Cookie preferences
This website uses cookies, which are necessary for the technical operation of the website and are always set. Other cookies, which increase the comfort when using this website, are used for direct advertising or to facilitate interaction with other websites and social networks, are only set with your consent.
Configuration
Technically required
These cookies are necessary for the basic functions of the shop.
"Allow all cookies" cookie
"Decline all cookies" cookie
CSRF token
Cookie preferences
Currency change
Customer recognition
Customer-specific caching
Individual prices
PayPal payments
Selected shop
Session
Comfort functions
These cookies are used to make the shopping experience even more appealing, for example for the recognition of the visitor.
Note
Statistics & Tracking
Affiliate program
Conversion and usertracking via Google Tag Manager
Facebook Pixel
Google Ads
Track device being used

Data Protection

Data Protection

This policy provides information about how we collect personal data when you use our website. Personal data is any information that can be related to you personally, e.g. your name, address, email addresses, user behaviour.

Section 1 Data controller pursuant to Article 4 No. 7 of the EU General Data Protection Regulation (GDPR)

Retterspitz GmbH & Co. KG
Laufer Str. 17-19
90571 Schwaig
Telephone: +49 911 (0) 50 700-0
Email: info@retterspitz.de

How to contact our Data Protection Officer:
Christian Hammerbacher
SPH IT + Consulting GmbH & Co. KG
Tel: +49 911 2177480
Email: datenschutz@sph-consulting.de

You can also write to him at our mailing address, clearly marking the envelope “For the attention of the data protection officer”.

Section 2 Your rights

(1) You have the following rights in relation to your personal data:

  • Right of access by the data subject (Article 15 of the GDPR)
  • Right to rectification or erasure (Articles 16 and 17 of the GDPR)
  • Right to restriction of processing (Article 18 of the GDPR)
  • Right to object (Article 21 of the GDPR)
  • Right to data portability (Article 20 of the GDPR)
  • Right to revocation of consent (Article 7 (3) of the GDPR)

(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

Section 3 Collection of personal data when you visit our website

(1) Where you use the website purely for the purpose of obtaining information, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server. The data collected when the website is used for purely informational purposes is technically necessary to display the page and to ensure its stability and security. This data is deleted after 24 hours if there are no specific indications of illegal use.

  • The date and time of access
  • Names of accessed web pages
  • Names of downloaded files
  • Volume of data transferred
  • Status code of the access (successful/error)
  • Browser type and version used
  • Operating system of the user
  • URL of the website from which our offer was accessed
  • IP address of the accessing computer (truncated)
  • Provider via which the access takes place

We collect this data on the basis of Article 6 (1) f of the GDPR. As the website operator, we have a legitimate interest in the ensuring that our website is presented optimally and without technical errors. It is necessary to collect the aforementioned data for this purpose.

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and that provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the internet offer as a whole more user-friendly and effective. We use the following types of cookies, the scope and function of which are explained below:

  • Temporary cookies
  • Persistent cookies

Temporary cookies are automatically deleted when you close the browser. In particular, these include session cookies. These hold a ‘session ID’ that is used to assign the various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can also delete the cookies at any time in your browser’s security settings. For details on the cookies used, please refer to the cookie banner.

(3) We can use pixels to evaluate your interest in our website or our email messages sent to you, and can use the information for analysis or marketing purposes. Pixels (also called beacons or tags) are small image files measuring 1 pixel by 1 pixel that are embedded in websites or emails. When you open a web page or email that contains an embedded pixel, the page or email will automatically run a simple code that downloads the 1x1 image file to your browser or device. At the same time, the code passes on certain information about your device and your activities on the website, or the fact that you have opened an email, to the website server.

(4) Insofar as the cookies and pixels used are technically necessary for the operation of this website, they are used on the basis of Article 6 (1) f of the GDPR. Other cookies and pixels are only set with your consent in accordance with Article 6 (1) a of the GDPR.

Section 4 Contact via the contact form or by email

(1) If you wish to contact us, you can use the contact form provided or send us an email. When you use the contact form or send us an email, we collect the following data: Title, surname, first name and email address. The data will only be processed in order to respond to your request. Data will only be passed on to third parties if this is necessary in order to process your request.

(2) This data is processed on the basis of Article 6 (1) b of the GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the enquiries addressed to us (Article 6 (1) f of the GDPR) or on your consent (Article 6 (1) a of the GDPR) if you have given such consent.

(3) We will retain the data you provide in the email or contact form until you ask us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions, in particular those governing statutory retention periods, remain unaffected.

(4) In order to distinguish whether a contact form post is made by a real person or the service is being misused by machine and automated processing, we use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The service includes the transmission of the IP address and any other data required by Google for the reCAPTCHA service to Google and is done in accordance with Article 6 (1) f of the GDPR on the basis of our legitimate interest in establishing individual accountability on the internet and preventing abuse and spam. The use of Google reCAPTCHA may also result in the transmission of personal data to the servers of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. The transfer of your data to Google LLC is based on an adequacy decision in accordance with Article 45 of the GDPR. This applies to US companies that are certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that is intended to ensure compliance with European data protection standards for data processing in the US. Every DPF-certified company undertakes to comply with these data protection standards. You can find further information here, if you enter "Google LLC" in the search bar.

For further information on Google reCAPTCHA, please refer to the Privacy policy from Google.

Section 5 Registration, user account

(1) If you register on our website with a customer account, we process the following data: First name, surname, email address, telephone number, address. We process this data in order to be able to fulfil the usage agreement concluded between us and you. The lawful basis is Article 6 (1) b of the GDPR.

(2) If your customer account is inactive for a longer period of time, we may send you an email reminder about your user account. The legal basis for this is the fulfilment of the usage agreement pursuant to Article 6 (1) b of the GDPR and our legitimate interest in identifying inactive user accounts pursuant to Article 6 (1) f of the GDPR.

(3) We will continue store your data until the user account is cancelled. In addition, we will automatically delete the user account and the associated data if a user has not logged in for 2 years.

Section 6 Orders via our online shop

(1) In the context of orders placed via the online shop on our website, the data provided by you in your user account (see Section 5) will be processed and stored by us for the purpose of processing and fulfilling the order. If an order is placed as a guest, the data provided (first name, surname, email address, telephone number, address) will be processed for the aforementioned purpose.

(2) The lawful basis for processing your data is the conclusion and fulfilment of the purchase contract in accordance with Article 6 (1) b of the GDPR. The personal data will be stored for the duration of the contract. We are required to retain accounting documents for a period of ten years in order to comply with our statutory retention obligations pursuant to Section 257 (1) No. 2 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO). The lawful basis for this further retention is Article 6 (1) c of the GDPR.

(3) In order to process the order, we pass on your data to the shipping company to which delivery is subcontracted. Depending on which payment service provider you select in the order process, we pass on the payment data collected for this purpose to the credit institution subcontracted to handle payment, and, if applicable, to payment service providers commissioned by us in order to process payments. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access credentials during the order process.

Payment via Paypal

PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg)

PayPal is a payment service provider that offers the payment methods Credit Card via PayPal, Direct Debit via PayPal and, if the corresponding requirements are met, “Purchase on Account” or “Payment by Instalments” via PayPal. The use of PayPal requires a credit check to be carried out. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) f of the GDPR on the basis of PayPal’s legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check to calculate the statistical probability of non-payment for the purpose of deciding whether or not to provide the respective payment method. The credit report may contain probability values (often referred to as a “score”). Insofar as a score is included in the result of the credit report, this is based on a scientifically recognised statistical mathematical procedure. The calculation of the score includes, but is not limited to, address data.

You can object to PayPal about this processing of your data at any time. However, PayPal retains the right to process your personal data to the extent necessary for the contractual processing of payments.

Data Protection: Link

PayPal terms and conditions: Link

Section 6 Social media

6.1 Links to our company profiles

We maintain a presence on various social media platforms in order to communicate with our customers, interested parties and users on these platforms and in order to keep them up to date with our services. The platform logos embedded on our website are links to our company profiles on the respective platform. No data is sent from our website to the operators of the respective platform in this context. When clicking on the respective button, users are redirected to the respective platform. The operator of the respective platform then processes the user's data in accordance with its own data protection provisions. Details can be found in the privacy policies of the respective operator. We currently link to our profiles on the following platforms:

  • Instagram
  • Facebook
  • YouTube
  • Spotify

6.2 Facebook plugin and Meta pixel

(1) On our website you will find the social plugin of the Facebook platform and a Meta pixel. Both are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”). 

(2) If you visit a page on which the social plugin is integrated, no data will initially be transmitted to Meta. This plugin is identified with a Facebook logo or the addition “Social Plug-in from Facebook” or “Facebook Social Plugin”. You can find an overview of the Facebook plugins and what they look like: facebook.com/plugins. Data is only transferred when you click on the respective button. In this case, your browser establishes a direct connection to Meta’s servers. The content of the plugin is sent directly from Facebook to your web browser software and integrated into the page. This integration provides Facebook with the information that your web browser has accessed the corresponding page on our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address and Facebook user ID) is sent directly by your web browser to a server in the USA, where it is stored. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. If you are logged in to Facebook at the same time, Facebook is able to connect your visit to our website with your Facebook profile directly. If you interact with the plugins, for example by clicking the “Like” button or sending a comment, this information is also sent directly to a Facebook server where it is stored. The information will also be published on your Facebook profile and shown to your Facebook friends. The legal basis for this processing is your consent in accordance with Article 6 (1) a of the GDPR and Section 25 (1) of the German Telecommunications Digital Services Data Protection Act (TDDDG), which you give by clicking on the respective social plugin.

(3) If a page is accessed on which a Meta pixel is integrated, the following data is forwarded to Meta:

  • Unique cookie ID
  • Web page accessed
  • Forwarding URL
  • Browser information
  • Personal Facebook user ID
  • Time

We have also engaged Meta to report on the impact of our advertising campaigns and other online content based on event data collected through the Meta pixel (Campaign Reports) and to provide analysis and insights about users and their use of our website, products and services (Analytics). We transfer personal data contained in the event data to Meta for this purpose. The personal data submitted will be processed by Meta as our processor to provide us with campaign reporting and analytics. Meta can mark the device you are using with a cookie and a unique identifier or read an existing cookie. If you are logged in to Facebook, this data can be used to display targeted advertising for us on Facebook pages. The legal basis for the storage of cookies and for the creation of analyses and campaign reports is your consent in accordance with Article 6 (1) a of the GDPR and Section 25 (1) of the TDDDG.

(4) According to Meta, the data collected by Meta through the social plugin and the Meta pixel are also transferred to Meta Platforms, Inc. in the United States. The transfer of your data is based on an adequacy decision in accordance with Article 45 of the GDPR. This applies to US companies that are certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that is intended to ensure compliance with European data protection standards for data processing in the US. Every DPF-certified company undertakes to comply with these data protection standards. You can find further information here, if you enter "Meta Platforms" in the search bar.

Meta also processes your data for its own purposes. You can find further information here.

6.3 Instagram

Social plugins from the Instagram service are integrated on our pages. These plugins are also operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”).

If you visit a page on which the social plugin is integrated, no data will initially be transmitted to Meta. Data is only transferred when you click on the respective plugin. In this case information including your IP address and other information that is present on your PC in the form of cookies will be sent to Meta. According to Meta, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. If you are currently logged in to Instagram as a user, there is a cookie with your Instagram ID on your device. This enables Instagram to track that you have visited this page and how you have used it. Through social plugins embedded in websites, it is possible for Instagram to record your visits to these web pages and assign them to your Instagram profile. This data can be used to offer content or advertising tailored to you.

The legal basis for sharing your data with Meta is your consent in accordance with Article 6 (1) a of the GDPR and Section 25 (1) of the TDDDG, which you give by clicking on the respective social plugin.

According to Meta, the data collected by Instagram is also transferred to Meta Platforms, Inc. in the United States. The transfer of your data is based on an adequacy decision in accordance with Article 45 of the GDPR. This applies to US companies that are certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that is intended to ensure compliance with European data protection standards for data processing in the US. Every DPF-certified company undertakes to comply with these data protection standards. You can find further information here, if you enter "Meta Platforms" in the search bar.

6.4 YouTube

This website integrates videos from the "YouTube" platform. The operator of the platform is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The YouTube plugins are deactivated by default so that no data is transmitted to Google when you visit the relevant web page on which YouTube videos are integrated. If you would like to watch a YouTube video, you must click on the "Accept" button above the video in question. When this is clicked, a connection is established to the Google servers. This tells the Google server which of our pages you have visited. The legal basis for sharing your data with Google is your consent in accordance with Article 6 (1) a of the GDPR and Section 25 (1) of the TDDDG, which you give by clicking on the “Accept” button. Consent can be revoked at any time.

Furthermore, Google may store various cookies on your device or use comparable technologies to recognise you (e.g. device fingerprinting). In this way, Google can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.

If you are logged into your YouTube account, by clicking on the plugin you enable Google to assign your browsing patterns directly to your personal profile. You can prevent this by logging out of your YouTube account.

Further information on how Google handles user data can be found in the Privacy policy of YouTube.

It cannot be ruled out that Google will also transmit the transmitted data to the parent company, Google LLC, based in the United States. The company holds certification in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that is intended to ensure compliance with European data protection standards for data processing in the US. Every DPF-certified company undertakes to comply with these data protection standards. You can find further information here if you enter "Google LLC" in the search bar.

Section 7 Web analytics services and tracking tools

Google Analytics (GA4)

We use version GA4 of the web analytics service Google Analytics to analyse and statistically evaluate website usage. The data obtained from this is used to optimise our website and marketing measures. Google Analytics is a web analytics service provided and operated by Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Your data is processed on the basis of your consent pursuant to Article 6 (1) a of the GDPR and Section 25 (1) of the TDDDG, according to which the following data is recorded during your visit to the website:

a) Visitor-related data:

IP address (in truncated form, so that no clear assignment is possible), origin (country and city), language, operating system, device (PC, tablet or smartphone) browser and all add-ons used

b) Traffic sources:

Source of origin of your visit (i.e. from which website or advertising medium you came to us)

c) User behaviour:

Google processes website usage data on our behalf and is contractually committed to measures to ensure the confidentiality of the data processed. Google also processes this data for its own purposes (e.g. for profiling or linking to any Google accounts). The information about your usage of the website that is generated using the “cookie” is generally transmitted to and stored on a server operated by Google in the USA.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. We automatically delete this user-related data after 14 months.

Our website uses the IP anonymisation function (masking function “anonymizeIP”). The user’s IP address is truncated within the member states of the EU and the European Economic Area and only transmitted anonymously. Full IP addresses are only forwarded to a Google server in the USA and truncated there in exceptional cases. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. We would like to point out that Google, as an American company, is subject to the CLOUD Act. This legislation allows American state authorities to gain access to the data stored by Google. We cannot influence this.

You can find more information about Google's data protection at policies.google.com and specifically about the handling of user data by Google Analytics at: support.google.com/analytics/answer

Revoking consent/objection

You can prevent this processing by taking the following measures:

It is possible to set your browser so that no cookies are stored. However, this may result in our website not being fully functional. You can also prevent the collection of data regarding your usage of the website generated by the cookie (including your IP address) and its transmission to and processing by Google by downloading and installing the browser plugin from the following link: tools.google.com/dlpage/gaoptout

Section 8: Objecting to the processing of your data or revoking consent

(1) If you have given your consent to the processing of your data, you can revoke this consent at any time. Such a revocation, once expressed to us, will affect the permissibility of the processing of your personal data.

(2) Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When you exercise your right to make such an objection, we will ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

(3) You may, of course, object to the processing of your personal data for the purposes of marketing and data analysis at any time. You can inform us of your objection to marketing using the contact details provided in Section 1.

Section 9: Concluding provisions

Our business operations are reliant on data being collected and processed. Where data is collected and processed, data protection and data security must be guaranteed. For us, this is not only a legal requirement but also a very real concern.

If you have any questions or suggestions regarding data protection in connection with our services, please do not hesitate to contact us using the above contact details (see Section 1).

 

Last modified on 6 November 2024

This website uses cookies, which are necessary for the technical operation of the website and are always set. Other cookies, which increase the usability of this website, serve for direct advertising or simplify interaction with other websites and social networks, will only be used with your consent.
Decline all Accept all Configure