- I. General information on data privacy
The responsible party for this website and within the meaning of Art. 4 (7) Art. 4 Nr. 7 General Data Protection Regulation (GDPR) is Valiryo GmbH, Dietrich-Bonhoeffer-Ring 2, 64653 Lorsch, (Germany), tel: +49 6251 8616126, E-Mail: firstname.lastname@example.org (referred to hereinafter as “we”, “us”, or “VALIRYO”).
Our data protection officer is:
Mr. Martin Kroupa, email: email@example.com (only English & German)
We respect your privacy and abide by the rules of the applicable data protection laws. This data privacy statement explains to you how we handle personal data, how we collect it, what types of personal data we collect, and how we use it. Personal data is information that can be attributed to you as a person or information that can be used to identify you (e.g. your name, telephone number or email address). This does not include information that cannot be directly linked to your actual identity, or data attributable to legal entities.
1.Right to information, revocation, rectification
In terms of personal data relating to you, you have the following rights vis-à-vis us:
- Right to information, Art. 15 of GDPR,
- Right to the rectification of incorrect data or to the completion of correct data, Art. 16 of GDPR,
- Right to the deletion of personal data stored by us, Art. 17 of GDPR,
- Right to restrict processing, Art. 18 of GDPR,
- Right to data portability, Art. 20 of GDPR,
- Right to object to processing, Art. 21 of GDPR.
Information and communication on your rights shall be provided to you at no charge.
Furthermore, you are entitled to file a complaint with the relevant data protection supervisory authorities about our processing of your personal data (see Art. 77 of GDPR).
For any requests for information, general queries or objections to data processing, please send an email to Valiryo GmbH at firstname.lastname@example.org or send a letter to Valiryo GmbH, Dietrich-Bonhoeffer-ring 2, 64653 Lorsch (Germany).
You are free to revoke consent given to the use of data at any time. If you revoke your declaration of consent, we shall delete all personal data stored by you that we collected or used as part of your consent, unless we are required by law to retain such data. Please note that you may no longer be able to use our services, which are reserved for registered users, once your data has been deleted.
2. Data security
We would like to point out that the transmission of data via the Internet is generally unsecured. The possibility of transmitted data falling into the hands of unauthorized parties and even being falsified cannot be ruled out. For secure communication with us, we usually offer encrypted communication via the SSL protocol (“Secure Sockets Layer”). We always use encrypted communication for forms provided on our web pages, through which you can communicate personal data to us (e.g. contact form, online service portal). The “https://” protocol (instead of “http://”) displayed in the address line of your browser indicates that an area of a website is encrypted or that encrypted transmission takes place. In some browsers, you might also see a lock symbol with the address line of the browser shown in green.
3. Storage length, data deletion and data blocking
We store personal data only for as long as it is necessary in order to perform the services you requested or to which you have given your consent, unless otherwise provided by law. Retention obligations, which require that we retain data, are laid down, for example, in accounting regulations (§ 257 of the German Commercial Code (HGB)) and provisions of tax law (§ 147 of the Fiscal Code (AO), § 14b of the Value Added Tax Act (UStG)).. According to these regulations, business communication, contracts concluded and booking documents must be kept for up to 10 years. If we no longer need this data to perform our services, the data will be blocked. This means that the data may then only be used by us for accounting and tax purposes.
II. Collecting personal data transmitted by your browser
You can visit our website without actively providing information about yourself.
However, whenever you access our website, we automatically collect a range of technical data, which includes personal data (see above).
1. Log files
- Information about the browser type and the version used
- The user’s operating system
- The user’s Internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites accessed by the user's system through our website
This data is not combined with other personal data that you actively specify when using the website (see section III).
The legal basis for the temporary storage of data is Art. 6 (1) (f) of GDPR. Data is stored to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. For these purposes, we have a legitimate interest in the processing of data in accordance with Art. 6 (1) (f) of GDPR.
The data shall be deleted as soon as it is no longer required for the purpose of its collection. With regard to the collection of data for the provision of the website, this applies once the respective session has been closed. In terms of data storage, this is the case after seven days at the latest. We reserve the right to store server log files for longer where the pertinent facts suggest a case of unauthorized access has taken place (for example, a hacking attempt or a so-called DDoS attack).
In the case of an extended storage period, the IP addresses of the users shall be deleted or alienated, thus preventing an allocation of the calling client.
2.1. General information
We use so-called cookies in our online offering to make our website more user-friendly and to enable the use of certain functions, in particular to provide visitors with a convenient shop system with a shopping cart feature.
Cookies are small text files that are stored by us on your computer through your browser. These files only contain data that we send to your computer. Private data cannot be read using these. The cookies enable us to customize our online shop and facilitate your use of it.
Cookies pose no threat to your computer. They cannot read hard drive data, transmit viruses, send emails or be read by other web servers.
2.2. Types of cookies
We use so-called session cookies and persistent cookies. Session cookies are only temporary and are used to provide certain functions. When you close the browser, session cookies are deleted again. So-called persistent cookies, on the other hand, remain even after you close the browser and can have a lifespan ranging from a few days to several months.
We use session cookies whenever you log in to our site with your online user account. These cookies are required for the technical implementation of certain functions in our shop and only exist for the duration of your online session, i.e. until you close your browser.
We work with a few partner companies who support us in collecting and analyzing anonymized data (see II.3.). Therefore, when you visit our web pages, cookies from these partner companies are also stored on your computer. These third-party cookies are usually persistent cookies. At no time, however, are these cookies linked to your personal data, which you may have entered in another section of our website.
2.3. Legal basis
2.4. Disabling cookies
Most browsers are set to accept cookies automatically. If you do not wish to take advantage of the benefits of cookies, you can adjust the security or privacy settings in your browser to change the way cookies are handled. You can disable cookies, including third-party cookies, or adjust your browser so that it notifies you whenever cookies are sent. In addition, browsers allow you to delete individual cookies or all cookies even after you have accepted them. You can use the help function in most browsers to find out how to adjust the above settings.
Please note that if you disable cookies, you will not be able to use all of the functions of our website or those of other websites that you typically visit. If you block the storage of all cookies, you will no longer be able to access some of the features of our shop. Such features include the shopping cart and the complete order cycle.
We therefore recommend that you keep cookies enabled for our website.
3. Web tracking and advertising
We use the web tracking tool Google Analytics for analysis and marketing purposes and to improve our website and increase its appeal. We also use DoubleClick and Facebook Impressions for the targeted placement of adverts.
3.1. Google Analytics
We use the web tracking tool Google Analytics, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
We use the anonymization function of Google Analytics, which shortens the IP address to the last octet for IPv4 and to the last 80 bits for IPv6. A unique assignment of the IP address to a person cannot be made thanks to this anonymization.
Google uses information collected by Google Analytics to evaluate use of the website. Reports on website activity are compiled for us, enabling other services relating to website activity and Internet usage to be provided. Google may forward this information to third parties if required by law or if said parties process this data on Google’s behalf. For cases in which personal data is transmitted to the USA, Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US. The legal basis for the use of Google Analytics is Art. 6 (1) (1) (f) of GDPR. Because we have a legitimate interest in analyzing user behavior in order to optimize our web presence and our advertising, and thus provide you with a satisfactory offering.
You can disable the use and storage of cookies by Google by configuring your browser software accordingly or by clicking this link: https://tools.google.com/dlpage/gaoptout?hl=en and downloading the plug-in for deactivating Google Analytics. In addition, you can also prevent the collection of data by Google Analytics on our website by clicking the following link. An opt-out-cookie is set, preventing the future collection of your data when visiting this website: Click here to disable Google Analytics.
By using our website, you agree to the processing of the data collected about you by Google and to the aforementioned nature and purpose of such data processing. The legal basis for processing your data is Art. 6 (1) (1) (f) of GDPR. By using DoubleClick, we want to ensure that only advertising that reflects your actual or supposed interests is displayed. We endeavor to avoid burdening you with adverts that are of no interest to you for the benefit of all parties.
You can prevent the storage of cookies by making the relevant settings in your browser software (see section 2.4 above for more information).
You can also prevent Google from collecting and processing the data generated by the cookie relating to your use of the website by downloading and installing the browser plug-in available at https://support.google.com/ads/answer/7395996?hl=en.
3.3. Facebook Impressions
We use the function “Facebook Impressions”, provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
The legal basis for processing your data is Art. 6 (1) (1) (f) of GDPR. The legitimate interest follows from our interest in being able to measure the effectiveness and range of adverts placed by us and being able to display relevant adverts to you.
4. Social media plug-ins
Our Internet presence uses so-called social plug-ins (“plug-ins”) from various social networks. You can use these plug-ins, for example, to share content or recommend products to others.
The legal basis for using the plug-ins is Art. 6 (1) (1) (f) of GDPR. We provide plug-ins to improve our web presence and to make the online experience more interesting for you the user. This purpose also constitutes the legitimate interest required for Art. 6 (1) (f) of GDPR.
Here, we use the so-called two-click method. This means that the plug-ins are disabled by default on our web pages and no personal data is transferred to the respective provider. The plug-in only becomes active if you click the respective button.
If these plug-ins are activated, your browser will establish a direct connection to the servers of the respective social network as soon as you access a web page of our Internet site. The content of the plug-in – usually a button used to share content from our web pages on social networks – is transmitted from the social network to your browser, where it is incorporated into the website.
By embedding the plug-ins, the social network receives notification that you have accessed the corresponding page of our website. If you are logged in to the social network, such visits can be assigned to your account. If you interact with the plug-ins, for example, by clicking the “Like” button, the corresponding information is transmitted by your browser directly to the social network and saved there.
For more information about the purpose and scope of data collection, the further processing and use of information by social networks, the rights you have in this regard and the privacy options available to you, please refer to the privacy information of the respective networks or websites. The relevant links can be found below. We have no influence over collected data or data processing procedures; similarly, we do not know exactly what volume of data is collected, the purposes of the processing or for how long the data is stored. Likewise, we do not have any information about the deletion of collected data by the plug-in provider.
Even if you are not logged in to your social network account, websites with active social plug-ins can still transmit data to the networks. Active plug-ins set a cookie with an identifier every time the website is accessed. Since your browser sends this cookie without being requested to do so each time there is a connection to a network server, the network could in theory create a profile based on the websites called up by the assigned user. And it would then be perfectly possible to assign this identifier back to a person, for instance, when he/she logs in to the social network later on.
We use the following plug-ins on our web pages:
Twitter has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
III. Handling personal data when using the website in special cases
Personal data shall also be collected if you communicate such information to us on our website, in particular when placing orders, when opening an online user account, or when requesting or changing master data.
We primarily use personal data to process orders. This also includes the transmission of data, in the scope required for delivery, to the shipping company assigned by us to perform this task and the forwarding of payment details to our financial service providers assigned to process payments. In addition, we use personal data to provide information about orders, services and offers.
In order to purchase certain products available in our online shop, you need to have a user account with us. You can create such an account at any time by registering on our website. As part of the registration process, you give your consent to the collection, processing and use of your personal data.
Declaration of consent under data protection law
By submitting your declaration of consent when registering on www.shop2.valiryo.com, you voluntarily agree – subject to revocation at any time – that VALIRYO
may collect, process and use your personal data such as company name, title, first name, last name, date of birth, address, country, telephone number, email address, ID given by us, time of registration and your encrypted password for creating and providing your user account.
You are entitled to revoke the above declaration of consent for collecting, processing and using your data by simply sending a letter or email to Valiryo GmbH, Dietrich-Bonhoeffer-Ring 2, 64653 Lorsch, (Germany), tel: +49 6251 8616126, email: email@example.com). The personal data collected about you when you register and not required for the execution of the contractual relationship with us or for legal reasons will then be deleted in full. Please note that you may no longer be able to use our services, which are reserved for registered users, once your data has been deleted.
The legal basis for data processing is Art. 6 (1) (a) of GDPR. If you create your user account when placing an order, the legal basis here is Art. 6 (1) (b) of GDPR because registration is mandatory to complete a purchase via our website.
2. User account
Once you have registered with us (see section 1 above), you can manage your personal data, delivery and billing address, plus your orders and watch lists, in your user account.
We process the personal data that you voluntarily communicate to us exclusively for the purposes of enabling you to log in to your user account, to complete and fulfil/execute a contract with you, and for the purpose of managing your user account. In particular, we shall not use your data for promotional purposes.
The legal basis for this processing is Art. 6 (1) (b) of GDPR or Art. 6 (1) (a) of GDPR if you do not create your user account when placing an order.
3. Order processing
When you place an order with us, we collect, process and use the personal data that we require to process your order. Such data includes, in particular, your delivery/billing address and your payment details, i.e. bank or credit card details. Furthermore, we may request information about your creditworthiness in individual cases. We shall store your data and use it only for the purpose of processing your order.
In order to process your order, we also forward your data to companies assigned with the task of processing payments and delivering goods. These companies may only use your data for the purpose of fulfilling the contract concluded between you and us. Any use beyond this, in particular for promotional purposes, is not permitted. The legal basis for data processing is Art. 6 (1) (b) of GDPR or Art. 6 (1) (f) of GDPR provided that we receive credit information relating to your previous payment history. We have a legitimate interest in your previous payment history in order to evaluate whether we can offer a purchase on account option.
We offer payment via PayPal, among others, on our website. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (referred to hereinafter as “PayPal”).
The transmission of your data to PayPal and Klarna GmbH takes place on the basis of Art. 6 (1) (a) of GDPR and Art. 6 (1) (b) of GDPR. You can revoke your consent to data processing at any time. This does not affect the processing of data previously collected.
4. Contact forms
You can get in contact with us using the online form found on our website. The message entered in the contact form can only be sent if you have actively agreed beforehand to the collection and use of personal data specified by you for the purpose of processing your matter.
Declaration of consent under data protection law:
By submitting your declaration of consent when using the contact form, you voluntarily agree – subject to revocation at any time – that VALIRYO may collect, process and use your personal data such as first name, last name, telephone number, email address, including data that you entered in the message field plus the time the message was sent.
You are entitled to revoke the above declaration of consent for collecting, processing and using your data by simply sending a letter or email to Valiryo GmbH, Dietrich-Bonhoeffer-Ring 2, 64653 Lorsch, (Germany), tel: +49 6251 8616126, email: firstname.lastname@example.org). The personal data that you communicated to us via the contact form and not required for the execution of the contractual relationship with us or for legal reasons will then be deleted in full.
The legal basis for data processing is Art. 6 (1) (a) of GDPR.
We use the personal data transmitted in this context (e.g. name, address, email address) solely in relation to initiating contact with you. The data will be deleted as soon as it is no longer required for the purpose of its collection or for other purposes involved in its processing. For the data entered in the contact form, this is the case if the respective correspondence with you has concluded or it can be inferred from the circumstances that the matter is question has been resolved.
IV. Data transmission to third countries
Data may only be transmitted to countries outside the EU or EEA (so-called third countries) if necessary or required by law (fiscal reporting requirements) for the fulfilment of your purchase orders or service orders, if you have provided us with the appropriate consent or as part of commissioned data processing. If service providers in a third country are used, then they must adhere to the level of data protection in Europe in addition to the written directives under the agreement of the EU standard contractual clauses. When transmitting data to the USA, we work almost exclusively with companies that are obligated to respect and observe the principles of the privacy shield (i.e. recognition of minimum standards when handling personal data). Furthermore, to ensure an appropriate level of protection for data recipients, we use the latest version of the European Union’s model contracts for the transmission of data to non-EU countries.
Lorsch, April 2018