Data protection is a matter of trust and your trust is important to us. The protection and the lawful collection, processing and use of your personal data is therefore an important concern for us. In order to give you an overview of the use of your personal data, we would like to inform you about our data collection and data use.
1. Name and contact details of the controller and the company data protection officer
Responsible for the collection, processing and use of your personal data within the meaning of the Basic Data Protection Ordinance (DSGVO) and the Federal Data Protection Act (BDSG) is:
Telephone: +49 (0)30 – 57 70 72 600
(hereinafter also referred to as "ndi-berlin", "we" or "us").
You can contact our data protection officer at firstname.lastname@example.org
2. Purposes of data processing, legal bases and legitimate interests pursued by us or a third party, recipients or categories of recipients and storage period - general information
2.1 Personal data
Personal data within the context of the DSGVO and the BDSG are individual details about the factual or personal circumstances of a specific or identifiable natural person. The personal data of users processed within the scope of this online offer include in particular
- Your name, address, date of birth, e-mail address and telephone number, your user name and your encrypted password to the customer account,
- The products you have purchased, the services used, payment information (e.g. bank details, payment history),
- Your data, which appear with the use of our web page and our on-line offer.
2.2 Purposes of the processing
We collect and use personal data, as far as this is necessary to provide a functional website and our contents and to process your order or for further service provision, to answer contact inquiries, range measurement and marketing as well as for possible security measures.
- Legal basis for processing your personal data
In accordance with Art. 13 DSGVO, we hereby inform you of the legal basis for the data processing carried out by us. If the legal basis is not stated separately in the data protection declaration, the processing for one or more of the purposes stated below is carried out on the basis of the legal regulations stated in each case:
Fulfilment of our services (in particular for contract execution) or for the execution of pre-contractual measures, which takes place upon your request (Art. 6 para. 1 lit. b DSGVO),
Fulfilment of a legal obligation to which we are subject (Art. 6 para. 1 lit. c DSGVO),
protection of our legitimate interests or the legitimate interests of a third party (Art. 6 para. 1 lit. f DSGVO),or, if you have given us your consent, on the basis of this consent (Art. 6 para. 1 lit. a and Art. 7 f. DSGVO).
2.3 Disclosure of your data
For the purpose of processing your request and your orders, it may be necessary to pass on your personal data to other affiliated companies within ndi-berlin GmbH or to third parties, also outside the EU or the European Economic Area (EEA).
Your data will be passed on by us in the following cases, based on the legal permission mentioned in each case:
- If a transfer of the data to third parties or to companies affiliated with us is necessary for the fulfilment of the contract in accordance with Art. 6 Para. 1 letter b DSGVO; this includes, for example, data transfers to payment service providers, transporters, logistics companies and suppliers if they supply you directly,
- You have consented to the transfer of your data (Art. 6 para. 1 lit. a DSGVO),
due to our legitimate interest or the legitimate interest of a third party (Art. 6 para. 1 lit. f DSGVO); this includes, for example, data transfers within the scope of assignment of claims or to credit agencies for the purpose of credit assessment and to marketing partners,
- If the transmission is necessary to fulfil a legal obligation to which we are subject (Art. 6 para. 1 lit. c DSGVO).
All employees of ndi-berlin GmbH and third parties to whom we pass on your personal data may only use this data for the above-mentioned purposes. Furthermore, they are obliged to process the data only in accordance with our specifications and the relevant data protection laws.
In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us and are bound by our instructions. Furthermore, we are contractually entitled to check compliance with the corresponding contractual and legal regulations by the service providers. The external service providers can be assigned to the following categories:
- Service providers for the hosting, maintenance and update of our website,
- Service providers in the area of order processing, in particular providers of logistics services,
- Service providers in the area of customer service,
- Banks and other providers of payment services, also for processing payments,
- Shipping providers for e-mail newsletters and shipping providers for catalogues or other direct mail items,
- Service providers in the field of marketing and web analysis.
If we transfer personal data to recipients in so-called "third countries", i.e. countries outside the EU or the EEA, in which a level of data protection comparable to that in the EU cannot be assumed without further ado and we are not authorised to transfer data on the basis of a legal obligation, we ensure that the necessary adequate level of data protection is guaranteed in the respective third country or with the recipient in the third country.
This may result in particular from a so-called "adequacy decision" of the European Commission, which establishes an appropriate overall level of data protection for a particular third country. Alternatively, we can also base data transmission on the so-called "EU standard contract clauses" agreed with a recipient or - in the case of recipients in the USA - on compliance with the principles of the so-called "EU-US Privacy Shield".
Information on EU-US Privacy Shield participants can be found here: www.privacyshield.gov/list; information on EU standard contractual clauses here: http://eur-ex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF and information on the European Commission's adequacy decisions here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu. We will be happy to provide you with further information on the appropriate and adequate guarantees for maintaining an appropriate level of data protection upon request.
2.4 Duration of storage and deletion of your personal data
We will only store your data for as long as is necessary for the respective purpose of processing. We store your data collected for the purpose of contract processing until the expiry of the statutory or possible contractual warranty and guarantee rights. Upon expiry of this period, we shall retain the information of the contractual relationship required by commercial and tax law for the periods specified by law. For this period (regularly ten years from the conclusion of the contract), the data will be reprocessed solely in the event of an audit by the tax authorities. With regard to other purposes pursued by us, please refer to the following provisions for the duration of storage.
3. Data processing for setting up a customer account
For customers who wish to register on our website, we set up password-protected access to their stored inventory data (customer account). Here you can view data about your orders and manage your address data, bank details, the newsletter and other settings. We would like to make your visit to our website as pleasant as possible by using the "Stay signed in" function. This feature allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, your personal data is to be changed or you wish to place an order. We recommend that you do not use the "Stay signed in" function if several users use the computer. We would also like to point out that the "remain logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.
We use the data collected when you open a customer account to process orders, provide additional services ordered by you, offer payment options and process payment and any refunds. The legal basis for the processing of personal data in connection with the creation of a customer account is Art. 6 para. 1 lit. b DSGVO.
We delete the data collected and stored in connection with the customer account at the latest when you delete your customer account yourself or when you inform us that your customer account is to be deleted. However, premature deletion of your personal data is not possible if and to the extent that the data is still required for contract processing or if statutory provisions oblige us to further storage.
4. Data processing for the handling of your order
When you purchase products from our online store, we need your name, address and payment details, e-mail address and telephone number to process your order so that we can communicate with you. We also use the e-mail address for your identification (customer login). You will also receive your order and shipping confirmation via your e-mail address. We process your data for the processing of your orders, including any subsequent returns and warranty claims. The legal basis for this is Art. 6 para. 1 lit. b DSGVO (fulfilment of contract).
5. Data processing for contacting us and customer support
There are several ways to contact us. You can contact our customer service by phone or e-mail.
We use your transmitted data in connection with the establishment of contact exclusively for the purpose of answering your inquiry. The legal basis for this is Art. 6 para. 1 lit. b and f DSGVO (performance of the contract and legitimate interest in processing inquiries and other matters). Your data will be deleted after your request has been processed, unless further storage is required for a proper response to your request (e.g. for processing a customer complaint within the framework of an order, see section 4 (Data processing for processing your order) above).
6. Collection, processing and use of your personal data for advertising purposes
In addition to processing your data to set up a customer account, to process your orders with ndi-berlin and to process your enquiries and other requests, we also use your data in accordance with the following paragraphs to communicate with you about your orders, certain products or marketing campaigns and to recommend products or services that might be of interest to you.
You can register on our website to receive our YOURARTBEAT newsletter. The YOURARTBEAT newsletter provides news, offers and further information about the events, products and services of YOURARTBEAT e.V. and ndi-berlin GmbH. You receive our newsletter based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO. To receive the newsletter, you must enter your e-mail address in the field provided on our website. We will then send you a notification e-mail and ask you to confirm that you would like to receive our newsletter (double opt-in) by clicking on a link contained in this e-mail. We will therefore not send you a newsletter by e-mail until you have expressly confirmed to us beforehand that we should activate the newsletter service.
You can revoke your consent to the processing of your data for newsletter dispatch at any time with effect for the future. For this purpose, it is sufficient to send a short notice by e-mail to the e-mail address specified under item 11. You will also find an unsubscribe link in each newsletter. Your data will be stored for sending the newsletter for as long as you have a subscription to the newsletter.
6.2 Product recommendations by e-mail
If you have concluded a contract with us, we will process your e-mail address outside of your specific consent in order to send you regular product recommendations by e-mail. In this way, we want to provide you with information about products from our range that may be of interest to you based on your recent purchases from us. The legal basis for the aforementioned processing is Art. 6 para. 1 lit. f DSGVO in connection with. 7 para. 3 UWG, as the processing of existing customer data for advertising purposes is a legitimate interest. You can object to the processing of your data for sending product recommendations by e-mail at any time. For this purpose, it is sufficient to send a short notice by e-mail to the e-mail address specified under item 11. You will also find a unsubscribe link in every email containing product recommendations.
6.3 Sending and ordering catalogues
If you have concluded a contract with us, we can process your postal contact data irrespective of your specific consent in order to send you our most recent product catalogue or other direct mail items. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. The processing of existing customer data for advertising purposes is to be regarded as a legitimate interest.
We collect and process your name and address as well as your e-mail address. We need your e-mail address in this context to check that you have not objected to advertising. The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b DSGVO.
6.5 Right of objection
You can object to the use of data for advertising purposes at any time free of charge, separately for the respective communication channel and with effect for the future. This can be done by sending a message in text form (e-mail, fax, letter) to the contact data specified under item 11.
7.1 Which cookies does the ndi-berlin YOURARTBEAT MARKET use?
These temporary or permanent cookies (lifetime 1 month to 10 years) are stored on your terminal and will be automatically deleted after the specified time. These cookies in particular serve to make our website more user-friendly, effective and secure. Thanks to these files, it is possible, for example, to display information on the website that is specifically tailored to your interests. The YOURARTBEAT MARKET of ndi-berlin uses the cookie technology from shopify.co.uk for the functional processing of your transactions. The latest information about the cookie technology used can be found at https://www.shopify.co.uk/legal/cookies. It also includes information on how to increase your personal data security.
8. Secure data transmission and data protection
Your personal data is transmitted securely by encryption. This applies to your order and also to the customer login. We use the SSL (Secure Socket Layer) coding system. In addition, we protect our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.
9. Your rights
You have the following rights regarding your personal data:
The right to information (Art. 15 para. 1 and 2 DSGVO),
The right to correction (Art. 16 p. 1 DSGVO),
The right to cancellation (Art. 17 DSGVO),
The right to restrict processing (Article 18 DSGVO),
The right to data transfer (Art. 20 DSGVO).
9.2 The right of complaint to the supervisory authority
You also have the right to complain to a data protection supervisory authority regarding our processing of your personal data.
9.3 Right of objection
Under the conditions of Art. 21 para. 1 DSGVO, data processing may be objected to for reasons arising from the particular situation of the party concerned.
The above general right of objection applies to all processing purposes described in this data protection declaration which are processed on the basis of Art. 6 para. 1 letter f DSGVO. We are obliged to implement such a general objection only if you give us reasons of overriding importance (e.g. possible danger to life or health).
If your data is used for direct advertising purposes, you may object at any time pursuant to Art. 21 Para. 2 DSGVO.
We take the protection of your data very seriously. To ensure that your data protection-related enquiries are processed reliably and as quickly as possible, please send your enquiry by e-mail or by post, clearly identifying yourself to:
The data protection officer
Fax: +49 (0)30 – 57 70 72 609
You can print or save this document by using the usual functionality of your browser (usually "File" → "Save as"). You can also download and archive this document in PDF format. To open the PDF file you need the free program Adobe Reader (www.adobe.de) or comparable programs that support the PDF format.
10. Adjustment of the data protection declaration
Last update July 2018