Since 25 May 2018, the provisions of the EU General Data Protection Regulation (hereinafter: GDPR) have applied throughout Europe. In the following, we would like to inform you about the processing of personal data carried out by Nicolay, Lemke & Cichy GbR in accordance with this regulation (compare Article 13 DSGVO). Please read our data protection information carefully. If you have any questions or comments about this data protection information, you can send them at any time to this email address: email@example.com
Table of contents
- Name and contact details of the data controller and the company data protection officer
- Purposes of data processing, legal bases and legitimate interests pursued by Nicolay, Lemke & Cichy GbR or a third party as well as categories of recipients
- Recipients outside the EU
- Your rights
- Data security
The following data protection information informs you about the type and scope of the processing of so-called personal data by Nicolay, Lemke & Cichy GbR. Personal data is information that can be directly or indirectly attributed to you or can be attributed to you.
The data processing by Nicolay, Lemke & Cichy GbR can essentially be divided into three categories:
- For the purpose of processing the contract, all data required for the execution of a contract with Nicolay, Lemke & Cichy GbR will be processed. If external service providers are also involved in the processing of the contract, e.g. logistics companies or payment service providers, your data will be passed on to them to the extent necessary in each case.
- In addition to processing the contract, we also use the data collected from you for the purpose of informing you about new offers and promotions from time to time.
- When you access the website/application of Nicolay, Lemke & Cichy GbR, various information is exchanged between your terminal device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our website or to display advertising in the browser of your end device.
In accordance with the provisions of the GDPR, you have various rights that you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes.
If you have any questions about our data protection policy, you are welcome to contact our company data protection officer at any time. You can find the contact details below.
2. Name and contact details of the data controller and the company data protection officer
This data protection information applies to data processing by Nicolay, Lemke & Cichy GbR, Coburger Weg 2, 40627 Düsseldorf and to the following websites or applications: www.for-vegans.com. The company data protection officer "Sören Lemke" of Nicolay, Lemke & Cichy GbR can be contacted at the above address, in the name of the Data Protection Department, or at firstname.lastname@example.org.
3. Purposes of data processing, legal bases and legitimate interests pursued by Nicolay, Lemke & Cichy GbR or a third party as well as categories of recipients
3.1. Accessing our website/application
When you access our website/application, information is automatically sent to the server of our website/application by the browser used on your end device and temporarily stored in a so-called log file. We have no influence on this. The following information is collected without your intervention and stored until automatic deletion:
- the IP address of the requesting Internet-enabled device,
- the date and time of access,
- the name and URL of the retrieved file,
- the website/application from which the access was made (referrer URL),
- the browser you use and, if applicable, the operating system of your internet-enabled computer as well as the name of your access provider.
The legal basis for the processing of the IP address is Article 6(1)(f) DSGVO. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that we are not able to draw any direct conclusions about your identity from the collected data, nor will we do so.
The IP address of your terminal device and the other data listed above are used by us for the following purposes:
- Ensuring a smooth connection setup,
- Ensuring a comfortable use of our website/application,
- evaluating system security and stability.
The data is stored for a period of 180 days and then automatically deleted. Furthermore, we use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website/application. The exact procedures involved and how your data is used for this purpose are explained in more detail below in section 3.4.
If you have agreed to the so-called geolocation in your browser or operating system or other settings of your end device, we use this function to be able to offer you individual services related to your current location (e.g. language, currency and freight cost calculation). If you terminate the use, the data will be deleted.
3.2. Conclusion, performance or termination of a contract
3.2.1. Data processing upon conclusion of the contract
The object of activity of Nicolay, Lemke & Cichy GbR is the mediation of sales between vendors and customers and the distance selling of goods and services offered through Nicolay, Lemke & Cichy GbR itself. In this context, we process the data required for the mediation, conclusion, performance or termination of a contract with personal data. This includes:
- First name, last name
- Billing and delivery address
- E-mail address
- Billing and payment details
- Date of birth, if applicable
- Telephone number, if applicable
The legal basis for this is Article 6(1)(b) DSGVO, i.e. you provide us with the data on the basis of the contractual relationship between you, a retailer or us. We are also obliged to process your email address due to a requirement in the German Civil Code (BGB) to send an electronic order confirmation (Article 6(1)(c) DSGVO). Insofar as we do not use your contact data for advertising purposes (see 3.3. below), we store the data collected for the processing of the contract until the expiry of the statutory or possible contractual warranty and guarantee rights. After the expiry of this period, we keep the information of the contractual relationship required by commercial and tax law for the periods determined by law on the basis of Art. 6 para. 1 lit. c) in blocked form. For this period (regularly six or ten years after the end of the year in which the contract was concluded), the data is processed again solely in the event of an audit by the tax authorities.
The following data processing is also required to process the purchase contract:
We will pass on all necessary payment data to a payment service provider commissioned by us. We pass on details of your delivery address to the relevant retailer or to a logistics company commissioned by us for the purpose of processing the purchase contract. If you agree, we will transmit your e-mail address and, if applicable, your telephone number to the respective retailer or the logistics company commissioned by us in order to ensure that the goods are delivered in accordance with your wishes. The logistics company will contact you in advance of the delivery to inform you of the time of delivery or to coordinate details of the delivery with you. The data will be transmitted solely for this purpose and deleted after delivery has taken place.
3.2.2. Identity, creditworthiness and transmission to credit agencies
Where necessary, we verify your identity by using information from service providers. The legal basis for this is Article 6 (1) (b) and (f) DSGVO. The authorisation for this is based on the protection of your identity and the prevention of fraud attempts at our expense and at the expense of the merchants. The circumstance and the result of our enquiry will be stored in your customer account or guest account for the duration of the contractual relationship.
In the course of the ordering process, we also check your creditworthiness in order to be able to show you only the payment methods that can be used by you. For this purpose, we transmit the following types of data to credit agencies cooperating with us: Name, address, date of birth. The legal basis for this is the following declaration of consent by you within the meaning of Article 6(1)(a) DSGVO:
I hereby consent to the verification of my creditworthiness by Nicolay, Lemke & Cichy GbR. I am aware that the check is carried out at the beginning of the order process and that I can revoke my consent at any time..
You can revoke your consent at any time with effect for the future by sending a declaration to the address given under "Contact". The revocation of consent does not affect the lawfulness of the personal data processed until the revocation. If you do not wish to give the above consent, please inform us accordingly before you initiate the conclusion of your purchase or use the guest order option. In this case, however, we can only offer you payment methods that are not associated with a credit risk for Nicolay, Lemke & Cichy GbR. The circumstance and the result of our request will be added to your customer account for the duration of the contractual relationship.
In the event of a delay in payment, we will transmit the necessary data to a company commissioned to enforce the claim if the other legal requirements are met. The legal bases for this are both Article 6(1)(b) and Article 6(1)(f) DSGVO. The assertion of a contractual claim is considered a legitimate interest within the meaning of the second-mentioned provision. We also transmit information about the delay in payment or a possible bad debt to credit agencies cooperating with us if the other legal requirements are met. The legal basis for this is Article 6 (1) (f) DSGVO. The legitimate interest required here results from our interest and the interest of third parties in reducing contractual risks for future contracts.
3.3. Data processing for advertising purposes
The following statements refer to the processing of personal data for advertising purposes. The GDPR declares such data processing on the basis of Article 6(1)(f) to be conceivable in principle and a legitimate interest. The duration of data storage for advertising purposes does not follow any rigid principles and is based on the question of whether the storage is necessary for the advertising approach. At Nicolay, Lemke & Cichy GbR, we also follow the principle of deleting data for advertising purposes after 180 days. Please refer to section 3.3.3 for information on how to proceed in the event of your objection.
3.3.1. Advertising purposes of Nicolay, Lemke &Cichy GbR and third parties
If you have concluded a contract with us, we will list you as an existing customer. In this case, we process your postal contact data outside of the existence of a specific consent in order to send you information about new products and services in this way.
3.3.2. Interest-based advertising
To ensure that you only receive promotional information that is of supposed interest to you, we categorise and add further information to your customer profile. Statistical information as well as information about your person (e.g. basic data of your customer profile) is used for this purpose. The aim is to send you advertising that is geared solely to your actual or supposed needs and not to bother you with useless advertising.
3.3.3. Right of objection
You can object to data processing for the aforementioned purposes at any time, free of charge, separately for the respective communication channel and with effect for the future. An e-mail or a postal letter to the contact details mentioned under 2. is sufficient for this purpose.
If you object, the contact address concerned will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time for advertisements and does not mean that we will not implement your objection. Thank you for your understanding.
3.3.4. Newsletter dispatch
On our website and application we offer you the possibility to register for our newsletter. To ensure that no mistakes are made when entering the email address, we use the so-called double opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your email address be added to our mailing list. The processing of your electronic contact data at this point is based solely on your consent (Article 6(1)(a) DSGVO). You can revoke your consent at any time with effect for the future. To do so, simply send a short note by email to the email address given under 2. or click on the "Unsubscribe" button at the end of each newsletter.
3.4. Online presence and website optimisation
3.4.1. Cookies - General information
If you have a customer account with Nicolay, Lemke & Cichy GbR and are logged in or activate the "stay logged in" function, the information stored in cookies will be added to your customer account.
3.4.2. Google Analytics
For the purpose of demand-oriented design and continuous optimisation of our pages, we use Google Analytics, a web analytics service provided by Google Inc. ("Google"). In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of our website, such as your IP address, is used to
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
will be transmitted to and stored by Google on servers in the United States. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an assignment is not possible (so-called IP masking).
The targeting measures listed below and used by us are carried out on the basis of Article 6 paragraph 1 letter f DSGVO. By means of the targeting measures used, we want to ensure that you are only shown advertising on your end devices that is oriented to your actual or presumed interests.
On our website, information is collected and analysed using cookies to optimise advertising. This information contains, for example, details of which of our products you were interested in. The collection and evaluation is exclusively pseudonymous and does not enable us to identify you. In particular, the information is not combined with personal data about you. On the basis of this information, we can show you offers on our website that are specifically geared to your interests, as these result from your previous user behaviour. The cookie is automatically deleted after 180 days.
18.104.22.168. Objection/opt-out option
In addition to the deactivation methods described, you can also generally prevent the targeting technologies explained by making the appropriate cookie setting in your browser (see also 3.4.1). You also have the option of deactivating preference-based advertising with the help of the preference manager available here.
We use social plug-ins from the social networks Facebook, Instagram and Twitter on our website on the basis of Article 6 (1) (f) of the German Data Protection Regulation (DSGVO) in order to raise awareness of our company. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for data protection-compliant operation is to be ensured by their respective providers. We integrate these plug-ins using the so-called two-click method in order to protect visitors to our website as best as possible.
Our website uses so-called plug-ins of the social network Facebook, which is offered by Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or the addition "Like" or "Share". You can find an overview of the Facebook plug-ins and their appearance behind the following link. When you activate such a plug-in (first click), your browser establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plug-ins, for example by clicking the "Like" button, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
Plug-ins of the short message network Twitter Inc. are also integrated on our website. You can recognise the Twitter plug-ins ("Twitter" button) by the Twitter logo (a white bird on a blue background) and the addition "Twitter". When you call up a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter thus receives the information that you have visited our site with your IP address. If you click on the Twitter button while you are logged into your Twitter account, you can link the content of our pages to your Twitter profile. This enables Twitter to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. You can find more information about this here. If you do not want Twitter to be able to associate your visit to our pages, please log out of your Twitter user account.
On our website we offer you the possibility to chat with us in real time using Jivo Chat "JivoSite Inc. Remington Drive, Sunnyvale, CA 94087, USA, (www.jivochat.com)" to chat with us in real time or to leave us messages. The data you provide will be stored by us until your request is completed. Afterwards, the chats are archived for up to two months and then deleted. If an order is placed, your data will be recorded in our customer database.
3.5. Customer account
In order to provide you with the greatest possible convenience when shopping, we offer you the permanent storage of your personal data in a password-protected customer account. The creation of the customer account is voluntary and is based on your consent within the meaning of Article 6 (1) (a) DSGVO. After setting up a customer account, no new data entry is required. In addition, you can view and change your stored data in your customer account at any time.
In addition to the data requested when placing an order, you must enter a password of your choice to set up a customer account. This password is used together with your e-mail address to access your customer account. Please treat your personal access data confidentially and in particular do not make them accessible to unauthorised third parties. We cannot accept any liability for misused passwords, unless we are responsible for the misuse. Please note that you will automatically remain logged in after leaving our website, unless you actively log out. You have the option to delete your customer account at any time. Please note, however, that this does not mean that the data visible in the customer account will be deleted at the same time.
3.6. Contact form
We offer visitors to our website the opportunity to contact us via a contact form. We use the information you provide via the contact form (mandatory information is marked with an asterisk) exclusively for the purpose of processing your request. The legal basis for this is both your consent within the meaning of Article 6(1)(a) DSGVO and Article 6(1)(f) DSGVO. The proper processing of your request is to be regarded as a legitimate interest within the meaning of the DSGVO. If your contact is made in connection with a contractual relationship between you and us, Article 6(1)(b) DSGVO, i.e. this contractual relationship, is also the legal basis for data processing. You can revoke your consent to the use of data explained above at any time with effect for the future free of charge by sending a short message to the contact details given under 1. The lawfulness of the processing based on your consent up to the time of your revocation is not affected by this. However, we would like to point out that it is no longer possible to process your request from the time of a possible revocation. Outside of the existence of a revocation, your data related to the request will be deleted after your request has been processed.
4. Recipients outside the EU
With the exception of the processing described in section 3, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing operations described in section 3 result in the transmission of data to the servers of the providers of tracking and targeting technologies commissioned by us. These servers are located in the USA.
5. Your rights
In addition to the right to revoke your consent given to us, you have the following further rights if the respective legal requirements are met:
- Right to information about your personal data stored by us pursuant to Art. 15 of the GDPR; in particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected directly from you,
- The right to have incorrect data corrected or to have correct data completed in accordance with Art. 16 DSGVO,
- Right to delete your data stored by us in accordance with Art. 17 DSGVO insofar as no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed,
- The right to restrict the processing of your data pursuant to Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion; the controller no longer requires the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 DSGVO,
- Right to data portability pursuant to Art. 20 DSGVO, i.e. the right to have selected data stored by us about you transferred in a common, machine-readable format, or to demand that it be transferred to another data controller
- The right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
5.2. Right of objection
Under the conditions of Article 21(1) of the GDPR, data processing may be objected to on grounds relating to the specific situation of the data subject.
The above general right to object applies to all processing purposes described in this privacy notice that are processed on the basis of Article 6(1)(f) DSGVO. Unlike the specific right to object to data processing for marketing purposes (see above), under the GDPR we are only obliged to implement such a general objection if you provide us with grounds of overriding importance. Furthermore, you have the option of contacting the supervisory authority responsible for Nicolay, Lemke & Cichy GbR, the data protection officer, Sören Lemke.
If you assert one or more of the above-listed data subject rights against us, we will store this fact in anonymised form on the basis of Article 6(1)(f) DSGVO. The fact that we can also prove the proper compliance with your request in cases of doubt is to be considered a legitimate interest within the meaning of this provision. This anonymised information, i.e. information that can no longer be linked to your person, will not be deleted.
6. Data security
All data transmitted by you personally, including your payment data, are transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, for online banking. You can recognise a secure SSL connection by the s appended to the http (i.e. https://...) in the address bar of your browser or by the lock symbol in the lower area of your browser.
We also use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties.