of SoulAr GmbH & Co. KG („SoulAr") for use of SoulAr online shop
Date: April 2020
The controller responsible for data processing is SoulAr GmbH & Co. KG, Alfred-Nobel-Str. 6, 97080 Wuerzburg, Germany.
The external company privacy protection officer is Dr. Carlo Piltz, Reusch Rechtsanwälte, Joachimsthaler Str. 34, 10719 Berlin, Germany,Tel.: + 49 (0) 30 23 328 95 0
Your personal data are processed on the basis of your consent (Art. 6 para. 1 p. 1 lit. a) GDPR) for the purpose of subscribing to the newsletter. If you send us your personal data by e-mail when you contact us, we will process your personal data to process your requests, to contact you and possibly also to execute pre-contractual measures or to fulfil a contract (Art. 6 para. 1 p. 1 lit. b) GDPR). If required, the processing of your data will extend beyond the actual fulfilment of the contract to include the safeguarding of our legitimate interests or those of third parties as follows: The review and optimisation of processes for needs analysis and direct contact, advertising or market and opinion research, provided you have not objected to the use of your data, the assertion of legal claims and defence in the event of legal disputes, to guarantee IT security and IT operation, the facilitation of various different payment methods for your online order(s), to guarantee the operation of our website, the use of social media functions and measures for business management and the further development of services and products (Art. 6 para. 1 p. 1 lit. f) GDPR).
We are also subject to various retention and documentation obligations and may also be legally obliged to share personal data to authorities (Art. 6 para. 1 p. 1 lit. c) GDPR).
The following table provides an insight into the most important retention periods:
|Item||Retention period||Legal basis|
|Offers with order sequence, e-mails (business letters), e-mails (reminders), faxes (business letters), delivery notes, default summons and reminders||6 years||§ 147 AO, § 257 HGB|
|Outgoing invoices, receipts, e-mails (booking documents such as invoices), delivery notes, as proof of receipt, especially in connection with an invoice, cash-on-delivery tag, online invoices||10 years||§ 147 AO, § 257 HGB|
|Data on the respective sales contract for processing warranty claims||2 years||§ 438 Abs. 1 Nr. 3 BGB|
|Data on the respective contract for processing warranty claims||Depending on the respective product||§ 443 BGB|
Data are transferred to third countries (states outside the EU and the European Economic Area - EEA) only if to do so is required to execute contracts concluded with you or by law, or if you have given us your consent to do so. We will provide details to you separately, if required by law.
SoulAr processes the following customer data: customer name, address, telephone number, email address, information on the content of an order, IP address , any information pertaining to a different delivery address and information on the desired payment type. The data is processed in Germany. The personal data listed above is processed and used for the purpose of managing the relevant contractual relationship. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b) GDPR. We also reserve the right to, at appropriate intervals, send you direct mail advertisements for the offers in our online shop. No other use is made of your personal data. In particular, we do not pass on any data to third parties unless it is for the purpose of sending the ordered goods. You can, at any time, object to your name and address being used for mail advertising purposes (see above). Simply send an email to email@example.com.
You have the option to register as a specialist retailer with SoulAr, so that SoulAr can then create a customer account for you in our shop on the website. We do this
For a detailed breakdown of the minimum data which are processed, please refer to the page with the new customer form (https://www.soular.de/registerFC/index/sValidation/3H). The purpose of the procedure is to validate your registration and, if necessary, to clear up any misuse of your personal data.
The legal basis for the data processing is Article 6 (1)(1)(b) GDPR.
As Section 1 (9)(11)(1)(1) MLA obliges us to identify contracting parties before establishing a business relationship or carrying out a transaction, we will process a copy of the applicant's identity card in the context of new customer registration for the purpose of combating money laundering, Section 58 MLA. The copy will not be processed for any other purpose. In accordance with Section 8 (4)(1) and (3) MLA, this copy of the ID will in principle be kept for five years after the termination of our business relationship and subsequently destroyed, unless other statutory retention provisions require us to keep it for longer, Section 8 (4)(2) MLA.
The legal basis for this data processing is Article 6(1)(c) GDPR in conjunction with Section 1 (9)(11)(1)(1) MLA.
"Payment in advance (bank transfer)" payment type, "Purchase on account" payment type
If you are given the option of "Payment in advance (bank transfer)", "Purchase on account" during your order, SoulAr alone processes the personal data which you entered during the ordering process in order to carry out the contractual relationship with you.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b) GDPR.
SoulAr is co-insured under the terms of a merchandise insurance contract.Specialist services of the insurer (credit insurance, factoring, risk assessment and collection) are drawn upon within the framework of this contract. Insofar as SoulAr makes use of the described services, personal data concerning the unfulfilled contract will be transmitted to Coface. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f) of GDPR. Our legitimate interest exists in the sense that we protect ourselves from payment defaults and assert our rights and would like to assert claims.
However, when the SoulAr website is accessed, the following data is automatically logged by the web server:
This information is used exclusively for the purpose of identifying and tracing unauthorised accesses to the web server and other criminal acts. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests are the assurance of IT security as well as the assurance of the operation of our Internet presence.
This website uses the following types of cookie, the scope and functionality of which is outlined below:
Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. These save a 'session ID', which is used to assign various requests from your browser to the overall session. This allows us to recognise your computer when you revisit our website. Session cookies are deleted when you sign out or close the browser.
Persistent cookies are automatically deleted after a set period of time that can differ depending on the cookie. You can delete cookies in your browser's security settings at any time.
You can configure your browser settings as you wish and, for example, reject third-party cookies or all cookies. Please note that you may then be unable to use all the functions of this website.
This website uses Google Analytics, a web analysis service of Google LLC ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website will normally be transmitted to a Google server in the USA and stored there. However, in case the IP anonymity function on this website is activated, Google will first abbreviate your IP address within the member states of the European Union or in other signatory states to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the person responsible for this website, to compile reports on website activities and to provide the website operator with additional services associated with use of the website and of the Internet.
The IP address transmitted from your browser within the scope of Google Analytics will not be brought into contact with other data held by Google.
You can prevent storage of the cookies by using a corresponding setting of your browser software; however, please note that by doing so you may not be able to fully use all the functions of this website.You can also prevent the recording and processing by Google of the data generated by the cookie relating to your use of the website (incl. your IP address) by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the 'anonymizeIp()' extension. This means that IP address are processed in a truncated form to prevent the possibility of direct reference to a particular individual. If it should prove possible to associate data collected concerning your person directly with you as an individual, this will immediately be excluded and the personal data deleted without delay.
We use Google Analytics to analyse the use of our website and to make regular improvements. We can use these statistics to improve our products and make them more interesting to our users. In exceptional cases in which personal data is sent to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f) GDPR.
Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
You will find a contact form on SoulAr's website. The data you enter there will be stored for the purpose of individual communication with you, and the data processing is justified, in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR, by our desire to offer you a simple contact option. Your data will also be stored for the purpose of answering your request, as well as for possible follow-up questions.
If you contact us in order to request a quote, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. b) GDPR.
SoulAr operates a so-called fan page on Facebook. These are websites that are offered on the Facebook platform to present SoulAr as a company and to get in touch with customers and interested parties, for example.
The results of this processing are provided to us, as the fan page operator, and then through Facebook in an aggregated, statistical and anonymous form of user statistics. We do not have access to the data processed by Facebook. Facebook provides more information about Insights under the following link: https://www.facebook.com/help/pages/insights.
Facebook describes which data it processes for more of its own purposes in its Data Policy, available under the following link:https://www.facebook.com/about/privacy.
There, you will also find information about options for contacting Facebook as well as the settings options for advertisements. Facebook remains solely responsible for the processing of such personal information in relation to visits to fan pages that are not under shared responsibility.
If you are currently logged in as a user on Facebook, there is a cookie with your Facebook ID on your device. This enables Facebook to see that you visited our fan page and how you used it. This also applies to all other Facebook pages. To avoid this, you should log out of Facebook or disable the "stay signed in" feature, delete the cookies present on your device, then exit and restart your browser.
Please note that data from the survey phase will also be passed on to locations in the USA and thus outside the territory of the European Union. No adequacy decision has been made by the European Commission for the USA itself. However, Facebook is a participant in the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
In the agreement made with SoulAr (available at: https://www.facebook.com/legal/terms/page_controller_addendum), Facebook agrees to assume the primary responsibility according to the GDPR for the processing of so-called Insights Data and all obligations to comply with the DSGVO with regard to the processing of this Insights Data. The essence of the agreement can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
If you wish to exercise your interest in tort (for what these are, see below under point 6) in line with GDPR, we point out that we cannot fully fulfil these rights in case of doubt. It would therefore be more effective for you to contact Facebook directly. Information about your rights regarding page insights is provided by Facebook here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
With regard to page insights and joint responsibility with Facebook, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. Information on how to exercise your right to object can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
If you still need help, feel free to contact us. We will forward your request to Facebook, insofar as it relates to Insights Data.
Processing the visitor's personal data enables the provision of the fan page as well as the statistical evaluation of how our fan page is used. This evaluation is performed for us anonymously. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f) of GDPR. Our legitimate interests regarding the collection of personal data when visiting the fan page and the production of statistical evaluations are: Communication and interaction with interested parties and customers; Dissemination of information about our company; Anonymized evaluation and presentation of the use of the fan page.
SoulAr also processes the data from your use of the fan page that you voluntarily provide (in a comment, for example) for the purpose of answering your inquiries, communicating with you and publishing information regarding the content offered on the fan page or from SoulAr. The legal bases for processing are Art. 6 para. 1 p. 1 lit. b) and f) of GDPR. The legitimate interest lies in the effective information of users, customers and interested parties and communication with these persons.
You are welcome to contact us as long as it regards the data processed by us on our own account, and assert the rights to which you are entitled as our data subject. However, if these refer to processing that is purely in the area of responsibility of Facebook, we point out in advance that our options with regards exercising your rights are limited to referring you to the appropriate places of Facebook.
We maintain an online presence within social networks and platforms in order to communicate with the customers, prospects and users active there and to inform them about our services there. We point out that when you visit our online presence there, personal user data are processed by the respective social media platform for market research and advertising purposes. For these purposes, cookies are usually stored on the computers of the users, in which the user behaviour and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them). These user data are provided to us by the respective platform – anonymized and aggregated for evaluation. Our legal basis with regard to this data processing is Art. 6 para. 1 p. 1 lit. f) of GDPR. Our legitimate interest is in the form of effective user information and communication with users.
The data collected by the social media platforms are also processed outside the European Union, especially in the United States. These providers are certified under the EU-US Privacy Shield.
For a detailed description of the respective processing and the possibilities of contradiction (opt-out), we refer to the following linked information of the providers.
We point out that in the case of requests for information and the assertion of user rights, these can be claimed most effectively by the providers. Only the providers have access to the data of the users and can take direct appropriate measures and provide information. If you still need help, then you can contact us.
We have embedded YouTube videos into our website that are stored on https://www.YouTube.com and can be played directly via our website.
If you visit the website, YouTube will be notified to the effect that you have accessed the corresponding subpage on our website.. This happens regardless of whether YouTube provides an account that you are logged in to, or if you do not have one.
If you are signed into Google, your data will be directly associated with your account. If you don't want a link to be established with your YouTube profile, you must sign out before activating the button. YouTube will store your data as a use profile and use them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation takes place in particular (even for users who aren't signed in) to provide needs-based advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of this user profile, although you will need to address this objection directly to YouTube. The legal basis of this data use is Art. 6 para. 1 p. 1 lit. f) GDPR.
If you have given SoulAr your consent to process personal data in the context of your use of SoulAr services, you can withdraw this consent at any time pursuant to Article 7 (3) GDPR. The revocation can be sent by email to firstname.lastname@example.org in writing to the address listed below. The effects of the revocation will be limited to the storage and use of personal data that may not be used or stored without your consent based on statutory permissions. This withdrawal of consent, once declared to us, will have an impact on the permissibility of the processing of your personal data. However, please note that it may not then be possible to process the data concerned in the future.
If we base the processing of personal data on the balance of interests, you may object to the processing pursuant to Article 21 GDPR. This will be the case if the processing is not specifically required to fulfil a contract with you. If you lodge such an objection, we would ask you to tell us why we should no longer process your data in the manner in which we have previously done so. If you provide a reasoned objection, we will review the matter and either cease or adapt our data processing or present you with the compelling legitimate reasons which permit us to continue to process your data. If you have exercised your right to object, the data controller will no longer process your personal data unless it can prove that there are compelling legitimate grounds for the processing that outweigh the data subject's interests, rights and freedoms or that the processing serves the purpose of the assertion, exercise or defence against legal claims.
You can of course object at any time to the processing of your personal data for the purposes of advertising and data analysis. You can notify us of your objection to advertising by e-mailing us at: email@example.com or via the address given below.
On request, SoulAr will provide you pursuant to Article 15 GDPR with information concerning the personal data stored by SoulAr. You also have the option at any time to require SoulAr to correct your data pursuant to Article 16 GDPR, to erase it pursuant to Article 17 GDPR or to restrict the processing thereof pursuant to Article 18 GDPR. Pursuant to Article 20 GDPR, you have the right to require us to hand over to you or a third party in a common machine-readable format data that we have automatically processed on the basis of your consent or for the fulfilment of a contract. If you have requested that the data be directly transferred to another controller, this will be done only if it is technically feasible.
You also have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR.
We will be happy to provide you with further assistance.
SoulAr GmbH & Co. KG
0931 9708 444