Data security

 

Standard notices

 

The following information provides a simple overview of what happens to your personal data when you visit our website or use our services.  In addition, we want to give you an overview of the data protection measures we have in place and the rights we have with regard to data processing.

 

In order to be able to ensure the protection of your data in the future as well, in particular in accordance with new legal requirements and technical developments, it is essential to adapt this data protection declaration from time to time. We therefore recommend that you review our information and notes on data processing at regular intervals.

 

Who processes my data?

 

Person responsible

Data processing on this website is carried out by the website operator (responsible party):

 

AEON GmbH

Steinmühlstr. 20

61352 Bad Homburg vor der Höhe

Owner: Pascal Rottmair

E-mail: info@aeon-shisha.com

 

Cooperation with processors and third parties

 

We only transfer your data to third parties on a legal basis in cases where it is necessary for the performance of the contract (e.g. if a transfer of data to third parties, such as payment service providers, Art. 6 para. 1 lit. b DSGVO), you have consented (Art. 6 para. 1 lit. a DSGVO), a legal obligation provides for this (Art. 6 para. 1 lit. c DSGVO) or on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO, e.g. use of external services, web hosts, consultants, etc). In all cases, we will inform you about this beforehand, among other things, in these data protection provisions. If we commission third parties with the processing of data on the basis of a so-called "commissioned processing agreement" (AVV), this is done on the basis of Art. 28 DSGVO.

 

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), this will only be done on the basis of a legal basis and only if the special requirements of Art. 44 et seq. DSGVO.  I.e. processing only takes place if there are special guarantees of a level of data protection that corresponds to the EU (e.g. "Privacy Shield" for the USA).

 

What data are we talking about?

 

When we talk about data processing, we always mean your personal data. Personal data is any information that relates directly or indirectly to an identified or identifiable natural person; thus, what is meant is any data that has a connection (whether direct or indirect) to you, e.g., first name, last name, addresses, email addresses, user behavior, location, etc.

 

How do we collect your data?

 

In general

 

On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form.

 

Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

 

Cookies

 

We use cookies to improve the user experience. Most of the cookies we use are so-called "session cookies". Session cookies are small units of information that a provider stores in the RAM of the visitor's computer. These cookies are absolutely essential for the technical provision of certain services such as shopping cart, registration.  Session cookies are deleted as soon as you end the session. As soon as we use the cookies for other purposes, e.g. for the purpose of analysis or the cookies from other providers "so-called third-party cookies", we will inform you separately in this privacy policy.

 

The use of cookies is based on our legitimate interests in the optimization, economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f) DSGVO.

 

Most browsers are set to automatically accept cookies. In general, you can prevent cookies from being stored on your hard drive by selecting "do not accept cookies" in your browser settings. You can also set your browser to ask you if you agree before setting cookies. Finally, you can also delete cookies once they have been set at any time. Please refer to the instructions for your browser to find out how to implement this measure.

 

When do we collect/process your data?

 

Visiting the website

Log files

We, or our hosting provider, automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

 

  • browser type and version
  • Operating system used
  • referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address
  • The data processing is based on our legitimate interest in the secure operation of the website within the meaning of Art. 6 (1) f) DSGVO.

 

The data will be deleted as soon as their collection is no longer necessary to achieve the purpose. This is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

 

Web analysis

 

Google Analytics

 

To analyze the surfing behavior of our users, we use Google Analytics on our website.  The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

 

Google Analytics sets cookies on the user's computer. The information generated by cookies about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.  Google will use this information on our behalf to evaluate the use of our online offer by users. In doing so, pseudonymous user profiles can be created from the processed data.

 

We use Google Analytics based on our interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO. In doing so, we pay attention to the protection of your personal data. For example, Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law:

 

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

 

In addition, we only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

 

We have instructed Google to delete or anonymize the users' personal data after 14 months.

 

Thus, you can prevent the storage of cookies by selecting the appropriate settings on your browser software. However, we point out that in this case you may not be able to use all functions of this offer in full.

 

Furthermore, you can prevent the collection and processing of this data by Google by downloading and installing the browser plugin available under the following link:

 

http://tools.google.com/dlpage/gaoptout

 

Alternatively, you can prevent the collection of data by Google Analytics by clicking on the following link:

 

Google Analytics tracking on this website is enabled. Click here to disable tracking

 

An opt-out cookie will be set that will prevent the collection of your data during future visits to this website.

 

For more information on how Google Analytics uses your data, please visit https://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.

 

Other third-party services and plugins

 

We use service offerings from third-party providers on our site. These include, for example, the services for the integration of videos, fonts or content from social networks. These services are called directly from the servers of the providers. In this process, the IP addresses of the users are sent to the providers for the purpose of displaying the content. Furthermore, the third-party providers may store cookies on the user's computer and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

 

The use of these third-party providers is based on our interests in the user-friendly design, optimization, analysis and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO. In doing so, we pay attention to the protection of visitor data. Thus, we inform the visitors. In addition, we only use providers that offer sufficient security to comply with EU data protection standards. Thus, providers from the USA are only used if they have a certification according to the Privacy Shield agreement. In addition, we take note of the providers' privacy policies and inform our visitors to the best of our knowledge and belief about the handling of user data as well as existing revocation/opt-out options.

 

Google Fonts

 

For the display of fonts on our site, we integrate the external fonts of Google, Inc., https://www.google.com/fonts ("Google Fonts").  The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

Google offers the possibility to object to the use of data for advertising purposes. Details can be found on this page: https://www.google.com/settings/ads/

 

Further information on the handling of user data can be found in Google's privacy policy at: https://policies.google.com/privacy?hl=de.

 

Google Maps

 

For the display of maps on our site, we use the service "Google Maps" from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

Google offers the possibility to object to the use of data for advertising purposes. Details can be found on this page: https://www.google.com/settings/ads/

  

Google Tag Manager

 

Furthermore, we use the "Google Tag Manager" to integrate and manage the Google analysis and marketing services on our website. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

 

 

Use of blog functions

 

Comments

 

In our blog, we offer users the possibility to create comments. For the comment function, in addition to your comment, information on when the comment was created, your e-mail address and the username you selected are stored.  In addition to this data, your IP address will be stored. The IP address is stored exclusively for the security of the provider in the event of illegal content (insults, prohibited political propaganda, etc.). The legal basis for the processing of the data entered during registration is Art. 6 para. 1 lit. f. DSGVO.

 

Contact

 

Contact forms, e-mail, telephone, social media.

When contact is made (e.g. via contact form, e-mail, telephone or social media), the information provided by the user is processed in order to handle the contact request. User information may be stored in a customer relationship management (CRM) system or similar request organization.

 

The legal basis for the processing of data transmitted in the course of using the contact form or sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.

 

We delete the data from the inquiries if they are no longer required to achieve the purpose. This is the case when the reason for the request has been fully clarified with the user, or the user does not respond to the questions asked for more than 9 months.

 

Order processing / provision of contractual services

 

In the context of order processing/provision of contractual services on our site, we process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services/products used, durations, names of contact persons, payment information). We process this data for the purpose of fulfilling our contractual obligations and services to enable their execution, delivery and payment.

 

We disclose the data to third parties only within the scope of the order for the purposes of mediation, delivery, payment and within the scope of legal permissions and obligations to legal advisors and authorities. The data will only be processed in third countries if this is necessary for the fulfillment of the contract (e.g. at the request of the customer for delivery or payment).

 

For the execution of the payment, the payment data is transmitted to the corresponding payment service providers.  If the delivery is made by shipping, we forward the data to the shipping company for the execution of the shipment. A further transmission of the data (for example, for advertising purposes) does not take place.

 

The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

 

Deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

 

Financial accounting and office organization

 

If you have concluded a contract with us or placed an order with us, we process your contract and inventory data as part of our sales organization and financial accounting.

 

The processing is based on our legitimate interests Art. 6 para. 1 lit. f. DSGVO as well as our legal obligations Art. 6 para. 1 lit. c.

 

In this context, we disclose or transmit data to the financial administration and advisors, such as, for example, tax advisors as well as other fee offices and payment service providers.

 

The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).nte documents and 10 years for tax law relevant documents.

 

Business analyses and market research

 

We process the communication, inventory and contract data of our customers or interested parties for the purpose of business analyses, marketing and market research.

 

The processing is based on Art. 6 para. 1 lit. f. DSGVO.

 

We pay particular attention to the protection of your personal data during processing. The analyses are created anonymously wherever possible and only on the basis of the existing data that we learn in the course of contract processing or your request. The same deletion periods apply as for contract processing and contacting.

 

Newsletter

 

If you would like to receive our newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the registered e-mail address and agree to receive the newsletter. We do not collect any further data. The data provided will be used exclusively for sending the requested information and will not be passed on to third parties.

 

We process the data provided exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time by clicking on the "unsubscribe" button in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

We store the data required for receiving the newsletter only until the receipt of the newsletter is revoked. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.

 

Since our interest is directed towards the use of a user-friendly as well as secure newsletter system, which serves our business interests as well as meets the expectations of the users and furthermore allows us to prove consent, the logging of the registration process is based on our legitimate interest pursuant to Art 6 para 1. lit f DSGVO.

 

How long do we store your data?

 

The criterion for the duration of storage of personal data is the respective legally prescribed retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.

 

If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

 

Your rights as a user

 

Right to confirmation

You have the right to request information as to whether personal data about you is being processed.

 

Right to information (Art. 15 DSGVO)

You have the right to receive free information about the personal data stored about you and a copy of this information.

 

Right to rectification (Art. 16 DSGVO)

You have the right to request the controller to correct your inaccurate personal data in question without undue delay.

 

Right to erasure and restriction (right to be forgotten) (Art. 17, 18 DSGVO)

You have the right to request that the personal data concerning you be erased without undue delay or, alternatively, to request restriction of the processing of the data in accordance with Art. 18 DSGVO.

 

Right to data portability (Art. 20 DSGVO)

You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you, which has been provided by you to a controller, in a structured, common and machine-readable format and to transfer this data to another controller without hindrance.

 

Right to revoke consent under data protection law (Art. 13 DSGVO)

You have the right to revoke consent to the processing of personal data at any time if the processing is based on Art.6(1)(a) or Art. 9(2)(a), without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

 

Right to object (Art. 21 DSGVO)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the DS-GVO. This also applies to profiling based on these provisions. If personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling where it is related to such direct marketing.

Viewed