We attach great importance to data protection. The collection and processing of your personal data is carried out in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you the above-mentioned website. This policy describes how and for which purposes your data is collected and used and the choices you have in connection with personal data.
1. Data controller
The body responsible for the collection, processing and use of your personal data under the terms of the GDPR is:
8com GmbH & Co. KG
67433 Neustadt/Weinstrasse, Germany
Phone: +49 6321 / 484 46 0
Fax: +49 6321 / 484 46 29
The data protection officer of the data controller can be contacted at:
8com GmbH & Co. KG
67433 Neustadt/Weinstrasse, Germany
Phone: +49 6321 / 484 46 2021
2. Collection, storage and use of personal data
a) Access data
We collect information about you when you use this website. We automatically collect information about your user behavior and your interaction with us and register data about your computer or mobile device. We collect, store and use data about every access to our online service (so-called server log files). The access data includes your IP address, name and URL of the accessed file, the date and time of the request, the requesting provider, time zone difference to Greenwich Mean Time (GMT), accessed sites, notification of successful access (HTTP response code), the amount of transferred data, referrer URL (i.e. the site previously visited), your operating system, your browser and its language and version number.
We use this log data without attribution to you personally or other profiling for statistical analysis for the purpose of the operation, security and optimization of our online service, but also for the anonymous recording of the amount of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks we receive from our partners. Based on this information, we can provide personalized and location-based content and analyze traffic, troubleshoot and correct errors and improve our services. We reserve the right to check the log data retrospectively if there is a justified suspicion of illegal use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or if it is necessary for the provision of a service or the invoicing of a service, e.g. if you use one of our offers. After cancellation of the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also save IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website.
b) When communicating (email and contact form)
When you contact us by email or via a contact form, the data you provide (your email address, your name and telephone number if applicable) will be stored by us to answer your questions. We delete the data arising in this connection after storage is no longer necessary or restrict processing if there are legal storage obligations.
3. Legal basis and storage period
The legal basis for data processing in accordance with the above sections is article 6 section 1 letter f GDPR. Our interests in data processing are, in particular, to ensure the operation and security of the website, to analyze the way in which visitors use the website, and to improve the usability of the website. Unless specifically stated, we only store personal data for as long as this is necessary to fulfil the intended purposes.
4. Transfer to third parties
As a matter of principle, we only use your personal data within our organization.
If and insofar as we involve third parties in the fulfilment of contracts (e.g. logistics service providers), they will only receive personal data to the extent that the transmission is necessary for the corresponding service. In the event that we outsource certain parts of the data processing, we contractually oblige processors to use personal data only in accordance with the requirements of the data protection laws and to ensure the protection of the rights of the data subject.
Data transfer to bodies or individuals outside the EU does not take place and is not planned.
Information stored in cookies is always related to the specific end device being used. This does not mean, however, that we obtain direct knowledge of your identity.
The data processed through cookies is required for the above-mentioned purposes to protect our legitimate interests and those of third parties in accordance with article 6 section 1 letter f GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website.
6. Rights of data subjects
Under applicable laws, you have various rights regarding your personal information. If you wish to exercise these rights, please send your request by email or by post, clearly identifying yourself, to the address mentioned in section 1.
Below you will find an overview of your rights.
6.1 Right to information
You have the right to obtain confirmation from us at any time as to whether your personal data is being processed. If this is the case, you have the right to request information free of charge from us about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to receive the following information:
- the processing purposes;
- the categories of processed personal data;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
- if possible, the intended duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
- the existence of a right of rectification or deletion of your personal data or a right to object to their processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from you, all available information on the origin of the data;
- the existence of automated decision-making, including profiling, in accordance with article 22 paragraphs 1 and 4 GDPR, and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on you.
- If personal data are transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to article 46 GDPR in connection with the transfer.
6.2 Right to rectification
You have the right to ask us to rectify incorrect personal data concerning you without delay. Taking into account the purposes, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
6.3 Right to deletion
You have the right to ask us to delete any of your personal data immediately and we are obliged to delete personal data promptly if one of the following conditions applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
- you revoke your consent on which the processing was based pursuant to article 6 section 1 letter a or article 9 section 2 letter a GDPR and there is no other legal basis for the processing.
- you object to the processing pursuant to article 21 section 1 GDPR and there are no legitimate overriding reasons for the processing, or you object to the processing pursuant to article 21 section 2 GDPR.
- the personal data were processed unlawfully.
- the deletion of personal data is necessary to fulfil a legal obligation under European Union law or the law of the member states to which we are subject.
- the personal data were collected in relation to information society services offered in accordance with article 8 paragraph 1 GDPR.
- If we have made the personal data public and are under a duty to delete it, we shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to such personal data or to make copies or replications of them.
6.4 Right to restriction of processing
You have the right to demand that we restrict processing if one of the following conditions is met:
- the accuracy of the personal data is disputed by you, for a period of time that allows us to verify the accuracy of the personal data.
- the processing is unlawful and you object to the deletion of personal data. Instead, you demand the restriction of the use of the personal data.
- we no longer need the personal data for the purposes of processing, but you do need the data to assert, exercise or defend legal claims.
- you have objected to the processing in accordance with article 21 section 1 GDPR, as long as it is not yet clear whether the legitimate reasons of our organization outweigh yours.
6.5 Right to data portability
You have the right to receive your personal data that you have provided to us in a structured, common, machine-readable format and you have the right to transfer such data to another controller without hindrance from us, provided that
- the processing is based on consent pursuant to article 6 section 1 letter a GDPR or article 9 section 2 letter a GDPR or on a contract pursuant to article 6 section 1 letter b GDPR and
- the processing is carried out using automated procedures.
When exercising your right to data portability in accordance with section 1, you have the right to request that the personal data be directly transferred by us to another controller, insofar as this is technically feasible.
6.6 Automated decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner.
6.7 Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time.
6.8 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data is unlawful.
7. Right to object
If your personal data are processed on the basis of legitimate interests in accordance with article 6 section 1 letter f GDPR, you have the right to object to the processing of your personal data in accordance with article 21 GDPR if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation.
If you wish to make use of your right of withdrawal or objection, an email to firstname.lastname@example.org is sufficient.
8. Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data will be transmitted in encrypted form. This applies to your orders and also to the client log-in. We use the SSL (secure socket layer) coding system, but we would like to point out that data transmission on the internet (e.g. when communicating by email) can have vulnerabilities. A complete protection of data against access by third parties is not possible. To protect your data, we maintain technical and organizational security measures which we constantly adapt to the state of the art.
Furthermore, we do not guarantee that our service will be available at certain times; disturbances, interruptions or downtimes cannot be excluded. The servers used by us are regularly and carefully backed up.
9. Automated decision-making
There is no automated decision-making process based on the personal data collected.