The following data protection declaration applies to the use of www.smartfabrik.de online offers and or quotes (here after “website”, “we”, “us”).

We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the (German) General Data Protection Regulation (GDPR) (Datenschutzgrundverordnung (DSGVO)).

1. Responsible Entities

The person(s) responsible for the collection, processing and use of personal data within the meaning of Art. 4 No. 7 GDPR is

smartfabrik GmbH & Co. KG
Saint-André-Straße 8
D-41542 Dormagen

Managing Director: Sebastian Strickling
Commercial Register Nr.: HRA 792
Registration Court: Krefeld
E-Mail: info@smartfabrik.de

If you wish to object to the collection, processing or use of your data in accordance with above mentioned data protection provisions as a whole, or for individual measures, you can address your objection to the responsible entities. You can store and or print this privacy statement at any time.

 

2. General purposes of processing

Personal data is used in the running of the website, processing contracts, fulfilling contractual obligations, complying with statutory storage requirements, customer service and customer care, processing

3. Data we use and why

3.1  Hosting

In order to operate the website we utilise the following hosting services: Infrastructure and platform services; computing capacity services; storage space and database services; security and technical maintenance services.

We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and customer communication, interested parties and visitors of this website on the basis of our legitimate interests in an efficient and secure provision of our website in compliance with Art. 6 para. 1 sentence 1 lit. f) GDPR in conjunction with Art. 28 GDPR.

3.2  Data Access

We collect information about you when you use this website. We automatically collect information on your website usage and your interaction with us; this includes data concerning your computer or mobile device. We collect, store and use data over each access to our website (server log files). This data access includes:

• Name and URL of the transmitted file
• Date and time of the transmission
• Amount of data transferred
• Report on successful transmission (HTTP response code)
• Browser type and version
• Operating system
• Referrer URL (i.e. the previously visited page)
• Websites that are accessed by the user’s system via our website
• Users Internet service provider
• IP address and the requesting provider

Without referencing or profiling you personally, we use this data log for statistical evaluations of functionality, securing and optimising our website; also to anonymously record website (traffic) visitor numbers, and to the extent of how and how often our website and services are used. Additionally, to measure the number of clicks received from cooperation partners for billing purposes. Based on this information, we can provide personalised and location-based content, analyse traffic, search for and correct errors, and thus improve our services.

This is within our legitimate interest in compliance with Art. 6 para. 1. sentence 1 lit. f) GDPR.

We reserve the right to subsequently review the data log if and when there is a justified suspicion of unlawful use based on concrete indicators. We store IP addresses in the log files for a limited period of time as and if necessary for security purposes, or for the provision of services, or the billing of a service, e.g. if you make use of one of our offers. Should an order be cancelled during the online order process, or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if and when we have a concrete suspicion of a criminal offence in connection with the use of our website. In addition, as part of your account, we store the date of your last visit (i.e. when registering, logging in, clicking links, etc.).

3.3  Cookies

We use session cookies to optimise our website. A session cookie is a small text file that is sent by the respective servers when you visit any website and is temporarily stored on your hard drive. This file contains a session ID, with which various requests from your browser can be assigned to a given session. This enables your computer to be recognised when you return to our website. These cookies are deleted when your browser is closed. They are used, for example, to enable you to use the shopping cart function across several pages.

To a lesser extent, we also use persistent cookies (small text files that are persistently stored on your hard drive), which remain on your hard drive and enable us to recognise your browser when you next visit. These cookies are stored on your hard drive and delete themselves after a specified time, this varies between 1 month and 10 years. They enable us to present our website in a more user-friendly, effective and secure manner and, for example, to display information on the site that is specifically tailored to your interests. Our legitimate interest in the use of cookies in compliance with Art. 6 para. 1, sentence 1 lit. f) GDPR is to make our website more user-friendly, effective and secure.

The following data and inherent information is stored these cookies:

• Log-in information
• Language settings
• Search terms used
• Information as to the number of times our website is accessed and the use of individual functions of our website.

When a cookie is activated, it is assigned an identification number, an assignment of your personal data to this identification number is not made. Your name, IP address or similar data that would enable the cookie to identify you, are not contained in the cookie. On the basis of the cookie technology, we only receive pseudonymised information, for example, over which pages of our shop were visited, which products were viewed, etc.

You can set your browser such that you will be informed in advance of cookies requesting installation, you can then decide whether you wish to exclude the installation for certain cases or in general, or that cookies are completely refused. This may restrict the functionality of the website.

3.3.1  Google Tag Manager

We use Google Tag Manager on our website to manage our website tags via an interface. The Google Tag Manager only implements tags – no cookies are set and personal data is not collected by Google. The Google Tag Manager triggers other tags, which in turn – as explained in this privacy statement – may collect personal data. However, the Google Tag Manager does not access this data. If you have deactivated a tag at domain or cookie level, this will remain in place for all tracking tags, in as far as these are implemented with the Google Tag Manager.

3.4 Contractual Obligations fulfilment Data

We process personal data that is necessary to fulfil our contractual obligations, these include name, address, e-mail address, your product orders, billing and payment data. The collection of this data is required for contract conclusion.

Data deletion occurs on expiry of the liability and legal storage periods. Data linked to a user account (see below) will be retained for the duration of the account management.

This data is required in order to fulfil our contractual obligations, the legal basis for this is Art. 6 para. sentence 1 lit. b) GDPR.

3.5  User account

Depending on current promotional offers, you can create a user account on our website. If you wish to do so, we require your personal data as requested during login. When you log in at a later time or date, only your e-mail or user name and your chosen password are required.

For new registrations, we collect master data (e.g. name, address), communication data (e.g. e-mail address) and payment data (bank details), as well as access data (user name and password). Um Ihre ordnungsge

On completing your registration you will receive an activation link via e-mail. This is to insure proper access to your account and to prevent unauthorised access by third parties. Only after successful registration do we permanently store the data you have entered into our system.

Once you have created a user account, you can ask for it to be deleted at any time without incurring any costs other than those of your internet provider. A notification in text form to the contact data mentioned under point 1 (e.g. e-mail, fax, letter) is sufficient for this. We will then delete your stored personal data unless it is needed in processing orders or due to statutory storage obligations.

The legal basis for processing this data is your consent in compliance with Art. 6 para. sentence 1, lit. a) GDPR.

3.6  Newsletter

To register for our newsletter, the data requested during the registration process is required. Registration of the Newsletter is then logged. After registration, you will receive a message to the specified e-mail address in which we ask you to confirm the newsletter registration (“double opt-in”). This is necessary in insure that third parties cannot register with your e-mail address. You can revoke aforementioned consent at any time and thus unsubscribe.

We store newsletter registration data as long as it is required to send the newsletter. We store log-on data and the shipping address as long as there is a proven interest within the original consent; as a rule, this is equal to the limitation periods for claims under civil law, i.e. a maximum of three years.

The legal basis for mailing newsletters is your consent in compliance with Art. 6 para. 1 sentence 1 lit. a) in combination with Art. 7 GDPR in conjunction with § 7 sentence 2 No. 3 UCA (Unfair Competition Act / Unreasonable Harassment). The legal basis for logging your access is our legitimate interest in proving mailings to which you have consented.

You can cancel your account at any time without incurring any costs other than those of your internet provider. A notification in text form to the contact data mentioned under point 1 (e.g. e-mail, fax, letter) is sufficient for this There is also an unsubscribe link in every e-mail.

3.7 Product recommendations

We will be sending regular product recommendations by e-mail, independently of our newsletters. On the bases of your most recent purchases of goods or services, we will be sending information on our product range that might interest you. In doing so, we strictly adhere to the legal requirements. You can object to this at any time without incurring any costs other than those of your internet provider. A notification in text form to the contact data mentioned under point 1 (e.g. e-mail, fax, letter) is sufficient for this. There will also be an unsubscribe link in every e-mail. The legal basis for this is in compliance with Art. 6 para. 1, sentence 1 lit. f) GDPR in conjunction with § 7 para. 3 UCA.

3.8  E-Mail Contakt

If and when you contact us (e.g. via contact form or e-mail), we will process your data such as is necessary to process your request and for or in case of follow-up questions. If and when data processing is carried out in order to implement pre-contractual estimations, at your request, or, if you are already our customer, for the implementation of a contract, the legal basis for this data processing is in compliance with Art. 6 para. 1, lit. b) GDPR. Further processing of personal data is subject to your consent (Art. 6 para. sentence 1, lit. a) GDPR) or we have a legitimate interest in data processing (Art. 6 para. 1, sentence 1 lit. f) GDPR). A legitimate interest is, for example, in order to respond to an e-mail received from you.

4.  Tracking-Tools

4.1  Google Analytics

We make use of Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by such cookies is usually transmitted to and stored on a Google server in the USA. The legal basis for this is our legitimate interest in compliance with Art. 6 para. 1, sentence 1 lit. f) GDPR.

Google has submitted to the Privacy Shield agreement between the European Union and the USA and is thus certified. Google has undertaken to comply with the standards and regulations of the European Data Protection Law. You can find more information in the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

We have activated IP anonymisation on our website (anonymizeIp). This means that your IP address will be shortened by Google within the member states of the European Union or in other contracting states of the Agreement in the European Economic Area. Only on rare occasions will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google uses this information in order to evaluate your use of our website, for compiling reports on website activity and providing other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data from Google. You may refuse the use of cookies by selecting the appropriate settings in your browser, however please note that if you do this, you may not be able to use the full functionality of our website.

You can also prevent the transfer of data generated by cookies and related to your use of our website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent any collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you will need to click this link again): [Disable Google Analytics]

4.2  Facebook-Pixel und Targeting (Custom Audiences):

With the help of FacebookPixel (or comparable functions / applications to send event data and or contact information by means of interfaces within apps), it is possible for Facebook to determine who is part of a given target group and thus display suitable advertisements (“Facebook Ads”). This enables us to use FacebookPixel in order to display FacebookAds to users on Facebook and within the services of partners cooperating with Facebook (“Audience Network” https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our (online) product range, or who have shown certain characteristics (e.g. interest in specific topics or products which become evident through the visited websites) which we then transmit to Facebook (“Custom Audiences”).
With the help of the FacebookPixel, we also wish to ensure that our Facebook Ads correlate with the potential interest of users and do not have an harassing effect. FacebookPixel also enables us to track the effectiveness of the statistical and market research purposes by showing us wether users were redirected to our website after clicking on a Facebook Ad (“conversion measurement”).

Facebook Ireland Ltd. and we are jointly responsible for the collection or receipt of “event data” that Facebook collects or receives (but not the further processing there of) during the course of a transmission. This is achieved by means of FacebookPixel and or comparable functions (e.g. interfaces) that are executed within our website for the following purposes: a) Displaying advertisements containing information that matches users’ presumed interests; b) Sending commercial and transactional messages (e.g. targeting users via Facebook Messenger); c) Improving advertisement delivery and personalising features and content (e.g. improving how we identify which content or advertising information presumably matches users’ interests).
We have entered into an agreement with Facebook (“Responsible Party Addendum”, https://www.facebook.com/legal/controller_addendum), which particularly regulates the security measures Facebook has agreed to fulfil (i.e. users can, for example, provide information or make deletion requests directly to Facebook). Note: When Facebook provides us with metrics, analytics, and reports (which are aggregated, i.e. do not contain information about individual users who are anonymous to us), this processing is not carried out with shared responsibility, but is covered by an information processing agreement (“Data Processing Terms“, https://www.facebook.com/legal/terms/ dataprocessing): “Data Security Terms and Conditions” (https://www.facebook.com/legal/ terms/data_security_terms) and, with regard to processing in the USA, on the basis of standard contractual clauses (“Facebook EU Data Transfer Addendum, https:// www.facebook.com/legal/EU_data_transfer_addendum) . The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority), are not restricted by the agreements with Facebook:

• Types of Data Processed: Usage (e.g. websites visited, interest in content, access times); meta/communication (e.g. device information, IP addresses); location (information as to geographical position of a device or a person); and event data (Facebook) (“event data” is data that can be transmitted, e.g. via FacebookPixel (via apps or in other ways), by us to Facebook and relates to persons or their actions; this data includes, for example, information as to visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; event data is processed in order to create target groups for content and advertising (Custom Audiences); event data does not include the actual content (such as comments written), neither login information nor contact information (i.e. names, e-mail addresses or phone numbers). Event data is deleted by Facebook after a maximum of two years, the target groups formed from them with the deletion of our Facebook account).
• Persons affected: Users (e.g. website visitors, users of online services); interested parties.
• Purpose of Data Processing: tracking (e.g. interest / behaviour-based profiling, use of cookies), re-marketing, conversion measurement (measurement of effectiveness of marketing measures), interest-based and behavioural marketing, profiling (creation of user profiles), coverage measurement (e.g. access statistics, recognition of returning visitors), targeting (determination of target groups relevant for marketing purposes or other output of content), cross-device tracking (cross-device processing of user data for marketing purposes).
• Security measures: IP masking (pseudonymisation of the IP address).
• Legal basis: Consent (Art. 6 para. 1, sentence 1 lit. a) GDPR), Legitimate interests Art. 6 para. 1, sentence 1 lit. f) GDPR)
• Objection options (opt-out): We refer to the data protection terms of the respective providers and the objection options (“opt-out”) of these providers. If no explicit optout option has been specified, the option of refusing cookies in your browser settings is an alternative. However, this may restrict the functionality of our website. We therefore recommend the following additional opt-out options, a summary for the respective areas are given below: • a) Europe: https://www.youronlinechoices.eu. • b) Canada: https://www.youradchoices.ca/choices • c) USA: https://www.aboutads.info/choices • d) Inter-territorial: https://optout.aboutads.info.
  
  

Services Used and Service Providers:

• FacebookPixel and Targeting (Custom Audiences): Service provider: https:// www.facebook.com, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Statement: https:// www.facebook.com/about/privacy; Opt-out: https://www.facebook.com/settings? tab=ads.
  
  

4.3 Plugins and embedded Functions including Content

Our website integrates functional and content elements. These are obtained from the servers of the respective providers (here after referred to as “third-party providers”). These can be, for example, graphics, videos or social media buttons and posts (here after uniformly referred to as “content”). This integration always requires that third-party providers process the user’s IP address, since, without the IP address, it would not be possible to send any content to a specific browser.
The IP address is therefore required in order to display afore mentioned functions and or content. We strive only to use such content, as to allow the respective provider only to use the IP address in order to deliver the necessary content. Third-party providers may also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These “pixel tags” can be used to evaluate information such as visitor traffic to the website.
The pseudonymous information may also be stored in cookies on the user’s device. These may contain, among other things, technical information as to the browser and operating system, referring websites, time of visit, and other information on the use of our website; as well as being linked to such information from other sources.
Notes on Legal Basis: User consent is the legal basis for data processing by third-party providers. User data is otherwise processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in afore mentioned privacy statement. Types of data processed: Usage (e.g. websites visited, interest in content, access times); meta/communication (e.g. device information, IP addresses); contact (e.g. e-mail, telephone numbers) and content data (e.g. text entries, photographs, videos), inventory data (e.g. names, addresses).

• Persons affected: Users, (e.g. website visitors, online service users), communications partner

• Purposes of Data Processing: Availability of our online product range, userfriendliness, contractual performance and service, contact requests and communication, direct marketing (by e-mail or post), tracking (interest/behaviourbased profiling, use of cookies), interest-based and behavioural marketing, profiling (creation of user profiles), feedback (collection of feedback via online form), security measures, administration and response to requests.

• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f). GDPR), Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  
  

Services Used and Service Providers:

• Facebook Social Plugins: This may include content such as images, videos or texts and buttons with which users can share any content of this website within Facebook. The list and appearance of Facebook Social Plugins can be viewed under: https://developers.facebook.com/docs/plugins/ ; service provider: https:// www.facebook.com , Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com Privacy Statement: https:// www.facebook.com/about/privacy ; Privacy Shield (Ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/ participant?id=a2zt0000000GnywAAC&status=Active ; Objection option (Opt-Out): Advertising settings: https://www.facebook.com/settings?tab=ads .
• Instagram plugins and buttons: These may include content such as images, videos or texts and buttons with which users can share any content of this website within Instagram. Service provider: https://www.instagram.com, Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com ; privacy statement: http://instagram.com/about/legal/privacy

• LinkedIn plugins and buttons: These may include content such as images, videos or texts and buttons with which users can share any content of this website within LinkedIn. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Website: https://www.instagram.com; privacy statement: https:// www.linkedin.com/legal/privacy-policy; Privacy Shield (Ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/ participant?id=a2zt0000000L0UZAA0&status=Active ; Objection option (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

• Privacy Policy: https://twitter.com/de/privacy.

• YouTube: videos; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; privacy statement: https://policies.google.com/privacy ; Privacy Shield (Ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/ participant?id=a2zt000000001L5AAI&status=Active ; objection option (Opt-Out): Opt-Out-Plugin: http://tools.google.com/dlpage/gaoptout?hl=de , advertisement placement settings: https://adssettings.google.com/authenticated.

• Xing plugins and buttons: Xing plugins and buttons: These may include content such as images, videos or texts and buttons with which users can share any content of this website within Xing. Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland; Website: https://www.xing.com ; privacy statement: https://privacy.xing.com/de/datenschutzerklaerung.
• Borlabs cookie: This website uses Borlabs cookies which set technically necessary cookies (borlabs-cookie) to store your cookie consents.

Borlabs cookies do not process any personal data. The borlabs-cookie stores the consent you gave when you entered the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you reload the website, you will be asked again for your cookie consent.

5. Storage period

Unless specifically stated, we only store personal data for as long as is necessary to fulfil the intended purposes. In some cases, the legislator stipulates the storage of personal data, as required by tax or commercial law. In these cases, we only continue to store the data for such legal purposes, but do not process them in any other way. This data will be deleted as and when the legal storage period has expired.

6. Rights as Person Affected by Data Processing

Under the applicable laws, you have a number of rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or post, clearly identifying yourself, to the address mentioned above in point 1. Below you will find an overview of these rights.

6.1 Right of Confirmation and Information

You have the right to receive clear information as to the processing of your personal data. In detail: You have the right to receive our confirmation, at any time, as to whether any data relating to you is being processed. Should this be the case, you may justifiably request information, free of charge, on our storage of all your personal data, including a copy of this data. Furthermore, you have the right to the following information:

1. processing purpose;
2. personal data categories that are being processed;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed to, in particular in the case of recipients in non-EU / EEA countries or international organisations;
4. if and when possible, the planned duration for which the personal data will be stored, or, should this not be possible, the criteria for determining the storage duration;
5. you have the right for any data pertaining to you to be rectified, erased or to have the processing restricted by the responsible entities, or to object to such processing;
6. you have the right of appeal to a supervisory authority;
7. if personal data was not collected from you personally, all available information concerning the origin of that data;
8. the existence of decision-making based solely on automated processing, including profiling, in compliance with Art 22 para. 1 and 4 GDPR, and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing.

If personal data is transferred to a non-EU / EEA country or to an international organisation, the right to be informed of the appropriate safeguards in compliance with Art. 46 GDPR in connection with the transfer is upheld.

6.2 Right of Rectification

You have the right to request that we correct and, if necessary, complete personal data. In detail: You have the right to request that we correct any inaccurate personal data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – if necessary, by means of an additional communication.

6.3 Right of Deletion (“right to be forgotten”)

In certain cases we are obliged to erase personal data. In detail: In compliance with Art. 17 para. 1 GDPR, you have the right to request deletion of personal data without undue delay. If one of the following applies. we are obliged to delete personal data without undue delay:

1. Personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
2. Consent is withdraw on which the processing was based in compliance with Art. 6 para.1 sentence 1 lit. a) GDPR or Art. 9 para. sentence 2 lit. a) GDPR and there is no other legal basis for the processing.
3. The option to object to the processing is in compliance with Art. 21 para. 1, and or Art. 21 para 2 GDPR are requested and there are no overriding legitimate grounds for the processing.
4. Personal data has been unlawfully processed.
5. The deletion of personal data is necessary for compliance with a legal obligation under union or member state law to which we are subject.
6. Personal data has been collected in relation to information services in compliance with Art. 8 para. 1 GDPR.

Should any personal data have been made public, and we are obliged to delete it in compliance with Art. 17 para. 1 GDPR, reasonable steps will be taken to do so. This includes technical measures using all available technology, the cost of implementation, informing the responsible entities for such processing, that an eligible request has been made for deletion of all links to, or copies, or replications of afore mentioned data.

6.4 Right of Deletion (“right to be forgotten”) Restriction

In certain cases, a legitimate request to restrict the processing of personal data is valid. In detail: You have the right to request processing restriction if one of the following conditions is met:

1. the accuracy of the personal data is contested, the restriction will be at least as long as it takes to verify the accuracy of the personal data;
2. the processing is unlawful and deletion of personal data has been refused, instead a restriction has been requested as to the use of the above mentioned data;
3. we no longer need to process your personal data for the reason given, but it is required to assert, exercise or defend legal claims, or
4. objection to the processing has been made in compliance with Art. 21 para. 1 GDPR, in as far as it has not yet been determined whether we have legitimate reasons that override those of yours.

Should any personal data have been made public, and we are obliged to erase it in compliance with Art. 17 para. 1 GDPR, reasonable steps will be taken to do so. This includes technical measures using all available technology, the cost of implementation, informing the responsible entities for such processing, that an eligible request has been made for deletion of all links to, or copies of, or replications of afore mentioned data.

6.5 Right to Data Portability

In certain cases, it is justified to request a restriction on the processing of personal data. In detail: You have the right to access your personal data which you provided in a structured, approved machine-readable format. You also have the right to request that your data be transferred to another responsible entity without hindrance from us, provided that

1. the processing is based on consent in compliance with Art. 6 para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract in compliance with Art. 6 para. 1 sentence 1 lit. b) GDPR and
2. the processing is carried out with the aid of automated procedures.

When exercising your right to data portability in compliance with paragraph 1, you have the right to request that your personal data be transferred directly to another responsible entity, where this is technically feasible.

6.6 Right of Appeal

You also have the right to object to lawful processing of your personal data, if this is based on your particular situation and our interests in the processing do not override yours.

In detail: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, which is carried out in compliance with Art. 6 para. 1 sentence lit. e) or f) GDPR; this also applies to profiling based on these provisions. We shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for this processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If your personal data is processed by us for the purpose of direct marketing, you have the right to object at any time to such processing; this also applies to profiling insofar as it is associated with direct marketing.

You have the right to object, on grounds relating to your particular situation, to the processing of your personal data which is carried out for scientific or historical research purposes or for statistical purposes in in compliance with Art. 89 para. 1 GDPR, unless the processing is necessary in order to complete a task which is in public interest.

6.7 Automated decision making including profiling

You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Automated decision-making based on the personal data collected does not take place.

6.8 Right to Revoke Consent under the Data Protection Law

You have the right to withdraw consent to the processing of personal data at any time.

6.9 Right to Complain to a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the country of your residence, place of work or place of the alleged infringement, if you consider that processing your personal data is unlawful.

7. Data Security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data is encrypted before it is transmitted. This applies not only to your orders but also to customer login. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete data protection against access by third parties is not possible.

To secure your data, we maintain technical and organisational security measures in compliance with Art. 32 GDPR, which we continually update so as to be technically state of the art.

Further, we cannot guarantee that our website presence will be available at all times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.

8. Disclosure of data to third parties, no data will be transferred to non-EU / EEA countries

As a general rule, we only use your personal data within our company. If and when we involve third parties to support our contract fulfilment (such as logistics service providers), they will only receive such personal data as is necessary for these services to be fulfilled.

In the event that we outsource segments of data processing (“commissioned processing”), we contractually oblige the commissioned third party to only use personal data in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject. A data transfer to entities or persons outside the EU / EEA other than the case mentioned in this statement in point 4 does not take place and is not planned.

Language
Where smartfabrik has provided you with a translation of the German language version of these Terms, you agree that the translation is provided for your convenience only and that the German language version of the Terms will govern your relationship with smartfabrik. If there is any contradiction between what the German language version of these Terms stipulate and that of the translation, then the German language version shall take precedence.