Privacy policy

introduction

With the following data protection declaration, we would like to explain to you which types of your personal data (hereinafter also referred to as "data") we process for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). ).

    Stand: 26. August 2019

    Table of Contents

    Responsible

    Kamil Arslan
    Azras Home
    Königstr.75
    44651 Herne

    Authorized Representatives: Kamil Arslan

    Email address: kundenservice@azrashome.com

    imprint:

      Overview of processing

      The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

      Types of data processed

      • Inventory data (e.g. names, addresses).

      • Content data (e.g. text input, photographs, videos).

      • Contact information (e.g. email, telephone numbers).

      • Meta/communication data (e.g. device information, IP addresses).

      • Usage data (e.g. websites visited, interest in content, access times).

      • Contract data (e.g. subject of the contract, term, customer category).

      • Payment data (e.g. bank details, invoices, payment history).

      Categories of data subjects

      • business and contractual partners.

      • Interested persons.

      • communication partner.

      • Customers.

      • Users (e.g. website visitors, users of online services).

      purposes of processing

      • Affiliate Tracking.

      • Provision of our online offer and user-friendliness.

      • office and organizational procedures.

      • Direct marketing (e.g. by email or post).

      • Contact Requests and Communication.

      • Remarketing.

      • Range measurement (e.g. access statistics, recognition of returning visitors).

      • Safety measures.

      • Tracking (e.g. interest/behavioral profiling, use of cookies).

      • Contractual Benefits and Service.

      • Management and response to inquiries.


      Relevant legal bases

      In the following we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the regulations of the GDPR, the national data protection regulations in your or our country of residence and domicile may apply.

      • Consent (Art. 6 Para. 1 S. 1 lit. to DSGVO) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.

      • Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) - The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures that are taken at the request of the data subject.

      • Legal obligation (Art. 6 para. 1 sentence 1 lit. c. DSGVO) - Processing is necessary for compliance with a legal obligation to which the controller is subject.

      • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO) - Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

      National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

        Safety measures

        We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

        The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, securing availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to data threats. Furthermore, we already take the protection of personal data into account during the development or Selection of hardware, software and processes according to the principle of data protection, through technology design and through data protection-friendly default settings.

        IP address truncation: If it is possible for us or it is not necessary to store the IP address, we will shorten your IP address or have it shortened. If the IP address is shortened, also referred to as "IP masking", the last octet, i.e. the last two digits of an IP address, is deleted (the IP address in this context is an Internet connection through the online access provider individually assigned identifier). The purpose of shortening the IP address is to prevent or make it much more difficult to identify a person based on their IP address.

        SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

        Transfer and Disclosure of Personal Data

        As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. The recipients of this data can include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements. Agreements that serve to protect your data with the recipients of your data.

        Data processing in third countries

        If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing within the framework of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies takes place, this is only done in accordance with the legal requirements.

        Subject to express consent or contractually or legally required transmission, we only process or allow the data to pass in third countries with a recognized level of data protection, which includes US processors certified under the "Privacy Shield", or on the basis of special guarantees, such as contractual obligations so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

        Use of cookies

        "Cookies" are small files that are stored on users' devices. Different information can be stored by means of cookies. The information can include, for example, the language settings on a website, the login status, a shopping cart or the place where a video was watched.

        As a rule, cookies are also used if the interests of a user or his behavior (e.g. viewing certain content, using functions, etc.) stored on individual websites in a user profile. Such profiles are used to show users, for example, content that corresponds to their potential interests. This process is also referred to as "tracking", i.e. tracking the potential interests of users. The term cookies also includes other technologies that fulfill the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also referred to as "user IDs").

        If we use cookies or "tracking" technologies, we will inform you separately in our data protection declaration.

        Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offer and its improvement) or if the use of cookies is necessary to fulfill our contractual obligations.

        Revocation and objection (opt-out): Regardless of whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out").

        You can initially declare your objection using the settings in your browser, e.g. by deactivating the use of cookies (which can also limit the functionality of our online offer).

        An objection to the use of cookies for online marketing purposes can be raised using a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/or the EU side http://www.youronlinechoices.com/ or in general http://optout.aboutads.info be explained.

        • Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

        • Affected people: Users (e.g. website visitors, users of online services).

        • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. DSGVO).

        Commercial and Business Services

        We process the data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the framework of contractual and comparable legal relationships and related measures and within the framework of communication with the contractual partners (or pre-contractual), e.g respond.

        We process this data to fulfill our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with this information and the corporate organization. We only pass on the data of the contractual partners to third parties within the framework of the applicable law to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations or with the consent of the contractual partners (e.g. to telecommunications, transport and other auxiliary services involved as well as subcontractors , banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.

        We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special markings (e.g. colours) or Symbols (e.g. asterisks or similar), or personally with.

        We delete the data after the expiry of statutory warranty and comparable obligations, i.e., in principle after 4 years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal archiving reasons (e.g. for tax purposes usually 10 years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications of the order, generally after the end of the order.

        Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

        Store and eCommerce: We process the data of our customers to enable them to select, purchase or the ordering of the selected products, goods and related services, as well as their payment and delivery, or to enable execution.

        The required information is as such in the context of the order or comparable acquisition process and include the delivery or Provision and billing required information and contact information in order to be able to hold any consultation.

        • Types of data processed: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject of the contract, term, customer category), usage data (e.g. websites visited, interest in content, access times) , meta/communication data (e.g. device information, IP addresses).

        • Affected people: Interested parties, business and contractual partners, customers.

        • Purposes of processing: Contractual performance and service, contact requests and communication, office and organizational procedures, management and response to requests, security measures.

        • Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. DSGVO), legal obligation (Art. 6 Para. 1 S. 1 lit. c. DSGVO), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. DSGVO).

        Use of online marketplaces for e-commerce

        We offer our services on online platforms operated by other service providers. In this context, the data protection notices of the respective platforms apply in addition to our data protection notices. This applies in particular with regard to the methods used on the platforms for measuring reach and for interest-based marketing.

        • Types of data processed: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject of the contract, term, customer category), usage data (e.g. websites visited, interest in content, access times) , meta/communication data (e.g. device information, IP addresses).

        • Affected people: Customers.

        • Purposes of processing: Contractual Benefits and Service.

        • Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. DSGVO), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. DSGVO).

        Services and service providers used:

        data subject rights

        As a data subject, you have the following rights:
        • pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified there;
        • pursuant to Art. 16 GDPR, the right to demand immediate correction of incorrect or completion of your personal data stored by us;
        • in accordance with Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing

        - to exercise the right to freedom of expression and information;
        - to fulfill a legal obligation;
        - for reasons of public interest or
        - to assert, exercise or defend legal claims
        is required;
        • pursuant to Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as
        - the accuracy of the data is contested by you;
        - the processing is unlawful but you oppose its erasure;
        - we no longer need the data, but you need them to assert, exercise or defend legal claims, or
        - You have lodged an objection to the processing in accordance with Art. 21 GDPR;
        • pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible party;
        • according to Art. 77 GDPR the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.

        payment service provider

        As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively "payment service providers").

        The data processed by the payment service provider includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, only information with confirmation or negative information about the payment. Under certain circumstances, the payment service provider may transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. For this we refer to the terms and conditions and the data protection information of the payment service provider.

        The terms and conditions and the data protection information of the respective payment service provider apply to the payment transactions, which can be found within the respective websites or Transaction applications are available. We also refer to this for the purpose of further information and the assertion of revocation, information and other data subject rights.

        • Types of data processed: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information , IP addresses), contact details (e.g. e-mail, telephone numbers).

        • Affected people: customers, prospects.

        • Purposes of processing: Contractual benefits and service, contact requests and communication, affiliate tracking.

        • Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. DSGVO), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. DSGVO).

        Services and service providers used:

        Provision of the online offer and web hosting

        In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

        The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer that arises in the course of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or on websites.

        Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The address and name of the retrieved websites and files, date and time of retrieval, amounts of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong.

        The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and stability.

        • Types of data processed: Content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

        • Affected people: Users (e.g. website visitors, users of online services).

        • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

        Newsletter and mass communication

        We send newsletters, e-mails and other electronic notifications (hereinafter "newsletters") only with the consent of the recipient or legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the consent of the user. Our newsletter also contains information about our services and us.

        In order to register for our newsletters, it is generally sufficient if you enter your e-mail address. However, we may ask you to provide a name so that we can address you personally in the newsletter, or other information if this is necessary for the purposes of the newsletter.

        Double opt-in procedure: The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else's e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

        Deletion and restriction of processing: We can store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blocking list (so-called "blacklist") solely for this purpose.

        The registration process is logged on the basis of our legitimate interests for the purpose of proving that it was carried out properly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

        Notes on legal bases: The newsletter is sent on the basis of the consent of the recipient or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of advertising for existing customers. If we commission a service provider to send emails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to demonstrate that it has been carried out in accordance with the law.

        content:

        Information about us, our services, promotions and offers.

        • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses).

        • Affected people: communication partner.

        • Purposes of processing: Direct marketing (e.g. by email or post).

        • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. DSGVO).

        • Possibility to object (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably e-mail.

        Presences in social networks

        We maintain online presences within social networks in order to communicate with the users active there or to offer information about us there.

        We would like to point out that user data can be processed outside of the European Union. This can result in risks for users, for example because it could make it more difficult to enforce user rights. With regard to US providers who are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they undertake to comply with the data protection standards of the EU.

        Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of usage behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

        For a detailed description of the respective forms of processing and the possibility of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

        Also in the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.

        • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information , IP addresses).

        • Affected people: Users (e.g. website visitors, users of online services).

        • Purposes of processing: Contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, range measurement (e.g. access statistics, recognition of returning visitors).

        • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

        Services and service providers used:

        Plugins and embedded functions and content

        We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This can be, for example, graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as "content").

        The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content or functions. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and the operating system, websites to be referred to, the time of the visit and other information on the use of our online offer and can also be linked to such information from other sources.

        Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

        • Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

        • Affected people: Users (e.g. website visitors, users of online services).

        • Purposes of processing: Provision of our online offer and user-friendliness, contractual services and service.

        • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

        Services and service providers used:

        • Google Fonts: We integrate the fonts (\"Google Fonts\") from the provider Google, whereby the user data is used solely for the purpose of displaying the fonts in the user's browser. The integration takes place on the basis of our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform representation and taking into account possible licensing restrictions for their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; site: https://fonts.google.com/; Data protection: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active.

        deletion of data

        The data processed by us will be deleted in accordance with the legal requirements as soon as your consent to processing is revoked or other permissions are no longer applicable (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose).

        If the data is not deleted because it is required for other, legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

        Further information on the deletion of personal data can also be provided in the context of the individual data protection information in this data protection declaration.

          Change and update of the privacy policy

          We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your participation (e.g. consent) or other individual notification.