Data protection and security
We are honored that you visit our website and thank you for your interest in our company. The security of your data is essential to us. We not only ensure that we comply with the European General Data Protection Regulation (GDPR) but we also ask ourselves what we would expect from a sophisticated online retail store to feel comfortable about entrusting our personal data online. For this reason we handle your personal data with utmost care and respect.
You can print or save this document by using the common functionality of your internet browser.
Name and address of the controller
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Should you object to the acquisition, processing or utilization of your data by Artedona in keeping with the stipulations of these data-protection provisions, whether entirely or for individual measures, you can send your objection per e-mail, by fax or by letter again using the previously mentioned contact options.
Name and address of the data protection officer
The data protection officer of the controller is:
Mr. Lothar Becker
Phone: +49 (89) 716 802 13-0
Any data subject may, at any time, contact our data protection officer directly with all questions and suggestions concerning data protection.
Responsible regulatory authority
Besides contacting us or our data protection officer you also have the possibility to contact our responsible regulatory authority directly at any time.
The responsible controlling institution for Bavaria and therefore for us is:
Bayerisches Landesamt für Datenschutzaufsicht
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Collection and processing of personal data
We take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the European General Data Protection Regulation (GDPR).
Personal data means any information relating to an identified or identifiable natural person ("data subject"). This includes among others your name, your address, your e-mail address, your phone number, your IP-address, and any other data that you provide while registering for a customer account with us.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Purpose and legal basis of the data processing, data categories
Purpose of the data processing
In general, we process your personal data for the following purposes:
- To offer our products and services
- To assist customers, intermediaries and potential customers
- To prepare and execute business transactions
- To inform and communicate with our customers, intermediaries and potential customers
- To be compliant with legal responsibilities, such as financial and accounting requirements
- To ensure a technically correct functioning of our website
For these purposes we process personal data that can belong to the following data categories:
- Contact information
- Data that is required to prepare and complete business transactions and processes
- Financial data, bank information and credit-check data
- Contractual data
- Insurance data
- Data that is being created during the communication of your internet browser with our website
- Data that has to be collected and processed because of a public interest
Legal basis for the processing
We process your personal data on the following legal basis:
- The data processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (Art. 6 (1) (b) GDPR)
- The data processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 (1) (c) GDPR)
- The data processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child. (Art. 6 (1) (f) GDPR)
- You have given consent to the processing of your personal data for one or more specific purposes (Art. 6 (1) (a) GDPR)
Transmission and forwarding of personal data
We transmit and forward your personal data to third parties for the purpose of order fulfillment, and to processors, that process your personal data only with our specific or general written authorization (Art. 28 GDPR).
Period for which personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract, the initiation of a contract, or the completion of the initial purpose of the data collection.
Right to withdraw consent
If you have given consent to the processing of your personal data, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of data processing based on consent given before its withdrawal.
Automated decision making and profiling
We do not perform any automated decision-making, including profiling.
Partner companies and processors
We work with different partner companies and processors. Besides those mentioned in the following chapters, we are working with the following companies that support us in the areas of IT, internet marketing, and accounting (based on data processing agreements according to Art. 28 GDPR):
MATCH Market Access Services GmbH & Co. KG
Gut Keferloh 1a
explido GmbH & Co. KG
IP addresses are required for internet browsers to communicate with web servers. When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Browser type and version
- Operating system
- The website from which an accessing system reaches our website (so-called referrer)
- The URL that is being requested on your website
- The date and time of the access request
Data processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. We store the information in our log files for 14 days. All content older than that is automatically deleted from the log files.
Generally, there are two types of cookies: so called "session cookies" which are automatically deleted after your visit, and cookies that remain in your device's memory for a longer time period or until you delete them. These cookies make it possible to recognize your browser when you visit our website again.
Most of the cookies that we use are session cookies and are automatically deleted when you end your session or close your browser.
Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors.
We may work together with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies may also be stored on your device when you visit our website (third-party cookies). You will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following sections.
Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Please note that the functionality of our website may be limited if cookies are not accepted.
Customer account and registration
All visitors of our website and all our customers have the option to register for a customer account on our website. Registered users receive password-protected access to their customer data. The "My Account"-pages provide information on the order history, billing and shipping addresses, as well as newsletter subscription status. Furthermore, registered and logged-in users can save their wish list long-term. Registering for a customer account can be done during checkout or independently thereof. During registration the following personal data is being collected:
- E-mail address
- First and last name
- Address (street, postal code, city and country)
- Phone number
This data is collected and saved only for our internal use, for order-fulfillment and our own purpose. Should a registered customer place an order through a customer account, then we may forward relevant personal data to third parties that are involved in and for the purpose of order fulfillment, such as logistics companies.
We will process the data provided during registration only based on your consent per Art. 6 (1) (a) GDPR.
You have the right to withdraw your consent at any time. An informal e-mail to email@example.com making this request is sufficient. The withdrawal of consent shall not affect the lawfulness of data processing based on consent given before its withdrawal.
Order, order-processing and credit-check
During order processing and fulfillment, we collect, process, and use personal data only insofar as it is necessary to prepare and complete your order. This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
To process your order we require your full name, your billing and shipping addresses, a telephone number to contact you in case of delivery problems and your e-mail address. If you pay by direct debit, this data also includes your bank account details. We give this data to those third-party companies, which are necessary to deliver your order to your doorstep. For example, our shipping partners UPS and DHL need to receive your shipping address, and our payment service provider, TeleCash GmbH & Co. KG requires your billing address and credit card data to process your payment.
If applicable, we perform credit checks for customers who are based in Germany.
We transmit customer data (name, address and if applicable date of birth) for the purpose of creditworthiness checks, the procurement of information to assess the default risk based on mathematical-statistical processes by using address data of customers, as well as for the purpose of address verification (validity check) to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany. The legal basis for such transmissions are Art. 6 (1) (b) and Art. 6 (1) (f) GDPR. Data transmissions based on these regulations are only permissible, if they are necessary to protect our legitimate interests or the legitimate interests of third parties and if they don't outweigh the interests of the basic rights and basic liberties of the concerned persons requiring the protection of their personal data. Detailed information about infoscore Consumer Data GmbH in terms of article 14 of the European General Data Protection Regulation (GDPR) can be found at https://finance.arvato.com/icdinfoblatt.
No storage of credit card data
We do not store any credit card details. Such payment details are exclusively stored on the secure server of our payment service provider, TeleCash GmbH & Co. KG. We are "PCI-compliant" which means that we are compliant with the so called "Payment Card Industry Data Security Standard". This standard defines a secure process for credit card payments.
When paying via PayPal, credit card via PayPal, or direct debit via PayPal we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer takes place in accordance with Art. 6 (1) (b) GDPR and only insofar as this is necessary for payment processing.
PayPal reserves the right to carry out credit checks for the payment methods credit card via PayPal or direct debit via PayPal. For this purpose, your payment data may be passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency pursuant to Art. 6 (1) point f GDPR. PayPal uses the result of the credit assessment in relation to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on recognized scientific, mathematical-statistical methods. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including the credit agencies used, please refer to PayPal's data protection declaration at: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
Signing up for our newsletters
We offer visitors to our website the option to register for our e-mail newsletter by providing a valid e-mail address. Further data is collected only on a voluntary basis. Registering for our newsletter requires a double opt-in process. Once you have subscribed to our newsletter using our website form, you will receive an e-mail containing a link. Please confirm your subscription by clicking on this link (thereby completing the "double opt-in").
We collect personal data during the newsletter registration process with the purpose of distributing our newsletter.
We will process the data provided during newsletter sign-up only based on your consent per Art. 6 (1) (a) GDPR. You have the right to withdraw your consent at any time. You can unsubscribe from our newsletter at any time through the link in the newsletter, through your customer account, or by contacting our customer service team at firstname.lastname@example.org. The withdrawal of consent shall not affect the lawfulness of data processing based on consent given before its withdrawal.
Distribution of our newsletter is performed by our partner company (processor) Mission One GmbH, Messerschmittstr. 7, 89231 Neu-Ulm, Germany. We only transmit the minimum required information.
Our newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an e-mail was opened by the recipient, and which links in the e-mail were clicked on by the recipient.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by us in order to optimize the layout and distribution of our newsletter. Newsletter tracking is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in optimizing the layout and distribution of the newsletter. Personal data collected through newsletter-tracking will not be passed on to third parties.
You are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by us. We automatically regard a withdrawal from the receipt of the newsletter as a revocation.
Our website contains a contact form that enables a quick electronic contact to our company, as well as direct communication with us. Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. The following personal data is being collected:
- Last name and, if provided, first name
- E-mail address
- The country you are contacting us from
- Phone number, if provided
- Your message
Such personal data transmitted through the contact form is stored for the purpose of processing your enquiry and of replying to any ensuing questions. We do not share this information without your permission.
We will process any data you enter into the contact form only with your consent per Art. 6 (1) (a) GDPR. You may revoke your consent at any time. An informal e-mail making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Web-analytics / Google Analytics
Web-analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. As examples, a web-analysis service collects data about the website from which a person has come (the so-called referrer), which specific pages (URLs) were visited on a website, or how often and for what duration these pages were viewed. We use web-analytics mainly for the optimization of our website and in order to carry out a cost-benefit analysis of our internet marketing measures.
This website uses Google Analytics, a web-analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
This website uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures an anonymization of the IP address by shortening it and excludes a direct personal relationship. As a result of the extension, your IP address will previously be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address will be transmitted to a Google server in the USA and shortened there. In these exceptional cases, processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You can also prevent the collection of your data by Google Analytics by clicking on the following link: Disable Google Analytics. An opt-out cookie will be set to prevent your data from being collected on future visits to this website.
Google LLC, based in the United States, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Google LLC, based in the United States, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
Our Artedona website can easily be shared on Facebook, Pinterest and Twitter. Our implemented solution strongly protects your data privacy. Our social-sharing buttons contain only static links to the social networks. You will be forwarded to the social network in a separate browser window.
The social networks can therefore only obtain data from you, when you have pressed a sharing button. If you are a logged-in Facebook user and you click on the sharing button, then this information will be transmitted to your Facebook profile.
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Thereby, the YouTube server gets informed about which of our pages you have visited.
If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of YouTube under: https://policies.google.com/privacy?hl=en.
Our website uses web fonts provided by Google. When you open a page on our website, your browser loads the required web fonts automatically into your browser cache to display texts and fonts correctly.
When you call up a page of our website, your browser makes a direct connection with Google servers. Google thus becomes aware that our web page was accessed via your IP address.
The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font is used by your computer.
SSL-encryption and data security
Your personal data is securely transmitted using https-encryption. This also applies when you are placing an order with us or when you register for a customer account on our website. We encrypt your data using the SSL (Secure Socket Layer) protocol.
Our servers are protected by a Firewall against unauthorized access. We do not store any credit card details. Such payment details are exclusively stored on the secure server of our payment service provider, TeleCash GmbH & Co. KG. We are "PCI-compliant" which means that we are compliant with the so called "Payment Card Industry Data Security Standard". This standard defines a secure process for credit card payments.
Your rights (as the data subject)
Regarding your personal data, the General Data Protection Regulation (GDPR) provides you with the rights described in the following sub-chapters. Our data protection officer can be contacted at any time regarding your questions about your rights. You can contact him by e-mail email@example.com.
Right of access
According to Art. 15 GDPR, the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information that is outlined in Art. 15 GDPR. This includes the personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. If you wish to claim your right of access, you may contact us at any time.
Right to rectification
According to Art. 16 GDPR, the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If you wish to claim your right to rectification, you may contact us at any time.
Right to erasure ('right to be forgotten')
According to Art. 17 GDPR, the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds outlined in Art. 17 GDPR applies. If you wish to claim your right to erasure, you may contact us at any time.
Right to restriction of processing
According to Art. 18 GDPR, the data subject shall have the right to obtain from the controller restriction of processing, where one of the conditions outlined in Art. 18 GDPR applies. If you wish to claim your right to restriction of processing, you may contact us at any time.
Right to data portability
According to Art. 20 GDPR, you have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible. If you wish to claim your right to data portability, you may contact us at any time.
Right to withdraw consent
According to Art. 7 (3) GDPR, the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you wish to claim your right to withdraw consent, you may contact us at any time.
Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, if there has been a breach of data protection legislation, the person affected may lodge a complaint with a supervisory authority.
Right to object