privacy

Data protection

Status: 09/2021

We only process personal data (hereinafter "data") of users to the extent that this is necessary to provide a functional and comfortable website as well as our content and services.

“Processing” means collection, use, disclosure and/or storage. According to the EU General Data Protection Regulation (hereinafter “GDPR”), “personal data” is basically all data with which a natural person can be identified. The precise definitions of the terms are set out in Art. 4 GDPR.

The following statements inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, the purposes and means of processing which we decide alone or together with others, as well as about the optimization and quality of use we may have Components used by third parties who process data on their own responsibility:

__________________________________________

  1. A) Information on the person responsible
  2. B) User's rights
  3. C) Information on data processing

__________________________________________

  1. A) Information on the person responsible

The person responsible (hereinafter "provider") within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

Polyment GmbH

Feldstrasse 90

25421 Pinnenberg

Mobile phone: +49/ (0)17657854923

Email: info@polyment-shop.de

  1. B) User's rights

With regard to the processing of his personal data set out below by the provider, the user has the right

  1. to request confirmation as to whether the data concerning him/her is being processed and for precise information about this data as well as further information and copies of the data in accordance with Art. 15 GDPR;

  1. to demand the immediate correction of the incorrect data concerning him or the completion of this data in accordance with Art. 16 DSGVO;

  1. to demand that the data concerning him be deleted immediately in accordance with Art. 17 GDPR, alternatively, if, for example, further processing is required in accordance with Art. 17 Para. 3 GDPR, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR ;

  1. that he receives the data relating to him and provided by him in accordance with Art. 20 GDPR and to request their transmission to other responsible parties;

  1. to lodge a complaint with the supervisory authority in accordance with Art. 77 GDPR if the user believes that the processing of his data by the provider violates the GDPR.

__________________________

  1. In principle, the user can object to the future processing of data concerning him, which is carried out by a person responsible on the basis of Article 6 (1) (f) GDPR, at any time in accordance with Article 21 GDPR. The objection can be made in particular against processing for direct advertising purposes.

__________________________

  1. The provider is also obliged to notify all recipients of the data to whom the data was disclosed by him of any correction or deletion of personal data or a restriction of processing that takes place on the basis of Article 16 GDPR, Article 17 paragraph 1 GDPR and Article 18 GDPR . The obligation does not exist in the event that this notification proves impossible or involves a disproportionate effort. The user has the right to information about these recipients.

  1. C) Information on data processing

If no detailed information is given below about the individual data processing, the user data processed by the provider will be deleted or blocked as soon as the purpose of storage no longer applies and the deletion does not conflict with any statutory storage obligations.

server data

For communication and security reasons, the following data, which the user's Internet browser transmits to the provider or his web space provider, is collected during the visit to the website (so-called server log files):

- browser type and version;

- operating system used;

- Website from which the user switched to the provider's website (referrer URL);

- Website visited by the user;

- date and time of access;

- Internet protocol (IP) address of the user.

The data is also stored temporarily. This data is not stored together with other personal data of the user. The legal basis for the temporary storage is Article 6 Paragraph 1 Letter f GDPR based on the legitimate interest in improving the stability, functionality and security of the website.

The data will be deleted after seven days at the latest. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.

cookies

  1. a) Cookies

The person responsible uses so-called cookies on his website. Cookies are small text files or other storage technologies that the Internet browser used by the user stores and saves on the end device. These cookies process certain user information, such as browser and location data and IP address values, on an individual basis.

The use allows the person responsible to make his website more user-friendly, more effective and more secure.

The "persistent" cookies allow the website to recognize the user via his browser if he visits the website again in the near future, in order not to display or query the settings already made by the user with regard to the cookies again.

The processing serves the legitimate interest of the person responsible in improving the functionality of the website and the fulfillment of legal requirements and is based on the legal basis of Article 6 Paragraph 1 lit. f GDPR.

The "session" cookies are deleted when the user closes their browser. The "persistent" cookies are automatically deleted after 12 months. This period varies depending on the cookie, but does not exceed a period of 12 months.

  1. b) Third party cookies

Third-party cookies may also be used on the provider's website. These third-party providers are partner companies with which the provider works together for the purpose of advertising, analysis or the functionalities of the website. If this is the case, the purposes and legal basis of the corresponding processing are set out below.

  1. c) Possibility of disposal

The user can prevent or restrict the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, the processing cannot be prevented via the browser settings, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may result in not all functions of the website being fully usable.

Cookie Manager

To obtain consent to the use of technically unnecessary cookies on the website, the provider uses the cookie manager "Beeclever" from beeclever GmbH, Universitätsstraße 3, D-56070 Koblenz,

https://beeclever.de/

a.

When the website is called up, a cookie with the setting information is stored on the user's end device so that the query with regard to consent does not have to be made when you visit again. This cookie has a lifespan of 12 months.

The cookie is required to obtain legally compliant user consent.

The user can prevent or stop the installation of cookies by changing the settings in his browser. More on this under “Cookies” above.

contract execution

  1. a) Processing

The personal data provided by the user for the purpose of purchasing goods or services will be processed by the provider for the purpose of contract processing. The details of the data are required for the conclusion of the contract; it is not possible to conclude a contract without providing the data. The legal basis for processing is Art. 6 (1) (b) GDPR. After the contract has been fully processed, the user's data will be deleted with regard to tax and commercial law retention periods.

  1. b) Disclosure

The user's personal data will be passed on to the financial service provider or the shop software service provider as part of the contract processing, insofar as this is necessary. The legal basis for the transfer of data is Article 6 (1) (b) GDPR.

  1. c) Credit checks

If the customer selects the payment service provider PayPal, Amazon, shopify Payments or Klarna, creditworthiness inquiries may be made by the respective payment service provider for certain payment methods also selected by the customer. The customer will be informed of this by the respective payment service provider at the latest before the start of the payment process.

customer account

If the user registers for a customer account with the provider, the data entered during this registration (e.g. name, address, e-mail address) will only be used to fulfill a contract or to carry out pre-contractual measures and for general administration of the customer relationship ( e.g. retrieval of previous orders or notepad function) is collected and stored. With the registration, the IP address and the date and time of the registration are also saved. A transfer to third parties does not take place.

If the user has consented, the legal basis is Article 6 (1) (a) GDPR. As part of the registration process, the user's consent to the above processing may be obtained and reference is made to this data protection declaration. The data collected in this way will only be used for the aforementioned purpose. A transfer to third parties does not take place.

If the opening of the customer account serves to fulfill a contract or to carry out pre-contractual measures, the additional legal basis is Article 6 (1) (b) GDPR.

The user can revoke consent given for the customer account at any time in accordance with Article 7 (3) GDPR by notifying the provider. The data processed in this context will be deleted as soon as their processing is no longer required. If the data is required to fulfill a contract or to carry out pre-contractual measures, the user's data will be deleted upon expiry of the retention periods under tax and commercial law.

Shopify

  1. a) Use of the Shopify shop software

The provider uses the "Shopify" shop system to display the offers, to process the contract and for hosting.

The legal basis for this is the initiation of a contract and/or the execution of the contract in accordance with Article 6 (1) (b) GDPR.

"Shopify" is a federation of Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., Shopify (USA) Inc., Shopify Commerce Singapore Pte. Ltd., and Shopify International Limited.

If the user is based in the European Economic Area (EEA), processing is carried out by Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify").

Due to the association, it cannot be ruled out that processing will also take place outside the EEA (Canada and USA). In the case of the transmission of data to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the adequacy decision of the European Commission.

“Shopify” processes the following user data on behalf of the provider:

Name, e-mail address, delivery and billing address, payment data, company name, telephone number if applicable, IP address, information about orders, information about the merchant shops supported by “Shopify” that the user visits, and information about the device and browser used.

Further information about data processing by Shopify International Limited can be found under the following link:

https://www.shopify.de/legal/datenschutz .

  1. b) Shopify web analysis

By using Shopify, cookies for web analysis are also used on the website. Information such as time, place and frequency of the user's website visit is transmitted to a Shopify server and evaluated via the cookies.

The legal basis for this is Art. 6 (1) (a) GDPR. The user can revoke their consent to this in accordance with Art. 7 Para. 3 GDPR at any time by changing the cookie settings on the website for the future.

contact requests

If the user contacts us, the user's personal data entered on this occasion will be used to process the request.

If the contact request serves to fulfill a contract or to carry out pre-contractual measures, such as a price request, the legal basis is Article 6 (1) (b) GDPR.

The user's data will be deleted if the user's request has been finally answered and there are no legal storage requirements, such as in the case of subsequent contract processing.

The legal basis can also be the consent of the user in accordance with Article 6 (1) (a) GDPR.

The user can revoke consent given for the contact request at any time in accordance with Art. 7 Para. 3 GDPR by notifying the provider. The data processed in this context will be deleted as soon as their processing is no longer required.

Newsletter

If the user registers for the provider's free newsletter, the data requested in the input mask (e-mail address) will be transmitted to the provider. In addition, the IP address and the date and time of registration are saved. As part of the registration process, the user's consent is obtained and the content is specifically described. At the same time, reference is made to this data protection declaration. The data collected in this way is used exclusively for subscribing to the newsletter. A transfer to third parties does not take place.

The legal basis is Article 6 (1) (a) GDPR. The user can revoke their consent to this in accordance with Art. 7 Para. 3 GDPR at any time for the future by sending a message to the provider or by using the unsubscribe link contained in the newsletter.

direct mail

The provider reserves the right to use the data collected on the occasion of an order for direct advertising by e-mail or by post in accordance with Section 7 (3) UWG if the user does not object to this use. Direct advertising exclusively includes offers for similar products or services to the products or services already purchased by the user from the provider. In this case, the legal basis is Article 6 (1) (f) GDPR. The legitimate interest of the provider consists in the economic interest of sales and improvement of its services.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter "Google".

Google Analytics is used by the provider to analyze the use of the website. The legal basis for this is Art. 6 (1) (a) GDPR. The user can revoke their consent to this in accordance with Art. 7 Para. 3 GDPR at any time by changing the cookie settings on the website for the future.

Information such as the time, place and frequency of the user's website visit, including their IP address, is transmitted to a Google server in the USA and stored there.

In the opinion of the data protection supervisory authorities, however, the USA does not currently have an adequate level of data protection. However, there are so-called standard contractual clauses between the provider and Google:

https://privacy.google.com/businesses/compliance/#!#gdpr

However, these are private law agreements and therefore have no impact on the access options of the authorities in the USA.

The provider uses Google Analytics with an anonymization function. As a result of this addition, Google will already shorten the IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Google will use the data collected in this way to evaluate the user's visit to the website and to compile reports on website activity for the provider. In addition, the data is used to provide other services related to website and internet use. Google may also transfer this information to third parties if required to do so by law or if third parties process this data on Google's behalf.

According to their own statements, Google will under no circumstances associate the IP address of the user with other Google data. Google offers further information, in particular on the possibilities of preventing the use of data, under the following link:

https://www.google.com/intl/de/policies/privacy/partners

Google also offers a deactivation add-on for the most common browsers, which gives the user more control over which data Google collects on the website accessed by the user. The add-on tells the Google Analytics JavaScript (ga.js) that no information about the website visit should be sent to Google Analytics. However, the deactivation add-on for browsers from Google Analytics does not prevent information from being transmitted to the provider or to other web analysis services used by the provider and listed in this data protection declaration. Further information on installing the browser add-on is available under the following link:

Browser add-on to disable Google Analytics

Bugsnag

The provider uses the Bugsnag component to immediately identify errors or faults on the website. Bugsnag is a product of Bugsnag Inc. located at 939 Harrison St, San Francisco, CA 94107, USA.

If a disruption or error is detected, the calling anonymized IP address and other technical data (e.g. browser settings) of the user are transmitted to Bugsnag for error analysis as part of the use of Bugsnag. Bugsnag also uses cookies for this.

Bugsnag offers further information under the following link:

https://docs.bugsnag.com/legal/privacy-policy

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. For more information, see “Cookies” above.

Integration of social media

The provider uses a link to the social networks listed below on the website.

The legal basis for this is Art. 6 (1) (f) GDPR. The legitimate interest of the provider is to improve the quality of use of the website.

The plugins are integrated via a linked graphic. The user is only forwarded to the service of the respective social network by clicking on the corresponding graphic.

After the customer has been forwarded, information about the user is recorded by the respective network. This is initially data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network at the same time, the network operator can, if necessary, assign the information collected from the user's specific visit to the user's personal account. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and, if necessary, published. If the user wants to prevent the collected information from being directly assigned to his user account, the user must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are linked by the provider:

Facebook - Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy Policy: https://www.facebook.com/policy.php

Twitter - Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Operator within the EU: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy Policy: https://twitter.com/de/privacy

Pinterest - Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA. Operator within the EU: Pinterest Europe Ltd., Palmerston House, 2nd Floor Fenian, Street, Dublin 2, Ireland.

Data protection:

https://policy.pinterest.com/de/privacy-policy