The controller responsible for data processing is SoulAr GmbH & Co. KG, Alfred-Nobel-Str. 6, 97080 Wuerzburg, Germany.
2. Contact details of the data protection officer
The external company privacy protection officer is Dr. Carlo Piltz, Piltz Legal, Piltz Rechtsanwälte PartGmbB, Mozartstr. 16, 12247 Berlin, Tel: +49 (0)30 814 53 50 00.
3. Purpose, duration and legal bases for data processing
Your personal data are processed on the basis of your consent (Art. 6 para. 1 p. 1 lit. a) GDPR) for the purpose of subscribing to the newsletter. If you send us your personal data by e-mail when you contact us, we will process your personal data to process your requests, to contact you and possibly also to execute pre-contractual measures or to fulfil a contract (Art. 6 para. 1 p. 1 lit. b) GDPR). If required, the processing of your data will extend beyond the actual fulfilment of the contract to include the safeguarding of our legitimate interests or those of third parties as follows: The review and optimisation of processes for needs analysis and direct contact, advertising or market and opinion research, provided you have not objected to the use of your data, the assertion of legal claims and defence in the event of legal disputes, to guarantee IT security and IT operation, the facilitation of various different payment methods for your online order(s), to guarantee the operation of our website, the use of social media functions and measures for business management and the further development of services and products (Art. 6 para. 1 p. 1 lit. f) GDPR).
We are also subject to various retention and documentation obligations and may also be legally obliged to share personal data to authorities (Art. 6 para. 1 p. 1 lit. c) GDPR).
The following table provides an insight into the most important retention periods:
Data are transferred to third countries (states outside the EU and the European Economic Area - EEA) only if to do so is required to execute contracts concluded with you or by law, or if you have given us your consent to do so. We will provide details to you separately, if required by law.
4. Processing of customer data
4.1 Orders
SoulAr processes the following customer data: customer name, address, telephone number, email address, information on the content of an order, IP address , any information pertaining to a different delivery address and information on the desired payment type. The data is processed in Germany. The personal data listed above is processed and used for the purpose of managing the relevant contractual relationship. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b) GDPR. We also reserve the right to, at appropriate intervals, send you direct mail advertisements for the offers in our online shop. No other use is made of your personal data. In particular, we do not pass on any data to third parties unless it is for the purpose of sending the ordered goods. You can, at any time, object to your name and address being used for mail advertising purposes (see above). Simply send an email to datenschutz@soular.de.
4.2 Registration as a specialist retailer (new customer form)
You have the option to register as a specialist retailer with SoulAr, so that SoulAr can then create a customer account for you in our shop on the website. We do this
so that you can use our services, in particular so that you can see our up-to-date prices;
to manage your user data and settings and
for the inspection of invoices and outstanding arrear
For a detailed breakdown of the minimum data which are processed, please refer to the page with the new customer form (https://www.soular.de/registerFC/index/sValidation/3H). The purpose of the procedure is to validate your registration and, if necessary, to clear up any misuse of your personal data.
The legal basis for the data processing is Article 6 (1)(1)(b) GDPR.
As Section 1 (9)(11)(1)(1) MLA obliges us to identify contracting parties before establishing a business relationship or carrying out a transaction, we will process a copy of the applicant's identity card in the context of new customer registration for the purpose of combating money laundering, Section 58 MLA. The copy will not be processed for any other purpose. In accordance with Section 8 (4)(1) and (3) MLA, this copy of the ID will in principle be kept for five years after the termination of our business relationship and subsequently destroyed, unless other statutory retention provisions require us to keep it for longer, Section 8 (4)(2) MLA.
The legal basis for this data processing is Article 6(1)(c) GDPR in conjunction with Section 1 (9)(11)(1)(1) MLA.
4.3 Processing of personal data in the context of payment
"Payment in advance (bank transfer)" payment type, "Purchase on account" payment type
If you are given the option of "Payment in advance (bank transfer)", "Purchase on account" during your order, SoulAr alone processes the personal data which you entered during the ordering process in order to carry out the contractual relationship with you.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b) GDPR.
SoulAr is co-insured under the terms of a merchandise insurance contract.Specialist services of the insurer (credit insurance, factoring, risk assessment and collection) are drawn upon within the framework of this contract. Insofar as SoulAr makes use of the described services, personal data concerning the unfulfilled contract will be transmitted to Coface. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f) of GDPR. Our legitimate interest exists in the sense that we protect ourselves from payment defaults and assert our rights and would like to assert claims.
5. Processing of personal data
5.1 Logfiles
However, when the SoulAr website is accessed, the following data is automatically logged by the web server:
IP address of the requesting PC;
Date and time of the request;
Access method/function requested by the requesting PC;
Entry values (e.g. file name) requested by the requesting PC;
Web server access status (file transferred, file not found, command not executed etc.);
Name of the requested file and
URL from which the file was requested/the desired function was released.
This information is used exclusively for the purpose of identifying and tracing unauthorised accesses to the web server and other criminal acts. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests are the assurance of IT security as well as the assurance of the operation of our Internet presence.
5.2 Cookies
This website uses the following types of cookie, the scope and functionality of which is outlined below:
Transient cookies
Persistent cookies
Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. These save a 'session ID', which is used to assign various requests from your browser to the overall session. This allows us to recognise your computer when you revisit our website. Session cookies are deleted when you sign out or close the browser.
Persistent cookies are automatically deleted after a set period of time that can differ depending on the cookie. You can delete cookies in your browser's security settings at any time.
You can configure your browser settings as you wish and, for example, reject third-party cookies or all cookies. Please note that you may then be unable to use all the functions of this website.
We use cookies to identify repeat visits if you have an account with us. Otherwise, you will have to sign in again every time you visit us. In accordance with Art. 6 para. 1 p. 1 lit. f) GDPR, the data processing is justified by our legitimate interest in our website being designed in a user-friendly manner.
5.3 Google Analytics
If you have given your consent, we use the web analysis service Google Analytics of Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland ("Google") on our website. The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse the activities of a user across devices. Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you. The analysis by Google Analytics enables us to analyse the use of our website in order to compile reports on website activity and to make our website even more convenient and secure for you. In addition, we can further improve our website offer for you on the basis of visits and statistical analyses. The legal basis for placing and accessing Google Analytics cookies set on your device is § 25 para. 1 sentence 1 of the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG). With regard to the processing of personal data in the context of the use of Google Analytics, the legal basis is Art. 6 para. 1 P. 1 lit. a) GDPR.
Insofar as personal data is transferred to Google's servers in the USA and stored and further processed there, we have concluded the standard data protection clauses with Google adopted by the EU Commission, which allow the transfer of personal data to the USA in individual cases. The data processed by you through Google Analytics can be viewed by us for 2 months. The data processed by you through Universal Analytics can be viewed by us for 14 months. You can revoke your consent at any time with effect for the future by preventing the storage of cookies by setting your browser software accordingly or by revoking the consent you gave when you first visited our website for the processing of data by Google Analytics. You can do this by revoking your consent in our Consent Manager. The provision of your data is voluntary. Of course, you can also view our website without cookies. In general, you can deactivate the use of cookies at any time via your browser settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.
You will find a contact form on SoulAr's website. The data you enter there will be stored for the purpose of individual communication with you, and the data processing is justified, in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR, by our desire to offer you a simple contact option. Your data will also be stored for the purpose of answering your request, as well as for possible follow-up questions.
If you contact us in order to request a quote, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. b) GDPR.
5.5 Facebook fan page
SSoulAr operates a so-called fan page on Facebook. These are websites that are offered on the Facebook platform to present SoulAr as a company and to get in touch with customers and interested parties, for example.
5.5.1 Shared responsibility with Facebook
Together with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, we are responsible for processing so-called Insights Data when you visit our fan page. With the information provided below, we meet our duty to inform under Art. 13 GDPR within the framework of shared responsibility. When you visit our fan page, personal data will be processed by Facebook, inter alia in the form of your IP address and other information that exists in the form of cookies on your PC. This applies to both visitors who have a Facebook account and those who are not registered on Facebook. This information is used to provide SoulAr – as the operator of the Facebook fan page – with statistical information on using the Facebook page. You can learn precisely which data are processed on "Information about Page Insights data" provided by Facebook: https://www.facebook.com/legal/terms/informationaboutpageinsightsdataPlease also inform yourself in general about how data is handled by Facebook in the privacy policy of Facebook:https://www.facebook.com/about/privacy
The results of this processing are provided to us, as the fan page operator, and then through Facebook in an aggregated, statistical and anonymous form of user statistics. We do not have access to the data processed by Facebook. Facebook provides more information about Insights under the following link:Â https://www.facebook.com/help/pages/insights.
Facebook describes which data it processes for more of its own purposes in its Data Policy, available under the following link:https://www.facebook.com/about/privacy.
There, you will also find information about options for contacting Facebook as well as the settings options for advertisements. Facebook remains solely responsible for the processing of such personal information in relation to visits to fan pages that are not under shared responsibility.
If you are currently logged in as a user on Facebook, there is a cookie with your Facebook ID on your device. This enables Facebook to see that you visited our fan page and how you used it. This also applies to all other Facebook pages. To avoid this, you should log out of Facebook or disable the "stay signed in" feature, delete the cookies present on your device, then exit and restart your browser.
Please note that data from the survey phase will also be passed on to locations in the USA and thus outside the territory of the European Union. No adequacy decision has been made by the European Commission for the USA itself. However, Facebook is a participant in the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If you wish to exercise your interest in tort (for what these are, see below under point 6) in line with GDPR, we point out that we cannot fully fulfil these rights in case of doubt. It would therefore be more effective for you to contact Facebook directly. Information about your rights regarding page insights is provided by Facebook here:Â https://www.facebook.com/legal/terms/information_about_page_insights_data.
With regard to page insights and joint responsibility with Facebook, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. Information on how to exercise your right to object can be found here:Â https://www.facebook.com/legal/terms/information_about_page_insights_data.
If you still need help, feel free to contact us. We will forward your request to Facebook, insofar as it relates to Insights Data.
Processing the visitor's personal data enables the provision of the fan page as well as the statistical evaluation of how our fan page is used. This evaluation is performed for us anonymously. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f) of GDPR. Our legitimate interests regarding the collection of personal data when visiting the fan page and the production of statistical evaluations are: Communication and interaction with interested parties and customers; Dissemination of information about our company; Anonymized evaluation and presentation of the use of the fan page.
5.5.2 Our sole responsibility
SoulAr also processes the data from your use of the fan page that you voluntarily provide (in a comment, for example) for the purpose of answering your inquiries, communicating with you and publishing information regarding the content offered on the fan page or from SoulAr. The legal bases for processing are Art. 6 para. 1 p. 1 lit. b) and f) of GDPR. The legitimate interest lies in the effective information of users, customers and interested parties and communication with these persons.
You are welcome to contact us as long as it regards the data processed by us on our own account, and assert the rights to which you are entitled as our data subject. However, if these refer to processing that is purely in the area of responsibility of Facebook, we point out in advance that our options with regards exercising your rights are limited to referring you to the appropriate places of Facebook.
5.6 Instagram Profile
Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland ("Facebook") uses the technical platform and the services of Facebook Ireland Ltd. for the information service offered here. Instagram is a part of Facebook.
We would like to point out that you use this Instagram profile and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also find the information offered via this page on our Internet offer at https://www.soular.de retrieve. Facebook collects your IP address and other information that is stored on your PC in the form of cookies when you visit our Instagram profile.
5.6.1 Joint controllership with Facebook
Instagram uses this information to provide us, as the operator of the Instagram profile, with statistical information about the use of the Instagram profile. Facebook provides more detailed information on this at the following link: https://help.instagram.com/1533933820244654.
The data collected about you in this context will be processed by Facebook and, if necessary, transferred to countries outside the European Union. Facebook describes in general terms which information Facebook receives and how it is used in its data usage guidelines. There, you will also find information about options for contacting Facebook as well as the settings options for advertisements. The data usage guidelines are available at the following link: https://help.instagram.com/519522125107875.
Facebook does not conclusively and clearly state how the data from visiting Instagram profiles is used for its own purposes, to what extent activities on the Instagram profile are assigned to individual users, how long Facebook stores this data, and whether data from a visit to the Facebook page is passed on to third parties, nor is this known to us. When you access an Instagram profile, the IP address assigned to your device is transmitted to Facebook. According to information from Facebook, this IP address is anonymised (for "German" IP addresses). Facebook also stores information about its users' devices (e.g. as part of the "Login notification" function); in this way, Facebook may thus be able to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, a cookie with your Instagram ID will be stored on your device. This enables Facebook to understand that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook Instagram Facebook buttons integrated into websites make it possible for Facebook to record your visits to these websites and assign them to your Instagram profile. Based on this data, content or advertising can be offered tailored to you.
To avoid this, you should log out of Facebook or disable the "stay signed in" feature, delete the cookies present on your device, then exit and restart your browser. In this way, Facebook information that can be used to identify you directly will be deleted. Instagram allows you to use our Instagram profile without your Instagram ID being revealed. When you access the interactive features of the page (like, comment, share, news, etc.), an Instagram login screen appears. After any registration, you will be recognizable as a specific user for Facebook again. For information on how to manage or delete existing information about you, please visit the following Instagram support page: https://help.instagram.com/1533933820244654.
5.6.2 Controllership by SoulAr
In addition, SoulAr is also sole controller for certain data processing. For the purpose of offering our information service, we process the following data for communication with Instagram users:
User interactions (postings, likes, etc.);
Profile name and data specified by the user in the conversation history, e.g. for processing service requests;
Statistical surveys on target group advertising;
Statistical data on user interactions in aggregated form, i.e., without personal reference for SoulAr (e.g. page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions incl. origin, times of day);
Target group-controlled advertisements based on aggregated demographic data without reference to personal data (e.g. information on age, place of residence, language or gender); and
You can find this privacy policy, as amended, under the item "Info" on our Facebook page. If you have any questions about our information offer, you can contact us at datenschutz@soular.de.
The processing is carried out for the purpose of answering your enquiries (if you have made an enquiry of us) or communicating with you and to publish information about events, products and services of SoulAr. The legal basis for processing for the purpose of responding to inquiries that serve to conclude a future contract and are initiated by you is Art. 6 para. 1 sentence 1 lit. b) GDPR and in the other cases Art. 6 para. 1 sentence 1 lit. f) GDPR.
Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2 Dublin, Ireland, together with the Facebook companies based in the USA, has concluded the standard data protection clauses adopted by the EU Commission, which allow the transfer of personal data to the USA in individual cases, insofar as personal data is transferred to Facebook servers in the USA and stored and processed further there.
The legitimate interest exists if the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interests), in the effective provision of information for users, customers and interested parties and the communication with these persons as well as the external presentation of SoulAr.
After completing your request, your personal data provided will be deleted on our systems. If you interact with us publicly, for example by leaving a comment or "liking" a post, this data will remain publicly available on the site until it is deleted by us or you. Insofar as statutory retention obligations require longer storage, your data will only be stored for this purpose and blocked for other purposes.
To exercise your right to object, please inform us of your objection either at datenschutz@soular.de or to the above address by post or by phone. We will then process your request immediately.
5.7 Online presence on other social media platforms (LinkedIn)
We maintain an online presence within social networks and platforms in order to communicate with the customers, prospects and users active there and to inform them about our services there. We point out that when you visit our online presence there, personal user data are processed by the respective social media platform for market research and advertising purposes. For these purposes, cookies are usually stored on the computers of the users, in which the user behaviour and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them). These user data are provided to us by the respective platform – anonymized and aggregated for evaluation. Our legal basis with regard to this data processing is Art. 6 para. 1 p. 1 lit. f) of GDPR. Our legitimate interest is in the form of effective user information and communication with users.
The data collected by the social media platforms are also processed outside the European Union, especially in the United States. These providers are certified under the EU-US Privacy Shield.
For a detailed description of the respective processing and the possibilities of contradiction (opt-out), we refer to the following linked information of the providers.
We point out that in the case of requests for information and the assertion of user rights, these can be claimed most effectively by the providers. Only the providers have access to the data of the users and can take direct appropriate measures and provide information. If you still need help, then you can contact us.
We have embedded YouTube videos into our website that are stored on https://www.YouTube.com and can be played directly via our website.
If you visit the website, YouTube will be notified to the effect that you have accessed the corresponding subpage on our website.. This happens regardless of whether YouTube provides an account that you are logged in to, or if you do not have one.
If you are signed into Google, your data will be directly associated with your account. If you don't want a link to be established with your YouTube profile, you must sign out before activating the button. YouTube will store your data as a use profile and use them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation takes place in particular (even for users who aren't signed in) to provide needs-based advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of this user profile, although you will need to address this objection directly to YouTube. The legal basis of this data use is Art. 6 para. 1 p. 1 lit. f) GDPR.
You can find more information on the purpose and scope of data collection and the processing of such data by YouTube in its privacy policy. You can also find more information there on your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.
6. User's rights
6.1 Withdrawing consent, objecting
If you have given SoulAr your consent to process personal data in the context of your use of SoulAr services, you can withdraw this consent at any time pursuant to Article 7 (3) GDPR. The revocation can be sent by email to datenschutz@soular.deor in writing to the address listed below. The effects of the revocation will be limited to the storage and use of personal data that may not be used or stored without your consent based on statutory permissions. This withdrawal of consent, once declared to us, will have an impact on the permissibility of the processing of your personal data. However, please note that it may not then be possible to process the data concerned in the future.
You can of course object at any time to the processing of your personal data for the purposes of advertising and data analysis. You can notify us of your objection to advertising by e-mailing us at: datenschutz@soular.de or via the address given below.
6.2 Your other rights
On request, SoulAr will provide you pursuant to Article 15 GDPR with information concerning the personal data stored by SoulAr. You also have the option at any time to require SoulAr to correct your data pursuant to Article 16 GDPR, to erase it pursuant to Article 17 GDPR or to restrict the processing thereof pursuant to Article 18 GDPR. Pursuant to Article 20 GDPR, you have the right to require us to hand over to you or a third party in a common machine-readable format data that we have automatically processed on the basis of your consent or for the fulfilment of a contract. If you have requested that the data be directly transferred to another controller, this will be done only if it is technically feasible.
You also have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR.
We will be happy to provide you with further assistance.
Address:
SoulAr GmbH & Co. KG Alfred-Nobel-Str. 6 97080 Wuerzburg Germany