1. information on the collection of personal data and contact details of the person responsible
2. data collection when visiting our website
4. data processing for order processing
5. data processing when opening a customer account and for contract processing
7. comment function
8. use of your data for direct
advertising 9. contacting for evaluation reminder
10. web analysis
services 11. retargeting / remarketing / recommendation advertising
12. tools and others
13. rights of the person concerned
14. duration of storage of personal data
1. information on the collection of personal data and contact details of the person responsible
1.1. thank you for visiting our website. In the following we would like to inform you about how we handle your personal data when you use our website. Personal data are basically all data with which you can be personally identified.
1.2 The person responsible for the processing of data on our website within the meaning of the Basic Data Protection Regulation (DSGVO) is:
Harold's Lederwaren GmbH
Lämmerspieler Strasse 40-42
1.3 The person responsible has appointed the following data protection officer:
Lämmerspieler Strasse 40-42
63179 Obertshausen Germany
1.4. To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL or TSL) via HTTPS.
2. data acquisition when visiting our website
Every time you visit our website, our system automatically records data and information that your browser sends to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected:
• Our visited website
• Date and time of access
• Amount of data sent in bytes
• Source/reference from which you reached the site
• Operating system in use
• Used Browser
• IP address used (if applicable: in anonymised form
The legal basis for the processing is Art. 6 para. 1 letter f DSGVO due to our legitimate interest in improving the stability and maintaining the functionality of our website. The data will not be passed on or used in any other way. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
We reserve the right to subsequently check the server log files if there are concrete indications of illegal use. The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the respective session has ended.
In the case of storage of the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user.
Help on the settings can be found in the respective help menu of your browser under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647 Safari
: https://support.apple.com/de-de/guide/safari/sfri11471/mac Opera
: https://help.opera.com/en/latest/web-preferences/#cookies Some of
the cookies used here are deleted again after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.
4 Data processing for order processing
4.1 If you wish to order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. We process the data provided by you to process your order.
In some cases we work together with external service providers to process your order. For this purpose we have to pass on the personal data required for this purpose.
If we commission transport companies with the delivery of your goods, we pass on the data required for the delivery of the goods to the respective transport company. For the processing of payments, we will pass on your data to the commissioned credit institute as required. If we use payment service providers, you will also be informed about this in the following.
The legal basis for the transfer of your data is Art. 6 para. 1 lit. b DSGVO.
4.2 Passing on your personal data to shipping service providers
If the goods are delivered to you by the shipping service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery and as necessary in accordance with Art. 6 para. 1 lit. b DSGVO. Only if you have given your express consent during the ordering process will we pass on your e-mail address to DHL in accordance with Art. 6 Para. 1 lit. a DSGVO before the goods are delivered for the purpose of coordinating a delivery date or to announce delivery. Your consent can be revoked at any time with future effect vis-à-vis the above-mentioned responsible party or the transport service provider DHL.
If the goods are delivered to you by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany), we will only pass on the name of the recipient and the delivery address to DPD for the purpose of delivery and within the scope of what is required under Art. 6 Para. 1 lit. b DSGVO. Only if you have given your express consent during the ordering process do we pass on your e-mail address to DPD in accordance with Art. 6 Para. 1 letter a DSGVO before the goods are delivered, for the purpose of coordinating a delivery date or for the purpose of announcing delivery. Your consent can be revoked at any time with future effect vis-à-vis the above-mentioned responsible party or the transport service provider DPD.
If the goods are delivered to you by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany), we will only pass on the name of the recipient and the delivery address to UPS for the purpose of delivery and within the framework of the requirements of Art. 6 Para. 1 letter b DSGVO. Only if you have given your express consent during the ordering process do we pass on your e-mail address to UPS in accordance with Art. 6 Para. 1 lit. a DSGVO before delivery of the goods for the purpose of coordinating a delivery date or for the purpose of announcing delivery. Your consent can be revoked at any time with future effect vis-à-vis the person responsible as described above or vis-à-vis the transport service provider UPS.
4.3 Use of payment service providers
- Amazon Pay
When paying via "Amazon Pay", the payment is processed by Amazon Payments Europe s.c.a., 5 Rue Plaetis, L-2338 Luxembourg (hereinafter referred to as "Amazon Payments"). In accordance with Art. 6 para. 1 lit. b DSGVO, the seller passes on the information provided by the customer during the ordering process to Amazon Payments exclusively for the purpose of payment processing and only to the extent necessary. Further information about the data protection regulations of Amazon Payments can be found here: https://pay.amazon.com/de/help/201751600
If the payment method PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal is selected, the payment processing is carried out by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
We will pass on your personal data to PayPal in accordance with Art. 6 para. 1 lit. b DSGVO as necessary. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal.
For this purpose, your payment data may be passed on to credit agencies pursuant to Art. 6 para. 1 lit. f DSGVO due to PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit assessment with regard to the statistical probability of non-payment to decide on the provision of the respective payment method.
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered through the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provide during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b DSGVO. The passing on of your data takes place exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information on the data protection of Shopify Payments can be found at the following internet address: https:/
/www.shopify.com/legal/privacy Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
4.4. Google Pay
When selecting the payment method "Google Pay" (a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")), the payment processing is arranged via the "Google Pay" application of your Android (at least 4.4 "KitKat") operated mobile device with NFC function. The payment will be made using one of your payment cards deposited at Google Pay or a payment system verified there (e.g. PayPal). To unlock a payment via Google Pay of more than 25,- EUR, you must first unlock your mobile device. The information you provide when ordering is passed on to Google for the purpose of payment processing. Google generates a unique transaction number which is transmitted to the order website to verify the payment. This transaction number is simply a numeric token that does not contain any information about your details. The actual transaction is carried out between the user and the order website by debiting the payment method deposited with Google Pay. Personal data may be processed during the described procedures. In this case, the processing is carried out for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b DSGVO.
Further information, in particular information on how Google handles your data, can be found here:
If you select the payment method "Apple Pay" (a service provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), the payment will be processed via the "Apple Pay" function of your iOS, watchOS or macOS-operated terminal device by debiting a payment card you have deposited with "Apple Pay".
Your transaction is protected by the security functions of the hardware and software of your device. If a payment is to be approved, it must be released by entering a code and verified using the "Face ID" or "Touch ID" function of your terminal device.
The information you provide during the ordering process, together with the information about your order, will be passed on to Apple in encrypted form for the purpose of payment processing. This information will then be re-encrypted by Apple and then transmitted to the payment service provider of the payment card stored in Apple Pay for the purpose of processing the payment. This encryption ensures that only the website where the order was placed can access the payment information.
After the payment is made, Apple sends the device account number and a transaction-specific dynamic security code to the store website to confirm the payment.
Personal data may be processed in connection with the aforementioned curtains. In this case, this is done for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b DSGVO.
When using Apple Pay on the iPhone or the Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorisation device communicate via an encrypted channel on the Apple servers. Apple may process or store data in the process. However, this is done in a format that does not identify you personally.
Information on Apple Pay's data protection can be found here: https://support.apple.com/de-de/HT203027
5. Data processing when opening a customer account and for contract processing
When you open a customer account with us, personal data is collected and processed in accordance with Art. 6 para. 1 lit. b DGSVO. The scope of the data is shown in the input form. The data entered by you will be stored and used by us for contract processing.
You can delete your customer account at any time. This can be done by sending a message to the address of the person responsible or, if offered, directly in the customer account. In this case we will also block your data with regard to tax and commercial law retention periods and delete them after these periods have expired. This can only be opposed by your consent to permanent storage or legally permitted further use of your data on our part.
If you contact us via contact form, the data entered in the input mask will be transmitted to us and stored. The collected data can be taken from the respective input mask. When contacting us by e-mail, only the data you enter there will be transmitted to us.
The data will be used exclusively for processing the conversation and your request. The legal basis for the processing of the data is Art. 6 para. 1 lit. a) DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f) DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) DSGVO. The data will be deleted as soon as they are no longer required for the purpose of their collection and provided that there are no legal obligations to retain them. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified. The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.
7. comment function
If you use the comment function of our website, in addition to the content of your comment, information on the time of creation of the comment as well as the name of the commentator you have chosen will be stored and published on the website. In addition, your IP address is logged and stored.
The legal basis for the storage of your data is Art. 6 para. 1 lit.b and f DSGVO. The IP address is saved for security reasons and in the event that the person concerned violates the rights of third parties or publishes illegal content through a comment submitted. Your e-mail address is required in order to contact you in case a third party objects to your published content as illegal. We reserve the right to delete comments if they are objected to as illegal by third parties.
8. use of your data for direct advertising
On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. Only your email address is mandatory. If you make further voluntary entries, these will only be used for
for the newsletter, the data from the input mask is transmitted to us. Only your email address is mandatory. If you make further voluntary entries, these will only be used for personal contact.
The legal basis for the processing of your data after registration for the newsletter is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. We obtain this by sending you a confirmation e-mail after registering for the newsletter, which contains a confirmation link. When you click on this link, you also give your consent to receive the newsletter.
When sending the registration for the newsletter, we save your IP address as well as the date and time of registration. This storage serves the purpose of tracing a possible misuse of your e-mail address.
We use the data collected by us when you register for the newsletter exclusively for the purpose of sending the newsletter.
The subscription to the newsletter can be cancelled by you at any time. For this purpose there is a corresponding link in every newsletter. This also enables you to revoke your consent to the storage of personal data collected during the registration process.
8.2 Newsletter for existing
customers If you purchase goods or services on our website and enter your e-mail address, we may subsequently use this to send you a newsletter. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services.
The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 para. 3 UWG as well as Art. 6 para. 1 lit. f DSGVO. In this respect, data processing is carried out solely on the basis of our justified interest in personalised direct advertising.
If you have already objected to the use of your e-mail address for the purpose of direct advertising, you will not receive this newsletter. However, you also have the possibility of objecting to the use of your e-mail address for the purpose stated here at a later date and at any time. After receipt of your objection, the use of your e-mail address for advertising purposes will be immediately discontinued.
9. contacting us for a valuation reminder
Own valuation reminder
After your express consent pursuant to Art. 6 para. 1 lit. a DSGVO, you will receive an e-mail from us as a one-time reminder to submit a valuation of your order. You can revoke your consent at any time by sending a message to the person responsible for processing your data.
10. web analysis services
10.1 Google Universal Analytics
We use the web analysis service Google Analytics (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) for this website.
Google Analytics uses "cookies". These are text files which are stored on your computer and which enable an analysis of your use of the website.
The information thus generated about your use of this website (including the shortened IP address) is transferred to a Google server and stored there, whereby a transfer to the USA is possible.
We use Google Analytics with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and excludes a direct personal reference. Your IP address will therefore be shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. In exceptional cases, the full IP address is transferred to a Google server, including in the USA, and only shortened there. In these exceptional cases, this processing takes place in accordance with Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the statistical analysis of user behaviour for optimisation and marketing purposes.
On our behalf, Google uses this information to evaluate your use of the website, to create reports on website activities and to provide us with further services associated with the use of the website and the Internet. There is no consolidation of your IP address collected in this context with other data from Google.
You can prevent the storage of cookies by selecting the appropriate settings on your browser.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing
the following browser plugin: http://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, you can set an out-out cookie:
Disable Google Analytics This opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you have to click this link again.
In the case of data transfer to Google LLC based in the USA, Google LLC is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My Data", "Personal Data".
10.2. Shopify Analytics
We use the web analytics service of Shopify (Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).
The legal basis is Art. 6 para. 1 lit. f DSGVO.
Shopify does not associate your IP address with other Shopify data.
11. Retargeting / Remarketing / Referral Advertising
Facebook Custom Audience using the pixel method
On this website, we use the "Facebook pixel" of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").If explicit consent is given, this allows us to track the behaviour of users after they have seen or clicked on a Facebook advertisement. This process is used to evaluate the effectiveness of Facebook Ads for statistical and market research purposes and may help to optimize future advertising efforts. The data collected is anonymous to us, so we cannot draw any conclusions about the identity of users. However, data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Guidelines (https://www.facebook.com/about/privacy/).
12. Tools and Miscellaneous
Google Web Fonts
We use web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the uniform display of fonts.
When you visit our website, your browser will load the required web fonts into the browser cache.
To do this, your browser must connect to Google's servers, which will transmit your IP address to Google. In this case, your personal data may also be transferred to the servers of Google LLC. in the USA. Our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO lies in the uniform and attractive presentation of our online offers.
If your browser does not support web fonts, a standard font from your computer will be used.
In the event that personal data is transferred to Google LLC, USA, Google has certified itself for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
Details about Google Web Fonts can be found here:
/developers.google.com/fonts/faq and in Google
13. Rights of the data subject
13.1. The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the data controller with regard to the processing of your personal data, about which we inform you below:
- Right of information in accordance with Art. 15 DSGVO:
You may request confirmation from the data controller as to whether personal data concerning you are being processed by the data controller. In addition, you have the right to be informed about the purpose, the categories of personal data, the recipients, the planned duration of storage and about the existence of other rights such as correction of the data or the existence of a right of appeal to a supervisory authority, the origin of your data, if it was not collected by us, the existence of automated decision making including profiling and, if applicable, the right to request information about the processing of your data. the existence of an automated decision-making process, including profiling and, where applicable, meaningful information on the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed of the guarantees provided under Art. 46 DPA when your data is transferred to third countries;
- right of rectification under Art. 16 DPA:
you have the right to have incorrect data concerning you corrected without delay and/or to have your incomplete data stored by us completed; the correction or completion must be carried out without delay.
- Right to limit processing in accordance with Art. 18 DSGVO:
You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data which you dispute is checked, if you refuse to delete your data due to unlawful data processing and demand instead the restriction of the processing of your data, if you require your data for the assertion, exercise or defence of legal claims, after we no longer require these data after the purpose has been achieved, or if you have lodged an objection for reasons of your particular situation, as long as it has not yet been established whether our justified reasons outweigh the objection;
if the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. If the restriction on processing has been restricted, you will be informed by the controller before the restriction is lifted.
- Right of deletion pursuant to Art. 17 DPA:
You have the right to obtain the immediate deletion of your personal data as the conditions of Art. 17, para. 1 DPA are fulfilled. However, this right of erasure does not exist in particular - not conclusively - if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- right to be informed in accordance with Art. 19 DSGVO:
if you have exercised your right to rectification, erasure or limitation of processing, the controller is obliged to notify all recipients to whom your personal data have been disclosed of this rectification, erasure or limitation of processing, unless this is impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
- Right to data transferability pursuant to Art. 20 DPA:
you have the right to obtain your personal data communicated to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically possible;
- Right of revocation pursuant to Art. 7 para. 3 DPA:
you have the right to object at any time to the processing of personal data concerning you that is carried out pursuant to Art. 6 para. 1 letter e) or f) DPA; this also applies to profiling based on these provisions.
You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
- Right of appeal pursuant to Art. 77 DSGVO:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data concerning you is in breach of the DPA.
13.2 Right of objection
You have the right to object to the processing of your data at any time with effect for the future if we process your data on the basis of our overriding legitimate interest after weighing up the interests involved.
If you make use of this right of objection, we will stop processing your data unless there are demonstrably compelling reasons for termination worthy of protection or if the further processing serves the exercise or defence of legal claims.
14 Duration of the storage of personal data
The duration of the storage of personal data depends in each case on statutory retention periods. After these periods have expired, we routinely delete the data if they are no longer required for the fulfilment or initiation of the contract and/or if we have no legitimate interest in the further storage.