Data protection

Responsible for data processing is:

Stefan Ott

Mühlstrasse 13

86732 Oettingen

Germany

info@riesernuss.de

Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data.

1. access data and hosting

You can visit our website without providing any personal information. Each time you access a website, the web server automatically saves only a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. This serves to protect our legitimate interests in the correct presentation of our offer, which outweigh our interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. All access data will be deleted at the latest seven days after the end of your visit to the site.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this data protection declaration.

2. data processing for contract processing, contacting and when opening a customer account

We collect personal data if you voluntarily provide it to us in the context of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, as we need the data in these cases to process the contract or to process your contact and you cannot send the order or contact without providing it. Which data is collected can be seen from the respective input forms. We use the data you provide to process the contract and your enquiries in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO.

Insofar as you have given your consent to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO by deciding to open a customer account, we will use your data for the purpose of opening a customer account. Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 (1) sentence 1 lit. c DSGVO, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) sentence 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account.

Data transfer for the purpose of age verification

If your order includes goods whose sale is subject to age restrictions, we ensure that the customer has reached the required minimum age by using a reliable procedure involving a personal identity and age check. For this purpose, the SCHUFA IdentitätsCheck is used on our website. This service is operated by SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (hereinafter: SCHUFA).

In order to ensure the required minimum age, individual personal data (e.g. name, address and date of birth) are transmitted to SCHUFA Holding AG in this context. A so-called identity check is then carried out with Q-Bit, which has been positively assessed by the Commission for the Protection of Minors in the Media (KJM) for age verification. The transmission of data to SCHUFA serves, in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO, to protect our legitimate interests, which prevail within the framework of a balancing of interests, in ensuring an offer that complies with the law on the protection of minors as well as the legal provisions on the protection of minors. A creditworthiness check is not carried out in this respect.

3. data processing for the purpose of shipment processing

In order to fulfil the contract in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

4. data processing for payment processing

For the processing of payments in our online shop, we work together with these partners: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who work for us within the framework of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves the fulfilment of the contract according to Art. 6 para. 1 p. 1 lit. b DSGVO. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

If you have any questions about our payment processing partners and the basis of our cooperation with them, please use the contact option described in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes

Where applicable, we provide our service providers with further data, which they use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimisation of our payment processes (e.g. invoicing, processing of contested payments, accounting support). Pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, this serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.

5. advertising by e-mail

 E-mail newsletter with registration

If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO.

Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the list of recipients unless you have expressly consented to further use of your data or we reserve the right to use data in a manner that goes beyond this, which is permitted by law and about which we inform you in this declaration.

6 Cookies and other technologies

 General information

In order to make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit (persistent cookies).

We use such technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies collect and process IP address, time of visit, device and browser information as well as information on your use of our website (e.g. information on the contents of the shopping basket). Within the framework of a balancing of interests, this serves overriding legitimate interests in an optimised presentation of our offer in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO.

In addition, we use technologies to fulfil the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for the data processing, can be found in the following sections of this privacy policy.

You can find the cookie settings for your browser at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™.

Insofar as you have consented to the use of the technologies in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy.

7 Use of cookies and other technologies for web analysis and advertising purposes

Insofar as you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, we use the following cookies and other technologies from third-party providers on our website. After the end of the purpose and the end of the use of the respective technology by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the section "Cookies and other technologies". Further information including the basis of our cooperation with the individual providers can be found in the individual technologies. If you have any questions about the providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

 Use of Google services

We use the technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), which are described below. The information automatically collected by Google technologies about your use of our website is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. If your IP address is collected via Google technologies, it will be shortened before being stored on Google's servers by activating IP anonymisation. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise stated for the individual technologies, the data processing is based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 DSGVO. Further information on data processing by Google can be found in Google's privacy policy.

 Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information as well as information on your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. As a matter of principle, your IP address will not be merged with other Google data. Data processing is carried out on the basis of an order processing agreement by Google.

For the purpose of optimised marketing of our website, we have activated the data release settings for "Google products and services". This allows Google to access the data collected and processed by Google Analytics and subsequently use it to improve Google services. Data sharing with Google under these data sharing settings is based on an additional agreement between data controllers. We have no influence on the subsequent data processing by Google.

Google Ads

For advertising purposes in Google search results as well as on third-party websites, the so-called Google Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information as well as information on your use of our website) and by means of a pseudonymous CookieID and on the basis of the pages you visit. Any further data processing will only take place if you have activated the "personalised advertising" setting in your Google account. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.

 Google Maps

For the visual presentation of geographical information, Google Maps collects data about your use of the Maps functions, in particular the IP address and location data, transmits this data to Google and subsequently processes it. We have no influence on this subsequent data processing.

 Google reCAPTCHA

In order to protect against misuse of our web forms and spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information and information on your use of our website) and analyses your use of our website by means of a so-called JavaScript and cookies. In addition, other cookies stored by Google services in your browser are evaluated. No personal data is read out or stored from the input fields of the respective form.

 Google Fonts

For the uniform presentation of the content on our website, data (IP address, time of visit, device and browser information) is collected by the script code "Google Fonts", transmitted to Google and subsequently processed by Google. We have no influence on this subsequent data processing.

8. social media

 Our online presence on Facebook, Twitter, Instagram, Youtube.

Insofar as you have given your consent to the respective social media operator in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the social media mentioned above, from which usage profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the data protection notices of the providers linked below. Should you still require assistance in this regard, you can contact us.

Facebook is a service of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland") The information automatically collected by Facebook Ireland about your use of our online presence on Facebook is generally transmitted to a server of Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. Data processing in the context of a visit to a Facebook fan page is based on an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. Further information (information on Insights data) can be found here.

Twitter is a service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). The information automatically collected by Twitter about your use of our online presence on Twitter is generally transmitted to a server of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

Instagram is a service of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland") The information automatically collected by Facebook Ireland about your use of our online presence on Instagram is generally transmitted to a server of Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. Data processing in the context of a visit to an Instagram fan page takes place on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. Further information (information on Insights data) can be found here.

YouTube is a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

9. contact options and your rights

As a data subject, you have the following rights:

    Pursuant to Art. 15 DSGVO, the right to request information about your personal data processed by us to the extent specified therein;

    pursuant to Art. 16 DSGVO, the right to demand the correction of incorrect or incomplete personal data stored by us without delay;

    in accordance with Article 17 of the GDPR, the right to request the erasure of your personal data stored by us, unless further processing is necessary for the exercise of the right to freedom of expression.

        for the exercise of the right to freedom of expression and information;

        to comply with a legal obligation;

        for reasons of public interest; or

        the assertion, exercise or defence of legal claims;

    in accordance with Art. 18 DSGVO, the right to request the restriction of the processing of your personal data, insofar as

        the accuracy of the data is disputed by you;

        the processing is unlawful, but you object to its erasure;

        we no longer need the data, but you need them to assert, exercise or defend legal claims, or

        you have objected to the processing in accordance with Art. 21 DSGVO;

    pursuant to Art. 20 DSGVO, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;

    pursuant to Art. 77 DSGVO, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consent given or objection to a certain use of data, please contact us directly using the contact details in our imprint.