Data protection declaration

This data protection declaration informs you about the collection, processing and use of your personal data that you provide to BestEffect GmbH, Wörthstr. 13-15, 97082 Würzburg (hereinafter: "BestEffect" or "we") in the course of your visit to this website.


I. Name and contact details of the person responsible

The person responsible in accordance with the General Data Protection Regulation (DSGVO) for data processing is:


BestEffect GmbH

Wörthstr. 13-15

970821 Würzburg

Tel.: +49 931 80998220

E-mail: service@besteffect.com

Website: www.besteffect.com


II. Type, purpose and legal basis for the processing of personal data


1. Visiting the website


In principle, it is possible to use our website without providing personal data.


However, we would like to point out that access data is collected and stored in the server log files when our website is called up. In particular, this involves the following data:


  • Browser type / your browser version
  • The operating system used
  • The website from which you visit us / referrer URL
  • Date and time of your visit
  • Your IP address in anonymised form
  • Host name of the accessing computer
  • Amount of data sent in bytes
  • If applicable, consent and revocation with regard to cookies


The information is collected by our hosting provider, Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, and passed on to us. This information is evaluated exclusively in anonymous form for the purpose of defending against and recognising attacks and optimising the offer (processing of personal data within the framework of a balancing of interests in accordance with Art. 6 Para. 1 f DSGVO) and then deleted after 6 months at the latest.


We do not combine this data with other data sources. We reserve the right to subsequently evaluate the data in the event of concrete indications of unlawful use.


2. Contacting us - telephone/mail/fax


If you contact us by e-mail or telephone, we will process the personal data you provide. In this respect, the processing is based on Art. 6 para. 1 lit. b DSGVO. We delete your personal data after processing your request if it is no longer necessary for the purposes for which it was collected and we are not subject to any contractual or legal obligations to retain it. Please also read "IX. Right of data subjects, 3. right to deletion".


3. Consent


In order to be able to process your personal data lawfully, we obtain your consent to process your personal data in individual cases. In doing so, we explicitly inform you about the purpose of the intended data processing. In this respect, the processing is based on Art. 6 Para. 1 lit. a DSGVO.


Your data will then only be processed if you give us your consent. It is possible that the processing of your request is not possible without your consent and must therefore be made dependent on it. The data will only be processed for the purpose(s) expressly stated.


You can revoke your consent at any time with effect for the future. The revocation has no influence on the lawfulness of the processing until the time of the revocation. Please also read "V. Data subject rights "6. Revocation of consent".


4. Use of our contact form


We use a contact form on our website. We make this service available to you so that you can contact us electronically. If you wish to contact us via this form, we will process the information and data you provide.

In order to use this form, you must provide mandatory information. These are marked as such. The mandatory information is the following data:


  • Salutation, your first name and surname
  • Your e-mail address
  • Your telephone number
  • A message to be written including the subject

By entering your data and sending your request, you consent to the processing of your personal data. We therefore base the legal basis for data processing on Art. 6 para. 1 lit. a DSGVO. (Please also read "III. Type, purpose and legal basis for processing personal data 3. Consent" and "V. Data subject rights 6. Revocation of consent").


You can find out more about the storage period under "III. storage period".


5. Contract processing / orders in the online shop

Your personal data is processed when you send us an enquiry, within the framework of a pre-contractual legal relationship or for the execution of a contractual relationship after ordering in our shop on the basis of our GTC.

Insofar as this is necessary within the framework of the fulfilment of the contract, we also process personal data in individual cases which has been taken in a permissible manner from publicly accessible sources (e.g. commercial register, debtors' registers, Internet) or has been transmitted to us in a permissible manner by third parties (e.g. credit agencies).

The data collected may include:


  • Personal data (title, name, birthday)
  • Contact data (delivery address, billing address, e-mail address, telephone number)
  • Financial data (name of account holder, IBAN, BIC)
  • Contractual data (services purchased, purchase price, payment modalities).

The data processing is based on Art. 6 Para. 1 lit. b DSGVO.


Your delivery address will be passed on to a logistics company commissioned to dispatch your order. The basis for data processing in this respect is Art. 6 Para. 1 lit. b DSGVO.


Certain details are mandatory. These are marked as such. The information is voluntary. Please note, however, that we cannot conclude a contract without the provision of the mandatory personal data.


6. Creation of a customer account


Your personal data is also processed if you create and maintain a customer account with us in the context of orders.


The purpose of this processing is to make it easier and quicker to process future orders and to be able to track past orders. The data processing is based on Art. 6 Para. 1 lit. b DSGVO.


The collected and stored data correspond to the data mentioned in point 5. The data is stored for the duration of the customer account. After termination of the customer account, the general notes on storage apply (see point III.).


7. Processing after weighing up interests (Art. 6 Para. 1 f DSGVO)


If your interests in data processing collide with our interests, we will carry out a balancing of interests. In doing so, we will weigh your interests against our interests. If the balancing of interests shows that our interest outweighs your interest, we will process your personal data on the legal basis of Art. 6 (1) lit. f) DSGVO.


Our interests and purposes are e.g.:


  • Ensuring the IT security and integrity of our systems
  • Prevention or investigation of criminal offences
  • Assertion of or defence against legal claims.

III. Storage period


We only store your personal data for as long as is necessary and your data is not subject to legal storage obligations according to the German Fiscal Code (AO) or the German Commercial Code (HGB). We delete your data after the purpose has been achieved and, insofar as a legal obligation exists, after expiry of the legal retention period.

 

IV. Joint processing

We process some of the data collected from you together with other data controllers. Up to now, this has concerned the respective partner via whose online shop you place an order. You can find the data of the respective partner in the imprint of the respective shop. We have agreements with all of our partners regarding joint processing within the meaning of Art. 26 DSGVO.


The essence of these agreements is as follows:


  • Both responsible parties remain entitled to process data insofar as this concerns the support and processing of your order enquiries and completed orders (Art. 6 para. 1 p. 1 lit. b) DSGVO).
  •  We fulfil the information obligations towards you according to Art. 13, 14 DSGVO.
  •  We are responsible for fulfilling your data subject rights and accepting such requests. Notwithstanding the above, you may also contact the partner concerned directly.
  •  We are responsible for reviewing and processing any data breaches as defined in Art. 33, 34 DSGVO.


V. Disclosure of data

As a matter of principle, we do not pass on your personal data. If we have entrusted external service providers with the fulfilment of a task, we will only pass on your data if we oblige the external third parties to comply with the data protection laws on the basis of an order processing agreement, if this is necessary. Furthermore, data is only passed on if this is permitted and necessary.

For example, service providers may be entrusted with tasks in the following areas:


  • Website hosting
  • E-mail hosting
  • Technical IT support for website and infrastructure
  • Accounting
  • Shipping service providers and logisticians
  • Cookies


Data is passed on within the framework of legal obligations to provide information, such as the obligation to provide information to law enforcement authorities. Data is not passed on to third countries.


VI. Special processing

1. Payment service provider VR Payment


We use the services of the payment service provider VR Payment. VR Payment is a service of VR Payment GmbH, Saonestraße 3a, 60528 Frankfurt am Main. The purpose of using VR Payment is to be able to offer you payment by credit card as a modality for your order and to make it easier for us to process your order. The legal basis of the processing is Art. 6 para. 1 p. 1 lit. b) DSGVO (fulfilment of a contract).

The information you provide during the ordering process, together with information about your order (name, address, e-mail address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction purpose) will be passed on to VR Payment on the basis of an order processing contract. Your data will only be passed on for the purpose of processing the payment and only to the extent necessary for this purpose. You can also find more information about VR Payment's data protection here: https://www.vr-payment.de/datenschutz-haftung/.


2. Payment service provider PayPal


We use the services of the payment service provider PayPal. PayPal is a service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. The use of PayPal serves to be able to offer you payment via this service as a modality for your order and to make it easier for us to process the order via this service. The legal basis of the processing is Art. 6 para. 1 p. 1 lit. b) DSGVO (fulfilment of a contract).

The information you provide during the ordering process, together with information about your order (name, address, e-mail address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction purpose) is passed on to PayPal on the basis of an order processing contract. Your data will only be passed on for the purpose of processing the payment and only to the extent necessary for this purpose. You can also find more information about PayPal's data protection here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE/.


3. Payment service provider Klarna


We use the services of the payment service provider Klarna. Klarna is a service of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. The use of Klarna serves to be able to offer you payment by invoice as a modality for your order and to make it easier for us to process the order via this. The legal basis of the processing is Art. 6 para. 1 p. 1 lit. b) DSGVO (fulfilment of a contract).

The information you provide during the ordering process, together with information about your order (name, address, e-mail address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction purpose) is passed on to Klarna on the basis of an order processing agreement. Your data will only be passed on for the purpose of processing the payment and only to the extent necessary for this purpose. You can also find more information on Klarna's data protection here: https://www.klarna.com/de/datenschutz/.


4. Payment service provider Payolution


We use the services of the payment service provider Payolution. Payolution is a service of payolution GmbH, Columbuscenter, Columbusplatz 7-8, 1100 Vienna, Austria. The use of Payolution serves to be able to offer you payment by invoice, instalment payment or direct SEPA direct debit as a modality for your order and to make it easier for us to process the order via this. The legal basis of the processing is Art. 6 para. 1 p. 1 lit. b) DSGVO (fulfilment of a contract).

By selecting purchase on account, payment by instalments or direct SEPA direct debit, you agree to the data protection provisions of payolution GmbH and the further processing of your personal data. These provisions are listed under the following link for information purposes only: https://payment.payolution.com/payolution-payment/infoport/dataprivacydeclaration?&mId=QmVzdEVmZmVjdCBHbWJI

5. Facebook Pixel


Within our online offer, we use the so-called "Facebook Pixel", a service operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Facebook").


With the help of the Facebook pixel, it is possible for us to track for statistical purposes whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion"). Its use also enables us to determine visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads") and thus only display them to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences").


The processing of the data by Facebook takes place within the framework of Facebook's data policy. For specific information and details on the Facebook pixel and how it works, please refer to Facebook's privacy policy: https://www.facebook.com/privacy/explanation.


Facebook acts as an order processor as far as concerned in this section. We have therefore concluded a data processing contract with Facebook in which we oblige Facebook to protect our customers' data and not to pass it on to third parties. Furthermore, we have no control over Facebook's use of the data. In particular, we cannot rule out the possibility that Facebook may pass on the data to third countries.

   

The use of the Facebook Pixel as well as the storage of "conversion cookies" is based on your consent within the meaning of Art. 6 (1) lit. a DSGVO. You can object to the collection by the Facebook pixel and the use of your data for the display of Facebook ads. We refer you to the further information under point II. You can also make settings about which types of advertisements are displayed to you within Facebook when you log in to Facebook.


6. Matomo Tracking


This website uses Matomo. This is an open source tool for web analysis. We want to use it to further improve the website and adapt it even more to the needs of the users.


Matomo uses so-called cookies. These are text files that are stored on your computer and enable us to analyse the use of our website. For this purpose, the information on usage obtained by the cookie is transmitted to our servers and stored so that usage behaviour can be evaluated. Your IP address is immediately anonymised; this means that you remain anonymous as a user. The information generated by the cookie about your use of this website is not passed on to third parties. In particular, Matomo does not transmit data to servers outside our control.


Matomo is deactivated when you visit our website. Your usage behaviour is only recorded anonymously if you actively consent to this. In the context of the use of those cookies, we rely on your express consent to the collection of data in accordance with Art. 6 para. 1 p. 1 lit a) DSGVO. For further information on consent, please refer to section II. 3.


For further information regarding the data protection of Matomo, please refer to their data protection declaration at: https://matomo.org/privacy-policy/.


8. Newsletter


If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the controller. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with foreign e-mail addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 lit. a) DSGVO. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.


8.1 Use of rapidmail


Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organize and analyze the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored on rapidmail's servers in Germany. If you do not want any analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked. All links in the e-mail are so-called tracking links, with which your clicks can be counted. Depending on the font with which the respective newsletter is designed, a connection to external servers such as Google Fonts takes place.

Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) DSGVO.

Recipient: The recipient of the data is rapidmail GmbH.

Transmission to third countries: There is no transmission of data to third countries.

Duration: The data stored by us within the scope of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

Possibility of revocation: You have the possibility to revoke your consent to data processing with effect for the future at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Further data protection information: For more details, please refer to the data security notices of rapidmail at: https://www.rapidmail.de/datensicherheit. For more details on the analysis functions of rapidmail, please refer to the following link: https://www.rapidmail.de/wissen-und-hilfe


VII. Your rights


You can assert your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details provided at the beginning of this document under A. As a data subject, you have the right

- To request information about your data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

- In accordance with Art. 16 DSGVO, to demand the correction of incorrect data or the completion of your data stored by us without delay;

- In accordance with Art. 17 DSGVO, to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;

- In accordance with Art. 18 DSGVO, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;

- Pursuant to Art. 20 DSGVO, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller ("data portability");

- Object to the processing in accordance with Art. 21 DSGVO, insofar as the processing is based on Art. 6 (1) p. 1 lit. e or lit. f DSGVO. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing;

- In accordance with Article 7(3) of the GDPR, to withdraw your consent - i.e. your voluntary, informed and unambiguous indication by means of a declaration or other unambiguous affirmative action that you agree to the processing of the personal data in question for one or more specific purposes - at any time if you have given such consent. The consequence of this is that we may no longer continue the data processing based on this consent in the future, and

- Complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 DSGVO, for example to the data protection supervisory authority responsible for us: Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach.


VIII. Changes to the data protection information


In the context of the further development of data protection law as well as technological or organisational changes, our data protection information is regularly checked for the need to adapt or supplement it. You will be informed of any changes in particular on our German website at https://shop.besteffect.com/Informationen/Datenschutz/.