We are pleased that you are visiting the Zimmermann Brakes online shop and thank you for your interest in our products. In the following, we will inform you about the handling of your personal data when you use our online shop. Personal data are all data that allow you to be personally identified.
1.2 Person responsible (controller) for the data processing
The controller within the meaning of the General Data Protection Regulation (GDPR) responsible for data processing on this website is Otto Zimmermann Maschinen- und Apparatebau GmbH, Am Leitzelbach 8, D-74889 Sinsheim-Dühren.
The controller responsible for the processing of personal data is the natural or legal entity who, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.2.1 Statutory prescribed data protection officer
We have appointed a data protection officer for our company.
H. C. Huber
Data protection auditor, persCert (TÜV) Rheinland
67376 Harthausen, Germany
Please send all requests for information, information queries or objections to the data processing via postal mail to Otto Zimmermann Maschinen- und Apparatebau GmbH, Am Leitzelbach 8, D-74889 Sinsheim-Dühren, by Fax to +49 7261 94514 29 or by email to firstname.lastname@example.org.
Please note that for data protection reasons we are only permitted to provide information about your own data. For legitimisation, please include a copy of your ID or send us an attachment of your scanned ID. Please note, that we are obliged to document these requests and therefore your request data and information data will be stored.
You will receive information within 4 weeks after receipt of your request.
Should there be problems with regard to determining your identity, which means we are not permitted to provide any information in compliance with the data protection regulations, we will inform you about this and provide the reasons within 4 weeks after receipt of your request. Furthermore, you have the right to log a complaint with a competent supervisory authority or the right to apply to a court.
Information according to Articles 13 and 14 GDPR as well as all notices and measures according to Articles 15 to 22 and Article 34 GDPR are made available at no cost.
In case of manifestly unfounded or – in particular in case of frequent repetitions – excessive requests of a data subject, we can either
a. demand appropriate remuneration, which takes into account the administration fees for the information or communication or the performance of the requested measure, or
b. we can refuse to become active as a result of the request.
According to GDPR, we are obliged to provide proof of the manifestly unfounded or excessive character of the request.
This shop uses SSL and/or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible). You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser bar.
We draw your attention to the fact that data transmission over the internet (e.g. when communicating by email) may involve gaps in security. Complete protection of data against access by third parties is not possible with the current state of technology.
1.5 Data collection when you visit our shop
When you call up our shop, we collect the following data, which are technically necessary for us to display the shop and its basic functions or which your browser transfers to our server (“server log files”):
- Our shop that was visited
- Date and time of the access
- Volume of data sent, in bytes
- Source/link, from which you accessed the page
- Browser used
- Operating system used
- IP address used (in some cases: in anonymised form)
In addition, anonymised data are collected in order to process for example product recommendations (“Customers also bought”, “Customers also viewed” ...) and statistics in the backend.
Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our shop. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files at a later date if there are any concrete indications of illegal use.
1.5.1 Hosting and Content Delivery Networks (CDN)
This online shop is hosted by an external service provider (host). Personal data collected in this online shop are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, webpage access, and other data generated through a website.
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) lit. b GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 (1) lit. f GDPR).
Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
220.127.116.11 Conclusion of a contract data processing agreement
In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our host.
1.6.1 Cookies (Session, SLT, CSRF)
Our online shop sets cookies in the visitor’s browser in order to ensure the basic functions of the shop. These cookies enable, for example, the shopping cart contents, the login status and also the CSRF protection. Without permitting cookies in the browser, our online shop cannot be used.
Our websites and pages use what the industry refers to as “cookies”. Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently stored on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain stored on your device until you actively delete them or they are automatically deleted by your web browser.
In some cases, it is possible that third-party cookies are stored on your device once you enter our site (third-party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).
Cookies, which are required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g. for the shopping cart function) or those that are necessary for the optimisation of the website (e.g. cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6 Sect. 1 lit. f GDPR, unless a different legal basis is cited.
1.6.2 Cookie consent with Usercentrics
This online shop uses the cookie-consent technology of Usercentrics to obtain your consent for setting specific cookies on your device and to document these in compliance with data protection requirements. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, Website: https://usercentrics.com/de/ (hereinafter referred to as “Usercentrics”).
When you visit our website, the following personal data are transmitted to Usercentrics.
- Your consent(s) or revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- Point in time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser, in order for you to assign the consent granted or the revocation thereof. The data collected this way, are stored until you request us to delete them, you delete the Usercentrics cookie yourself of if the purpose of the data storage is no longer required. Mandatory statutory retention obligations remain unaffected.
Order processing contract
We have concluded a contract for order processing with Usercentrics. This is a contract required for compliance with data protection laws, that ensures that Usercentrics only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.
With the session cookies, our online shop decides whether the relevant user has an active shopping cart and whether the user is logged in. It also serves as identification between the browser and server. No other information than the session ID is stored in the browser. The dealing with sessions is controlled on the server side via PHP and is independent of our online shop.
Furthermore, our online shop creates an individual CSRF cookie when visiting the shop, to ensure that you can use the individual areas of the shop.
Upon returning to the shop, the SLT cookie makes it possible to access your previous selection, your shopping cart, despite the previous session having been closed.
If you add a product to a wish list, a cookie is also set for this.
In the local storage of the browser, also information about the “last viewed items” is stored.
1.7 Data collection when contacting us
When you contact us (e.g., via the contact form or email), personal data are collected. Which data are collected when using a contact form can be seen on the respective form. These data are stored and used exclusively for the purpose of responding to your request and establishing contact, and for the ensuing technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry pursuant to Art. 6 (1) lit. f GDPR. If the purpose of you contacting us is to conclude a contract, then an additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been conclusively clarified and if there are no legal retention obligations to the contrary, e.g. when concluding a contract.
1.8 Data processing when opening a customer account for the processing of contracts
According to Art. 6 (1) lit. b GDPR, personal data are continued to be collected and processed, if you communicate these to us to fulfil a contract or when opening a customer account. Which data is collected can be seen in the relevant input form. The customer account can be deleted at any time, by you or by us. If you would like us to delete your customer account, please send a message to email@example.com. We store and use the data you communicated to us for the processing of the contract. After the complete processing of the contract or deletion of your customer account, your personal data will be blocked, taking into account tax and commercially-based retention periods, after these periods they will be deleted if you have not explicitly agreed to further use of your data, or if the legally permitted further use of the data was reserved by us, of which we will inform you in the following.
1.9 Use of your data for direct advertising
1.9.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about the topics chosen by you. The only required information for sending you the newsletter is your email address. The disclosure of any other data is voluntary and is used to address you personally. To send the newsletter we make use of the legally required double opt-in process. This means that we will only send an email newsletter once you have explicitly approved the sending of newsletters by clicking on the confirmation link received in the first email. By clicking the confirmation link you give us your consent for the use of your personal data according to Art. 6 (1) lit. a GDPR. When you subscribe to the newsletter, we store the IP address entered by your internet service provider (ISP) as well as the date and time of the subscription, in order to be able to track any potential misuse of your email address at a later point in time. The data collected by us for the subscription to the newsletter, are exclusively used for the purpose of a promotional approach by means of the newsletter. You can unsubscribe from the newsletter at any time, using the relevant link in the newsletter or by sending us a message to this effect to firstname.lastname@example.org. Following the unsubscription, your email address is immediately deleted from our newsletter distribution list, insofar that you have not explicitly consented to a further use of your data or we have reserved the right to further use of the data that is legally permitted and about which we will inform you in this explanation.
1.9.2 Advertising by letter post
Based on our legitimate interest of personalised direct advertising, we reserve the right to store and use your first and last name, your postal address and - if we received this additional information within the framework of the contractual relationship from you - your title, academic degree, your date of birth and your occupational, industry or business designation according to Art. 6 (1) lit. f GDPR, for the purpose of sending you interesting offers and information about our products via letter post.
You can object to the storing and usage of your data for this purpose at any time by sending us a message to this effect to email@example.com. Your data will be deleted without delay.
1.10 Data processing for payment and order processing
We work with service providers for the processing of your order, who support us in full or partially in the fulfilment of concluded contracts. The necessary personal data are transferred to these service providers according to the following information.
The personal data collected by us are passed on within the framework of the contract processing to the freight forwarder tasked with the shipment, insofar that this is necessary for shipping the goods and communication. We will pass on your payment data within the framework of the payment processing to the appointed credit institute, insofar this is necessary for the payment processing. The legal basis for the transfer of the data is Art 6 (1) lit. b GDPR.
After complete fulfilment of the contract, your data are stored in compliance with the legal fiscal and commercial regulations and retention periods.
Our online shop makes use of Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer to help analyse how you use the website. The information generated by the cookie about your use of the website (including the shortened IP address) will generally be transmitted to a Google server in the USA and stored there.
This website uses Google Analytics exclusively with the extension “_anonymiseIp()”, which ensures an anonymisation of the IP address by shortening, and excludes direct identification of persons. With this extension your IP address will be truncated by Google within the area of Member States of the European Union or other contractual parties to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be first transferred to a Google server in the USA and truncated there. In these exceptional cases processing is performed in accordance with Art. 6 (1) lit. f GDPR, based on our legitimate interest in statistical analysis for optimisation and marketing purposes.
On our behalf, Google will use this information, to analyse your use of the website, compile reports on the website activities and to perform additional service provisions associated with the website use and internet use for us. The IP address transmitted by your browser as part of Google Analytics will not be combined with other data from Google.
Alternatively to the browser plug-in or in browsers on mobile devices, please click on the following link to set an opt-out cookie, which will prevent collection by Google Analytics within this website in the future (this opt-out cookie only functions in this browser and only for this domain, if you delete your cookies in this browser, you need to click on this link again): Disable Google Analytics
Google LLC, based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees adherence to the data protection standards applicable in the EU.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is performed using a user ID. You can disable the cross-device analysis of your usage in your customer account under “My data”, “personal data”.
We have concluded a contract with Google for order processing and fully apply the strict provisions of the German Data Protection authorities for the usage of Google Analytics.
1.13 Rights of the Data Subject
As demonstrated in 1.3, the applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) towards the data controller in terms of the processing of your personal data, of which we inform you below:
- Right of access pursuant to Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the purposes of the processing, the categories of the personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the envisaged storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing or objection to the processing, of a right to complain to a supervisory authority, about the source of your data, if these were not collected from you by us, the existence of automated decision-making including profiling and, if required, meaningful information about the logic involved and the extent to which you are concerned and the envisaged consequences of such processing, as well as your right to be informed of any safeguards which exist pursuant to Art. 46 GDPR in the event of the transfer of your data to third countries
- Right to rectification pursuant to Art. 16 GDPR: You have a right to immediate rectification of any inaccurate data concerning you and/or completion of any incomplete data concerning you stored by us
- Right to erasure pursuant to Art. 17 GDPR: You have the right to demand the erasure of your personal data if the requirements of Art. 17 (1) GDPR are met. This right does not, however, exist especially if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
- Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data for as long as the contested accuracy of your data is being verified, or if the processing is unlawful and you oppose the erasure of your data and instead request the restriction of their use, or if we are no longer in need of this data for the purposes of the processing but you require your data for the establishment, exercise or defence of legal claims, or if you have filed an objection on grounds relating to your particular situation, for as long as it is not yet clear whether our legitimate reasons prevail
- Right to information pursuant to Art. 19 GDPR: If you have exercised your right to have the data controller rectify or erase your personal data or restrict the processing, they shall be obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed of these recipients
- Right to data portability pursuant to Art. 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to demand their transfer to another controller, where technically feasible
- Right of withdrawal of consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal we will delete the relevant data without delay, unless further processing can take place on a legal basis which allows processing without consent. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal
- Right to complain pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you violates the GDPR, you have the right to complain to a supervisory authority, in particular in the member state where you reside or work or the place where the alleged violation occurred, without prejudice to any other administrative or judicial remedy
Insofar your personal data are being processed based on legitimate interests according to Art. 6 (1) (1) lit. f GDPR, you have the right, pursuant to Article 21 GDPR, to object against the processing of your personal data, insofar there are reasons which arise from your special situation or if the objection is related to direct advertising. In the latter case, you have a general right of objection, which is implemented by me without specification of the special situation.
If you would like to exert your right of revocation or objection, it is sufficient to send an email to: firstname.lastname@example.org
1.15 Right to complain to the supervisory authority
In case of data protection law violations the affected person has the right to complain to the competent supervisory authority. The competent supervisory authority for data protection law issues is the federal data protection commissioner of the federal state in which our company has its registered seat. A list of the data protection officers and their contact details can be viewed in this link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
1.16 Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective statutory retention period (e.g., commercial and tax law retention periods). Upon expiry of the period, the relevant data will be deleted, provided that they are no longer necessary for the fulfilment or initiation of the contract and/or there is no longer any legitimate interest on our part in further storage.
Version: November 2020