Information about collection of personal data
In the following paragraphs, you can find more information about the personal data that is collected when you visit our website. Personal data is all data that is linked to you as a person, e.g. name, address, email addresses and user behaviour.
The data controller within the meaning of Article 4(7) of the EU Data Protection Regulation (GDPR) is Henry Göttler, Bertoldstraße 48, 79098 Freiburg, Germany, [email protected] (see Imprint). You can contact our Data Protection Officer at [email protected] or by using our postal address and addressing your letter to “der Datenschutzbeauftragte”.
If you contact us by email or by using a contact form, the data submitted (your email address and, if applicable, your name and telephone number) will be stored to answer your questions. This data will be deleted when it is no longer necessary to save the data. Should we be required by law to keep the data, we will restrict the processing of this data.
If we use subcontractors to provide individual parts of our offer, or if we would like to use your data for promotional purposes, we will give you more information about the relevant processes below. We will also inform you of the criteria defined for storage periods.
You have the following rights regarding your personal data:
- Right to information,
- Right to correction or deletion (‘right to be forgotten’),
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.
You also have the right to make a complaint to a data protection supervisory authority about how we process your personal data.
Collection of personal data when you visit our websites
If you access our website for information only, i.e. without registering or submitting personal data, we will only collect the personal data sent to us by your web browser. If you want to view our website, we collect the following data that is based on technical requirements and needed for displaying the website and provide stability and security (pursuant to Article 6(1)(1)(f) GDPR):
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status / HTTP status code
- Amount of data transferred
- Referring website
- Operating system and its interface
- Language and version of your browser software.
This information is utilised for the sole purpose of improving our services and does not provide any information as to who you are. The IP address is only stored temporarily to allow us to detect and prevent any possible attacks.
The personal data you submit to us will be used for processing and fulfilling your order. We may process and save this data if this is necessary for performing the contract of sale and if legal requirements necessitate that we keep this data. We reserve the right to pass on your personal information to credit reference agencies if this is necessary for the purpose of credit checks, providing that the customer expressly agrees to this in the individual case. We will not pass on other personal customer data to third parties without your express agreement, unless we are required by law to hand over data.
Data on this website is captured and stored for marketing and optimisation purposes using technologies from WiredMinds AG (WiredMinds) and Google Inc. This data can be used to create usage profiles under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are saved locally in the cache of the user’s internet browser. Cookies enable the internet browser to be recognised again. IP addresses that are captured are anonymised immediately after capture by deleting the last set of numbers. You can object to the data collection, processing and storage for the purposes of web analysis by Google Inc. and/or WiredMinds at any time with effect for the future.
Cookies are small text files that are stored on your terminal device. Most of the cookies we use are deleted at the end of the browser session (so-called session cookies). Other cookies remain on your terminal device and allow us to recognize your browser the next time you visit (persistent cookies).
The Consent Management System provides further information about the cookies, such as provider, intended use, storage period and legal basis. You can change the settings for the future at any time using the fingerprint icon at the bottom left of the screen.
You can also set your browser so that you are informed about the setting of cookies, decide on a case-by-case basis whether to accept them or generally exclude the acceptance of cookies. If you do not accept cookies, the functionality of our website may be limited.
We use the software of Usercentrics (Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany) as our consent management system. For more information on data processing by Usercentrics, please visit their website at usercentrics.com/privacy-policy/.
This website uses Google Analytics, a web analysis service from Google Inc. (‘Google’). Google Analytics uses so-called cookies, i.e. text files that are stored on your computer and enable analysis of your use of the website. The information provided by the cookie about your use of this website is normally sent to a Google server in the USA, where it is saved.
We have activated IP anonymisation on this website which means that Google will abbreviate your IP address first within the member states of the European Union or in other states party to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there.
Google has certified that it adheres to the “Privacy Shield” Principles, www.privacyshield.gov/EU-US-Framework. We are allowed to use Google Analytics according to Article 6(1)(1)(f) GDPR.
Google will use this information, on behalf of the operator of this website, to analyse and evaluate your use of the website, to compile reports about website activities and to provide the website operator with other services related to website and internet use. Google will not associate the IP address sent by your browser with other data in the context of Google Analytics.
You can configure your browser to block cookies. However, this may mean that you are not able to make full use of all of the functions of this website. You can also prevent the data created by the cookie which relates to your use of the website (incl. your IP address) from being recorded and processed by Google by downloading and installing the browser plugin available at the following link (https://developers.google.com/analytics/devguides/collection/analyticsjs/user-opt-out).
You can prevent Google Analytics from collecting your data by clicking the following link. An opt-out cookie will be stored that will prevent data from being recorded when you visit this website in future: Deactivate Google Analytics
You can find more detailed information about conditions of use and privacy at https://www.google.com/analytics/terms/gb.html or https://policies.google.com/.
Our website uses web beacon technology from wiredminds GmbH (www.wiredminds.de) to analyse visitor behaviour.
Data is collected, processed and stored to create usage profiles under a pseudonym. Usage profiles are fully anonymised where possible and appropriate. Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor’s internet browser and used to recognise the browser. The data collected, which may include personal data, is sent to WiredMinds or gathered by WiredMinds itself. WiredMinds may use information that is left behind when somebody visits a website to create anonymised usage profiles. Data collected in this way is not used to personally identify the visitor to this website without the express agreement of the person concerned, and it is not associated with the personal data of the holder of the pseudonym. If IP addresses are collected, they will immediately be anonymised by deleting the last set of numbers.
You can rescind permission to collect, process and store data at any time, with effect for the future.
To enable us to provide an online offer with no technical issues, we use the analysis software Smartlook from Smartsupp.com s.r.o., Millay Horakove 13, 602 00 Brno, Czech Republic.
This software anonymously tracks mouse movements and interactions on the website. There is no transfer of personal data, and none of the collected data can be linked or traced back to individual users. If your personal data or the personal data of a third party is displayed on the website, Smartlook will automatically fade it out and it will not be recorded at any time.
If you do not consent to the recording, you can deactivate it using the opt-out switch under Smartlook Opt-Out .
Social Media Plugins
We use the following social media plugins and have implemented a “two-click solution”. This means that, initially, no data will be sent to the plugin providers when you visit our site. You can acknowledge the provider of the plugin by checking the box above its initial letters or the logo. We give you the option of communicating directly with the plugin provider via the button. Only by clicking the marked field and activating it will the plugin provider be informed that you have retrieved the corresponding website from our online presence. The data mentioned under § 3 of this statement is also sent. According to Facebook and Xing, they anonymise IP addresses immediately after collection in Germany. If you activate the plugin, your personal data is sent to the respective plugin provider, where it is saved (in the USA for US American providers). Plugin providers usually collect data using cookies, so we would recommend that you delete all cookies using your browser’s security settings, before clicking on the greyed-out box.
We have no influence over the data collected or the processes used for data processing. We are also not aware of the full extent of data collection, the purposes of processing or for how long the data is stored. We also have no information about deletion of the data collected by the plugin provider.
The plugin provider saves data collected about you as a usage profile that it uses for the purposes of advertising, market research and/or to design its website to meet needs. In particular, data is evaluated (even when you are not logged in) to show you advertisements that match your interests and to inform other users in the social network about your activities on our website. You have the right to object to creation of these user profiles. However, you must contact the plugin provider in question to exercise this right. We use plugins to enable you to interact with social networks and other users. This helps us to improve our presence and make it more interesting for you as a user. We are allowed to use plugins according to Article 6(1)(1)(f) GDPR.
Your personal data will be transmitted to the plugin provider even if you do not have an account with the plugin provider or if you are not logged into your account. If you are logged in, the information transmitted to the plugin provider will be linked to your account. If you interact with plugins, for example by clicking the ‘Like’ button or leaving a comment, this information is also sent straight to a server operated by the plugin provider where it is saved. The information is also published on your profile and is visible to your friends. To avoid data collection and having data linked to your account, we recommend logging out after using social networks and, particularly before clicking the button.
Additional information about purpose and extent of data collection and processing by the plugin provider can be found in the following privacy policies for these providers. You can also find information about your rights and settings to protect your privacy.
Plugin providers and their privacy policies:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information about data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other as well as www.facebook.com/about/privacy/your-info
- GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107 and GitHub B.V., Vijzelstraat 68-72, 1017 HL Amsterdam, The Netherlands; https://docs.github.com/en/github/site-policy/github-privacy-statement
- Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/
- YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; https://policies.google.com/privacy?hl=en
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; www.twitter.com/privacy
- Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; www.xing.com/privacy
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy
If you sign up for our newsletter, we will use the data you provide with your express permission to send our newsletter to you. Our newsletters contain topical informative contributions, as well as offers from OXID eSales and third-party providers. We use a “double opt-in” process to verify your subscription to the newsletter. This means that, once you have signed up, we will send an email to the address you have given, requesting confirmation that you wish to receive the newsletter. We also store the IP addresses you have used and the time at which you sign up and confirm. This provides proof that you have signed up and enables us to identify any possible misuse of your personal data. It is possible to unsubscribe at any time, either by clicking the link included in every newsletter email or by sending an email to the contact details given on the “Imprint” page.
When you fill out a form (e.g. product demo, content download request, registration for events and webinars), we use the data you provide with your express consent, to make the requested services available to you.
To this end, we often work with partners to whom we pass on the data you have provided. These partners are contractually bound to the data protection regulations. You can view the partners at https://www.oxid-esales.com/en/partners/find-a-partner.
When contacting us (via contact form or email), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b) GDPR.
The user's details may be stored in our customer relationship management system and marketing automation platform ("CRM & Marketing System") or comparable inquiry organization.
We delete the requests if they are no longer necessary. We review the necessity every two years; we store requests from customers who have a customer account permanently and refer to the customer account details for deletion. In the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
This website uses services by Eventbrite Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, Reg. No. 4742147, USA to allow users to sign up to our events on this website. We are allowed to use Eventbrite according to Article 6(1)(1)(f) GDPR.
The information you enter for signing up and/or ordering tickets for an event is sent to Eventbrite servers in the USA. Eventbrite Inc. has certified that it adheres to the “Privacy Shield” Principles.
We use the event management tool Events66 by Efec AG, Lauerstraße 19, D-35578 Wetzlar, Germany, for the management of speakers / program, exhibitors, sponsors and other relevant contacts for OXID eSales AG events. The legal basis for the use of Events66 is Art. 6 para. 1 p. 1 lit. b and f, DS-GVO.
We use Selfcampaign on this website, a service for integrating advertisements from B2B Media Group EMEA GmbH ("B2BMG"), Bahnhofstr. 5, 91245 Simmelsdorf, Germany. Selfcampaign uses so-called cookies, text files that are stored on users' computers and that allow an analysis of use of the website. Selfcampaign also uses “web beacons” (invisible graphics). Web beacons can be used to evaluate information such as visitor traffic on the pages of this offer. We are allowed to use Selfcampaign according to Article 6(1)(1)(f) GDPR.
Users can prevent the installation of cookies by setting their browser software accordingly; however, the provider points out to the users that in this case they may not be able to fully utilize all functions of this offer. By using this website, users agree to the processing of the data collected about them by B2BMG in the manner described above and for the purpose stated above.
Additional collection and processing of personal data in the OXID Store
We use the personal data provided by you for the fulfillment and processing of your order. We may process and store this data insofar as this is necessary for the execution and processing of the purchase contract and as long as we are obliged to store this data due to legal regulations.
If you open and use a customer account, we process your master data (name, address, e-mail address) and your usage data (user name, password). This allows you to manage your orders and we can identify you by your user name. The legal basis for this data processing is your consent in accordance with Art. 6 (1) a) GDPR.
We process the data to fulfill the contractual relationship. If you order from a merchant via the OXID Store, the contract and order data will be transmitted to the merchant for further contract processing and execution.
For the processing of payments, your payment data will be transmitted to the respective payment service providers used, so that they can carry out and book the payment process. The processing of the data takes place accordingly on the basis of Art. 6 (1) b) GDPR.
We reserve the right to transmit your personal data to credit agencies insofar as this is necessary for the purpose of a credit check, provided that the customer expressly agrees to this in the individual case. We will also not otherwise pass on personal customer data to third parties without your expressly declared consent, except insofar as we are legally obliged to hand over data.
Your personal data will be encrypted in the ordering process using Secure Socket Layer (SSL) transmitted over the Internet. Credit card data is not stored, but collected and processed directly by our payment service provider Novalnet. We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Access to your customer account is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.
Credit checks and scoring
If we make an advance payment, such as a purchase on account, we may request creditworthiness information based on mathematical and statistical processes in order to protect our legitimate interests from Bürgel Wirtschaftsinformationen GmbH & Co. KG, Gasstraße 18, 22761 Hamburg and Creditreform Freiburg Zimmermann KG Jacob-Burckhardt-Str. 15 - 17, 79098 Freiburg. To do this, we send the personal data needed for a credit check to Bürgel Wirtschaftsinformationen GmbH & Co. KG and Creditreform Freiburg Zimmermann KG. The information returned to us about the statistical probability of non-payment is then used to make a balanced decision about entering into, maintaining, or ending a contractual relationship. The creditworthiness information might contain probability values (score values) that are calculated on the basis of scientifically recognised mathematical and statistical processes. Address information, among other information, is used to calculate these values. Your interests worthy of protection are taken into account in accordance with the statutory provisions.
For payment transactions, we have integrated components from Novalnet AG on our website. Novalnet AG (Novalnet AG Zahlungsinstitut (ZAG), Feringastr. 4, 85774 Unterföhring, Germany) is a full payment service provider that handles payment processing, among other things. If the data subject selects a payment method during the ordering process in the online store, data of the data subject is automatically transmitted to Novalnet AG. By selecting a payment option, the data subject consents to this transmission of personal data for the purpose of processing the payment. The transmission takes place on the basis of Art. 6 (1) a) GDPR (consent) and Art. 6 (1) b) GDPR (processing for the performance of a contract).
The personal data transmitted to Novalnet are usually first name, last name, address, gender, e-mail address, IP address and, if applicable, date of birth, telephone number, cell phone number and other data necessary for the processing of a payment. Also necessary for the processing of the purchase contract are such personal data that are related to the respective order. In particular, there may be a mutual exchange of payment information, such as bank details, card number, validity date and CVC code, data on goods and services, prices.
The purpose of the data transfer is, in particular, identity verification, payment administration and fraud prevention. The controller will transmit personal data to Novalnet AG in particular if there is a legitimate interest for the transmission. The personal data exchanged between Novalnet AG and the controller will, if necessary, be transmitted by Novalnet AG to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness.
Novalnet AG also discloses personal data to service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process the data. You can find out how Novalnet AG processes data at https://www.novalnet.com/privacy.
The data subject has the option of revoking consent to the handling of personal data at any time vis-à-vis Novalnet AG. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.
Applications for jobs at OXID eSales by email or via the job portal will only be processed as part of the recruitment process. Transfer of personal data for applications via the job portal is in encrypted form.
If a contract of employment is concluded, the data will continue to be stored for the working relationship. If the application does not lead to an employment contract, the data will be deleted 3 months after completion of the recruitment process as long as OXID is not obliged to store the data due to legal requirements or other legitimate interests.