Protection of data privacy

Data Protection Statement 

Please note: The translations are for your convenience only - when there are any disagreements the German version of the documents shall take precedence.

Information about the collection of personal data  
We are pleased that you visit our online shop and thank you for your interest.
This privacy statement is intended to inform you, as a visitor or user of our website, about the nature, scope and purpose of the data processing.

Of course we take the protection of your personal data very seriously. Personal data will be treated confidentially and in accordance with the legal data protection regulations. Personal data is all data that you can personally identify with, such as personal information. Name, email address, telephone number... These data will not be shared without your explicit consent.

Responsible for the data collection and processing on this website within the meaning of the EU (European) General Data Protection Regulation (in German: "Datenschutz-Grundverordnung" DSGVO) is Elisabeth Weise, Hopfenleite 5, 97711 Maßbach OT Poppenlauer, Germany, Phone (+49)(0)97338993425 or 01778745875, E-Mail: lisa@sandspielfiguren.de.

The person responsible for the processing of personal data is the natural or legal person who, alone or in concert with others, decides on the purposes and means of processing personal data. - See also "Imprint" of this website and "Relevant legal basis" at the end of the privacy policy.

Security measures for information security
Our online shop uses SSL encryption for security and to protect the transfer of personal information and confidential content. Data of an encrypted connection can not be read by third parties. An encrypted connection can be recognized by the lock symbol "Safe" in the browser line and the following string "https: //".

According to Art. 32 DSGVO, further technical and organizational measures were taken to ensure a level of protection appropriate to the risk. The measures include, besides the encryption of personal data and the protection of confidentiality, the guarantee of integrity, ie. correctness of data. Integrity also includes the prevention of unauthorized external interference and / or the modification of data and information. Further, additional data protection to protect against data loss and recoverability of data, after any physical or technical incident.

The protection of personal data has already been taken into account in the selection of hardware and software and has also been ensured by privacy-friendly default settings (Art. 25 DSGVO). To minimize risks and ensure information security, the processes of the shop system are regularly reviewed and evaluated. We have also set up procedures to ensure the enjoyment of data subject rights, data erasure and data vulnerability. However, data transmission over the Internet may have security holes, e.g. when communicating by e-mail.
A complete protection of the data from access by third parties is not possible on the Internet.

Cookies
Our website uses cookies. "Cookies" are small text files that are stored on users' computers. They are used to make web pages easy to use by enabling the use of certain functions or saving settings in order to simplify the ordering process, when storing the login data or the permanent shopping cart. On the other hand, they are used to collect the statistical data of website use and to analyze them for the purpose of improving our services.

Most of the cookies we use are so-called "session cookies". They will be deleted automatically after the end of your visit to our pages; other cookies remain on your computer - so-called "permanent cookies". These cookies enable us or our affiliate, e.g. the carrier (third-party cookies) to recognize your browser on your next visit.
If personal data are also processed through individual cookies, processing will be based on Art. 6 para. 1 lit. b DSGVO either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f DSGVO to safeguard our legitimate interest in the best possible functionality of our website.
As a user, you can influence the use of cookies. Browsers have an option with which the storage of cookies can be restricted, completely prevented or already existing cookies can be deleted again. The following links provide information on how to manage cookies.

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
Safari: https://support.apple.com/kb/ph21411?locale=en_US
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

You can manage many online advertising cookies from companies through the US-American site http://www.aboutads.info/choices/
or the EU (European) page http://www.youronlinechoices.com/uk/your-ad-choices/

Please note that the functionality - in particular the ease of use of this website - may be limited without accepting cookies.

Scope of data collection when visiting our website
If you use our website as a visitor, ie. if you do not register, only such data will be collected that your browser transmits to our server, so-called "server logfiles". These are only technical information that does not allow any conclusions about your person. That would be:

- Browser type and browser version
- Operating system used
- Referrer URL (the previously visited page)
- Host name of the accessing computer
- Usage data e.g. time of the page call, access times
- IP address

The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO and serves the functionality and improvement of our website. A transfer of this data or other use does not take place.

Contact and registration
When contacting us, for example by e-mail or contact form, your details will be stored for the purpose of processing the request as well as in case of follow-up questions. The data collected can be seen from the respective contact form. A transfer of these data - for example for the purpose of advertising - is generally not.

As a user, you can register on our website to use additional features - e.g. the "notepad" or "permanent shopping cart". The personal data entered for this purpose will be used for your use of the online shop. You may also be informed of any offer or registration information, such as changes in the scope of the offer or technical circumstances, by e-mail. We as the provider of the website uses this data only for statistical evaluations for the purpose of operation, security and optimization of our shop. The collected data for registration is visible in the input mask and includes inventory data (e.g. names, addresses) and contact information (e.g. e-mail, telephone numbers).The provider reserves the right, however, to check the data retrospectively if, on the basis of concrete evidence, the legitimate suspicion of unlawful use exists.

The data entered into the contact form or upon registration is based on the consent of the user and can be revoked at any time by e-mail. The basis for data processing is Art. 6 para. 1 lit. f  DSGVO, which allows the processing of data for the performance of a contract or pre-contractual measures. A merge of this data with other data sources will not be done.

The data entered by the user in the contact form or during registration will be stored by us as long as the user is registered in our online shop. The data remain with us until we are asked to delete or the user revokes the consent for storage or the purpose for data storage, for example, after completion of the processing of the request, deleted. Legal retention periods remain unaffected.

Data processing with customer account and order processing
As a user of our online shop, you can optionally create a customer account by viewing your orders.
As part of the registration, the required mandatory information will be provided. The customer accounts are not public and can not be indexed by search engines. A deletion of your customer account is possible at any time by a message to the o.g. address of the shop operator.
We collect and use data from our users only to provide a functional web site, or when users agree to the data collection and when processing of the data is permitted by law. Which data are collected, can be seen from the respective input forms.
The processed data includes inventory data, communication data, contract data, payment data and persons affected by the processing belong to our customers, prospective customers and other business partners like e.g. the logistics service.

Processing is for the purpose of providing contractual services in the context of the operation of an online shop, billing, delivery and customer service. Here we use session cookies for the storage of the shopping cart content and permanent cookies for the storage of the login status. - See also point "Cookies".
Processing is based on Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. The required information for the establishment and fulfillment of the contract is required.
We disclose the data to third parties only in the context of extradition, payment or in the context of legal permissions and obligations to legal advisors and authorities. See also point "Cooperation with external service providers".

Data is stored in third countries, ie. processed outside the European Union (EU) or the European Economic Area (EEA) only if this is necessary for the fulfillment of the contract, e.g. on customer request delivery or payment. The data are processed in a third country only in the presence of the special conditions of Article 44 et seq. DGSVO, ie. processing takes place on the basis of specific guarantees, such as the officially recognized declaration of a data protection level corresponding to the EU, e.g. for the US through the "Privacy Shield".

Deletion or blocking of data
The data processed by us are deleted in accordance with Art. 17 and 18 DSGVO or may be restricted in their processing at the request of the user.

The deletion of personal data is routinely carried out after expiration of the legal filing obligation. The necessity of keeping the data is checked every three years.
The processing of data that is to be deleted on customer request, but may not be deleted due to legal obligations is restricted, ie. the data will be blocked, archived and not used for any further purpose. This applies, for example for data according to Art. 6 para. 1 lit. c DSGVO, which must be kept for commercial or tax law reasons.
The deletion will take place in such a case after expiration of the legal filing obligation.

Cooperation with external service providers
If, as part of our processing, we disclose, transmit to, or provide access to data to other persons and businesses (processors or third parties), we do so only on the basis of a legal license, e.g. if transmission of the data to third parties, e.g. to transport companies, in accordance with Art. 6 para. 1 lit. b DSGVO is required to fulfill the contract. Further, if, as a customer, youhave a legal obligation to do so or based on our legitimate interests, e.g. when using webhosters. If we commission third parties to process data on the basis of a so-called "contract processing contract", this is done on the basis of Art. 28 DGSVO.

Customs & Shipping: We work with external service providers to process your order. Personal data required for customs clearance or delivery of the goods will be passed on to the transport companies DHL Paket (national shipping (Germany) and Deutsche Post AG (international shipping) responsible for the delivery of the contract. Here are the corresponding contact details:

DHL Paket GmbH (national), Sträßchensweg 10, Postal code / City 53113 Bonn, Germany
Phone: + 49 / (0) 228/18 20, E-Mail: impressum.paket@dhl.com

Deutsche Post AG (international), Charles-de-Gaulle-Straße 20, Postal code / City 53113 Bonn, Germany
Phone: + 49 / (0) 228/18 20, E-Mail: impressum.brief@deutschepost.de

Payment service provider: As a payment service provider, we use PayPal, through whose platform you as the user and we as the shop owner can make payment transactions.

PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

If you select payment via PayPal, the payment details you have entered will be transmitted to PayPal. The disclosure is based on Art. 6 para. 1 lit. a (consent) and b (processing to fulfill a contract) DSGVO and only insofar as this is necessary for secure payment.
Amongst the data processed by the payment service provider are inventory data, e.g. the name, address - further bank data, e.g. account numbers, credit card numbers, passwords, TANs, but also recipient-related informations. The information is required to complete the transactions.

However, the data entered will only be processed and stored by the payment service provider, ie. we do not receive any account or credit card information, but only information about the receipt of payment. The data may be transmitted by the payment service provider to credit reporting agencies. This transmission aims at the identity and credit check. For this werefer to the terms and conditions and privacy policy of the payment service provider, which are available on the respective websites. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights. All PayPal transactions are subject to the PayPal Privacy Policy. These can be found at https://www.paypal.com/webapps/mpp/ua/privacy-prev?locale.x=en_US

Alternatively, payments can be made by bank transfer.

Use of Goggle Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

Google uses cookies. The information generated by the cookie about the user's use of the online offer is usually stored on a Google server in the United States.
Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage. Google may transfer this information to third parties, if required by law, or as far as third parties process this data on behalf of Google.
However, Google will not associate your IP address with any other Google data. The deletion of the data takes place after your statistic evaluation automatically at the latest within 26 months.
Data processing takes place on the basis of Art. 6 para. 1 p. 1 lit. f. DSGVO. Google is certified under the Privacy Shield Agreement, providing a guarantee to comply with European data protection law. More under the following link.
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Further information on Google Analytics can be found on the Internet at the following link of the manufacturer Google: https://support.google.com/analytics/answer/6004245?hl=en

For more information about Google's data usage, hiring and disagreement options, please refer to Google's Privacy Policy: https://policies.google.com/technologies/ads

 You can prevent the installation and storage of cookies by a corresponding setting in your browser software. You may not be able to use all features of this website in this case. - See also point "Cookies".

Your rights as a customer of our website
Right to information: You have the right according to Art. 15 DSGVO to demand a confirmation as to whether the data in question is being processed and to provide information about this data, as well as further information and a copy of the data.

Right to rectification: You have the right according to Art. 16 DSGVO to demand the completion of the data concerning you or the correction of the incorrect or incomplete data relating to you.

Right to cancellation or restriction of processing: You have the right under Art. 17 DSGVO to demand that the relevant data be deleted immediately, or alternatively to demand a restriction of the processing of the data pursuant to Art. 18 DSGVO.

Right to data portability: You have the right under Art. 20 DSGVO to demand that the data relating to you provided to us be obtained in a standard, machine-readable format or to be transmitted to another person responsible, as far as this is technically feasible.

Right to complain: In the case of violations of data protection law, according to Art. 77 DSGVO you have the right to file a complaint with the competent supervisory authority.

Right of withdrawal: You have the right according to the right of withdrawal to revoke Art. 7 para. 3 DSGVO once granted consent with effect for the future. This gives you the opportunity to revoke your consent to data processing at any time. However, revocation does not affect the effectiveness of historical data processing operations.

Right to object: According to the right of objection, you may object at any time to Art. 21 DSGVO at any time in the future processing of your data. The opposition may in particular be against processing for direct marketing purposes.

MAKE USE OF YOUR OPPOSITION RIGHT, WE FINISH THE PROCESSING OF THE AFFECTED DATA. FURTHER PROCESSING REMAINS SUBJECT TO EXERCISE WHEN WE MAY PROVIDE IMPERATIVE REASONABLE REASONS FOR PROCESSING WHICH EXCEED ITS INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES THE PRESENTATION, EXERCISE OR DEFENSE OF LEGAL CHARGES

Relevant legal bases
In accordance with Art. 13 DSGVO, we inform you about the legal basis of our data processing. Unless the legal basis in the privacy statement is mentioned, the following applies:

The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 DSGVO.

The legal basis for the processing for the fulfillment of our services and the performance of contractual measures as well as the response to inquiries is Art. 6 para. 1 lit. b DSGVO.

The legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c DSGVO.

The legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f DSGVO.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.

With regard to the terms used, such as "Processing" or "Responsible", we refer to the definitions in Article 4 of the General Data Protection Regulation (DSGVO).

Version: 25.05.2018

Created with the help of the Data Protection Generator by solicitor Dr. Thomas Schwenke