This website is operated by ESGE AG ("we" or "us"). This data privacy statement describes how we, as the party responsible for data protection, process your personal data within this website.
1. Which data we process about you
In the course of your visit to this website, we will collect the following information:
The date and time you access a page on our website, your IP address, name and version of your web browser, the website (URL) you visited before accessing this website, certain cookies (see point 2) and the information you provide yourself by filling out the contact form, registering for our newsletter, creating a customer account or for the execution of a contract.
There is no obligation to actually provide the data that we ask you to provide on our website. However, if you do not do so, you will not be able to use all of the functions of the website.
So-called cookies are used on this website. A cookie is a small file that can be stored on your computer when you visit a website. Cookies are generally used to offer users additional functions on a website. They can be used, for example, to make it easier for you to navigate a website, to enable you to continue using a website where you left it and/or to save your preferences and settings when you visit the website again. Cookies cannot access, read or modify any other data on your computer.
In the following sections "Cookies required for technical reasons", "Cookies for the analysis of surfing behaviour" and "Cookies for advertising purposes", we will explain which types of cookies we use and which data are processed by these cookies.
As far as no special deletion periods are mentioned in the following sections on cookies, the following generally applies with regard to the storage period: you have control over whether cookies are set, and which cookies, by means of the appropriate browser settings. Most browsers are set by default to allow cookies to be set without restriction. You can change and restrict this or block the placing of cookies. And you can delete set cookies in your browser at any time. With the appropriate browser settings, the deletion can also be done automatically. If you want to know more about how to set these steps, please use the "Help" function in your browser.
Please note that blocking or deleting cookies may affect your online experience and prevent you from fully using this website.
2.1 Technically required cookies
Some functions of this website require cookies. Cookies are technically required for these functions. These include the country settings, login, selection of goods, shopping cart, ordering process, memorising search terms on our website. The purpose of cookies is to offer and execute these functions. The legal basis for the setting of the technically required cookies and the processing associated with them is our legitimate interest, which is to achieve these purposes.
2.2 Cookies for the analysis of surfing behaviour
2.3 Cookies for advertising purposes
3. Purposes of data processing
We will process your personal data for the following purposes:
a. to provide you with this website and its functions and to further improve and develop this website;
b. to be able to compile usage statistics;
c. to detect, prevent and investigate attacks on our website;
d. to respond to your inquiries;
e. to send you our newsletter and to conduct surveys on satisfaction with our products and services;
f. to create and manage your customer account;
g. to process your orders.
4. Legal basis of the data processing
The legal basis for the processing of your personal data is
- for the processing operations referred to in points 3a-d and f, our primary legitimate interest, which consists of achieving the purposes mentioned in points 3a-d and f above;
- for the sending of our newsletter and our customer surveys § 107 paragraph 3 TKG, if we received your e-mail address in connection with the sale of goods to you, otherwise your consent;
- for the processing of your orders the necessity for the fulfilment of the contract concluded with you.
You can revoke authorisations given, independently of each other and at any time, without affecting the legality of the processing carried out on the basis of the authorisations until revocation.
5. Forwarding of your personal data
For the purposes mentioned above we will forward your personal data to the following recipients:
- IT service providers we use, namely Inscript GmbH in A-6850 Dornbirn;
- forwarding, storage and transport service providers we use for the delivery of the goods ordered by you, insofar as this is necessary for the delivery of the goods;
- the assigned credit institution, as far as this is necessary for the handling of payment;
- the payment service providers used, currently PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal"), and Sofort GmbH with headquarters in Munich (for Klarna Sofortüberweisung) to the extent necessary for payment processing;
- Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, in accordance with point 8 (Google Analytics);
- Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA, in accordance with point 10 (Facebook conversion tracking pixel);
- or the newsletter to MailChimp, a newsletter delivery platform of the Rocket Science Group, LLC, 675 Ponce De Leon Ave. NE #5000, Atlanta, GA 30308, USA.
Please note that PayPal reserves the right to perform a credit check for the payment methods "credit card via PayPal", "direct debit via PayPal", "purchase on account via PayPal" or "payment by instalments via PayPal". In this case PayPal will pass on your payment data to credit agencies on the basis of its legitimate interest in determining your solvency. The result of this credit assessment is used by PayPal to decide on the provision of the respective payment method. The credit report may contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure according to PayPal. Among other things, but not exclusively, address data is included in the calculation of the score values. For further information on data protection law regarding the credit assessment and the credit agencies used, please refer to PayPal's data privacy statement:
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal is still entitled to process your personal data if this is necessary for the contractual payment processing.
Some of the recipients mentioned above are located outside the European Economic Area (EEA) or process your personal data there. The level of data protection outside the EEA may not be the same as in your country. However, we will only transfer your personal data to countries where the EU Commission has decided that they have an adequate level of data protection or to the USA to Google Inc., Facebook Inc. and Rocket Science Group, LLC (MailChimp).
MailChimp, Google Inc. and Facebook Inc. are certified under the US-EU privacy shield convention and are therefore obliged to comply with the requirements of European data protection law. However, we would like to point out that the European Court of Justice annulled the decision by which the EU Commission declared the level of data protection provided by this convention to be adequate.
We will send the newsletter via MailChimp. MailChimp stores the newsletter data on its servers in the USA. This data includes not only the e-mail address, but also the usage and click behaviour of the subscribers. Information regarding who opens our newsletters is stored, as well as how often and on which content he/she clicks. We use this data to constantly improve our newsletter. We concluded standard contractual clauses to ensure that European data protection levels are respected. However, it is not clear whether US law allows MailChimp to comply with these standard contractual clauses. Therefore, we cannot exclude the possibility that the transfer of data to MailChimp in the US may take place without adequate safeguards under the GDPR.
The transfer of data to Google Inc. and Facebook Inc. in the USA is in any case carried out without adequate safeguards under the GDPR. There is a risk that these recipients will not be able to comply with the requirements of European data protection. US data protection law does not grant your data the same protection as the GDPR; in particular, you have only very limited data subject rights. There is also a risk that the US authorities may access your data for control and monitoring purposes.
6. Duration of storage
We will store the data listed under point 3a-d for a period of three months. Longer storage will only take place to the extent necessary to investigate detected attacks on our website.
Data that we process on the basis of your consent will be stored until we receive your revocation and beyond that for as long as legal obligations allow.
If you create a customer account, we will store your data at any rate for as long as your account exists and thereafter for as long as legal obligations provide for this.
We will keep data from order processing as long as claims can be asserted and beyond that as long as legal obligations provide for this.
7. Your rights regarding personal data
In accordance with the applicable data protection law, you have the right of access, correction, deletion, restriction of processing, objection and transferability of the data.
You have the right to object in particular to data processing in which we invoke a legitimate interest.
In accordance with applicable data protection law, you have the right to complain to a supervisory authority in the EU if you believe that there has been a breach of data protection law.
8. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called cookies, text files that are stored on your computer and enable an analysis of your use of the website. We process your data on the basis of your consent.
The information generated by the cookie regarding your use of this website (including your IP address and the URLs of the websites you visit) is transferred to Google's servers in the USA and stored there. We do not store any of your data collected by Google Analytics.
This website uses the possibility of IP-anonymisation offered by Google Analytics. Your IP address will therefore be shortened/anonymised by Google as soon as Google receives your IP address. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide us with further services related to the use of the website and the internet. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data by Google.
You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting your data in Google Analytics by downloading and installing the browser plug-in available through the following link: http://tools.google.com/dlpage/gaoptout?hl=en
9. Use of share links
We use (share) links for Facebook and links for Instagram and YouTube on our site. You can recognise them by the black icons showing the logo of these social media services.
If you really want to use a (share)link and its functions, you have to click on the corresponding icon. You will then be redirected to our site in the relevant social media service and it is possible that your IP address will be transmitted to the social media service, which will thus receive the information that our website was visited by this IP address. By logging in to your account on the relevant social media service, that service may associate your visit to our website with your account on that social media service.
In our recipes we have a share link for Facebook. This allows you to share the content of our website affected by the share link on your Facebook profile, provided you log in to your user account there. This enables Facebook Inc. in California, USA, to assign the shared content to your user account.
We would like to point out that we, as operators of our website, have no knowledge of the content of the transmitted data or its use by the social media service. If you do not want the social media service to associate your visit to our website with your user account, please log out of your user account before visiting our website.
More information about the privacy practices of the social media services linked on our website is provided at the following links:
About Facebook at this link: www.facebook.com/about/privacy/
About Instagram at this link: http://instagram.com/about/legal/privacy/
About Google (YouTube) at this link: https://www.google.de/intl/de/policies/privacy/
10. Facebook conversion tracking pixel
Our website uses the conversion tracking pixel of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA ("Facebook") for conversion measurement. Facebook Inc. is certified under the EU-US Privacy Shield, which ensures compliance with European privacy standards by American companies.
The conversion tracking pixel can be used to track the behaviour of page visitors after they have been redirected to the provider's website by clicking on a Facebook ad, and to display the provider's ads to page visitors who log in to Facebook. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
The use of tte conversion tracking pixel and the associated tracking is based on your consent. You can revoke this consent at any time as described in point 2 or by deactivating it in your Facebook account. The legality of the processing of your consent up to the revocation remains unaffected by the revocation.
You can disable the remarketing feature "Custom Audiences" in the advertising settings section here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
To do so, you must be logged in to Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
11. Facebook fan page
Our company operates a fan page on Facebook. When you visit this fan page, Facebook sets cookies on your end device, regardless of whether or not you are a Facebook user yourself. Find out more about cookies under point 2. of this data privacy statement.
Facebook uses these cookies to evaluate your behaviour on our fan page according to certain criteria and to make this evaluation available to us anonymously. Facebook calls this service "Facebook Insights". Further information on the processing of the Insights data can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.
Facebook Ireland and we are jointly responsible for data processing for Facebook Insights in accordance with Art 26 GDPR. The primary responsibility for the processing of the Insights data lies with Facebook Ireland. We do not make any decisions regarding the processing of the Insights data, especially not regarding the further recipients of this data or the storage period of the cookies used for this purpose on the end devices.
You can assert your rights to privacy either with Facebook Ireland or with us.
We have entered into a shared responsibility agreement with Facebook Ireland, the essential content of which is provided here by Facebook Ireland: https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the processing of the Insights data is your consent, which you declare by clicking the "I agree" button on the opt-in banner that appears when you access our website.
12. Google Tag Manager
We use Google Tag Manager on this website. Google Tag Manager is a solution offered by Google that allows website operators to manage website tags via an interface. The tag manager itself (which implements the tags) is a cookie-free domain and does not collect any personal information. It is responsible for triggering other tags, which in turn may collect data. As far as this is the case on this website (Google Analytics, Facebook conversion tracking pixel), you will find explanations in this privacy statement. Google Tag Manager does not access this data.
If deactivation has been made at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager. Google Tag Manager will not change your cookie settings. You can find more information at: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/
13. Social media wall (TINT)
On our website we have a social media wall which displays content generated by users of social networks, especially posts that relate to us. For this social media wall we use TINT, a service of Hypemarks Inc, 122 East Houston St, San Antonio TX 78205, USA.
The legal basis for this processing is our legitimate interest in supporting our marketing activities by finding, accompanying and displaying user-generated content relating to us on our website. In addition, we also base this processing on an analogous application of Article 9 paragraph 2 letter e of the GDPR, since although data already voluntarily published by data subjects are processed, no special categories of personal data within the meaning of this provision are processed.
15. Promotional use of the e-mail address
If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers by e-mail for products similar to those already purchased from our range. This serves to protect our interests in addressing our customers with a commercial purpose and is based on Article 6 paragraph. 1 letter f of the GDPR in this respect. You can object to this use of your e-mail address at any time without giving reasons in accordance with Article 21 paragraph 2 of the GDPR by sending a message to the contact option specified below or by clicking on the link provided for this purpose in the advertising e-mail.
In addition, you can also actively register for our newsletter. If you subscribe to our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent. The use of your e-mail address is then based on the consent obtained from you as part of the double opt-in procedure, Article 6 paragraph 1 letter a of the GDPR. You can revoke your consent at any time without giving reasons by sending a message to the contact option specified below or by clicking on the link provided for this purpose in the advertising e-mail. After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
16. Trusted Shops Trustbadge®
The Trusted Shops Trustbadge® is integrated into our website to display the ratings collected by Trusted Shops.
Pursuant to Article 6 paragraph 1 page 1 letter f of the GDPR, this serves to serve our legitimate interests in the optimal marketing of our offer, which outweigh our interests in the context of a balancing of interests. The Trustbadge® and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the Trustbadge® is activated, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and records the access. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to the site.