Privacy Statement

Below you will like to inform you about the data protection on our web pages as well as about kind, extent and purpose of the personal data collected, used and processed by us. Furthermore, we would like to inform you about your rights. Data protection is very important to us.

Responsible for data protection / processing is:

redfries, Daniela Rosenhammer, Stadtamhof 5, 93059 Regensburg, Telephone+49.941.2902994, Telefax +49.941.2902995, info@redfries.com

Section 1: Information about the collection of personal data

(1) In the following sections, we shall inform you about how we collect personal data when you use our website. Personal data is any data that can be used to refer to you personally, e.g. name, address, e-mail address, user behaviour.

(2) The controller pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is redfries, Daniela Rosenhammer, Stadtamhof 5, 93059 Regensburg, info@redfries.com (also see our imprint).

(3) When contacting us by e-mail or via the contact form, the data you share with us (your e-mail address, possibly also your name and telephone number) is saved by us in order to respond to your questions. We shall delete this data once its continued storage becomes unnecessary, or we shall restrict its processing if there are statutory retention obligations.

(4) In case we engage service providers for individual functions on our website, or in case we want to use your data for advertising purposes, we shall inform you about these procedures in more detail below. In doing so, we shall also specify the set criteria for the storage period.

Section 2: Your rights

(1) You may assert the following rights against us with respect to your personal data:

- Right to information,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object against processing, and
- Right to data portability.

(2) You also have the right to lodge a complaint with a data protection supervisory authority concerning the processing of your personal data by us.

Section 3: Collection of personal data when visiting our website

(1) When you use our website purely for informational purposes, i.e. if you don’t register or share any information with us, we will only collect personal data that your browser sends to our server. If you want to view our website, we collect the following data, which is required from a technical perspective, in order to display our website to you and to ensure stability and security (the legal basis is Article 6 (1) (1) point (f) of the GDPR):

- IP address
- Date and time of request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Volume of data transferred;
- Website originating the request
- Browser
- Operating system and its interface, and
- Language and version of the browser software.

(2) In addition to the data outlined above, cookies are also stored on your machine when you use our website. Cookies are small text files that are saved on your hard drive and assigned to the browser you use. Specific information is collected through the cookie by the party that placed the cookie on the machine (in this case, by us). Cookies cannot run any programs or transfer viruses onto your computer. They are used to make the website more user-friendly and effective overall.

(3) Use of cookies:
a) This website uses the following types of cookies, the scope and functionality of which is outlined below:

- Transient cookies (see b)
- Persistent cookies (see c)

b) Transient cookies are automatically deleted when you close your browser. This particularly includes session cookies. These save a ‘session ID’ which is used to assign various requests from your browser to the overall session. This makes it possible to recognise your machine when you visit our website again. Session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a set period, which can differ depending on the cookie. You can delete cookies in your browser’s security settings at any time.

d) You can configure your browser settings according to your wishes and, for example,  reject third-party cookies or all cookies. Please note that you may not be able to use all of this website’s functions in this case. We will not use these cookies on our website until you have given your consent for us to do so.

e) We use cookies so that we are able to identify you when you visit again, in case you have a user account with us. Otherwise, you would have to sign in again each time you visit us.

f) The flash cookies used are not collected by your browser, but by your flash plug-in. We also use HTML5 storage objects that are placed on your end device. These objects save the required data independently from the browser you use, and do not have an automatic expiration date. If you don’t want flash cookies processing data, you must install a corresponding add-on, e.g. ‘Better Privacy’ for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe Flash Killer Cookie for Google Chrome. You can prevent HTML5 storage objects from being used by setting your browser to private mode. We also recommend that you regularly manually delete your cookies and browser history.

Section 4 Use of our web shop

(1) If you want to place an order through our web shop, you are required to provide personal data for order processing, which is necessary to conclude a contract. Mandatory information required to process contracts is marked in a special way; other information is voluntary. We process the data you provide so that we can process your order. We may also pass on your payment details to our company’s bank. The legal basis for this is Article 6 (1) (1) point (b) of the GDPR.

You an voluntarily set up a customer account, which is used by us to save your data for later purchases. When setting up an account via ‘My account’, the data you provide will be stored, and this can be revoked by you. You can delete all other data, including that of your user account, in the customer area at any time.

We can also process the data you provide to inform you about interesting products from our range or to send you e-mails containing technical information.

(2) We are obligated to store your address, payment details and order data for a period of ten years under commercial law and tax law provisions. However, we restrict processing after [two years], i.e. your data is only used to comply with legal obligations.

(3) The order process is encrypted using TLS technology in order to prevent unauthorised third parties from accessing your personal data, with particular reference to financial data.

Section 5 External newsletter service

(1) You can subscribe to our newsletter, which we shall use to inform you about our current offers, by giving us your consent. For this, we use the services of The Rocket Science Group, LLC ‘MailChimp’ (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA). The service offers technical processing for newsletter mailing. MailChimp is aware of its responsibility to the recipients of such messages. If you have provided your consent as outlined below, redfries uses the preferences for newsletter content and design, collected using the pseudonym user profile, and merges your e-mail address with the user profile for the purposes of sending personalised newsletters.

(2) We use the ‘double opt-in’ process for newsletter subscription. This means, after subscription we shall send you an e-mail message on the e-mail address indicated, in which we ask you to confirm that you want to receive the newsletter. We also store the IP address used as well as the time of subscription and confirmation. The purpose of this process is to prove your registration and to be able to clarify any misuse of your personal data, where necessary.

(3) The only mandatory field for sending newsletters is your e-mail address. Once you have confirmed, we store your e-mail address for the purposes of sending you the newsletter. The legal basis is Article 6 (1) (1) point (f) of the GDPR.

(4) You can withdraw your consent to the sending of newsletters at any time and unsubscribe from the newsletter. You can withdraw by clicking on the link provided in each e-mail newsletter, by sending an e-mail to info@redfries.com, or by sending us a message to the contact details given in the imprint.

(5) Please note that when we send newsletters, your user behaviour is evaluated. In order to carry out these evaluations, the sent e-mails contain ‘web beacons’ or ‘tracking pixels’ that display one-pixel image files that are stored on our website. For the evaluations, we link the data outlined in Section 3 and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also have this ID.

(6) We create a user profile with the data obtained in this way to be able to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletter, what links you click on, and therefore deduce what your personal interests are. We link this data with your actions on our website in order to adjust our website to your requirements. The legal basis for this is Article 6 (1) (1) point (f) of the GDPR.

You can object to this tracking at any time by clicking on the separate link that is provided in every e-mail, or by informing us of this using another contact method. The information is stored for as long as you subscribe to the newsletter. After you unsubscribe, we only store data for purely statistical reasons and on an anonymous basis.

Such tracking is also not possible if you have deactivated images from being shown in your e-mail program as a default setting. In this case, you will not be shown the newsletter in full and you may not be able to use all functions. If you manually view images, the above-mentioned tracking takes place.

Section 6: Third-party services

We use third-party services on our website, for example plug-ins or APIs (Application Programming interface), in order to expand our website’s range of functions. In doing so, data may be sent to the providers of these services. Specifically, we use the following services:

  1. Data processing for order processing

To pay for our products, you may use the following payment service providers, that support us in executing concluded contracts either in whole or in part. Based on the information below, specific personal data is sent to these service providers.

As part of contract processing, the personal data collected by us is shared with shipping companies commissioned with delivery, if this is required for goods to be delivered. We share your payment data with the commissioned financial institution as part of payment processing, if this is required for payment processing. As long as payment service providers are used, we shall inform you about this explicitly below. The legal basis for sharing data is Article 6 (1) point (b) of the GDPR.

(1) Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - ‘Purchase on account’ or ‘Payment by instalments’ via PayPal, we shall share your payment details with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter ‘PayPal’), as part of payment processing. These details are shared in accordance with Article 6 (1) point (b) of the GDPR and only to the extent that they are required for payment processing.
PayPal reserves the right to carry out a creditworthiness check for the payment methods of credit card via PayPal, direct debit via PayPal or - if offered - ‘Purchase on account’ or ‘Payment by instalments’ via PayPal. Payment details may be shared with credit agencies to determine financial solvency, based on PayPal’s legitimate interests pursuant to Article 6 (1) point (f) of the GDPR. PayPal uses the outcome of the creditworthiness check, with respect to the statistical probability of non-payment, for the purposes of making a decision regarding whether or not to provide the respective payment methods. The creditworthiness report may contain probability values (so-called ‘score values’). If score values are used in the creditworthiness report, they are based on scientifically proven mathematical, statistical methods. Among other, address details are generally used to calculate score values, but not exclusively. You can find more information about data protection, including the credit agencies used, in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to the processing of this data at any time by sending a message to PayPal. However, PayPal is still entitled to process your personal data if this is required for contractual payment processing.

(2) Amazon aws
‘Amazon aws’, Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109, USA. You can find information about data protection at ‘amazon aws’ under the following link: https://aws.amazon.com/de/privacy/

The following information is sent to the server and saved there: Our web page visited by you, and the IP address of your end device. According to Amazon aws, the raw data collected is generally deleted again after 3 days at the latest. The legal basis for data processing with respect to services is Article 6 (1) (1) point (f) of the GDPR (Legitimate interest in data processing). The legitimate interest is based on our need to optimise the loading times of our website.

Updated: 05/2018