Data Protection Policy
We’re pleased that you’re visiting our website. Below is some information about how we process your personal data in line with Article 13 of the General Data Protection Regulation (GDPR).
The Data Controller
The office named in the legal notice is responsible for the data collection and processing shown below.
Storage of your IP address
We store the IP address transmitted by your web browser in a strictly anonymised form specifically for the purpose, for a period of 60 days so that we can recognise, limit and eliminate attacks on our websites. After this period has expired we delete or anonymise the IP address. The legal basis for this is Article 6 para. 1 indent 1 (f) GDPR.
Whenever you visit our website, what is known as usage data is stored temporarily on our web server for statistical purposes as a log, for the purpose of improving the quality of our website. This dataset includes
- IP address,
- user directory protection (to protect the directories from unwanted access),
- pages accessed,
- status code,
- amount of data,
- user agent,
- host name called.
The IP addresses are stored anonymously. To achieve this, the last three numbers are removed. IPv6 addresses are also anonymised. The anonymised IP addresses are kept for 60 days. Details regarding user directory protection are anonymised after one day.
Error logs, which log page requests that fail, are deleted after seven days. As well as the error reports, these include the accessing IP address and the requested website, depending on the error.
Details required for your order in the online shop
Whenever you purchase one of our products from the online shop, the following details are required:
- First name and last name,
- Company name,
- Telephone number,
- Email address.
The following details are optional:
- Alternative delivery address (if requested),
- Order notification
We store and use your personal information, which you send to us during the ordering process, on the basis of Article 6 para 1 indent 1 (b) GDPR for the exclusive purpose of processing your orders. When we do so, we use your email address as the basis of your consent as described below for notifications on the status of your order.
Your customer master data (recipient’s name, address, postcode and town) are shared with our transport service provider TNT Express GmbH for the purpose of customer data management.
Sharing data with third parties
a) We share your data as part of processing your order in line with Article 28 GDPR, with service providers who support us operationally with our website and the processes associated with this. Our service providers are required to follow our instructions strictly and have a corresponding obligation under the terms of their contracts. We use the following service providers:
- Mittwald CM Service GmbH (hosting the website)
- a&o Mediendesign GmbH (website agency)
b) In addition, you can choose to be kept informed about the despatch status of your order. To do this we will share – if we have your consent in line with Article 6 para. indent 1 a) GDPR – an email address selected by you with our transport service provider. This then automatically creates a message with all of the relevant shipment details as well as a link that takes you to the website of the relevant transport service provider. This is where you will be able to see the current delivery status.
c) We obtain consent for your details to be shared with our transport service provider (currently TNT Express GmbH) as part of registering as a new customer. This can be withdrawn in writing at any time – by sending an email to firstname.lastname@example.org, by post (dentaltrade GmbH Depot, Company Data Protection Officer, Grazer Str. 8, 28359 Bremen) or by fax (0421 247 147-9). Your cancellation will result in the e-mail notification described above being discontinued.
The transfer of data to third countries
In some cases we share personal information with a third country outside of the EU. We have always ensured an appropriate level of data protection when this happens:
In the case of Google Analytics (USA), an appropriate level of data protection can be assumed based on their involvement in the Privacy Shield Agreement (Article 45 para. 1 GDPR).
Cookies are small text files, which can be saved on your end device and then retrieved. There is a distinction between session cookies, which are deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use these required cookies for purposes of analysis, tracking or advertising.
In some cases these cookies only contain information about specific settings and are not personal. They may also be needed to enable user guidance, security and loading the pages.
We use these cookies on the basis of Article 6 para. 1 indent 1 (f) GDPR.
For cookies that extend beyond this, which use tracking for marketing purposes, we obtain your consent using a cookie banner in line with Article 6 para. 1 indent 1 (a) GDPR. In this context, we draw a distinction between cookies that are essential for the website, which enable basic functions and are necessary for the proper functioning of the website, and those that help to ensure the best possible user experience for you. You have right to choose in regard to this. Please refer to the individual data protection settings for more detailed information about cookies.
We use the web analysis tool “Google Analytics” so our website can be designed to meet various needs. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and retrieved by us. This enables us to recognise returning visitors and to count them as such.
This data processing is carried out on the basis of your consent under Article 6 para. 1 indent 1 (a) GDPR, if you have given your consent by using our banner.
[borlabs-cookie type=”btn-cookie-preference” title=”Link” element=”link”/]
and change the corresponding settings using our banner.
In the context of Google Analytics, Google is supporting us as an order processor as per Article 28 GDPR. When this happens, data may also be processed outside of the EU. With regard to Google, an appropriate level of data protection in line with Article 45 para. 1 GDPR can be assumed based on their involvement in the Privacy Shield Agreement.
Tracking technologies used by third-party providers for advertising purposes
We use cross-device tracking technologies so that targeted advertising can be displayed to you on other websites based on your visit to our websites and we can identify how effective our advertising efforts have been.
This data processing is carried out on the basis of your consent under Article 6 para. 1 indent 1 (a) GDPR, if you have given your consent by using our banner. Your consent is voluntary and can be withdrawn at any time.
How does tracking work?
Whenever you visit our websites, it is possible that the third party providers listed below may call up features that recognise your browser or end device (e.g. what is known as a browser fingerprint), evaluate your IP address, save or retrieve recognition features on your end device (e.g. cookies) or gain access to individual tracking pixels.
The individual features may be used by the third-party providers to recognise your end device again on other internet sites. We can commission relevant third party providers to place advertisements based on the pages visited on our website.
What does cross-device tracking mean?
If you log on to the third-party provider with your own user details, the respective recognition features of different browsers and devices may be linked together. If the third-party provider has created a separate feature for the laptop, desktop PC, smartphone, or tablet you use, for example, these individual features may be assigned to each other when you use a third-party service with your login credentials. This allows the third-party provider to deliver our advertising campaigns in a targeted manner, even across different end devices.
Which third-party providers do we use in this context?
Below we list those third-party providers we work with for promotional purposes. If the data is processed outside the EU or EEA in this context, we will provide information on the appropriate level of data protection. You will also find out how you can withdraw your consent:
[borlabs-cookie type=”btn-cookie-preference” title=”hier” element=”link”/]
and change the corresponding settings using our banner.
Automated decision making
As the user of a website, you are entitled not to be subject to any completely automated data processing that has a legal impact on you or significantly affects you. The legal basis for this is Article 22 GDPR. Automated decision making may take place if this is necessary for the conclusion or performance of a contract, national exceptions exist or you expressly consent to the process. If one of the exceptions applies, we guarantee appropriate measure to protects your rights and freedoms.
If you would like to assert your rights, please contact our Data Protection Officer at datenschutz nord GmbH, Dr. Uwe Schläger, Konsul-Smidt-Str. 88, 28217 Bremen.
We take technical and organisational measures to provide the most comprehensive protection possible against unwanted access for your data. We use encryption procedures on our pages. Your data is transferred from your computer to our server and back over the internet using TLS encryption. You can recognise this by the fact that the padlock symbol in your browser status bar is closed and the address line starts with https://.
Your rights as a data subject.
When processing your personal data, the GDPR grants you specific rights as a data subject:
Right to information (Article 15 GDPR)
You are entitled to obtain confirmation as to whether personal information relating to you is being processed; if this is the case, you have the right to be informed about this personal information and to receive the information specified in Art. 15 GDPR.
Right to rectification (Article 16 GDPR)
You are entitled to request immediate rectification of incorrect personal data relating to you and, if necessary, the completion of incomplete data.
Right to erasure (Article 17 GDPR)
You are entitled to demand that personal information relating to you is deleted immediately if one of the reasons listed in Article 17 GDPR applies.
Right to restrict processing (Article 18 GDPR)
You are entitled to demand processing be restricted if one of the conditions listed in Article 18 GDPR is met, e.g. if you have lodged an objection to the processing, for the duration of the assessment by the controller.
Right to data portability (Article 20 GDPR)
In certain cases, which are listed individually in Article 20 GDPR, you have the right to access any personal data relating to you in a structured, standard and machine-readable format, or to request the transfer of this data to a third party.
Right to object (Article 21 GDPR)
If data is collected on the basis of Article 6 para. 1 indent 1 (f) GDPR (processing of data to protect legitimate interests) or on the basis of Article 6 para. 1 indent 1 (e) GDPR (processing of data to protect public interests or as part of exercising of public authority), you have the right to make an objection to the processing at any time, for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling reasons for processing which are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If you would like to assert your rights, please contact the responsible office named in the imprint.
Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
In line with Article 77 GDPR, you are entitled to lodge a complaint with a supervisory authority if in your view processing the data relating to you breaches the provisions of data protection legislation. The right to lodge a complaint may in particular be exercised before a supervisory authority in the Member State of your habitual residence, place of employment or place of the suspected breach.
You have the option of subscribing to our newsletter on our website. If you have given us separate consent to send you information by e-mail, fax or post about the company’s own products and services, the corresponding processing will be on the basis of Article 6 para. 1 indent 1 (a) GDPR. However, this is also only possible on the basis of consent. You may withdraw your consent at any time without affecting the legality of the processing that had previously taken place. Whenever consent is withdraw, we stop the relevant data processing.
If you no longer wish to receive the newsletter, you may unsubscribe at any time, e.g. by sending an email to email@example.com or by fax, by indicating on the newsletter with a cross that you no longer wish to receive customer information.
Contact details for the Data Protection Officer
Our external Data Protection Officer is happy to provide you with information about data protection using the following contact details:
If you contact our data protection officer, please also indicate the responsible office named in the imprint.
Bremen, December 2019