sites. We are not informed of data that is collected in this way, or of how it is used.
Further information on Google’s data processing can be found at:
- https://policies.google.com/technologies/partner-sites (“How Google uses information from sites or apps that use our services”)
- http://www.google.com/policies/technologies/ads (“Use of data for advertising”)
bb. Google Maps
This website uses Google Maps to display geographical information and directions in a visual format.
Google Maps is embedded and linked to your settings in the Consent Management Tool. Therefore, when you first access our website you will see a preview image that is displayed without connecting to Google. A connection is not made to Google until you adjust the settings by moving the selector to enable the map function. Doing this causes your IP address to be forwarded to a server operated by Google and therefore informs Google that our website has been accessed from your IP address. In addition, Google may use its own cookies, which are small text files saved on your computer, to collect data about how you use its services.
Further information about Google Maps can be found at: https://www.google.com/help/terms_maps/ (Google Maps Terms of Service).
We have integrated videos hosted on the Google service YouTube so that you can view these on our website.
Youtube is embedded and linked to your settings in the Consent Management Tool. Therefore, when you first access our website you will see a preview image that is displayed without connecting to Google. A connection is not made to Google until you adjust the settings by moving the selector to enable the video function. Doing this causes your IP address to be forwarded to a server operated by Google and therefore informs Google that our website has been accessed from your IP address. In addition, Google may use its own cookies, which are small text files saved on your computer, to collect data about how you use its services.
Further information about YouTube can be found at: https://www.youtube.com/t/terms (YouTube Terms of Service).
To the extent that you have given your consent you can view videos hosted by Vimeo (Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA) on our website.
Vimeo is embedded and linked to your settings in the Consent Management Tool. A connection is not made to Vimeo until you adjust the settings by moving the selector to enable the video function. Doing this causes your IP address to be forwarded to a server operated by Vimeo and therefore informs Vimeo that our website has been accessed from your IP address. Vimeo is also able to store cookies on your device.
Additional functions such as the rating and sharing of videos are supported by Vimeo. This may require you to have logged in to a Vimeo user account or a third party account (such as Facebook or Twitter). If you are logged into your Vimeo user account or a third party account on your browser, the information that is processed may, depending on your account settings, be added to your account. You can prevent this from happening by logging out of the third party account before using our website. We do not receive any information about additional data that Vimeo may collect or how it is processed.
Your consent forms the relevant lawful basis for this data processing by Vimeo pursuant to Article 6(1)a of the GDPR.
When you play a video integrated via Vimeo, your personal data may be transferred to the USA. This may entail specific risks for the data subject and therefore requires your prior express consent. Further information on the transfer of data to third countries can be found in Section 7.
Further information about how Vimeo processes your data and your rights and privacy settings can be found at:
To the extent that you have granted consent, we use eTracker, a web analytics service provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg (“etracker”) on our website.
We use etracker to carry out statistical analysis of the reach of our website and to measure the success of our online marketing activities.
The data collected by this service is processed and stored solely in Germany and is subject to the strict German and European data protection laws and standards. etracker has been independently verified and certified in this respect and has been awarded the ePrivacyseal data protection seal of quality.
Your personal data is not transferred to or processed by etracker until you have granted your consent. The lawful basis for this data processing is therefore Article 6(1)a of the GDPR.
You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.
Further information on eTracker’s data processing can be found at: https://www.etracker.com/en/data-privacy/.
d. Integration of our product catalogue via Oxomi
In order to present our product catalogue, this website uses the service Oxomi, provided by scireum GmbH, Eisenbahnstraße 24, 73630 Remshalden (“scireum”). scireum is a contracted service provider that is bound by data protection laws and may not process the data for its own purposes.
Further information on scireum’s data processing can be found at: https://www.scireum.de/scireum/datenschutz.
6. Sharing of data with third parties
Your personal data will only be shared with third parties where this is necessary for the purpose of processing your concern (Article 6(1)b of the GDPR), you have given your express consent to your data being shared (Article 6(1)a of the GDPR, or the data protection laws permit such a transfer. Such transfers are limited to just the data that is necessary in each situation.
The recipients of personal data include providers of mapping and video hosting services. In addition, they include service providers used to distribute newsletters, provide analytics services and display our product catalogue. In these last three cases, data processing is undertaken by a contracted service provider that is bound by data protection laws and may not use the data for any other purpose.
7. Transfer of data to third countries
Our website integrates services provided by companies that are based in the USA or that have links to the USA. If you grant your consent to data processing by one of these service providers, it is possible that US authorities may have unrestricted access to the personal data being processed. You have no legal recourse in this case. The service providers affected are:
- Service: Google Maps
Provider: Google Ireland Limited, Dublin, Ireland
Parent company: Google LLC, Mountain View, USA
- Service: Youtube
Provider: Google Ireland Limited, Dublin, Ireland
Parent company: Google LLC, Mountain View, USA
- Service: Vimeo
Provider: Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA
It cannot be excluded that these companies or their parent companies and/or US authorities may obtain access to personal data that is processed in order to provide the services.
Previously this transfer of personal data to the USA was legitimate since the companies or their parent companies were certified according to the EU-US Privacy Shield; in July 2020, the European Court of Justice declared this agreement to be invalid. Therefore, transfer on the basis of the “standard data protection clauses” pursuant to Article 46(2)c of the GDPR is not possible since the high standards of the CJEU and the data protection authorities cannot (yet) be met by additional agreements with the companies in the USA. Negotiations are underway between the EU and the USA on a successor agreement to the Privacy Shield. However, it is not possible to foresee when this might be concluded.
Therefore, we only use the aforementioned services with your express prior consent and expressly refer you to the risks of data transfer to one of the aforementioned service providers:
Due to the powers of the US secret services and the current legislative situation in the USA, the USA’s national monitoring measures are disproportionate and, from the perspective of the EU, do not offer an adequate level of protection for personal data. In particular, Sec. 702 of the US Foreign Intelligence Surveillance Act (FISA) provides neither for any limitation on the monitoring measures of the secret services nor for any guarantees for non-US citizens. Moreover, Presidential Policy Directive 28 (PPD-28) provides data subjects with no effective legal recourse against measures of the US authorities and imposes no limits to ensure actions are proportionate. In addition, pursuant to the US Cloud Act, the US authorities are able to require US companies to disclose all data that they hold, even if this data is held on servers within the European Union.
8. Deletion of data
We will retain the personal data we process for as long as required for the specific purpose, in particular handling your inquiry or order, subject to any legal retention periods (e.g. ten years for tax-related documentation pursuant to the Fiscal Code and six years for other commercial correspondence pursuant to the Commercial Code) required (Article 6(1)c of the GDPR). We may also continue to store personal data beyond the end of any legal retention periods provided that you have granted your consent to this pursuant to Article 6(1)a of the GDPR or provided that the purpose for which the data is processed has not ended.
C. Your rights
1. Disabling cookies
2. Right to revoke consent
Some of the previously mentioned processing will only be carried out with your consent. You can revoke your consent to the future processing of your data on this basis at any time. Please be aware that doing this may mean that you will not be able to continue using our services as normal unless you grant consent to the relevant processing again. You can inform us of your revocation of consent using the Consent Management Tool (click or tap the data protection settings shield at the bottom left). This function can also be used to restate your consent to individual types of processing.
3. Right to object
You have the right to object to the use of your personal data for the purposes of direct marketing at any time; you may also object to all future use of your personal data on the basis of Article 6(1)e or f for reasons relating to your particular situation at any time without incurring any costs other than the basic cost of communicating your objection to us.
4. Right to information, rectification, erasure or limitation and portability
Pursuant to Articles 15-20 of the GDPR you have the right to obtain (at no cost) information on the personal data that we hold about you, to rectify any incorrect data, to erase or limit the processing of your personal data and to ensure that your personal data can be ported to another service. Please be aware that in some cases we are unable to delete user data completely due to statutory retention periods.
5. Right of complaint
You have the right to make a complaint to a responsible supervisory authority. The responsible supervisory body for our company is the Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg (State Officer for Data Protection and Freedom of Information of the State of Baden-Wurttemberg), Königstraße 10a, 70173 Stuttgart, Germany.